240 likes | 466 Vues
CryptDB : A Practical Encrypted Relational DBMS. Raluca Ada Popa , Nickolai Zeldovich , and Hari Balakrishnan MIT CSAIL. New England Database Summit 2011. Problem: data leaks from DBs. Hackers Curious DB administrators Physical attacks Both on public clouds and private data centers
E N D
CryptDB: A Practical Encrypted Relational DBMS RalucaAdaPopa, NickolaiZeldovich, and HariBalakrishnan MIT CSAIL New England Database Summit 2011
Problem: data leaks from DBs • Hackers • Curious DB administrators • Physical attacks • Both on public clouds and private data centers • Regulatory laws
Approach Perform SQL query processing on encrypted data Database server user queries Client frontend • Trusted • Stores schema, master key • No query execution • Stores the database and processes SQL queries • Not trusted to keep data private Support standard SQL queries on encrypted data Process queriescompletely at the DB server No change to existing DBMS
Example 60 100 800 100 SELECT * FROM emp WHERE salary = 100 ≥ emp SELECT * FROM table1 WHERE col1 = x5a8c34 rank name salary ≥ x638e54 Frontend x934bc1 x1eab81 x4be219 x5a8c34 x638e54 x95c623 x922eb4 x5a8c34 ? x84a21c x2ea887 x638e54 x5a8c34 x17cea7 x5a8c34 x5a8c34 x638e54 ? x5a8c34 x922eb4 x5a8c34 x638e54
Two techniques • SQL-aware encryption strategy • Different encryption schemes provide different functionality • Adjustable query-based encryption • Adapt encryption of data based on user queries
1. SQL-aware encryption Highest Scheme Operation Details RND None AES in UFE e.g., =, !=, GROUP BY, IN, COUNT, DISTINCT e.g., Paillier HOM +, * Privacy DET equality AES in CTR JOIN join new e.g., >, <, ORDER BY, SORT, MAX, MIN SEARCH ILIKE Song et al.’00 Boldyreva et al. ’09 OPE order first practical implementation
Onions of encryptions RND DET RND SEARCH OPE JOIN OPE-JOIN HOM Any value Any value int value Onion 1 Onion 2 Onion 3 • Each column has the same key in a given layer of an onion
2. Adjustable query-based encryption • Start out the database with the most secure encryption scheme • Adjust encryption dynamically • Strip off levels of the onions: frontend gives key to server using a UDF
Example RND DET DET emp: SELECT * FROM emp WHERE salary = 100000 SEARCH rank name salary JOIN Any value UPDATE table1 SET col3onion1 = DecryptRND(key, col3onion1) SELECT * FROM table1 WHERE col3onion1 = x5a8c34
JOIN needsnew crypto • Challenge: do not know which columns will be joined • Data items not revealed, cannot join without join key Col1 Col2 Join key Col1-Col2 Client Frontend = -
Further components • Inserts, updates, deletes, nested queries • Indexes • Transactions, auto-increments • Optimizations to speed up performance • Not supported: A.a + A.b > B.c
Security converges… • … to maximum privacy for query mix • Onion levels stripped only when new operations needed Steady State: no decryptions at server Practical: typical SQL processing on enlarged tuples
Privacy Guarantees • Formal privacy definition and proof • Implications: • If query has • equality predicate on name repeats emp: • order predicate on name order rank name salary • aggregation on salary nothing • no filter on a column nothing • Never reveal plaintext • Server cannot compute unrequested queries requiring new relationships
Privacy (cont’d) • DB owner can specify minimum security level for some fields CREATE TABLE emp (SSN text ≥DET, name text, …)
Implementation SQL Interface Server • No change to the DBMS • Should work on most SQL DBMS CryptDB PK tables Unmodified DBMS Query Encrypted Query Frontend CryptDB UDFs (user-defined functions) Encrypted Results Results
Portability • Ported CryptDB from Postgres to MySQL with 86 lines of code • No change to MySQL • Code changed was to connect to server, UDF declarations
Low overhead on TPC-C • Supports all queries in TPC-C without change Throughput loss 27%
Adjustable encryption • Steady state of columns for TPC-C: 71% of columns remain encrypted with RND Importance of adjustable query-based encryption to privacy • In practice, we expect most sensitive fields to remain at RND or DET (e.g., credit cards)
Related work • Theoretical approaches [Gennaro et al., ’10] • Inefficient • Search on encrypted data(e.g., [Chang, Mitzenmacher ‘05], [Evdokimov, Guenther ’07]) • Restricted set of queries, inefficient • Systems proposals(e.g., [Hacigumus et al., ’02]) • Lower degree of security, rewrite the DBMS, client-side processing
Conclusions • CryptDB is the first practical DBMS for running most standard queries on encrypted data • Runs queries completely at server • Provides provable privacy guarantees • Modest overhead • Does not change the DBMS or client applications Thanks!