securedb - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/sdb presentation … ·...
TRANSCRIPT
![Page 1: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/1.jpg)
SecureDB A Secure Query Processing System in the Cloud
Group Member: Haibin LIN, Eric Supervisor: Prof Benjamin Kao Department of Computer Science, University of Hong Kong
![Page 2: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/2.jpg)
Overview
1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result
![Page 3: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/3.jpg)
Background
Cloud Service Provider (Server)
![Page 4: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/4.jpg)
Background
Client App
Data Owner(Client)
Query
Name Salary
Alice 20000
Bob 50000
Results
Cloud Service Provider (Server)
![Page 5: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/5.jpg)
The Problem
Cloud Service Provider (Server)
Client App
Data Owner(Client)
Query
Salary
20000
50000
Results
Administrator
Hacker Query processing is
NOT SECURE!
![Page 6: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/6.jpg)
Query Processor
Decrypt-Before-Query Approach
Cloud Service Provider (Server)
Client App
Query
Salary (Encrypted)
$Aa%df244
F@3dewqD I have to process
query myself!
Query
Results Encrypted Data
Data Owner(Client)
![Page 7: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/7.jpg)
Overview
1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result
![Page 8: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/8.jpg)
Related Work
1. Hardware Approach TrustedDB(2011)[1]
§ Based on trusted secure co-processor
§ Dedicated hardware for cryptographic
operation
![Page 9: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/9.jpg)
Related Work
Cloud Service Provider (Server)
Client App
Query
Salary (Encrypted)
$Aa%df244
F@3dewqD
Trusted Hardware
Key
Query
Encrypted Results
Encrypted Data
Data Owner(Client)
Key
![Page 10: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/10.jpg)
Related Work
1. Hardware Approach
Advantage Disadvantage
Strong Security Expensive Hardware
$$$$$$$$ Accepts any kind of query
TrustedDB(2011)
![Page 11: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/11.jpg)
Related Work
2. Software Approach a. Fully Homomorphic Encryption
§ Allows arbitrary computation on ciphertext without
knowing the key, including +, -, *, /, >, =, √ …
§ Limitation: Computationally Expensive
e.g. 30 minutes per bit operation(2011)[2]
![Page 12: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/12.jpg)
2. Software Approach b. CryptDB(2012)[3]
§ Multiple layers of partially homomorphic encryptions
Related Work
Encryption Layer E1 E2 E3
Operations Supported None Equality check Equality check
Ordering comparison
Security Level Strongest Strong Not secure against CPA
More secure, fewer operations supported
Less secure, more operations supported
![Page 13: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/13.jpg)
Query Type Example Supported?
Computation SELECT a * b FROM T
Comparison SELECT a, b FROM T WHERE a > b
Computation & Comparison SELECT a, b FROM T WHERE a * b > c
2. Software Approach b. CryptDB(2012)
§ Limitation: supports limited types of queries
Related Work
![Page 14: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/14.jpg)
What is SecureDB?
• SDB is a secure query processing system based on secret sharing
• Motivation 1. Runs on commodity hardware 2. Accepts a wide range of queries 3. Both efficient and secure! 4. Less effort for the client
![Page 15: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/15.jpg)
SDB Proxy
Key
What is SecureDB?
Server
Client App
Query Query
Results Encrypted Results
Client
Salary (Encrypted)
$Aa%df244
F@3dewqD
![Page 16: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/16.jpg)
Overview
1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result
![Page 17: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/17.jpg)
Secret Sharing ● Secret Sharing Scheme
o For a sensitive value V, we split it into
two shares: the encrypted value Ve
and the item key Vk
o One needs both Ve and Vk to recover
the value of V V = Decrypt(Ve, Vk)
Encrypted value, kept by server
Item key, kept by client
V
2
4
3
Ve Vk
9 8
22 32
34 32
Secret Sharing
![Page 18: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/18.jpg)
Secret Sharing ● Secret Sharing in SDB
o Encrypt sensitive values on a
column basis
o Add helper column r so that client
can compute item keys on the fly
Kept by server
V
2
4
3
Ve E(r)
9 E(1)
22 E(2)
34 E(32)
V r
2 1
4 2
3 32
Column Key <m, x>
Secret Sharing
Add Helper
Column
Vk = genItemKey(r, <m,x>)
Kept by client
![Page 19: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/19.jpg)
Computation Protocol ● Secure Computation Protocol
o For any operation on V (+, -, *, <, >, =), the server can complete
the operation without knowing column keys
o Includes client protocol and server protocol
SDB Proxy Key
Server
3. Query
5. Encrypted Results
Client App
1. Query
7. Results
Client 2. Client Protocol Execution
6. Decrypt Results 4. Server Protocol Execution
DBMS
![Page 20: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/20.jpg)
● Example: Secure protocol for multiplication
Computation Protocol
2. Server computes on the bulk encrypted data. Ce = Ae * Be mod n
1. Client computes a new column key. Ckc = <mA * mB, xA + xB>
3. Finally, client decrypts the encrypted result with Ckc
Client Server
![Page 21: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/21.jpg)
Challenge
● Every basic operator(e.g. *, +, >) has a unique protocol
● How to automate the execution process?
1. Build a new DBMS from scratch? Or
2. Incorporate these protocols with a existing
database system?
![Page 22: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/22.jpg)
Overview
1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result
![Page 23: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/23.jpg)
System Architecture ● SparkSQL: a cluster computing engine that supports SQL
● User Defined Function(UDF) & Query Rewrite
1
3
select A * B from T
select sdb_mul(A,B, …), row_id from T
![Page 24: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/24.jpg)
Why Query Rewrite & UDF? 1. Performance wise ● User Defined Function executed in the same address space of SparkSQL
=> Little memory copy, little network transfer and no IPC
2. Engineering wise
● Normal operators provided by SparkSQL
● Server side queries optimized by SparkSQL
● Machine failures, disk-based processing and parallelism handled by SparkSQL
![Page 25: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/25.jpg)
Overview
1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result
![Page 26: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/26.jpg)
SDB Proxy Components
Components of SDB Proxy ● Connector
● Key Store
● Query Processor Currently supports +, -, *, >, =, <, count(). ~18000 lines of Java code
Connector
SDB Proxy
Key Store
Application
![Page 27: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/27.jpg)
Query Parser ● Parse query strings into abstract syntax trees
SELECT quantity * price FROM product
![Page 28: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/28.jpg)
Semantic Analyser ● Transform abstract syntax trees into logical plan trees, access key store to
1. Verify if column is valid / sensitive 2. Annotate sensitive columns with column keys
![Page 29: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/29.jpg)
Query Rewriter 1. Identify and rewrite secure operators
![Page 30: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/30.jpg)
Query Rewriter 2. Transform logical plan trees into physical plan trees
![Page 31: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/31.jpg)
Query Executor
1. Submit rewritten queries to SparkSQL
2. Decrypt encrypted results
3. Return plaintext results via connector
![Page 32: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/32.jpg)
Overview
1. The Problem 2. Related Work 3. Theoretical Background 4. System Architecture 5. Component Implementation 6. Experiment Result
![Page 33: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/33.jpg)
Security Analysis
Security threats • Database (DB) Knowledge – See encrypted values stored on
servers’ disks
• Chosen Plaintext Attack (CPA) Knowledge – Select plaintext
values and observe encrypted values
• Query Result (QR) Knowledge – See queries submitted and the
encrypted results
![Page 34: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/34.jpg)
Security Analysis
Security Level in SDB • SDB generates 2048-bit column keys similar to RSA
• SDB is secure against DB + CPA threat and DB + QR
threat
• Limitation: secret sharing doesn’t support floating point
numbers
![Page 35: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/35.jpg)
Query Processor
Decrypt-Before-Query Approach
Cloud Service Provider (Server)
Client App
Query
Salary (Encrypted)
$Aa%df244
F@3dewqD Query processing is
NOT FAST!
Query
Results Encrypted Data
Data Owner(Client)
![Page 36: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/36.jpg)
Importance of Secret Sharing
SELECT A, B FROM T WHERE A < p, 1% selectivity
● Result a. Total Cost: SDB < DBQ
b. Client Cost: SDB << DBQ
● Compare with Decrypt-before-query(DBQ)
● Experiment Environment
• Client: 1 CPU
• Server: 8 CPU X 10 Machines
![Page 37: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/37.jpg)
Query Cost Breakdown
SELECT A, B from T WHERE A < q
● Server cost >> client cost ● Decrypt cost >> other client cost
● Future work: Encryption/Decryption optimization
![Page 38: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/38.jpg)
● Result
o ~180 times slower
o Computation cost of modular exponential is high
o Future work: UDF optimization
Overhead of Secure Operators ● Compare with SparkSQL
o Execute on plaintext, bypassing all secure operators
o Three types of queries § EC Range: SELECT A, B FROM T WHERE A < 100 § EE Range: SELECT A, B FROM T WHERE A < B § Count: SELECT count(A) FROM T WHERE A < 100
![Page 39: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/39.jpg)
![Page 40: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/40.jpg)
![Page 41: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/41.jpg)
Future Work
● Query expressiveness extension o Join, Cartesian product, SUM(), AVG()
o GroupBy, Having Clause
● Crypto optimization o Encryption/Decryption optimization
o UDF optimization
![Page 42: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/42.jpg)
Q&A
![Page 43: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/43.jpg)
Query Cost vs. Data Size
SELECT A, B from T WHERE A < q SELECT A, B from T WHERE A < B SELECT COUNT(A) from T WHERE A < q
![Page 44: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/44.jpg)
More on Query Rewrite ● What if multiple secure operators are involved?
R * (A - B) > 0
![Page 45: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/45.jpg)
sdb_compare(sdb_keyup(sdb_mul(r, sdb_add(a,b, ..), ..), ..), ..)
More on Query Rewrite ● What if multiple secure operators are involved?
![Page 46: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/46.jpg)
Demo Video
![Page 47: SecureDB - i.cs.hku.hki.cs.hku.hk/fyp/2014/fyp14008/sdb/documentation/SDB Presentation … · CryptDB(2012)[3]! Multiple layers of partially homomorphic encryptions Related Work Encryption](https://reader034.vdocuments.us/reader034/viewer/2022043001/5f7bfa1f22494d30fe5b7b7a/html5/thumbnails/47.jpg)
Reference [1] Bajaj, S., & Sion, R. (2014). TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality. Knowledge and Data Engineering, IEEE Transactions on, 26(3), 752-765. Chicago [2] Gentry, C., & Halevi, S. (2011). Implementing Gentry’s fully-homomorphic encryption scheme. In Advances in Cryptology–EUROCRYPT 2011 (pp. 129-148). Springer Berlin Heidelberg. [3] Popa, R. A., Redfield, C., Zeldovich, N., & Balakrishnan, H. (2012). CryptDB: Processing queries on an encrypted database. Communications of the ACM, 55(9), 103-111.