CryptDB: Processing Queries on an Encrypted Database

Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical confidentiality in the face of these attacks for applications backed by SQL databases. CryptDB’s approach is to execute SQL queries over encrypted data. It can do so practically with two techniques: using a collection of efficient SQL-aware encryption schemes, two of which are new, and onions of encryptions which allow dynamic adjustment of encryption schemes. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by only 26% for queries from the standard SQL benchmark TPC-C when compared to unmodified MySQL.

Speaker Details

Raluca Ada Popa is a third year Ph.D. student in computer science at MIT, advised by Prof. Nickolai Zeldovich. Her research interests are in building secure systems with solid cryptographic foundations, her work thus spanning from systems security to theoretical cryptography. Raluca received the 2011 Google Ph.D. Fellowship for Secure Cloud Computing and the 2009 CRA Outstanding Undergraduate Award for research.

Raluca Ada Popa