MIT Software Allows Queries On Encrypted Databases 68
Sparrowvsrevolution writes "CryptDB, a piece of database software that MIT researchers presented at the Symposium on Operating System Principles in October, allows users to send queries to an encrypted SQL database and get results without decrypting the stored information. CryptDB works by nesting data in several layers of cryptography (PDF), each of which has a different key and allows a different kind of simple operation on encrypted data. It doesn't work with every kind of calculation, and it's not the first system to offer this sort of computation on encrypted data. But it may be the only practical one. A previous crypto scheme that allowed operations on encrypted data multiplied computing time by a factor of a trillion. This one adds only 15-26%."
Re:Why? (Score:5, Insightful)
Sorry, I don't see how that helps. The idea is that no program on the database server has the key to actually decrypt the data.
The problem isn't only that you don't trust the network in between, but that you don't trust the database server admins.
Re:a little bit strong claim (Score:5, Insightful)
Then the press release is interpreted by media outlets, which dumb it down even more and stretch the claims even further. After even just 2 or three levels of this, honest sensible papers turn into grandiose hyperbole. A nice theoretical result on metamaterials becomes "scientists invent invisibility cloak"; work on new semiconductors becomes "world's fastest transistor"; and a paper on tentative correlations between X and Y becomes "X causes Y!" Believe me when I say that most scientists are embarrassed when they see their results exaggerated and misinterpreted like this.
This is not meant to excuse such behavior. Some PR departments are better than others. At some institutes there is too much pressure from on-high to be seen in the media as being innovative, revolutionary, and all that other buzzwords. But at the end of the day, scientists have to have the courage (and the authority) to prevent press releases from going out that are so stretched as to be factually incorrect.
Re:Why? (Score:2, Insightful)
Re:Why? (Score:4, Insightful)
Well strictly speaking, they don't need to know. The DBA - as in the person that makes sure the database is running, upgrades are done, backups are made and so on is often not really supposed to be privileged to all the information in the database. Probably the same kind of place you won't let your developers see production data, the development server has a different encryption key and the production key is set once during install, backed up in a safe and the production application server logged to hell and back including remote logging and audits. The only access anyone is supposed to have to the system is through the application that's enforcing permissions, logging and all that. I've only worked in relatively low-security environments but I'm perfectly aware that "SELECT * FROM [table]" circumvents anything and everything the application does to protect the data. In many environments that's fine and an accepted risk, if you're managing the database you should be sufficiently trusted to not go poking about. But I can easily see situations where that's not the case, without everybody jumping up and down about outsourcing. It's nothing personal in that they don't trust IT, but just like you in accounting don't want one person who can put in an invoice, approve it and take delivery you don't want one person from IT with all the keys to the castle. That this is the practical reality many places is because there hasn't been any other convenient enough way, it's not by design.