MIT Software Allows Queries On Encrypted Databases 68
Sparrowvsrevolution writes "CryptDB, a piece of database software that MIT researchers presented at the Symposium on Operating System Principles in October, allows users to send queries to an encrypted SQL database and get results without decrypting the stored information. CryptDB works by nesting data in several layers of cryptography (PDF), each of which has a different key and allows a different kind of simple operation on encrypted data. It doesn't work with every kind of calculation, and it's not the first system to offer this sort of computation on encrypted data. But it may be the only practical one. A previous crypto scheme that allowed operations on encrypted data multiplied computing time by a factor of a trillion. This one adds only 15-26%."
Re:Why? (Score:4, Informative)
1 no decryption operation required on server
2 the data can stay encrypted in transit
1+2 = more security than on-disk encryption
a little bit strong claim (Score:5, Informative)
This is not really the first practical such system, nor have all previous systems been a trillion times slower. As seems to be a pattern with MIT press releases, the press release makes exaggerated claims, but the paper itself is actually quite good and gives proper credit where it's due, discussing a number of previous systems that implement related functionality, and some existing algorithms from the literature that they borrow and implement directly in CryptDB.
Re:Why? (Score:5, Informative)
Because you want to run your database in the Cloud(tm) for reliability purposes, and you don't want the provider to peek at your data.
Re:Why? (Score:5, Informative)
Why not just encrypt the database files on HDD and memory directly? That way database can still act really fast and you can use any existing database software.
A few key phrases from TFA: "...a trick that keeps the info safe from hackers, accidental loss and even snooping administrators ... a useful trick if you need to perform operations on health care or financial data in a situation like cloud computing, where the computer (or the IT administrator) doing the calculations can’t always be trusted to access the private numbers being crunched".
Re:Why? (Score:4, Informative)
Because the database is on a remote server, and that is where the queries are executing!
The model you're describing is that of the database running on the local machine. Data is encrypted between the database server and disk, but not encrypted in the database and not between the database and client. So the database is just a stock program running SQL queries or whatever in the usual way.
But what if the database must be a remote server? That's how most people use databases, for the purpose of sharing data among many people, scalability, and availability.
If the data in a database is naively encrypted, then the server cannot perform complex queries. The client must download entire tables, decrypt them, and perform the joins locally. Or so you would think.
This is the part that these researchers seem to have attacked, from my understanding: somehow get the server to do useful queries on encrypted data without decrypting it without the monstrous overhead of the naive solutions.