TimeCrypt: Encrypted Data Stream Processing at Scale with Cryptographic Access Control
This addresses the need for secure data processing in cloud-based applications handling sensitive time series data, offering a practical solution with incremental improvements in cryptographic enforcement.
The paper tackles the problem of protecting confidentiality while enabling analytics on encrypted time series data in the cloud, presenting TimeCrypt, a system that provides scalable real-time analytics with cryptographic access control, achieving performance close to operating on unencrypted data.
A growing number of devices and services collect detailed time series data that is stored in the cloud. Protecting the confidentiality of this vast and continuously generated data is an acute need for many applications in this space. At the same time, we must preserve the utility of this data by enabling authorized services to securely and selectively access and run analytics. This paper presents TimeCrypt, a system that provides scalable and real-time analytics over large volumes of encrypted time series data. TimeCrypt allows users to define expressive data access and privacy policies and enforces it cryptographically via encryption. In TimeCrypt, data is encrypted end-to-end, and authorized parties can only decrypt and verify queries within their authorized access scope. Our evaluation of TimeCrypt shows that its memory overhead and performance are competitive and close to operating on data in the clear.