search

cossacklabs / acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
https://www.cossacklabs.com/acra/
Apache License 2.0
1.32k stars 128 forks source link

Question #649

Closed afrizaloky closed 1 year ago

afrizaloky commented 1 year ago

I have some question here

  1. I want ask about searchable encryption, why you choose to use HMAC instead of pure hash? AFAIK, HMAC add authentication purpose, but i don't know the purpose why you need the authentication.

  2. Based on your documentation, There are 3 state data in masking encryption.

    • Data is encrypted when stored in database. PGVuY3J5cHRlZD4=3456
    • Data is decrypted when it show to authorized user. 1234 5678 9012 3456
    • Data is masked when it show for unauthorized used. XXXX XXXX XXXX 3456 How to reproduce case for unauthorized used?

  3. I want ask about ResponseOnFail. When someone tamper the encrypted data in database, the data couldn't be decrypted. It will send error to client (depend on ResponseOnFail). But, what will happen if encryption fail? I know the possibility is very slim but it still possible. Since i can't reproduce the case, so i ask here.

Lagovas commented 1 year ago
  1. In HMAC we use one more part for hashing - client's key. It cryptographically separates searchable pieces of the encrypted data between clients. For example, when you use just hashing for first name encryption, you get HASH("John") == Hash("John"). So an attacker will know all rows in the database with similar names. If he has own created row (by the legal UI or user flow as standard user) with name "John", he can find own row with hash of this first name, and then find all "John"s in the database. When we use separate keys for every client then an attacker can find only similar values in the set of rows of one client, not all in the database, and all other client data are not compromised. HMACing values add one more dimension of values. With set of 10k unique first names hashing produces 1D dimension of 10k values. Using HMAC and unique keys per client it produces 2D dimension with X keys * 10k values
  2. Connect to Acra with another TLS certificate that changes clientID used for encryption/decryption operations. In the default configuration switching between users/clients works on changing TLS certificates.
  3. On encryption failures, Acra will interrupt connection processing and close connection to prevent the propagation of not protected data. To reproduce, you can start Acra, establish DB session via driver or CLI client, and after that remove/rename libthemis.so library used as crypto backend. It will cause runtime errors on key decryption operation (which always prepends any data encryption/decryption operation).
afrizaloky commented 1 year ago

Thanks you for you answer