Arx: A Strongly Encrypted Database System

In recent years, encrypted databases have emerged as a promising direction that provides data confidentiality without sacrificing functionality: queries are executed on encrypted data. However, existing practical proposals rely on a set of weak encryption schemes that have been shown to leak sensitive data. In this paper, we propose Arx, the first practical and functionally rich database system that encrypts the data only with strong encryption schemes. Arx protects the database with the same level of security as regular AESbased encryption, which by itself is devoid of functionality. We show that Arx supports real applications such as ShareLatex and a health data cloud provider, and that its performance overhead is modest.

[1]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[2]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[3]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[4]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[5]  S. Rajsbaum Foundations of Cryptography , 2014 .

[6]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[7]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[8]  Ramarathnam Venkatesan,et al.  A secure coprocessor for database applications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[9]  Feifei Li,et al.  Authenticated Index Structures for Aggregation Queries , 2010, TSEC.

[10]  Rishabh Poddar,et al.  A Secure One-Roundtrip Index for Range Queries , 2016, IACR Cryptol. ePrint Arch..

[11]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[12]  Andreas Peter,et al.  A Survey of Provably Secure Searchable Encryption , 2014, ACM Comput. Surv..

[13]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[14]  Nickolai Zeldovich,et al.  An Ideal-Security Protocol for Order-Preserving Encoding , 2013, 2013 IEEE Symposium on Security and Privacy.

[15]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[16]  Adam Silberstein,et al.  Benchmarking cloud serving systems with YCSB , 2010, SoCC '10.

[17]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[18]  Robert K. Cunningham,et al.  Computing on masked data: a high performance method for improving big data veracity , 2014, 2014 IEEE High Performance Extreme Computing Conference (HPEC).

[19]  Vladimir Kolesnikov,et al.  On the limits of privacy provided by order-preserving encryption , 2012, Bell Labs Technical Journal.

[20]  Raluca A. Popa,et al.  Building practical systems that compute on encrypted data , 2014 .

[21]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[22]  Andreas Schaad,et al.  Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data , 2014, Sicherheit.

[23]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[24]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[25]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[26]  Cecilia R. Aragon,et al.  Randomized search trees , 2005, Algorithmica.

[27]  Srdjan Capkun,et al.  Verena: End-to-End Integrity Protection for Web Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[28]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[29]  Jonathan Katz,et al.  IntegriDB: Verifiable SQL for Outsourced Databases , 2015, CCS.

[30]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[31]  Hugo Krawczyk,et al.  Rich Queries on Encrypted Data: Beyond Exact Matches , 2015, ESORICS.

[32]  MacLane Wilkison,et al.  ZeroDB white paper , 2016, ArXiv.

[33]  Myungsun Kim,et al.  Better Security for Queries on Encrypted Databases , 2016, IACR Cryptol. ePrint Arch..

[34]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[35]  Rafail Ostrovsky,et al.  Black-Box Garbled RAM , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[36]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[37]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[38]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[39]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.