CryptDB: processing information in the database without decrypting it
Researchers from MIT presented the CryptDB DBMS, which is able to efficiently serve queries to the SQL database — search, sort, mathematical functions, etc. — without decrypting the database records. Although this is not the first development of this kind, but because of unprecedented performance, experts believe CryptDB is the first one that is really suitable for practical use. It is assumed that such developments can find applications in cloud storage systems, which are particularly in need of cryptographic protection.
CryptDB Architecture
The approach implemented in CryptDB is called full homomorphic encryption. Craig Gentry , a cryptographer from IBM Research, proposed the first fully homomorphic model for a DBMS in 2009 ; it is homomorphic for multiplication and addition operations simultaneously, which makes it possible to express any mathematical function. True, there was one problem: the speed of operations compared to a conventional DBMS increased by about a trillion times.
On the other hand, CryptDB reduces the speed of most operations in the SQL database by only 15-26% compared with MySQL.
')
MIT researchers put productivity as their main priority, so they used different algorithms in their project, each of which best copes with a specific task. For example, RSA is used for multiplication of encrypted data, and Paillier is used for addition. For comparison and sorting operations, other schemes are used.
Actually, the most innovative part of CryptDB is the ability to switch on the fly between different cryptographic schemes, depending on the type of operation being performed. This is implemented due to the “onion” multistage encryption, when the data is encrypted in several layers by different algorithms. Each layer has its own key and its list of supported operations. The most reliable algorithms are used on the lower layer, and operations in the upper layers are possible without decoding the lower layers.
Unfortunately, CryptDB has certain limitations. For example, this system is not able to calculate the square root and does not support some other necessary operations with records. In addition, when decrypting the upper layers, the system gives the potential attacker some attributes of the database records. But this is more theoretical than practical flaws. In a published scientific paper, developers have evaluated the system on simple use cases: the database for the phpBB forum and the database for the educational web application at the university. According to their estimates, in these cases CryptDB performs about 99.5% of the required operations and does not give out any private information.
A private message transfer scheme in the phpBB forum using CryptDB ensures that only the sender and the recipient can see the message. If a potential attacker gains control of the forum, only private users with open sessions will see private messages.
CryptDB: Protecting Confidentiality with Encrypted Query Processing. Raluca Ada Popa, Catherine MS Redfield, Nickolai Zeldovich, Hari Balakrishnan MIT CSAIL
via Forbes
CryptDB Architecture
The approach implemented in CryptDB is called full homomorphic encryption. Craig Gentry , a cryptographer from IBM Research, proposed the first fully homomorphic model for a DBMS in 2009 ; it is homomorphic for multiplication and addition operations simultaneously, which makes it possible to express any mathematical function. True, there was one problem: the speed of operations compared to a conventional DBMS increased by about a trillion times.
On the other hand, CryptDB reduces the speed of most operations in the SQL database by only 15-26% compared with MySQL.
')
MIT researchers put productivity as their main priority, so they used different algorithms in their project, each of which best copes with a specific task. For example, RSA is used for multiplication of encrypted data, and Paillier is used for addition. For comparison and sorting operations, other schemes are used.
Actually, the most innovative part of CryptDB is the ability to switch on the fly between different cryptographic schemes, depending on the type of operation being performed. This is implemented due to the “onion” multistage encryption, when the data is encrypted in several layers by different algorithms. Each layer has its own key and its list of supported operations. The most reliable algorithms are used on the lower layer, and operations in the upper layers are possible without decoding the lower layers.
Unfortunately, CryptDB has certain limitations. For example, this system is not able to calculate the square root and does not support some other necessary operations with records. In addition, when decrypting the upper layers, the system gives the potential attacker some attributes of the database records. But this is more theoretical than practical flaws. In a published scientific paper, developers have evaluated the system on simple use cases: the database for the phpBB forum and the database for the educational web application at the university. According to their estimates, in these cases CryptDB performs about 99.5% of the required operations and does not give out any private information.
A private message transfer scheme in the phpBB forum using CryptDB ensures that only the sender and the recipient can see the message. If a potential attacker gains control of the forum, only private users with open sessions will see private messages.
CryptDB: Protecting Confidentiality with Encrypted Query Processing. Raluca Ada Popa, Catherine MS Redfield, Nickolai Zeldovich, Hari Balakrishnan MIT CSAIL
via Forbes
Source: https://habr.com/ru/post/134966/
All Articles