Query on encrypted data

ESCUDO-CLOUD defines novel client-side encryption techniques enabling clients to remain sovereigns of their data at external cloud providers. The techniques are based on multiple building encryption blocks:

  • Order-Preserving encryption
  • Client side key management


Above figure illustrates the deployment of these technologies. Multiple users employed by a data owner accessing an application storing data in an encrypted database hosted at a service provider. Each user is equipped with its own master key which grants access to a subset of the data in the database using cryptographic means. Decryption is performed by the JDBC driver. The DBMS is not modified, but can be extended using user-defined functions (UDFs) to speed up certain cryptographic operations.

The innovation delivered by ESCUDO-CLOUD lies especially in the transparent realization of order-preserving encryption for multi-user applications in the cloud. ESCUDO-CLOUD techniques enable multiple parties to jointly evaluate queries over encrypted data residing at a cloud servicer provider.