lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SUJIT PAL <sujit....@comcast.net>
Subject Re: Securing stored data using Lucene
Date Tue, 25 Jun 2013 17:59:04 GMT
Hi Rafaela,

I built something along these lines as a proof of concept. All data in the index was unstored
and only fields which were searchable (tokenized and indexed) were kept in the index. The
full record was encrypted and stored in a MongoDB database. A custom Solr component did the
search against the index, gathered up unique ids of the results, then pulled out the encrypted
data from MongoDB, decrypted it on the fly and rendered the results.

You can find the (Scala) code here:
https://github.com/sujitpal/solr4-extras
(under the src/main/scala/com/mycompany/solr4extras/secure folder).

More information (more or less the same as what I wrote but probably a bit more readable with
inlined code):
http://sujitpal.blogspot.com/2012/12/searching-encrypted-document-collection.html

There are some obvious data sync concerns with this sort of setup, but as Adrian points out,
you can't index encrypted data.

HTH
Sujit

On Jun 25, 2013, at 4:17 AM, Adrien Grand wrote:

> On Tue, Jun 25, 2013 at 1:03 PM, Rafaela Voiculescu
> <rafaela.voiculescu@gmail.com> wrote:
>> Hello,
> 
> Hi,
> 
>> I am sorry I was not a bit more explicit. I am trying to find an acceptable
>> way to encrypt the data to prevent any access of it in any way unless the
>> person who is trying to access it knows how to decrypt it. As I mentioned,
>> I looked a bit through the patch, but I am not sure of its status.
> 
> You can encrypt stored fields, but there is no way to do it correctly
> with fields that have positions indexed: attackers could infer the
> actual terms based on the order of terms (the encrypted version must
> sort the same way as the original terms), frequencies and positions.
> 
> --
> Adrien
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
> For additional commands, e-mail: java-user-help@lucene.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-user-help@lucene.apache.org


Mime
View raw message