This is a summary of the paper “DBMask: Fine-Grained Access Control on Encrypted Relational Databases” by Nabeel et al. (CODASPY 2015). All the information is based on my understanding of the paper and may contain inaccuracies.
DBMask is a system inspired by CryptDB that offers fine-grained access control and SQL query evaluation over encrypted data.
The system’s architecture is similar to CryptDB’s and uses a proxy to parse the queries from the users. The access control is enforced by attribute-based encryption and broadcast key management: Users have attributes that should satisfy data items’ policies in order to be granted access.
The query execution flow is as follows:
- The data owner identifies the groups of users based on their access to the data items.
- Users register themselves with the data owner and receive shares of the secret keys for the encrypted data. Only valid users are able to receive the secrets.
- The data is encrypted and each column is expanded into at least two: one for fine-grained access and the other for comparisons using ciphertext.
- Users write plaintext SQL queries and send to the proxy, which rewrites the queries in a secure way and send them to the cloud server.
- The server evaluates the queries over the encrypted data and return the encrypted results to the proxy.
- The proxy apply additional filtering (which might not have been possible to evaluate over on the server), decrypts the results and sends to the user.
The evaluation uses the TCP-C workload, and a loss of throughput of about 30% is reported. A comparison with CryptDB yields modest improvements in performance. In terms of storage overhead, there is an increase of 3.2 times compared to using plaintext data.
This work proposes a fine-grained access control model that can support cell-level granularity. The access control policies use attribute-based group key management and support common user dynamics (e.g., addition or revoking users) with little impact on the system, except for the group to which the group belong. In addition, this scheme avoids re-keying and thus does not require the re-encryption of the data.
The gains in term of performance related to CryptDB are not so expressive. Additionally, there is no comparison with MONOMI, which improves CryptDB’s functionality and performance.
Some limitations of CryptDB are also present in this work, most notably the use of a proxy to parse queries and decrypt results. Both approaches can leak data of logged in users in case of an attack to the proxy.
I prepared a presentation with more details about this work, and made it available at SlideShare: