accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edmon Begoli <ebeg...@gmail.com>
Subject Re: CryptDB - FYI - it might be inspirational for Accumulo encryption architecture
Date Tue, 31 Jul 2012 14:04:35 GMT
Looking forward to see it.

Encrypting keys or not could be an interesting design tradeoff, as
key, if based on some natural fact, might be a good candidate for
encryption too ...

On Tue, Jul 31, 2012 at 7:49 AM, Marc Parisi <marc@accumulo.net> wrote:
> k. as I designed it, a group. I had a decrypting iterator and a client to
> do the scan. The symmetric keys decrypted groups of key/value pairs (
> though ideally we wouldn't encrypt keys, only values, to maintain sorting ).
> multiple asymmetric keys can be used to decode one or more symmetric keys.
>
> my proof of concept was very simple, but could be extended. I'll have to
> look further, tonight.
>
>
>
> On Tue, Jul 31, 2012 at 7:39 AM, Jim Klucar <klucar@gmail.com> wrote:
>
>> Post a link here to the list too please. I'm sure others might be
>> interested. Does the key scheme allow a group of keys to decrypt the
>> data or only a single key?
>>
>> Sent from my iPhone
>>
>> On Jul 31, 2012, at 7:37 AM, Marc Parisi <marc@accumulo.net> wrote:
>>
>> > I'll look for the code on my laptops and try and post it to my personal
>> > github, and E-mail you directly, if you like.
>> >
>> > On Tue, Jul 31, 2012 at 7:35 AM, Marc Parisi <marc@accumulo.net> wrote:
>> >
>> >> I have code, which I can share, to
>> >>   use a symmetric key to encrypt data in cells
>> >>   use a sharable public key to encrypt/decrypt the symmetric keys, so
>> >> that data can be shared.
>> >>
>> >>
>> >> You can use the visibilities to ensure users don't get other users'
>> data,
>> >> if you like. Data is encrypted at rest, and with a client, in transit.
>> >>
>> >> On Sat, Jul 28, 2012 at 4:29 PM, Edmon Begoli <ebegoli@gmail.com>
>> wrote:
>> >>
>> >>> You all might be aware of this, so please excuse the redundant
>> >>> information:
>> >>>
>> >>> CryptDB
>> >>> http://css.csail.mit.edu/cryptdb/
>> >>>
>> >>> CryptDB is a system that provides practical
>> >>> and provable confidentiality in the face of these attacks for
>> >>> applications backed by SQL databases. It works by executing SQL
>> >>> queries
>> >>> over encrypted data using a collection of efficient SQL-aware
>> >>> encryption schemes. CryptDB can also chain encryption keys to user
>> >>> passwords, so that a data item can be decrypted only by using the
>> >>> password of one of the users with access to that data. As a result,
>> >>> a database administrator never gets access to decrypted data, and even
>> >>> if all servers are compromised, an adversary cannot decrypt
>> >>> the data of any user who is not logged in
>> >>>
>> >>> CryptDB is MySQL based system, but I think that some of its mechanisms
>> >>> could be relevant for key-value stores.
>> >>> (In my work/research, I was looking for HIPAA compliant data store)
>> >>>
>> >>> Regards,
>> >>> Edmon
>> >>>
>> >>
>> >>
>>

Mime
View raw message