!Oxymoron: Encrypted (Database) Search

Transcription

1 !Oxymoron: Encrypted (Database) Search Srinivasan Narayanamurthy (Srini) NetApp 1

2 Agenda Survey Homomorphic Encryption 101 Encrypted Search Tradeoffs Leakage Functionality Encrypted Databases 2

3 Survey Non-cryptographic methods Differential Privacy (Noise) Data Anonymization Data Fragmentation Secret-Sharing based methods Verifiable (collaborative) Order Preserving Index based methods Bucketization Order-preserving Searchable 3

4 Survey (Continued) Cryptographic Functional Encryption Searchable Encryption Secure-Multiparty Computation Homomorphic Cryptosystems Fully (FHE) Partial (PHE) State-of-the-art Systems Systems based on Homomorphic (CryptDB) Client-server splitting approaches (Monomi, Silverline) Trusted Hardware Systems (TrustedDB, Cipherbase) 4

5 Symmetric Encryption Key: a0b0c0d0e0f The quick brown fox jumps over the lazy dog Encrypt a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df Decrypt The quick brown fox jumps over the lazy dog Key: a0b0c0d0e0f 5 5

6 Asymmetric Encryption Public key: a0b0c0d0e0f The quick brown fox jumps over the lazy dog Encrypt a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df Decrypt The quick brown fox jumps over the lazy dog Private key: 47b6ffedc2be19bd5359c32bcfd8dff5 6 6

7 AES + CBC mode Key: a0b0c0d0e0f Initialization Vector (IV) The quick brown fox jumps over the lazy dog Key AES Key AES Key AES a7be1a6997a... b6ff744ed2c... 47f7f7bc Variable IV => Non-deterministic 7 7

8 AES + CBC mode (IV changes) Key: a0b0c0d0e0f Initialization Vector (IV) The quick brown fox jumps over the lazy dog Key AES Key AES Key AES fa63a2825b c4e0d86a7b... Variable IV => Non-deterministic 8 8

9 Non-deterministic Encryption Key: a0b0c0d0e0f The quick brown fox jumps over the lazy dog Encrypt a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df The quick brown fox jumps over the lazy dog Encrypt fa636a2825b339c940668a d b3fa6ed b6c 69c4e0d86a7b0430d8cdb78070b4c55a Key: a0b0c0d0e0f 9 Example: AES + CBC + Variable IV 9

10 AES + ECB mode The quick brown fox jumps over the lazy dog Key AES Key AES Key AES a7be1a6997a... b6ff744ed2c... 47f7f7bc Key: a0b0c0d0e0f

11 Deterministic Encryption Key: a0b0c0d0e0f The quick brown fox jumps over the lazy dog Encrypt a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df The quick brown fox jumps over the lazy dog Encrypt a7be1a6997ad739bd8c9ca451f618b61 b6ff744ed2c2c9bf6c590cbf0469bf41 47f7f7bc95353e03f96c32bcfd8058df Key: a0b0c0d0e0f 1 1 Example: AES + ECB 11

12 Order Preserving Encryption Value Enc (Value) 1 0x d5f50b2beffd9f3dca4ea7 2 0x0065fda789ef4e272bcf102787a x009b5708e13665a7de14d3d824ca9f15 4 0x04e062ff507458f9be ed654c 5 0x08db34fb1f807678d3f833c2194a759e xx ; yy EEnncc xx ; EEnncc' yy( Example: AES + FFX

13 Homomorphic Encryption Enc (1) 7ad5fda789ef4e272bca100b3d9ff59f bd6e7c3df2b5779e0b61216e8b10b689 +Enc Enc (2) 7a9f102789d5f50b2beffd9f3dca4ea7 Enc (1) Encryption key is not an input

14 The Spectrum Fully Homomorphic Encryption ( any function ) Impractical Partial Homomorphic Encryption Paillier Cryptosystem ( + ) Expensive ElGamal Cryptosystem ( x ) Order Preserving Encryption ( ) Deterministic Encryption ( = = ) Non-deterministic Encryption ( ) Practical

15 Performance Scheme Space for one integer (bits) Time for one operation Fully Homomorphic Encryption Paillier ElGamal 2 14 Cosmic time scales 2048 ~ ms Deterministic Encryption 128 ~ μs

16 Encrypted Search Tradeoffs Computation & Communication complexity E.g. sub-linear index Efficiency Leakage E.g. Index, search & access pattern Security Query expressiveness (equality, boolean, subset, range queries, inner products)

17 Is Encryption == Security? 17

18 Leakage Profile Characteristics Objects that leak Type of information leaked Which operation leaks Party that learns the leakage Examples Data objects, queries, query response (access control rules) Same value, Matches the intersection of two sets = (say equality) >, < (say, range) Provider, Querier, Server 18

19 Information leaked by Objects Information Structure Identifiers Predicates Equalities Order (or more) Examples String length, set cardinality, tree rep. of object Pointers to objects Additional information, say, a. within a common (known) range b. matches the intersection of 2 clauses within a query Objects that have same value Numerical/lexicographic ordering of objects, or perhaps even partial plaintext data 19

20 Queries on Encrypted Data Type of data Structured (DBs), Semi (XML/JSON) Unstructured Mixed Type of Queries Relational Algebra (SQL) Associative Arrays (NoSQL) Linear Algebra (NewSQL) Content-based Information Retrieval Examples Set (Union, Intersection, Difference, Cartesian product), Selection, Projection, Join (Semi-ring): Construction, Find, AA (+, x), AA Element-wise (x) Construction, Find, Matrix (+, x), Element-wise (x) Query-by-example, Fuzzy queries Exhaustive search Eg. filesystems Indexes SELECT * FROM patient WHERE (age > 40) AND (X-ray CONTAINS lung cancer ) 20

21 Base Queries Approach Description Examples Legacy Custom Obliv Modifies data insertions and query requests Special purpose protected indices Obscures object identifiers (say, pointers) Property (equality or order) preserving, boolean queries and joins by combining the results of PPE. (CryptDB) Inverted Index, Tree Traversal, Custom indices (Graph) ORAM 21

22 Composed Queries 22

23 Systems Landscape Full Homomorphic Partial Homomorphic CryptDB Monomi TrustedDB Cipherbase Non- Homomorphic Blob Store AWS GovCloud No Secure Location Client Secure Server Crypto Coprocessor FPGA 23

24 Encrypted Databases CryptDB Query-aware encryption schemes RND, HE, DET, OPE Architecture SQL-aware encryption Adjustable query-based encryption Chain cryptographic keys in user passwords Supports only 2 out of 22 queries in TPC-H Monomi (OLAP) Layout optimizer, Query planner Intermediate results. Ex.: SUM / GROUP BY / HAVING Supports 19 out of 22 queries 24

25 Summary Application security DBMS is only a part of the overall system stack Usability Clients need tools and interpretable security models to navigate security-performance tradeoffs Connections to other areas of security Data privacy, access-control, auditing 25

26 Thank you! 26