Cipherbase - Encrypted SQL
Written by Kay Ewbank   
Tuesday, 22 January 2013

Microsoft Research is working on a SQL database system for storing and processing strongly encrypted data. The Cipherbase system is based on a combination of customized trusted hardware and Microsoft SQL Server.

A paper on the design of the Cipherbase secure hardware has been presented at the Sixth Biennial Conference on Innovative Data Systems Research. The problem the researchers are trying to solve is how a DBMS offered as a cloud service could query encrypted data, with the aim of creating a system that offers the full functionality of a DBMS in the server, independent of how the data is encrypted. In other words, application logic should be decoupled from encryption.

Clients declare what columns to encrypt and how, and the system is functional with no changes to app code, no matter how complex the code is. The researchers call this property orthogonality between encryption and function or orthogonal security for short.

The paper given at the conference says that orthogonal security allows organizations to develop their applications and set their data security goals relatively independently of any performance, scalability, or cost considerations. To achieve this, the team’s goals are that Cipherbase should be a complete SQL system, so new apps can make use of the whole of SQL and legacy apps needn’t be rewritten. Users should be able to specify encryption and end-to-end security for their data at a column granularity, and Cipherbase should execute queries and transactions efficiently, while meeting the user’s confidentiality requirements for all data.

The idea behind the system is that apps don’t connect directly to the DBMS. They connect to an ODBC client extension and issue queries in the clear as usual. The client extension ships off an encrypted query or plan to the server which returns encrypted results that are decrypted and returned to the app. So at the client, there is no data and no query processing performed.

To achieve this, the team extends the server with a piece of trusted hardware (the Trusted Machine) that has access to the key. Since it has the key, it can decrypt data and perform any computation, ranging from simple predicates to more complex aggregates. The Trusted Machine type chosen by the researchers is FPGA (Field Programmable Gate Arrays), because of its combination of security and ability to handle data-intensive applications.

fpga

 

Cipherbase is still under active research and development at Microsoft Research.

 

MSR

 

More Information

Orthogonal Security With Cipherbase (pdf)

Related Articles

Dataclips 2.0 - A Pastebin For SQL

 

DARPA spends $20 million on homomorphic encryption

First Draft Of Web Cryptography API

Microsoft's New File System ReFS

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

blog comments powered by Disqus

 

Banner


Bredan Eich Leaves Mozilla
04/04/2014

Last week Brendan Eich was appointed CEO of Mozilla. Yesterday he resigned that position and left the company he co-founded 15 years ago, saying "I will be taking time before I decide what to do next. [ ... ]



Microsoft Reveals "Universal" Apps
03/04/2014

Universal apps are part of Microsoft's "One Windows" strategy. A universal app sounds as if it might be what we are all looking for. Write once run anywhere - well as long as it's Windows. Not quite.

 [ ... ]


More News

Last Updated ( Tuesday, 22 January 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.