Client-side Encryption of Sensitive Data in SQL Databases in the Cloud
Cloud Computing becomes one of the most significant technologies for years to come. Gartner identified that Cloud Computing is one of ten technologies which companies should look at within the next two years. But alongside the benefits, like cost saving and location-independent access to the data, there are also problems, especially in terms of security and data privacy. The storing of sensitive data, like electronic health records or customer data, is subject to certain directives and laws in order to prevent third parties from accessing it without permission. When using Cloud Computing in this context, it has to be ensured via appropriate ciphering methods, that potential attackers or even the owners of the Cloud Servers are not able to read the data. Moreover, they have not to be able to draw any conclusions about the original data pool, such as age distributions or other inferences from fields with a small value range, like gender. In relation to SQL Databases it should also be ensured, that all queries can still be executed on the encrypted data pool without a significant loss of performance. The goal of this thesis is both to analyze the current processes and technologies available to solve the problem of client-side encryption and search in SQL Databases, and design, implement and evaluate a suitable approach or combination of approaches to solve the outlined problem in the context of healthcare applications with Microsoft SQL-Server.