[liberationtech] MIT Software Allows Queries On Encrypted Databases
Michael Rogers
m-- at gmx.com
Tue Dec 20 01:28:38 PST 2011
On 20/12/11 07:26, Yosem Companys wrote:
> Sparrowvsrevolution writes/"CryptDB, a piece of database software that
> MIT researchers presented at the Symposium on Operating System
> Principles in October, allows users to send queries to an encrypted SQL
> database and get results without decrypting the stored information
Fascinating stuff. If we think of this as analogous to PGP, ie it
encrypts the data but doesn't conceal who's sending or receiving it,
then could the DBA perform something analogous to traffic analysis?
For example, if the database stores a social networking site, Alice will
look up database rows corresponding to her friends, and Bob will look up
rows corresponding to his friends. If there's a row they both look up,
the DBA can infer that they have a mutual friend.
So would it be possible to imagine a system analogous to Tor that would
conceal who was performing the queries, as well as the content of the
queries?
Cheers,
Michael
More information about the liberationtech
mailing list