Cryptographically Protected Database Search
Speaker
Benjamin Fuller
University of Connecticut
Host
CSAIL Security Seminar
Title: Cryptographically Protected Database Search
Abstract: Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. In this talk, we survey the range of tradeoffs between security and privacy. In particular, we
1) identify of the important primitive operations across database paradigms,
2) evaluate of the current state of protected search systems in implementing these base operations, and
3) analyze of attacks against protected search for different base queries.
Bio: Benjamin Fuller is an Assistant Professor of Computer Science and Engineering at the University of Connecticut. His research focuses on driving cryptography to use in practice. His primary interests are authentication and searchable encryption. He has worked on a variety of problems from testing broadcast encryption while flying to scanning his iris for cryptographic key derivation. Prior to joining UConn, Ben was a research scientist at MIT Lincoln Laboratory from 2007-2016 working on searchable encryption. He received his PhD and MA from Boston University in 2015 and 2011 respectively.
Abstract: Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. In this talk, we survey the range of tradeoffs between security and privacy. In particular, we
1) identify of the important primitive operations across database paradigms,
2) evaluate of the current state of protected search systems in implementing these base operations, and
3) analyze of attacks against protected search for different base queries.
Bio: Benjamin Fuller is an Assistant Professor of Computer Science and Engineering at the University of Connecticut. His research focuses on driving cryptography to use in practice. His primary interests are authentication and searchable encryption. He has worked on a variety of problems from testing broadcast encryption while flying to scanning his iris for cryptographic key derivation. Prior to joining UConn, Ben was a research scientist at MIT Lincoln Laboratory from 2007-2016 working on searchable encryption. He received his PhD and MA from Boston University in 2015 and 2011 respectively.