For further results and technical specifications please refer directly to the thesis 'Analysis of Encrypted Databases with CryptDB' that can be found at http://www.nds.rub.de/media/ei/arbeiten/2015/10/26/thesis.pdf.
Introduction to CryptDBCryptDB was developed by a team around Raluca Ada Popa at the Massachusetts Institute of Technology and published in 2011. It works like a proxy and enables SQL-aware encryption.
|CryptDB acting as a proxy and translating queries between the Application and DBMS.|
CryptDB uses a technique called onions and layers, where different computational aspects (like equality or order) are achieved by encrypting the same data with different algorithm that reveal different properties. To follow the paradigm 'reveal only as much as necessary' CryptDB dynamically reencrypts data to a more revealing layer of encryption only when necessary and does so on the fly.
Under ideal conditions this means the following:
- The application is not aware of the encryption ...
- ... and thus requires only minimal changes of the connection information
- The server holds only encrypted data...
- ... but is still able to perform most of the SQL operators, thus putting the computational load where it was intended to be.
With CryptDB we are able to keep a small proxy inside the trusted network environment and are able to leave the actual Database in a more exposed position.
Analysis of CryptDB
- Performance: We performed a few benchmarks against a CryptDB setup and a normal MySQL installation to measure the performance overhead.
- Adapting applications: We tried to adapt a few popular open source web application including Wordpress, Joomla and Drupal to see if we could use them with CryptDB.
PerformanceFor the performance analysis we developed two general scenarios that should represent a small (100 rows) and a mid sized database (100.000 rows). We then utilized SysBench to perform the benchmark with the two scenarios and repeated it several times with different thread configurations. When we looked at the results we noticed some significant slow downs with the CryptDB setup (as seen in Fig. 1), as well as some memory management issues when operating with many rows. We also discovered some issues related to multithreading on small databases.
Adapting applicationsWhen looking at the applications we tried to see if installing some widely-used web applications, like Wordpress or Joomla, works out of the box or whether there are any surprises in. Therefore we tried to install the application with CryptDB enabled and compared it against an installation that we have performed without CryptDB enabled. And we have indeed noticed some pitfalls that have to be circumvented to guarantee a satisfying admin/user experience. Among these problems where things such as length restricted key assignments , incompatible engine types and mysqli driver problems in php. In the thesis we describe some ways to fix problems or, where a fix is not possible, we tried to describe how to work around the problem if possible.
AcknowledgementsThis post was written by Michael Skiba and reviewed by Christian Mainka and Vladislav Mladenov.
Michael Skiba's Bachelor Thesis can be found at http://www.nds.rub.de/media/ei/arbeiten/2015/10/26/thesis.pdf.