Join Log in
Score:0
F.C. avatar Crypto

Best way to encrypt sensitive data on server with HSM and symmetric keys

kg flag
F.C.

I need to store sensitive data (like customer photos) in a SQL database in the most secure way in case of security breaches. The data won't be accessed by the clients, only to internal processes that perform some validations. The customers dont have any input like passwords, they just register with us and we keep track of their data. Client side encryption is not possible in the current setup that's why we need to encrypt server-side and we also have a HSM in our private network with private keys.

One idea was to use symmetric key encryption and store that key locally. The problem with that solution is that if an attacker gets access to the server and the database, he can easily get that key and decrypt the data.

Another idea was to use the HSM module the company has and encrypt the symmetric key with the HSM public key. When the server needs to handle the data, it sends the encrypted key to the HSM and handles the symmetric key in memory only. The problem with that solution is that i need to store the HSM connection credentials and if an attacker get ahold of it and decrypts the symmetric key, the entire database is compromised.

Would it be secure enough to generate random symmetric keys for each file we encrypt, then encrypt the symmetric key with the HSM public key and store both encrypted data and encrypted sym key? And if so, what would be the best way to store it? A pkcs7 base64 string?

69
0 + 0
Amit avatar
ci flag
Amit
With regards to HSM access credentials -- you can mitigate that risk by network hardening. So that even if the credentials are exposed it's best that most computers on the network can't even communicate with the HSM directly (in an ideal architecture AFAIK only specific servers can communicate with the HSM). Secondly, you don't have to use public key encryption, in HSM the encryption can be done all internally anyway (the key never leaves the HSM) so you can do it with a symmetric key, unless for some reason you need to be able to encrypt offline without access to the HSM, then it makes sense.
0
Reply
Score:0
JAAAY avatar Crypto
us flag
JAAAY

Since this a more of a theoretical SE, I will make a more generic theoretical approach along with some specific details. You have to define a threat model at first. To define it, there are a bunch of questions to ask yourself.

  1. Why are your actors? An easy approach would be if you consider these three actors : server, database, HSM. You can also consider more actors, e.g. considering the www user your server runs on and the root user, you can do the same with database, etc.
  2. How are these actors connected to each other. Of course, in your case I think it is like this
   HSM <-> Server <-> Database
  1. Which of them can be accessed by the attacker? Will the attacker have access to the server, to the database, to the HSM or to any specific combinations of these?
  2. Now let's consider the worst case where your server is corrupted by the attacker which means that both HSM and Database can also (theoretically) by corrupted. Then, in my opinion, your best deal is to client side encrypt your data. Also, you will probably want a symmetric or non symmetric key derivation from your user's private input (e.g. that it depends on his password) so that only he will be able to decrypt them. Protonmail is using a similar infrastructure, you can take a look here at their whitepaper.

A few other notes. Even if you use HSM for encryption/decryption of your files, in the case of the corrupted server there still doesn't exist a secure communication channel from the HSM to the Client.

I hope I helped you a bit, because there are a lot of scenarios you have to consider and didn't elaborate on all of them.

0 + 0
F.C. avatar
kg flag
F.C.
Thank you for the answer. I've updated the question giving more context. Basically the client sends data once and from that point forward only internal processes make use of it. The type of attack i'm trying to defend against is in case an attacket gains access to the private network, In that case he'll get the symmetric key if it's stored in a .env file for example. In case i use the HSM to encrypt the symmetric key i'd have to store the HSM access credentials but the private key will never be exposed, only the decrypt methods.
0
Reply
JAAAY avatar
us flag
JAAAY
Ok, so you want to process the data, but keep the secure simultaneously. If I understand your scenario, you cannot encrypt the data and the decrypt it to process them and then reencrypt the possibly altered data along with their result because this insecure in your threat model?
0
Reply
F.C. avatar
kg flag
F.C.
The decrypted data would be in-memory only for a short period of time. What i want to know is what would be the best way to encrypt it while at rest in the database
0
Reply
JAAAY avatar
us flag
JAAAY
So you want to process it for a short time, and then store them to a database? But how often do you have to retrieve them to process them?
0
Reply
F.C. avatar
kg flag
F.C.
The idea is to store it and eventually an automated process goes through each customer data, performing small actions like comparing. After that process, data won't be processed anymore, only stored unless some very rare cases where it's needed. I think i forgot to mention he data needs to be encrypted fast.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.