Section: New Results

Databases and Cryptography

Participants : Nicolas Anciaux, Luc Bouganim, Yanli Guo, Philippe Pucheral.

We have initiated this year a cooperation with members of the SECRET project-team which focuses on the use of cryptographic techniques for ensuring the confidentiality and integrity of data stored in databases. Using cryptographic techniques "as-is" to provide the aforementioned guarantees has a large negative impact on the database size (e.g., a 20 bytes MAC is added to each encrypted attribute value in Oracle 11g TDE to ensure data authenticity) and on the database performance, thus motivating many on-going research on that topic. In a first step, we have made an exaustive study of the state of the art which reveals that many techniques devised are simply unsecure [22] [27] . This work naturally fits our new orientation on personal data servers (See Section 6.1 ) where we need to protect both the embedded database and the data which are stored on untrusted servers.