Chip-Secured Data Access: Reconciling Access Rights with Data Encryption

Publisher Summary The democratization of ubiquitous computing, the increasing connection of corporate databases to the Internet and the today's natural resort to Web hosting companies and Database Service Providers strongly emphasize the need for data confidentiality. The chapter proposes a solution called chip-secured data access (C-SDA), which allows querying encrypted data while controlling personal privileges. C-SDA is a client-based security component acting as an incorruptible mediator between a client and an encrypted database. This component is embedded into a smartcard to prevent any tampering to occur on the client side. This cooperation of hardware and software security components constitutes a strong guarantee against attacks and allows re-establishing the orthogonality between access right management and data encryption. A full-fledged prototype of C-SDA has been developed with the support of the French Agence Nationale pour la Valorisation de la Recherche (ANVAR agency). This prototype runs on an advanced javacard platform provided by Schlumberger.

[1]  Luc Bouganim,et al.  PicoDBMS: Scaling down database techniques for the smartcard , 2001, The VLDB Journal.

[2]  Min Wang,et al.  Cryptography and relational database management systems , 2001, Proceedings 2001 International Database Engineering and Applications Symposium.

[3]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[4]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[5]  Luc Bouganim,et al.  PicoDBMS: Validation and Experience , 2001, VLDB.

[6]  Gerhard Weikum,et al.  Rethinking Database System Architecture: Towards a Self-Tuning RISC-Style Database System , 2000, VLDB.

[7]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[8]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[9]  Jean-Pierre Tual MASSC: a generic architecture for multiapplication smart cards , 1999, IEEE Micro.

[10]  Patrick Biget The Vault, an Architecture for Smartcards to Gain Infinite Memory , 1998, CARDIS.

[11]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[12]  Adam Shostack,et al.  Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards , 1999, Smartcard.

[13]  R. Power CSI/FBI computer crime and security survey , 2001 .

[14]  Josep Domingo-Ferrer Multi-application smart cards and encrypted data, processing , 1996, Future Gener. Comput. Syst..

[15]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[16]  Luc Bouganim,et al.  Chip-Secured Data Access: Confidential Data on Untrusted Servers , 2002, VLDB.