MongoDB .local London 2019: Using Client Side Encryption in MongoDB 4.2

#MDBlocal
Matthew Aylard
Using Client Side Encryption in MongoDB 4.2
LONDON

#MDBLocal
db.coll.insert({
_id: 1,
name: "Doris",
ssn: "457-55-5462"
})

#MDBLocal
doc = db.coll.find_one({
ssn: "457-55-5462"
})

#MDBLocal
{
_id: 1
name: "Doris",
ssn: "457-55-5462"
}

#MDBLocal
db.coll.insert({
name: "Doris",
ssn: "457-55-5462"
})
{
insert: "coll",
documents: [{
name: "Doris",
ssn: BinData(6, "a10x…")
}]
}
You see: MongoDB sees:
Encrypt before sending

#MDBLocal
{
_id: 1
name: "Doris",
}
Driver receives: You see:
{
_id: 1
name: "Doris",
ssn: "457-55-5462"
}
Decrypt after receiving

#MDBLocal
How does this differ from…?
•… encryption in-transit (TLS)
•… encryption at-rest (encrypted storage engine)

#MDBLocal
Attacker
Query
Client
Disk
insert write
MongoDB
Auth
db.coll.insert({ name: "Doris", ssn: "457-55-5462" })

#MDBLocal
Client
Disk
insert write
MongoDB
Attacker
Snoop
TLS

#MDBLocal
Client
Disk
insert write
MongoDB
Attacker
insert
TLS

#MDBLocal
Client
Disk
insert write
MongoDB
Attacker
Steal
ESE

#MDBLocal
Client
Disk
insert write
MongoDB
Attacker
Login
Client Side Encryption

#MDBLocal
Client
Disk
insert write
MongoDB
Boundaries of unencrypted data

#MDBLocal
Client
Disk
insert write
MongoDB
… with Encrypted Storage Engine

#MDBLocal
Client
Disk
insert write
MongoDB
… and TLS

#MDBLocal
Client
Disk
insert write
MongoDB
with Client Side Encryption

#MDBLocal
Client
Disk
insert write
MongoDB

#MDBLocal
db.coll.update({}, {
$set: { ssn: "457-55-5462" }
})
{
update: "coll",
updates: [{
q:{},
u: {
$set: { ssn: BinData(6, "a10x…") }
}
}]
}
Update that overwrites value

#MDBLocal
db.coll.aggregate([{
$project: { name_ssn: {$concat: [ "$name", " - ", "$ssn" ] } }
}]
Aggregate acting on the data

#MDBLocal
Find with equality query
* For deterministic encryption
db.coll.find({ssn: "457-55-5462" }) {
find: "coll",
filter: { ssn: BinData(6, "a10x…") }
}

#MDBLocal
db.test.find(
{
$and: [
{
$or: [
{ ssn : { $in : [ "457-55-5462", "153-96-2097" ]} },
{ ssn: { $exists: false } }
]
},
{ name: "Doris" }
]
}
)
You see:

#MDBLocal
MongoDB sees:
{
find: "coll",
filter: {
$and: [
{
$or: [
{ ssn : { $in : [ BinData(6, "a10x…"), BinData(6, "8dk1…") ]} },
{ ssn: { $exists: false } }
]
},
{ name: "Doris" }
]
}
}

#MDBLocal
MongoDB
Attacker
Login

#MDBLocal
Doris
Private stuff in storage

#MDBLocal
PoliceDoris
Private stuff in storage

#MDBLocal
Vault key
Held only by you
Vault

#MDBLocal
Encrypted Data
MongoDB
Encryption Key

#MDBLocal
{ _id: 1, ssn: BinData(0, "A81…"), name: "Kevin" }
{ _id: 2, ssn: BinData(0, "017…"), name: "Eric" }
{ _id: 3, ssn: BinData(0, "5E1…"), name: "Albert" }
…

#MDBLocal
Destroy the key
Provably delete all user data.
GDPR "right-to-be-forgotten"

#MDBLocal
client = MongoClient(
auto_encryption_opts=opts)

#MDBLocal
One key for all vaults

#MDBLocal
{
name: "Doris"
ssn: "457-55-5462",
email: "Doris@gmail.com",
credit_card: "4690-6950-9373-8791",
comments: [ …. ],
avatar: BinData(0, "0fi8…"),
profile: { likes: {…}, dislikes: {…} }
}

#MDBLocal
Describes JSON
{
bsonType: "object",
properties: {
a: {
bsonType: "int"
maximum: 10
}
b: { bsonType: "string" }
},
required: ["a", "b"]
}
{
a: 5,
b: "hi"
}
{
a: 11,
b: false
}
JSON Schema

#MDBLocal
{
bsonType: "object",
properties: {
ssn: {
encrypt: { … }
}
},
required: ["ssn"]
}
JSON Schema "encrypt"

#MDBLocal
encrypt: {
keyId: <UUID[]> or <string>,
algorithm: <string>
bsonType: <string> or <string[]>
}
bsonType indicates the type of underlying data.
algorithm indicates how to encrypt (Random or Deterministic).
keyId indicates the key used to encrypt.

#MDBLocal
opts = AutoEncryptionOptions(
schema_map = { "db.coll": <schema> }
…)
Client side Schema

#MDBLocal
Remote Schema Fallback
db.createCollection("coll", { validator: { $jsonSchema: … } } )
Misconfigured
Client insert "457-55-5462"
error, that should be
encrypted
MongoDB

#MDBLocal
What if
… the server lies about the schema?
Misconfigured
Client insert "457-55-5462"
Evil MongoDB
ok :)

#MDBLocal
schema_map
Sub-options

#MDBLocal
Key vault
Key vault key
Held only by you

#MDBLocal
Stores encrypted keys

#MDBLocal
schema_map = { "db.coll": <schema> },
key_vault_namespace = "db.keyvault"
…)

#MDBLocal
schema_map
Sub-options
key_vault_namespace

#MDBLocal
What if
… attacker drops key vault collection?

#MDBLocal
Keep at home
key_vault_namespace = "db.keyvault",
key_vault_client = <client>
…)

#MDBLocal
schema_map
Sub-options
key_vault_namespace
key_vault_client

#MDBLocal
(Key Management Service)

#MDBLocal
Protects keys Stores keys
KMS
Key vault key
Key vault
Key vault
collection

#MDBLocal
key_vault_namespace = "db.keys",
kms_providers = <creds>
…)

#MDBLocal
schema_map
Sub-options
key_vault_namespace
key_vault_client
kms_providers

#MDBLocal
db.coll.insert({
name: "Doris",
ssn: "457-55-5462"
})
Get encrypted key
Decrypt the key with KMSDecrypt the key with KMS
Encrypt 457-55-5462
Send insert
Compare to JSON schema

#MDBLocal
Authenticated Encryption with Associated Data using the
Advanced Encryption Standard (256) with Cipher Block Chaining
and Hashed-based Message Authentication Code using the Secure
Hash Algorithm (512).

#MDBLocal
AEAD_AES_256_CBC_HMAC_SHA_512
Provides confidentiality + integrity

#MDBLocal
AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic
AEAD_AES_256_CBC_HMAC_SHA_512-Random

#MDBLocal
coll.insert({ ssn: "457-55-5462" }) { ssn: BinData(6, "a10x…") }
You see: MongoDB stores:
coll.insert({ ssn: "457-55-5462" }) { ssn: BinData(6, "f991…") }
…Random

#MDBLocal
You see: MongoDB stores:
…Deterministic

#MDBLocal
Can be queried
doc = db.coll.find({
ssn: "457-55-5642"
})
{
find: "coll",
filter: { ssn: BinData(0, "a10x…") }
}
Driver sends:
{ ssn: BinData(6, "a10x…") }
MongoDB returns:
…Deterministic

#MDBLocal
Only for binary comparable types.
db.coll.find({ a: { b: 1.0 } })
{ a: { b: NumberInt(1) } }
{ a: { b: 1.0 } }
{ a: { b: NumberLong(1) } }
MongoDB returns:
…Deterministic

#MDBLocal
{ a: { b: NumberInt(1) } }
{ a: { b: 1.0 } }
{ a: { b: NumberLong(1) } }
{ a: BinData(6, "19d0…") }
{ a: BinData(6, "b515…") }
{ a: BinData(6, "801f…") }
Encrypted as:

#MDBLocal
db.coll.find({ a: { b: 1.0 } })
{ a: { b: 1.0 } }
MongoDB returns:
"a" encrypted

#MDBLocal
{ ssn: BinData(6, "AWNkTYTCw89Ss1DPzV3/2pSRDNGNJ9NB" }
New binary subtype
Older drivers and older MongoDB will treat as a black box.

#MDBLocal
byte algorithm
byte[16] key_id
byte original_bson_type
byte* payload
Ciphertext

#MDBLocal
byte algorithm
byte[16] key_id
byte* payload
key_id + algorithm describes how to decrypt.
No JSON Schema necessary!
Ciphertext

#MDBLocal
byte algorithm
byte[16] key_id
byte* payload
Provides extra server-side validation.
But prohibits single-value types (MinKey, MaxKey, Undefined, Null) and Boolean
Ciphertext

#MDBLocal
byte algorithm
byte[16] key_id
byte* payload
Payload includes encoded IV and padding block, and HMAC.
Ciphertext adds between 66 to 82 bytes of overhead.
Ciphertext

#MDBLocal
{
_id: UUID(…)
keyAltNames: [ "mykey" ],
keyMaterial: BinData(0, "39aJ…"),
… (some metadata) …
}
> db.keyvault.find()
Identify
(Cached locally only in memory)

#MDBLocal
IMMORAL Authority
DICTATORLAND
Users
Global Shards

#MDBLocal
EAST
DICTATORLAND
{ _id: 1, body: BinData(6, "A81…") }
{ _id: 2, body: BinData(6, "017…") }
{ _id: 3, body: BinData(6, "5E1…") }
…

#MDBlocal
Using Client Side
Encryption in MongoDB 4.2
[DEV/OPS]
Matthew Aylard
https://www.surveymonkey.com/r/KFB3PDD

MongoDB .local London 2019: Using Client Side Encryption in MongoDB 4.2

MongoDB .local London 2019: Using Client Side Encryption in MongoDB 4.2

More Related Content

What's hot (19)

Similar to MongoDB .local London 2019: Using Client Side Encryption in MongoDB 4.2 (20)

More from Lisa Roth, PMP (10)

Recently uploaded (20)

MongoDB .local London 2019: Using Client Side Encryption in MongoDB 4.2