CipherDB Performance Benchmarks

Those of you following us know that CipherDB performs key management, key access controls, data encryption and decryption functionality on a per cell basis. In addition, the keys themselves are encrypted and kept separately away from the database server. When the CipherDB agent that lives in in your C# application needs to secure data flowing between the application and the database, it fetches the appropriate key from Crypteron’s datacenter. It’s vital to note that all key transports take place over two layers of encryption, so even if an SSL/TLS weakness exists, the underlying key is never compromised.

Given how much CipherDB does behind the scenes, we’ve had some questions about its performance and felt a blog post was in order.

Benchmarks

We used two machines for our benchmarks, one to represent a modern server and one to represent a legacy server. Of course, one can always use 16+ core CPUs or multiple servers to scale up as needed. Both machines performed reads and writes for 2000 table entries, each with 10 columns.

Every entry was routed into CipherDB’s security pipeline. Since CipherDB is designed to be API compatible with .NET ORMs such as Microsoft Entity Framework or NHibernate to simplify development, we’re comparing standard .NET Entity Framework 6.x performance against CipherDB. NHibernate numbers are similar.

So, what does it look like?

Modern hardware scenario

Specs: 4th Gen Core i7 @ 2.5Ghz (hardware AES support), 16GB RAM, Solid state drives, Windows 8.1 x64 (VM)

Mode Reads Writes
CipherDB 0.76 ms 6.88 ms
No CipherDB 0.36 ms 6.76 ms
Difference 0.41 ms 0.12 ms

Legacy hardware

Specs: Core2Duo @ 2.66Ghz (no hardware AES support), 8GB RAM, Solid state drives, Windows 7 x64 (bare metal)

Mode Reads Writes
CipherDB 1.17 ms 3.33 ms
No CipherDB 0.40 ms 2.84 ms
Difference 0.77 ms 0.49 ms

As you can see, the performance differential of the entire security processing pipeline is less than a single millisecond on average. How do we accomplish this kind of performance?

  • We perform intelligent caching to minimize network chatter with the key management servers
  • We leverage hardware accelerated AES when the underlying CPU supports it (most modern CPUs now do)
  • We heavily optimize our CipherDB agent to extract as much performance as possible.

What a sub-millisecond impact means is that your page or API responsiveness is going be remain virtually unchanged since network latencies and other effect dominate at that timescale.

The upside is extraordinary data protection which can protect against data breaches even when your SQL Server is completely compromised.

If you have any questions, just reach out to us. We’re here to help!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent blog posts

Migrating existing live data into Crypteron

You’re already live in production. And you have sensitive in the clear. Read this article to see how Crypteron can help.

Encryption, Entity Framework and Projections

Projections in Entity Framework live outside the entity lifecycle. Read more to learn how your can use Crypteron to secure such data.

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

CipherDB Performance Benchmarks

by Sid Shetye time to read: 2 min
0