There is very interesting presentation at Microsoft Research by MIT
PhD candidate
Raluca Ada Popa on CryptoDB over at:
http://research.microsoft.com/apps/video/default.aspx?id=178914
CryptDB works as a trusted proxy used on the application side and is
completely transparent to the database and to the application (after some
metadata configuration to identify the sensitive data from the schema).
The presentation runs for an hour 17 minutes but is definitely worth a watch.
CryptDB definitely looks to be a better choice for encrypting sensitive data
than using something like Oracle's or SQL Server's Transparent Data
Encryption (TDE) solutions and it's probably a lot more practical than
expecting application developers to handle the encryption entirely within
their application.
The main website for CryptDB is at:
http://css.csail.mit.edu/cryptdb
There are some papers there that I've not yet had the chance to read,
but this looks really interesting and a very innovative approach. Full
source code is also hosted on GitHub. (URL provided at the main site.)
One of the major things discussed in the presentation is how they've
developed a way with CryptDB to implement order preserving encryption
in a more or less practical way. OPE does compromise the security, but
they have done it in a way that it doesn't get used unless comparitive
queries are run against encrypted data.
Nothing was said about side-channel attacks, and I expect that there
may very well be some in the implementation, but I didn't see anything
particularly in the design that was a show-stopper in that regard.
Anyhow, I'd be interesting in hearing other's opinion on this especially
since it is a problem that I regularly face when it comes to application
security.
Thanks,
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
