CN113609492B

CN113609492B - Defending method and system for TEE encryption database interface attack

Info

Publication number: CN113609492B
Application number: CN202110896784.0A
Authority: CN
Inventors: 宋少威; 夏虞斌; 陈海波
Original assignee: Shanghai Jiaotong University
Current assignee: Shanghai Jiaotong University
Priority date: 2021-08-05
Filing date: 2021-08-05
Publication date: 2023-10-31
Anticipated expiration: 2041-08-05
Also published as: CN113609492A

Abstract

The invention provides a defending method and a defending system for TEE encryption database interface attack, wherein a security agent is established between a client and a cloud encryption database to analyze user inquiry, a calculation operation is split from a comparison operation, the calculation operation is executed by a calculation program of the security agent, and the comparison operation is sent to the cloud encryption database for execution. Compared with the existing mainstream encryption database, the method separates calculation from comparison, does not expose a calculation interface, can resist interface abuse attack, and greatly improves safety; abundant SQL computation semantics can be provided without worrying about information leakage, and the system has more abundant functionality compared with other systems; the method has low invasiveness, does not need to modify a primary database, and has good compatibility; the frequent entry and exit of data are avoided, and the running performance under various loads (such as transaction type or analysis type) can be greatly improved; the design is not limited to a specific trusted execution environment and hardware platform, and has universality.

Description

Defending method and system for TEE encryption database interface attack

Technical Field

The invention relates to the field of information technology, in particular to a method and a system for defending interface attacks of a TEE (terminal equipment) encryption database, and more particularly relates to a method and a system for expanding an encryption database for defending interface abuse attacks based on a trusted execution environment.

Background

Trusted execution environment TEE (Trusted Execution Environment): the trusted execution environment is an isolated secure execution environment provided by hardware, and is usually an extended secure area of a processor, ensuring confidentiality and integrity of code and data loaded therein. It provides an isolated execution space security (Enclave) in which trusted programs run to prevent common applications, operating Systems (OS) and even virtual machine monitors (hypervisors).

Encryption database (Encrypted Database): an encrypted database refers to a type of system that uses cryptography, trusted hardware, and other techniques to protect data from both computer Confidentiality (Confidentiality) and persistent storage Confidentiality in a trusted computing scenario. Currently, the mainstream commercial encryption database (microsoft Always Encrypted, alicloud full encryption database) generally uses calculation protection based on Operator granularity, namely, when the database performs query, the Operator operation is protected in the enclase, and the design has the characteristics of small trusted base, compatibility with the native database and strong expansibility. Because the protection granularity of the encrypted database is too small, the times of calling Enclave initiated when the database executes SQL are frequent, so that the context switching overhead is too large when the program enters and exits from Enclave. Meanwhile, the database is easy to be subjected to interface abuse attack, and the confidentiality of data is destroyed.

Interface abuse attack (Interface Abuse Attack): interface abuse attack is an attack of an index on an encrypted database by launching any trusted function interface call to a trusted environment and stealing ciphertext data, wherein the trusted functions act on the ciphertext to generate derivative data and continuously provide auxiliary information related to plaintext for an attacker, and finally, plaintext data is recovered. Protecting an encrypted database with operators at granularity typically defines a series of security functions provided by the trusted execution environment for the database to call the reloaded operators to manipulate ciphertext data. An attacker (e.g., a malicious cloud service provider or database administrator) may optionally invoke these function interfaces to recover the plaintext data. Microsoft Always Encrypted cannot compromise security and functionality by giving up providing part of the functionality to defend against such attacks.

An interface abuse attack can initiate any function interface call to a database operator instance within a trusted execution environment to steal encrypted data. The invention establishes a security agent between the client and the cloud encrypted database to analyze the user query, strictly splits the calculation operation and the comparison operation, the calculation operation is executed by a calculation program of the security agent, and the comparison operation is sent to the encrypted database for execution.

According to the invention, an enclave process is established between a client and a cloud encrypted database to analyze user inquiry, a calculation part is split from a comparison part, the calculation part is executed by a calculation program of the current enclave process, the comparison part is sent to the encrypted database for execution, and the enclave process at the database side is responsible for execution of a comparison Operator. The invention effectively resists the abuse attack of the interface by separating calculation and comparison without exposing the design of the calculation interface, ensures the confidentiality and the integrity of data, ensures the security and simultaneously can ensure the support of various SQL queries and the performance and the expansibility under various loads.

The MIT research project Cryptographic DB uses various cryptographic schemes to ensure confidential calculation of data, but the encryption algorithm used by the invention has high expenditure, and part of algorithms (such as order-preserving encryption OPE) have weak security and are easy to be subjected to interface abuse attack.

The IBM research project StealthDB uniformly delivers computing and comparing operations to a trusted execution environment for execution, is vulnerable to interface abuse, and has poor performance because a large number of computing operations frequently enter and exit the trusted environment.

The design of the Alicloud RDS full encryption database is similar to that of a StealthDB, and is easy to be attacked by interface abuse.

The microsoft Always encrypted database cannot compromise security and functionality by forgoing to provide part of the computing functionality to defend against interface abuse attacks.

The invention discloses an interface protection method for preventing replay attack, which relates to an interface protection technology for preventing replay attack, and provides an interface protection method for preventing replay attack aiming at the problem of insufficient protection of replay attack in the current call process of a butt joint, wherein the technical scheme of the interface protection method comprises the following steps: the client adds additional information in the transmitted data and transmits a request to the server, wherein the additional information at least comprises a certificate serial number and a random number; after receiving the data to be transmitted, the server extracts the additional information, judges whether the certificate serial number and the random number exist in a storage database of the server, if yes, judges the data to be an abnormal request, if not, judges the data to be a normal request, and stores the additional information in the storage database. However, the invention has the advantages of no separation of calculation and comparison, exposure of a calculation interface, insufficient safety performance, and insufficient functionality because the calculation logic and the calculation data are not in a trusted execution environment.

Disclosure of Invention

Aiming at the defects in the prior art, the invention aims to provide a defending method and a defending system for TEE encryption database interface attacks.

According to the defending method for the TEE encryption database interface attack, a security agent is established between the client and the cloud encryption database to analyze user inquiry, the computing operation is split from the comparison operation, the computing operation is executed by a computing program of the security agent, and the comparison operation is sent to the cloud encryption database to be executed.

Preferably, the defending method for the TEE encryption database interface attack comprises the following steps:

step S1: based on TEE program development, a security agent is established between a client side and a server side database, and an operator security extension program is established at one side of the encryption database so as to participate in the comparison execution of the encryption data;

step S2: the client initiates an SQL query to the designated port, and the SQL query is sent to the security agent through the SSL secure transmission channel;

step S3: the security agent analyzes the SQL statement, and splits the calculation operation and the comparison operation into a plurality of SQL statements with dependency relations;

step S4: after the splitting is completed, the security agent actively initiates comparison SQL query to the cloud encrypted database;

Step S5: the cloud encryption database receives and executes the SQL query sent by the proxy, the operator safety expansion program participates in providing a comparison operator function related to comparison operation in the execution process, and the result data table is sent back to the safety proxy after the execution is completed;

step S6: after the security agent receives the result data table, the security agent performs calculation operation on the result data table;

step S7: after the calculation operation is completed, an SQL query result is obtained, and the SQL query result is sent back to the client by the security agency;

when the SQL statement from the client in the step S3 is the nested compound query, the analysis result is a plurality of groups of SQL statements with dependency relationships, the calculation result of the SQL statement with the dependency relationships in the current group in the step S5 can help to generate the SQL statement with the next group, and the steps S3-S5 are repeated until all groups of SQL statements with the dependency relationships execute calculation operations on the result data table by the security agency;

the security agent comprises a parser module, a calculator module and a key management module;

the analyzer module is responsible for analyzing and splitting SQL sentences according to SQL semantic rules, separating calculation operation from comparison operation, sending comparison SQL query corresponding to the comparison operation to the cloud encryption database for processing, initiating calculation operation to the calculator module after receiving a result data table from the cloud encryption database, and finally returning the result to the client, wherein the key management module is responsible for managing a data key of a user and encrypting and decrypting user data;

The operator security extension program established at one side of the encryption database takes charge of executing the comparison operation of the encryption data; the comparison operator function is executed by an operator security extension program, and the extension of the operator security extension program does not support calculation operators and encryption operations, so that the untrusted database cannot generate derivative data and is invisible to plaintext;

the agent program and the operator safety extension program of the safety agent are loaded to the trusted execution environment and are in an operation state, and the agent program needs to open a designated port to respond to a user request;

the SQL query initiated by the client side needs to pass through a security agent between the client side and a database of the server side, the SQL statement is analyzed, split and rewritten by a parser module in the security agent, then the security agent sends comparison query to the cloud encryption database, the security agent obtains a result data table and then carries out execution of calculation query by an internal calculator module, and finally the calculation result is returned to the client side;

the computing operation mainly comprises basic mathematical operators +, -,/, and partial aggregation functions SUM and AVG in SQL semantics, wherein the computing operation is initiated actively by the inside of the trusted execution environment, and no computing function interface is exposed;

The comparison operation mainly comprises a filter part after the WHERE clause;

the basis of the splitting of the comparison operation and the calculation operation is based on SQL (structured query language), the SQL semantic prescribes that the calculation operation taking the aggregation function as the main part can only appear as predicates after the SELECT keywords, and the comparison operation taking the filtering condition can only appear after the WHERE keywords, and the SQL semantic naturally adapts to the separation of the calculation operation and the comparison operation, so that the splitting algorithm is the comparison filtering condition after the WHERE keywords is unchanged, all table fields to be used for the calculation operation are used as the SELECT predicates to form comparison SQL and sent to a cloud encryption database, and a result data table returns to a security agent and executes the calculation operation;

the security agent creates a data key for each user, if SQL initiated by the user is data insertion operation, the security agent encrypts data by using the corresponding key and then sends a ciphertext insertion request to the cloud encryption database, so that the cloud encryption database is ensured to only operate data ciphertext;

in the process of receiving and executing the SQL query sent by the proxy by the cloud encryption database, the cloud encryption database side is required to run in an operator extension program of a trusted execution environment, and the operator extension program only provides an operator function related to comparison operation, wherein the operator function related to the comparison operation comprises: "<, =, > =, <=; all intermediate calculation results and operations occur inside the secure area;

The operator security extension program at the cloud encrypted database side only provides the comparison operator computing capability and the user data decryption capability for the waybill encrypted database, the derived data is not generated in the execution process, and an attacker cannot initiate interface abuse attack;

when the SQL query from the client is a non-nested compound query, namely a simple query, the analysis result is only one group of SQL sentences with the dependency relationship.

A TEE encryption database interface attack oriented defense system comprising: the client, the security agent and the cloud encryption database;

and establishing a security agent between the client and the cloud encryption database to analyze the user query, splitting the calculation operation and the comparison operation, executing the calculation operation by a calculation program of the security agent, and transmitting the comparison operation to the cloud encryption database for execution.

Preferably, the defending system for the TEE encryption database interface attack comprises:

based on TEE program development, a security agent is established between a client side and a server side database, and an operator security extension program is established at one side of the encryption database so as to participate in the comparison execution of the encryption data;

the client initiates an SQL query to the designated port, and the SQL query is sent to the security agent through the SSL secure transmission channel;

The security agent analyzes the SQL statement, and splits the calculation operation and the comparison operation into a plurality of SQL statements with dependency relations;

after the splitting is completed, the security agent actively initiates comparison SQL query to the cloud encrypted database;

the cloud encryption database receives and executes the SQL query sent by the proxy, the operator safety expansion program participates in providing a comparison operator function related to comparison operation in the execution process, and the result data table is sent back to the safety proxy after the execution is completed;

after the security agent receives the result data table, the security agent performs calculation operation on the result data table;

after the calculation operation is completed, an SQL query result is obtained, and the SQL query result is sent back to the client by the security agency;

when the SQL sentences from the client are nested compound queries, the analysis result is a plurality of groups of SQL sentences with the dependency relationship, the calculation result of the SQL sentences with the dependency relationship in the current group can help to generate the SQL sentences with the dependency relationship in the next group until all the SQL sentences with the dependency relationship in the current group are subjected to calculation operation by the security agency;

the comparison operation mainly comprises a filter part after the WHERE clause;

Compared with the prior art, the invention has the following beneficial effects:

1. compared with the existing mainstream encryption database, the method separates calculation from comparison, does not expose a calculation interface, can resist interface abuse attack, and greatly improves safety;

2. according to the invention, the computing logic and the computing data are both arranged in the trusted execution environment, so that rich SQL computing semantics can be provided without worrying about information leakage, and the system has more abundant functionality compared with other systems;

3. The invention has low invasiveness, does not need to modify the original database, is compatible with the main stream encryption database, and has good compatibility because the protection design of the granularity of operators can reuse the optimization capability (index, JOIN operation and the like) of the original database;

4. when the main stream encryption database executes the calculation operation, a large amount of data need to enter and exit the enclave program, and the encryption and decryption and context switching overheads are extremely large.

5. The design of the invention is not limited to a specific trusted execution environment and hardware platform, and has universality.

Drawings

Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, given with reference to the accompanying drawings in which:

FIG. 1 is a schematic diagram of a user initiating an SQL query after a security agent and a database-side security extension built between a client/server are started;

FIG. 2 is a schematic diagram of the operation of the SQL parser in the proxy.

Detailed Description

The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications could be made by those skilled in the art without departing from the inventive concept. These are all within the scope of the present invention.

Example 1

According to the defending method for the TEE encryption database interface attack, as shown in fig. 1 and 2, a security agent is established between a client and a cloud encryption database to analyze user inquiry, a calculation operation is split from a comparison operation, the calculation operation is executed by a calculation program of the security agent, and the comparison operation is sent to the cloud encryption database to be executed.

Specifically, the defending method for the TEE encryption database interface attack comprises the following steps:

The comparison operation mainly comprises a filter part after the WHERE clause;

A defending system for TEE encryption database interface attack establishes a security agent between a client and a cloud encryption database to analyze user inquiry, splits calculation operation and comparison operation, wherein the calculation operation is executed by a calculation program of the security agent, and the comparison operation is sent to the cloud encryption database for execution.

Specifically, the defending system for the TEE encryption database interface attack comprises:

the comparison operation mainly comprises a filter part after the WHERE clause;

Example 2

By using encryption database expansion based on a trusted execution environment, under a trusted computing scene, through separation of computation and comparison, the design of a non-exposed computing interface can effectively resist interface abuse attacks, ensure security and simultaneously ensure support of various SQL queries and low cost under various loads. Hereinafter, the operation of the present invention will be described in detail by means of specific examples.

As shown in fig. 1: a TEE agent program between a client and a cloud encryption database is operated in the system, and SQL from a user is received and processed; an operator extended TEE program is run on the encrypted database side and is responsible for handling operator execution in SQL execution.

The agent comprises a parser module, a calculator module and a key management module, wherein the parser module is responsible for parsing and splitting the SQL according to the rules, strictly separating a calculation part from a comparison part, sending the comparison SQL to a cloud encryption database for processing, initiating the calculation SQL to the calculator module after receiving a result data table, and finally returning the result to a user, and the key management module is responsible for managing a data key of the user and encrypting and decrypting user data.

The cloud encryption database is responsible for executing comparison SQL from the proxy, wherein the comparison operator is executed by an operator extension TEE program, the extension does not support calculation operators and encryption operations, and the fact that the untrusted database cannot generate derivative data and is invisible to plaintext is guaranteed.

An attacker (such as a suspected cloud service provider or a database manager) cannot initiate function call (calculation operator call in the system) of any TEE program to the database, so that the invention effectively resists interface abuse attack and ensures confidentiality of user data.

As shown in fig. 2: the diagram shows the splitting process of the parser in the proxy on the conventional DML statement, wherein after the SQL statement is parsed, the parser splits the calculation part and the comparison part into a plurality of SQL with dependency relations. Wherein the computing operation mainly comprises basic mathematical operators (+, -, /) and partial aggregation functions (SUM, AVG) in SQL semantics; the comparison operation mainly contains the Filter part after the WHERE clause.

The comparison operation and the strict splitting of the calculation operation are based on SQL semantics, the SQL semantics prescribe that the calculation operation mainly comprising an Aggregation (Aggregation) function can only appear as predicates after the SELECT key, the comparison operation as a filtering condition can only appear after the WHERE key, the SQL semantics is naturally adapted to separate the calculation and the comparison operation, so that the splitting algorithm is that the comparison filtering condition after the WHERE key is unchanged, all table fields (Attribute) to be used for the calculation operation are used as the SELECT predicates to form comparison SQL, the comparison SQL is sent to an encryption database, and a result data table is returned to a security agent and the calculation operation is executed.

In summary, the present invention proposes an encrypted database extension based on a trusted execution environment that resists interface abuse attacks. An interface abuse attack can initiate any function call to the operator TEE extension on the primary encryption database side to steal encrypted data. The success of the interface abuse attack is based on the continual generation of derivative data in conjunction with comparison and computation operations to provide ancillary information about the plaintext. The invention establishes a security agent between the client and the cloud encrypted database to analyze the user query, strictly splits the calculation operation and the comparison operation, the calculation operation is executed by a calculation program in the agent, the comparison operation is sent to the encrypted database for execution, and a TEE (terminal equipment) expansion program at the database side is responsible for executing the comparison operator. The invention can effectively resist the abuse attack of the interface through the design of separating calculation and comparison and not exposing the calculation interface, and can ensure the support of various SQL queries and low expenditure under various loads while ensuring the safety.

Those skilled in the art will appreciate that the systems, apparatus, and their respective modules provided herein may be implemented entirely by logic programming of method steps such that the systems, apparatus, and their respective modules are implemented as logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc., in addition to the systems, apparatus, and their respective modules being implemented as pure computer readable program code. Therefore, the system, the apparatus, and the respective modules thereof provided by the present application may be regarded as one hardware component, and the modules included therein for implementing various programs may also be regarded as structures within the hardware component; modules for implementing various functions may also be regarded as being either software programs for implementing the methods or structures within hardware components.

The foregoing describes specific embodiments of the present application. It is to be understood that the application is not limited to the particular embodiments described above, and that various changes or modifications may be made by those skilled in the art within the scope of the appended claims without affecting the spirit of the application. The embodiments of the application and the features of the embodiments may be combined with each other arbitrarily without conflict.

Claims

1. A defending method for TEE encryption database interface attack is characterized in that,

establishing a security agent between the client and the cloud encryption database to analyze the user query, splitting the calculation operation and the comparison operation, executing the calculation operation by a calculation program of the security agent, and transmitting the comparison operation to the cloud encryption database for execution;

the defending method for the TEE encryption database interface attack comprises the following steps:

when the SQL statement from the client in the step S3 is the nested compound query, the analysis result is a plurality of groups of SQL statements with dependency relationships, the calculation result of the SQL statement with dependency relationships in the current group in the step S5 can help to generate the next group of SQL statements with dependency relationships, and the steps S3-S5 are repeated until all groups of SQL statements with dependency relationships are subjected to calculation operation by the security agency on the result data table.

2. The method for defending against TEE encryption database interface attacks according to claim 1, wherein the method comprises the following steps:

both the agent program and the operator security extension program of the security agent need to be loaded into the trusted execution environment and in a running state, and the agent program needs to open a designated port to respond to a user request.

3. The method for defending against TEE encryption database interface attacks according to claim 1, wherein the method comprises the following steps:

the SQL query initiated by the client needs to pass through a security agent between the client and the database of the server, the SQL statement is analyzed, split and rewritten by an analyzer module in the security agent, then the security agent sends comparison query to the cloud encryption database, the security agent obtains a result data table and then carries out execution of calculation query by an internal calculator module, and finally the calculation result is returned to the client.

4. The method for defending against TEE encryption database interface attacks according to claim 1, wherein the method comprises the following steps:

the comparison operation mainly comprises a filter part after the WHERE clause;

the security agent creates a data key for each user, if SQL initiated by the user is data insertion operation, the security agent encrypts data by using the corresponding key and then sends a ciphertext insertion request to the cloud encryption database, so that the cloud encryption database is ensured to only operate data ciphertext.

5. The method for defending against TEE encryption database interface attacks according to claim 1, wherein the method comprises the following steps:

the operator security extension program at the cloud encrypted database side only provides the comparison operator computing capability and the user data decryption capability for the waybill encrypted database, derived data is not generated in the execution process, and an attacker cannot initiate interface abuse attack.

6. The method for defending against TEE encryption database interface attacks according to claim 1, wherein the method comprises the following steps:

7. A TEE encryption database interface attack-oriented defense system, comprising: the client, the security agent and the cloud encryption database;

the defending system facing the TEE encryption database interface attack establishes a security agent between a client side and a server side database based on TEE program development, and establishes an operator security extension program at one side of the encryption database to participate in the comparison execution of the encryption data;

when the SQL sentences from the client are nested compound queries, the analysis result is a plurality of groups of SQL sentences with the dependency relationships, the calculation result of the SQL sentences with the dependency relationships in the current group can help to generate the SQL sentences with the dependency relationships in the next group until all the SQL sentences with the dependency relationships in the groups are used for executing calculation operations on the result data table by the security proxy.

8. The TEE encryption database interface attack defense system of claim 7, wherein:

the comparison operation mainly comprises a filter part after the WHERE clause;