There is very interesting presentation at Microsoft Research by MIT PhD candidate Raluca Ada Popa on CryptoDB over at: http://research.microsoft.com/apps/video/default.aspx?id=178914
CryptDB works as a trusted proxy used on the application side and is completely transparent to the database and to the application (after some metadata configuration to identify the sensitive data from the schema). The presentation runs for an hour 17 minutes but is definitely worth a watch. CryptDB definitely looks to be a better choice for encrypting sensitive data than using something like Oracle's or SQL Server's Transparent Data Encryption (TDE) solutions and it's probably a lot more practical than expecting application developers to handle the encryption entirely within their application. The main website for CryptDB is at: http://css.csail.mit.edu/cryptdb There are some papers there that I've not yet had the chance to read, but this looks really interesting and a very innovative approach. Full source code is also hosted on GitHub. (URL provided at the main site.) One of the major things discussed in the presentation is how they've developed a way with CryptDB to implement order preserving encryption in a more or less practical way. OPE does compromise the security, but they have done it in a way that it doesn't get used unless comparitive queries are run against encrypted data. Nothing was said about side-channel attacks, and I expect that there may very well be some in the implementation, but I didn't see anything particularly in the design that was a show-stopper in that regard. Anyhow, I'd be interesting in hearing other's opinion on this especially since it is a problem that I regularly face when it comes to application security. Thanks, -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography