Why Your Encrypted Database Isn't Secure - Practical Attacks Against Encrypted OSS Databases

Explore the limitations of encrypted databases and learn practical attacks against them in this 34-minute conference talk from linux.conf.au. Discover why encrypting data in relational databases like PostgreSQL and MariaDB may not be as secure as you think. Examine recent research findings from Cornell, Stanford, and the University of Illinois on vulnerabilities in encrypted databases. Learn about potential risks, including direct memory access, deterministic encryption, chosen plaintext attacks, and reidentification attacks. Gain insights into mitigating these risks while maintaining performance, scalability, and usability. Consider alternative approaches to address security concerns and understand how to incorporate these factors into your threat model.

Intro
Practical Attacks on Encrypted Databases
Why encrypt the database?
Transparent Data Encryption
Direct memory access
Deterministic Encryption
Chosen Plaintext Attack
Reidentification Attack