More Web Proxy on the site http://driver.im/

research-article

TrustedDB: a trusted hardware based database with privacy and data confidentiality

Authors:

Radu SionAuthors Info & Claims

SIGMOD '11: Proceedings of the 2011 ACM SIGMOD International Conference on Management of data

Pages 205 - 216

https://doi.org/10.1145/1989323.1989346

Published: 12 June 2011 Publication History

Abstract

TrustedDB is an outsourced database prototype that allows clients to execute SQL queries with privacy and under regulatory compliance constraints without having to trust the service provider. TrustedDB achieves this by leveraging server-hosted tamper-proof trusted hardware in critical query processing stages.

TrustedDB does not limit the query expressiveness of supported queries. And, despite the cost overhead and performance limitations of trusted hardware, the costs per query are orders of magnitude lower than any (existing or) potential future software-only mechanisms. TrustedDB is built and runs on actual hardware, and its performance and costs are evaluated here.

References

[1]

FIPS PUB 140--2, Security Requirements for Cryptographic Modules. Online at http://csrc.nist.gov/groups/STM/cmvp/standards.html#02.

[2]

The UBENCH Toolkit. Online at http://www.phystech.com/download/ubench.html.

[3]

TPC-H Benchmark. Online at http://www.tpc.org/tpch/.

[4]

IBM 4758 PCI Cryptographic Coprocessor. Online at http://www-03.ibm.com/security/cryptocards/pcicc/overview.shtml, 2006.

[5]

IBM 4764 PCI-X Cryptographic Coprocessor. Online at http://www-03.ibm.com/security/cryptocards/pcixcc/overview.shtml, 2007.

[6]

IBM 4765 PCIe Cryptographic Coprocessor. Online at http://www-03.ibm.com/security/cryptocards/pciecc/overview.shtml, 2010.

[7]

Daniel Abadi, Michael J. Carey, Surajit Chaudhuri, Hector Garcia-Molina, Jignesh M. Patel, and Raghu Ramakrishnan. Cloud databases: What's new? PVLDB, 3(2):1657, 2010.

Digital Library

[8]

Rakesh Agrawal, Dmitri Asonov, Murat Kantarcioglu, and Yaping Li. Sovereign joins. In Ling Liu, Andreas Reuter, Kyu-Young Whang, and Jianjun Zhang, editors, ICDE, page 26. IEEE Computer Society, 2006.

Digital Library

[9]

Alexander Iliev and Sean W Smith. Protecting Client Privacy with Trusted Computing at the Server. IEEE, Security and Privacy, 3(2), Apr 2005.

Digital Library

[10]

Mihir Bellare. New proofs for nmac and hmac: Security without collision-resistance. pages 602--619. Springer-Verlag, 2006.

Digital Library

[11]

Bishwaranjan Bhattacharjee, Naoki Abe, Kenneth Goldman, Bianca Zadrozny, Chid Apte, Vamsavardhana R. Chillakuru and Marysabel del Carpio. Using secure coprocessors for privacy preserving collaborative data mining and analysis. In Proceedings of the 2nd international workshop on Data management on new hardware, 2006.

Digital Library

[12]

Yao Chen and Radu Sion. On the (Im)Practicality of Securing Untrusted Computing Clouds with Cryptography. Online at http://www.cs.sunysb.edu/ sion/research/.

[13]

Yao Chen and Radu Sion. To Cloud or Not To. Online at http://www.cs.sunysb.edu/ sion/research/.

[14]

Yao Chen and Radu Sion. On securing untrusted clouds with cryptography. In WPES '10: Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, pages 109--114, New York, NY, USA, 2010. ACM.

Digital Library

[15]

CNN. Feds seek Google records in porn probe. Online at http://www.cnn.com, January 2006.

[16]

CNN. YouTube ordered to reveal its viewers. Online at http://www.cnn.com, July 2008.

[17]

Tom Denis. Cryptography for Developers. Syngress.

Digital Library

[18]

Einar Mykletun and Gene Tsudik. Aggregation Queries in the Database-As-a-Service Model. Data and Applications Security, 4127, 2006.

Digital Library

[19]

Rosario Gennaro, Craig Gentry, and Bryan Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Tal Rabin, editor, CRYPTO, volume 6223 of Lecture Notes in Computer Science, pages 465--482. Springer, 2010.

Digital Library

[20]

Michael Gertz and Sushil Jajodia. Handbook of Database Security: Applications and Trends. Springer.

Digital Library

[21]

O. Goldreich. Foundations of Cryptography I. Cambridge University Press, 2001.

Digital Library

[22]

Bala Iyer Hakan Hacigumus and Sharad Mehrotra. Efficient execution of aggregation queries over encrypted relational databases. In Database Systems for Advanced Applications, volume 2973, pages 633--650, 2004.

[23]

Hakan Hacigumus, Bala Iyer, Chen Li and Sharad Mehrotra. Executing SQL over Encrypted Data in the Database-Service-Provider Model. In Proceedings of the 2002 ACM SIGMOD international conference on Management of data, pages 216--227, 2002.

Digital Library

[24]

B. Hore, S. Mehrotra, and G. Tsudik. A privacy-preserving index for range queries. In Proceedings of ACM SIGMOD, 2004.

[25]

HweeHwa Pang and Arpit Jain and Krithi Ramamritham and Kian-Lee Tan. Verifying Completeness of Relational Query Results in Data Publishing. In Proceedings of ACM SIGMOD, 2005.

Digital Library

[26]

Intel. Intel 64 and IA-32 Architectures Optimization Reference Manual, 2008.

[27]

Joan G. Dyer, Mark Lindemann, Ronald Perez, Reiner Sailer and Leendert van Doorn. Building the IBM 4758 Secure Coprocessor. IEEE, 34(10), 2001.

Digital Library

[28]

Murat Kantarcioglu and Chris Clifton. Security issues in querying encrypted data. In Sushil Jajodia and Duminda Wijesekera, editors, DBSec, volume 3654 of Lecture Notes in Computer Science, pages 325--337. Springer, 2005.

Digital Library

[29]

Luc Bouganim and Philippe Pucheral. Chip-secured data access: confidential data on untrusted server. In Proceedings of the 28th international conference on Very Large Data Bases, pages 131--141. VLDB Endowment, 2002.

Digital Library

[30]

Maithili Narasimha and Gene Tsudik. DSAC: integrity for outsourced databases with signature aggregation and chaining. In Proceedings of the 14th ACM international conference on Information and knowledge management, pages 235--236, 2005.

Digital Library

[31]

Einar Mykletun and Gene Tsudik. Incorporating a secure coprocessor in the database-as-a-service model. In IWIA '05: Proceedings of the Innovative Architecture on Future Generation High-Performance Processors and Systems, pages 38--44, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

[32]

Nicolas Anciaux, Mehdi Benzine, Luc Bouganim, Philippe Pucheral and Dennis Shasha. GhostDB: Querying Visible and Hidden Data Without Leaks. In Proceedings of the ACM SIGMOD international conference on Management of data, 2007.

Digital Library

[33]

P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of EuroCrypt, 1999.

Digital Library

[34]

Pascal Paillier. A trapdoor permutation equivalent to factoring. In PKC '99: Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, pages 219--222, London, UK, 1999. Springer-Verlag.

Digital Library

[35]

M. O. Rabin. Digitalized signatures and public-key functions as intractable as factorization. Technical report, Cambridge, MA, USA, 1979.

Digital Library

[36]

Rakesh Agrawal, Dmitri Asonov, Murat Kantarcioglu, Yaping Li. Sovereign Joins. In Proceedings of the 22nd International Conference on Data Engineering, page 26. IEEE Computer Society, 2006.

Digital Library

[37]

Ronald Rivest, Len Adleman and Michael Dertouzos. On data banks and privacy homomorphisms. Foundations of Secure Computation, 1978.

[38]

S. W. Smith and D. Safford. Practical server privacy with secure coprocessors. IBM SYSTEMS JOURNAL, 40(3), 2001.

Digital Library

[39]

Sean W. Smith. Outbound authentication for programmable secure coprocessors. Online at http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.58.4066.

[40]

Michael Stonebraker, Daniel J. Abadi, David J. DeWitt, Samuel Madden, Erik Paulson, Andrew Pavlo, and Alexander Rasin. Mapreduce and parallel dbmss: friends or foes? Commun. ACM, 53(1):64--71, 2010.

Digital Library

[41]

Alexander Thomson and Daniel J. Abadi. The case for determinism in database systems. PVLDB, 3(1):70--80, 2010.

Digital Library

[42]

Tingjian Ge and Stan Zdonik. Answering Aggregation Queries in a Secure System Model. In Proceedings of the 33rd international conference on Very large data bases, pages 519--530. VLDB Endowment, 2007.

Digital Library

[43]

Marten van Dijk, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan. Fully homomorphic encryption over the integers. In Henri Gilbert, editor, EUROCRYPT, volume 6110 of Lecture Notes in Computer Science, pages 24--43. Springer, 2010.

Digital Library

[44]

Yaping Li. Privacy Preserving Joins on Secure Coprocessors. Technical Report UCB/EECS-2008--158, EECS Department, University of California Berkeley, Dec 2008. http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008--158.html.

Cited By

Yang XYue CZhang WLiu YOoi BChen J(2024)SecuDB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational DatabaseProceedings of the VLDB Endowment10.14778/3685800.368581517:12(3906-3919)Online publication date: 8-Nov-2024
https://doi.org/10.14778/3685800.3685815
Zhou PGuo XChen PLi TLv SLiu ZLuo BLiao XXu JKirda ELie D(2024)Shortcut: Making MPC-based Collaborative Analytics Efficient on Dynamic DatabasesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690314(854-868)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690314
Zhang ZBian SZhao ZMao RZhou HHua JJin YGuan ZLuo BLiao XXu JKirda ELie D(2024)ArcEDB: An Arbitrary-Precision Encrypted Database via (Amortized) Modular Homomorphic EncryptionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670384(4613-4627)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670384
Show More Cited By

Index Terms

TrustedDB: a trusted hardware based database with privacy and data confidentiality

Recommendations

TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality

Traditionally, as soon as confidentiality becomes a concern, data are encrypted before outsourcing to a service provider. Any software-based cryptographic constructs then deployed, for server-side query processing on the encrypted data, inherently limit ...
LINQits: big data on little clients
ISCA '13: Proceedings of the 40th Annual International Symposium on Computer Architecture

We present LINQits, a flexible hardware template that can be mapped onto programmable logic or ASICs in a heterogeneous system-on-chip for a mobile device or server. Unlike fixed-function accelerators, LINQits accelerates a domain-specific query ...
LINQits: big data on little clients
ICSA '13

We present LINQits, a flexible hardware template that can be mapped onto programmable logic or ASICs in a heterogeneous system-on-chip for a mobile device or server. Unlike fixed-function accelerators, LINQits accelerates a domain-specific query ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGMOD '11: Proceedings of the 2011 ACM SIGMOD International Conference on Management of data

June 2011

1364 pages

ISBN:9781450306614

DOI:10.1145/1989323

General Chair:
Timos Sellis
IMIS/RC Athena
,
Program Chair:
Renée J. Miller
University of Toronto
,
Publications Chairs:
Anastasios Kementsietsidis
IBM T.J. Watson Research Center
,
Yannis Velegrakis
University of Trento

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOD: ACM Special Interest Group on Management of Data

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGMOD/PODS '11

Sponsor:

SIGMOD

SIGMOD/PODS '11: International Conference on Management of Data

June 12 - 16, 2011

Athens, Greece

Acceptance Rates

Overall Acceptance Rate 785 of 4,003 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

78
Total Citations
View Citations
1,175
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)5

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang XYue CZhang WLiu YOoi BChen J(2024)SecuDB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational DatabaseProceedings of the VLDB Endowment10.14778/3685800.368581517:12(3906-3919)Online publication date: 8-Nov-2024
https://doi.org/10.14778/3685800.3685815
Zhou PGuo XChen PLi TLv SLiu ZLuo BLiao XXu JKirda ELie D(2024)Shortcut: Making MPC-based Collaborative Analytics Efficient on Dynamic DatabasesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690314(854-868)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690314
Zhang ZBian SZhao ZMao RZhou HHua JJin YGuan ZLuo BLiao XXu JKirda ELie D(2024)ArcEDB: An Arbitrary-Precision Encrypted Database via (Amortized) Modular Homomorphic EncryptionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670384(4613-4627)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670384
Sun BZhao STian G(2024)SQL queries over encrypted databases: a surveyConnection Science10.1080/09540091.2024.232305936:1Online publication date: 5-Mar-2024
https://doi.org/10.1080/09540091.2024.2323059
Sha MLi JWang SLi FTan K(2023)TEE-based General-purpose Computational Backend for Secure Delegated Data ProcessingProceedings of the ACM on Management of Data10.1145/36267571:4(1-28)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3626757
Bian SZhang ZPan HMao RZhao ZJin YGuan ZMeng WJensen CCremers CKirda E(2023)HE3DB: An Efficient and Elastic Encrypted Database Via Arithmetic-And-Logic Fully Homomorphic EncryptionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616608(2930-2944)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616608
Chen LMu YZeng LRezaeibagha FDeng R(2023)Authenticable Data Analytics Over Encrypted Data in the CloudIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.325613218(1800-1813)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3256132
Xue TWen YLuo BLi GLi YZhang BZheng YHu YMeng D(2023)SparkAC: Fine-Grained Access Control in Spark for Secure Data Sharing and AnalyticsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314954420:2(1104-1123)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3149544
Zhang JLi C(2023)A practical privacy-preserving nearest neighbor searching method over encrypted spatial dataThe Journal of Supercomputing10.1007/s11227-023-05170-x79:13(14146-14171)Online publication date: 4-Apr-2023
https://doi.org/10.1007/s11227-023-05170-x
Wang SLi YLi HLi FTian CSu LZhang YMa YYan LSun YCheng XXie XZou Y(2022)OperonProceedings of the VLDB Endowment10.14778/3554821.355482615:12(3332-3345)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.14778/3554821.3554826
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents