Score:0

Saving highly sensitive data in US cloud - what encryption would you use?

jp flag

We have a cloud-based application running on AWS servers and are looking for a way to store highly sensitive user data there without giving AWS the possibility of exposing our data to the US government (cloud act). Therefore, we don't want to use AWS-owned services for encryption / decryption like KMS or HSM. We want to stay in full control of the keys that encrypt / decrypt data - all the time.

So we need to encrypt every form input that is sent to the server before it reaches the server as well as decrypt the encrypted data coming from the server in the browser of the user using our app. We are talking about form inputs plus PDFs and image files that will be uploaded. To make it more complex, we also want to be able to "communicate" within the application with each other in a slack style channel system. All entries there (and uploads) need to be encrypted as well before it reaches the US server.

We discussed the public key exchange like PGP using session based tokens and key derivation methods where the master key is stored on our own server.

Do you have any interesting hints or thoughts on this? How would you encrypt / decrypt highly sensitive data of apps living on US clouds? How would you fight the performance problem here?

Thanks for helping out!

fgrieu avatar
ng flag
This is more a question for [serverfault](https://serverfault.com/help/on-topic) or [security-SE](https://security.stackexchange.com/), I guess. For backups, the combo GPG + Amazon S3/Glacier seems fine. For a VM or database "running on AWS servers", I don't see any option that really makes sense from a crypto standpoint. As far as I can tell, no matter what, a US company is legally bound to abide to requests of many US authorities when it comes to information pertaining to non-US citizens. Invoke terrorism or CSAM, and here it goes.
cn flag
This doesn't sound like a good case for hosting at AWS or for hosting in the USA for that matter. Its one thing to say you want to use your own keys to prevent AWS from being able to easily see your data. But if that's not sufficient and you're trying to protect from the threat of state actors, you've got your (stressful) work cut out for you ! I'm not sure I want to wish you the best of luck either !!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.