MongoDB Client-Side Field Level Encryption

Slide 1

Slide 1 text

#MDBlocal Kenneth White Security Principal TORONTO New encryption capabilities in MongoDB 4.2: A deep dive into protecting sensitive workloads

Slide 2

Slide 2 text

New encryption capabilities in MongoDB 4.2: A deep dive into protecting sensitive workloads

Slide 3

Slide 3 text

New encryption capabilities in MongoDB 4.2: A deep dive into protecting sensitive workloads Agenda

Slide 4

Slide 4 text

New encryption capabilities in MongoDB 4.2: A deep dive into protecting sensitive workloads Agenda • A brief history of database security • Trust models: server vs. client • Encrypting data-in-use • Hands on deep dive • Q&A

Slide 5

Slide 5 text

A brief history of database security

Slide 6

Slide 6 text

A brief history of database security Evolution

Slide 7

Slide 7 text

A brief history of database security Evolution • access controls

Slide 8

Slide 8 text

A brief history of database security Evolution • access controls • passwords • plaintext > hashing > key derivation • bearer tokens • NTLM, Kerberos tickets, LDAP/S, SCRAM, web session • multi-factor auth • LCD fobs / SMS / 2FA apps / FIDO-U2F / WebAuthn / mobile enclaves • federated RBAC

Slide 9

Slide 9 text

A brief history of database security Evolution • network

Slide 10

Slide 10 text

A brief history of database security Evolution • network • (plaintext) native wire protocols • SSL encryption • TLS • TLS w/ PFS

Slide 11

Slide 11 text

A brief history of database security Evolution • storage

Slide 12

Slide 12 text

A brief history of database security Evolution • storage • plaintext / raw filesystem • encrypted

Slide 13

Slide 13 text

A brief history of database security Evolution • storage • volume-level / full disk encryption (FDE) • BitLocker, DMCrypt, FileVault, encrypted EBS • file-level encryption • whole database • per-database (WiredTiger ESE) • tablespace • database-level encryption • column / field

Slide 14

Slide 14 text

A brief history of database security These are all important defenses, but…

Slide 15

Slide 15 text

A brief history of database security What is the threat?

Slide 16

Slide 16 text

A brief history of database security Against whom/what are we defending?

Slide 17

Slide 17 text

A brief history of database security Against whom/what are we defending? • “hackers”?

Slide 18

Slide 18 text

A brief history of database security Against whom/what are we defending? • “hackers”? • criminal blackhats? • competitors? • activists? • unknown actors?

Slide 19

Slide 19 text

A brief history of database security Against whom/what are we defending? • “hackers”? • criminal blackhats? • competitors? • activists? • unknown actors? • insiders?

Slide 20

Slide 20 text

A brief history of database security Against whom/what are we defending? • “hackers”? • criminal blackhats? • competitors? • activists? • unknown actors? • insiders? • admins?

Slide 21

Slide 21 text

A brief history of database security Against whom/what are we defending?

Slide 22

Slide 22 text

A brief history of database security What is the threat?

Slide 23

Slide 23 text

A brief history of database security What is the threat?

Slide 24

Slide 24 text

A brief history of database security What is the threat?

Slide 25

Slide 25 text

The security model for many Prod databases

Slide 26

Slide 26 text

The security model for many Prod databases Source: Imgur (author unknown)

Slide 27

Slide 27 text

A brief history of database security

Slide 28

Slide 28 text

A brief history of database security Let’s talk about breaches.

Slide 29

Slide 29 text

A brief history of database security Every sector of the global economy has been impacted.

Slide 30

Slide 30 text

A brief history of database security Every sector of the global economy has been impacted • enterprise • consumer tech • retail • government • healthcare • finance …

Slide 31

Slide 31 text

A brief history of database security Major shifts in regulatory & privacy climate

Slide 32

Slide 32 text

A brief history of database security Major shifts in regulatory & privacy climate • GDPR • HIPAA • PCI DSS • NIST/FISMA • Consumer protection • State & provincial

Slide 33

Slide 33 text

A brief history of database security System architect & developer security challenges

Slide 34

Slide 34 text

A brief history of database security System architect & developer security challenges Meeting legal/regulatory obligations • Controls • Audit/attestation

Slide 35

Slide 35 text

A brief history of database security System architect & developer security challenges Meeting legal/regulatory obligations • Controls • Audit/attestation Defending real-world attacks • First Principles: C/I/A • Separation of duties • Access control • Identifying & protecting sensitive data

Slide 36

Slide 36 text

A brief history of database security System architects & develop security challenges Meeting legal/regulatory obligations • Controls • Audit/attestation Defending real-world attacks • First Principles: C/I/A • Separation of duties • Access control • Identifying & protecting sensitive data

Slide 37

Slide 37 text

Trust models: server vs. client

Slide 38

Slide 38 text

Trust models: server vs. client What is the source of trust?

Slide 39

Slide 39 text

Trust models: server vs. client What is the source of trust? • Traditionally, DB encryption has relied on server-side trust

Slide 40

Slide 40 text

Trust models: server vs. client What is the source of trust? • Traditionally, DB encryption has relied on server-side trust • This has implications, many not so obvious

Slide 41

Slide 41 text

Trust models: server vs. client What is the source of trust? • Traditionally, DB encryption has relied on server-side trust • This has implications, many not so obvious • With a few caveats, the database operator typically has unrestricted technical access, including: • DBAs • system admins • hosting/infrastructure providers

Slide 42

Slide 42 text

Trust models: server vs. client What is the source of trust? • In a server-side encryption model, a leak or breach can be catastrophic

Slide 43

Slide 43 text

Trust models: server vs. client What is the source of trust? • In a server-side encryption model, a leak or breach can be catastrophic • This potentially includes: logs, backups, temp files, process memory…

Slide 44

Slide 44 text

Slide 45

Slide 45 text

Trust models: server vs. client This is particularly important in a cloud context, especially so when running highly sensitive workloads.

Slide 46

Slide 46 text

Trust models: server vs. client A common pain for system architects

Slide 47

Slide 47 text

Trust models: server vs. client A common pain for system architects • Most notably in healthcare, finance, and consumer tech • The benefits of managed, easily expanded compute & cloud storage have often been considered out of reach because of data confidentiality & privacy concerns.

Slide 48

Slide 48 text

Trust models: server vs. client The fundamental challenge is protecting the confidentiality of data while it’s in use.

Slide 49

Slide 49 text

Encrypting Data-in-Use

Slide 50

Slide 50 text

Encrypting Data-in-Use Introducing MongoDB Client-Side Field Level Encryption

Slide 51

Slide 51 text

Encrypting Data-in-Use Introducing MongoDB Client-Side Field Level Encryption • encryption as a first-class citizen • modern, authenticated encryption algorithms • strong security guarantees • customer-managed keys • sensitive content is opaque to server & server operator

Slide 52

Slide 52 text

Encrypting Data-in-Use Introducing MongoDB Client-Side Field-Level Encryption • major investment • 2 years in the making • 18+ engineers spanning core server, query, security, cloud, drivers • targeting 12+ languages • all major hardware & operating system platforms • Linux, MacOS, Windows

Slide 53

Slide 53 text

MongoDB Client-Side Field-Level Encryption

Slide 54

Slide 54 text

MongoDB Client-Side Field-Level Encryption Core design

Slide 55

Slide 55 text

MongoDB Client-Side Field-Level Encryption Core design • CSFLE is enabled in drivers & integrated into shell • All encryption/decryption is done in the driver, on the client • Drivers have expanded MQL awareness for automatic encryption • Individual fields within collections can be marked as encrypted • Keys can be used on a per-field or even per-document basis

Slide 56

Slide 56 text

MongoDB Client-Side Field-Level Encryption Implementation

Slide 57

Slide 57 text

MongoDB Client-Side Field-Level Encryption Implementation • Extends existing JSON Schema with new “encrypt” property • Schema validation extended client-side • Key management services natively integrated into drivers • KMS envelope encryption used to protect field data keys • Server only sees encrypted binary data (BinData subtype-6)

Slide 58

Slide 58 text

MongoDB Client-Side Field-Level Encryption Cryptography

Slide 59

Slide 59 text

MongoDB Client-Side Field-Level Encryption Cryptography • Multiple encryption options, including deterministic search • Cloud key services are natively integrated • Modern authenticated encryption: AEAD AES-256 & HMAC-SHA512 • 2015 IETF draft: McGrew, Foley, Paterson • Abuse- & misuse-resistant derived HMACs w/ deterministic IVs • Native OS libraries used for crypto primitives

Slide 60

Slide 60 text

MongoDB Client-Side Field-Level Encryption Cryptography • Raw key material never persisted to disk (in-memory only) • Stored field keys protected by strong symmetric encryption • Field wrapping keys secured in HSM-backed external KMS • Key service master key rotation: scheduled or on-demand • Core constructions are Post-Quantum secure • Engaged with expert cryptography teams on design & security properties, and conducted independent security assessments

Slide 61

Slide 61 text

MongoDB Client-Side Field-Level Encryption How does it work?

Slide 62

Slide 62 text

No content

Slide 63

Slide 63 text

No content

Slide 64

Slide 64 text

View from application

Slide 65

Slide 65 text

View from application { firstName: "Pat", lastName: "Lee", ssn: "901-01-0001", email: "[email protected]", mobile: "+1-212-555-1234", medRecNum: 235498 }

Slide 66

Slide 66 text

View from application View from database (admin, server, DB logs, process memory) { firstName: "Pat", lastName: "Lee", ssn: "901-01-0001", email: "[email protected]", mobile: "+1-212-555-1234", medRecNum: 235498 }

Slide 67

Slide 67 text

{ firstName: "Pat", lastName: "Lee", ssn: "901-01-0001", email: "[email protected]", mobile: "+1-212-555-1234", medRecNum: 235498 } { firstName: "Pat", lastName: "Lee", ssn: "r6EaUcgZ4lGw…", email: "K4b5U3TlcIXh…", mobile: "oR72CW4Wf5Ej…", medRecNum: 235498 } View from application View from database (admin, server, DB logs, process memory)

Slide 68

Slide 68 text

Client-Side Field Level Encryption Step by Step

Slide 69

Slide 69 text

Client-Side Field Level Encryption Step by Step  Step 1: Identify fields to encrypt

Slide 70

Slide 70 text

Identify fields to encrypt { "medRecNum" : 235498, "firstName" : "Pat", "lastName" : "Lee", "ssn" : "901-01-0001", "mobile" : "212-555-1234", "email" : "[email protected]" }

Slide 71

Slide 71 text

Client-Side Field Level Encryption Step by Step  Step 1: Identify fields to encrypt  Step 2: Set JSON data types & key(s) for encrypted fields

Slide 72

Slide 72 text

"test.patients" : { "bsonType" : "object", "properties" : { "ssn" : { "encrypt" : { "bsonType" : "string", "keyId" : [ myKey ], "algorithm" : encryption_mode, } } } }

Slide 73

Slide 73 text

Client-Side Field Level Encryption Step by Step  Step 1: Identify fields to encrypt  Step 2: Set JSON data types & key(s) for encrypted fields  Step 3: Create a new Mongo session with encryption options

Slide 74

Slide 74 text

var keystore = db.getCollection("__keystore") var clientSideFLEOptions = { "kmsProviders" : { "aws" : { "accessKeyId" : env.KMSKID , "secretAccessKey" : env.KMSKEY } }, "schemas" : { patientSchema } , "keyVaultCollection" : keystore } encryptedSession = new Mongo( "localhost", clientSideFLEOptions )

Slide 75

Slide 75 text

Slide 76

Slide 76 text

db.patients.insert({ "medRecNum" : 235498, "firstName" : "Pat", "lastName" : "Lee", "ssn" : "901-01-0001", "mobile" : "212-555-1234", "email" : "[email protected]" }); ... db.patients.find({ "ssn": "901-01-1234" });

Slide 77

Slide 77 text

Client-Side Field Level Encryption Step by Step  Step 1: Identify fields to encrypt  Step 2: Set JSON data types & key(s) for encrypted fields  Step 3: Create a new mongo session with encryption options  Step 4: Run your queries. (That’s it)

Slide 78

Slide 78 text

Let’s go deeper

Slide 79

Slide 79 text

Example: Direct query on an encrypted field encryptedDb.patients.find({"ssn": "901-01-0001" })

Slide 80

Slide 80 text

Example: Direct query on an encrypted field encryptedDb.patients.find({"ssn": "901-01-0001" })

Slide 81

Slide 81 text

Example: Direct query on an encrypted field encryptedDb.patients.find({"ssn": "901-01-0001" }) encryptedDb.patients.find({ "ssn": BinData(6,"ASV2YBzOhUY…" )})

Slide 82

Slide 82 text

Auto-decryption for clients holding a valid key: { "medRecNum" : 235498, "firstName" : "Pat", "lastName" : "Lee", "ssn" : "901-01-0001", "mobile" : "212-555-1234", "email" : "[email protected]" }

Slide 83

Slide 83 text

View to a DBA: { "medRecNum" : 235498, "firstName" : "Pat", "lastName" : "Lee", "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "[email protected]" }

Slide 84

Slide 84 text

View to a client lacking a valid key: { "medRecNum" : 235498, "firstName" : "Pat", "lastName" : "Lee", "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "[email protected]" }

Slide 85

Slide 85 text

View to database, server memory, logs, backups: { "medRecNum" : 235498, "firstName" : "Pat", "lastName" : "Lee", "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "[email protected]" }

Slide 86

Slide 86 text

{ "firstName" : "Pat", "lastName" : "Lee", "medRecNum" : 235498, "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "[email protected]" } View to legacy clients: { "medRecNum" : 235498, "firstName" : "Pat", "lastName" : "Lee", "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "[email protected]" }

Slide 87

Slide 87 text

Subdocuments & embedded fields supported

Slide 88

Slide 88 text

Subdocuments & embedded fields supported { "_id": 923452345, "name": "John Doe", "ssn": "555-55-5555, "addresses": { "home": { "street": "123 secret way", "state": "NV", "zip": "89429" } } }

Slide 89

Slide 89 text

Subdocuments & embedded fields supported { "_id": 923452345, "name": "John Doe", "ssn": "9+4/J%|]yr4t^(M", "addresses": "cEfgjCW,WqK+vB4V&fX1{G4XI*oi?OmQA7kT9>,}1vo SG!5\cJkl0?6ckTmL*9TmZ^[x`2gRkCYpP)~Ol5dpBz" }

Slide 90

Slide 90 text

Subdocuments & embedded fields supported { "_id": 923452345, "name": "John Doe", "ssn": "9+4/J%|]yr4t^(M", "addresses": { "home": { "street": "8u^,%k78`[l9*AqMM", "state": "NV", "zip": "89429" } } }

Slide 91

Slide 91 text

Sorts, range, and reference queries schema design { "firstName": ")2~Y8cJQuM", "lastName": "u?n

Slide 92

Slide 92 text

MongoDB Client-Side Field-Level Encryption Recap

Slide 93

Slide 93 text

MongoDB Client-Side Field-Level Encryption Recap • Run anywhere: Atlas, self-managed cloud, GovCloud, local • Targeting all supported drivers on all supported platforms • Encrypt at the collection-, field-, or document-level • Search on encrypted fields • Subdocuments, objects and aggregation pipeline support • Multiple enforcement options (client-side, server-side, or both) • Backwards compatible with existing admin & cluster tools

Slide 94

Slide 94 text

MongoDB Client-Side Field-Level Encryption Roadmap

Slide 95

Slide 95 text

MongoDB Client-Side Field-Level Encryption Roadmap • Beta preview now – Java, Node.js, C# .Net, Python, Go • Server support on Atlas 4.2 clusters now • Shell update in flight • Additional language beta previews in coming weeks • 3rd party cryptography reviews & security assessments complete

Slide 96

Slide 96 text

THANK YOU

Slide 97

Slide 97 text

#MDBlocal Kenneth White Security Principal TORONTO New encryption capabilities in MongoDB 4.2: A deep dive into protecting sensitive workloads

Slide 98

Slide 98 text

No content