Hi Hyperledger Experts:
In some cases, some organizations in a channel have the requirement to encrypt their data on the fabric network. Please refer to https://hyperledger-fabric.readthedocs.io/en/latest/chaincode4ade.html#chaincode-encryption . And the AES encryption key and decryption key are needed.
So there is a need to store some organizations' encryption key and decryption key. The fabric documentation also mentioned "If you encrypt the data then you will need to provide a means to share the decryption keys". Please refer to https://hyperledger-fabric.readthedocs.io/en/latest/Fabric-FAQ.html
So the question is: what is the advisable way to store the AES encryption/decryption keys? Where to store them?
Apart from fabric network, do we need a separate centralized database to store them? Or can we directly store them on fabric network, and only let specified organizations to get them? Thanks very much!
I'm not an expert in data security but I believe your problem can be solved using Private Data present in hyperledger fabric framework itself.
It is confidential data that is stored in a private database on each authorized peer, logically separate from the channel ledger data. Access to this data is restricted to one or more organizations on a channel via a private data collection definition. Unauthorized organizations will have a hash of the private data on the channel ledger as evidence of the transaction data.
Refer to docs to understand how to use this to store your AES keys.
Related
I will demonstrate my question with an example.
I want to develop a distributed application for renting cars. Since the booking details (BD) can be visible on the blockchain, I want to encrypt them and be accesible only by the intended users. Assume that the car owner and the renter have public key and private key, the car has a key (symmetric encryption) and that the onwer and the renter have agreed beforehand on the BD.
The idea is that the owner will generate an access token, from the BD, which will be published on the blockchain, retrieved by the renter and used by him to enter the car.
My question is how can I encrypt the BD in order to generate the access token while at the same time confidentiality, integrity and availability can be maintained.
One ill-solution that I have thought is that the owner encrypts the BD and their signature with the car's key (in order to generate the access token). Then he publishes the access token to the blockchain and retrieved by the renter. However, how can the renter know that the access token contains the agreed BD? Is it good practice to use a second layer of encryption such that; after the owner generates the access token he encrypts it together with the BD with the renter's public key? In this scenario, when the renter decrypts it, he has two things, an access token (which will be used to enter the car) and the booking details (verify that these are the agreed BD).
Is there a more efficient or elegant way to do this?
Thank you in advance.
We are building a multi-tenant cloud-based web product where customer data is stored in single Database instance. There are certain portion of customer specific business data which is highly sensitive. The sensitive business data should be protected such that nobody can access it except the authorized users of the customer (neither through application not through accessing Database directly). Customer want to make sure even the platform provider(us) is not able to access specific data by any means. They want us to clearly demonstrate Data security in this context. I am looking for specific guidance in the following areas:
How to I make sure the data is protected at Database level such that even the platform provider cannot access the data.
Even if we encrypt the Data, the concern is that anyone with the decryption key can decrypt the data
What is the best way to solve this problem?
Appreciate your feedback.
"How to I make sure the data is protected at Database level such that even the platform provider cannot access the data"
-- As you are in a Multi-Tenanted environment, First of all you would have to "single tenant your databases" so one DB per customer. Then you need to modify the application to pick up the database from some form of config.
For encryption as you are in Azure you would have to use the Azure Key vault with your own keys or customer's own keys. you then configure SQL to use these keys to encrypt the data. see here and here
if you want the database to stay multi-tenanted, you would need to do the encryption at the application level. However this would need the application to know about customer keys, hence I dont think that this would be a valid solution.
"Even if we encrypt the Data, the concern is that anyone with the decryption key can decrypt the data" - yep anyone with the keys can access the data. For this you would need to set the access controls appropriately on your key vault.. so the customer can see only their keys.
In the end as you are the service provider.. the customers would have to trust you some what :)
Option 1: If we use an AWS KMS-managed customer master key (CMK), does that provide end-to-end encryption?
Option 2: Or, would we have to use a client-side master key, so that only the client can decrypt their data?
Update: KMS is not asymmetric, though you can use Envelope Encryption to generate a data key from the CMK. The key is generated on a physical HSM making it not accessible externally. You will only have to worry about the access to the CMK which you can achieve using IAM access control.
For a detailed explanation how the mechanism works, check the Envelope Encryption section on the KMS Cryptographic Details white paper.
So if you only worried about eavesdropping can be a good solution. If you are looking for strictly end-to-end encryption you might have to use asymmetric keys on which KMS can help you with too.
Aws kms does not store any data it provide you two keys
1 plain key : with the help of it you encrypt the data and delete it(key)(no need to save anywhere).
2.encrypted data key :- you need to save this key to decrypt the data( to decrypt the data first you got plain key from aws using encrypted data key) and with the help of plain key you decrypt the data.
So encryption is done at client side.
I am developing a web based application that will be employed by numerous third party organisations
in numerous countries around the world.
The browser based client will feed sensitive data into a shared back end database.
All organisations in all countries will Read/Write data into the same database.
I wish to encrypt the data entered within the browser so that its safe while in transit
to the back end database. e.g. client side encryption.
I also wish to encrypt the data while at rest in my database.
This application will be developed using Java, Javascript (REACT.js), and Scala.
The backend database will be MongoDB.
I cannot find a good Key Management example/description e.g. how a key is properly generated,
distributed, stored, replaced, deleted, and recovered during its life time.
I have the following choices/decisions to make:-
Flavour of encryption, e.g TripleDES, RSA, Blowfish, Twofish, AES etc..
Key(s) Symmetric/Asymmetric and its/thier length
How should I securely distribute the keys to my clients.
How to keep my keys safe on my back end servers.
If keys should have a lifecycle of generated, distributed, stored, replaced, deleted.
How do I decrypt data that was encrypted with Key0 when I am now using Key1, or Key2?
How should I store my multiple keys for my multiple clients to enable me to encrypt/decrypt
each clients data.
Use HTTPS with certificate pinning to secure the data in transit.
Use AES for encryption. Do not use TripleDES, RSA, Blowfish or Twofish in new work.
Use an HSM.
Encrypt the data with a long-life key that is not distributed, encrypt that key with short life keys that can be changed as needed.
Considering the scope of the project get a cryptographic domain expert to design the security and vet the code.
For a security application I want to do the following:
Each data related to a user is encrypted with this user's key (the key is unique for each user).
The only data that are not encrypted are password (because it's already hashed, no need to crypt it on top of that), email (identifier for login) and the key (to decrypt data on server side).
The goal is to make data storage safe even if my database gets full dumped, since the attacker will have to find which algorithm(s) is used for the encryption, for each user, even if he has the key.
I'm making a RESTful API connected to this database, and I want to use Spring Data neo4j + spring Rest and Spring boot (just going to do API mapping by myself, since all my attempts to let spring generate API implementation failed).
So, the real question is How to encrypt/decrypt data in SDN's transactions? I mean I need to store data encrypted, and return it decrypted, so I need to be able to encrypt it on Java side.
If I can't do it with SDN, I'll do it using Neo4j Core API instead, just wanted to give SDN a chance since it can be really time saver.