This feels like a hollow announcement, given that there's no code or design details to look at.
I am curious how they intend to let a client run queries against a dataset that the server cannot read without the server having to send all the encrypted data over the wire, or at least an index of all the encrypted data. Which sounds limiting for large datasets.
Not sure how they do it, but it has been done before as a research project http://css.csail.mit.edu/cryptdb/. One of the tricks it uses(though by no means the only) is to do a binary search in an index, it actually has the client decrypt a node and compare and then give the server the result.
We JUST launched and started working on this but we do want to get code to you all as fast as possible. We'll post a progress update on our blog each week and share it here to keep everyone in the loop.
Look up private information retrieval (PIR) and oblivious RAM (ORAM). EDIT: This particular bit from the announcement "but we're pushing query logic and decryption keys client-side" seems to point to ORAM.
I was recently reading a number of ORAM papers, considering to implement something as a side-project to play a bit with modern C++. The overhead is significant, but practical, i.e., far less than homomorphic encryption.
I realize that your post was titled "Hello World" so I wouldn't expect too much substance, but a couple quick questions (honest ones, not being sarcastic):
What is the use case for something like this?
Is this f/oss ... similarly, what are the licensing terms?
Quick comment:
Please don't misuse the word "hack" when you actually mean "security breach". Thanks!
The use-cases could be, for example, payment processors storing customer data, encrypted webmail (where you're able to search w/o downloading all your emails), "encrypted evernote" :-)
Database encryption doesn't make a whole lot of sense to me. Proper row and column security, and using real database user authentication (not one single, pooled web server user) is real security. A db on its own box, in its own network zone, physically controller by the data owner.
What's the threat here?
SQL Injection? Encryption won't help. Use parameterized queries and least privilege.
Evil admin? They can just monitor the web server instead of the db.
Appications should be architected so that security-critical logic happens on the client. See how Mega and SpiderOak do that. This way, the attacker has to hack every computer of every client instead of one single server.
Of course, this requires making sure that the code which the client executes is not malicious
I think the idea is that the data is never decrypted until it returns to the client. i.e. it's encrypted client side while being indexable server side.
This means that your 'evil admin' case is invalidated since the plaintext data is never available to the host.
I think this project could be used to secure against evil admins. Especially if you make CouchDB-style apps (communicate directly with the DB from the browser or desktop/mobile app)
This is an amazing promise, but I was sad this is just a beta signup. I would really love to play around with something like this, and would also like to know how it works.
Don't play with my heart, ZeroDB. Show us what you've got!
1. Good, all DB data needs to be encrypted
2. That said, the largest security risk is applications (backends) that enable mass access to customer data and allow mass leaks of customer data.
Some technical detail would be much appreciated, like the language you are using on the server side, any dependencies? Road map for when you are open sourcing it (I assume you will do)...
[+] [-] akerl_|11 years ago|reply
I am curious how they intend to let a client run queries against a dataset that the server cannot read without the server having to send all the encrypted data over the wire, or at least an index of all the encrypted data. Which sounds limiting for large datasets.
[+] [-] anologwintermut|11 years ago|reply
[+] [-] mtrimpe|11 years ago|reply
I've been thinking a lot about this and the only way to handle the problem this tries to solve is to:
* treat the database as a collection of events
* let each event have a visibility that matches our concept of privacy (public | shared with X, Y & Z | private)
* have this communication encrypted using already existing OTR protocols (see some of Moxie Marlinspike's posts on it)
* make the database queryable on this aggregate of event data.
It's really just a case of finding the essential complexity and making it as simple, but not simpler, than that.
The annoying thing is that while it's a tough bullet to bite; it's not even that though. Something like Datomic could already get you halfway there.
[+] [-] mwilkison|11 years ago|reply
[+] [-] zvrba|11 years ago|reply
I was recently reading a number of ORAM papers, considering to implement something as a side-project to play a bit with modern C++. The overhead is significant, but practical, i.e., far less than homomorphic encryption.
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] onezeno|11 years ago|reply
http://en.wikipedia.org/wiki/Homomorphic_encryption
[+] [-] michaelmachine|11 years ago|reply
[+] [-] bcg1|11 years ago|reply
What is the use case for something like this?
Is this f/oss ... similarly, what are the licensing terms?
Quick comment:
Please don't misuse the word "hack" when you actually mean "security breach". Thanks!
[+] [-] michwill|11 years ago|reply
Yes, it will be open source once available
[+] [-] mwilkison|11 years ago|reply
[+] [-] elchief|11 years ago|reply
What's the threat here?
SQL Injection? Encryption won't help. Use parameterized queries and least privilege.
Evil admin? They can just monitor the web server instead of the db.
[+] [-] michwill|11 years ago|reply
Of course, this requires making sure that the code which the client executes is not malicious
[+] [-] Veratyr|11 years ago|reply
This means that your 'evil admin' case is invalidated since the plaintext data is never available to the host.
[+] [-] floatboth|11 years ago|reply
[+] [-] kevinnk|11 years ago|reply
That's exactly the use case. The idea is that the data isn't decrypted until the client.
[+] [-] rubbingalcohol|11 years ago|reply
Don't play with my heart, ZeroDB. Show us what you've got!
[+] [-] michwill|11 years ago|reply
[+] [-] hasenj|11 years ago|reply
[+] [-] BinaryIdiot|11 years ago|reply
[+] [-] superobserver|11 years ago|reply
[+] [-] michwill|11 years ago|reply
[+] [-] bobofettfett|11 years ago|reply
[+] [-] alimoeeny|11 years ago|reply
[+] [-] axx|11 years ago|reply
(i'm no encryption expert, just curious)
[+] [-] hasenj|11 years ago|reply
[+] [-] peterboo|11 years ago|reply