0

I have a quick question regarding parameters for HSM based symmetric Key Derivation.

My situation is that I have to implement HSM based symmetric key derivation for encryption of sensitive data to be stored inside DB. Each data entry should have distinct AES-256 key used only for that records encryption. There are two cases:

  1. Users ID has to be encrypted with unique Key per user, so that it would be possible to search by this User ID. My idea was to use ID itself (known at the time) as a parameter to KDF to get predictable encryption key, and use it to encrypt and perform search (KEYhsm + IDuser -> KEYaes). I do not see how this differs from hashing, but requirements states that encryption should be used. Should I hash this ID before using it as a parameter?
  2. Second case is as stated before, that each record should use distinct Key for encryption. For this my idea was to use record GUID (stored next to encrypted data) as a parameter to KDF to generate symmetric Key (KEYhsm + IDresource -> KEYaes). Again, should I hash it, is this approach secure enough?

It would be really helpful if somebody smarter that me would review my approach and maybe give some hints for algorithms to use (HASH, KDF). I do not know HSM model and maker at the time, but my assumption is that this HSM will be able to use secure private key to generate symmetric AES-256 encryption keys.

Nezhull
  • 1
  • Hi and welcome to the site! 1. Why would you want `predictable encryption key[s]`? 2. I don't really see how the respective table would be searchable wrt the user id, if they are encrypted. Given only the non-encrypted user ID as input for your search, how would you find the encrypted field? If you would be somehow able to map plaintext and ciphertext.. you wouldn't really need to encrypt, would you? Because then the user ID is still stored in the clear. – Tom K. Jun 17 '20 at 09:16
  • Hi @tom, thanks for comments! Idea is to encrypt input plaintext User ID and search by encrypted value in DB. This ID is sensitive information so it can not be stored plainly in DB, but I need to be able to collect all records associated with it. After collecting encrypted records I can decrypt each of them. As I mentioned, I could just use hashing, but technical specification requirements clearly states that encryption should be used. – Nezhull Jun 17 '20 at 09:27
  • Okay, this doesn't sound like a problem you should solve on your own or in other words, I'm pretty sure there are already solutions for this kind of challenge on the market. The approach you are planning now has a lot of obstacles that - if not taken the right way - render the whole solution insecure. – Tom K. Jun 17 '20 at 09:33
  • I totally agree, but spec describes very custom solution (only some fields in data has to be encrypted, etc.). I would like to propose most wildly used ant tested solution that covers the requirements. This would be only one level of security (DB admins are not trusted with plain data) and my hope is that HSM would increase security level of this layer to acceptable standards. – Nezhull Jun 17 '20 at 11:09
  • Also keep in mind that if you are deriving these keys inside an HSM... the HSM probably already provides some manner of doing so, using hashing and well-known KDF mechanisms. Do not want to reinvent the wheel, if it already turns for you. – rip... Jun 19 '20 at 02:20

0 Answers0