Query on encrypted data
ESCUDO-CLOUD defines novel client-side encryption techniques enabling clients to remain sovereigns of their data at external cloud providers. The techniques are based on multiple building encryption blocks:
- Order-Preserving encryption
- Client side key management
Above figure illustrates the deployment of these technologies. Multiple users employed by a data owner accessing an application storing data in an encrypted database hosted at a service provider. Each user is equipped with its own master key which grants access to a subset of the data in the database using cryptographic means. Decryption is performed by the JDBC driver. The DBMS is not modified, but can be extended using user-defined functions (UDFs) to speed up certain cryptographic operations.
The innovation delivered by ESCUDO-CLOUD lies especially in the transparent realization of order-preserving encryption for multi-user applications in the cloud. ESCUDO-CLOUD techniques enable multiple parties to jointly evaluate queries over encrypted data residing at a cloud servicer provider.