On the Difficulty of Securing Web Applications using CryptDB

CryptDB has been proposed as a practical and secure middleware to protect databases deployed on semi-honest cloud servers. While CryptDB provides sufficient protection under Threat-1, here we demonstrate that when CryptDB is deployed to secure the cloud hosted database of a realistic web application, an attacker to database or a Malicious Database Administrator (mDBA) can easily steal information, and even escalate his privilege to become the administrator of the web application. Our attacks, fall under a restricted form of Threat-2 where we only assume that the attackers or the mDBA tampers with the CryptDB protected database and is opens an ordinary user account through the web application. Our attacks, are carried out assuming perfectly secure proxy and application servers. Therefore, the attacks work without recovering the master key residing on the proxy server. At the root of the attack lies the lack of any integrity checks for the data in the CryptDB database. We propose a number of practical countermeasures to mitigate attacks targeting the integrity of the CryptDB database. We also demonstrate that the data integrity is not sufficient to protect the databases, when query integrity and frequency attacks are considered

Dodrant-Homomorphic Encryption for Cloud Databases using Table Lookup

Users of large commercial databases increasingly want to outsource their database operations to a cloud service providers, but guaranteeing the privacy of data in an outsourced database has become the major obstacle to this move. Encrypting all data solves the privacy issue, but makes many operations on the data impossible in the cloud, unless the service provider has the capacity to decrypt data temporarily. Homomorphic encryption would solve this issue, but despite great and on-going progress, it is still far from being operationally feasible. In 2015, we presented what we now call dodrant-homomorphic encryption, a method that encrypts numeric values deterministically using the additively homomorphic Paillier encryption and uses table lookup in order to implement multiplications. We discuss here the security implications of determinism and discuss options to avoid these pitfalls

SafeSpark: a secure data analytics platform using cryptographic techniques and trusted hardware

Dissertação de mestrado em Informatics EngineeringNowadays, most companies resort to data analytics frameworks to extract value from the increasing amounts of digital information. These systems give substantial competitive ad vantages to companies since they allow to support situations such as possible marketing decisions or predict user behaviors. Therefore, organizations tend to leverage the cloud to store and perform analytics over the data. Database services in the cloud present significant advantages as a high level of efficiency and flexibility, and the reduction of costs inherent to the maintenance and management of private infrastructures. The problem is that these services are often a target for malicious attacks, which means that sensitive and private personal information can be compromised. The current secure analytical processing solutions use a limited set of cryptographic techniques or technologies, which makes it impossible to explore different trade-offs of performance, security, and functionality requirements for different applications. Moreover, these systems also do not explore the combination of multiple cryptographic techniques and trusted hardware to protect sensitive data. The work presented here addresses this challenge, by using cryptographic schemes and the Intel SGX technology to protect confidential information, ensuring a practical solution which can be adapted to applications with different requirements. In detail, this dissertation begins by exposing a baseline study about cryptographic schemes and the Intel SGX tech nology, followed by the state-of-the-art revision about secure data analytics frameworks. A new solution based on the Apache Spark framework, called SafeSpark, is proposed. It provides a modular and extensible architecture and prototype, which allows protecting in formation and processing analytical queries over encrypted data, using three cryptographic schemes and the SGX technology. We validated the prototype with an experimental evalu ation, where we analyze the performance costs of the solution and also its resource usage. For this purpose, we use the TPC-DS benchmark to evaluate the proposed solution, and the results show that it is possible to perform analytical processing on protected data with a performance impact between 1.13x and 4.1x.Atualmente, um grande número de empresas recorre a ferramentas de análise de dados para extrair valor da quantidade crescente de informações digitais que são geradas. Estes sistemas apresentam consideráveis vantagens competitivas para as empresas, uma vez que permitem suportar situações como melhores decisões de marketing, ou até mesmo prever o comportamento dos seus clientes. Neste sentido, estas organizações tendem a recorrer a serviços de bases de dados na nuvem para armazenar e processar informação, uma vez que estas apresentam vantagens significativas como alto nível de eficiência e flexibilidade, bem como a redução de custos inerentes a manter e gerir uma infraestrutura privada. No entanto, estes serviços são frequentemente alvo de ataques maliciosos, o que leva a que informações pessoais privadas possam estar comprometidas. As soluções atuais de processamento analítico seguro utilizam um conjunto limitado de técnicas criptográficas ou tecnologias, o que impossibilita o balanceamento de diferentes compromissos entre performance, segurança e funcionalidade para diferentes aplicações. Ainda, estes sistemas não permitem explorar a simultânea utilização de técnicas criptográficas e de hardware confiável para proteger informação sensível. O trabalho apresentado nesta dissertação tem como objetivo responder a este desafio, utilizando esquemas criptográficos e a tecnologia Intel SGX para proteger informação confidencial, garantindo unia solução prática que pode ser adaptada a aplicações com diferentes requisitos. Em detalhe, este documento começa por expor um estudo de base sobre esquemas criptográficos e sobre a tecnologia SGX, seguido de uma revisão do estado de arte atual sobre ferramentas de processamento analítico seguro. Uma nova solução baseada na plataforma Apache Spark, chamada SafeSpark, é proposta. Esta providencia uma arquitetura modular e extensível, bem como um protótipo, que possibilita proteger informação e executar interrogações analíticas sobre dados cifrados, utilizando três esquemas criptográficos e a tecnologia Intel SGX. O protótipo foi validado com uma avaliação experimental, onde analisamos a penalização de desempenho da solução, bem como a sua utilização de recursos computacionais. Com este propósito, foi utilizada a plataforma de avaliação TPC-DS para avaliar a solução proposta, e os resultados mostram que é possível executar processamento analítico sobre dados protegidos, apresentando um impacto no desempenho entre 1.13x e 4.1x.This work was partially funded by FCT - Fundação para a Ciência e a Tecnologia, I.P., (Portuguese Foundation for Science and Technology) within project UID/EEA/50014/2019