cryptdb: protecting confidentiality with encrypted query ...lxiong/cs573_f16/share/... · db of...
TRANSCRIPT
![Page 1: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/1.jpg)
Li Xiong
CryptDB: Protecting Confidentiality
with Encrypted Query Processing
CS573 Data Privacy and Security
Slides credit: Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan
MIT CSAIL
![Page 2: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/2.jpg)
Application
DB ServerSQL
User 1
User 2
User 3
Confidential data leaks from databases
8M medical records compromised 2009-2011 [Homeland Sec.
News Wire,’11]
2012: hackers extracted 6.5 million hashed passwords from the
DB of LinkedIn
Sony Playstation Network, accessed 77 million user profiles
Problem
System
administrator
Threat 1: passive
DB server attacks
Threat 2: any attacks on all servers
Hackers
![Page 3: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/3.jpg)
CryptDB in a nutshell
Goal: protect confidentiality of data
1. Process SQL queries on encrypted data
2. Use fine-grained keys; chain these keys to user
passwords based on access control
Application
DB ServerSQL
Threat 1: passive DB
server attacks
Threat 2: any attacks on all servers
on encrypted data
User 1
User 2
User 3
![Page 4: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/4.jpg)
1. First practical DBMS to process most SQL queries
on encrypted data
Hide DB from sys. admins., outsource DB
2. Modest overhead: 26% throughput loss for TPC-C
Contributions
3. No changes to DBMS (e.g., Postgres, MySQL)
and no changes to applications
![Page 5: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/5.jpg)
salary
60
100
800
100
100 =
query
?
index
60
Unencrypted
databases
fast
insecure
FHE
[Gentry’09], [BV’11,12][GHS’12],..
…
100 800
salary
xa32601
x8199f3
x62d03b
xcef3f7
…
circuit
C
output
slow
strong security
salary
x4be2
x95c6
x2ea8
x17ce
x98aa =
query
?
index
x4be2
… x17ce x2ea8
CryptDB
fast
high degree
of security
query input
x24ab1c
Most SQL uses a limited
set of operationsSecurity: Reveal only
relations among data that
are required by classes of
queries issued
![Page 6: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/6.jpg)
Unencrypted
databases
fast
insecure
FHE
slow
strong security
salary
x4be2
x95c6
x2ea8
x17ce
x98aa =
query
?
index
x4be2
… x17ce x2ea8
CryptDB
fast
high degree
of security
Other work: weaker security, functionality, and/or efficiency:
Search on encrypted data (e.g., [Song et al.,’00])
Systems proposals (e.g., [Hacigumus et al.,’02])
Rewrite the DBMS, significant client-side processing
![Page 7: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/7.jpg)
System Setup
DB Servertransformed queryProxyplain query
Stores schema, master key
No data storage
No query execution
Under attack
Applicationdecrypted results encrypted results
Trusted
Process queries
completely at the DBMS,
on encrypted database
Process SQL queries on encrypted data
Encrypted DB
![Page 8: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/8.jpg)
col1/rank col2/name
table1/emp
SELECT * FROM emp
WHERE salary = 100
x934bc1
x5a8c34
x5a8c34
x84a21c
SELECT * FROM table1
WHERE col3 = x5a8c34Proxy
?x5a8c34
x5a8c34
?x5a8c34
x5a8c34
x4be219
x95c623
x2ea887
x17cea7
col3/salary
Application
60
100
800
100
Randomized
encryption
Deterministic
encryption
![Page 9: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/9.jpg)
col1/rank col2/name
table1 (emp)
x934bc1
x5a8c34
x5a8c34
x84a21c
x638e5
4
x638e5
4x922eb4
x1eab8
1
SELECT * FROM table1
WHERE col3 ≥ x638e54Proxy
x638e5
4
x922eb4
x638e5
4
col3/salary
Application
60
100
800
100
Deterministic
encryptionSELECT * FROM emp
WHERE salary ≥ 100
OPE (order)
encryption
![Page 10: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/10.jpg)
1. Use SQL-aware set of encryption schemes
Two techniques
Most SQL uses a limited set of operations
Having encryption schemes that covers most
common SQL operations
2. Adjust encryption of database based on
queries
• Different queries required that data to be
encrypted with different encryption schemes
![Page 11: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/11.jpg)
Encryption schemes
e.g., =, !=, IN,
COUNT, GROUP
BY, DISTINCT
Scheme
RND
HOM
DET
SEARCH
JOIN
OPE
Function
none
+, *
equality
join
word search
order
Construction
AES in CBC
AES in CMC
Paillier
our new scheme
Song et al.,‘00
Boldyreva et al.’09
first implementation
e.g., >, <, ORDER
BY, SORT, MAX,
MIN
restricted ILIKEFullword matching
Highest
Security
Equality matches bw
2 columns
e.g., sum
![Page 12: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/12.jpg)
Adjust (ti,Cmi): Cm (with )
Encrypt (SK, m, col i): Cmi (with ) - deterministic
JOIN Equality checks between two columns
Do not know columns to be joined a priori!
Correctness: adjustment yields correct join relations
col jcol i
Proxy
Join key col i – col j
KeyGen (sec. param): SK
Token (SK, col i, col j): (ti, tj)
![Page 13: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/13.jpg)
JOIN (cont’d)
Security: do not learn join relations without token
Implementation:
192 bits long, 0.52 ms encrypt, 0.56 ms adjust
col jcol i
Proxy
Join key col i – col j
![Page 14: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/14.jpg)
OPE
Preserve the order of ciphertext to remain as they were in
plaintext.
For example, for any secret key 𝐾, if 𝑥 < 𝑦, then
𝑂𝑃𝐸𝐾(𝑥) < 𝑂𝑃𝐸𝐾(𝑦). if a column is encrypted with 𝑂𝑃𝐸, the server can perform range
queries when given encrypted constants 𝑂𝑃𝐸𝐾(𝑐1) and 𝑂𝑃𝐸𝐾(𝑐2)corresponding to the range [𝑐1, 𝑐2].
OPE is a weaker encryption scheme than DET because it
reveals order
![Page 15: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/15.jpg)
Encryption schemes
Scheme
RND
HOM
DET
SEARCH
JOIN
OPE
Function
none
+, *
equality
join
word search
order
Construction
AES in CBC
AES in CMC
Paillier
our new scheme
Song et al.,‘00
Boldyreva et al.’09
Highest
Security
+ our new scheme
Functionality
![Page 16: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/16.jpg)
How to encrypt each data item?
Encryption schemes needed depend on queries
May not know queries ahead of time
Leaks order!
rank
ALL?
col1-
RND
col1-
HOM
col1-
SEARCH
col1-
DET
col1-
JOIN
col1-
OPE
‘CEO’
‘worker’
![Page 17: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/17.jpg)
int value
HOM
Onion Add
Onions of encryptions
value
JOIN
DET
RND
Onion Equality
Onion Search
Same key for all items in a column for same onion layer
Start out the database with the most secure encryption scheme
OReach
value
value
OPE-JOIN
OPE
RND
Onion Order
text value
SEARCH
Idea: To stack encryption schemes into onion of encryption
![Page 18: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/18.jpg)
Onions of encryptions
• Novel way to compactly store multiple ciphertextswithin each other in the database and avoid expensive re-encryptions
• Each value is dressed in layers of increasingly stronger encryption
• Each layer of each onion enables certain kinds of functionality
• For each layer of each onion, the proxy uses the same key for encrypting values in the same column and
• Different keys across tables, columns, onions, and onion layers
![Page 19: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/19.jpg)
Adjust encryption
Dynamically adjusts the layer of encryption on
the DBMS server
Strip off layers of the onions
Proxy gives keys to server using a SQL UDF
(“user-defined function”)
Proxy remembers onion layer for columns
Do not put back onion layer
![Page 20: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/20.jpg)
Example:
SELECT * FROM emp WHERE rank = ‘CEO’;
emp:
rank name salary
‘CEO’
‘worker’
‘CEO’
JOIN
DET
RND
Onion Equality
col1-
OnionEq
col1-
OnionOrder
col1-
OnionSearch
col2-
OnionEq
table 1:
……
…RND
RND
SEARCH RND
SEARCH RND
RND
RND
![Page 21: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/21.jpg)
Example (cont’d)
UPDATE table1 SET col1-OnionEq =
Decrypt_RND(key, col1-OnionEq);
‘CEO’
JOIN
DET
RND
SELECT * FROM table1 WHERE col1-OnionEq = xda5c0407;
DET
Onion Equality
RND
RND
SELECT * FROM emp WHERE rank = ‘CEO’;
DET
DET
col1-
OnionEq
col1-
OnionOrder
col1-
OnionSearch
col2-
OnionEq
table 1
……
…RND
RND
SEARCH RND
SEARCH RND
![Page 22: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/22.jpg)
• aggregation on a column HOM nothing
Confidentiality level
• equality predicate on a column DET repeats
• Never reveals plaintext
Queries encryption scheme exposed
common in practice
• no filter on a column RND nothing
amount of
leakage
Encryption schemes exposed for each column are the
most secure enabling queries
![Page 23: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/23.jpg)
Implementation
CryptDB
Proxy
Unmodified
DBMSCryptDB
SQL UDFs
(user-defined
functions)
Server
query
results
transformed query
encrypted results
SQL Interface
No change to the DBMS
Portable: from Postgres to MySQL with 86 lines
Application
no change to applications
![Page 24: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/24.jpg)
Evaluation
1. Does it support real queries/applications?
2. What is the resulting confidentiality?
3. What is the performance overhead?
![Page 25: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/25.jpg)
Queries not supported
More complex operators, e.g., trigonometry
Operations that require combining incompatible encryption schemes
e.g., T1.a + T1.b > T2.c
Extensions: split queries, precompute columns, or add new encryption schemes
![Page 26: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/26.jpg)
Real queries/applications
Application Total columns
Encrypted columns
phpBB 563 23
HotCRP 204 22
grad-apply 706 103
TPC-C 92 92
sql.mit.edu 128,840 128,840
# cols notsupported
0
0
0
0
1,094
SELECT 1/log(series_no+1.2) …
… WHERE sin(latitude + PI()) …
![Page 27: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/27.jpg)
Resulting confidentiality
Application Total columns
Encrypted columns
phpBB 563 23
HotCRP 204 22
grad-apply 706 103
TPC-C 92 92
sql.mit.edu 128,840 128,840
Min levelis RND
21
18
95
65
80,053
Min level is DET
1
1
6
19
34,212
Min level is OPE
1
2
2
8
13,131
Most columns at RND Most columns at
OPE analyzed
were less sensitive
![Page 28: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/28.jpg)
PerformanceDB server throughput
CryptDB
ProxyEncrypted
database
Application 1
CryptDB:
Plain
database
Application 1
MySQL:
CryptDB
ProxyApplication 2
Application 2
Latency
Hardware: 2.4 GHz Intel Xeon E5620 – 8 cores, 12 GB RAM
![Page 29: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/29.jpg)
TPC-C performance
Max.
Throughput
loss 26%
Latency (ms/query): 0.10 MySQL vs. 0.72 ms CryptDB
![Page 30: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/30.jpg)
TPC-C microbenchmarks
Encrypted DBMS is practical
No cryptography at the DB server in the steady state!
Homomorphic
addition
![Page 31: CryptDB: Protecting Confidentiality with Encrypted Query ...lxiong/cs573_f16/share/... · DB of LinkedIn Sony Playstation ... Search on encrypted data (e.g., [Song et al.,]) ... Onion](https://reader030.vdocuments.us/reader030/viewer/2022011916/5fdf0ad92db69462923f732d/html5/thumbnails/31.jpg)
Conclusions
1. The first practical DBMS for running most standard queries on encrypted data
2. Protects data of users logged out during attack even when all servers are compromised
3. Modest overhead and no changes to DBMS
CryptDB:
Website: http://css.csail.mit.edu/cryptdb/