Processing Analytical Queries over Encrypted Data

Author(s)

Tu, Stephen Lyle; Kaashoek, M. Frans; Madden, Samuel R.; Zeldovich, Nickolai

Abstract

MONOMI is a system for securely executing analytical workloads over sensitive data on an untrusted database server. MONOMI works by encrypting the entire database and running queries over the encrypted data. MONOMI introduces split client/server query execution, which can execute arbitrarily complex queries over encrypted data, as well as several techniques that improve performance for such workloads, including per-row precomputation, space-efficient encryption, grouped homomorphic addition, and pre-filtering. Since these optimizations are good for some queries but not others, MONOMI introduces a designer for choosing an efficient physical design at the server for a given workload, and a planner to choose an efficient execution plan for a given query at runtime. A prototype of MONOMI running on top of Postgres can execute most of the queries from the TPC-H benchmark with a median overhead of only 1.24× (ranging from 1.03×to 2.33×) compared to an un-encrypted Postgres database where a compromised server would reveal all data.

Date issued

2013-08

URI

http://hdl.handle.net/1721.1/87023

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 39th international conference on Very Large Data Bases (PVLDB '13)

Publisher

Association for Computing Machinery (ACM)

Citation

Stephen Tu, M. Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich. 2013. Processing analytical queries over encrypted data. In Proceedings of the 39th international conference on Very Large Data Bases (PVLDB'13), Michael Böhlen and Christoph Koch (Eds.). VLDB Endowment 289-300.

Version: Author's final manuscript

ISSN

2150-8097