Paper 2017/468

Why Your Encrypted Database Is Not Secure

Paul Grubbs, Thomas Ristenpart, and Vitaly Shmatikov

Abstract

Encrypted databases, a popular approach to protecting data from compromised database management systems (DBMS’s), use abstract threat models that capture neither realistic databases, nor realistic attack scenarios. In particular, the “snapshot attacker” model used to support the security claims for many encrypted databases does not reflect the information about past queries available in any snapshot attack on an actual DBMS. We demonstrate how this gap between theory and reality causes encrypted databases to fail to achieve their “provable security” guarantees.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. The 16th Workshop on Hot Topics in Operating Systems (HotOS 2017)
Keywords
encrypted databasessecurity definitions
Contact author(s)
pag225 @ cornell edu
History
2017-06-06: revised
2017-05-28: received
See all versions
Short URL
https://ia.cr/2017/468
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/468,
      author = {Paul Grubbs and Thomas Ristenpart and Vitaly Shmatikov},
      title = {Why Your Encrypted Database Is Not Secure},
      howpublished = {Cryptology ePrint Archive, Paper 2017/468},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/468}},
      url = {https://eprint.iacr.org/2017/468}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.