Upgrade to Pro — share decks privately, control downloads, hide ads and more …

MongoDB Client-Side Field Level Encryption

Kenn White
November 21, 2019

MongoDB Client-Side Field Level Encryption

2019 MongoDB.local Toronto

Kenn White

November 21, 2019
Tweet

More Decks by Kenn White

Other Decks in Technology

Transcript

  1. #MDBlocal
    Kenneth White
    Security Principal
    TORONTO
    New encryption capabilities in MongoDB 4.2:
    A deep dive into protecting sensitive
    workloads

    View Slide

  2. New encryption capabilities in MongoDB 4.2:
    A deep dive into protecting sensitive workloads

    View Slide

  3. New encryption capabilities in MongoDB 4.2:
    A deep dive into protecting sensitive workloads
    Agenda

    View Slide

  4. New encryption capabilities in MongoDB 4.2:
    A deep dive into protecting sensitive workloads
    Agenda
    • A brief history of database security
    • Trust models: server vs. client
    • Encrypting data-in-use
    • Hands on deep dive
    • Q&A

    View Slide

  5. A brief history of database security

    View Slide

  6. A brief history of database security
    Evolution

    View Slide

  7. A brief history of database security
    Evolution
    • access controls

    View Slide

  8. A brief history of database security
    Evolution
    • access controls
    • passwords
    • plaintext > hashing > key derivation
    • bearer tokens
    • NTLM, Kerberos tickets, LDAP/S, SCRAM, web session
    • multi-factor auth
    • LCD fobs / SMS / 2FA apps / FIDO-U2F / WebAuthn / mobile enclaves
    • federated RBAC

    View Slide

  9. A brief history of database security
    Evolution
    • network

    View Slide

  10. A brief history of database security
    Evolution
    • network
    • (plaintext) native wire protocols
    • SSL encryption
    • TLS
    • TLS w/ PFS

    View Slide

  11. A brief history of database security
    Evolution
    • storage

    View Slide

  12. A brief history of database security
    Evolution
    • storage
    • plaintext / raw filesystem
    • encrypted

    View Slide

  13. A brief history of database security
    Evolution
    • storage
    • volume-level / full disk encryption (FDE)
    • BitLocker, DMCrypt, FileVault, encrypted EBS
    • file-level encryption
    • whole database
    • per-database (WiredTiger ESE)
    • tablespace
    • database-level encryption
    • column / field

    View Slide

  14. A brief history of database security
    These are all important defenses, but…

    View Slide

  15. A brief history of database security
    What is the threat?

    View Slide

  16. A brief history of database security
    Against whom/what are we defending?

    View Slide

  17. A brief history of database security
    Against whom/what are we defending?
    • “hackers”?

    View Slide

  18. A brief history of database security
    Against whom/what are we defending?
    • “hackers”?
    • criminal blackhats?
    • competitors?
    • activists?
    • unknown actors?

    View Slide

  19. A brief history of database security
    Against whom/what are we defending?
    • “hackers”?
    • criminal blackhats?
    • competitors?
    • activists?
    • unknown actors?
    • insiders?

    View Slide

  20. A brief history of database security
    Against whom/what are we defending?
    • “hackers”?
    • criminal blackhats?
    • competitors?
    • activists?
    • unknown actors?
    • insiders?
    • admins?

    View Slide

  21. A brief history of database security
    Against whom/what are we defending?

    View Slide

  22. A brief history of database security
    What is the threat?

    View Slide

  23. A brief history of database security
    What is the threat?

    View Slide

  24. A brief history of database security
    What is the threat?

    View Slide

  25. The security model for many Prod databases

    View Slide

  26. The security model for many Prod databases
    Source: Imgur (author unknown)

    View Slide

  27. A brief history of database security

    View Slide

  28. A brief history of database security
    Let’s talk about breaches.

    View Slide

  29. A brief history of database security
    Every sector of the global economy has been impacted.

    View Slide

  30. A brief history of database security
    Every sector of the global economy has been impacted
    • enterprise
    • consumer tech
    • retail
    • government
    • healthcare
    • finance

    View Slide

  31. A brief history of database security
    Major shifts in regulatory & privacy climate

    View Slide

  32. A brief history of database security
    Major shifts in regulatory & privacy climate
    • GDPR
    • HIPAA
    • PCI DSS
    • NIST/FISMA
    • Consumer protection
    • State & provincial

    View Slide

  33. A brief history of database security
    System architect & developer security challenges

    View Slide

  34. A brief history of database security
    System architect & developer security challenges
    Meeting legal/regulatory obligations
    • Controls
    • Audit/attestation

    View Slide

  35. A brief history of database security
    System architect & developer security challenges
    Meeting legal/regulatory obligations
    • Controls
    • Audit/attestation
    Defending real-world attacks
    • First Principles: C/I/A
    • Separation of duties
    • Access control
    • Identifying & protecting sensitive data

    View Slide

  36. A brief history of database security
    System architects & develop security challenges
    Meeting legal/regulatory obligations
    • Controls
    • Audit/attestation
    Defending real-world attacks
    • First Principles: C/I/A
    • Separation of duties
    • Access control
    • Identifying & protecting sensitive data

    View Slide

  37. Trust models: server vs. client

    View Slide

  38. Trust models: server vs. client
    What is the source of trust?

    View Slide

  39. Trust models: server vs. client
    What is the source of trust?
    • Traditionally, DB encryption has relied on server-side trust

    View Slide

  40. Trust models: server vs. client
    What is the source of trust?
    • Traditionally, DB encryption has relied on server-side trust
    • This has implications, many not so obvious

    View Slide

  41. Trust models: server vs. client
    What is the source of trust?
    • Traditionally, DB encryption has relied on server-side trust
    • This has implications, many not so obvious
    • With a few caveats, the database operator typically has unrestricted
    technical access, including:
    • DBAs
    • system admins
    • hosting/infrastructure providers

    View Slide

  42. Trust models: server vs. client
    What is the source of trust?
    • In a server-side encryption model, a leak or breach can be
    catastrophic

    View Slide

  43. Trust models: server vs. client
    What is the source of trust?
    • In a server-side encryption model, a leak or breach can be
    catastrophic
    • This potentially includes: logs, backups, temp files, process
    memory…

    View Slide

  44. Trust models: server vs. client
    What is the source of trust?
    • In a server-side encryption model, a leak or breach can be
    catastrophic
    • This potentially includes: logs, backups, temp files, process
    memory…
    • They who hold the keys controls the kingdom

    View Slide

  45. Trust models: server vs. client
    This is particularly important in a cloud context, especially so when
    running highly sensitive workloads.

    View Slide

  46. Trust models: server vs. client
    A common pain for system architects

    View Slide

  47. Trust models: server vs. client
    A common pain for system architects
    • Most notably in healthcare, finance, and consumer tech
    • The benefits of managed, easily expanded compute & cloud storage
    have often been considered out of reach because of data
    confidentiality & privacy concerns.

    View Slide

  48. Trust models: server vs. client
    The fundamental challenge is protecting the confidentiality of data while
    it’s in use.

    View Slide

  49. Encrypting Data-in-Use

    View Slide

  50. Encrypting Data-in-Use
    Introducing MongoDB Client-Side Field Level Encryption

    View Slide

  51. Encrypting Data-in-Use
    Introducing MongoDB Client-Side Field Level Encryption
    • encryption as a first-class citizen
    • modern, authenticated encryption algorithms
    • strong security guarantees
    • customer-managed keys
    • sensitive content is opaque to server & server operator

    View Slide

  52. Encrypting Data-in-Use
    Introducing MongoDB Client-Side Field-Level Encryption
    • major investment
    • 2 years in the making
    • 18+ engineers spanning core server, query, security, cloud, drivers
    • targeting 12+ languages
    • all major hardware & operating system platforms
    • Linux, MacOS, Windows

    View Slide

  53. MongoDB Client-Side Field-Level Encryption

    View Slide

  54. MongoDB Client-Side Field-Level Encryption
    Core design

    View Slide

  55. MongoDB Client-Side Field-Level Encryption
    Core design
    • CSFLE is enabled in drivers & integrated into shell
    • All encryption/decryption is done in the driver, on the client
    • Drivers have expanded MQL awareness for automatic encryption
    • Individual fields within collections can be marked as encrypted
    • Keys can be used on a per-field or even per-document basis

    View Slide

  56. MongoDB Client-Side Field-Level Encryption
    Implementation

    View Slide

  57. MongoDB Client-Side Field-Level Encryption
    Implementation
    • Extends existing JSON Schema with new “encrypt” property
    • Schema validation extended client-side
    • Key management services natively integrated into drivers
    • KMS envelope encryption used to protect field data keys
    • Server only sees encrypted binary data (BinData subtype-6)

    View Slide

  58. MongoDB Client-Side Field-Level Encryption
    Cryptography

    View Slide

  59. MongoDB Client-Side Field-Level Encryption
    Cryptography
    • Multiple encryption options, including deterministic search
    • Cloud key services are natively integrated
    • Modern authenticated encryption: AEAD AES-256 & HMAC-SHA512
    • 2015 IETF draft: McGrew, Foley, Paterson
    • Abuse- & misuse-resistant derived HMACs w/ deterministic IVs
    • Native OS libraries used for crypto primitives

    View Slide

  60. MongoDB Client-Side Field-Level Encryption
    Cryptography
    • Raw key material never persisted to disk (in-memory only)
    • Stored field keys protected by strong symmetric encryption
    • Field wrapping keys secured in HSM-backed external KMS
    • Key service master key rotation: scheduled or on-demand
    • Core constructions are Post-Quantum secure
    • Engaged with expert cryptography teams on design & security
    properties, and conducted independent security assessments

    View Slide

  61. MongoDB Client-Side Field-Level Encryption
    How does it work?

    View Slide

  62. View Slide

  63. View Slide

  64. View from application

    View Slide

  65. View from application
    {
    firstName: "Pat",
    lastName: "Lee",
    ssn: "901-01-0001",
    email: "[email protected]",
    mobile: "+1-212-555-1234",
    medRecNum: 235498
    }

    View Slide

  66. View from application
    View from database (admin, server, DB logs, process memory)
    {
    firstName: "Pat",
    lastName: "Lee",
    ssn: "901-01-0001",
    email: "[email protected]",
    mobile: "+1-212-555-1234",
    medRecNum: 235498
    }

    View Slide

  67. {
    firstName: "Pat",
    lastName: "Lee",
    ssn: "901-01-0001",
    email: "[email protected]",
    mobile: "+1-212-555-1234",
    medRecNum: 235498
    }
    {
    firstName: "Pat",
    lastName: "Lee",
    ssn: "r6EaUcgZ4lGw…",
    email: "K4b5U3TlcIXh…",
    mobile: "oR72CW4Wf5Ej…",
    medRecNum: 235498
    }
    View from application
    View from database (admin, server, DB logs, process memory)

    View Slide

  68. Client-Side Field Level Encryption Step by Step

    View Slide

  69. Client-Side Field Level Encryption Step by Step
     Step 1: Identify fields to encrypt

    View Slide

  70. Identify fields to encrypt
    {
    "medRecNum" : 235498,
    "firstName" : "Pat",
    "lastName" : "Lee",
    "ssn" : "901-01-0001",
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    }

    View Slide

  71. Client-Side Field Level Encryption Step by Step
     Step 1: Identify fields to encrypt
     Step 2: Set JSON data types & key(s) for encrypted
    fields

    View Slide

  72. "test.patients" : {
    "bsonType" : "object",
    "properties" : {
    "ssn" : {
    "encrypt" : {
    "bsonType" : "string",
    "keyId" : [ myKey ],
    "algorithm" : encryption_mode,
    }
    }
    }
    }

    View Slide

  73. Client-Side Field Level Encryption Step by Step
     Step 1: Identify fields to encrypt
     Step 2: Set JSON data types & key(s) for encrypted
    fields
     Step 3: Create a new Mongo session with encryption
    options

    View Slide

  74. var keystore = db.getCollection("__keystore")
    var clientSideFLEOptions = {
    "kmsProviders" : {
    "aws" : {
    "accessKeyId" : env.KMSKID ,
    "secretAccessKey" : env.KMSKEY
    }
    },
    "schemas" : { patientSchema } ,
    "keyVaultCollection" : keystore
    }
    encryptedSession = new Mongo( "localhost", clientSideFLEOptions )

    View Slide

  75. Client-Side Field Level Encryption Step by Step
     Step 1: Identify fields to encrypt
     Step 2: Set JSON data types & key(s) for encrypted
    fields
     Step 3: Create a new Mongo session with encryption
    options
     Step 4: Run your queries.

    View Slide

  76. db.patients.insert({
    "medRecNum" : 235498,
    "firstName" : "Pat",
    "lastName" : "Lee",
    "ssn" : "901-01-0001",
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    });
    ...
    db.patients.find({ "ssn": "901-01-1234" });

    View Slide

  77. Client-Side Field Level Encryption Step by Step
     Step 1: Identify fields to encrypt
     Step 2: Set JSON data types & key(s) for encrypted
    fields
     Step 3: Create a new mongo session with encryption
    options
     Step 4: Run your queries.
    (That’s it)

    View Slide

  78. Let’s go deeper

    View Slide

  79. Example: Direct query on an encrypted field
    encryptedDb.patients.find({"ssn": "901-01-0001" })

    View Slide

  80. Example: Direct query on an encrypted field
    encryptedDb.patients.find({"ssn": "901-01-0001" })

    View Slide

  81. Example: Direct query on an encrypted field
    encryptedDb.patients.find({"ssn": "901-01-0001" })
    encryptedDb.patients.find({ "ssn": BinData(6,"ASV2YBzOhUY…" )})

    View Slide

  82. Auto-decryption for clients holding a valid key:
    {
    "medRecNum" : 235498,
    "firstName" : "Pat",
    "lastName" : "Lee",
    "ssn" : "901-01-0001",
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    }

    View Slide

  83. View to a DBA:
    {
    "medRecNum" : 235498,
    "firstName" : "Pat",
    "lastName" : "Lee",
    "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    }

    View Slide

  84. View to a client lacking a valid key:
    {
    "medRecNum" : 235498,
    "firstName" : "Pat",
    "lastName" : "Lee",
    "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    }

    View Slide

  85. View to database, server memory, logs, backups:
    {
    "medRecNum" : 235498,
    "firstName" : "Pat",
    "lastName" : "Lee",
    "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    }

    View Slide

  86. {
    "firstName" : "Pat",
    "lastName" : "Lee",
    "medRecNum" : 235498,
    "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    }
    View to legacy clients:
    {
    "medRecNum" : 235498,
    "firstName" : "Pat",
    "lastName" : "Lee",
    "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
    "mobile" : "212-555-1234",
    "email" : "[email protected]"
    }

    View Slide

  87. Subdocuments & embedded fields supported

    View Slide

  88. Subdocuments & embedded fields supported
    {
    "_id": 923452345,
    "name": "John Doe",
    "ssn": "555-55-5555,
    "addresses": {
    "home": {
    "street": "123 secret way",
    "state": "NV",
    "zip": "89429"
    } }
    }

    View Slide

  89. Subdocuments & embedded fields supported
    {
    "_id": 923452345,
    "name": "John Doe",
    "ssn": "9+4/J%|]yr4t^(M",
    "addresses":
    "cEfgjCW,WqK+vB4V&fX1{G4XI*oi?OmQA7kT9>,}1vo
    SG!5\cJkl0?6ckTmL*9TmZ^[x`2gRkCYpP)~Ol5dpBz"
    }

    View Slide

  90. Subdocuments & embedded fields supported
    {
    "_id": 923452345,
    "name": "John Doe",
    "ssn": "9+4/J%|]yr4t^(M",
    "addresses": {
    "home": {
    "street": "8u^,%k78`[l9*AqMM",
    "state": "NV",
    "zip": "89429"
    } }
    }

    View Slide

  91. Sorts, range, and reference queries schema design
    {
    "firstName": ")2~Y8cJQuM",
    "lastName": "u?n"DOB": 1978,
    "location": {
    "city": "u^fj,%k78*)qV",
    "state": "NV",
    },
    "ssn": "9+4/J%|]yr4t^(M",
    "payerID": 62501,
    "medicalCode": "89K",
    "accountBalance": 4000.34
    }

    View Slide

  92. MongoDB Client-Side Field-Level Encryption
    Recap

    View Slide

  93. MongoDB Client-Side Field-Level Encryption
    Recap
    • Run anywhere: Atlas, self-managed cloud, GovCloud, local
    • Targeting all supported drivers on all supported platforms
    • Encrypt at the collection-, field-, or document-level
    • Search on encrypted fields
    • Subdocuments, objects and aggregation pipeline support
    • Multiple enforcement options (client-side, server-side, or both)
    • Backwards compatible with existing admin & cluster tools

    View Slide

  94. MongoDB Client-Side Field-Level Encryption
    Roadmap

    View Slide

  95. MongoDB Client-Side Field-Level Encryption
    Roadmap
    • Beta preview now – Java, Node.js, C# .Net, Python, Go
    • Server support on Atlas 4.2 clusters now
    • Shell update in flight
    • Additional language beta previews in coming weeks
    • 3rd party cryptography reviews & security assessments complete

    View Slide

  96. THANK YOU

    View Slide

  97. #MDBlocal
    Kenneth White
    Security Principal
    TORONTO
    New encryption capabilities in MongoDB 4.2:
    A deep dive into protecting sensitive
    workloads

    View Slide

  98. View Slide