SlideShare a Scribd company logo

Securing Search Index with Searchable Encryption

H
Harry Ochiai

A searchable encryption plugin for encrypting search indices of enterprise search platforms, Apache Solr and Elasticsearch.

Technology
1 of 19
Download to read offline
© Hitachi Solutions America, Ltd. 2017. All rights reserved. Zero-Knowledge Technologies for the CloudJune 7, 2017 NYC Apache Lucene/Solr Meetup
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 1 Security Needs for Search Engine  Gathered in one place  Pre-processed in useful form  Shows relativity between data Index Data is Valuable
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 2 Data Breach is Real  $4 million cost in average  29% increased cost since 2013  Only 25% is human error Security Needs for Search Engine
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 3 Index Data Encryption  Thicker walls are not enough to protect credential data any more.  Effective protection even after the attackers break in is required. Security Needs for Search Engine
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 4 Security Needs for Search Engine Use FDE platform Customization by engine integrator Lucene 6966 Existing Encryption Solution
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 5 Security Needs for Search Engine Keys are accessible for server Server side encryption Decrypt for every search Problem of Existing Solution
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 6 Overview of Credeon SFS is a product developed by Hitachi Solutions in Japan, based on an advanced cryptographic scheme born in the research lab of Hitachi. Credeon Secure Full-text Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 7 Overview of Credeon SFS Keys are inaccessible for server Client side encryption Search without decryption Main Goal of Credeon SFS
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 8 Overview of Credeon SFS How dose Credeon SFS Work Credeon Codec Credeon Plugin Update Handler Search Component Request Handler Postings Format Stored Fields Format
© Hitachi Solutions America, Ltd. 2017. All rights reserved. Client Side Server Side 9 Scheme like Lucene 6966 Encryption Scheme Upload Create Index Decrypt Encrypt Return Result QUERY ? QUERY ?Send Query Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 10 Scheme of Credeon SFS Encryption Scheme Key Management Server Client Side Server Side QUERY ? QUERY ? Create Index Create Query Decrypt Result Decrypt Upload Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 11 A Patent Cryptographic Technology Developed by Hitachi R&D Searchable Encryption Secure Practical
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 12 Searchable Encryption How Secure×Practical  AES 256 (FIPS 140-2)  Probabilistic Encryption  AES Encryption Speed  None Linear to Data Size Probabilistic Plain Encrypted Apple Banana Banana Banana Coconut $k24J$jX K#$#J%K^ G%jQ%K9( HFv9hbvn !=v[h-u Terms in Index SearchTime Plain Text Search Encrypted Search
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 13 Mechanism Searchable Encryption
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 14 Current Model As a Product text keyword result Searchable Storage Storage Client Server App Server OS No Encryption OS Encryption Simple Encryption with ES/Solr Client-Side Credeon SFS with ES/Solr Credeon SFS with ES/Solr Security Level No Security Decryption at storage layer  Difficult to separate key Decrypt first and match  Very slow  plaintext in memory Match first and decrypt  Key separation  High Performance  Semantically Secure  plaintext in memory Client Client Decryption at client-side  Key separation  High Performance  Semantically Secure  no plaintext on server Storage value Storage value text keyword result Client ES/Solr/Lucene ES/Solr/Lucene File System Encryption value text keyword result ES/Solr/Lucene Simple Encryption Client value text keyword result ES/Solr/Lucene Encryption Client value text keyword result Searchable Encryption Storage ES/Solr/Lucene IndexIndexIndexIndexIndex
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 15 Performance As a Product Plain Credeon Credeon/Plain Indexing Time (s) 1,643 4,835 2.9 Search Time (ms) 16 19 1.2 Index Size (MB) 2,941 5,011 1.7 CPU Core i5 2.4GHz Mem 8GB OS Ubuntu 14.04 LTD Engine App Solr 5 Data Wikipedia Pages 10GB (13,800,000 terms) TestEnvironmentResult
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 16 Limitation As a Product Type Feature Encrypted Field Plain Field Search Schema Core type, Copy field, Dynamic field Yes Yes Index Indexing, Delete, Update Yes Yes Search N-Gram, Lower case, Phonetic, Stop, Trim, Filter Query, Boost, Boolean, Stemmer, Phrase Yes Yes Pattern, Wildcard, Range, Grouping, Spatial search No Yes Result Relevance, Sort*1, Highlighting*2, Pagination, Yes Yes Spell check, Suggester, More like this No Yes Facet Query faceting, Field-value faceting, Range faceting No Yes Caching Filter cache, Query result cache Yes Yes Field cache No Yes Analyzer, Tokenizer, Filter, Transform, Response writer Yes*3 Yes Cloud Yes Yes Encryption Terms (.tim/.tip/.doc/.pos/.pay) Encrypted N/A Stored field (.fdt) Encrypted N/A Meta data Plain N/A Search keyword Encrypted N/A Transaction log Plain N/A *1: Only with Score *2: Except FastVectorHighlighter *3: Need to evaluate
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 17  Setup  Upload  Search  Select Encryption Fields  Use Multiple Keys  Others Demo
© Hitachi Solutions America, Ltd. 2017. All rights reserved. 18 Thanks for Listening Tong Ye tye@hitachisolutions.com Harry Ochiai hochiai@hitachisolutions.com @credeon https://psg.hitachi-solutions.com/credeon/secure-full-text-search

Recommended

Přehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAPřehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAMarketingArrowECS_CZ
 
Future of IT
Future of ITFuture of IT
Future of ITMarketingArrowECS_CZ
 
Using Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesUsing Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesMarketingArrowECS_CZ
 
ODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceMarketingArrowECS_CZ
 
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...ActiveState
 
Improving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMImproving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMElasticsearch
 
AWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapAWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapVeritas Technologies LLC
 
Data Science Experience
Data Science ExperienceData Science Experience
Data Science ExperienceZied ABIDI
 

Recommended

Přehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAPřehled portfolia ODA a praktických případů v regionu EMEA
Přehled portfolia ODA a praktických případů v regionu EMEAMarketingArrowECS_CZ
 
Future of IT
Future of ITFuture of IT
Future of ITMarketingArrowECS_CZ
 
Using Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesUsing Dbvisit STANDBY as DR solution for Oracle ODA machines
Using Dbvisit STANDBY as DR solution for Oracle ODA machinesMarketingArrowECS_CZ
 
ODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceMarketingArrowECS_CZ
 
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...Best Practices in Porting & Developing Enterprise Applications to the Cloud u...
Best Practices in Porting & Developing Enterprise Applications to the Cloud u...ActiveState
 
Improving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMImproving Response Times at Optum with Elastic APM
Improving Response Times at Optum with Elastic APMElasticsearch
 
AWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapAWSome Data Visibility with Information Map
AWSome Data Visibility with Information MapVeritas Technologies LLC
 
Data Science Experience
Data Science ExperienceData Science Experience
Data Science ExperienceZied ABIDI
 
Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainMichele Chubirka
 
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp
 
NetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp
 
Oracle six journeys to cloud
Oracle six journeys to cloudOracle six journeys to cloud
Oracle six journeys to cloudTekpros
 
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Backblaze
 
OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO Object Storage
 
The Non-Relational Revolution
The Non-Relational RevolutionThe Non-Relational Revolution
The Non-Relational RevolutionMikhail Prudnikov
 
IBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in HealthcareIBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in HealthcareIDEAS - Int'l Data Engineering and Science Association
 
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsReplatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsVMware Tanzu
 
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp
 
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppBridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppMongoDB
 
"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from Intel"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from IntelEdge AI and Vision Alliance
 
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElasticsearch
 
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinDevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinSreeni Pamidala
 
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...Amazon Web Services
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedEPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedJoseph Alaimo Jr
 
ICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTDr. Haxel Consult
 
Aerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationAerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationBrillix
 
Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...NetAppUK
 
Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Daryll Whyte
 

More Related Content

What's hot

Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainMichele Chubirka
 
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp
 
NetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp
 
Oracle six journeys to cloud
Oracle six journeys to cloudOracle six journeys to cloud
Oracle six journeys to cloudTekpros
 
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Backblaze
 
OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO Object Storage
 
The Non-Relational Revolution
The Non-Relational RevolutionThe Non-Relational Revolution
The Non-Relational RevolutionMikhail Prudnikov
 
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsReplatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsVMware Tanzu
 
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp
 

What's hot (10)

Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chain
 
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
NetApp IT Uses NetApp Manageability SDK to do More Than Configuration Tasks
 
NetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital TransformationNetApp IT Data Center Strategies to Enable Digital Transformation
NetApp IT Data Center Strategies to Enable Digital Transformation
 
Oracle six journeys to cloud
Oracle six journeys to cloudOracle six journeys to cloud
Oracle six journeys to cloud
 
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2Hybrid Cloud Data Storage with OpenIO and Backblaze B2
Hybrid Cloud Data Storage with OpenIO and Backblaze B2
 
OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016OpenIO A3techlive in London - March 2016
OpenIO A3techlive in London - March 2016
 
The Non-Relational Revolution
The Non-Relational RevolutionThe Non-Relational Revolution
The Non-Relational Revolution
 
IBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in HealthcareIBM Data Science Experience and Machine Learning Use Cases in Healthcare
IBM Data Science Experience and Machine Learning Use Cases in Healthcare
 
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not YearsReplatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
Replatform your Teradata to a Next-Gen Cloud Data Platform in Weeks, Not Years
 
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
NetApp IT and how Data Fabric Simplifies Data Management across the Hybrid Cl...
 

Similar to Securing Search Index with Searchable Encryption

Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppBridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppMongoDB
 
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElasticsearch
 
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinDevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinSreeni Pamidala
 
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...Amazon Web Services
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedEPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedJoseph Alaimo Jr
 
ICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTDr. Haxel Consult
 
Aerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationAerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationBrillix
 
Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...NetAppUK
 
Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Daryll Whyte
 
MySQL 8.0 in a nutshell
MySQL 8.0 in a nutshellMySQL 8.0 in a nutshell
MySQL 8.0 in a nutshellOracleMySQL
 
State ofdolphin short
State ofdolphin shortState ofdolphin short
State ofdolphin shortMandy Ang
 
Apache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoTApache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoTDenis Magda
 
Synectiks Microservice Platform
Synectiks Microservice PlatformSynectiks Microservice Platform
Synectiks Microservice PlatformPapu Bhattacharya
 
Servereless Jobs with AWS Lambda
Servereless Jobs with AWS LambdaServereless Jobs with AWS Lambda
Servereless Jobs with AWS LambdaJon Gear
 
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...Amazon Web Services
 
Postgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy SystemPostgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy SystemEDB
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
 

Similar to Securing Search Index with Searchable Encryption (20)

Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetAppBridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
Bridging Your Business Across the Enterprise and Cloud with MongoDB and NetApp
 
"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from Intel"Vision for All?," a Presentation from Intel
"Vision for All?," a Presentation from Intel
 
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ Cisco
 
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-BerlinDevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
DevOps@Scale- IBM Cloud and NetAp-Insight-Berlin
 
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options ExplainedEPM, ERP, Cloud, and On-Premise: All Integration Options Explained
EPM, ERP, Cloud, and On-Premise: All Integration Options Explained
 
ICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPTICIC 2013 New Product Introductions CEPT
ICIC 2013 New Product Introductions CEPT
 
Aerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital TransformationAerospike: Enabling Your Digital Transformation
Aerospike: Enabling Your Digital Transformation
 
Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...Converged Everything, Converged Infrastructure delivering business value and ...
Converged Everything, Converged Infrastructure delivering business value and ...
 
Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.Oracle Database Appliance, ODA, X7-2 portfolio.
Oracle Database Appliance, ODA, X7-2 portfolio.
 
MySQL 8.0 in a nutshell
MySQL 8.0 in a nutshellMySQL 8.0 in a nutshell
MySQL 8.0 in a nutshell
 
State ofdolphin short
State ofdolphin shortState ofdolphin short
State ofdolphin short
 
Apache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoTApache Spark and Apache Ignite: Where Fast Data Meets IoT
Apache Spark and Apache Ignite: Where Fast Data Meets IoT
 
Synectiks Microservice Platform
Synectiks Microservice PlatformSynectiks Microservice Platform
Synectiks Microservice Platform
 
Servereless Jobs with AWS Lambda
Servereless Jobs with AWS LambdaServereless Jobs with AWS Lambda
Servereless Jobs with AWS Lambda
 
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
STG314-Case Study Learn How HERE Uses JFrog Artifactory w Amazon EFS Support ...
 
Postgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy SystemPostgres Vision 2018: Making Modern an Old Legacy System
Postgres Vision 2018: Making Modern an Old Legacy System
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Securing Search Index with Searchable Encryption

  • 1. © Hitachi Solutions America, Ltd. 2017. All rights reserved. Zero-Knowledge Technologies for the CloudJune 7, 2017 NYC Apache Lucene/Solr Meetup
  • 2. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 1 Security Needs for Search Engine  Gathered in one place  Pre-processed in useful form  Shows relativity between data Index Data is Valuable
  • 3. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 2 Data Breach is Real  $4 million cost in average  29% increased cost since 2013  Only 25% is human error Security Needs for Search Engine
  • 4. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 3 Index Data Encryption  Thicker walls are not enough to protect credential data any more.  Effective protection even after the attackers break in is required. Security Needs for Search Engine
  • 5. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 4 Security Needs for Search Engine Use FDE platform Customization by engine integrator Lucene 6966 Existing Encryption Solution
  • 6. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 5 Security Needs for Search Engine Keys are accessible for server Server side encryption Decrypt for every search Problem of Existing Solution
  • 7. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 6 Overview of Credeon SFS is a product developed by Hitachi Solutions in Japan, based on an advanced cryptographic scheme born in the research lab of Hitachi. Credeon Secure Full-text Search
  • 8. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 7 Overview of Credeon SFS Keys are inaccessible for server Client side encryption Search without decryption Main Goal of Credeon SFS
  • 9. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 8 Overview of Credeon SFS How dose Credeon SFS Work Credeon Codec Credeon Plugin Update Handler Search Component Request Handler Postings Format Stored Fields Format
  • 10. © Hitachi Solutions America, Ltd. 2017. All rights reserved. Client Side Server Side 9 Scheme like Lucene 6966 Encryption Scheme Upload Create Index Decrypt Encrypt Return Result QUERY ? QUERY ?Send Query Search
  • 11. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 10 Scheme of Credeon SFS Encryption Scheme Key Management Server Client Side Server Side QUERY ? QUERY ? Create Index Create Query Decrypt Result Decrypt Upload Search
  • 12. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 11 A Patent Cryptographic Technology Developed by Hitachi R&D Searchable Encryption Secure Practical
  • 13. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 12 Searchable Encryption How Secure×Practical  AES 256 (FIPS 140-2)  Probabilistic Encryption  AES Encryption Speed  None Linear to Data Size Probabilistic Plain Encrypted Apple Banana Banana Banana Coconut $k24J$jX K#$#J%K^ G%jQ%K9( HFv9hbvn !=v[h-u Terms in Index SearchTime Plain Text Search Encrypted Search
  • 14. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 13 Mechanism Searchable Encryption
  • 15. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 14 Current Model As a Product text keyword result Searchable Storage Storage Client Server App Server OS No Encryption OS Encryption Simple Encryption with ES/Solr Client-Side Credeon SFS with ES/Solr Credeon SFS with ES/Solr Security Level No Security Decryption at storage layer  Difficult to separate key Decrypt first and match  Very slow  plaintext in memory Match first and decrypt  Key separation  High Performance  Semantically Secure  plaintext in memory Client Client Decryption at client-side  Key separation  High Performance  Semantically Secure  no plaintext on server Storage value Storage value text keyword result Client ES/Solr/Lucene ES/Solr/Lucene File System Encryption value text keyword result ES/Solr/Lucene Simple Encryption Client value text keyword result ES/Solr/Lucene Encryption Client value text keyword result Searchable Encryption Storage ES/Solr/Lucene IndexIndexIndexIndexIndex
  • 16. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 15 Performance As a Product Plain Credeon Credeon/Plain Indexing Time (s) 1,643 4,835 2.9 Search Time (ms) 16 19 1.2 Index Size (MB) 2,941 5,011 1.7 CPU Core i5 2.4GHz Mem 8GB OS Ubuntu 14.04 LTD Engine App Solr 5 Data Wikipedia Pages 10GB (13,800,000 terms) TestEnvironmentResult
  • 17. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 16 Limitation As a Product Type Feature Encrypted Field Plain Field Search Schema Core type, Copy field, Dynamic field Yes Yes Index Indexing, Delete, Update Yes Yes Search N-Gram, Lower case, Phonetic, Stop, Trim, Filter Query, Boost, Boolean, Stemmer, Phrase Yes Yes Pattern, Wildcard, Range, Grouping, Spatial search No Yes Result Relevance, Sort*1, Highlighting*2, Pagination, Yes Yes Spell check, Suggester, More like this No Yes Facet Query faceting, Field-value faceting, Range faceting No Yes Caching Filter cache, Query result cache Yes Yes Field cache No Yes Analyzer, Tokenizer, Filter, Transform, Response writer Yes*3 Yes Cloud Yes Yes Encryption Terms (.tim/.tip/.doc/.pos/.pay) Encrypted N/A Stored field (.fdt) Encrypted N/A Meta data Plain N/A Search keyword Encrypted N/A Transaction log Plain N/A *1: Only with Score *2: Except FastVectorHighlighter *3: Need to evaluate
  • 18. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 17  Setup  Upload  Search  Select Encryption Fields  Use Multiple Keys  Others Demo
  • 19. © Hitachi Solutions America, Ltd. 2017. All rights reserved. 18 Thanks for Listening Tong Ye tye@hitachisolutions.com Harry Ochiai hochiai@hitachisolutions.com @credeon https://psg.hitachi-solutions.com/credeon/secure-full-text-search