| With advances in mobile computing, web technologies, and powerful laptops, databases with sensitive data can be physically retrieved by malicious users who can employ techniques that were not previously thought of, such as disk scans, compromising the data by bypassing the database management system software or database user authentication processes. Or, when databases are provided as a service, the service providers may not be trustworthy. A way to prevent, delay, limit, or contain the compromise of the protected data in a database from such outsider or insider threats is to encrypt the data and the database schema, and yet allow queries and transactions over the encrypted data without decrypting data.; In this thesis, we propose the use of anti-tamper databases, where (a) the database contents are encrypted a priori for security in a way to allow efficient query processing directly on the encrypted database, and (b) for SQL queries expressible in relational algebra, there is no extra query processing cost except for the decryption of the final query output.; We investigate the capabilities and limitations of encrypting the database in relational databases, and yet allowing, to the extent possible, efficient SQL querying of the encrypted database. We concentrate on integer-valued attributes, and investigate a family of open-form and closed-form homomorphism encryption/decryption functions, the associated query transformation problems, inference control issues, and how to handle overflow and precision errors in computing systems.; Furthermore, we quantify the additional costs incurred when executing aggregate nested SQL queries over encrypted relational databases. We present the query execution strategies, derive cost formulas, and analyze detailed experimental results for such queries. We observe the crossover points as to when processing a query over an encrypted database is still more advantageous than shipping it over the Internet to a server housing with the original, nonencrypted database, evaluating it and returning the query output to the user. We conclude that anti-tamper databases approach is feasible and effective to protect data privacy in a relational database against insider and outsider threats in the current web-based and mobile computing environments. |
