Confidentiality and Tamper--Resistance of Embedded Databases Yanli Guo To cite this version: Yanli Guo. Confidentiality and Tamper--Resistance of Embedded Databases. Databases [cs.DB]. Université de Versailles Saint Quentin en Yvelines, 2011. English. tel-01179190 HAL Id: tel-01179190 https://hal.archives-ouvertes.fr/tel-01179190 Submitted on 21 Jul 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UNIVERSITE DE VERSAILLES SAINT-QUENTIN-EN-YVELINES Ecole Doctorale Sciences et Technologies de Versailles - STV Laboratoire PRiSM UMR CNRS 8144 THESE DE DOCTORAT DE L’UNIVERSITE DE VERSAILLES SAINT–QUENTIN–EN–YVELINES présentée par : Yanli GUO Pour obtenir le grade de Docteur de l’Université de Versailles Saint-Quentin-en-Yvelines CONFIDENTIALITE ET INTEGRITE DE BASES DE DONNEES EMBARQUEES (Confidentiality and Tamper-Resistance of Embedded Databases) Soutenue le 6 décembre 2011 ________ Rapporteurs : Didier DONSEZ, Professeur, Université Joseph Fourier, Grenoble PatriCk VALDURIEZ, Directeur de recherche, INRIA, Sophia Antipolis Examinateurs : NiColas ANCIAUX, Chargé de recherche, INRIA–Paris Rocquencourt, Co-encadrant de thèse Luc BOUGANIM, Directeur de recherche, INRIA–Paris Rocquencourt, Directeur de thèse Anne CANTEAUT, Directeur de recherche, INRIA–Paris Rocquencourt Stéphane GANCARSKI, Maître de Conférences, LIP6 – UPMC, Paris Philippe PUCHERAL, Professeur, Université de Versailles Saint-Quentin PatriCia SERRANO-ALVARADO, Maître de Conférences, Université de Nantes 1 2 Table of Content List of Figures ........................................................................................................... 5 List of Tables ............................................................................................................. 6 Abstract ..................................................................................................................... 7 Résumé en Français .................................................................................................. 9 Acknowledgement ................................................................................................... 11 Chapter 1 Introduction .......................................................................................... 14 1 Context of the study: the PDS environment .................................................. 15 2 Objectives: providing security for PDS data and communication ................. 16 3 Challenges ...................................................................................................... 17 4 Contributions ................................................................................................. 19 5 Outline ........................................................................................................... 20 Chapter 2 Cryptography Background .................................................................. 22 1 Symmetric Key Cryptography ....................................................................... 22 1.1 Introduction ............................................................................................. 22 1.2 Stream Cipher vs. Block Cipher ............................................................. 23 1.3 Modes of Operation for Block Ciphers .................................................. 25 2 Public Key Cryptography .............................................................................. 28 2.1 Introduction ............................................................................................. 28 2.2 Diffie-Hellman Key Exchange ............................................................... 29 2.3 Onion Routing ........................................................................................ 30 3 Authentication and Integrity .......................................................................... 32 3.1 Introduction ............................................................................................. 32 3.2 Cryptographic Hash Functions ............................................................... 32 3.3 Message Authentication Code ................................................................ 33 3.4 Authenticated Encryption Algorithms .................................................... 34 Chapter 3 Database Encryption and State-of-the-Art ........................................ 36 1 Database Encryption ...................................................................................... 37 1.1 Encryption Levels ................................................................................... 37 1.2 Encryption Algorithms and Modes of Operation ................................... 39 1.3 Key Management .................................................................................... 40 1.4 Crypto-Protection in DBMS products .................................................... 41 1.5 Crypto-Protection Strategies using HSM ............................................... 42 2 State-of-the-Art .............................................................................................. 44 2.1 Indexing Encrypted Data ........................................................................ 44 2.2 Encryption Scheme ................................................................................. 48 2.3 Database Integrity ................................................................................... 50 Chapter 4 PDS Architecture and Embedded Data Management ..................... 54 1 Motivating Examples ..................................................................................... 54 1.1 Healthcare Scenario ................................................................................ 54 1.2 Vehicle Tracking Scenario ...................................................................... 55 1.3 BestLoan.com & BudgetOptim Scenarios .............................................. 55 2 The PDS approach ......................................................................................... 56 3 PDS Global Architecture ............................................................................... 58 3 3.1 Problem Statement .................................................................................. 58 3.2 Personal Database ................................................................................... 60 3.3 Applications ............................................................................................ 61 3.4 Embedded Software Architecture ........................................................... 62 3.5 User Control ............................................................................................ 63 3.6 Supporting Server ................................................................................... 64 4 Embedded Database Design .......................................................................... 64 4.1 Design Guidelines ................................................................................... 64 4.2 Database Serialization and Stratification ................................................ 66 4.3 Indexing Techniques ............................................................................... 70 4.4 Query Processing .................................................................................... 74 5 Conclusion ..................................................................................................... 78 Chapter 5 Cryptography Protection in PDS ....................................................... 80 1 Introduction .................................................................................................... 80 2 Crypto-Protection for Embedded Data .......................................................... 82 2.1 Data Structures and Access Patterns ....................................................... 82 2.2 Crypto-Protection Building Blocks ........................................................ 84 2.3 Instantiating the building blocks in the PDS case ................................... 94 3 Secure Communication Protocols ................................................................ 100 3.1 Introduction ........................................................................................... 100 3.2 Message Format .................................................................................... 101 3.3 Protocol for Exchanging Messages ....................................................... 102 3.4 Protocols for Deletion ........................................................................... 104 4 Conclusion ................................................................................................... 106 Chapter 6 Performance Evaluation ................................................................... 108 1 Experimental Environment .......................................................................... 108 1.1 Hardware Platform ................................................................................ 108 1.2 DBMS Settings ..................................................................................... 109 2 Performance