lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörn Franke <jornfra...@gmail.com>
Subject Re: Encrypting Solr Index
Date Tue, 25 Jun 2019 19:39:35 GMT
Maybe in this scenario a Secure Enclave could make sense (eg Intel sgx)?

The scenario that you describes looks like MIT CryptDB, eg https://css.csail.mit.edu/cryptdb/



> Am 25.06.2019 um 21:05 schrieb Tim Casey <tcasey@gmail.com>:
> 
> My two cents worth of comment,
> 
> For our local lucene indexes we use AES encryption.  We encrypt the blocks
> on the way out, decrypt on the way in.
> We are using a C version of lucene, not the java version.  But, I suspect
> the same methodology could be applied.  This assumes the data at rest is
> the attack vector for discovering what is in the invertible index.  But
> allows for the indexing/querying to be done in the clear.  This would allow
> for stemming and the like.
> 
> If you have an attack vector in which the indexing/querying are not
> trusted, then you have a whole different set of problems.
> 
> To do stemming, you need a homomorphic encryption scheme which would allow
> per character/byte queries.  This is different type of attack vector than
> the on-disk encryption.  To me, this implies the query system itself is
> untrusted and you are indexing/querying encrypted content.  The first
> "thing" people are going to try  is to hash a token into a 256bit value
> which becomes the indexable token value.  This leads to the lack of
> stemming from above comments.  Depending on how keys are handled and hashes
> are generated you can run out of token space in the various underlying
> lucene indexes because you have more than 2 million tokens.
> 
> 
> 
>> On Tue, Jun 25, 2019 at 10:21 AM Ahuja, Sakshi <ahujasi@upmc.edu> wrote:
>> 
>> I am actually looking for the best option so currently doing research on
>> it.
>> For Window's FS encryption I didn't find a way to use different
>> Username/Password. It by default takes window's username/password to
>> encrypt and decrypt.
>> 
>> I tried bitlocker too for creating encrypted virtual directory (Which
>> allows me to use different credentials) and to keep Solr Index in that but
>> somehow Solr Admin was unable to access Index from that encrypted
>> directory. Not sure how that is working.
>> 
>> If you have any idea on that- will wok for me. Thanks!
>> 
>> -----Original Message-----
>> From: Jörn Franke <jornfranke@gmail.com>
>> Sent: Tuesday, June 25, 2019 12:47 PM
>> To: solr-user@lucene.apache.org
>> Subject: Re: Encrypting Solr Index
>> 
>> Why does FS encryption does not serve your use case?
>> 
>> Can’t you apply it also for backups etc?
>> 
>>> Am 25.06.2019 um 17:32 schrieb Ahuja, Sakshi <ahujasi@upmc.edu>:
>>> 
>>> Hi,
>>> 
>>> I am using solr 6.6 and want to encrypt index for security reasons. I
>> have tried Windows FS encryption option that works but want to know if solr
>> has some inbuilt feature to encrypt index or any good way to encrypt solr
>> index?
>>> 
>>> Thanks,
>>> Sakshi
>> 

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message