MongoDB Client-Side Field Level Encryption

#MDBlocal
Kenneth White
Security Principal
TORONTO
New encryption capabilities in MongoDB 4.2:
A deep dive into protecting sensitive
workloads

View Slide

A deep dive into protecting sensitive workloads

View Slide

Agenda

View Slide

Agenda
• A brief history of database security
• Trust models: server vs. client
• Encrypting data-in-use
• Hands on deep dive
• Q&A

View Slide

A brief history of database security

View Slide

Evolution

View Slide

Evolution
• access controls

View Slide

Evolution
• access controls
• passwords
• plaintext > hashing > key derivation
• bearer tokens
• NTLM, Kerberos tickets, LDAP/S, SCRAM, web session
• multi-factor auth
• LCD fobs / SMS / 2FA apps / FIDO-U2F / WebAuthn / mobile enclaves
• federated RBAC

View Slide

Evolution
• network

View Slide

Evolution
• network
• (plaintext) native wire protocols
• SSL encryption
• TLS
• TLS w/ PFS

View Slide

Evolution
• storage

View Slide

Evolution
• storage
• plaintext / raw filesystem
• encrypted

View Slide

Evolution
• storage
• volume-level / full disk encryption (FDE)
• BitLocker, DMCrypt, FileVault, encrypted EBS
• file-level encryption
• whole database
• per-database (WiredTiger ESE)
• tablespace
• database-level encryption
• column / field

View Slide

These are all important defenses, but…

View Slide

What is the threat?

View Slide

Against whom/what are we defending?

View Slide

• “hackers”?

View Slide

• “hackers”?
• criminal blackhats?
• competitors?
• activists?
• unknown actors?

View Slide

• “hackers”?
• competitors?
• activists?
• unknown actors?
• insiders?

View Slide

• “hackers”?
• competitors?
• activists?
• unknown actors?
• insiders?
• admins?

View Slide


View Slide

What is the threat?

View Slide

The security model for many Prod databases

View Slide

The security model for many Prod databases
Source: Imgur (author unknown)

View Slide


View Slide

Let’s talk about breaches.

View Slide

Every sector of the global economy has been impacted.

View Slide

Every sector of the global economy has been impacted
• enterprise
• consumer tech
• retail
• government
• healthcare
• finance
…

View Slide

Major shifts in regulatory & privacy climate

View Slide

Major shifts in regulatory & privacy climate
• GDPR
• HIPAA
• PCI DSS
• NIST/FISMA
• Consumer protection
• State & provincial

View Slide

System architect & developer security challenges

View Slide

Meeting legal/regulatory obligations
• Controls
• Audit/attestation

View Slide

• Controls
Defending real-world attacks
• First Principles: C/I/A
• Separation of duties
• Access control
• Identifying & protecting sensitive data

View Slide

System architects & develop security challenges
• Controls
Defending real-world attacks
• First Principles: C/I/A
• Separation of duties
• Access control
• Identifying & protecting sensitive data

View Slide

Trust models: server vs. client

View Slide

What is the source of trust?

View Slide

• Traditionally, DB encryption has relied on server-side trust

View Slide

• This has implications, many not so obvious

View Slide

• This has implications, many not so obvious
• With a few caveats, the database operator typically has unrestricted
technical access, including:
• DBAs
• system admins
• hosting/infrastructure providers

View Slide

• In a server-side encryption model, a leak or breach can be
catastrophic

View Slide

catastrophic
• This potentially includes: logs, backups, temp files, process
memory…

View Slide

catastrophic
• This potentially includes: logs, backups, temp files, process
memory…
• They who hold the keys controls the kingdom

View Slide

This is particularly important in a cloud context, especially so when
running highly sensitive workloads.

View Slide

A common pain for system architects

View Slide

A common pain for system architects
• Most notably in healthcare, finance, and consumer tech
• The benefits of managed, easily expanded compute & cloud storage
have often been considered out of reach because of data
confidentiality & privacy concerns.

View Slide

The fundamental challenge is protecting the confidentiality of data while
it’s in use.

View Slide

Encrypting Data-in-Use

View Slide

Introducing MongoDB Client-Side Field Level Encryption

View Slide

Introducing MongoDB Client-Side Field Level Encryption
• encryption as a first-class citizen
• modern, authenticated encryption algorithms
• strong security guarantees
• customer-managed keys
• sensitive content is opaque to server & server operator

View Slide

Introducing MongoDB Client-Side Field-Level Encryption
• major investment
• 2 years in the making
• 18+ engineers spanning core server, query, security, cloud, drivers
• targeting 12+ languages
• all major hardware & operating system platforms
• Linux, MacOS, Windows

View Slide

MongoDB Client-Side Field-Level Encryption

View Slide

Core design

View Slide

Core design
• CSFLE is enabled in drivers & integrated into shell
• All encryption/decryption is done in the driver, on the client
• Drivers have expanded MQL awareness for automatic encryption
• Individual fields within collections can be marked as encrypted
• Keys can be used on a per-field or even per-document basis

View Slide

Implementation

View Slide

Implementation
• Extends existing JSON Schema with new “encrypt” property
• Schema validation extended client-side
• Key management services natively integrated into drivers
• KMS envelope encryption used to protect field data keys
• Server only sees encrypted binary data (BinData subtype-6)

View Slide

Cryptography

View Slide

Cryptography
• Multiple encryption options, including deterministic search
• Cloud key services are natively integrated
• Modern authenticated encryption: AEAD AES-256 & HMAC-SHA512
• 2015 IETF draft: McGrew, Foley, Paterson
• Abuse- & misuse-resistant derived HMACs w/ deterministic IVs
• Native OS libraries used for crypto primitives

View Slide

Cryptography
• Raw key material never persisted to disk (in-memory only)
• Stored field keys protected by strong symmetric encryption
• Field wrapping keys secured in HSM-backed external KMS
• Key service master key rotation: scheduled or on-demand
• Core constructions are Post-Quantum secure
• Engaged with expert cryptography teams on design & security
properties, and conducted independent security assessments

View Slide

How does it work?

View Slide

View Slide

View from application

View Slide

{
firstName: "Pat",
lastName: "Lee",
ssn: "901-01-0001",
email: "[email protected]",
mobile: "+1-212-555-1234",
medRecNum: 235498
}

View Slide

View from database (admin, server, DB logs, process memory)
{
firstName: "Pat",
lastName: "Lee",
ssn: "901-01-0001",
mobile: "+1-212-555-1234",
medRecNum: 235498
}

View Slide

{
firstName: "Pat",
lastName: "Lee",
ssn: "901-01-0001",
mobile: "+1-212-555-1234",
medRecNum: 235498
}
{
firstName: "Pat",
lastName: "Lee",
ssn: "r6EaUcgZ4lGw…",
email: "K4b5U3TlcIXh…",
mobile: "oR72CW4Wf5Ej…",
medRecNum: 235498
}
View from database (admin, server, DB logs, process memory)

View Slide

Client-Side Field Level Encryption Step by Step

View Slide

 Step 1: Identify fields to encrypt

View Slide

Identify fields to encrypt
{
"medRecNum" : 235498,
"firstName" : "Pat",
"lastName" : "Lee",
"ssn" : "901-01-0001",
"mobile" : "212-555-1234",
"email" : "[email protected]"
}

View Slide

 Step 2: Set JSON data types & key(s) for encrypted
fields

View Slide

"test.patients" : {
"bsonType" : "object",
"properties" : {
"ssn" : {
"encrypt" : {
"bsonType" : "string",
"keyId" : [ myKey ],
"algorithm" : encryption_mode,
}
}
}
}

View Slide

fields
 Step 3: Create a new Mongo session with encryption
options

View Slide

var keystore = db.getCollection("__keystore")
var clientSideFLEOptions = {
"kmsProviders" : {
"aws" : {
"accessKeyId" : env.KMSKID ,
"secretAccessKey" : env.KMSKEY
}
},
"schemas" : { patientSchema } ,
"keyVaultCollection" : keystore
}
encryptedSession = new Mongo( "localhost", clientSideFLEOptions )

View Slide

fields
 Step 3: Create a new Mongo session with encryption
options
 Step 4: Run your queries.

View Slide

db.patients.insert({
"lastName" : "Lee",
"ssn" : "901-01-0001",
"mobile" : "212-555-1234",
});
...
db.patients.find({ "ssn": "901-01-1234" });

View Slide

fields
 Step 3: Create a new mongo session with encryption
options
 Step 4: Run your queries.
(That’s it)

View Slide

Let’s go deeper

View Slide

Example: Direct query on an encrypted field
encryptedDb.patients.find({"ssn": "901-01-0001" })

View Slide

Example: Direct query on an encrypted field
encryptedDb.patients.find({"ssn": "901-01-0001" })
encryptedDb.patients.find({ "ssn": BinData(6,"ASV2YBzOhUY…" )})

View Slide

Auto-decryption for clients holding a valid key:
{
"lastName" : "Lee",
"ssn" : "901-01-0001",
"mobile" : "212-555-1234",
}

View Slide

View to a DBA:
{
"lastName" : "Lee",
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
}

View Slide

View to a client lacking a valid key:
{
"lastName" : "Lee",
"mobile" : "212-555-1234",
}

View Slide

View to database, server memory, logs, backups:
{
"lastName" : "Lee",
"mobile" : "212-555-1234",
}

View Slide

{
"lastName" : "Lee",
"mobile" : "212-555-1234",
}
View to legacy clients:
{
"lastName" : "Lee",
"mobile" : "212-555-1234",
}

View Slide

Subdocuments & embedded fields supported

View Slide

{
"_id": 923452345,
"name": "John Doe",
"ssn": "555-55-5555,
"addresses": {
"home": {
"street": "123 secret way",
"state": "NV",
"zip": "89429"
} }
}

View Slide

{
"_id": 923452345,
"name": "John Doe",
"ssn": "9+4/J%|]yr4t^(M",
"addresses":
"cEfgjCW,WqK+vB4V&fX1{G4XI*oi?OmQA7kT9>,}1vo
SG!5\cJkl0?6ckTmL*9TmZ^[x`2gRkCYpP)~Ol5dpBz"
}

View Slide

{
"_id": 923452345,
"name": "John Doe",
"ssn": "9+4/J%|]yr4t^(M",
"addresses": {
"home": {
"street": "8u^,%k78`[l9*AqMM",
"state": "NV",
"zip": "89429"
} }
}

View Slide

Sorts, range, and reference queries schema design
{
"firstName": ")2~Y8cJQuM",
"lastName": "u?n"DOB": 1978,
"location": {
"city": "u^fj,%k78*)qV",
"state": "NV",
},
"ssn": "9+4/J%|]yr4t^(M",
"payerID": 62501,
"medicalCode": "89K",
"accountBalance": 4000.34
}

View Slide

Recap

View Slide

Recap
• Run anywhere: Atlas, self-managed cloud, GovCloud, local
• Targeting all supported drivers on all supported platforms
• Encrypt at the collection-, field-, or document-level
• Search on encrypted fields
• Subdocuments, objects and aggregation pipeline support
• Multiple enforcement options (client-side, server-side, or both)
• Backwards compatible with existing admin & cluster tools

View Slide

Roadmap

View Slide

Roadmap
• Beta preview now – Java, Node.js, C# .Net, Python, Go
• Server support on Atlas 4.2 clusters now
• Shell update in flight
• Additional language beta previews in coming weeks
• 3rd party cryptography reviews & security assessments complete

View Slide

THANK YOU

View Slide

#MDBlocal
Kenneth White
Security Principal
TORONTO
A deep dive into protecting sensitive
workloads

View Slide

View Slide

MongoDB Client-Side Field Level Encryption

MongoDB Client-Side Field Level Encryption

Kenn White

More Decks by Kenn White

Other Decks in Technology

Featured

Transcript