Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications backed by SQL databases. It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL. Chaining encryption keys to user passwords requires 11-13 unique schema annotations to secure more than 20 sensitive fields and 2-7 lines of source code changes for three multi-user web applications

References in zbMATH (referenced in 16 articles )

Showing results 1 to 16 of 16.
Sorted by year (citations)

  1. Sakellariou, Georgios; Gounaris, Anastasios: Homomorphically encrypted (k)-means on cloud-hosted servers with low client-side load (2019)
  2. Wei, Yu; Lv, Siyi; Guo, Xiaojie; Liu, Zheli; Huang, Yanyu; Li, Bo: FSSE: forward secure searchable encryption with keyed-block chains (2019)
  3. Zhang, Meng; Qi, Saiyu; Miao, Meixia; Zhang, Fuyou: Enabling compressed encryption for cloud based big data stores (2019)
  4. Ferretti, Luca; Marchetti, Mirco; Andreolini, Mauro; Colajanni, Michele: A symmetric cryptographic scheme for data integrity verification in cloud databases (2018)
  5. Kepner, Jeremy; Jananthan, Hayden: Mathematics of big data. Spreadsheets, databases, matrices, and graphs. With a foreword by Charles E. Leiserson (2018)
  6. Krell, Fernando; Ciocarlie, Gabriela; Gehani, Ashish; Raykova, Mariana: Low-leakage secure search for Boolean expressions (2017)
  7. Peng, Yanguo; Cui, Jiangtao; Li, Hui; Ma, Jianfeng: A reusable and single-interactive model for secure approximate (k)-nearest neighbor query in cloud (2017)
  8. Poh, Geong Sen; Baskaran, Vishnu Monn; Chin, Ji-Jian; Mohamad, Moesfa Soeheila; Lee, Kay Win; Maniam, Dharmadharshni; Z’aba, Muhammad Reza: Searchable data vault: encrypted queries in secure distributed cloud storage (2017)
  9. Yang, Ce; Zhang, Weiming; Yu, Nenghai: Semi-order preserving encryption (2017)
  10. Canetti, Ran; Chen, Yilei; Holmgren, Justin; Raykova, Mariana: Adaptive succinct garbled RAM or: how to delegate your database (2016)
  11. Chen, Peng; Ye, Jun; Chen, Xiaofeng: Efficient request-based comparable encryption scheme based on sliding window method (2016)
  12. De Capitani di Vimercati, Sabrina; Foresti, Sara; Livraga, Giovanni; Samarati, Pierangela: Practical techniques building on encryption for protecting and managing data in the cloud (2016)
  13. Derbeko, Philip; Dolev, Shlomi; Gudes, Ehud; Sharma, Shantanu: Security and privacy aspects in MapReduce on clouds: a survey (2016)
  14. Koppula, Venkata; Pandey, Omkant; Rouselakis, Yannis; Waters, Brent: Deterministic public-key encryption under continual leakage (2016)
  15. Xiang, Tao; Li, Xiaoguo; Chen, Fei; Guo, Shangwei; Yang, Yuanyuan: Processing secure, verifiable and efficient SQL over outsourced database (2016)
  16. Mercier, Hugues; Onica, Emanuel; Rivière, Etienne; Felber, Pascal: Performance/security tradeoffs for content-based routing supported by Bloom filters (2013)