Cryptology ePrint Archive: Report 2015/979

Guidelines for Using the CryptDB System Securely

Raluca Ada Popa and Nickolai Zeldovich and Hari Balakrishnan

Abstract: This report has two goals. First, we review guidelines for using the CryptDB system [PRZB11, Pop14] securely by the administrators of database applications. These guidelines were already described in [PRZB11] and elaborated on in [Pop14], but in light of some recent work [NKW15] that applied these guidelines incorrectly, a short document devoted to summarizing these guidelines may be useful.

Second, we explain that the study of Naveed, Kamara, and Wright [NKW15] represents an unsafe usage of CryptDB, violating CryptDB’s security guidelines. Hence, the conclusions drawn in that paper regarding CryptDB’s guarantees for medical applications are incorrect: had the guidelines been followed, none of the claimed attacks would have been possible.

Category / Keywords: cryptographic protocols /

Date: received 10 Oct 2015, last revised 16 Oct 2015

Contact author: raluca popa at berkeley edu

Available format(s): PDF | BibTeX Citation

Version: 20151016:214525 (All versions of this report)

Short URL: ia.cr/2015/979

Discussion forum: Show discussion | Start new discussion