Paper 2015/082

On the Difficulty of Securing Web Applications using CryptDB

İhsan Haluk AKIN and Berk Sunar

Abstract

CryptDB has been proposed as a practical and secure middleware to protect databases deployed on semi-honest cloud servers. While CryptDB provides sufficient protection under Threat-1, here we demonstrate that when CryptDB is deployed to secure the cloud hosted database of a realistic web application, an attacker to database or a Malicious Database Administrator (mDBA) can easily steal information, and even escalate his privilege to become the administrator of the web application. Our attacks, fall under a restricted form of Threat-2 where we only assume that the attackers or the mDBA tampers with the CryptDB protected database and is opens an ordinary user account through the web application. Our attacks, are carried out assuming perfectly secure proxy and application servers. Therefore, the attacks work without recovering the master key residing on the proxy server. At the root of the attack lies the lack of any integrity checks for the data in the CryptDB database. We propose a number of practical countermeasures to mitigate attacks targeting the integrity of the CryptDB database. We also demonstrate that the data integrity is not sufficient to protect the databases, when query integrity and frequency attacks are considered.