SlideShare une entreprise Scribd logo

Securing Search Index with Searchable Encryption

H
Harry Ochiai

A searchable encryption plugin for encrypting search indices of enterprise search platforms, Apache Solr and Elasticsearch.

Technologie
1  sur  19
Télécharger pour lire hors ligne
© Hitachi Solutions America, Ltd. 2017. All rights reserved. Zero-Knowledge Technologies for the CloudJune 7, 2017 NYC Apache Lucene/Solr Meetup
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 1 Security Needs for Search Engine  Gathered in one place  Pre-processed in useful form  Shows relativity between data Index Data is Valuable
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 2 Data Breach is Real  $4 million cost in average  29% increased cost since 2013  Only 25% is human error Security Needs for Search Engine
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 3 Index Data Encryption  Thicker walls are not enough to protect credential data any more.  Effective protection even after the attackers break in is required. Security Needs for Search Engine
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 4 Security Needs for Search Engine Use FDE platform Customization by engine integrator Lucene 6966 Existing Encryption Solution
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 5 Security Needs for Search Engine Keys are accessible for server Server side encryption Decrypt for every search Problem of Existing Solution
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 6 Overview of Credeon SFS is a product developed by Hitachi Solutions in Japan, based on an advanced cryptographic scheme born in the research lab of Hitachi. Credeon Secure Full-text Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 7 Overview of Credeon SFS Keys are inaccessible for server Client side encryption Search without decryption Main Goal of Credeon SFS
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 8 Overview of Credeon SFS How dose Credeon SFS Work Credeon Codec Credeon Plugin Update Handler Search Component Request Handler Postings Format Stored Fields Format
© Hitachi Solutions America, Ltd. 2017. All rights reserved. Client Side Server Side 9 Scheme like Lucene 6966 Encryption Scheme Upload Create Index Decrypt Encrypt Return Result QUERY ? QUERY ?Send Query Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 10 Scheme of Credeon SFS Encryption Scheme Key Management Server Client Side Server Side QUERY ? QUERY ? Create Index Create Query Decrypt Result Decrypt Upload Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 11 A Patent Cryptographic Technology Developed by Hitachi R&D Searchable Encryption Secure Practical
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 12 Searchable Encryption How Secure×Practical  AES 256 (FIPS 140-2)  Probabilistic Encryption  AES Encryption Speed  None Linear to Data Size Probabilistic Plain Encrypted Apple Banana Banana Banana Coconut $k24J$jX K#$#J%K^ G%jQ%K9( HFv9hbvn !=v[h-u Terms in Index SearchTime Plain Text Search Encrypted Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 13 Mechanism Searchable Encryption
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 14 Current Model As a Product text keyword result Searchable Storage Storage Client Server App Server OS No Encryption OS Encryption Simple Encryption with ES/Solr Client-Side Credeon SFS with ES/Solr Credeon SFS with ES/Solr Security Level No Security Decryption at storage layer  Difficult to separate key Decrypt first and match  Very slow  plaintext in memory Match first and decrypt  Key separation  High Performance  Semantically Secure  plaintext in memory Client Client Decryption at client-side  Key separation  High Performance  Semantically Secure  no plaintext on server Storage value Storage value text keyword result Client ES/Solr/Lucene ES/Solr/Lucene File System Encryption value text keyword result ES/Solr/Lucene Simple Encryption Client value text keyword result ES/Solr/Lucene Encryption Client value text keyword result Searchable Encryption Storage ES/Solr/Lucene IndexIndexIndexIndexIndex
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 15 Performance As a Product Plain Credeon Credeon/Plain Indexing Time (s) 1,643 4,835 2.9 Search Time (ms) 16 19 1.2 Index Size (MB) 2,941 5,011 1.7 CPU Core i5 2.4GHz Mem 8GB OS Ubuntu 14.04 LTD Engine App Solr 5 Data Wikipedia Pages 10GB (13,800,000 terms) TestEnvironmentResult
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 16 Limitation As a Product Type Feature Encrypted Field Plain Field Search Schema Core type, Copy field, Dynamic field Yes Yes Index Indexing, Delete, Update Yes Yes Search N-Gram, Lower case, Phonetic, Stop, Trim, Filter Query, Boost, Boolean, Stemmer, Phrase Yes Yes Pattern, Wildcard, Range, Grouping, Spatial search No Yes Result Relevance, Sort*1, Highlighting*2, Pagination, Yes Yes Spell check, Suggester, More like this No Yes Facet Query faceting, Field-value faceting, Range faceting No Yes Caching Filter cache, Query result cache Yes Yes Field cache No Yes Analyzer, Tokenizer, Filter, Transform, Response writer Yes*3 Yes Cloud Yes Yes Encryption Terms (.tim/.tip/.doc/.pos/.pay) Encrypted N/A Stored field (.fdt) Encrypted N/A Meta data Plain N/A Search keyword Encrypted N/A Transaction log Plain N/A *1: Only with Score *2: Except FastVectorHighlighter *3: Need to evaluate
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 17  Setup  Upload  Search  Select Encryption Fields  Use Multiple Keys  Others Demo
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 18 Thanks for Listening Tong Ye tye@hitachisolutions.com Harry Ochiai hochiai@hitachisolutions.com @credeon https://psg.hitachi-solutions.com/credeon/secure-full-text-search

Recommandé

Přehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAPřehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAMarketingArrowECS_CZ
 
Future of IT
Future of ITFuture of IT
Future of ITMarketingArrowECS_CZ
 
Using Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesUsing Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesMarketingArrowECS_CZ
 
ODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceMarketingArrowECS_CZ
 
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...ActiveState
 
Improving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMImproving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMElasticsearch
 
AWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapAWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapVeritas Technologies LLC
 
Data Science Experience
Data Science ExperienceData Science Experience
Data Science ExperienceZied ABIDI
 

Recommandé

Přehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAPřehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAMarketingArrowECS_CZ
 
Future of IT
Future of ITFuture of IT
Future of ITMarketingArrowECS_CZ
 
Using Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesUsing Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesMarketingArrowECS_CZ
 
ODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceMarketingArrowECS_CZ
 
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...ActiveState
 
Improving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMImproving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMElasticsearch
 
AWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapAWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapVeritas Technologies LLC
 
Data Science Experience
Data Science ExperienceData Science Experience
Data Science ExperienceZied ABIDI
 
Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainMichele Chubirka
 
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp
 
NetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp
 
Oracle six journeys to cloud
Oracle six journeys to cloudOracle six journeys to cloud
Oracle six journeys to cloudTekpros
 
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Backblaze
 
OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO Object Storage
 
The Non-Relational Revolution
The Non-Relational RevolutionThe Non-Relational Revolution
The Non-Relational RevolutionMikhail Prudnikov
 
IBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in HealthcareIBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in HealthcareIDEAS - Int'l Data Engineering and Science Association
 
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsReplatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsVMware Tanzu
 
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp
 
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppBridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppMongoDB
 
"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from Intel"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from IntelEdge AI and Vision Alliance
 
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElasticsearch
 
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinDevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinSreeni Pamidala
 
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...Amazon Web Services
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedEPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedJoseph Alaimo Jr
 
ICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTDr. Haxel Consult
 
Aerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationAerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationBrillix
 
Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...NetAppUK
 
Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Daryll Whyte
 

Contenu connexe

Tendances

Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainMichele Chubirka
 
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp
 
NetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp
 
Oracle six journeys to cloud
Oracle six journeys to cloudOracle six journeys to cloud
Oracle six journeys to cloudTekpros
 
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Backblaze
 
OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO Object Storage
 
The Non-Relational Revolution
The Non-Relational RevolutionThe Non-Relational Revolution
The Non-Relational RevolutionMikhail Prudnikov
 
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsReplatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsVMware Tanzu
 
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp
 

Tendances (10)

Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chain
 
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
 
NetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital Transformation
 
Oracle six journeys to cloud
Oracle six journeys to cloudOracle six journeys to cloud
Oracle six journeys to cloud
 
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
 
OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016
 
The Non-Relational Revolution
The Non-Relational RevolutionThe Non-Relational Revolution
The Non-Relational Revolution
 
IBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in HealthcareIBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in Healthcare
 
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsReplatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
 
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
 

Similaire à Securing Search Index with Searchable Encryption

Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppBridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppMongoDB
 
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElasticsearch
 
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinDevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinSreeni Pamidala
 
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...Amazon Web Services
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedEPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedJoseph Alaimo Jr
 
ICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTDr. Haxel Consult
 
Aerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationAerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationBrillix
 
Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...NetAppUK
 
Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Daryll Whyte
 
MySQL 8.0 in a nutshell
MySQL 8.0 in a nutshellMySQL 8.0 in a nutshell
MySQL 8.0 in a nutshellOracleMySQL
 
State ofdolphin short
State ofdolphin shortState ofdolphin short
State ofdolphin shortMandy Ang
 
Apache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoTApache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoTDenis Magda
 
Synectiks Microservice Platform
Synectiks Microservice PlatformSynectiks Microservice Platform
Synectiks Microservice PlatformPapu Bhattacharya
 
Servereless Jobs with AWS Lambda
Servereless Jobs with AWS LambdaServereless Jobs with AWS Lambda
Servereless Jobs with AWS LambdaJon Gear
 
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...Amazon Web Services
 
Postgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy SystemPostgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy SystemEDB
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
 

Similaire à Securing Search Index with Searchable Encryption (20)

Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppBridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
 
"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from Intel"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from Intel
 
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ Cisco
 
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinDevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
 
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedEPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
 
ICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPT
 
Aerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationAerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital Transformation
 
Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...
 
Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.
 
MySQL 8.0 in a nutshell
MySQL 8.0 in a nutshellMySQL 8.0 in a nutshell
MySQL 8.0 in a nutshell
 
State ofdolphin short
State ofdolphin shortState ofdolphin short
State ofdolphin short
 
Apache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoTApache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoT
 
Synectiks Microservice Platform
Synectiks Microservice PlatformSynectiks Microservice Platform
Synectiks Microservice Platform
 
Servereless Jobs with AWS Lambda
Servereless Jobs with AWS LambdaServereless Jobs with AWS Lambda
Servereless Jobs with AWS Lambda
 
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
 
Postgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy SystemPostgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy System
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
 

Dernier

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Dernier (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

Securing Search Index with Searchable Encryption

  • 1. © Hitachi Solutions America, Ltd. 2017. All rights reserved. Zero-Knowledge Technologies for the CloudJune 7, 2017 NYC Apache Lucene/Solr Meetup
  • 2. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 1 Security Needs for Search Engine  Gathered in one place  Pre-processed in useful form  Shows relativity between data Index Data is Valuable
  • 3. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 2 Data Breach is Real  $4 million cost in average  29% increased cost since 2013  Only 25% is human error Security Needs for Search Engine
  • 4. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 3 Index Data Encryption  Thicker walls are not enough to protect credential data any more.  Effective protection even after the attackers break in is required. Security Needs for Search Engine
  • 5. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 4 Security Needs for Search Engine Use FDE platform Customization by engine integrator Lucene 6966 Existing Encryption Solution
  • 6. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 5 Security Needs for Search Engine Keys are accessible for server Server side encryption Decrypt for every search Problem of Existing Solution
  • 7. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 6 Overview of Credeon SFS is a product developed by Hitachi Solutions in Japan, based on an advanced cryptographic scheme born in the research lab of Hitachi. Credeon Secure Full-text Search
  • 8. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 7 Overview of Credeon SFS Keys are inaccessible for server Client side encryption Search without decryption Main Goal of Credeon SFS
  • 9. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 8 Overview of Credeon SFS How dose Credeon SFS Work Credeon Codec Credeon Plugin Update Handler Search Component Request Handler Postings Format Stored Fields Format
  • 10. © Hitachi Solutions America, Ltd. 2017. All rights reserved. Client Side Server Side 9 Scheme like Lucene 6966 Encryption Scheme Upload Create Index Decrypt Encrypt Return Result QUERY ? QUERY ?Send Query Search
  • 11. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 10 Scheme of Credeon SFS Encryption Scheme Key Management Server Client Side Server Side QUERY ? QUERY ? Create Index Create Query Decrypt Result Decrypt Upload Search
  • 12. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 11 A Patent Cryptographic Technology Developed by Hitachi R&D Searchable Encryption Secure Practical
  • 13. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 12 Searchable Encryption How Secure×Practical  AES 256 (FIPS 140-2)  Probabilistic Encryption  AES Encryption Speed  None Linear to Data Size Probabilistic Plain Encrypted Apple Banana Banana Banana Coconut $k24J$jX K#$#J%K^ G%jQ%K9( HFv9hbvn !=v[h-u Terms in Index SearchTime Plain Text Search Encrypted Search
  • 14. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 13 Mechanism Searchable Encryption
  • 15. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 14 Current Model As a Product text keyword result Searchable Storage Storage Client Server App Server OS No Encryption OS Encryption Simple Encryption with ES/Solr Client-Side Credeon SFS with ES/Solr Credeon SFS with ES/Solr Security Level No Security Decryption at storage layer  Difficult to separate key Decrypt first and match  Very slow  plaintext in memory Match first and decrypt  Key separation  High Performance  Semantically Secure  plaintext in memory Client Client Decryption at client-side  Key separation  High Performance  Semantically Secure  no plaintext on server Storage value Storage value text keyword result Client ES/Solr/Lucene ES/Solr/Lucene File System Encryption value text keyword result ES/Solr/Lucene Simple Encryption Client value text keyword result ES/Solr/Lucene Encryption Client value text keyword result Searchable Encryption Storage ES/Solr/Lucene IndexIndexIndexIndexIndex
  • 16. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 15 Performance As a Product Plain Credeon Credeon/Plain Indexing Time (s) 1,643 4,835 2.9 Search Time (ms) 16 19 1.2 Index Size (MB) 2,941 5,011 1.7 CPU Core i5 2.4GHz Mem 8GB OS Ubuntu 14.04 LTD Engine App Solr 5 Data Wikipedia Pages 10GB (13,800,000 terms) TestEnvironmentResult
  • 17. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 16 Limitation As a Product Type Feature Encrypted Field Plain Field Search Schema Core type, Copy field, Dynamic field Yes Yes Index Indexing, Delete, Update Yes Yes Search N-Gram, Lower case, Phonetic, Stop, Trim, Filter Query, Boost, Boolean, Stemmer, Phrase Yes Yes Pattern, Wildcard, Range, Grouping, Spatial search No Yes Result Relevance, Sort*1, Highlighting*2, Pagination, Yes Yes Spell check, Suggester, More like this No Yes Facet Query faceting, Field-value faceting, Range faceting No Yes Caching Filter cache, Query result cache Yes Yes Field cache No Yes Analyzer, Tokenizer, Filter, Transform, Response writer Yes*3 Yes Cloud Yes Yes Encryption Terms (.tim/.tip/.doc/.pos/.pay) Encrypted N/A Stored field (.fdt) Encrypted N/A Meta data Plain N/A Search keyword Encrypted N/A Transaction log Plain N/A *1: Only with Score *2: Except FastVectorHighlighter *3: Need to evaluate
  • 18. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 17  Setup  Upload  Search  Select Encryption Fields  Use Multiple Keys  Others Demo
  • 19. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 18 Thanks for Listening Tong Ye tye@hitachisolutions.com Harry Ochiai hochiai@hitachisolutions.com @credeon https://psg.hitachi-solutions.com/credeon/secure-full-text-search