SQL on an encrypted database: technical perspective

ClOUD SerViCeS are very popular today. One can rent platforms, software, or applications from companies like Amazon, Google, Microsoft, or Sales-force. But, whenever we rent their services, we trust these companies with our confidential data, ranging from benign personal email messages and pictures to highly sensitive financial data or medical records. There is some risk in trusting the cloud providers with sensitive data. A curious administrator may peek inside the data for amusement or for financial profit; a hacker may break into the cloud server and steal the entire data. So far, cloud service companies have been spared a major disaster and their users still trust them with data, but these companies are only one headline story away from a trust crisis. Currently, the only means for cloud companies to earn our trust is to have very strict internal policies for managing and restricting access to users' data, and to use conventional system security to resist hackers and external adversaries. Why not encrypt the data stored in cloud services? Once encrypted with the user's key, the data is safe from the curious administrator because he does not have the decryption key. Similarly , if a malicious attacker breaks into the system, he still does not have the decryption key. All data in the cloud system, persistent or transient, is encrypted, and the system never receives the secret key. Only after the data is returned to the user can it be decrypted by the user with her secret key. This sounds like an ideal solution for ensuring the confidentiality of data in the cloud. The problem is that without decryption keys, the cloud provider cannot perform general computations on the encrypted data. Thus, if the data is encrypted and the cloud service provider does not have the key, the service it can provide is very limited. The following paper by Popa, Red-field, Zeldovich, and Balakrishnan describes a system that allows encrypt-ed data to be processed without the decryption keys. Their solution is to have the data accessed only through a database system, and to use some specialized encryption techniques that perform limited computations directly on the ciphertext. The standard database query language SQL is strictly more limited than general-purpose languages like Java. Although it is impossible to execute a general Java program on encrypted data, computing over encrypted data is possible if the language is some fragment of SQL. The idea …