18

I am pretty unknown to encryption strategies in production environments. So my concern is to find a solution how to strongly encrypt data, but make it available to multiple users with different keys.

More specific, it is a patient - medical stuff scenario, where patient data is stored encrypted on a server and may only be accessed, hence decrypted, by the patients key or his/hers doctors key or any other authorized entity.

Which concepts are there available? And which are used in production systems, i.e. implemented for databases (like mysql ) or file storage, etc. Which libraries are available (java, c/c++), or which similar concepts are known.

I hope my question was not to unspecific, if yes please ask.

joecks
  • 419
  • 4
  • 10

2 Answers2

18

A common way of working for multiple-user access to encrypted data is this, which is a simplified description of a full-disk encryption scenario (a real system might have more levels than described here).

  • The data itself is encrypted with a content key, Kc.
  • Kc is stored on the computer n separate times, one per user. Each instance is encrypted by a different user key Ku1...Kun.
  • Each of the i user keys Kui is derived from the credentials for user i.

What this gets you is that it's easy to change one user's credentials or revoke that user's access without affecting everyone else.

Another way that's available for things like MySQL databases (and is close to how file protection in iOS works) is this:

  • Data encrypted by the content key.
  • Content key protected by access key, derived from user credentials.
  • mysqld is given the access key, and provides all access control to the user data.

In this case you have to be sure that your access control cannot be bypassed.

  • 3
    This kind of indirect encryption is actually what happens in PGP when sending an encrypted email to several individuals: the content key gets encrypted by the public key of each receiver. – Thomas Pornin Jun 15 '11 at 15:59
  • 3
    To be precise: if you want to revoke the access of user u1, you theoretically have to choose a new content key, reencrypt the data with the new content key, and encrypt the new content key with Ku2, Ku3... but not Ku1. – Thomas Pornin Jun 15 '11 at 16:01
  • That is very helpful and there more I think about it I can imagine how this kind of service could work. Do you know any production system, which is capable of such a setup or a framework? – joecks Jun 15 '11 at 16:36
  • @joecks, as Thomas said, that's how PGP works. You could look at the open source implementations of that to get more insight. –  Jun 17 '11 at 12:25
0

If you're developing or purchasing a system to be used with patient data in the United States, there's a helluva lot more you need to take care of than just data-at-rest encryption. If you're a covered entity, you have a lot of studying to do, with large penalties for compliance failures in your database.

user502
  • 3,261
  • 1
  • 22
  • 18
  • Well thanks for you comment, I will consider that, but it is not very much related to my question. Still thanks. – joecks Jun 17 '11 at 12:54