Database Encryption Solutions and Challenges

transaction processing on confidential data using l.w
1 / 36
Embed
Share

"Learn about database encryption techniques, cloud data security concerns, and the challenges of encryption in this informative study. Explore topics such as confidential data processing, cipherbase systems, and the landscape of data security. Discover the strengths and limitations of encryption methods, encryption performance figures, and the importance of secure database systems."

  • Database Security
  • Encryption Techniques
  • Data Confidentiality
  • Cloud Security
  • Data Processing
rayaanacharya
dfor Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas Joglekar* Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy Microsoft Research Stanford University*

  2. Cloud Data Security Concerns Data in the cloud vulnerable to: Snooping administrators Hackers with illegal access Compromised servers 4/15/2015 ICDE 2015 2

  3. Database Encryption Client App 4/15/2015 ICDE 2015 3

  4. Database Encryption Client App 4/15/2015 ICDE 2015 4

  5. Cipherbase Summary Data Confidentiality: Strong column-level encryption Decoupled from functionality *Lightweight trusted module in secure hardware No prior work with this Functionality: {Confidentiality, Functionality, Performance} Industrial Strength Database system (SQL Server) characteristics Concurrency, Recovery, Stored Procedures. Performance on TPCC 85% of plaintext for typical encryption 40% of plaintext for worst case encryption ICDE 2015 5 4/15/2015

  6. Organization Introduction Solution Landscape & Design Choices Cipherbase Design & Engineering Evaluation ICDE 2015 6 4/15/2015

  7. What Makes Encryption Challenging? ??? (?????) Select Sum (Score) From Assignment Where StudentId = 1 ??????????=1 Assignment a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df 4/15/2015 ICDE 2015 7

  8. Solution Landscape Two fundamental techniques Directly compute over encrypted data Special homomorphic encryption schemes Challenge: limited class of computations Use a secure location Computations on plaintext Challenge: Expensive ICDE 2015 8 4/15/2015

  9. Deterministic Encryption select * from assignment where studentid = 1 ??????????=1 StudentId StudentId AssignId AssignId Score Score 1 68 1 2 71 1 4 99 3 4/15/2015 ICDE 2015 9

  10. Deterministic Encryption select * from assignment where studentid_det = bd6e7c3df2b5779e0b61216e8b10b689 ??????????_???=??6 StudentId_DET StudentId_DET AssignId AssignId Score Score 1 68 bd6e7c3df2b5779e0b61216e8b10b689 2 71 bd6e7c3df2b5779e0b61216e8b10b689 4 99 7ad5fda789ef4e272bca100b3d9ff59f 4/15/2015 ICDE 2015 10

  11. HomomorphicEncryption Schemes (Any function) Fully Homomorphic Encryption Impractical [G09, G10] Partial Homomorphic Encryption (PHE) Partial Homomorphic Encryption ( ) Order-Preserving Encryption [BCN11, PLZ13] Paillier Cryptosystem ElGamal Cryptosystem [E84] ( ) (+) [P99] (==) Deterministic Encryption Expensive Non-Deterministic Encryption ( ) Practical 4/15/2015 ICDE 2015 11

  12. PHE Limitations Limited Server Functionality SUM(L_EXTENDEDPRICE*(1-L_DISCOUNT)*(1+L_TAX)) Data Security tied to functionality Lack of Composability A + B = C Performance msec for a single addition under Paillier CryptDB [PRZ+11], Monomi [TFM 13], [HMH08] ICDE 2015 12 4/15/2015

  13. Solution Landscape Two fundamental techniques Directly compute over encrypted data Special homomorphic encryption schemes Challenge: limited class of computations Challenge: Not composable Use a secure location Hardware provisioned isolation and protection Computations on plaintext Challenge: Expensive ICDE 2015 13 4/15/2015

  14. Secure Location Inaccessible 4/15/2015 ICDE 2015 14

  15. Secure Hardware Landscape Long history Banking, Defense Applications Becoming mainstream and commoditized Players: Crypto co-processors FPGAs Intel SGX TPM, HSM ICDE 2015 15 4/15/2015

  16. Intel Software Guard Extensions Extensions to Intel Architecture Virtual Addr Space Isolation to code + data within a designated region called enclave Enclave Physical Memory Integrity Protected Confidentiality Encrypted & code/data Integrity Ack: Andrew Baumann [MAB+ 13, AGJ+ 13, HLP+ 13] 4/15/2015 ICDE 2015 16

  17. Design Choice: Trusted Functionality Smaller TCB Larger Trusted Computing Base (TCB) DBMS DBMS DBMS OS OS OS DBMS Library OS Embedded OS Expr Eval Commodity h/w Commodity h/w Commodity h/w Secure h/w Secure h/w Secure h/w Haven [MPH14] TrustedDB [BS11] Cipherbase 4/15/2015 ICDE 2015 17

  18. Design Choice: Trusted Functionality More secure Less secure DBMS DBMS DBMS OS OS OS DBMS Library OS Embedded OS Expr Eval Commodity h/w Commodity h/w Commodity h/w Secure h/w Secure h/w Secure h/w Haven [MPH14] TrustedDB [BS11] Cipherbase 4/15/2015 ICDE 2015 18

  19. Design Choice: Trusted Functionality Minimal software engg. DBMS DBMS DBMS OS OS OS DBMS Library OS Embedded OS Expr Eval Commodity h/w Commodity h/w Commodity h/w Secure h/w Secure h/w Secure h/w Haven [MPH14] TrustedDB [BS11] Cipherbase 4/15/2015 ICDE 2015 19

  20. Organization Introduction Solution Landscape & Design Choices Cipherbase Design & Engineering Evaluation ICDE 2015 20 4/15/2015

  21. Life of a Query in Cipherbase I Cipherbase Server Insecure (x86) FPGA Cipherbase Stack Machine (Expression Evaluation) Client Lib PCIe Modified SQL Server App (stateless*) push $1 decrypt push 10 add encrypt out 5 Encryption Config AccountId: Plaintext BranchId: AES-CBC Balance: AES-CBC 4/15/2015 ICDE 2015 21

  22. Life of a Query in Cipherbase II Cipherbase Server Insecure (x86) FPGA Cipherbase Stack Machine (Expression Evaluation) Client Lib PCIe Modified SQL Server App Encryption Config PK: AccountId: AES-CBC BranchId: AES-CBC Balance: AES-CBC 4/15/2015 ICDE 2015 22

  23. B+-Tree Indexes over Encrypted Data 6 0A183E 0 1 2 3 4 5 6 7 8 9 4F3618 6C2AB4 BF48BC DF60B9 20B9D4 AC2DB0 FC46B0 0A183E C9B7F9 1DA6B5 4F3618 0A183E C9B7F9 1DA6B5 4/15/2015 ICDE 2015 23

  24. B+-Tree Indexes over Encrypted Data 0A183E 4F3618 6C2AB4 BF48BC DF60B9 20B9D4 AC2DB0 FC46B0 0A183E C9B7F9 1DA6B5 4F3618 0A183E C9B7F9 1DA6B5 4/15/2015 ICDE 2015 24

  25. Life of a Query in Cipherbase II Cipherbase Server Insecure (x86) FPGA Cipherbase Stack Machine (Expression Evaluation) Client Lib PCIe Modified SQL Server App push $1 decr push $2 decr compare out 6 Encryption Config PK: AccountId: AES-CBC BranchId: AES-CBC Balance: AES-CBC 4/15/2015 ICDE 2015 25

  26. B+-Tree Indexes over Encrypted Data Search key: 8DE526 FPGA 0A183E comp(8DE526,0A183E) < 4F3618 6C2AB4 BF48BC DF60B9 20B9D4 AC2DB0 FC46B0 0A183E C9B7F9 1DA6B5 4F3618 0A183E C9B7F9 1DA6B5 4/15/2015 ICDE 2015 26

  27. B+-Tree Indexes over Encrypted Data Search key: 8DE526 FPGA 0A183E comp(8DE526,0A183E) < 4F3618 6C2AB4 BF48BC DF60B9 20B9D4 AC2DB0 FC46B0 0A183E C9B7F9 1DA6B5 4F3618 0A183E C9B7F9 1DA6B5 4/15/2015 ICDE 2015 27

  28. Life of a Query in Cipherbase II Cipherbase Server Insecure (x86) FPGA Cipherbase Stack Machine (Expression Evaluation) Client Lib PCIe Modified SQL Server App Encryption Config PK: AccountId: AES-CBC BranchId: AES-CBC Balance: AES-CBC 4/15/2015 ICDE 2015 28

  29. Operational Security Operation Adversary Learns ??=5(R) Unknown predicate p(A) over R tuples ? ?? (hash-based) The join graph and the equivalence relation over R(A) and S(A) for joining A values ??+?(?) ???(?) (?) Nothing The equivalence relation over R(A) ???????? Data Security depends on the operations performed 4/15/2015 ICDE 2015 29

  30. Transaction Processing Performance Challenges Life of a transaction TPCC New Order: 1M instrs parsing, compilation, buffering, latching, locking, commit, x86 FPGA Expression evaluation 10 instrs x 300 Time/progress ?sec 4/15/2015 ICDE 2015 30

  31. Summary of Performance Optimizations Multiple FPGA cores Parallelism More FPGA compute Batch FPGA work Amortize communication latency Core 1 Cipherbase Plaintext Data Cache Client Lib Core 2 Modified SQL Server Core 3 Core 4 Expression folding Minimize FPGA roundtrips Plaintext Data Caches Minimize network comm. Reduce decryption Vectorize index comparisons Minimize FPGA roundtrips 4/15/2015 ICDE 2015 31

  32. Organization Introduction Solution Landscape & Design Choices Cipherbase Design & Engineering Evaluation ICDE 2015 32 4/15/2015

  33. Cipherbase Prototype SQL Server code Basic functionality 1000 LoC Localized to expression evaluation module Optimizations 5000-10000 LoC Localized to FPGA driver, indexing Unchanged: everything else ICDE 2015 33 4/15/2015

  34. Performance on TPCC Transactions per sec (relative to SQL Server) 1.2 Encryption schemes: 1 Customer: Customer PII data strongly encrypted 0.8 Strong/Weak: Index columns deterministic, all others strongly encrypted 0.6 0.4 Strong/Strong: All columns strongly encrypted 0.2 0 Plaintext Customer Strong/Weak Strong/Strong Opt NoOpt Increasing strength of encryption 4/15/2015 ICDE 2015 34

  35. Cipherbase Summary Security: Strong encryption Decoupled from functionality Functionality: Industrial Strength Database system (SQL Server) Transaction Processing Performance on TPCC 85% of plaintext for typical encryption 40% of plaintext for worst case encryption Lightweight trusted module in secure hardware ICDE 2015 35 4/15/2015

  36. http://research.microsoft.com/en-us/projects/cipherbase/ 4/15/2015 ICDE 2015 36

Related


Visual Presentation Slides from Griffin & Pustay on International Business

Visual Presentation Slides from Griffin & Pustay on International Business

langston
Tentative Timeline for Submission Process and Visual Slides

Tentative Timeline for Submission Process and Visual Slides

severin
Visual Presentation Slides for Webinar

Visual Presentation Slides for Webinar

adelheid
ARGOS Inventory by Fund Queries Presentation Slides

ARGOS Inventory by Fund Queries Presentation Slides

fionn
Slides Gallery for Presentation

Slides Gallery for Presentation

arav
Beautiful Slides Showcase

Beautiful Slides Showcase

emilie
Collection of Beautiful Slides for Presentation

Collection of Beautiful Slides for Presentation

delphi
Instructions for Using These Slides

Instructions for Using These Slides

mars
Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

laila
Visual Presentation Slides Showcase

Visual Presentation Slides Showcase

luella
Collection of Slides with Descriptions

Collection of Slides with Descriptions

astraea
Visual Presentation Slides Collection

Visual Presentation Slides Collection

xochitl
Guidelines for Using UPMC PowerPoint Template

Guidelines for Using UPMC PowerPoint Template

zayd
Visual Presentation Slides Collection

Visual Presentation Slides Collection

tansy
Beautiful Presentation Slides Showcase

Beautiful Presentation Slides Showcase

asta
Visual Drill and Alphabet Presentation Slides Collection

Visual Drill and Alphabet Presentation Slides Collection

dulcie
Analysis of 'The Scholarship Jacket' by Marta Salinas

Analysis of 'The Scholarship Jacket' by Marta Salinas

absalom
Visual Presentation Slides Collection

Visual Presentation Slides Collection

talullah
Presentation Slides Showcase

Presentation Slides Showcase

aoife
Collection of Slides for Presentation

Collection of Slides for Presentation

imelda
Visual Highlights from OP-ED Slides

Visual Highlights from OP-ED Slides

numair
Efficient Method for Importing Slides into a New Presentation

Efficient Method for Importing Slides into a New Presentation

arno

More Related Content