Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data

This paper presents an industrial report on the implementation of a system that supports execution of queries over encrypted data. While this idea is not new, e.g. [HILM02, AKRX04, PRZB11], the implementation in a real world large scale in-memory database is still challenging. We will provide an overview of our architecture and detail two use cases to give the reader an insight into how we technically realized the implementation. We then provide three main contributions, reporting that: a) We significantly improve functionality by intelligently splitting query execution, i.e. which parts of a query can be performed in the cloud and which on the client. b) We share some initial performance measurements with the community on basis of the TPCH benchmark. c) We present a domain-specific analysis of three data sets that shows the effects of executing queries over encrypted data and what adjustments are required with respect to the encryption of individual columns. The three made observations on query execution, execution time measurements and domain-specific query analysis will lead us to the conclusion that although searching over outsourced encrypted data is always a trade off between functionality, performance and security, it is realistic to assume that working solutions can be provided in the not too distant future to the market.