StealthDB: a Scalable Encrypted Database with Full SQL Query Support

Authors: Dhinakaran Vinayagamurthy (IBM Research India), Alexey Gribov (Symbiont.io), Sergey Gorbunov (University of Waterloo and Algorand)

Volume: 2019
Issue: 3
Pages: 370–388
DOI: https://doi.org/10.2478/popets-2019-0052

Download PDF

Abstract: Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either specialpurpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms (e.g., public-key encryptions, garbled circuits) usually result in high performance overheads, while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around the architectural limitations of the specific devices used. In this work we build StealthDB – an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large transactional workloads, requires minor DBMS changes, and provides a relatively strong security guarantees at steady state and during query execution. Our prototype on top of Postgres supports the full TPC-C benchmark with a 30% decrease in the average throughput over an unmodified version of Postgres operating on a 2GB unencrypted dataset.

Keywords: Encrypted databases, Intel SGX

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.