1 / 21

CryptDB : A Pratical Encrypted Relational DBMS

CryptDB : A Pratical Encrypted Relational DBMS. Advanced Database Systems Spring 2014 Fadi Yilmaz. Outline. Introduction Trusted Frontend and Untrusted Server Is that worth? System Overview Design of CryptDB SQL – aware Encryption Strategy Encryption Algorithms Query Execution

fawzia
Télécharger la présentation

CryptDB : A Pratical Encrypted Relational DBMS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CryptDB : A Pratical Encrypted Relational DBMS Advanced Database Systems Spring 2014 FadiYilmaz

  2. Outline • Introduction • Trusted Frontend and Untrusted Server • Is that worth? • System Overview • Design of CryptDB • SQL – aware Encryption Strategy • Encryption Algorithms • Query Execution • Optimization • Performance

  3. Introduction • Trusted frontend and untrusted server • Is that worth? • Extra works • Key Management • Encryption Algorithms • Extra memory • Encrypted data is bigger than plain data • Extra Time • But, trusted!

  4. System Overview

  5. System overview • User Defined Functions • User-Enforced Security • Rejecting queries

  6. Design of CryptDB • SQL – aware Encryption Strategy

  7. Design of CryptDB

  8. Encryption Algorithms • Random : provides maximum privacy • AES • Deterministic : allows the server to perform equality checks • HMAC-SHA1

  9. Encryption Algorithms • Order Preserving Encryption • weaker encryption • if x < y, then OPE (x) < OPE(y) • Homomorphic encryption : to perform computations on encrypted data • HOM(x) · HOM(y) = HOM(x + y) • Paillier • 2048-bit ciphertext

  10. Encryption Algorithms • Search : to allow word searches • Join and OPE – Join • Required, because DET uses different keys for each table

  11. Query Execution • Query Rewriter/Encryptor • SELECT * FROM Employees WHERE name = ’Alice’ • SELECT C1-Onion1, C2-Onion1, C3-Onion1 FROM Table1 WHERE C2-Onion1 = x7d35a3

  12. Query Execution • SELECT COUNT(*) FROM Employees WHERE name = ’Bob’ • SELECT COUNT(*) FROM Table1 WHERE C2-Onion1 = xbb234a

  13. Query Execution • What if an update query comes? • salary = salary +10000 • Use Onion Level 3 (HOM)

  14. Query Execution • What if an update query is followed by a comparison? • salary < 60000. • Need Onion Level 2 (OPE)

  15. Query Execution • salary = salary +10000 is not a common query. • If it comes update all level of encryption. • In most cases executed on individual rows.

  16. Optimization • Eliminating never used onion levels for known query sets • Ciphertext caching under different keys

  17. Performance • Postgres is a relational DBMS

  18. Performance

  19. Performance

  20. References • R.A. Popa, C. M. S. Redfield, N. Zeldovich, H. Balakrishnan, CryptDB: Processing Queries on an Encrypted Database, CACM 2012 • S. Tu, M. Kaashoek, S. Madden, N. Zeldovich Processing Analytical Queries over Encrypted Data. VLDB 2013

  21. Questions and Answers

More Related