Databases Reference
In-Depth Information
The main performance constraint we are interested in is
maintaining the
benefits of outsourcing
. In particular, for a majority of considered operations,
if they are more ecient (than client processing) in the unsecured data out-
sourcing model - then they should still be more ecient in its secured version.
We believe this constraint is essential, as it is important to identify solutions
that validate in real life.
We note the existence of a large number of apparently more elegant cryp-
tographic primitives that could be deployed that would fail this constraint.
In particular, experimental results indicate that often, individual data-item
operations on the server should
not
involve any expensive modular arithmetic
such as exponentiation or multiplication. We believe it is imperative to resist
the (largely impractical) trend to use homomorphisms in server side opera-
tions unless absolutely necessary - as this often simplifies protocols in theory
but fails in practice due to extremely poor performance, beyond usability.
Throughout this chapter we reference active secure hardware such as the
IBM 4758 PCI [18] and the newer IBM 4764 PCI-X [19] cryptographic co-
processors [21]. The benefits of deploying such hardware in un-trusted remote
data processing contexts can be substantial, because the server can now run
important parts of the secure client logic. Additionally, the secure hardware's
proximity to the data will reduce communication overheads. Practical limita-
tions of such devices however, make this a non-trivial task. To explain this,
we briefly survey the processors.
The 4764 is a PowerPC - based board and runs embedded Linux. The 4758
is based on a Intel 486 architecture and is preloaded with a compact runtime
environment that allows the loading of arbitrary external certified code. The
CPUs can be custom programmed. Moreover, they (4758 models 2 and 23 and
4764 model 1) are compatible with the IBM Common Cryptographic Architec-
ture (CCA) API [20]. The CCA implements common cryptographic services
such as random number generation, key management, digital signatures, and
encryption (DES/3DES,RSA). Both processors feature tamper resistant and
responsive designs [56]. In the eventuality of illicit physical handling, the de-
vices will simply destroy their internal state (in a process powered by internal
long-term batteries) and then shutdown. Tamper resistant designs however,
face major challenges in heat dissipation. This is one of the main reasons why
secure coprocessors are significantly constrained in both computation ability
and memory (main heat producer) capacity, often being orders of magnitude
slower that the main CPUs in their host systems. For example, at the higher
end, the 4758s feature 100Mhz CPUs and 8MB+ of RAM.
These constraints require careful consideration in achieving ecient pro-
tocols. Simplistic implementations of query processors
inside
the SCPU are
bound to fail in practice simply due to lack of performance. The host CPUs
will remain starkly underutilized and the entire cost-proposition of having fast
(unsecured) main CPUs and an expensive and slow secured CPU will be de-
feated. Ecient designs are likely to access the secure hardware just sparsely,
in critical portions, not synchronized with the main data flow. Therefore we
