Anti-Tamper Databases: Querying Encrypted Databases

With mobile computing and powerful laptops, databases with sensitive data can be physically retrieved by malicious users who can employ techniques that were not previously thought of, such as disk scans, compromising the data by bypassing the database management system software or database user authentication processes. Or, when databases are provided as a service, the service providers may not be trustworthy. A way to prevent, delay, limit, or contain the compromise of the protected data in a database is to encrypt the data and the database schema, and yet allow queries and transactions over the encrypted data. Clearly, there is a compromise between the degree of security provided by encryption and the efficient querying of the database. In this paper, we investigate the capabilities and limitations of encrypting the database in relational databases, and yet allowing, to the extent possible, efficient SQL querying of the encrypted database. We concentrate on integer-valued attributes, and investigate a family of open-form and closed-form homomorphism encryption/decryption functions, the associated query transformation problems, inference control issues, and how to handle overflow and precision errors.