1

At work we have a pretty complex problem(for me at least) and I have no idea what a fitting solution would be. To give a bit of context, the company I work for is a data processor/provider for big corporations that need sensitive user data such as; social security numbers, how much a person earns, all their past addresses where they have lived, if they have every collected welfare, etc.

The problem we are facing is that we have to encrypt the user data so if we ever get compromised the data of the end-users is safe. How we do this is, the end-users fills their data-vault(this vault contains all the data I gave as an example in the paragraph above), and we encrypt all the data en keep the key to decrypt the data in our system.

We however do not want this, we are looking for a fitting solution in where the end-user can fill their data-vault, we encrypt it and create hashes of their data(So our customers can verify if the data is actually valid after decrypting it) and at the end we throw away the key so our system no longer has it. Once our customer wants to access the data-vault of a certain end-user, the end-user has to exchange their key with said customer so in turn our customer can decrypt the data on their own system.

We looked into asymmetric encryption but the issue is we only want to encrypt the data-vault once so the end-user does not need to constantly re-encrypt their data. To make it a bit clear read examples below in where the data-vault is created and shared:

Creation:

End-user Bob want to share his personal information with Netflix and Facebook, Bob signs up at the site of my company. He fills his personal data-vault which we in turn encrypt and throw away the key used (bob still has this key).

Sharing:

Company A and Company B request data out of the data-vault of user Bob (Company A want his social security number and Company B wants to know if the user ever collected welfare), our system gives them that part of his vault, and we ask Bob to send the keys to Company A and Company B (using a webhook or something). Bob then sends both Company A and Company B his key, so they can decrypt his data.

Does anybody have an idea what I could use to do this? I looked into just using basic encryption and decryption (AES) and just sharing the key used to encrypt the data, but I am not sure how secure/smart this is.

Devchn
  • 11
  • 1
  • Interesting problem. I would try to look into how some of the password managers manages sharing. Maybe you can keep the encryption key, but encrypt it with a key that only the user have. The biggest problem I see is how you would be able to share parts of a vault. If you encrypt every piece of info separatley with different keys which in turn are encrypted with the user key that could maybe be a solution. – Peter Nov 17 '20 at 20:43
  • If I'm understanding the problem correctly, then the term for what you are trying to accomplish is 'multi-party encryption'. See https://medium.com/@daser/a-lazy-mans-introduction-to-multi-party-encryption-and-decryption-59f62b8616d8 for more info. – mti2935 Nov 17 '20 at 20:52
  • Thank you guys for the reply, I will look into the medium post. Would somehting like this not work for my issue?; https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing – Devchn Nov 17 '20 at 21:18
  • @Devchn: no. Shamir secret sharing is not applicable here. – Ángel Nov 18 '20 at 01:14

1 Answers1

1

It actually seems simple to me. You have described pretty thoroughly your needs.

Basically, you create a storage where

  • you encrypt each item separately (so that you can only give the SSN of jdoe to company A)
  • each individual field obviously needs its own IV, we don't want the encryption of an address named 'George Washington' to be the same as of the name 'George Washington'
  • I would probably use AES-GCM so that you have authenticated encryption, getting rid of the hashes of your description (plus, they can be problematic, for a field 'Has ever collected welfare', the values hash('yes') / hash('no') are only a weak obfuscation)
  • when sharing with a Company, the user authorizes you to share part of the vault with Company A (through OAUTH, for instance) and provides directly to the company the random vault key it was shown.
  • you can even have have the encryption happen with javascript at the user browser, so _your company never sees the data

you need to authenticate the users in your app (so that I cannot share your vaulr with company Z), shall obviously use a library that provides the proper encryption routines (in this case AES-GCM), etc. but in general, should be relatively straightforward.

Ángel
  • 17,578
  • 3
  • 25
  • 60
  • Thanks a lot for your reply, I do have some questions though; the key used to encrypt a given field would be transferred over TLS to the customer right? Company A and B would have the same key for lets says the SSN field? Also, we need the data at least once on our server, so we can create hashes and execute some sanity checks since we do not want the end-user to fake his data, wouldn't that mean I need to get their key and execute te encryption on our servers? – Devchn Nov 18 '20 at 06:36