PaaSword - Distributed Searchable Encryption Engine
-
Upload
paasword-eu-project -
Category
Software
-
view
52 -
download
1
Transcript of PaaSword - Distributed Searchable Encryption Engine
![Page 1: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/1.jpg)
www.paasword.eu
Distributed Searchable Encryption Engine
Innovathens 11/10/2016
![Page 2: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/2.jpg)
Outline
Objectives
Architecture and DB Transform
Example of an SQL Query in PaaSword
Improvements so far
PaaSword – WP4 (Database Encryption)18/11/2016 2
![Page 3: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/3.jpg)
Objectives
Improve Privacy in a transparent wayAutomatic encryption and decryption
Automatic distribution synthesis
Sufficient (but restricted) support for SQLMost important queries should be supported
EfficiencyAcceptable performance impact
PaaSword – WP4 (Database Encryption)18/11/2016 3
![Page 4: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/4.jpg)
Basic Idea
PaaSword18/11/2016 4
Client Cloud DBDB Proxy Cloud DBClient
Common (insecure) scenario Desired (secure) scenario
![Page 5: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/5.jpg)
DB Proxy Architecture
PaaSword18/11/2016 5
Data Index2Index1
SQL
SQLDatabaseProxy
(trusted)
SQL
Cloud(untrusted)
User / Application
Data(not encrypted)
Data (encrypted)
![Page 6: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/6.jpg)
Database Transformation
PaaSword18/11/2016 6
ID Name Surname City Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Howard Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Brussels 04.04.1985
ID Encrypted Data
1 Enc(Paul,Anderson,Athens,01.01.1979)
2 Enc(Howard,Miller,Karlsruhe,02.02.1974)
3 Enc(Henry,Cooper,Berlin,03.03.1980)
4 Enc(Henry,Jones,Brussels,04.04.1985)
Data
Keyword IDs
Name:Paul Enc(1)
Name:Howard Enc(2)
Name:Henry Enc(3,4)
Index1
Keyword IDs
Surname:Anderson Enc(1)
Surname:Miller Enc(2)
Surname:Cooper Enc(3)
Surname:Jones Enc(4)
Index2
Original
Association is hidden
![Page 7: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/7.jpg)
Example (1/4)
PaaSword18/11/2016 7
•SQL-Query:
•SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘
Data Index2Index1SELECT ID FROM Index1WHERE Keyword=‘Name:Henry‘
SELECT ID FROM Index2WHERE Keyword=‘Surname:Jones‘
transform query
ID Name Surname Stadt Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Hans Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Brussels 04.04.1983
Database Proxy
SELECT * FROM CustomersWHERE Name=‚Henry‘ ANDSurname=‚Jones‘
![Page 8: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/8.jpg)
Example (2/4)
PaaSword18/11/2016 8
•SQL-Query:
•SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘
Data Index2Index1
IDs Enc(3,4)
IDs Enc(4)
decrypt andcompute result
Database Proxy
ID 4
ID Name Surname Stadt Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Hans Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Brussels 04.04.1983
![Page 9: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/9.jpg)
Example (3/4)
PaaSword18/11/2016 9
•SQL-Query:
•SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘
Data Index2Index1SELECT * FROM DataWHERE ‘ID’ in {4}
retrieve relevantdata
ID Name Surname City Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Hans Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Brussels 04.04.1983
Database Proxy
ID Name Surname Stadt Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Hans Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Brussels 04.04.1983
![Page 10: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/10.jpg)
Example (4/4)
PaaSword18/11/2016 10
•SQL-Query:
•SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘
Data Index2Index1
Henry,Jones,Brussels,04.04.1983
decrypt andreturn result
Database Proxy
Enc(Henry,Jones,Brussels,04.04.1983)
ID Name Surname Stadt Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Hans Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Brussels 04.04.1983
![Page 11: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/11.jpg)
Improvements (1/2)
PaaSword18/11/2016 11
ID Name Surname City Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Howard Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Brussels 04.04.1985
ID Encrypted Data
1 Enc(Paul,Anderson,Athens,01.01.1979)
2 Enc(Howard,Miller,Karlsruhe,02.02.1974)
3 Enc(Henry,Cooper,Berlin,03.03.1980)
4 Enc(Henry,Jones,Brussels,04.04.1985)
Data
Keyword-Name IDs
Enc(Paul) Enc(1)
Enc(Howard) Enc(2)
Enc(Henry) Enc(3,4)
Index1
Keyword-Surname IDs
Enc(Anderson) Enc(1)
Enc(Miller) Enc(2)
Enc(Cooper) Enc(3)
Enc(Jones) Enc(4)
Index2
Original
Keyword Encryption
• AES (deterministic)
• Support for most query types
(excl. LIKE)
Index Distribution
• Index for same data type can be stored at different server
Data Distribution
Minimize exposure of sensitive information by careful distribution
![Page 12: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/12.jpg)
PaaSword18/11/2016 12
Improvements (2/2)
Feature Support Before PaaSword Current State
Index Encryption
Multiple Tables
Joins
Subselect
LIKE Partial *
Privacy Constraints
Data Distribution
* Only if index keyword is not encrypted
![Page 13: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/13.jpg)
Supported Statements
SELECT, UPDATE, INSERT, DELETE, DROP TABLE, ALTER TABLE
JoinsLeft/right, full/outer/inner, …
=, NOT, AND, OR, IN
LIKE (%)
SELECT (SELECT …) )
<, <=, >, >=
GROUP BY, LIMIT, AVG, SUM
PaaSword – WP4 (Database Encryption)18/11/2016 13
![Page 14: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/14.jpg)
Way forward
Extend SQL query support for encrypted index
Improve performance
Measure performance in different scenarios
Integrate into PaaSword framework
Include key management
PaaSword18/11/2016 14
![Page 15: PaaSword - Distributed Searchable Encryption Engine](https://reader034.fdocuments.in/reader034/viewer/2022042723/587163b51a28ab58758b4e31/html5/thumbnails/15.jpg)
PaaSword18/11/2016 15
Questions?
Visit us:
www.paasword.euAcknowledgements:This project has received funding from the
European Union’s Horizon 2020 research and innovation programme under grant
agreement No 644814.