Cloud database services offer performance and storage advantages that local client platforms do not have, and become very appealing solutions. We list three approaches that address data privacy concerns that are associated with depositing sensitive data on remote platforms. Users can protect their data privacy by locally encrypting it before uploading to remote cloud servers. This prevents the servers from carrying out operations on the data, and also increases the networking overheads. Another approach uses a Trusted Execution Environments (TEE) to protect the data. Examples include OS containers, Virtual Machines or Intel's Software Guard Extension (SGX). This approach relies on the trustworthiness of the TEE for privacy and integrity of operations. The third approach is using Homomorhpic Encryption (HE) schemes. They can allow a remote platform to carry out computations on encrypted data, but are malleable. Adding authentication tags to database entries could solve this problem only if the server is in the user's trust domain. We present here a new combined model. It uses a TEE to guarantee the integrity and correctness of the database code and data, while the data itself is encrypted with some HE scheme. In this way, the malleability protection, achieved through the TEE, is decoupled from the privacy protection that is achieved through the HE. Of course, this comes at some performance costs, but the results of our demonstration, that uses SGX as the TEE and Paillier cryptosystem as the HE, indicate that the proposed combined solution is practical.
|Title of host publication||MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017|
|Publisher||Association for Computing Machinery, Inc|
|Number of pages||4|
|State||Published - 30 Oct 2017|
|Event||9th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2017 - Dallas, United States|
Duration: 30 Oct 2017 → …
|Name||MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017|
|Conference||9th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2017|
|Period||30/10/17 → …|
Bibliographical noteFunding Information:
This research was supported by the Israel SCIENCE FOUNDATION (grant No. 1018/16), by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister's Office, by the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at the Tel Aviv University, and by the PQCRYPTO project, which was partially funded by the European Commission Horizon 2020 research Programme, grant #645622.
© 2017 Copyright held by the owner/author(s).
- Cloud database
- Homomorphic encryption
- Paillier cryptosystem
- Secure guard extension
- Trusted execution environment
ASJC Scopus subject areas
- Computer Science Applications
- Information Systems