Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Developers, security experts can't agree on the topic of encrypted databases

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

September 14, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Developers of encrypted databases and security researchers are having a big disagreement, and it's over a recent study that claims property-preserving encrypted databases may be vulnerable to various attacks from hackers.

The researchers are Muhammad Naveed of the University of Illinois at Urbana-Champaign, Charles Wright of Portland State University, and Seny Kamara of Microsoft Research.

They say that inference attacks on encrypted database (EDB) systems like CryptDB, Cipherbase, and Encrypted BigQuery are possible using only encrypted columns and publicly available auxiliary information.

For their part, developers contend that the research is invalid because the cracked systems don't correspond to industry-wide practices and their recommended deployment scenarios.

EDB systems, many of which are based on the design of CryptDB, make use of property-preserving encryption (PPE) methods such as deterministic (DTE) and order-preserving encryption (OPE).

Still very much in its infancy, the technology is seen as a way to minimize the impact of data security breaches and hack attacks from the outide.

Naveed said-- "As far as we know, these PPE-based encrypted databases are not deployed yet, but there is considerable interest in their potential use, mostly fuelled by the recent rashes of high-profile data breaches."

He added: "In fact, even large companies are evaluating these systems (e.g., Google's Encrypted Bigquery, SAP's SEED, Microsoft's Cipherbase and Microsoft's SQL Server 2016)."

"The potential applications today would include electronic medical records, human resources databases, university databases-- basically any application using a database for sensitive and private information," he added.

In a paper, Inference Attacks on Property-Preserving Encrypted Databases, Naveed and his colleagues point to critical security holes in the technology that could allow hackers to infer metadata, and perhaps more, about various entries in encrypted databases.

In that paper, we study the concrete security provided by such complex systems. We present a series of potential attacks that recover the plaintext from DTE- and OPE-encrypted database columns using only the encrypted column and publicly-available auxiliary information. We consider well-known attacks, including frequency analysis and sorting, as well as new attacks based on combinatorial optimization.

We evaluate these attacks empirically in an electronic medical records (EMR) scenario using real patient data from 200 U.S. hospitals. When the encrypted database is operating in a steady state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results reveal that an alarming amount of sensitive information can be recovered.

In particular, our attacks correctly recovered certain OPE-encrypted attributes (e.g., age and disease severity) for more than 80 percent of the patient records from 95 percent of the hospitals, and certain DTE-encrypted attributes (e.g., sex, race, and mortality risk) for more than 60 percent of the patient records from more than 60 percent of the hospitals.

In an associated blog post, Microsoft described the research as an advance in the "database security arms race" – high praise from Redmond's official research blog.

Raluca Ada Popa, one of the original developers of CryptDB, told us that the researchers' findings are invalid because the authors have failed to use CryptDB systems as intended.

Popa explained-- "The authors of the paper have used the CryptDB system in an unsafe manner. The CryptDB system provides guidelines for safe usage-- it says that if a database administrator wants to protect a data field, it must mark the field as sensitive. Then, the CryptDB system will encrypt the field with strong encryption schemes, which do not allow any inference attacks, including the specific attack of Naveed and his team."

She said the research was akin to claiming an attack succeeded on the firewall without it being set up by a qualified system admin who knows what connections and what ports should be blocked.

Popa pointed to interested parties towards various sections of her thesis on CryptDB that cover a sensitive annotation issue.

Overall, CryptDB recommends that system admins use OPE only for fields that are less sensitive, and to provide timestamps as an example.

Timestamps are commonly used in apps. They also do not repeat, and are from a sparse domain, so the attacks of Naveed and his team don't apply, according to Popa.

"I think their research is useful in furthering the understanding about leakage of OPE and DET when an attacker has some kind of side information. But their conclusions do not apply to CryptDB when used correctly," Popa concludes.

CryptDB offers a means to create secure cloud-based database applications, so that research into its security is important.

Naveed and his colleagues have not backed down in the face of Popa's rebuttal, continuing to argue that CryptDB is insufficiently secure for the storage of electronic medical records and other similarly sensitive data, and he does have a point there. Medical data *is* sensitive information, after all.

Source: The University of Illinois.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer