[Resource Topic] 2017/468: Why Your Encrypted Database Is Not Secure

Welcome to the resource topic for 2017/468

Why Your Encrypted Database Is Not Secure

Authors: Paul Grubbs, Thomas Ristenpart, Vitaly Shmatikov


Encrypted databases, a popular approach to protecting data from compromised database management systems (DBMS’s), use abstract threat models that capture neither realistic databases, nor realistic attack scenarios. In particular, the “snapshot attacker” model used to support the security claims for many encrypted databases does not reflect the information about past queries available in any snapshot attack on an actual DBMS. We demonstrate how this gap between theory and reality causes encrypted databases to fail to achieve their “provable security” guarantees.

ePrint: https://eprint.iacr.org/2017/468

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .