MS researchers claim to crack encrypted database with old simple trick

Ars Technica 2015-09-04

A team of Microsoft researchers led by Seny Kamara claims to have been successful at recovering a substantial amount of data from health records stored in CryptDB, a database technology that uses layers of encryption to allow users to search through encrypted data without exposing its contents.

CryptDB was originally developed at MIT. It functions as an addition to a standard, unmodified SQL database and is intended to allow applications to interact with encrypted data using Structured Query Language. By using layers of encryption, CryptDB can allow certain properties of data to be revealed to applications processing the queries while keeping the data itself protected. In theory, the encryption prevents the database administrator (or anyone who attacks the database by gaining trusted access) from being able to view the contents of the database. Data from different users is encrypted with different keys.

CryptDB has been used with the open-source MySQL and PostgreSQL databases, and Google uses it to provide an encrypted version of its BigQuery cloud database. SAP and other large database vendors are looking to apply the technology to their own databases as well. And the federally funded MIT Lincoln Laboratory (PDF) has worked with CryptDB as an additional interface to the Apache Accumulo NoSQL database—the same database originally developed by the National Security Agency to store NSA's multi-level security "big data."

Read 6 remaining paragraphs | Comments