search

chayim / redicrypt

An encryption module for redis
MIT License
37 stars 2 forks source link

Using Redicrypt with RediSearch? #3

Open john-999 opened 1 year ago

john-999 commented 1 year ago

Is it possible to use RediSearch with Redicrypt?

chayim commented 1 year ago

Not currently - but I've been thinking a lot about homorphic encrytption. What were you thinking about doing - I'd love to learn more.. and possibly write something.

john-999 commented 1 year ago

With databases all over the world being leaked almost on a daily basis now, database encryption is rapidly gaining importance.

Using Redis for search has the obvious important advantage of being super-fast.

Additionally, it can take important load off your conventional/relational DB running alongside, if you have one.

In my case, I run an after-deploy task to load a part of my MySQL/MariaDB database into the Redis DB, in order to make the data available for search (via RediSearch).

For encryption, I use (1) MariaDB's at-rest encryption (database-level), and additionally (2) Rails' Active Record Encryption (application-level) in order to maximize data protection.

But: The data that is made available for search in Redis is currently unencrypted, because it needs to be searchable. This is a security hole.

So if Redicrypt could encrypt Redis data while keeping it searchable, there would be no more security hole: We could search Redis data that is encrypted super-fast, which would be pretty awesome.

gkorland commented 1 year ago

Even on MariaDB/MySQL data-at-reset encryption, when the data is loaded to memory from disk it's kept unencrypted in memory. I'm not familiar with DBs that keep the data-in-use encrypted in memory

john-999 commented 1 year ago

Ok, so the feature would make Redis the first DB that keeps the data-in-use encrypted in memory, if I understand correctly.

And so ideally, one would drop MariaDB/MySQL and go Redis-only, in order to be able to have all data-in-use encrypted in memory.

chayim commented 1 year ago

@john-999 Thinking about this further, I think we have several usability problems here - but I want to make sure we're thinking about the same thing.

  1. We would need some way to limit users to sub-fields within a hash or json document. Currently ACL supports limits to a key read pattern in Redis 7, but I don't think this is extensible to custom types (is it @gkorland )
  2. Within the response context search would need the ability to optionally search these encrypted fields, and based on the ACL return the documents, with encrypted values
  3. The same as the prior item with but decrypted values

FWIW I don't currently have an answer - but do want to make sure this makes sense.

john-999 commented 1 year ago

(As much as I'd like to contribute any useful comments, I'm unfortunately not sufficiently advanced to discuss any technical details/requirements - I'll have to leave the floor to the grown-ups...)

cw1427 commented 5 months ago

How about thinking with RediJson?