chip-secured data access: confidential data on untrusted serves

Chip-Secured Data Access: Chip-Secured Data Access: Confidential Data on Untrusted ServesConfidential Data on Untrusted Serves

L. Bouganim, P. Pucheral, “Chip-Secured Data Access: Confidential Data on Untrusted Servers”, Int. Conf. on Very Large Data Bases, 2002.

University of Versailles – PRISM Laboratory, France

Shetal PatelCSE 6331 – Spatial Database

University of Texas at Arlington

KEEP OUT

October 12, 2004

C-SDA: Confidential Data on Untrusted Servers

2

OutlineOutline

1. Introduction2. Data Confidentiality Problem3. C-SDA Baseline4. Query Management5. Confidentiality & Encryption6. C-SDA Scenario7a. Future Work7b. Conclusion7c. References


3

IntroductionIntroduction

Why do we need security? (web, network, database)

Background• what is user authentication?

• what is encryption/decryption?

• what is symmetric/asymmetric?

• what is SSL? What is Smartcard?


4

Need for SecurityNeed for Security

Computing industry has moved from mainframe era to client/server era to Internet era

Web provide convenient, cheap, and fast way of publishing data

Corporate database are made more and more accessible to authorized employees over the internet

Customer information is maintain online for the needs of e-commerce and e-business application (.Net)

Amount of sensitive information collected and shared in marketplace is enormous - Confidentiality major concern


5

Need for Open Trusted Data StoresNeed for Open Trusted Data Stores

Virtual teams• distributed among space, time and

organizations

• collaborative work on confidential data Shared personal folders

• accessible anywhere, anytime and shared by authorized persons

Corporate DB hosted by a DSP• Permanent access to traveling salesmen


6

BackgroundBackground

What is User Identification and Authentication?

What is encryption/decryption? What is symmetric/asymmetric? What is SSL? What is smartcard?


7

Security MechanismsSecurity Mechanisms

Symmetric / Secret Key Techniques• Same key to encrypt & decrypt message.• DES - 56 bit key considered unsafe for

financial purposes since 1998.

» Advantage– It is 100 to10,000 times faster then public key because it

often use smaller key, perhaps even a user-password.

» Disadvantage– the key must be securely exchanged between A & B.– if the key is compromised, the entire communication is

instantly readable.


8

Security Mechanisms …Security Mechanisms … Asymmetric / Public Key Techniques

• Keys come in pairs -- a public key known to all and a private (or secret) key known only by the user.

• A message encrypted with the public key can be decrypted only by the private key & vice versa.

• Public key are stored in public servers, usually in a X.509 certificate.

» Advantage– as the private key is never shared, the system is secure.

» Disadvantage– Slower then Secret Key technique because its usually 512 or

1024 bits long, which is about 50 to 100 character long.


9

Security Mechanisms ProtocolsSecurity Mechanisms Protocols

Secure Sockets Layer (SSL) protocol• SSL encrypts all data transmitted between a client

and server during a session.

• Protocol ensure confidential communication technique which is used by all major website.

• Addresses to SSL secure page use the prefix “https” instead of common “http”.


10

What is Smartcard? What is Smartcard?

A plastic card with inbuilt silicon chip, which contained..

• micro-processor, system software, application software, permanent data engraved into non-volatile memory, some (less expensive) volatile memory

Most common smartcard Application

• Credit cards, Electronic cash, Computer security systems, Wireless communication, Loyalty systems (like frequent flyer points), Banking, Satellite TV, Government ID…

• Advantage» greater security, more storage capacity, standalone unit

• Disadvantage» cost of installing new device or adapting existing terminal, external

device (card reader)


11

2. Data Confidentiality Problem 2. Data Confidentiality Problem

2.1 Definition - Data Confidentiality, Data Privacy

2.2 Different types of attackers2.3 Database Security2.4 Server-based approach2.5 Data confidentiality requirement2.6 Client-based approach2.7 Data confidentiality problem


12

Definition: Data Confidentiality, Data Privacy Definition: Data Confidentiality, Data Privacy

Data Confidentiality• Ability to share sensitive data among users

while respecting the privileges granted by the data owner to each member

Data Privacy• Data owned by an individual will never be

disclosed to anyone else

2.1


13

AttackersAttackers

Intruder• tries to attack the DB footprint or usurp the identity of a regular

user (or DBA)

Insider• tries to get information exceeding her own access rights

Administrator (SA or DBA)• has enough privileges to tamper the access right definition and

spy the DBMS behavior

Access rights can be bypassedEncryption is required

2.2


14

Database SecurityDatabase Security

User identification & Authentication• login/password, smartcard or biometric

Network encryption• guarantees confidentiality and the integrity of

client/server communication Server-enforced access control and privilege

management

Can we trust server or web-hosting company? Increasing hacking commercial or institutional site.

2.3


15

Server-based approachServer-based approach Server responsible for query

execution, access right management, encryption and decryption of data

Data decrypted on fly by server at query evaluation time• DBA privileges make easier to

change encryption package, get cryptographic keys, modify access rights and even snoop memory to get data while it is decrypted

• Separate DBA (administering the db resources) and SA (administering user privileges, encryption keys and other security issues.

Weakness = decryption occurs on the server

2.4


16

Data Confidentiality RequirementData Confidentiality Requirement

Confidential data must be managed by an auto-administered DBMS to cast off the DBA privileges

DBMS must be hosted by an auto-administered computing system to cast off the system administrator privileges

Computing system must constitute a Secure Operating Environment (SOE) to cast off any Intruder action

2.5


17

Client-based approachClient-based approach

Decryption on the client

• Who owns the keys? Privacy (exclusive access)

• Client manages the keys

• Efficiency is the main concern Confidentiality

• A security mechanism is required on the client side to manage keys and access rights

Weakness = client can tamper the security mechanism

2.6


18

Client-based approach…Client-based approach…

Benefits of using smartcard• secure and cheap

• existing smartcard application dose not require any administration once downloaded on the card

• hardware architecture makes tampering difficult, probably best SOE

• high cost of attack and if tampered only the data of single user is revealed

Problem – lack of extensibility• Dynamic declaration of data and user access rights –user

Weakness = client can tamper the security mechanism

2.6


19

Data Confidentiality ProblemData Confidentiality Problem Confidentiality enforcement

• Data confidentiality must be guaranteed against Intruder & DBA. Server-based solution not suitable – DBA privileges.

Storage capacity• System must not limit the volume nor the cardinality of the DB. Client-

based solution not suitable – whole DB hosted on secured device. Sharing capacity

• Any data, may be shared among multiple authorize user. Client-based solution not suitable – data sharing is not supported.

Query capacity• Any data, may be queried through predicate-based lang. (typically

SQL). This precludes solutions restricted to encrypted backups. Pertinence

• System must guarantee an acceptable response time to each user, must be scalable and must be economically visible to meet requirements of large public applications.

2.7


20

3. C-SDA baseline3. C-SDA baseline

3.1 What is C-SDA ?

3.2 C-SDA Functional Architecture

3.3 Security Breach

3.4 Data Confidentiality Problem – Smartcard


21

What is C-SDA?What is C-SDA?

C-SDA is to insulate data encryption, query evaluation and access right management in SOE

Making the Security mechanism

tamper–resistant

• Access right management hosted by Secure Operating Environment (SOE) (e.g. smartcard)

• Access right defined on views

» Query translation in SOE

» Part of query execution in the SOE

3.1


22

C-SDA Functional ArchitectureC-SDA Functional Architecture

C-SDA is a client based security component acting as an incorruptible mediator between a client and the encrypted database.

This cooperation of hardware and software security allows the orthogonally between access-right management and data encryption to be reestablished.

3.2


23

Security BreachSecurity Breach

Server-based Approach Problem C-SDA solution

Figure 1 Figure 3

1. Data is decrypted by the server at query execution time.

1. Assuming DBMS engine is hosted by smartcard that eliminates the need to decrypt data on the server side.

2. Access rights are enforced by the server and administered by an Untrusted DBA.

2. Assuming DBMS access right manager remain hosted by the smartcard, the DBA or Intruder is no longer able to abuse them.

3.3


24

Question – C-SDA (Figure 3)Question – C-SDA (Figure 3)

Q. Can we assume from the preceding discussion that a server acting as an encrypted repository for a smart card DBMS can integrate the smart card’s sphere of security (i.e. while keeping the level of confidence unchanged)?

A. No. Since the server is not hosted by SOE. Typically, an Intruder may conduct destructive or deny of service attacks on the server. However, privacy and confidentiality are preserved thanks to encryption.


25

Question – C-SDA (Figure 3)…Question – C-SDA (Figure 3)…

Q. Since data flows from the server to the smartcard DBMS is encrypted, can we infer that the communication channel is part of the smartcard’s security?

A. No. communication channel may undergo several forms of attacks. Insider may compare the encrypted data issued from the server with query result that appears in plain text on its terminal.


26

Data Confidentiality Problem – Smart CardData Confidentiality Problem – Smart Card

Confidentiality enforcement• Enforced by the fact that the smart card is a SOE hosting data and

DBMS engine which is self or user administered. Storage capacity

• Limited by smartcard stable storage capacity. Sharing capacity

• Limited by the need to share physically the same card. Query capacity

• Query capacity limited to simple selection in SCQL standard.• PicoDBMS allows powerful query engines supporting selection, join,

grouping and aggregate calculus Pertinence

• Performance – smartcard DBMS is mono-user and works on reduced set of data.

• Scalability – one smartcard per user.• Price – few dollar per smartcard.

3.4


27

4. Query Management4. Query Management

4.1 Smartcard Characteristics

4.2 Query Evaluation Principle


28

Smartcard CharacteristicsSmartcard Characteristics Cheap and highly secured computer

• Powerful 32 bits RISC processor ( 35 MIPS)• Limited communication bandwidth (10 to 100 Kbps)• Tiny RAM, writes EEPROM stable storage very costly

Impact on C-SDA• Internal processing must be done in pipeline• Processing must be pushed down to the server• Data flow must be minimized

ROM – store operating system (96KB)

RAM – manage execution stack (4KB)

EEPROM – store persistent info. (128KB)

I/O – Communication channel (10 – 100 Kbps)

RISC processor – 32 bits (30-40 MIPS)

4.1


29

Smartcard Characteristics..Smartcard Characteristics.. Limitation

• Very limited storage capacity• Communication bandwidth (10 to 100 Kbps)• Very slow write time in EEPROM• Extremely reduced size of RAM

Benefits• High Security level• Powerful CPU with respect to other resources

Future Development• Augmenting the CPU power to increase the speed of cipher

algorithms• Augmenting the capacity of the stable storage• Augmenting the communication bandwidth between chip an

the card-reader

4.1


30

Query Evaluation PrincipleQuery Evaluation Principle Split Query Q into a

composition form

4.2

Server subquery (Qs)• Predicate based equality comparator {=,≠}

Smartcard subquery (Qc)• Inequi-predicates comparator {>,≥,<,≤}

Terminal subquery (Qt)• Confidentiality issues - handle the sort and

distinct operators


31

5. Confidentiality and Encryption5. Confidentiality and Encryption

5.1 Database Encryption

5.2 Sensitive Data

5.3 Access Right Management

5.4 C-SDA: Limitation of Solution


32

Database EncryptionDatabase Encryption Key insulation rule

• encryption keys must remain confined in the smartcard

Sharing rule• encryption must remain orthogonal to access rights

Computation rule• encryption must preserve attribute equality comparisons

Performance rule• encryption must be symmetric and client-based

Multi-key encryption rule• encryption must exploit as much different keys as possible

5.1


33

Sensitive DataSensitive Data Highly sensitive data stored on smartcard (e.g., name,

SSN, birth date, …) Issues

» how to integrate this sensitive data in the query evaluation process?

» how to guarantee its durability?» how to share if it is used by multiple user?

Solution» Group sensitive data in sensitive domains and store indices

referencing these domain values in place of corresponding data in server.

Benefits• Database and sensitive domains are located on two separate

server thereby increasing the complexity of attacks.• Backup copy of the domain dose not need to participate in

query evaluation.

5.2


34

Question – C-SDA (Figure 3)…Question – C-SDA (Figure 3)…

Q. What kind of complexity do you see in enforcing sensitive data durability?

Q. How can we create backup of static or dynamic domain?

A. Static – duplicate on any secure storage device (e.g., backup smartcard)

Dynamic domains – trickier to manage, if they are shared among multiple users. Solution: leave encrypted copy of the domain on a backup server and to synchronize this encrypted backup with the domain copy residing on smartcard at each connection.


35

Access Right ManagementAccess Right Management

Smartcard manages access rights and views• Definitions have to be securely stored in a server accessible

by all smartcards

Q. Who is responsible for granting/revoking access rights?A. Owner of the object inherits this responsibility.

C-SDA – DBA conserves all privileges to administer the database server but has no way to break the data confidentiality, as long as he/she wont have access to the user’s smartcard. Thus C-SDA user is unique holder of his data and can distribute among others.

5.3


36

C-SDA: Limitation of SolutionC-SDA: Limitation of Solution

Q. What do u think is the limitation of this C-SDA solution?

A. 1) Intruder can infiltrate user’s terminal in order to snoop the query results that are presented in plain text or alter query expression sent by the terminal to the smartcard before processing.

2) Intruder or Admin. may try to tamper DB footprint on disk in the hope of decrypting unauthorized data. This can be resolved by adding checksum attribute in each tuple.

5.4


37

6. C-SDA Scenario6. C-SDA Scenario

6.1 Query Execution with C-SDA

6.2a Optimization Issues

6.2b Optimization Issues – GUI (2003)


38

Query Execution with C-SDAQuery Execution with C-SDA

Consider business DB application where Invoice department is willing to bill invoice having a total amount greater than $1000.

Assumed Invoice dept. clerk privilege is restricted to select operation on view Invoice. It prevents an untrusted clerk to access confidential order-lines.

6.1


39

Query Execution with C-SDA…Query Execution with C-SDA…

1. Metadata refreshing

2. Access Right checking and view resolution

3. Query Splitting

4. Qs transmission and execution

5. Qs Result transmission

6. Qc execution

7. Rc delivering and Qt execution

6.1


40

Optimization IssuesOptimization Issues

Performance Problem• Assume only 1% of order

satisfies the selection on date, 99% of Rs are irrelevant, generating bottle-neck on the smartcard input-channel.

Objective• Evaluate inequi-predicate on a

data set smaller than Rs

Solution

6.2a

1) Pre-Process PQs using query splitter to get from server

2) Smartcard computes the content of which is stored on server side

3) Smartcard query splitter adds semi-join predicate to initial query Qs and send it to server for computation


41

Optimization Issues – GUI (2003)Optimization Issues – GUI (2003)

6.2b


42

Future WorkFuture Work

Performance assessment Experiment in the EDI context

• founded by the French ANVAR agency

• extends C-SDA towards XML database

Study the impact of SOE technology on query optimization

7a


43

ConclusionConclusion

Introduction• Encryption, Symmetric, Asymmetric, SSL

Data Confidentiality Problem• Attacker• Server-based Approach• Client-based Approach

How C-SDA solve DCP? C-SDA Query Management Confidentiality and Encryption on sensitive data C-SDA limitation to the solution Query Execution & Optimization Conclude with Future work

7b


44

ReferencesReferences

Luc Bouganim, François Dang Ngoc, Philippe Pucheral, Lilan Wu, "Chip-Secured Data Access: Reconciling Access Rights with Data Encryption". Demo session, VLDB 2003, Berlin

Anciaux N., Bobineau C., Bouganim L., Pucheral P., Valduriez P., 'PicoDBMS: Validation and Experience', Proc. of the 27th International Conference on Very Large Data Bases (VLDB), demo session, Roma, Italy, September 2001.

C. Bobineau, L. Bouganim, P. Pucheral, P. Valduriez : PicoDBMS : Scaling down database techniques for the Smartcard. Int. Conf. on VLDB, Best paper award, Cairo, 2000.

http://www.cardwerk.com/smartcards/ http://www.fist.fr/index.php?wpe=a505 http://electronics.howstuffworks.com/question332.htm

7c


45

Question, comment, concern?Question, comment, concern?

Please feel free to visit www.google.com

Thank you for your time…Thank you for your time…

chip-secured data access: confidential data on untrusted serves

Documents