CryptSQLite: SQLite With High Data Security

SQLite, one of the most popular light-weighted database system, has been widely used in various systems. However, the compact design of SQLite did not make enough consideration on user data security. Specifically, anyone who has obtained the access to the database file will be able to read or tamper the data. Existing encryption-based solutions can only protect data on storage, while still exposing data when in computation. In this article, we combine the Trusted Execution Environment (TEE) technology and the authenticated encryption scheme, proposed and developed the CryptSQLite, a high security SQLite database system, which protects both the confidentiality and integrity of users’ data. Our security analysis proves that CryptSQLite can protect data confidentiality and integrity. Our implementation and experiments indicate that CryptSQLite incurs an average of 21 percent of extra time for SQL statement executions, compared with traditional encryption-based solutions that failed to offer rigorous security guarantees.

[1]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[2]  Dawn Xiaodong Song,et al.  Towards Practical Differential Privacy for SQL Queries , 2017, Proc. VLDB Endow..

[3]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[4]  Jianfeng Ma,et al.  Publicly verifiable database scheme with efficient keyword search , 2019, Inf. Sci..

[5]  Rishabh Poddar,et al.  Arx: A Strongly Encrypted Database System , 2016, IACR Cryptol. ePrint Arch..

[6]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[7]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[9]  Robert K. Cunningham,et al.  SoK: Cryptographically Protected Database Search , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[10]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[11]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[12]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[13]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[14]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[15]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions: EPID Provisioning and Attestation Services , 2016 .

[16]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[17]  Luc Bouganim,et al.  GhostDB: querying visible and hidden data without leaks , 2007, SIGMOD '07.

[18]  Jens Teubner,et al.  Data Processing on FPGAs , 2013, Proc. VLDB Endow..

[19]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[20]  Andreas Haeberlen,et al.  Big Data Analytics over Encrypted Datasets with Seabed , 2016, OSDI.

[21]  Rüdiger Kapitza,et al.  Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution , 2017, USENIX Security Symposium.

[22]  Tao Zhang,et al.  CryptSQLite: Protecting Data Confidentiality of SQLite with Intel SGX , 2017, 2017 International Conference on Networking and Network Applications (NaNA).

[23]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[24]  Stefano Paraboschi,et al.  SeSQLite: Security Enhanced SQLite: Mandatory Access Control for Android databases , 2015, ACSAC 2015.

[25]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[26]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[27]  Ramarathnam Venkatesan,et al.  Orthogonal Security with Cipherbase , 2013, CIDR.

[28]  Radek Vingralek,et al.  GnatDb: A Small-Footprint, Secure Database System , 2002, VLDB.

[29]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[30]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[31]  Jianfeng Ma,et al.  Strongly Secure and Efficient Range Queries in Cloud Databases under Multiple Keys , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[32]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).