Post on 02-Jan-2016
description
transcript
Using cryptography in databases and web applications
Nickolai ZeldovichMIT CSAIL
Joint work with Raluca Ada Popa, Stephen Tu,Emily Stark, Jonas Helfer, Steven Valdez,
Hari Balakrishnan, Frans Kaashoek, Sam Madden
Problem: private data breachesserver
clientsSecretSecret
Secret
no computation computation
storage databases, web applications, mobile applications, machine learning, etc.
encryption ??(encrypted files, email)
Common approach: prevent break-ins
Enforced at many levels: operating system, hardware, network, programming language, …
server
clients
SecretSecret
Bad guys find ways to break in
• Complex software has bugs– Attackers find and exploit vulnerabilities
• Many people have access to infrastructure– Server administrators– Cloud / data center employees– Anyone that breaks into their accounts
• Compromises are inevitable
server
client
New approach:practical processing of encrypted data
??Result
SecretSecret
SecretSecret
Strawman:
CryptDB setup
transformed queryplain query
under attack
Applicationdecrypted
resultsencrypted
results
Database server
encrypted DBProxy
SecretSecret
Stores schema and master key Minimal or no
query execution
trusted client-side
col1/rank col2/name
table1/emp
SELECT * FROM emp
SELECT * FROM table1
x2ea887
col3/salary
60
100
800
100
Randomized encryption (RND) - semantic
ExampleApplication
Proxy
x95c623
x4be219
x17cea7
col1/rank col2/name
table1/emp
SELECT * FROM emp WHERE salary = 100
x934bc1x5a8c34
x5a8c34
x84a21c
SELECT * FROM table1 WHERE col3 = x5a8c34
?x5a8c34x5a8c34
?x5a8c34x5a8c34
x4be219
x95c623
x2ea887
x17cea7
col3/salary
60
100
800
100
Randomized encryption (RND)
Deterministic encryption (DET)
ExampleApplication
Proxy
col1/rank col2/name
table1 (emp)
x934bc1x5a8c34
x5a8c34
x84a21cx578b34
x638e54x122eb4
x9eab81
SELECT cdb_sum(col3) FROM table1
x72295a
col3/salary
60
100
800
100
Deterministic encryption (DET)SELECT sum(salary)
FROM emp
“Summable”encryption (HOM) -
semantic
1060
ExampleApplication
Proxy
col1/rank col2/name
table1 (emp)
x934bc1x5a8c34
x5a8c34
x84a21cx578b34
x638e54x122eb4
x9eab81
SELECT cdb_sum(col3) FROM table1
x72295a
col3/salary
60
100
800
100
SELECT sqrt(sum(salary))FROM emp
1060
ExampleApplication
Proxy
col1/rank col2/name
table1 (emp)
x934bc1x5a8c34
x5a8c34
x84a21cx578b34
x638e54x122eb4
x9eab81
SELECT cdb_sum(col3) FROM table1
x72295a
col3/salary
60
100
800
100
SELECT sqrt(sum(salary))FROM emp
1060
ExampleApplication
Proxy
32.55
Techniques
• Compute on encrypted data at the server– Use SQL-aware set of efficient encryption schemes– Adjust encryption of data based on queries
• Compute on decrypted data at the proxy– Can decrypt can perform any computation– Choose optimal split to reduce bandwidth, proxy load
SQL-aware encryption schemes
e.g., =, !=, IN, GROUP BY, DISTINCT
Scheme
RND
HOM
DET
SEARCH
JOIN
OPE
Function
data moving
addition
equality
join
word search
order
Construction
AES in UFE
AES in CMC
Paillier
our new scheme
Song et al.,‘00
e.g., >, <, ORDER BY, ASC, DESC, MAX, MIN, GREATEST, LEAST
restricted ILIKE
e.g., SUM, +
our new scheme
e.g., SELECT, UPDATE, DELETE, INSERT, COUNT
reveals only repeat
pattern
Security
reveals only
order
≈ semantic security
SQL operations:
value
OPEDET
RND
+functionality
+security
Adjust encryption: strip off layer of the onion
Onion of encryptions
CryptDB works well in practice
• Supports many database applications– Web sites, transactional processing, data analytics– Never reveals plaintext data on database server
• Modest performance overheads– 20-30% throughput loss for typical benchmarks
• Approach now used by Google (among others)– Encrypted BigQuery service
application
users
CryptDBSQL queries on encrypted DB
CryptDB proxy
Compromised app. server?
DBserver
Secret
application
DBserver
users
CryptDB proxy
CryptDB proxy
CryptDB proxy
Secret
Secret
SecretSecret
SecretSecret
Compromised app. server?
Mylar: browser-side encryption
web application
DBserver
Decrypted data exists only in users’ browsers
SecretSecret Secret Secret
browser
Secret Secret
Secret
Challenge: computationin web applications
1. Client-side application framework
Data sharing – need a way to manage keys Keyword search – need new cryptosystem:
documents encrypted with many keys
2. Non client-side computation:
Most computation happens in client’s web browser (Javascript code)
Mylar supports many applications
• Ported 6 applications to Mylar• Performance overheads are modest• Data privacy despite server compromises