Full Encryption: An end to end encryption mechanism in GaussDB

In this paper, we present a novel mechanism called Full Encryption (FE) in GaussDB. FE-in-GaussDB provides column-level encryption for sensitive data, and secures the asset from any malicious cloud administrator or information leakage attack. It ensures not only the security of operations on ciphertext data, but also the efficiency of query execution, by combining the advantages of cryptography algorithms (i.e. software mode) and Trusted Execution Environment (i.e. hardware mode). With this, FE-in-GaussDB supports full-scene query processing including the matching, the comparison and other rich computing functionalities. We demonstrate the prototype of FE-in-GaussDB and an experimental performance evaluation to prove its availability and effectiveness.