0

im trying to find a good way to allow searches against encrypted data in the database. Lets say i want to encrypt phone numbers, if its encrypted securely i cant search against phone numbers directly which hurts the application abilities. From what i understood there is a main pratice that is still performant and secure enough, which is a blind index.

I wanted to know what security vulnerabilities exists for creating a blind index in this way:

  1. encrypt phone first using AES-CBC with a deterministic IV.
  2. hash the result of the encryption with SHA-512 without salting.
  3. store the data in the index column.

Help would be appreciated.

Meydan Ozeri
  • 1
  • 1
  • Does the data has duplicates? Do you have any other data then phone numbers to protect? What are the size of the data?... – kelalaka Nov 01 '20 at 14:34
  • All is important since this kind of attacks https://crypto.stackexchange.com/q/74786/18298 – kelalaka Nov 01 '20 at 14:38
  • Well, in general phones should be uniques, but im asking in general about this approach so lets say they are not uniques, and the data shouldnt be long texts, only for short ones around 10-100 characters – Meydan Ozeri Nov 01 '20 at 14:38
  • 1
    CBC with fixed IV can leak information about the prefixes. This question cannot be correctely answerable without full knowledge of the possible queries over the database scheme. – kelalaka Nov 01 '20 at 14:40
  • only exact matches should matter, so basic search functionality like simple selects with some where condition. But if the result is hashed how can someone gain insight on the prefixes ? – Meydan Ozeri Nov 01 '20 at 14:46
  • The phone numbers are most likely unique, so even the ECB ( if fits one block) can be enough, Hashing will be fine, HMAC is better if you can protect the key. A special attack can be executed on all, if the attacker knows the target phone, trying to infer some other data from the database. During the register, they enter their phone number as the same phone number of the target. Once they can reach the database, they can pinpoint the target. The next is how vulnerable the other data, is! – kelalaka Nov 01 '20 at 15:47
  • Note that there are tons of questions/answers about this on [crypto.se] [security.se] and [so] your question doesn't ask a new type, too. Should I found sone for, you? [https://stackoverflow.com/search?q=encrypted+database+search] – kelalaka Nov 01 '20 at 16:10
  • eff: Evaluating your threat model – kelalaka Nov 01 '20 at 17:08
  • For searching over encrypted entries, these strategies may help https://security.stackexchange.com/q/239547/25009 – ManRow Nov 09 '20 at 07:16

0 Answers0