University of Twente Student Theses


Protecting against internal attackers with hardware-aided proxy re-encryption

Brattinga, M. (2023) Protecting against internal attackers with hardware-aided proxy re-encryption.

[img] PDF
Abstract:This research proposes an architecture that eliminates sensitive plaintext data at a trusted service provider. This architecture reduces the impact of data breaches, as they do not involve plaintext data. A typical use-case for the proposed architecture is a service provider which allows authorized third parties to request data from and insert data into a database via an API. The service provider is in control of the data and can use regular SQL functionality on encrypted data, while no plaintext is present on both the API application server and the database server. An Intel SGX trusted execution environment extends the Microsoft Always Encrypted cryptography by re-encrypting sensitive data towards third parties. Results shows that the additional security eliminates plaintext leakage at the price of an acceptable performance impact, demonstrating the feasibility and potential of the proposed architecture in practice.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page