Back and Forth Discussion on Attacking CryptDB
Researchers are presenting a paper at the October ACM CCCS that details how they found a design flaw in CryptDB. CryptDB is a database that uses encryption to protect sensitive data and what's unique is the systems allows for sql queries against the encrypted data. The MS researchers found that the system was susceptible to statistical analysis and the original authors defended CryptDB by stating that the researchers were using CryptDB wrong; in a way that was not realistic. The attack researchers response was that they used CryptDB in a away shown in the original paper and if they had done the changes suggested, the system wouldn't be able to run any SQL queries. The set of articles are fun in a science of security approach as they show the ongoing back and worth on researchers on a technology
- Original Paper from 2011: http://people.csail.mit.edu/nickolai/papers/raluca-cryptdb.pdf
- Paper on the Attack: http://research.microsoft.com/en-us/um/people/senyk/pubs/edb.pdf
- Rebuttal to the Attack Paper: http://www.forbes.com/sites/thomasbrewster/2015/09/03/microsoft-dumb-attacks-cracks-next-gen-cryptography/
- The blog entry detailing the response to the rebuttal: http://outsourcedbits.org/2015/09/07/attacking-encrypted-database-systems/