Performance trade-offs on a secure multi-party relational database

The privacy of information is an increasing concern of software applications users. This concern was caused by attacks to cloud services over the last few years, that have leaked confidential information such as passwords, emails and even private pictures. Once the information is leaked, the users and software applications are powerless to contain the spread of information and its misuse. With databases as a central component of applications that store almost all of their data, they are one of the most common targets of attacks. However, typical deployments of databases do not leverage security mechanisms to stop attacks and do not apply cryptographic schemes to protect data. This issue has been tackled by multiple secure databases that provide trade-offs between security, query capabilities and performance. Despite providing stronger security guarantees, the proposed solutions still entrust their data to a single entity that can be corrupted or hacked. Secret sharing can solve this problem by dividing data in multiple secrets and storing each secret at a different location. The division is done in such a way that if one location is hacked, no information can be leaked. Depending on the protocols used to divide data, functions can be computed over this data through secure protocols that do not disclose information or actually know which values are being calculated. We propose a SQL database prototype capable of offering a trade-off between security and query latency by using a different secure protocol. An evaluation of the protocols is also performed, showing that our most relaxed protocol has an improvement of 5+ on the query latency time over the original protocol.

[1]  Alexandra Boldyreva,et al.  Provably-Secure Schemes for Basic Query Support in Outsourced Databases , 2007, DBSec.

[2]  Sheng Zhong,et al.  Privacy-Preserving Queries on Encrypted Data , 2006, ESORICS.

[3]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[4]  Dan Bogdanov,et al.  High-performance secure multi-party computation for data mining applications , 2012, International Journal of Information Security.

[5]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[6]  João Paulo,et al.  SafeRegions: Performance Evaluation of Multi-party Protocols on HBase , 2016, 2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW).

[7]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[8]  Dan Bogdanov Sharemind: programmable secure computations with practical applications , 2013 .

[9]  Riivo Talviste,et al.  From Oblivious AES to Efficient and Secure Database Join in the Multiparty Setting , 2013, ACNS.

[10]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[11]  Siu-Ming Yiu,et al.  Secure query processing with data interoperability in a cloud database environment , 2014, SIGMOD Conference.

[12]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.