SoK: Cryptographically Protected Database Search

SoK: Cryptographically Protected Database Search

Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has gro...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Fuller, Benjamin, Varia, Mayank, Yerukhimovich, Arkady, Shen, Emily, Hamlin, Ariel, Gadepally, Vijay, Shay, Richard, Mitchell, John Darby, Cunningham, Robert K.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Algebra
Arrays
Cryptography
database search
Database systems
oblivious random access memory
private information retrieval
property preserving encryption
searchable symmetric encryption
Servers
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 191
container_issue
container_start_page 172
container_title
container_volume
creator Fuller, Benjamin
Varia, Mayank
Yerukhimovich, Arkady
Shen, Emily
Hamlin, Ariel
Gadepally, Vijay
Shay, Richard
Mitchell, John Darby
Cunningham, Robert K.
description Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:(1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.(2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.(3) An analysis of attacks against protected search for different base queries.(4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.
doi_str_mv 10.1109/SP.2017.10
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_RIE</sourceid><recordid>TN_cdi_ieee_primary_7958577</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7958577</ieee_id><sourcerecordid>7958577</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-a0416349c2dade854dedcd5146ad9dc818bc12e1bba91faf38fdf65831b832d23</originalsourceid><addsrcrecordid>eNotzLFOwzAQAFCDhEQpXVhZ8gMpd744ttlQoICoRKXAXF3sCw0KSuRkyd8zwPS2p9QNwhYR_F192GpAu0U4UxtvHRrwYAwRnauVJmty1GAv1dU0fQNoIF-sFNTD231WpWWch6_E46kL3PdLdkjDLGGWmD3yzA1PktXCKZyu1UXL_SSbf9fqc_f0Ub3k-_fn1-phn3dozZwzFFhS4YOOHMWZIkoM0WBRcvQxOHRNQC3YNOyx5ZZcG9vSOMLGkY6a1ur27-1E5Dim7ofTcrTeOGMt_QIgmkKi</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>SoK: Cryptographically Protected Database Search</title><source>IEEE Electronic Library (IEL)</source><creator>Fuller, Benjamin ; Varia, Mayank ; Yerukhimovich, Arkady ; Shen, Emily ; Hamlin, Ariel ; Gadepally, Vijay ; Shay, Richard ; Mitchell, John Darby ; Cunningham, Robert K.</creator><creatorcontrib>Fuller, Benjamin ; Varia, Mayank ; Yerukhimovich, Arkady ; Shen, Emily ; Hamlin, Ariel ; Gadepally, Vijay ; Shay, Richard ; Mitchell, John Darby ; Cunningham, Robert K.</creatorcontrib><description>Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:(1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.(2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.(3) An analysis of attacks against protected search for different base queries.(4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.</description><identifier>EISSN: 2375-1207</identifier><identifier>EISBN: 9781509055333</identifier><identifier>EISBN: 1509055339</identifier><identifier>DOI: 10.1109/SP.2017.10</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Algebra ; Arrays ; Cryptography ; database search ; Database systems ; oblivious random access memory ; private information retrieval ; property preserving encryption ; searchable symmetric encryption ; Servers</subject><ispartof>2017 IEEE Symposium on Security and Privacy (SP), 2017, p.172-191</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7958577$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>310,311,782,786,791,792,798,27934,54767</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7958577$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Fuller, Benjamin</creatorcontrib><creatorcontrib>Varia, Mayank</creatorcontrib><creatorcontrib>Yerukhimovich, Arkady</creatorcontrib><creatorcontrib>Shen, Emily</creatorcontrib><creatorcontrib>Hamlin, Ariel</creatorcontrib><creatorcontrib>Gadepally, Vijay</creatorcontrib><creatorcontrib>Shay, Richard</creatorcontrib><creatorcontrib>Mitchell, John Darby</creatorcontrib><creatorcontrib>Cunningham, Robert K.</creatorcontrib><title>SoK: Cryptographically Protected Database Search</title><title>2017 IEEE Symposium on Security and Privacy (SP)</title><addtitle>SP</addtitle><description>Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:(1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.(2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.(3) An analysis of attacks against protected search for different base queries.(4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.</description><subject>Algebra</subject><subject>Arrays</subject><subject>Cryptography</subject><subject>database search</subject><subject>Database systems</subject><subject>oblivious random access memory</subject><subject>private information retrieval</subject><subject>property preserving encryption</subject><subject>searchable symmetric encryption</subject><subject>Servers</subject><issn>2375-1207</issn><isbn>9781509055333</isbn><isbn>1509055339</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2017</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotzLFOwzAQAFCDhEQpXVhZ8gMpd744ttlQoICoRKXAXF3sCw0KSuRkyd8zwPS2p9QNwhYR_F192GpAu0U4UxtvHRrwYAwRnauVJmty1GAv1dU0fQNoIF-sFNTD231WpWWch6_E46kL3PdLdkjDLGGWmD3yzA1PktXCKZyu1UXL_SSbf9fqc_f0Ub3k-_fn1-phn3dozZwzFFhS4YOOHMWZIkoM0WBRcvQxOHRNQC3YNOyx5ZZcG9vSOMLGkY6a1ur27-1E5Dim7ofTcrTeOGMt_QIgmkKi</recordid><startdate>201705</startdate><enddate>201705</enddate><creator>Fuller, Benjamin</creator><creator>Varia, Mayank</creator><creator>Yerukhimovich, Arkady</creator><creator>Shen, Emily</creator><creator>Hamlin, Ariel</creator><creator>Gadepally, Vijay</creator><creator>Shay, Richard</creator><creator>Mitchell, John Darby</creator><creator>Cunningham, Robert K.</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>201705</creationdate><title>SoK: Cryptographically Protected Database Search</title><author>Fuller, Benjamin ; Varia, Mayank ; Yerukhimovich, Arkady ; Shen, Emily ; Hamlin, Ariel ; Gadepally, Vijay ; Shay, Richard ; Mitchell, John Darby ; Cunningham, Robert K.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-a0416349c2dade854dedcd5146ad9dc818bc12e1bba91faf38fdf65831b832d23</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Algebra</topic><topic>Arrays</topic><topic>Cryptography</topic><topic>database search</topic><topic>Database systems</topic><topic>oblivious random access memory</topic><topic>private information retrieval</topic><topic>property preserving encryption</topic><topic>searchable symmetric encryption</topic><topic>Servers</topic><toplevel>online_resources</toplevel><creatorcontrib>Fuller, Benjamin</creatorcontrib><creatorcontrib>Varia, Mayank</creatorcontrib><creatorcontrib>Yerukhimovich, Arkady</creatorcontrib><creatorcontrib>Shen, Emily</creatorcontrib><creatorcontrib>Hamlin, Ariel</creatorcontrib><creatorcontrib>Gadepally, Vijay</creatorcontrib><creatorcontrib>Shay, Richard</creatorcontrib><creatorcontrib>Mitchell, John Darby</creatorcontrib><creatorcontrib>Cunningham, Robert K.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Fuller, Benjamin</au><au>Varia, Mayank</au><au>Yerukhimovich, Arkady</au><au>Shen, Emily</au><au>Hamlin, Ariel</au><au>Gadepally, Vijay</au><au>Shay, Richard</au><au>Mitchell, John Darby</au><au>Cunningham, Robert K.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>SoK: Cryptographically Protected Database Search</atitle><btitle>2017 IEEE Symposium on Security and Privacy (SP)</btitle><stitle>SP</stitle><date>2017-05</date><risdate>2017</risdate><spage>172</spage><epage>191</epage><pages>172-191</pages><eissn>2375-1207</eissn><eisbn>9781509055333</eisbn><eisbn>1509055339</eisbn><coden>IEEPAD</coden><abstract>Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:(1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.(2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.(3) An analysis of attacks against protected search for different base queries.(4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.</abstract><pub>IEEE</pub><doi>10.1109/SP.2017.10</doi><tpages>20</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2375-1207
ispartof 2017 IEEE Symposium on Security and Privacy (SP), 2017, p.172-191
issn 2375-1207
language eng
recordid cdi_ieee_primary_7958577
source IEEE Electronic Library (IEL)
subjects Algebra
Arrays
Cryptography
database search
Database systems
oblivious random access memory
private information retrieval
property preserving encryption
searchable symmetric encryption
Servers
title SoK: Cryptographically Protected Database Search
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-03T12%3A30%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=SoK:%20Cryptographically%20Protected%20Database%20Search&rft.btitle=2017%20IEEE%20Symposium%20on%20Security%20and%20Privacy%20(SP)&rft.au=Fuller,%20Benjamin&rft.date=2017-05&rft.spage=172&rft.epage=191&rft.pages=172-191&rft.eissn=2375-1207&rft.coden=IEEPAD&rft_id=info:doi/10.1109/SP.2017.10&rft_dat=%3Cieee_RIE%3E7958577%3C/ieee_RIE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9781509055333&rft.eisbn_list=1509055339&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=7958577&rfr_iscdi=true