CryptSQLite: Protecting Data Confidentiality of SQLite with Intel SGX

Protecting data confidentiality for database systems is a critical but challenging problem. In this paper, we propose a novel architecture to address this problem by combining Intel Software Guard Extensions (SGX) technology and the symmetric encryption scheme. Based on the proposed architecture, we use SQLite, a lightweight database system, as a study case and propose CryptSQLite to protect its data confidentiality. Our security analysis showed that CryptSQLite can protect the data confidentiality against attacks from outside attackers, malicious insiders, and malicious neighboring users. We further developed a prototype system based on the design. Our experimental results showed that CryptSQLite is a viable solution and incurs a moderate performance overhead.

[1]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[2]  Andreas Haeberlen,et al.  Big Data Analytics over Encrypted Datasets with Seabed , 2016, OSDI.

[3]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[4]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[5]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[6]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[7]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[8]  Jens Teubner,et al.  Data Processing on FPGAs , 2013, Proc. VLDB Endow..

[9]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[10]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[11]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[12]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[13]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions: EPID Provisioning and Attestation Services , 2016 .

[14]  Luc Bouganim,et al.  GhostDB: querying visible and hidden data without leaks , 2007, SIGMOD '07.

[15]  Robert K. Cunningham,et al.  SoK: Cryptographically Protected Database Search , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[16]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[17]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[18]  Rishabh Poddar,et al.  Arx: A Strongly Encrypted Database System , 2016, IACR Cryptol. ePrint Arch..

[19]  Ramarathnam Venkatesan,et al.  Orthogonal Security with Cipherbase , 2013, CIDR.

[20]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[21]  Radek Vingralek,et al.  GnatDb: A Small-Footprint, Secure Database System , 2002, VLDB.

[22]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.