accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Parisi <m...@accumulo.net>
Subject Re: CryptDB - FYI - it might be inspirational for Accumulo encryption architecture
Date Tue, 31 Jul 2012 11:49:29 GMT
k. as I designed it, a group. I had a decrypting iterator and a client to
do the scan. The symmetric keys decrypted groups of key/value pairs (
though ideally we wouldn't encrypt keys, only values, to maintain sorting ).
multiple asymmetric keys can be used to decode one or more symmetric keys.

my proof of concept was very simple, but could be extended. I'll have to
look further, tonight.



On Tue, Jul 31, 2012 at 7:39 AM, Jim Klucar <klucar@gmail.com> wrote:

> Post a link here to the list too please. I'm sure others might be
> interested. Does the key scheme allow a group of keys to decrypt the
> data or only a single key?
>
> Sent from my iPhone
>
> On Jul 31, 2012, at 7:37 AM, Marc Parisi <marc@accumulo.net> wrote:
>
> > I'll look for the code on my laptops and try and post it to my personal
> > github, and E-mail you directly, if you like.
> >
> > On Tue, Jul 31, 2012 at 7:35 AM, Marc Parisi <marc@accumulo.net> wrote:
> >
> >> I have code, which I can share, to
> >>   use a symmetric key to encrypt data in cells
> >>   use a sharable public key to encrypt/decrypt the symmetric keys, so
> >> that data can be shared.
> >>
> >>
> >> You can use the visibilities to ensure users don't get other users'
> data,
> >> if you like. Data is encrypted at rest, and with a client, in transit.
> >>
> >> On Sat, Jul 28, 2012 at 4:29 PM, Edmon Begoli <ebegoli@gmail.com>
> wrote:
> >>
> >>> You all might be aware of this, so please excuse the redundant
> >>> information:
> >>>
> >>> CryptDB
> >>> http://css.csail.mit.edu/cryptdb/
> >>>
> >>> CryptDB is a system that provides practical
> >>> and provable confidentiality in the face of these attacks for
> >>> applications backed by SQL databases. It works by executing SQL
> >>> queries
> >>> over encrypted data using a collection of efficient SQL-aware
> >>> encryption schemes. CryptDB can also chain encryption keys to user
> >>> passwords, so that a data item can be decrypted only by using the
> >>> password of one of the users with access to that data. As a result,
> >>> a database administrator never gets access to decrypted data, and even
> >>> if all servers are compromised, an adversary cannot decrypt
> >>> the data of any user who is not logged in
> >>>
> >>> CryptDB is MySQL based system, but I think that some of its mechanisms
> >>> could be relevant for key-value stores.
> >>> (In my work/research, I was looking for HIPAA compliant data store)
> >>>
> >>> Regards,
> >>> Edmon
> >>>
> >>
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message