5

I'm working at an EU-based company and we'd like to offer business customers some kind of OS-independent cloud-based SaaS platform for processing and storing sensitive (health) data. We'd like to implement our software on the Google Cloud Platform.

All sensitive data should be encrypted with symmetric keys that are provided by the customer and are not stored on the cloud platform. (We trust google but the patriot act is a problem.)

However, the client interface should preferably run as web app within the browser. This makes client-side encryption complicated. Also, many employees should have access to the encrypted data within the business customer's domain. Therefore, the encryption key must somehow be shared between employees.

One idea is to generate the encryption key out of a shared passphrase (using PBKDF2), to store it within a session cookie (lifetime=0) and to transfer it to the cloud server for each request accessing sensitive data. The server performs the requested operation and then deletes the key out of its memory.

Of course, there might always be ways to extract the key if we or Google would want to do this, but we can assure that the data are stored encrypted with a user-supplied key only managed by the customer.

I wonder if anyone has better ideas. Thank you very much in advance.

thel3l
  • 3,384
  • 11
  • 24
Lucas
  • 51
  • 2

2 Answers2

2

It is impossible to guarantee security in the cloud from the cloud provider itself, the cloud provider can (be forced to) take a memory dump of any running VM instance and extract any encryption key from a running instance. It is even possible to continuously and automatically monitor a running VM and extract AES keys as soon as they are used, especially when the VM is using AES-NI.

A truly secure solution would avoid decrypting, let alone using, the keys on the server. So do the encryption client-side and use the server purely as blob storage.

Fortunately you can do quite a bit of crypto in the browser these days, that includes KDF and AES. For KDF you can use e.g. scrypt-js, and for AES aes-js or aes-es.

rustyx
  • 751
  • 6
  • 10
1

Don't think this is possible with symmetric keys if you expect the server to accept clear-text data and then encrypt it; only keeping the encryption key in memory during the session isn't really a protection of the data, as (for a relatively busy service) that key will be in memory, thus the data vulnerable to decryption, all the working day.

It could be a valid defense against someone intercepting your backups, or trying to steal data direct from disk; but not against hacks of an active service.

It might work if the encryption happens at the client, and all you ever receive in the SaaS cloud is ciphertext - but then the cloud wouldn't be able to do any processing of that data.

CGretski
  • 151
  • 6
  • public key / asymmetric crypto could allow you to accept data in a readable format, process it and then commit it to disk/DB encrypted in a way that only the client can read. If all subsequent decryptions are handled by the client, then you have no long-term access to the data. – CGretski Jan 09 '18 at 23:08