<div dir="ltr">Hey Sanne!<div><br></div><div>Comments inlined.</div><div><br></div><div>Thanks</div><div>Sebastian<br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 25, 2016 at 2:55 PM, Sanne Grinovero <span dir="ltr"><<a href="mailto:sanne@infinispan.org" target="_blank">sanne@infinispan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Sebastian,<br>
you're opening a very complex (but interesting!) topic.<br>
<br>
As the paper you linked to also reminds, it's extremely hard to<br>
implement such a thing without "giving away" lots of useful metadata<br>
to a potential attacker. It's an interesting paper as they propose a<br>
technique to maintain query capabilities while not having the full<br>
data readability, yet as other papers which I've seen before it's both<br>
complex to implement, and leaves some questions unanswered; in this<br>
case they seem to "just" not being able to camouflage the data access<br>
patterns, which is pretty good but according to some experts really<br>
not enough to keep the decryption keys safe.<br>
<br>
The typical problem is that if the server has no clue about the<br>
encrypted blobs at all we won't be able to query it. However there's<br>
ongoing research (like this one?) about being still able to run<br>
queries on behalf of key-owning clients, identify a subset of the<br>
data, e.g. a *naive* example: if you know the data structure and can<br>
tell which section contains the "encrypted surname", then a client<br>
could query for identical matches on the "encrypted surname"; however<br>
this naive approach is critically flawed such as you might be able to<br>
extract the encryption keys by analysing the statistical frequency of<br>
signatures and run a dictionary attack, e.g. you might have a good<br>
guess about which surname is expected to be the most commonly used.<br>
You'll need salting techniques combined within the query capabilities,<br>
e.g. MAC (message authentication codes) but these either require you<br>
to trust the database (are we going in circles?) or expose you to<br>
other forms of attack.<br></blockquote><div><br></div><div>Yes, you are correct. Not being able to query the server is a very serious problem. But preventing a potential attacker from analyzing your communication seems very easy to be solved - just use TLS to encrypt connection between the client and the server.</div><div><br></div><div>So I think the main challenge is how to perform a search operation through an encrypted data set...</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
While it's obvious that this introduces some limitations on search<br>
capabilities on the fields of the value, you might also have similar<br>
problems just on the keys. For example you might not be able to use<br>
any form of affinity which takes advantage of some domain specific<br>
knowledge, or just about do anything useful beyond the pure<br>
"key/value" capabilities which are extremely limited.<br>
Besides, even the fact that the "key" doesn't change over time might<br>
be critical: it means you can't use salting on the key, which again<br>
introduces dictionary attacks by merely observing the frequency of<br>
operations.<br>
<br>
Even if you're prepared to give up on all those features and accept<br>
some limitations to just encrypt it all on the client, the "grid"<br>
needs nevertheless to be considered a trusted party; given the large<br>
amount of data and access patterns, the data grid has so much insight<br>
on both data and access patterns, that I doubt it can be properly<br>
secured.<br></blockquote><div><br></div><div>Granted. If a potential attacker had access to the machine hosting an Infinispan Server (e.g. could do a memory snapshot), the encryption algorithm would need to "survive" statistical analysis.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I'm not sure we have the right engineering skills to develop such a<br>
system, we'd need at least to brush up on existing research in this<br>
field, of which I'm not aware there being any "full solution" unless<br>
you give a good amount of trust to the database..<br></blockquote><div><br></div><div>There's a database called CryptDB: <a href="http://bristolcrypto.blogspot.com/2013/11/how-to-search-on-encrypted-data-in.html">http://bristolcrypto.blogspot.com/2013/11/how-to-search-on-encrypted-data-in.html</a></div><div><br></div><div>I haven't looked into the research papers yet but if we had to trust any database we should pick something like that.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I'd love it if someone could explore this more, but be aware that it's<br>
not as easy as just enabling encryption on the client.<br></blockquote><div><br></div><div>I totally agree. Thanks a lot for pointing all those useful aspects!</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Thanks,<br>
Sanne<br>
<div><div class="gmail-h5"><br>
<br>
<br>
<br>
On 25 November 2016 at 12:32, Sebastian Laskawiec <<a href="mailto:slaskawi@redhat.com">slaskawi@redhat.com</a>> wrote:<br>
> Hey!<br>
><br>
> A while ago I stumbled upon [1]. The article talks about encrypting data<br>
> before they reach the server, so that the server doesn't know how to decrypt<br>
> it. This makes the data more secure.<br>
><br>
> The idea is definitely not new and I have been asked about something similar<br>
> several times during local JUGs meetups (in my area there are lots of<br>
> payments organizations who might be interested in this).<br>
><br>
> Of course, this can be easily done inside an app, so that it encrypts the<br>
> data and passes a byte array to the Hot Rod Client. I'm just thinking about<br>
> making it a bit easier and adding a default encryption/decryption mechanism<br>
> to the Hot Rod client.<br>
><br>
> What do you think? Does it make sense?<br>
><br>
> Thanks<br>
> Sebastian<br>
><br>
> [1] <a href="https://eprint.iacr.org/2016/920.pdf" rel="noreferrer" target="_blank">https://eprint.iacr.org/2016/<wbr>920.pdf</a><br>
><br>
</div></div>> ______________________________<wbr>_________________<br>
> infinispan-dev mailing list<br>
> <a href="mailto:infinispan-dev@lists.jboss.org">infinispan-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/infinispan-<wbr>dev</a><br>
______________________________<wbr>_________________<br>
infinispan-dev mailing list<br>
<a href="mailto:infinispan-dev@lists.jboss.org">infinispan-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/infinispan-<wbr>dev</a><br>
</blockquote></div><br></div></div></div>