IACR News item: 11 February 2015
İhsan Haluk AKIN, Berk Sunar
ePrint Reportmiddleware to protect databases deployed on semi-honest
cloud servers. While CryptDB provides sufficient protection
under Threat-1, here we demonstrate that when CryptDB is
deployed to secure the cloud hosted database of a realistic web
application, an attacker to database or a Malicious Database
Administrator (mDBA) can easily steal information, and even
escalate his privilege to become the administrator of the
web application. Our attacks, fall under a restricted form
of Threat-2 where we only assume that the attackers or the
mDBA tampers with the CryptDB protected database and is
opens an ordinary user account through the web application.
Our attacks, are carried out assuming perfectly secure proxy
and application servers. Therefore, the attacks work without
recovering the master key residing on the proxy server. At
the root of the attack lies the lack of any integrity checks
for the data in the CryptDB database. We propose a number
of practical countermeasures to mitigate attacks targeting the
integrity of the CryptDB database. We also demonstrate that
the data integrity is not sufficient to protect the databases,
when query integrity and frequency attacks are considered.
Additional news items may be found on the IACR news page.