Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

BlindexTEE: A Blind Index Approach towards TEE-supported End-to-end Encrypted DBMS

Louis Vialar, Jämes Ménétrey, Valerio Schiavoni, Pascal Felber

TL;DR

BlindexTEE is a new component that sits between the application business-logic and the database, in charge of end-to-end encryption of user data while preserving the ability of the DBMS to efficiently filter data.

Abstract

Using cloud-based applications comes with privacy implications, as the end-user looses control over their data. While encrypting all data on the client is possible, it largely reduces the usefulness of database management systems (DBMS) that are typically built to efficiently query large quantities of data. We present BlindexTEE, a new component that sits between the application business-logic and the database. BlindexTEE is shielded from malicious users or compromised environments by executing inside an SEV-SNP confidential VM, AMD's trusted execution environment (TEE). BlindexTEE is in charge of end-to-end encryption of user data while preserving the ability of the DBMS to efficiently filter data. By decrypting and re-encrypting data, it builds blind indices, used later on to efficiently query the DBMS. We demonstrate the practicality of BlindexTEE with MySQL in several micro- and macro-benchmarks, achieving overheads between 36.1% and 462% over direct database access depending on the usage scenario.

BlindexTEE: A Blind Index Approach towards TEE-supported End-to-end Encrypted DBMS

TL;DR

BlindexTEE is a new component that sits between the application business-logic and the database, in charge of end-to-end encryption of user data while preserving the ability of the DBMS to efficiently filter data.

Abstract

Using cloud-based applications comes with privacy implications, as the end-user looses control over their data. While encrypting all data on the client is possible, it largely reduces the usefulness of database management systems (DBMS) that are typically built to efficiently query large quantities of data. We present BlindexTEE, a new component that sits between the application business-logic and the database. BlindexTEE is shielded from malicious users or compromised environments by executing inside an SEV-SNP confidential VM, AMD's trusted execution environment (TEE). BlindexTEE is in charge of end-to-end encryption of user data while preserving the ability of the DBMS to efficiently filter data. By decrypting and re-encrypting data, it builds blind indices, used later on to efficiently query the DBMS. We demonstrate the practicality of BlindexTEE with MySQL in several micro- and macro-benchmarks, achieving overheads between 36.1% and 462% over direct database access depending on the usage scenario.

Paper Structure

This paper contains 28 sections, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. System Model
  4. The BlindexTEE Database Proxy
  5. Design goals.
  6. (a) End-to-end data security:
  7. (b) Ease of implementation:
  8. (c) Efficient use of the DBMS capabilities:
  9. Overview.
  10. Establishing a trusted secure channel.
  11. Obtaining long-term keys.
  12. Registration.
  13. Login.
  14. Persistent storage and blind indices.
  15. Encrypting confidential columns.
  16. ...and 13 more sections

Figures (5)

  • Figure 1: Architecture of BlindexTEE. Dashed arrows denote data encrypted using a session key, the full arrow denotes data encrypted using a long-term key.
  • Figure 2: Exchange of packets during session establishment
  • Figure 3: Results of end-to-end performance test
  • Figure 4: End-to-end test results in various plaintext data sizes (expressed in bytes)
  • Figure 5: Results of our micro-benchmarks