Stories
Slash Boxes
Comments

SoylentNews is people

MongoDB's Field-Level Encryption Protects Private Data—Even From DBAs

posted by martyb on Friday April 03 2020, @12:07PM   Printer-friendly
from the putting-at-all-tqqq- dept.

Fnord666 writes:

MongoDB's Field-Level Encryption Protects Private Data—Even From DBAs[:

In December 2019, popular document database MongoDB added a fairly radical new feature to the platform: field-level database encryption. At first glance, one might wonder whether this is a meaningful feature in a world that already has at-rest storage encryption and in-flight transport encryption—but after a little closer analysis, the answer is a resounding yes.

One of MongoDB's first customers to use the new technology is Apervita, a vendor that handles confidential data for well over 2,000 hospitals and nearly 2 million individual patients. Apervita worked side by side with MongoDB during development and refinement of the technology.

Since reaching general availability in December, the technology has also been adopted by several government agencies and Fortune 50 companies, including some of the largest pharmacies and insurance providers.

This is a good thing. Field Level Encryption (FLE) is a must for any DB these days.

Original Submission

 
This discussion has been archived. No new comments can be posted.
MongoDB's Field-Level Encryption Protects Private Data—Even From DBAs | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Friday April 03 2020, @07:06PM (1 child)

    by Anonymous Coward on Friday April 03 2020, @07:06PM (#978835)

    I remember either here or the green site had a paper where they showed practical attacks against a theoretically perfect implementation of FLE. They said it was basically worthless.

    The assumptions they made on the database:
    1) It would be possible to search the DB for a range of values in a column rather than requiring equality queries only
    2) The database and its queries would be encrypted ('perfectly'), but the columns headers would be readable (either encrypted or not)
    3) The DBA would be able to see requests come in (encrypted), and responses leave (also encrypted, but countable)

    I think they said that if you wanted the contents of a column to be known within 5%, you would only need 500 queries of random(ish) ranges before you had that degree of accuracy, this was independent of the size of the database, though it did assume that the attacker might have some idea of the applicable ranges (the attack only gave you information as a percent of the applicable range and the sign had to be inferred from the shape after the fact).

    Sadly, my google-fu seems to be coming up short.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 1, Informative) by Anonymous Coward on Saturday April 04 2020, @02:28AM

    by Anonymous Coward on Saturday April 04 2020, @02:28AM (#978946)

    Sadly, my google-fu seems to be coming up short.

    Fortunately I remember reading the same thing from a pointer on Bruce Schneider's blog: https://www.schneier.com/blog/archives/2019/03/data_leakage_fr.html [schneier.com]
    It was interesting to learn that any useful field-level encryption beyond simple key-value pairs was just a false sense of security.