Secure Data Migration Service

Authors: 
Andreas Fischer (SAP), Benny Fuhry (SAP)

The second primitive chosen to illustrate the results obtained along TREDISEC project in our corporate blog is Secure Data Migration service.

Our Secure Data Migration Service allows companies to securely outsource databases such as those used by enterprise resource planning software into the cloud. All sensitive data is stored encrypted in the cloud and all keying material for decryption is kept solely at the company. Despite encryption, our solution preserves the ability to execute arbitrary database queries.

Previous work focussed on how to store and query encrypted data in a relational database. For example, in adjustable encryption [0], every plaintext data column is encrypted multiple times in so called onions, whereby each onion consists of one or many encryption layers. Depending on the functionality required, the corresponding layer is exposed to the database server. We provide an important step which was previously missing: fast, scalable and efficient initial encryption of legacy data. Without this step, companies cannot transform to secure companies.

In this diagram we can see how our solution has been depicted.

Our data provisioning process is depicted in the diagram. In the Sensitivity Selection step, the data owner reviews its on-premise data and selects the sensitivity for each data column. The SQL Preparation step utilizes either historic or expected future SQL statements to calculate the best possible execution strategy. It is important to transfer as little data as possible to save network bandwidth and processing time. To this end, we perform an SQL query optimization by rearranging SQLs to achieve low transfer overhead while preserving the semantics of the original query. The Hot State Analysis step optimizes the initial encryption by removing encryption onions and layers if possible based on pre-recorded SQL statements. The Storage Optimization is step 4 and optimizes the storage space required at the cloud provider. We assume that the cloud provider uses a column-store database with dictionary compression and reduce probabilistic encryption to deterministic encryption where possible without losing security. The fifth step concludes the provisioning process by encrypting the legacy data in a Hadoop Cluster and transferring it into its new location at the cloud provider. This step uses the onion structures produced by the previous steps.

Our solution can be used by companies to securely outsource the database of their enterprise resource planning software into the cloud. It is secure, because the confidentiality of all sensitive data items is preserved via means of encryption and all keying material is kept locally at the company where it is not accessible by the cloud provider.

Keywords: Privacy-Preserving Data Outsourcing, Storage Efficiency