Chip-Secured Data Access: Chip-Secured Data Access: Confidential Data on Untrusted ServesConfidential Data on Untrusted Serves
L. Bouganim, P. Pucheral, “Chip-Secured Data Access: Confidential Data on Untrusted Servers”, Int. Conf. on Very Large Data Bases, 2002.
University of Versailles – PRISM Laboratory, France
Shetal PatelCSE 6331 – Spatial Database
University of Texas at Arlington
KEEP OUT
October 12, 2004
C-SDA: Confidential Data on Untrusted Servers
2
OutlineOutline
1. Introduction2. Data Confidentiality Problem3. C-SDA Baseline4. Query Management5. Confidentiality & Encryption6. C-SDA Scenario7a. Future Work7b. Conclusion7c. References
C-SDA: Confidential Data on Untrusted Servers
3
IntroductionIntroduction
Why do we need security? (web, network, database)
Background• what is user authentication?
• what is encryption/decryption?
• what is symmetric/asymmetric?
• what is SSL? What is Smartcard?
C-SDA: Confidential Data on Untrusted Servers
4
Need for SecurityNeed for Security
Computing industry has moved from mainframe era to client/server era to Internet era
Web provide convenient, cheap, and fast way of publishing data
Corporate database are made more and more accessible to authorized employees over the internet
Customer information is maintain online for the needs of e-commerce and e-business application (.Net)
Amount of sensitive information collected and shared in marketplace is enormous - Confidentiality major concern
C-SDA: Confidential Data on Untrusted Servers
5
Need for Open Trusted Data StoresNeed for Open Trusted Data Stores
Virtual teams• distributed among space, time and
organizations
• collaborative work on confidential data Shared personal folders
• accessible anywhere, anytime and shared by authorized persons
Corporate DB hosted by a DSP• Permanent access to traveling salesmen
C-SDA: Confidential Data on Untrusted Servers
6
BackgroundBackground
What is User Identification and Authentication?
What is encryption/decryption? What is symmetric/asymmetric? What is SSL? What is smartcard?
C-SDA: Confidential Data on Untrusted Servers
7
Security MechanismsSecurity Mechanisms
Symmetric / Secret Key Techniques• Same key to encrypt & decrypt message.• DES - 56 bit key considered unsafe for
financial purposes since 1998.
» Advantage– It is 100 to10,000 times faster then public key because it
often use smaller key, perhaps even a user-password.
» Disadvantage– the key must be securely exchanged between A & B.– if the key is compromised, the entire communication is
instantly readable.
C-SDA: Confidential Data on Untrusted Servers
8
Security Mechanisms …Security Mechanisms … Asymmetric / Public Key Techniques
• Keys come in pairs -- a public key known to all and a private (or secret) key known only by the user.
• A message encrypted with the public key can be decrypted only by the private key & vice versa.
• Public key are stored in public servers, usually in a X.509 certificate.
» Advantage– as the private key is never shared, the system is secure.
» Disadvantage– Slower then Secret Key technique because its usually 512 or
1024 bits long, which is about 50 to 100 character long.
C-SDA: Confidential Data on Untrusted Servers
9
Security Mechanisms ProtocolsSecurity Mechanisms Protocols
Secure Sockets Layer (SSL) protocol• SSL encrypts all data transmitted between a client
and server during a session.
• Protocol ensure confidential communication technique which is used by all major website.
• Addresses to SSL secure page use the prefix “https” instead of common “http”.
C-SDA: Confidential Data on Untrusted Servers
10
What is Smartcard? What is Smartcard?
A plastic card with inbuilt silicon chip, which contained..
• micro-processor, system software, application software, permanent data engraved into non-volatile memory, some (less expensive) volatile memory
Most common smartcard Application
• Credit cards, Electronic cash, Computer security systems, Wireless communication, Loyalty systems (like frequent flyer points), Banking, Satellite TV, Government ID…
• Advantage» greater security, more storage capacity, standalone unit
• Disadvantage» cost of installing new device or adapting existing terminal, external
device (card reader)
C-SDA: Confidential Data on Untrusted Servers
11
2. Data Confidentiality Problem 2. Data Confidentiality Problem
2.1 Definition - Data Confidentiality, Data Privacy
2.2 Different types of attackers2.3 Database Security2.4 Server-based approach2.5 Data confidentiality requirement2.6 Client-based approach2.7 Data confidentiality problem
C-SDA: Confidential Data on Untrusted Servers
12
Definition: Data Confidentiality, Data Privacy Definition: Data Confidentiality, Data Privacy
Data Confidentiality• Ability to share sensitive data among users
while respecting the privileges granted by the data owner to each member
Data Privacy• Data owned by an individual will never be
disclosed to anyone else
2.1
C-SDA: Confidential Data on Untrusted Servers
13
AttackersAttackers
Intruder• tries to attack the DB footprint or usurp the identity of a regular
user (or DBA)
Insider• tries to get information exceeding her own access rights
Administrator (SA or DBA)• has enough privileges to tamper the access right definition and
spy the DBMS behavior
Access rights can be bypassedEncryption is required
2.2
C-SDA: Confidential Data on Untrusted Servers
14
Database SecurityDatabase Security
User identification & Authentication• login/password, smartcard or biometric
Network encryption• guarantees confidentiality and the integrity of
client/server communication Server-enforced access control and privilege
management
Can we trust server or web-hosting company? Increasing hacking commercial or institutional site.
2.3
C-SDA: Confidential Data on Untrusted Servers
15
Server-based approachServer-based approach Server responsible for query
execution, access right management, encryption and decryption of data
Data decrypted on fly by server at query evaluation time• DBA privileges make easier to
change encryption package, get cryptographic keys, modify access rights and even snoop memory to get data while it is decrypted
• Separate DBA (administering the db resources) and SA (administering user privileges, encryption keys and other security issues.
Weakness = decryption occurs on the server
2.4
C-SDA: Confidential Data on Untrusted Servers
16
Data Confidentiality RequirementData Confidentiality Requirement
Confidential data must be managed by an auto-administered DBMS to cast off the DBA privileges
DBMS must be hosted by an auto-administered computing system to cast off the system administrator privileges
Computing system must constitute a Secure Operating Environment (SOE) to cast off any Intruder action
2.5
C-SDA: Confidential Data on Untrusted Servers
17
Client-based approachClient-based approach
Decryption on the client
• Who owns the keys? Privacy (exclusive access)
• Client manages the keys
• Efficiency is the main concern Confidentiality
• A security mechanism is required on the client side to manage keys and access rights
Weakness = client can tamper the security mechanism
2.6
C-SDA: Confidential Data on Untrusted Servers
18
Client-based approach…Client-based approach…
Benefits of using smartcard• secure and cheap
• existing smartcard application dose not require any administration once downloaded on the card
• hardware architecture makes tampering difficult, probably best SOE
• high cost of attack and if tampered only the data of single user is revealed
Problem – lack of extensibility• Dynamic declaration of data and user access rights –user
Weakness = client can tamper the security mechanism
2.6
C-SDA: Confidential Data on Untrusted Servers
19
Data Confidentiality ProblemData Confidentiality Problem Confidentiality enforcement
• Data confidentiality must be guaranteed against Intruder & DBA. Server-based solution not suitable – DBA privileges.
Storage capacity• System must not limit the volume nor the cardinality of the DB. Client-
based solution not suitable – whole DB hosted on secured device. Sharing capacity
• Any data, may be shared among multiple authorize user. Client-based solution not suitable – data sharing is not supported.
Query capacity• Any data, may be queried through predicate-based lang. (typically
SQL). This precludes solutions restricted to encrypted backups. Pertinence
• System must guarantee an acceptable response time to each user, must be scalable and must be economically visible to meet requirements of large public applications.
2.7
C-SDA: Confidential Data on Untrusted Servers
20
3. C-SDA baseline3. C-SDA baseline
3.1 What is C-SDA ?
3.2 C-SDA Functional Architecture
3.3 Security Breach
3.4 Data Confidentiality Problem – Smartcard
C-SDA: Confidential Data on Untrusted Servers
21
What is C-SDA?What is C-SDA?
C-SDA is to insulate data encryption, query evaluation and access right management in SOE
Making the Security mechanism
tamper–resistant
• Access right management hosted by Secure Operating Environment (SOE) (e.g. smartcard)
• Access right defined on views
» Query translation in SOE
» Part of query execution in the SOE
3.1
C-SDA: Confidential Data on Untrusted Servers
22
C-SDA Functional ArchitectureC-SDA Functional Architecture
C-SDA is a client based security component acting as an incorruptible mediator between a client and the encrypted database.
This cooperation of hardware and software security allows the orthogonally between access-right management and data encryption to be reestablished.
3.2
C-SDA: Confidential Data on Untrusted Servers
23
Security BreachSecurity Breach
Server-based Approach Problem C-SDA solution
Figure 1 Figure 3
1. Data is decrypted by the server at query execution time.
1. Assuming DBMS engine is hosted by smartcard that eliminates the need to decrypt data on the server side.
2. Access rights are enforced by the server and administered by an Untrusted DBA.
2. Assuming DBMS access right manager remain hosted by the smartcard, the DBA or Intruder is no longer able to abuse them.
3.3
C-SDA: Confidential Data on Untrusted Servers
24
Question – C-SDA (Figure 3)Question – C-SDA (Figure 3)
Q. Can we assume from the preceding discussion that a server acting as an encrypted repository for a smart card DBMS can integrate the smart card’s sphere of security (i.e. while keeping the level of confidence unchanged)?
A. No. Since the server is not hosted by SOE. Typically, an Intruder may conduct destructive or deny of service attacks on the server. However, privacy and confidentiality are preserved thanks to encryption.
C-SDA: Confidential Data on Untrusted Servers
25
Question – C-SDA (Figure 3)…Question – C-SDA (Figure 3)…
Q. Since data flows from the server to the smartcard DBMS is encrypted, can we infer that the communication channel is part of the smartcard’s security?
A. No. communication channel may undergo several forms of attacks. Insider may compare the encrypted data issued from the server with query result that appears in plain text on its terminal.
C-SDA: Confidential Data on Untrusted Servers
26
Data Confidentiality Problem – Smart CardData Confidentiality Problem – Smart Card
Confidentiality enforcement• Enforced by the fact that the smart card is a SOE hosting data and
DBMS engine which is self or user administered. Storage capacity
• Limited by smartcard stable storage capacity. Sharing capacity
• Limited by the need to share physically the same card. Query capacity
• Query capacity limited to simple selection in SCQL standard.• PicoDBMS allows powerful query engines supporting selection, join,
grouping and aggregate calculus Pertinence
• Performance – smartcard DBMS is mono-user and works on reduced set of data.
• Scalability – one smartcard per user.• Price – few dollar per smartcard.
3.4
C-SDA: Confidential Data on Untrusted Servers
27
4. Query Management4. Query Management
4.1 Smartcard Characteristics
4.2 Query Evaluation Principle
C-SDA: Confidential Data on Untrusted Servers
28
Smartcard CharacteristicsSmartcard Characteristics Cheap and highly secured computer
• Powerful 32 bits RISC processor ( 35 MIPS)• Limited communication bandwidth (10 to 100 Kbps)• Tiny RAM, writes EEPROM stable storage very costly
Impact on C-SDA• Internal processing must be done in pipeline• Processing must be pushed down to the server• Data flow must be minimized
ROM – store operating system (96KB)
RAM – manage execution stack (4KB)
EEPROM – store persistent info. (128KB)
I/O – Communication channel (10 – 100 Kbps)
RISC processor – 32 bits (30-40 MIPS)
4.1
C-SDA: Confidential Data on Untrusted Servers
29
Smartcard Characteristics..Smartcard Characteristics.. Limitation
• Very limited storage capacity• Communication bandwidth (10 to 100 Kbps)• Very slow write time in EEPROM• Extremely reduced size of RAM
Benefits• High Security level• Powerful CPU with respect to other resources
Future Development• Augmenting the CPU power to increase the speed of cipher
algorithms• Augmenting the capacity of the stable storage• Augmenting the communication bandwidth between chip an
the card-reader
4.1
C-SDA: Confidential Data on Untrusted Servers
30
Query Evaluation PrincipleQuery Evaluation Principle Split Query Q into a
composition form
4.2
Server subquery (Qs)• Predicate based equality comparator {=,≠}
Smartcard subquery (Qc)• Inequi-predicates comparator {>,≥,<,≤}
Terminal subquery (Qt)• Confidentiality issues - handle the sort and
distinct operators
C-SDA: Confidential Data on Untrusted Servers
31
5. Confidentiality and Encryption5. Confidentiality and Encryption
5.1 Database Encryption
5.2 Sensitive Data
5.3 Access Right Management
5.4 C-SDA: Limitation of Solution
C-SDA: Confidential Data on Untrusted Servers
32
Database EncryptionDatabase Encryption Key insulation rule
• encryption keys must remain confined in the smartcard
Sharing rule• encryption must remain orthogonal to access rights
Computation rule• encryption must preserve attribute equality comparisons
Performance rule• encryption must be symmetric and client-based
Multi-key encryption rule• encryption must exploit as much different keys as possible
5.1
C-SDA: Confidential Data on Untrusted Servers
33
Sensitive DataSensitive Data Highly sensitive data stored on smartcard (e.g., name,
SSN, birth date, …) Issues
» how to integrate this sensitive data in the query evaluation process?
» how to guarantee its durability?» how to share if it is used by multiple user?
Solution» Group sensitive data in sensitive domains and store indices
referencing these domain values in place of corresponding data in server.
Benefits• Database and sensitive domains are located on two separate
server thereby increasing the complexity of attacks.• Backup copy of the domain dose not need to participate in
query evaluation.
5.2
C-SDA: Confidential Data on Untrusted Servers
34
Question – C-SDA (Figure 3)…Question – C-SDA (Figure 3)…
Q. What kind of complexity do you see in enforcing sensitive data durability?
Q. How can we create backup of static or dynamic domain?
A. Static – duplicate on any secure storage device (e.g., backup smartcard)
Dynamic domains – trickier to manage, if they are shared among multiple users. Solution: leave encrypted copy of the domain on a backup server and to synchronize this encrypted backup with the domain copy residing on smartcard at each connection.
C-SDA: Confidential Data on Untrusted Servers
35
Access Right ManagementAccess Right Management
Smartcard manages access rights and views• Definitions have to be securely stored in a server accessible
by all smartcards
Q. Who is responsible for granting/revoking access rights?A. Owner of the object inherits this responsibility.
C-SDA – DBA conserves all privileges to administer the database server but has no way to break the data confidentiality, as long as he/she wont have access to the user’s smartcard. Thus C-SDA user is unique holder of his data and can distribute among others.
5.3
C-SDA: Confidential Data on Untrusted Servers
36
C-SDA: Limitation of SolutionC-SDA: Limitation of Solution
Q. What do u think is the limitation of this C-SDA solution?
A. 1) Intruder can infiltrate user’s terminal in order to snoop the query results that are presented in plain text or alter query expression sent by the terminal to the smartcard before processing.
2) Intruder or Admin. may try to tamper DB footprint on disk in the hope of decrypting unauthorized data. This can be resolved by adding checksum attribute in each tuple.
5.4
C-SDA: Confidential Data on Untrusted Servers
37
6. C-SDA Scenario6. C-SDA Scenario
6.1 Query Execution with C-SDA
6.2a Optimization Issues
6.2b Optimization Issues – GUI (2003)
C-SDA: Confidential Data on Untrusted Servers
38
Query Execution with C-SDAQuery Execution with C-SDA
Consider business DB application where Invoice department is willing to bill invoice having a total amount greater than $1000.
Assumed Invoice dept. clerk privilege is restricted to select operation on view Invoice. It prevents an untrusted clerk to access confidential order-lines.
6.1
C-SDA: Confidential Data on Untrusted Servers
39
Query Execution with C-SDA…Query Execution with C-SDA…
1. Metadata refreshing
2. Access Right checking and view resolution
3. Query Splitting
4. Qs transmission and execution
5. Qs Result transmission
6. Qc execution
7. Rc delivering and Qt execution
6.1
C-SDA: Confidential Data on Untrusted Servers
40
Optimization IssuesOptimization Issues
Performance Problem• Assume only 1% of order
satisfies the selection on date, 99% of Rs are irrelevant, generating bottle-neck on the smartcard input-channel.
Objective• Evaluate inequi-predicate on a
data set smaller than Rs
Solution
6.2a
1) Pre-Process PQs using query splitter to get from server
2) Smartcard computes the content of which is stored on server side
3) Smartcard query splitter adds semi-join predicate to initial query Qs and send it to server for computation
C-SDA: Confidential Data on Untrusted Servers
41
Optimization Issues – GUI (2003)Optimization Issues – GUI (2003)
6.2b
C-SDA: Confidential Data on Untrusted Servers
42
Future WorkFuture Work
Performance assessment Experiment in the EDI context
• founded by the French ANVAR agency
• extends C-SDA towards XML database
Study the impact of SOE technology on query optimization
7a
C-SDA: Confidential Data on Untrusted Servers
43
ConclusionConclusion
Introduction• Encryption, Symmetric, Asymmetric, SSL
Data Confidentiality Problem• Attacker• Server-based Approach• Client-based Approach
How C-SDA solve DCP? C-SDA Query Management Confidentiality and Encryption on sensitive data C-SDA limitation to the solution Query Execution & Optimization Conclude with Future work
7b
C-SDA: Confidential Data on Untrusted Servers
44
ReferencesReferences
Luc Bouganim, François Dang Ngoc, Philippe Pucheral, Lilan Wu, "Chip-Secured Data Access: Reconciling Access Rights with Data Encryption". Demo session, VLDB 2003, Berlin
Anciaux N., Bobineau C., Bouganim L., Pucheral P., Valduriez P., 'PicoDBMS: Validation and Experience', Proc. of the 27th International Conference on Very Large Data Bases (VLDB), demo session, Roma, Italy, September 2001.
C. Bobineau, L. Bouganim, P. Pucheral, P. Valduriez : PicoDBMS : Scaling down database techniques for the Smartcard. Int. Conf. on VLDB, Best paper award, Cairo, 2000.
http://www.cardwerk.com/smartcards/ http://www.fist.fr/index.php?wpe=a505 http://electronics.howstuffworks.com/question332.htm
7c
C-SDA: Confidential Data on Untrusted Servers
45
Question, comment, concern?Question, comment, concern?
Please feel free to visit www.google.com
Thank you for your time…Thank you for your time…
Top Related