Paper 2015/979

Guidelines for Using the CryptDB System Securely

Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan

Abstract

This report has two goals. First, we review guidelines for using the CryptDB system [PRZB11, Pop14] securely by the administrators of database applications. These guidelines were already described in [PRZB11] and elaborated on in [Pop14], but in light of some recent work [NKW15] that applied these guidelines incorrectly, a short document devoted to summarizing these guidelines may be useful. Second, we explain that the study of Naveed, Kamara, and Wright [NKW15] represents an unsafe usage of CryptDB, violating CryptDB’s security guidelines. Hence, the conclusions drawn in that paper regarding CryptDB’s guarantees for medical applications are incorrect: had the guidelines been followed, none of the claimed attacks would have been possible.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Contact author(s)
raluca popa @ berkeley edu
History
2015-10-16: last of 2 revisions
2015-10-12: received
See all versions
Short URL
https://ia.cr/2015/979
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/979,
      author = {Raluca Ada Popa and Nickolai Zeldovich and Hari Balakrishnan},
      title = {Guidelines for Using the CryptDB System Securely},
      howpublished = {Cryptology ePrint Archive, Paper 2015/979},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/979}},
      url = {https://eprint.iacr.org/2015/979}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.