Full Encryption: An end to end encryption mechanism in GaussDB

Authors:

Liang Guo (Huawei Technologies Co., Ltd.), jinwei zhu (Huawei Technologies Co., Ltd.), jiayang liu (Huawei Technologies Co., Ltd.), kun cheng (Huawei Technologies Co., Ltd.)

Download PDF

Abstract

In this paper, we present a novel mechanism called Full Encryption (FE) in GaussDB. FE-in-GaussDB provides column-level encryption for sensitive data, and secures the asset from any malicious cloud administrator or information leakage attack. It ensures not only the security of operations on ciphertext data, but also the efficiency of query execution, by combining the advantages of cryptography algorithms (i.e. software mode) and Trusted Execution Enviroment (i.e. hardware mode). With this, FE-in-GaussDB supports full-scene query processing including the matching, the comparison and other rich computing functionalities. We demonstrate the prototype of FE-in-GaussDB and an experimental performance evaluation to prove its availability and effectiveness.

PVLDB is part of the VLDB Endowment Inc.

Start

Current Submission

All Volumes

Reproducibility

General Information

Volume 14, No. 12

Full Encryption: An end to end encryption mechanism in GaussDB

Abstract