International Association
for Cryptologic Research

CryptDB has been proposed as a practical and secure

middleware to protect databases deployed on semi-honest

cloud servers. While CryptDB provides sufficient protection

under Threat-1, here we demonstrate that when CryptDB is

deployed to secure the cloud hosted database of a realistic web

application, an attacker to database or a Malicious Database

Administrator (mDBA) can easily steal information, and even

escalate his privilege to become the administrator of the

web application. Our attacks, fall under a restricted form

of Threat-2 where we only assume that the attackers or the

mDBA tampers with the CryptDB protected database and is

opens an ordinary user account through the web application.

Our attacks, are carried out assuming perfectly secure proxy

and application servers. Therefore, the attacks work without

recovering the master key residing on the proxy server. At

the root of the attack lies the lack of any integrity checks

for the data in the CryptDB database. We propose a number

of practical countermeasures to mitigate attacks targeting the

integrity of the CryptDB database. We also demonstrate that

the data integrity is not sufficient to protect the databases,

when query integrity and frequency attacks are considered.