FPGA-Accelerated Searchable Encrypted Database Management Systems for Cloud Services

Mitsuhiro Okada,Hasitha Muthumala Waidyasooriya,Masanori Hariyama,Naoya Nishio,Takayuki Suzuki

doi:10.1109/tcc.2020.2969655

Mitsuhiro Okada, Hasitha Muthumala Waidyasooriya + Show 3 more

Open Access

https://doi.org/10.1109/tcc.2020.2969655

Copy DOI

Abstract

The use of database management systems (DBMSs) as a cloud service is rapidly expanding. Cloud DBMSs offer many advantages, such as easier management, lower costs, and greater scalability. However, there are still security concerns regarding attacks from adversaries. DBMSs that use searchable encryption have been investigated with regard to ensuring their security. Because searchable encryption allows query execution over encrypted data in the cloud, sensitive data can be securely stored there in the cloud. On the other hand, encrypted query processing is slower than query processing on plaintext data. In this article, we use a field-programmable gate array (FPGA) to accelerate query processing in a searchable encrypted DBMS. We also propose a new cache function to shorten the access time to database tables in a DBMS. According to an evaluation using basic queries, the proposed system has achieved up to 110.7 times speed-up compared with the central processing unit (CPU) processing of a single core. In addition, the proposed system can process queries faster than the plaintext processing on a CPU when processing large amounts of data.

Highlights

T HE use of database management systems (DBMSs) as a cloud service is rapidly expanding
We assessed the effectiveness of our field-programmable gate array (FPGA) accelerator by implementing an application server and a DBMS server in a single machine
The word search table used for word search and the order table of credit scores used for order operations are stored as tables separated from the personal information table

Summary

Introduction

T HE use of database management systems (DBMSs) as a cloud service is rapidly expanding. One means of protecting sensitive data from adversaries is to encrypt data on the client side using encryption functions provided by a DBMS [4], [5]. In this approach, a DBMS can execute only equality queries because the data stored on the DBMS server is encrypted with a deterministic algorithm on the client side. If a user requests other query types, all encrypted data must be decrypted on the client side after being downloaded from the cloud. This extra process undermines the convenience and efficiency of cloud services

Results

Discussion

Conclusion