Abstract
Cloud database services offer performance and storage advantages that local client platforms do not have, and become very appealing solutions. We list three approaches that address data privacy concerns that are associated with depositing sensitive data on remote platforms. Users can protect their data privacy by locally encrypting it before uploading to remote cloud servers. This prevents the servers from carrying out operations on the data, and also increases the networking overheads. Another approach uses a Trusted Execution Environments (TEE) to protect the data. Examples include OS containers, Virtual Machines or Intel's Software Guard Extension (SGX). This approach relies on the trustworthiness of the TEE for privacy and integrity of operations. The third approach is using Homomorhpic Encryption (HE) schemes. They can allow a remote platform to carry out computations on encrypted data, but are malleable. Adding authentication tags to database entries could solve this problem only if the server is in the user's trust domain. We present here a new combined model. It uses a TEE to guarantee the integrity and correctness of the database code and data, while the data itself is encrypted with some HE scheme. In this way, the malleability protection, achieved through the TEE, is decoupled from the privacy protection that is achieved through the HE. Of course, this comes at some performance costs, but the results of our demonstration, that uses SGX as the TEE and Paillier cryptosystem as the HE, indicate that the proposed combined solution is practical.
Original language | English |
---|---|
Title of host publication | MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017 |
Publisher | Association for Computing Machinery, Inc |
Pages | 85-88 |
Number of pages | 4 |
ISBN (Electronic) | 9781450351775 |
DOIs | |
State | Published - 30 Oct 2017 |
Event | 9th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2017 - Dallas, United States Duration: 30 Oct 2017 → … |
Publication series
Name | MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017 |
---|---|
Volume | 2017-January |
Conference
Conference | 9th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2017 |
---|---|
Country/Territory | United States |
City | Dallas |
Period | 30/10/17 → … |
Bibliographical note
Publisher Copyright:© 2017 Copyright held by the owner/author(s).
Keywords
- Cloud database
- Homomorphic encryption
- Paillier cryptosystem
- Secure guard extension
- Trusted execution environment
ASJC Scopus subject areas
- Computer Science Applications
- Information Systems