MASTERÂ Assignment
Protecting against internal attackers with hardware-aided proxy re-encryption
Type : Master M-Cs
Period: Jan, 2023 - July, 2023
Student : Brattinga, M. (Martijn, Student M-CS)
Date Final project: July 18, 2023
Supervisors:
Abstract:
This research proposes an architecture that eliminates sensitive plaintext data at a trusted service provider. This architecture reduces the impact of data breaches, as they do not involve plaintext data. A typical use-case for the proposed architecture is a service provider which allows authorized third parties to request data from and insert data into a database via an API. The service provider is in control of the data and can use regular SQL functionality on encrypted data, while no plaintext is present on both the API application server and the database server. An Intel SGX trusted execution environment extends the Microsoft Always Encrypted cryptography by re-encrypting sensitive data towards third parties. Results shows that the additional security eliminates plaintext leakage at the price of an acceptable performance impact, demonstrating the feasibility and potential of the proposed architecture in practice.