New encryption capabilities in MongoDB 4.2 provide client-side field-level encryption that protects sensitive data. The encryption is performed by the client drivers using modern cryptography, keeping encrypted fields opaque to the database server and operators. This allows individual fields to be encrypted per document with customer-managed keys. The presentation provides a history of database security methods and covers the new encryption in terms of design, cryptography used, and developer experience. A code example demonstrates how to configure and use the new encryption capabilities.
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive into Protecting Sensitive Workloads
2. New encryption capabilities in MongoDB 4.2:
A deep dive into protecting sensitive workloads
Prasad Pillalamarri
Technical Director, MongoDB Software India Private Limited
3. New encryption capabilities in MongoDB 4.2:
A deep dive into protecting sensitive workloads
Agenda
▪ A brief history of database security
▪ Trust models: server vs. client
▪ Encrypting data-in-use
▪ Hands on deep dive
▪ Q&A
7. A brief history of database security
Evolution
▪ network
▪ (plaintext) native wire protocols
▪ SSL encryption
▪ TLS
▪ TLS w/ PFS
8. A brief history of database security
Evolution
▪ storage
▪ volume-level / full disk encryption (FDE)
▪ BitLocker, DMCrypt, FileVault, encrypted EBS
9. A brief history of database security
Evolution
▪ storage
▪ volume-level / full disk encryption (FDE)
▪ BitLocker, DMCrypt, FileVault, encrypted EBS
▪ file-level encryption
▪ whole database
▪ per-database (WiredTiger ESE)
▪ tablespace
▪ database-level encryption
▪ column / field
10. A brief history of database security
These are all important defenses, but…
What is the threat?
Against whom/what are we defending?
▪ “hackers”?
▪ criminal blackhats?
▪ competitors?
▪ activists?
▪ unknown actors?
11. A brief history of database security
These are all important defenses, but…
What is the threat?
Against whom/what are we defending?
▪ “hackers”?
▪ criminal blackhats?
▪ competitors?
▪ activists?
▪ unknown actors?
▪ insiders?
▪ admins?
13. A brief history of database security
Every sector of the global economy has been impacted
▪ enterprise
▪ consumer tech
▪ retail
▪ government
▪ healthcare
▪ finance
…
14. A brief history of database security
Major shifts in regulatory & privacy climate
▪ GDPR
▪ HIPAA
▪ PCI DSS
▪ NIST/FISMA
▪ Consumer protection
▪ State & provincial
15. A brief history of database security
System architect & developer security challenges
Meeting legal/regulatory obligations
▪ Controls
▪ Audit/attestation
Defending real-world attacks
▪ First Principles: C/I/A
▪ Separation of duties
▪ Access control
▪ Identifying & protecting sensitive data
16. A brief history of database security
System architects & develop security challenges
Meeting legal/regulatory obligations
▪ Controls
▪ Audit/attestation
Defending real-world attacks
▪ First Principles: C/I/A
▪ Separation of duties
▪ Access control
▪ Identifying & protecting sensitive data
18. Trust models: server vs. client
What is the source of trust?
▪ Traditionally, DB encryption has relied on server-side trust
▪ This has implications, many not so obvious
▪ With a few caveats, the database operator typically has
unrestricted technical access, including:
▪ DBAs
▪ system admins
▪ hosting/infrastructure providers
19. Trust models: server vs. client
The fundamental challenge is protecting the confidentiality of
data while it’s in use.
22. Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ encryption as a first-class citizen
▪ modern, authenticated encryption algorithms
▪ strong security guarantees
▪ customer-managed keys
▪ content is opaque to server & server operator
23. Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ major investment
▪ 2 years in the making
▪ 16+ engineers spanning core server, query, security, cloud, drivers
▪ targeting 12+ languages
▪ all major hardware & operating system platforms
▪ Linux, MacOS, Windows
24. MongoDB Client-Side Field-Level Encryption
Core design
▪ enabled in drivers
▪ drivers have expanded MQL awareness
▪ extends existing JSON Schema with new “encrypt” propert
25. MongoDB Client-Side Field-Level Encryption
Core design
▪ enabled in drivers
▪ drivers have expanded MQL awareness
▪ extends existing JSON Schema with new “encrypt” propert
▪ adds JSON Schema validation to the client
▪ individual fields within collections can be marked as encrypte
▪ keys can be used on a per-field, per-document basis
26. MongoDB Client-Side Field-Level Encryption
Cryptography
▪ multiple encryption options, including deterministic search
▪ cloud key services are natively integrated
▪ modern authenticated encryption with AES-256 & SHA-2
▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson)
27. MongoDB Client-Side Field-Level Encryption
Cryptography
▪ multiple encryption options, including deterministic search
▪ cloud key services are natively integrated
▪ modern authenticated encryption with AES-256 & SHA-2
▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson)
▪ abuse-resistant derived deterministic IVs
▪ native OS libraries used for crypto primitives
28. MongoDB Client-Side Field-Level Encryption
Developer view
▪ new JSON Schema attribute “encrypt”
▪ schema validation extended to the client/application
▪ key management services integrated into drivers
29. MongoDB Client-Side Field-Level Encryption
Developer view
▪ new JSON Schema attribute “encrypt”
▪ schema validation extended to the client/application
▪ key management services integrated into drivers
▪ driver generates secure request for field keys
▪ all encryption/decryption is done in the driver (on the client)
▪ server only sees encrypted binary data (BinData subtype-6)
52. MongoDB Client-Side Field-Level Encryption
Roadmap
▪ beta preview 4.2 rc2 available now – Java, Node.js & Shell fi
▪ additional language beta previews in coming weeks
▪ server support in Atlas via rc1+ preview
▪ 3rd party cryptography reviews in progress
▪ Docs & University – In Flight
53. MongoDB Client-Side Field-Level Encryption
Takeaways
▪ 4.2 introduces client-side field-level encryption
▪ designed for the most sensitive workloads
▪ enabled in all supported drivers on all supported platforms
▪ allows fields to be marked as encrypted, at the document-leve
54. MongoDB Client-Side Field-Level Encryption
Takeaways
▪ 4.2 introduces client-side field-level encryption
▪ designed for the most sensitive workloads
▪ enabled in all supported drivers on all supported platforms
▪ allows fields to be marked as encrypted, at the document-leve
▪ multiple enforcement options (client-side, server-side, or both)
▪ backwards compatible with existing admin & cluster tools
▪ EA/Atlas – automatic/transparent encryption (no app changes
▪ Community – explicit/manual encryption(requires app changes