Chip-Secured Data Access: Confidential Data on Untrusted Servers

The democratization of ubiquitous computing (access data anywhere, anytime, anyhow), the increasing connection of corporate databases to the Internet and the today's natural resort to Web-hosting companies strongly emphasize the need for data confidentiality. Database servers arouse user's suspicion because no one can fully trust traditional security mechanisms against more and more frequent and malicious attacks and no one can be fully confident on an invisible DBA administering confidential data. This paper gives an in-depth analysis of existing security solutions and concludes on the intrinsic weakness of the traditional server-based approach to preserve data confidentiality. With this statement in mind, we propose a solution called C-SDA (Chip-Secured Data Access), which enforces data confidentiality and controls personal privileges thanks to a client-based security component acting as a mediator between a client and an encrypted database. This component is embedded in a smartcard to prevent any tampering to occur. This cooperation of hardware and software security components constitutes a strong guarantee against attacks threatening personal as well as business data.

[1]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[2]  Matt Blaze,et al.  High-Bandwidth Encryption with Low-Bandwidth Smartcards , 1996, FSE.

[3]  Adam Shostack,et al.  Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards , 1999, Smartcard.

[4]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[5]  Patrick Biget The Vault, an Architecture for Smartcards to Gain Infinite Memory , 1998, CARDIS.

[6]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[7]  Joe Grand,et al.  Hack Proofing Your Network , 2002 .

[8]  Richard J. Lipton,et al.  Foundations of Secure Computation , 1978 .

[9]  P. Biget,et al.  Extended Memory Card , 1998 .

[10]  A. Bosselaers PKCS # 1 : RSA Encryption Standard , 1991 .

[11]  Josep Domingo-Ferrer Multi-application smart cards and encrypted data, processing , 1996, Future Gener. Comput. Syst..

[12]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[13]  Jean-Pierre Tual MASSC: a generic architecture for multiapplication smart cards , 1999, IEEE Micro.

[14]  David R. Mirza Ahmad Hack proofing your network , 2002 .

[15]  Luc Bouganim,et al.  PicoDBMS: Validation and Experience , 2001, VLDB.

[16]  R. Power CSI/FBI computer crime and security survey , 2001 .

[17]  Luc Bouganim,et al.  PicoDBMS: Scaling down database techniques for the smartcard , 2001, The VLDB Journal.

[18]  Min Wang,et al.  Cryptography and relational database management systems , 2001, Proceedings 2001 International Database Engineering and Applications Symposium.

[19]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[20]  Gerhard Weikum,et al.  Rethinking Database System Architecture: Towards a Self-Tuning RISC-Style Database System , 2000, VLDB.