cryptdb
play

CryptDB Protecting Confidentiality with Encrypted Query Processing - PowerPoint PPT Presentation

Nov 16, 2023 •474 likes •1.27k views

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012 Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment

  1. CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012

  2. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment Personal evaluation and recommendations Company data

  3. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Posible threats

  4. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Posible threats

  5. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Posible threats

  6. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Posible threats

  7. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Other solutions Encrypt and decrypt data at users side

  8. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Other solutions Encrypt and decrypt data at users side Needs moving application logic to users

  9. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Other solutions Encrypt and decrypt data at users side Needs moving application logic to users Not effective if apllication computes over large amount of data

  10. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Other solutions Encrypt and decrypt data at users side Needs moving application logic to users Not effective if apllication computes over large amount of data Use fully homomorphic encryption, which allows servers to compute functions over encrypted data

  11. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Other solutions Encrypt and decrypt data at users side Needs moving application logic to users Not effective if apllication computes over large amount of data Use fully homomorphic encryption, which allows servers to compute functions over encrypted data Very slow

  12. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Other solutions Encrypt and decrypt data at users side Needs moving application logic to users Not effective if apllication computes over large amount of data Use fully homomorphic encryption, which allows servers to compute functions over encrypted data Very slow Very expensive

  13. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB solution

  14. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB solution Threat 1

  15. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB solution Threat 1 SQL-aware encryption strategy (symmertic keys)

  16. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB solution Threat 1 SQL-aware encryption strategy (symmertic keys) Adjustable query-based encryption (onions of encryption)

  17. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB solution Threat 1 SQL-aware encryption strategy (symmertic keys) Adjustable query-based encryption (onions of encryption) Threat 2

  18. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB solution Threat 1 SQL-aware encryption strategy (symmertic keys) Adjustable query-based encryption (onions of encryption) Threat 2 Chaining encryption keys to user passwords

  19. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Dealing with curious DBA

  20. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Dealing with curious DBA

  21. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Dealing with curious DBA UPDATE Table1 SET C2-Ord = DECRYPT RND(K, C2-ORD, C2-IV)

  22. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms

  23. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms RND (random): AES-CBC, Blowfish (for integers) with IV

  24. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms RND (random): AES-CBC, Blowfish (for integers) with IV DET (deterministic): AES-CMC, Blowfish without IV

  25. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms RND (random): AES-CBC, Blowfish (for integers) with IV DET (deterministic): AES-CMC, Blowfish without IV JOIN : keyed cryptographic hash, with the additional property that hashes can be adjusted to change their keys without access to the plaintext (JOIN-ADJ)

  26. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms RND (random): AES-CBC, Blowfish (for integers) with IV DET (deterministic): AES-CMC, Blowfish without IV JOIN : keyed cryptographic hash, with the additional property that hashes can be adjusted to change their keys without access to the plaintext (JOIN-ADJ) OPE (order-preserving encryption): random mapping that preserves order, never before implemented

  27. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms RND (random): AES-CBC, Blowfish (for integers) with IV DET (deterministic): AES-CMC, Blowfish without IV JOIN : keyed cryptographic hash, with the additional property that hashes can be adjusted to change their keys without access to the plaintext (JOIN-ADJ) OPE (order-preserving encryption): random mapping that preserves order, never before implemented OPE-JOIN: must be known a priori, but is rare (50 out of 128,840 columns)

  28. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms RND (random): AES-CBC, Blowfish (for integers) with IV DET (deterministic): AES-CMC, Blowfish without IV JOIN : keyed cryptographic hash, with the additional property that hashes can be adjusted to change their keys without access to the plaintext (JOIN-ADJ) OPE (order-preserving encryption): random mapping that preserves order, never before implemented OPE-JOIN: must be known a priori, but is rare (50 out of 128,840 columns) HOM (homomorphic encryption): Paillier cryptosystem for summation

  29. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms RND (random): AES-CBC, Blowfish (for integers) with IV DET (deterministic): AES-CMC, Blowfish without IV JOIN : keyed cryptographic hash, with the additional property that hashes can be adjusted to change their keys without access to the plaintext (JOIN-ADJ) OPE (order-preserving encryption): random mapping that preserves order, never before implemented OPE-JOIN: must be known a priori, but is rare (50 out of 128,840 columns) HOM (homomorphic encryption): Paillier cryptosystem for summation SEARCH (word search): protocol of Song et al.

  30. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms

  31. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Used alorithms OPE can be speeded up by caching frequently used constants over diffrent keys HOM encryption can be speeded up by precomputing Paillier r n randomness

  32. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements

  33. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers

  34. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers In-proxy processing

  35. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers In-proxy processing Training mode

  36. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers In-proxy processing Training mode Onion re-encryption

  37. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers In-proxy processing Training mode Onion re-encryption Performance Optimizations

  38. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers In-proxy processing Training mode Onion re-encryption Performance Optimizations Developer Annotations

  39. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers In-proxy processing Training mode Onion re-encryption Performance Optimizations Developer Annotations Known query set

  40. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB features Security improvements Minimum onion layers In-proxy processing Training mode Onion re-encryption Performance Optimizations Developer Annotations Known query set Precomputing and caching for OPE and HOM

  41. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation CryptDB structure

  42. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Environment used for tests

  43. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Environment used for tests

  44. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Throughput 1

  45. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Throughput 2

  46. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Throughput 2 SUM (2x less) and UPDATE (1.6 less) requires HOM additions at server

  47. Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Processing times Proxy* - without precomputing and caching optimization

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CRYPTDB:PROTECTING CONFIDENTIALITY WITH ENCRYPTED QUERY PROCESSING Why

CRYPTDB:PROTECTING CONFIDENTIALITY WITH ENCRYPTED QUERY PROCESSING Why

RALUCA ADA POPA, CATHERINE M. S. REDFIELD, NICKOLAI ZELDOVICH, AND HARI BALAKRISHNAN MIT CSAIL CRYPTDB:PROTECTING CONFIDENTIALITY WITH ENCRYPTED QUERY PROCESSING Why

1.45k views • 123 slides
CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit:

CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit:

CS573 Data Privacy and Security CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit: Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL Problem Confidential

576 views • 31 slides
CryptDB: Processing Queries on an Encrypted Database Raluca Ada Popa, Catherine M. S. Redfield,

CryptDB: Processing Queries on an Encrypted Database Raluca Ada Popa, Catherine M. S. Redfield,

CryptDB: Processing Queries on an Encrypted Database Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL Problem } Confidential data leaks from databases (DB) } 2012: hackers extracted 6.5

465 views • 30 slides
PROPERTY-PRESERVING ENCRYPTION GRAD SEC NOV 07 2017 TODAYS PAPERS CRYPTDB BUILDING

PROPERTY-PRESERVING ENCRYPTION GRAD SEC NOV 07 2017 TODAYS PAPERS CRYPTDB BUILDING

PROPERTY-PRESERVING ENCRYPTION GRAD SEC NOV 07 2017 TODAYS PAPERS CRYPTDB BUILDING BLOCKS RND AES+CBC+random IV DET AES+CBC+fixed IV OPE x < y OPE K (x) < OPE K (y) HOM HOM K (x) * HOM K (y) = HOM K (x+y) Fully

793 views • 24 slides
MapReduce: Simplified Data Processing on Large Clusters J. Dean, S. Ghemawat, OSDI, 2004. Review

MapReduce: Simplified Data Processing on Large Clusters J. Dean, S. Ghemawat, OSDI, 2004. Review

MapReduce: Simplified Data Processing on Large Clusters J. Dean, S. Ghemawat, OSDI, 2004. Review by Mariana Marasoiu for R212 Motivation: Large scale data processing We want to: Extract data from large datasets Run on big clusters of

455 views • 22 slides
Dynamic analysis, reporting and visualization of data catalogs Use cases INSPIRE Dashboard for

Dynamic analysis, reporting and visualization of data catalogs Use cases INSPIRE Dashboard for

Dynamic analysis, reporting and visualization of data catalogs Use cases INSPIRE Dashboard for all Member States and EEA MedSea project at Ifremer INSPIRE Directive in Europe INSPIRE is based on the infrastructures for spatial information

679 views • 42 slides
Hash Tables Direct-Address Tables Hash Functions Universal Hashing Chaining Open Addressing

Hash Tables Direct-Address Tables Hash Functions Universal Hashing Chaining Open Addressing

Hash Tables Direct-Address Tables Hash Functions Universal Hashing Chaining Open Addressing CS 5633 Analysis of Algorithms Chapter 11: Slide 1 Direct-Address Tables Let U = { 0 , . . . , m 1 } , the set of possible keys. direct

424 views • 14 slides
Automated, Connected, Electric, Shared & Emerging Applications - Practical Implementation

Automated, Connected, Electric, Shared & Emerging Applications - Practical Implementation

Automated, Connected, Electric, Shared & Emerging Applications - Practical Implementation Opportunities for Local Governments 2018 FAV Summit by Charles A. Ramdatt, P.E., AICP November 28, 2018 SMART ORL

314 views • 9 slides
Not Your Parents Test Automation: Application of Non-Traditional Automation Presented by: Paul

Not Your Parents Test Automation: Application of Non-Traditional Automation Presented by: Paul

T9 Test Automation Thursday, May 3rd, 2018 11:15 AM Not Your Parents Test Automation: Application of Non-Traditional Automation Presented by: Paul Grizzaffi Magenic Brought to you by: 350 Corporate Way, Suite 400, Orange Park, FL 32073 888

544 views • 21 slides
HOW TO REPRESENT RELATIONS 2018. 11. 14 Naver TechTalk SNU Datamining Laboratory Sungwon, Lyu

HOW TO REPRESENT RELATIONS 2018. 11. 14 Naver TechTalk SNU Datamining Laboratory Sungwon, Lyu

HOW TO REPRESENT RELATIONS 2018. 11. 14 Naver TechTalk SNU Datamining Laboratory Sungwon, Lyu lyusungwon@dm.snu.ac.kr CONTENTS 1. Introduction 2. Relational Inductive Bias 3. Relational Network 4. Follow-up research 5. SARN: Sequential

602 views • 31 slides
SCIENCE & TECHNOLOGY OFFICE Overview of NASA Initiatives in 3D Printing and Additive

SCIENCE & TECHNOLOGY OFFICE Overview of NASA Initiatives in 3D Printing and Additive

https://ntrs.nasa.gov/search.jsp?R=20150002612 2017-12-09T18:11:09+00:00Z National Aeronautics and Space Administration SCIENCE & TECHNOLOGY OFFICE Overview of NASA Initiatives in 3D Printing and Additive Manufacturing 2014 DoD Maintenance

447 views • 28 slides
BBA 2015 (and 2016) 2016 2015 2014 Challenge Context - Deprivation BBA serves some of the most

BBA 2015 (and 2016) 2016 2015 2014 Challenge Context - Deprivation BBA serves some of the most

BBA 2015 (and 2016) 2016 2015 2014 Challenge Context - Deprivation BBA serves some of the most deprived students: Home Area Deprivation Rank Nottingham BBA BA Most deprived 10% 69.0% 31.9% 43.0% Most deprived 5% 53.1% 18.2% 23.6%

425 views • 27 slides
PROFILES IN COURAGE PROFILES IN COURAGE ECONOMICS, POLITICS, RISK & REALITY ECONOMICS,

PROFILES IN COURAGE PROFILES IN COURAGE ECONOMICS, POLITICS, RISK & REALITY ECONOMICS,

PROFILES IN COURAGE PROFILES IN COURAGE ECONOMICS, POLITICS, RISK & REALITY ECONOMICS, POLITICS, RISK & REALITY MARK BRESLIN MARK BRESLIN WWW.BRESLIN.BIZ WWW.BRESLIN.BIZ PROFILE IN COURAGE: PROFILE IN COURAGE: TRUTH TELLING TRUTH

619 views • 44 slides
The Cloud, Mobile and BYOD Security Opportunity with SurePassID Presentation for MSPs and MSSPs

The Cloud, Mobile and BYOD Security Opportunity with SurePassID Presentation for MSPs and MSSPs

The Cloud, Mobile and BYOD Security Opportunity with SurePassID Presentation for MSPs and MSSPs January 2014 SurePassID At A Glance Founded 2009 Headquartered in Orlando, FL 6 sales offices in North America, Europe and Asia

661 views • 17 slides
RDS/RD PRESENTATION MONROE BUS TRIP 2012 5/10/2012 MTE RDS Spreader 1 What is an RDS Body?

RDS/RD PRESENTATION MONROE BUS TRIP 2012 5/10/2012 MTE RDS Spreader 1 What is an RDS Body?

TRUCK & TRAILER Specialties Inc. RDS/RD PRESENTATION MONROE BUS TRIP 2012 5/10/2012 MTE RDS Spreader 1 What is an RDS Body? It is a multipurpose body designed to work and perform like any dump body, with the integration of a main

546 views • 26 slides
Top 10 Risks of the Clean Fill Dump Site Definition in Uxbridge and Scugog Site-Alteration

Top 10 Risks of the Clean Fill Dump Site Definition in Uxbridge and Scugog Site-Alteration

Top 10 Risks of the Clean Fill Dump Site Definition in Uxbridge and Scugog Site-Alteration By-laws commercial fill operation -means the placing or dumping of fill involving remuneration paid, or any other form of consideration

257 views • 25 slides
Highway Division 2018 Budget Presentation Recommended Budget 2017 2018 $ Change % Change

Highway Division 2018 Budget Presentation Recommended Budget 2017 2018 $ Change % Change

Highway Division 2018 Budget Presentation Recommended Budget 2017 2018 $ Change % Change Modified Recommended Expenditures $8,084,519 $7,422,357 -$662,162 -8.19% Revenues -$7,592,365 -$7,422,357 -$170,008 -2.24% Net Local

501 views • 14 slides
SOLID WASTE MANAGEMENT PLAN UPDATE PRESENTATION / NOVEMBER 17, 2017 Presented by: James A. Skora

SOLID WASTE MANAGEMENT PLAN UPDATE PRESENTATION / NOVEMBER 17, 2017 Presented by: James A. Skora

SOLID WASTE MANAGEMENT PLAN UPDATE PRESENTATION / NOVEMBER 17, 2017 Presented by: James A. Skora AGENDA Solid Waste Plan Schedule Appendix J Update Appendix N, P, Q, R, S, V Review Appendix O Review Next Steps NEW SOLID

595 views • 36 slides
Multiuser Channel Capacity Mohammad Rezaeian Research supervisor Dr. Alex Grant Institute for

Multiuser Channel Capacity Mohammad Rezaeian Research supervisor Dr. Alex Grant Institute for

Multiuser Channel Capacity Mohammad Rezaeian Research supervisor Dr. Alex Grant Institute for Telecommunications Research University of South Australia April 10, 2002 Overview Multiuser channels Capacity for

717 views • 23 slides
The -Capacity Region of AWGN Multiple Access Channels with Feedback Vincent Y. F. Tan (Joint

The -Capacity Region of AWGN Multiple Access Channels with Feedback Vincent Y. F. Tan (Joint

The -Capacity Region of AWGN Multiple Access Channels with Feedback Vincent Y. F. Tan (Joint work with Lan V. Truong and Silas L. Fong) National University of Singapore (NUS) SPCOM 2016, Bangalore Vincent Tan (NUS) AWGN MACs with Feedback

1.39k views • 96 slides
Water Resource Plan Relationships between the water resource plan and water sharing plan 5

Water Resource Plan Relationships between the water resource plan and water sharing plan 5

Macquarie-Castlereagh Water Resource Plan Relationships between the water resource plan and water sharing plan 5 December 2018 Introduction & Acknowledgement of Country Macquarie-Castlereagh WRP/ 4 December 2018 1 Agenda 1. Water

634 views • 38 slides
An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary

An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary

An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary Constellations Mehmet Ilter & Halim Yanikomeroglu September 4 th , 2014 A Fresh Start With These Questions Why do we need such an analysis depending on

382 views • 19 slides
5G: Convergence Between the Wireline and Wireless Providers Monday, February 11, 2019 webinar

5G: Convergence Between the Wireline and Wireless Providers Monday, February 11, 2019 webinar

5G: Convergence Between the Wireline and Wireless Providers Monday, February 11, 2019 webinar presentation by 5G: Convergence Between the Wireline and Wireless Providers Traditional cell sites cover areas measured in square miles The next

338 views • 23 slides
Performance Evaluation of Multi-Layered Space Frequency Time Codes for MIMO-OFDM Systems Dr.

Performance Evaluation of Multi-Layered Space Frequency Time Codes for MIMO-OFDM Systems Dr.

Performance Evaluation of Multi-Layered Space Frequency Time Codes for MIMO-OFDM Systems Dr. Samir Al-Ghadhban Assistant Prof. EE Dept, KFUPM, Saudi Arabia http://faculty.kfupm.edu.sa/ee/samir NCTT-MCP08 Aug, 2008 Outline Background

658 views • 21 slides

More recommend