Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kdawgwilk/blind_index
Securely search encrypted database fields
https://github.com/kdawgwilk/blind_index
ecto ecto-extension elixir elixir-lang privacy security
Last synced: 6 days ago
JSON representation
Securely search encrypted database fields
- Host: GitHub
- URL: https://github.com/kdawgwilk/blind_index
- Owner: kdawgwilk
- Created: 2021-03-11T09:00:55.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-03-11T09:23:12.000Z (almost 4 years ago)
- Last Synced: 2024-10-29T09:20:36.426Z (about 2 months ago)
- Topics: ecto, ecto-extension, elixir, elixir-lang, privacy, security
- Language: Elixir
- Homepage:
- Size: 8.79 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
Awesome Lists containing this project
README
# Blind Index
Securely search encrypted database fields. Inspired heavily by [ankane/blind_index](https://github.com/ankane/blind_index)
[![Build Status](https://github.com/kdawgwilk/blind_index/workflows/build/badge.svg?branch=master)](https://github.com/kdawgwilk/blind_index/actions)
## How It Works
We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches.
## Leakage
An important consideration in searchable encryption is leakage, which is information an attacker can gain. Blind indexing leaks that rows have the same value. If you use this for a field like last name, an attacker can use frequency analysis to predict the values. In an active attack where an attacker can control the input values, they can learn which other values in the database match.
Here’s a [great article](https://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/) on leakage in searchable encryption. Blind indexing has the same leakage as [deterministic encryption](#alternatives).
## Installation
Add `blind_index` to your list of dependencies in `mix.exs`:
```elixir
def deps do
[
{:blind_index, "~> 0.1.0"}
]
end
```## Prep
TODO
## Getting Started
Create a migration to add a column for the blind index
```elixir
add :email_bidx, :string
add index :users, [:email_bidx]
# unique_index if needed
# add unique_index :users, [:email_bidx]
```Add to your model
```elixir
defmodule User do
use Ecto.Schema
import BlindIndex, only: [blind_index: 1]schema "users" do
blind_index :email
end
end
```For more sensitive fields, use
```elixir
defmodule User do
use Ecto.Schema
import BlindIndex, only: [blind_index: 2]schema "users" do
blind_index :email, sensitive: true
end
end
```Backfill existing records
```elixir
BlindIndex.backfill(User)
```## Key Separation
The master key is used to generate unique keys for each blind index. This technique comes from [CipherSweet](https://ciphersweet.paragonie.com/internals/key-hierarchy). The table name and blind index column name are both used in this process. If you need to rename a table with blind indexes, or a blind index column itself, get the key:
```elixir
BlindIndex.index_key("users", "email_bidx")
```## Key Generation
Generate a key with:
```elixir
BlindIndex.generate_key()
```Store the key with your other secrets. This is typically an environment variable. Be sure to use different keys in development and production. Keys don’t need to be hex-encoded, but it’s often easier to store them this way.
Set the following environment variable with your key (you can use this one in development)
```sh
BLIND_INDEX_MASTER_KEY=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
```## Alternatives
One alternative to blind indexing is to use a deterministic encryption scheme, like AES-SIV. In this approach, the encrypted data will be the same for matches. We recommend blind indexing over deterministic encryption because:
1. You can keep encryption consistent for all fields (both searchable and non-searchable)
2. Blind indexing supports expressions## History
View the [changelog](https://github.com/kdawgwilk/blind_index/blob/master/CHANGELOG.md)
## Contributing
Everyone is encouraged to help improve this project. Here are a few ways you can help:
- [Report bugs](https://github.com/kdawgwilk/blind_index/issues)
- Fix bugs and [submit pull requests](https://github.com/kdawgwilk/blind_index/pulls)
- Write, clarify, or fix documentation
- Suggest or add new featuresTo get started with development and testing:
```sh
git clone https://github.com/kdawgwilk/blind_index.git
cd blind_index
mix deps.get
mix test
```For security issues, send an email to the address on [this page](https://github.com/kdawgwilk).