Attacking Encrypted Database Systems

Muhammad Naveed, Charles Wright and I recently posted a paper that describes inference attacks on encrypted database (EDB) systems like CryptDB, Cipherbase, Google's Encrypted BigQuery demo and Microsoft SQL Server 2016 Always Encrypted. These systems are based on property-preserving encryption (PPE) schemes which are a class of encryptions schemes that leak certain properties of their plaintexts. Examples include deterministic encryption (DTE) and order-preserving encryption (OPE). The paper is here and will be presented in October at the ACM Conference on Computer and Communication Security.

How to Search on Encrypted Data: Deterministic Encryption (Part 2)

This is the second part of a series on searching on encrypted data. See parts 1, 3, 4, 5. In this post we'll cover the simplest way to search on encrypted data. This is usually the solution people come up with when they first think of the problem of encrypted search and, as we'll see this, this approach has some nice properties but also some limitations. To make this work we' ll need a special type of encryption scheme called a property-preserving encryption (PPE) scheme.