Transaction Processing on Confidential Data Using Cipherbase

MSR-TR-2014-106 |

Cipherbase is a comprehensive database system that provides strong end-to-end data confidentiality through encryption. Cipherbase is based on a novel architecture that combines an industrial strength database engine (SQL Server) with lightweight processing over encrypted data that is performed in secure hardware. Cipherbase has the smallest trusted computing base (TCB) among comparable systems and provides significant benefits over the state-of-the-art in terms of security, performance, and functionality.

This paper presents a prototype of Cipherbase that uses FPGAs to provide secure processing and describes the system engineering details implemented to achieve competitive performance for transactional workloads. This includes hardware-software co-design issues (e.g. how to best offer parallelism), optimizations to hide the latency between the secure hardware and the main system, and techniques to cope with space inefficiencies. All of these optimizations were carefully designed not to affect end-to-end data confidentiality. Our experiments with TPC-C show that when customer data is strongly encrypted in Cipherbase, it can provide 90% the throughput of SQL Server operating over unencrypted data. Even when all data is strongly encrypted, Cipherbase achieves 40% the throughput of plaintext SQL Server.