Posted by Allison Linn

Microsoft researcher Seny Kamara

A Microsoft researcher and his academic colleagues have figured out a way to obtain personal information from certain encrypted databases even when the databases are being protected by a promising security method.

Seny Kamara, a researcher in Microsoft's cryptography group, worked with colleagues from the University of Illinois and Portland State University to show how the encrypted database system, called CryptDB, could be undermined to reveal information in electronic medical records when the data is being used in certain ways.

The researchers are hoping the discovery will help businesses and organizations that handle sensitive information, such as electronic medical records, to understand what security precautions they should take into account even if they are using some of the latest encryption methods.

The data is at its most vulnerable when it is being accessed, so Kamara said it's also important to find the right balance between how much functionality organizations want to analyze and manipulate such data, versus how much protection they need.

"People who are excited about this type of encrypted database system aren't always aware of the tradeoffs," Kamara said.

A better security understanding

Database security researchers say Kamara's research is important because it gives experts a more formal understanding of the scenarios that could be affected, and it will help drive improvements that keep security defenders ahead of bad actors.

"Security, throughout history, has been an arms race," said Ken Eguro, a Microsoft researcher who is part of a team building database encryption tools.

Eguro is working on a long-term and broad-based database encryption project whose first iteration included one of the modes of operation supported by CryptDB. He noted that this type of security work, which encrypts data while still allowing operations on the data, is still in its early stages and improvements are coming quickly. Already, the research group he is part of is working on a next-generation system that adds more security measures in part by incorporating more secure hardware.

Bala Neerumalla, a principal software engineer with Microsoft's SQL Server division, said Kamara's research is valuable because it gives database customers a better understanding of the security precautions they need to consider, especially if they are charged with handling very sensitive data such as electronic medical records.

He also noted that Microsoft is one of the few organizations that is working on database functionality and security from multiple angles, both in the company's product groups and in its research labs.

"This work complements the work that we are doing in the product teams," Neerumalla said.

Kamara said the research also offers a good reminder that even when data is encrypted, businesses and other organizations need to be vigilant about other security safeguards, such as protecting passwords and data centers, and installing security software on users' computers.

"You need to make it harder to get the data," Kamara said.

Auxiliary information

The researchers used electronic medical records from U.S. hospitals for their study. They found that when the encrypted data was being used, it was possible to get sensitive information, including patients' ages, disease severity and mortality risk, for many patients.

The researchers were able to figure out the personal information in part by using publicly available data, called auxiliary information, that attackers can correlate to the databases they are trying to break into. Attackers could use this kind of data, such as Census records, real estate transactions or previous versions of the same database, to crack the code on protected data and gather valuable and sensitive information.

'We have to provide the security'

Kamara's research comes as more companies and individuals want to use these types of databases to store, share and analyze information. That's because businesses and other organizations want the convenience of sharing information electronically and also value the benefits that come from sophisticated analysis of the data.

"There is a need for people to work on encrypted databases," Neerumalla said, "and there is definitely demand for data security."

Kamara said the security of these systems is constantly improving. In the last few months alone, he said, Microsoft Research's cryptography group has made great strides in understanding how to protect sensitive databases even when they are being used.

Even as a cryptographer, Kamara also noted that he allows some of his own medical and financial information to be stored electronically, and he uses cloud-based systems for things like keeping digital pictures of his family. These types of tools are convenient and necessary.

"Realistically, we can't blame people and we can't expect them not to use these tools," he said. "We have to provide the security."

A paper on the researchers' findings will be presented at the ACM Conference on Computer and Communications Security in October.


Allison Linn is a senior writer at Microsoft Research. Follow Allison on Twitter.