IACR News item: 12 October 2015
Raluca Ada Popa, Nickolai Zeldovich, Hari Balakrishnan
ePrint Report
This report has two goals. First, we review guidelines for using the CryptDB system [PRZB11, Pop14] securely by the administrators of database applications. These guidelines were already described in [PRZB11] and elaborated on in [Pop14], but in light of some recent work [NKW15] that applied these guidelines incorrectly, a short document devoted to summarizing these guidelines may be useful.
Second, we explain that the recent study of Naveed, Kamara, and Wright [NKW15] represents an unsafe usage of CryptDB, in which the authors violate CryptDB\'s security guidelines. Hence, the conclusions drawn in that paper regarding CryptDB are both unfounded and incorrect: had the guidelines been followed, none of the claimed attacks would have been possible.
Additional news items may be found on the IACR news page.