Secure Database in Cloud Computing - CryptDB Revisited

Abstract

Databases contain most valuable personal, economic, and government information. They are most desirable to the malicious adversaries and therefore, it is very critical to protect against all possible adversarial behavior. With the recent rapid growth in the availability and popularity of cloud services, many personal and business and government information are now moving to the Cloud. Therefore, databases are more difficult to protect because of new security and privacy issues. Various techniques have been proposed to solve the outsourcing database scenarios which preserve a certain degree of confidentiality while still allowing to execute some SQL queries efficiently. CryptDB is a new database management system for protecting data confidentiality while preserving confidentiality and performing a standard set of SQL queries in an efficient way. CryptDB seems to be practical compared to other attempts at solving the problem of computing with encrypted data and the database can be fully moved to the Cloud with no security concern because all the data are already encrypted and never revealed to the database administrator. In this paper, we revisit CryptDB from cryptographic point of view. We first describe it in more details for ease of understanding and then highlight the drawbacks of CryptDB from security and efficiency points of view.

Keywords

• —Secure Database
• Encrypted Search
• Cryptographic Protocol
• Proxy Server

References

1. R.A. Popa, C.M.S. Redfield, N. Zeldovich, and H. Balakrish- nan, ”CryptDB: protecting confidentiality with encrypted query processing”, In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP ’11), Cascais, Portu- gal, pp.85-100, ACM New York, USA; October 23-26, 2011, DOI=10.1145/2043556.2043566
2. R.A. Popa, F.H. Li, and N. Zeldovich, ”An Ideal-Security Protocol for Order-Preserving Encoding”, In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP ’13), pp.463-477, IEEE Computer Society, Washington, USA; 2013. DOI=10.1109/SP.2013.38
3. A. Boldyreva, N. Chenette, Y. Lee and A. O’Neill, ”Order- preserving symmetric encryption”, In Eurocrypt ’09, Proceed- ings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, 224-241, Springer, 2009. ISBN: 978-3-642-01000-2 DOI=10.1007/978-3-642-01001-9 13
4. D.X. Song, D. Wagner, and A. Perrig, ”Practical Techniques for Searches on Encrypted Data”, In Proceedings of the 2000 IEEE Symposium on Security and Privacy (SP ’00), 44-, IEEE Computer Society, Washington, DC, USA, 2000.
5. C. Gentry, ”Fully homomorphic encryption using ideal lattices”, In Proceedings of the forty-first annual ACM symposium on Theory of computing (STOC ’09), 169-178, ACM, New York, USA, 2009. DOI=10.1145/1536414.1536440
6. www.csrc.nist.gov/publications/nistpubs/800-145/SP800- 145.pdf, ”The NIST Definition of Cloud Computing, National Institute of Standards and Technology”, NIST SP 800-145. Latest access March 7, 2014.
7. www.jackofallclouds.com, G. Rosen, ”Amazon usage estimates and updates”. Latest access March 7, 2014.
8. Y. Zhang, A. Juels, M.K. Reiter, and T. Ristenpart, ”Cross- VM side channels and their use to extract private keys”, In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12), ACM, New York, NY, USA, 305-316, 2012.

9. www.cloudsecurityalliance.org, ”Cloud Security Alliance”. Lat- est access March 7, 2014.
10. M.D. Assuncao, A. Costanzo, and R. Buyya, ”Evaluating the cost-benefit of using cloud computing to extend the ca- pacity of clusters”, In Proceedings of the 18th ACM Inter
11. Fig. 8. TPC-C Throughput when CryptDB is trained on query set[1] national Symposium on High Performance Distributed Com- puting (HPDC ’09), ACM, New York, USA, 141-150, 2009. DOI=10.1145/1551609.1551635
12. J. Brodkin, ”Gartner: Seven cloud-computing security risks”, Infoworld, 2008, www.infoworld.com/d/security-central/gartner- seven-cloud-computing-security-risks-853, latest access March 7, 2014. [12] ”Cloud Computing Perspective, Microsoft Whitepaper, Microsoft www.microsoft.com/malaysia/ea/whitepapers.aspx, latest access March 7, 2014. 2010,
13. ”Cloud Computing: Benefits, Risks and Recommendations for www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing- riskassessment, latest access March 7, 2014. Report, 2009,
14. P. Mell and T. Grance, ”Security Guidance for Critical Ar- eas of Focus in Cloud Computing” V2.1, Cloud Security Al- liance (CSA) Report, The NIST definition of cloud computing. National Institute of Standards and Technology, 53(6), 2009, www.cloudsecurityalliance.org/csaguide.pdf, latest access March 7, 2014. [15] M. H¨olbl, Issues”, The Council Societies and Pri- Profes- vacy sional www.cepis.org/media/CEPIS Cloud Computing Security
15. v17.11.pdf, latest access March 7, 2014. European Informatics 15.03.2011,
16. A.Greenberg, ”DARPA will spend 20 million Forbes, to www.forbes.com/sites/andygreenberg/2011/04/06/darpa-will- spend-20-million-to-search-for-cryptos-holy-grail/, latest access March 7, 2014. Holy Grail”,
17. D. Boneh, E. Kushilevitz, R. Ostrovsky, and W.E. Skeith, III., ”Public key encryption that allows PIR queries”, In Proceedings of the 27th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’07), Alfred Menezes (Ed.), Springer-Verlag, Berlin, Heidelberg, 50-67, 2007.
18. R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, ”Search- able symmetric encryption: improved definitions and efficient constructions”, In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS ’06), ACM New York, NY, USA, 79-88, 2006. DOI=10.1145/1180405.1180417
19. Andrew C. Yao, ”Protocols for secure computations”, In Pro- ceedings of the 23rd Annual Symposium on Foundations of Com- puter Science (SFCS ’82), IEEE Computer Society, Washington, USA, 160-164, 1982. DOI=10.1109/SFCS.1982.88
20. A. L´opez-Alt, E. Tromer, and V. Vaikuntanathan, ”On-the-fly multiparty computation on the cloud via multikey fully homo- morphic encryption”, In Proceedings of the 44th Annual ACM Symposium on Theory of Computing (STOC ’12), ACM New York, USA, 1219-1234, 2012. DOI=10.1145/2213977.2214086
21. I. Damg˚ard and S. Zakarias, ”Constant-Overhead secure com- putation of boolean circuits using preprocessing. In Proceedings of the 10th Theory of Cryptography Conference on Theory of Cryptography (TCC’13), Amit Sahai (Ed.), Springer-Verlag, Berlin, Heidelberg, 621-641, 2013. DOI=10.1007/978-3-642- 36594-2 35
22. I. Damg˚ard, V. Pastro, N. Smart, and S. Zakarias, ”Multiparty Computation from Somewhat Homomorphic Encryption”, Ad- vances in Cryptology CRYPTO 2012, vol.7417, 643-662, 2012. DOI=10.1007/978-3-642-32009-5 38
23. I. Damg˚ard, S. Faust, and C. Hazay, ”Secure two-party com- putation with low communication”, In Proceedings of the 9th International Conference on Theory of Cryptography (TCC’12), Ronald Cramer (Ed.), Springer-Verlag, Berlin, Heidelberg, 54-74, 2012. DOI=10.1007/978-3-642-28914-9 4
24. H. Chen and R. Cramer, ”Algebraic geometric secret shar- ing schemes and secure multi-party computations over small fields”, In Proceedings of the 26th Annual International Con- ference on Advances in Cryptology (CRYPTO’06), Cynthia Dwork (Ed.), Springer-Verlag, Berlin, Heidelberg, 521-536, 2006. DOI=10.1007/11818175 31
25. P. Paillier, ”Public-key cryptosystems based on composite de- gree residuosity classes”, In Proceedings of the 17th International Conference on Theory and Application of Cryptographic Tech- niques (EUROCRYPT’99), Jacques Stern (Ed.), Springer-Verlag, Berlin, Heidelberg, 223-238, 1999.
26. T. El Gamal, ”A public key cryptosystem and a signa- ture scheme based on discrete logarithms”, In Proceedings of CRYPTO 84 on Advances in Cryptology, G R Blakley and David Chaum (Eds.), Springer-Verlag New York, New York, USA, 10- 18, 1985.
27. J.A. Halderman, S.D. Schoen, N. Heninger, W. Clarkson, W. Paul, J.A. Calandrino, A.J. Feldman, J. Appelbaum, and E.W. Felten, ”Lest we remember: cold boot attacks on encryption keys”, In Proceedings of the 17th Conference on Security Sympo- sium (SS’08), USENIX Association, Berkeley, CA, USA, 45-60, 2008.
28. S. Tu, M.F. Kaashoek, S. Madden, N. Zeldovich, MIT CSAIL, ”Processing Analytical Queries over Encrypted Data”, 39th Inter- national Conference on Very Large Data Bases, Riva del Garda, Trento, Italy, In Proceedings of the VLDB Endowment, Vol.6, No.5, August 26-30, 2013.
29. Z.N. Dayioglu, M.S. Kiraz, F. Birinci, I.H. Akin. ”Secure Database in Cloud Computing: CryptDB Revisited”, In Proceed- ings of the 6th International Conference on Information Security and Cryptology, ISCTurkey 2013, Ankara, Turkey, pp. 94-104, 20-21 September 2013. ISBN:978-605-86904-1-7