In our project for encryption we needed to make server as blind as possible.
We applied below algorithms for this purpose.
1) Server must not know which files it is storing.
Put files in parts.
Place them at random locations on server.
Put fake blocks.
2)Server file parts must be meaningless.
For attacking for basic files(raw text files) one can check occurring patterns for frequency analysis.
So zip files to decrease entropy.
3)While checking database attackers must not understand anything.
For example think you have a column as user id.
If attacker sees column id = 3 he will understand all files of user 3.
So every column must be kept encrypted.
But a hash or md5 of 3 will always be same .Ex : 344jkfjkdf994jjfjf
So an attacker can understand these files belong to same user.
So what is a good candidate for every row to have different values for same data?
Row id . Put row id into hashing or AES algorithm .
But still there is a pattern.
User Id + Row id
either post or prefix can give a clue.
So put time stamp at beginning.
Date.now + user id + row id
Every user must understand his files but not other people' files.
So AES this with user AES key
select CAST( AES_DECRYPT( UNHEX( enc_column), ? ) as char ) as user_info
FROM anytable_encyrpted HAVING user_info = concat( 'userid=(', ?, '),id=(', anytable_encyrpted_id , ')' ) " ;
? are parameters as follows :
User AES key, and user id
No comments:
Post a Comment