securedb
play

SecureDB A Secure Query Processing System in the Cloud Group - PowerPoint PPT Presentation

Dec 27, 2023 •280 likes •763 views

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric Supervisor: Prof Benjamin Kao Department of Computer Science, University of Hong Kong Overview 1. The Problem 2. Related Work 3. Theoretical Background 4.

  1. SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric Supervisor: Prof Benjamin Kao Department of Computer Science, University of Hong Kong

  2. Overview 1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result

  3. Background Cloud Service Provider (Server)

  4. Background Cloud Service Provider (Server) Data Owner(Client) Query Client App Results Name Salary Alice 20000 Bob 50000

  5. The Problem Cloud Service Provider (Server) Data Owner(Client) Query Client App Results Hacker Salary Query processing is 20000 NOT SECURE! Administrator 50000

  6. Decrypt-Before-Query Approach Cloud Service Provider (Server) Data Owner(Client) Query Query Query Client Processor App Results Encrypted Salary (Encrypted) Data $Aa%df244 I have to process query myself! F@3dewqD

  7. Overview 1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result

  8. Related Work 1. Hardware Approach TrustedDB(2011) [1] Based on trusted secure co-processor § Dedicated hardware for cryptographic § operation

  9. Related Work Cloud Service Provider (Server) Data Owner(Client) Query Trusted Query Client App Hardware Salary (Encrypted) Key Encrypted Encrypted Key Results Data $Aa%df244 F@3dewqD

  10. Related Work 1. Hardware Approach TrustedDB(2011) Advantage Disadvantage Strong Security Expensive Hardware $$$$$$$$ Accepts any kind of query

  11. Related Work 2. Software Approach a. Fully Homomorphic Encryption Allows arbitrary computation on ciphertext without § knowing the key, including +, -, *, /, >, =, √ … Limitation: Computationally Expensive § e.g. 30 minutes per bit operation(2011) [2]

  12. Related Work 2. Software Approach b. CryptDB(2012) [3] Multiple layers of partially homomorphic encryptions § Encryption Layer E1 E2 E3 Operations Equality check None Equality check Supported Ordering comparison Security Level Strongest Strong Not secure against CPA

  13. Related Work 2. Software Approach b. CryptDB(2012) Limitation: supports limited types of queries § Query Type Example Supported? Computation SELECT a * b FROM T Comparison SELECT a, b FROM T WHERE a > b Computation & Comparison SELECT a, b FROM T WHERE a * b > c

  14. What is SecureDB? • SDB is a secure query processing system based on secret sharing • Motivation 1. Runs on commodity hardware 2. Accepts a wide range of queries 3. Both efficient and secure! 4. Less effort for the client

  15. What is SecureDB? Server Client Query Query Client SDB Proxy App Salary (Encry pted) Results Key Encrypted Results $Aa%df244 F@3dewqD

  16. Overview 1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result

  17. Secret Sharing ● Secret Sharing Scheme o For a sensitive value V, we split it into V e V k V Secret two shares: the encrypted value V e Sharing 9 8 2 and the item key V k 22 32 4 34 32 3 o One needs both V e and V k to recover the value of V V = Decrypt(V e , V k ) Encrypted value, Item key, kept by server kept by client

  18. Secret Sharing ● Secret Sharing in SDB Add o Encrypt sensitive values on a V V r V e E(r) Secret Helper Sharing 2 Column 2 1 column basis 9 E(1) 4 4 2 22 E(2) o Add helper column r so that client 3 3 32 34 E(32) can compute item keys on the fly Column Key V k = genItemKey(r, <m,x>) <m, x> Kept by server Kept by client

  19. Computation Protocol ● Secure Computation Protocol For any operation on V (+, -, *, <, >, =), the server can complete o the operation without knowing column keys Includes client protocol and server protocol o Client Server 2. Client Protocol Execution DBMS 3. Query 1. Query Client SDB Proxy App Key 7. Results 5. Encrypted Results 4. Server Protocol Execution 6. Decrypt Results

  20. Computation Protocol ● Example: Secure protocol for multiplication 1. Client computes a new column key. Ckc = <m A * m B , x A + x B > 2. Server computes on the bulk encrypted data. C e = A e * B e mod n 3. Finally, client decrypts the encrypted result with Ckc Server Client

  21. Challenge ● Every basic operator(e.g. *, +, >) has a unique protocol ● How to automate the execution process? 1. Build a new DBMS from scratch? Or 2. Incorporate these protocols with a existing database system?

  22. Overview 1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result

  23. System Architecture ● SparkSQL: a cluster computing engine that supports SQL ● User Defined Function(UDF) & Query Rewrite select A * B from T 1 select sdb_mul(A,B, … ) , row_id 3 from T

  24. Why Query Rewrite & UDF? 1. Performance wise ● User Defined Function executed in the same address space of SparkSQL => Little memory copy, little network transfer and no IPC 2. Engineering wise ● Normal operators provided by SparkSQL ● Server side queries optimized by SparkSQL ● Machine failures, disk-based processing and parallelism handled by SparkSQL

  25. Overview 1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result

  26. SDB Proxy Components Components of SDB Proxy Application Connector ● Connector ● Key Store ● Query Processor Currently supports +, -, *, >, =, <, count(). ~18000 lines of Java code Key Store SDB Proxy

  27. Query Parser ● Parse query strings into abstract syntax trees SELECT quantity * price FROM product

  28. Semantic Analyser ● Transform abstract syntax trees into logical plan trees, access key store to 1. Verify if column is valid / sensitive 2. Annotate sensitive columns with column keys

  29. Query Rewriter 1. Identify and rewrite secure operators

  30. Query Rewriter 2. Transform logical plan trees into physical plan trees

  31. Query Executor 1. Submit rewritten queries to SparkSQL 2. Decrypt encrypted results 3. Return plaintext results via connector

  32. Overview 1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result

  33. Security Analysis Security threats • Database (DB) Knowledge – See encrypted values stored on servers’ disks • Chosen Plaintext Attack (CPA) Knowledge – Select plaintext values and observe encrypted values • Query Result (QR) Knowledge – See queries submitted and the encrypted results

  34. Security Analysis Security Level in SDB • SDB generates 2048-bit column keys similar to RSA • SDB is secure against DB + CPA threat and DB + QR threat • Limitation: secret sharing doesn’t support floating point numbers

  35. Decrypt-Before-Query Approach Cloud Service Provider (Server) Data Owner(Client) Query Query Query Client Processor App Results Encrypted Salary (Encrypted) Data $Aa%df244 Query processing is NOT FAST! F@3dewqD

  36. Importance of Secret Sharing ● Compare with Decrypt-before-query(DBQ) ● Experiment Environment • Client: 1 CPU • Server: 8 CPU X 10 Machines ● Result a. Total Cost: SDB < DBQ b. Client Cost: SDB << DBQ SELECT A, B FROM T WHERE A < p, 1% selectivity

  37. Query Cost Breakdown ● Server cost >> client cost ● Decrypt cost >> other client cost ● Future work: Encryption/Decryption optimization SELECT A, B from T WHERE A < q

  38. Overhead of Secure Operators ● Compare with SparkSQL Execute on plaintext, bypassing all secure operators o Three types of queries o § EC Range: SELECT A, B FROM T WHERE A < 100 § EE Range: SELECT A, B FROM T WHERE A < B § Count: SELECT count(A) FROM T WHERE A < 100 ● Result ~180 times slower o Computation cost of modular exponential is high o Future work: UDF optimization o

  41. Future Work ● Query expressiveness extension o Join, Cartesian product, SUM(), AVG() o GroupBy, Having Clause ● Crypto optimization o Encryption/Decryption optimization o UDF optimization

  42. Q&A

  43. Query Cost vs. Data Size SELECT COUNT(A) from T WHERE A < q SELECT A, B from T WHERE A < q SELECT A, B from T WHERE A < B

  44. More on Query Rewrite ● What if multiple secure operators are involved? R * (A - B) > 0

  45. More on Query Rewrite ● What if multiple secure operators are involved? sdb_compare(sdb_keyup(sdb_mul(r, sdb_add(a,b, ..), ..), ..), ..)

  46. Demo Video

  47. Reference [1] Bajaj, S., & Sion, R. (2014). TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality. Knowledge and Data Engineering, IEEE Transactions on, 26(3), 752-765. Chicago [2] Gentry, C., & Halevi, S. (2011). Implementing Gentry’s fully-homomorphic encryption scheme. In Advances in Cryptology–EUROCRYPT 2011 (pp. 129-148). Springer Berlin Heidelberg. [3] Popa, R. A., Redfield, C., Zeldovich, N., & Balakrishnan, H. (2012). CryptDB: Processing queries on an encrypted database. Communications of the ACM, 55(9), 103-111.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Round5 with ring lifting CWG, September 14, 2018 Sauvik Bhattacharya, Scott Fluhrer, Oscar

Round5 with ring lifting CWG, September 14, 2018 Sauvik Bhattacharya, Scott Fluhrer, Oscar

Round5 with ring lifting CWG, September 14, 2018 Sauvik Bhattacharya, Scott Fluhrer, Oscar Garcia-Morchon, Mike Hamburg, Thijs Laarhoven, Ronald Rietman, Markku-Juhani O. Saarinen, Ludo Tolhuizen, Zhenfei Zhang 1 / 1 Outline 2 / 1

463 views • 25 slides
Attacks on Stream Ciphers: A Perspective Palash Sarkar Applied Statistics Unit Indian

Attacks on Stream Ciphers: A Perspective Palash Sarkar Applied Statistics Unit Indian

Attacks on Stream Ciphers: A Perspective Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in First Asian Workshop on Symmetric Key Cryptography ASK 2011, 30th August 2011 isilogo Palash

1.76k views • 148 slides
Eli Biham Presented by: Nael Masalha Outline Introduction LOKI89 Related Keys

Eli Biham Presented by: Nael Masalha Outline Introduction LOKI89 Related Keys

New Types of Cryptanalytic Attacks Using Related Keys Eli Biham Presented by: Nael Masalha Outline Introduction LOKI89 Related Keys Chosen Key Attack Chosen plaintext attack Summary Introduction The author studies

612 views • 21 slides
Known plaintext attack on encrypted ZIP files Barosan Dragos Laurentiu Supervisor: Armijn Hemel

Known plaintext attack on encrypted ZIP files Barosan Dragos Laurentiu Supervisor: Armijn Hemel

University of Amsterdam System and Network Engineering Known plaintext attack on encrypted ZIP files Barosan Dragos Laurentiu Supervisor: Armijn Hemel Why? There is no open source implementation Source Code available for PkCrack by

837 views • 19 slides
SNOW V: A new version of SNOW for 5G Patrik Ekdahl 2 , Thomas Johansson 1 , Alexander Maximov 2 ,

SNOW V: A new version of SNOW for 5G Patrik Ekdahl 2 , Thomas Johansson 1 , Alexander Maximov 2 ,

SNOW V: A new version of SNOW for 5G Patrik Ekdahl 2 , Thomas Johansson 1 , Alexander Maximov 2 , Jing Yang 1 1 Department of Electrical and Information Technology, Lund University 2 Ericsson Research, Ericsson Outline Motivation Motivation

497 views • 36 slides
Arizona Department of Agriculture Agricultural Consultation and Training SPECIALTY CROP BLOCK

Arizona Department of Agriculture Agricultural Consultation and Training SPECIALTY CROP BLOCK

Arizona Department of Agriculture Agricultural Consultation and Training SPECIALTY CROP BLOCK GRANT PROGRAM FARM BILL (SCBGP-FB) PRE-AWARD WORKSHOP L I S A A . J A M E S G R A N T P R O G R A M M A N A G E R A S H L E Y E S T E S ( W

884 views • 69 slides
Club Officer Training 2016-2017 Good Job at Club Rush!! Agenda 1. Club Officer Job Description

Club Officer Training 2016-2017 Good Job at Club Rush!! Agenda 1. Club Officer Job Description

Club Officer Training 2016-2017 Good Job at Club Rush!! Agenda 1. Club Officer Job Description 2. How to Run a Club Meeting 3. Calendar of Events 4. How to Promote Your Club 5. Fundraising and Finances 6. Club Expectations/Gold Clubs

259 views • 24 slides
Welcome to Welcome to Our Lady of Grace Our Lady of Grace Our Lady of Grace Church, Parkton, MD

Welcome to Welcome to Our Lady of Grace Our Lady of Grace Our Lady of Grace Church, Parkton, MD

Welcome to Welcome to Our Lady of Grace Our Lady of Grace Our Lady of Grace Church, Parkton, MD Our Lady of Grace Church, Parkton, MD A Thumbnail History A Thumbnail History A Thumbnail History A Thumbnail History Hereford Hereford

528 views • 26 slides
Downtown Strong Youngsville, NC 1 Youngsville, NC Franklin County Population: 1200 2 What

Downtown Strong Youngsville, NC 1 Youngsville, NC Franklin County Population: 1200 2 What

Downtown Strong Youngsville, NC 1 Youngsville, NC Franklin County Population: 1200 2 What is Downtown Strong? Downtown Strong is a new initiative of the North Carolina Department of Commerce, NC Main Street and Rural Planning Center. The

620 views • 27 slides
Medicare, Medicaid and Private Health Insurer Liens in Personal Injury Cases Negotiating

Medicare, Medicaid and Private Health Insurer Liens in Personal Injury Cases Negotiating

Presenting a live 90-minute webinar with interactive Q&amp;A Medicare, Medicaid and Private Health Insurer Liens in Personal Injury Cases Negotiating Healthcare Liens or Claims for Reimbursement and Maximizing Settlement Awards TUES DAY, AUGUS

1.56k views • 132 slides
WEST RYDE ROVERS CRICKET CLUB SECRETARYS REPORT SEASON 2015/6 The 2015-6 season improved on our

WEST RYDE ROVERS CRICKET CLUB SECRETARYS REPORT SEASON 2015/6 The 2015-6 season improved on our

WEST RYDE ROVERS CRICKET CLUB SECRETARYS REPORT SEASON 2015/6 The 2015-6 season improved on our successful 2014/5 season and credit goes to our hard working committee, the resolve of our coaches; the continued dedication and skills of our

863 views • 24 slides
Project Plan Learning Activity Capture The Capstone Experience Team TechSmith Michael Quiroga

Project Plan Learning Activity Capture The Capstone Experience Team TechSmith Michael Quiroga

Project Plan Learning Activity Capture The Capstone Experience Team TechSmith Michael Quiroga David Jones Anthony Kazyaka Joseph Lindlbauer Department of Computer Science and Engineering Michigan State University Fall 2013 From Students

265 views • 13 slides
Joint experimentation of modern Internet application Dr. Ioannis Giannoulakis Eight Bells Ltd

Joint experimentation of modern Internet application Dr. Ioannis Giannoulakis Eight Bells Ltd

Joint experimentation of modern Internet application Dr. Ioannis Giannoulakis Eight Bells Ltd giannoul@8bellsresearch.com protocols with SDN www.8bellsresearch.com (Go-Quick) Fed4FIRE+ Open Calls March 15th, Paris, France WWW.FED4FIRE.EU

1.3k views • 15 slides
INTERIM RESULTS FOR THE SIX MONTHS ENDED 31 MARCH 2018 DISCLAIMER These Presentation Materials

INTERIM RESULTS FOR THE SIX MONTHS ENDED 31 MARCH 2018 DISCLAIMER These Presentation Materials

INTERIM RESULTS FOR THE SIX MONTHS ENDED 31 MARCH 2018 DISCLAIMER These Presentation Materials are for information purposes only and must not be used or relied upon for the purpose of making any investment decision or engaging in any investment

562 views • 39 slides
Schoogle 21st Century Learning Spaces How Google Chrome is becoming a platform for instruction

Schoogle 21st Century Learning Spaces How Google Chrome is becoming a platform for instruction

Schoogle 21st Century Learning Spaces How Google Chrome is becoming a platform for instruction Chrome &amp; Chromebooks Montgomery County Public Schools 2014-2016 Strategic Technology Plan The 21st Century Learning Spaces initiative focuses

246 views • 9 slides
A WEEK TO REMEMBER THE IMPACT OF BROWSER WARNING STORAGE POLICIES JOEL WEINBERGER &amp; ADRIENNE

A WEEK TO REMEMBER THE IMPACT OF BROWSER WARNING STORAGE POLICIES JOEL WEINBERGER &amp; ADRIENNE

A WEEK TO REMEMBER THE IMPACT OF BROWSER WARNING STORAGE POLICIES JOEL WEINBERGER &amp; ADRIENNE PORTER FELT When someone clicks through an HTTPS warning, how long should the browser store that decision for? WHY DO WE CARE? REAL FALSE

650 views • 39 slides
A N N U A L R E S U LT S for the year ended 30 September 2017 DISCLAIMER These Presentation

A N N U A L R E S U LT S for the year ended 30 September 2017 DISCLAIMER These Presentation

A N N U A L R E S U LT S for the year ended 30 September 2017 DISCLAIMER These Presentation Materials are for information purposes only and must not be used or relied upon for the purpose of making any investment decision or engaging in any

484 views • 26 slides
Post Message Vulnerabilities in Chrome By Alfred Zhong, Trevor Hornung Why use extensions?

Post Message Vulnerabilities in Chrome By Alfred Zhong, Trevor Hornung Why use extensions?

Post Message Vulnerabilities in Chrome By Alfred Zhong, Trevor Hornung Why use extensions? Extensions extend the functionality of the web browser. They usually serve a single purpose that is narrowly defined and easy to understand. Some of

732 views • 20 slides
(c) 2016 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015

(c) 2016 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015

(c) 2016 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2016 Fabbian USA Corp. (c) 2017 Fabbian USA Corp. (c) 2017 Fabbian USA

513 views • 35 slides
EVALUATING WINDOWS 10: LEARN WHY YOUR USERS NEED GPU ACCELERATION Erik Bohnhorst, Manager,

EVALUATING WINDOWS 10: LEARN WHY YOUR USERS NEED GPU ACCELERATION Erik Bohnhorst, Manager,

EVALUATING WINDOWS 10: LEARN WHY YOUR USERS NEED GPU ACCELERATION Erik Bohnhorst, Manager, ProViz Performance Engineering, NVIDIA Nachiket Karmarkar, Senior Performance Engineer, NVIDIA WINDOWS 10 VDI USER TESTING CPU only vs GPU-Accelerated

397 views • 26 slides
Financ ance T Traini ning ng Wednesday, February 13 th , 2019 Faculty Club Agenda Welcome

Financ ance T Traini ning ng Wednesday, February 13 th , 2019 Faculty Club Agenda Welcome

Financ ance T Traini ning ng Wednesday, February 13 th , 2019 Faculty Club Agenda Welcome and Introductions Finance Overview Chrome River General Information Travel and Invoices PCard Cash

687 views • 30 slides
The Gen Generati tion a n and U Use e of TLS F Fingerprints ts Blake Anderson, PhD; David

The Gen Generati tion a n and U Use e of TLS F Fingerprints ts Blake Anderson, PhD; David

The Gen Generati tion a n and U Use e of TLS F Fingerprints ts Blake Anderson, PhD; David McGrew, PhD; Keith Schomburg Cisco Reducing the Visibility Gap ? ? VM TLS Fingerprinting Overview TLS parameters offered in the ClientHello

667 views • 24 slides
Truck Bumpers Overview Alliance value &amp; warranty Truly ALL MAKES offering 155+

Truck Bumpers Overview Alliance value &amp; warranty Truly ALL MAKES offering 155+

Truck Bumpers Overview Alliance value &amp; warranty Truly ALL MAKES offering 155+ models available The most styles to choose Industry-leading customization Short lead times Made in the USA 2 Makes Available WHITE-GMC

419 views • 17 slides
So here we are again What does PDF Stand for? Kindle App for Reading PDFs So, what can you

So here we are again What does PDF Stand for? Kindle App for Reading PDFs So, what can you

So here we are again What does PDF Stand for? Kindle App for Reading PDFs So, what can you save??? What to HOW?? PC: -- MS Word (for a Word doc) -- CutePDF -- Screen Shot/ File Shot (Chrome extension) iOS: -- Office Suite -- Good

787 views • 52 slides

More recommend