Why Your Encrypted Database Is Not Secure

Abstract

Encrypted databases, a popular approach to protecting data from compromised database management systems (DBMS's), use abstract threat models that capture neither realistic databases, nor realistic attack scenarios. In particular, the "snapshot attacker" model used to support the security claims for many encrypted databases does not reflect the information about past queries available in any snapshot attack on an actual DBMS. We demonstrate how this gap between theory and reality causes encrypted databases to fail to achieve their "provable security" guarantees.

DOI: 10.1145/3102980.3103007

1 Figure or Table

Cite this paper

@article{Grubbs2017WhyYE, title={Why Your Encrypted Database Is Not Secure}, author={Paul Grubbs and Thomas Ristenpart and Vitaly Shmatikov}, journal={IACR Cryptology ePrint Archive}, year={2017}, volume={2017}, pages={468} }