StealthDB: a Scalable Encrypted Database with Full SQL Query Support

Open access


Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either special-purpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms (e.g., public-key encryptions, garbled circuits) usually result in high performance overheads, while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around the architectural limitations of the specific devices used.

In this work we build StealthDB – an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large transactional workloads, requires minor DBMS changes, and provides a relatively strong security guarantees at steady state and during query execution. Our prototype on top of Postgres supports the full TPC-C benchmark with a 30% decrease in the average throughput over an unmodified version of Postgres operating on a 2GB unencrypted dataset.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Amazon. AWS shell interface specification. 2017. Accessed: 2017-10-01.

  • [2] A. Arasu S. Blanas K. Eguro R. Kaushik D. Kossmann R. Ramamurthy and R. Venkatesan. Orthogonal security with cipherbase. In CIDR 2013.

  • [3] S. Arnautov B. Trach F. Gregor T. Knauth A. Martin C. Priebe J. Lind D. Muthukumaran D. O’Keeffe M. Stillwell D. Goltzsche D. M. Eyers R. Kapitza P. R. Pietzuch and C. Fetzer. SCONE: secure linux containers with intel SGX. In OSDI pages 689–703 2016.

  • [4] S. Bajaj and R. Sion. Trusteddb: A trusted hardware based database with privacy and data confidentiality. In SIGMOD pages 205–216 2011.

  • [5] M. Balduzzi J. Zaddach D. Balzarotti E. Kirda and S. Loureiro. A security analysis of amazon’s elastic compute cloud service. In SAC pages 1427–1434 2012.

  • [6] A. Baumann M. Peinado and G. C. Hunt. Shielding applications from an untrusted cloud with haven. In OSDI pages 267–283 2014.

  • [7] F. Brasser U. Müller A. Dmitrienko K. Kostiainen S. Capkun and A. Sadeghi. Software grand exposure: SGX cache attacks are practical. In WOOT 2017.

  • [8] S. Bugiel S. Nürnberger T. Pöppelmann A. Sadeghi and T. Schneider. Amazonia: when elasticity snaps back. In CCS pages 389–400 2011.

  • [9] J. V. Bulck M. Minkin O. Weisse D. Genkin B. Kasikci F. Piessens M. Silberstein T. F. Wenisch Y. Yarom and R. Strackx. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In USENIX Security pages 991–1008 2018.

  • [10] D. Cash J. Jaeger S. Jarecki C. S. Jutla H. Krawczyk M. Rosu and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS 2014.

  • [11] D. Cash S. Jarecki C. S. Jutla H. Krawczyk M. Rosu and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO I pages 353–373 2013.

  • [12] D. Cash and S. Tessaro. The locality of searchable symmetric encryption. In EUROCRYPT pages 351–368 2014.

  • [13] C. che Tsai D. E. Porter and M. Vij. Graphene-sgx: A practical library OS for unmodified applications on SGX. In USENIX ATC pages 645–658 2017.

  • [14] V. Costan and S. Devadas. Intel SGX explained. IACR Cryptology ePrint Archive 2016:86 2016.

  • [15] F. Dall G. D. Micheli T. Eisenbarth D. Genkin N. Heninger A. Moghimi and Y. Yarom. Cachequote: Efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2):171–191 2018.

  • [16] V. data breach incident report. 2016.

  • [17] M. Dzulfakar. Advanced mysql exploitation. Black Hat Las Vegas 2009.

  • [18] S. Eskandarian and M. Zaharia. An oblivious general-purpose SQL database for the cloud. CoRR abs/1710.00458 2017.

  • [19] S. Faber S. Jarecki H. Krawczyk Q. Nguyen M. Rosu and M. Steiner. Rich queries on encrypted data: Beyond exact matches. In ESORICS II pages 123–145 2015.

  • [20] B. Fisch D. Vinayagamurthy D. Boneh and S. Gorbunov. IRON: functional encryption using intel SGX. In CCS pages 765–782 2017.

  • [21] B. Fuhry R. Bahmani F. Brasser F. Hahn F. Kerschbaum and A. Sadeghi. Hardidx: Practical and secure index with SGX. In DBSec pages 386–408 2017.

  • [22] B. Fuller M. Varia A. Yerukhimovich E. Shen A. Hamlin V. Gadepally R. Shay J. D. Mitchell and R. K. Cunningham. Sok: Cryptographically protected database search. In IEEE SP pages 172–191 2017.

  • [23] T. Garfinkel and M. Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In HotOS 2005.

  • [24] C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC pages 169–178 2009.

  • [25] O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. J. ACM 43(3):431–473 1996.

  • [26] Google. Encrypted BigQuery client. 2017.

  • [27] P. Grofig I. Hang M. Härterich F. Kerschbaum M. Kohler A. Schaad A. Schröpfer and W. Tighzert. Privacy by encrypted databases. In Annual Privacy Forum pages 56–69. Springer 2014.

  • [28] P. Grubbs M. Lacharité B. Minaud and K. G. Paterson. Pump up the volume: Practical database reconstruction from volume leakage on range queries. In CCS pages 315–331 2018.

  • [29] P. Grubbs R. McPherson M. Naveed T. Ristenpart and V. Shmatikov. Breaking web applications built on top of encrypted data. In ACM CCS pages 1353–1364 2016.

  • [30] P. Grubbs T. Ristenpart and V. Shmatikov. Why your encrypted database is not secure. In HotOS pages 162–168 2017.

  • [31] B. D. A. Guimaraes. Advanced sql injection to operating system full control. Black Hat Europe 2009.

  • [32] S. Halevi and V. Shoup. Algorithms in helib. In CRYPTO I pages 554–571 2014.

  • [33] T. Hunt Z. Zhu Y. Xu S. Peter and E. Witchel. Ryoan: A distributed sandbox for untrusted computation on secret data. In OSDI pages 533–549 2016.

  • [34] Y. Ishai E. Kushilevitz S. Lu and R. Ostrovsky. Private large-scale databases with distributed searchable symmetric encryption. In CT-RSA pages 90–107 2016.

  • [35] G. Kellaris G. Kollios K. Nissim and A. O’Neill. Generic attacks on secure outsourced databases. In CCS pages 1329–1340 2016.

  • [36] J. Lee J. S. Jang Y. Jang N. Kwak Y. Choi C. Choi T. Kim M. Peinado and B. B. Kang. Hacking in darkness: Return-oriented programming against secure enclaves. In USENIX Security pages 523–539 2017.

  • [37] S. Lee M. Shih P. Gera T. Kim H. Kim and M. Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In USENIX Security pages 557–574 2017.

  • [38] K. Lewi and D. J. Wu. Order-revealing encryption: New constructions applications and lower bounds. In CCS pages 1167–1178 2016.

  • [39] F. McKeen I. Alexandrovich A. Berenzon C. V. Rozas H. Shafi V. Shanbhogue and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In HASP page 10 2013.

  • [40] Microsoft SQL Server 2016. Always encrypted database engine. 2017.

  • [41] M. Naveed S. Kamara and C. V. Wright. Inference attacks on property-preserving encrypted databases. In ACM CCS pages 644–655 2015.

  • [42] O. Ohrimenko F. Schuster C. Fournet A. Mehta S. Nowozin K. Vaswani and M. Costa. Oblivious multi-party machine learning on trusted processors. In USENIX Security pages 619–636 2016.

  • [43] M. Orenbach P. Lifshits M. Minkin and M. Silberstein. Eleos: Exitless OS services for SGX enclaves. In EuroSys pages 238–253 2017.

  • [44] A. Papadimitriou R. Bhagwan N. Chandran R. Ramjee A. Haeberlen H. Singh A. Modi and S. Badrinarayanan. Big data analytics over encrypted datasets with seabed. In OSDI pages 587–602 2016.

  • [45] V. Pappas F. Krell B. Vo V. Kolesnikov T. Malkin S. G. Choi W. George A. D. Keromytis and S. M. Bellovin. Blind seer: A scalable private DBMS. In IEEE SP pages 359–374 2014.

  • [46] R. Poddar T. Boelter and R. A. Popa. Arx: A strongly encrypted database system. IACR Cryptology ePrint Archive 2016:591 2016.

  • [47] R. A. Popa C. M. S. Redfield N. Zeldovich and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In SOSP pages 85–100 2011.

  • [48] PostgreSQL 9.5.10 Documentation. Extensions. 2018. Accessed: 2018-01-29.

  • [49] C. Priebe K. Vaswani and M. Costa. Enclavedb: A secure database using SGX. In IEEE SP pages 264–278 2018.

  • [50] T. Ristenpart and S. Yilek. When good randomness goes bad: Virtual machine reset vulnerabilities and hedging deployed cryptography. In NDSS 2010.

  • [51] F. Schuster M. Costa C. Fournet C. Gkantsidis M. Peinado G. Mainar-Ruiz and M. Russinovich. VC3: trustworthy data analytics in the cloud using SGX. In IEEE SP pages 38–54 2015.

  • [52] M. Schwarz S. Weiser D. Gruss C. Maurice and S. Mangard. Malware guard extension: Using SGX to conceal cache attacks. In DIMVA pages 3–24 2017.

  • [53] C. Tsai K. S. Arora N. Bandi B. Jain W. Jannen J. John H. A. Kalodner V. Kulkarni D. Oliveira and D. E. Porter. Cooperation and security isolation of library oses for multiprocess applications. In EuroSys 2014 pages 9:1–9:14 2014.

  • [54] N. Weichbrodt A. Kurmus P. R. Pietzuch and R. Kapitza. Asyncshock: Exploiting synchronisation bugs in intel SGX enclaves. In ESORICS I pages 440–457 2016.

  • [55] Y. Xu W. Cui and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE SP pages 640–656 2015.

  • [56] W. Zheng A. Dave J. G. Beekman R. A. Popa J. E. Gonzalez and I. Stoica. Opaque: An oblivious and encrypted distributed analytics platform. In NSDI pages 283–298 2017.

Journal information
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 152 152 26
PDF Downloads 80 80 10