Hello, Guys. Here are answers to the TDE design questions. I will create FAQ in IEP-18 with this answers, also.
> 1. MEK, CEK rotation. Should we provide the way to change(regenerate) MEK, > CEK from time to time? Yes. PCI DSS are require it. See 3.6.4, 3.6.5 sections. > 2. Does CEK(table keys) relate to user access permission? No. It is prohibited by PCI DSS. 3.4.1: "Decryption keys must not be associated with user accounts" > 3. WAL encryption. How will it be implemented? LogicalRecord – key+value for encrypted cache entries are encrypted. PhysicalRecord.FullPageSnaphot - regular page encryption algorithm used. PhysicalRecord.DeltaRecord - delta is encrypted. > 4. We should keep CEKs in MetaStore. Yes, we should. We can't store CEKs in KeyStore because of PCI DSS 3.5.3.c: "Key-encrypting keys are stored separately from data-encrypting keys." > 5. How should we handle following case I propose to not include the node to cluster with the appropriate exception message. > 6. Public API to deal with CEK should be provided. The first draft of public API for TDE - https://github.com/nizhikov/ignite/pull/12 > 7. Can each node use own CEK? What are pros and cons for that? I propose to use one CEK per cache. CEK would be the same on every cluster node. It simplifies Ignite cluster management, backup procedure(like saving key copies on some external device), etc. > 8. How we can ensure that decryption succeed? In case CEK is broken. It can > be broken because of memory corruption, network errors, etc. Currently, page integrity is checked by CRC. I propose to reuse this procedure to ensure decryption integrity. > 9. Specific encryption algorithm has to be chosen prior an implementation. AES CBC – 256, 192, 128 bits. > 10. Page integrity are checked by CRC. How this process would be changed for > encrypted pages? The process doesn't change: 1. Decrypt page. 2. Check CRC. > 11. Page header has well-known content. This can be used for known-plain-text > attacks. We should measure the treatment and find the way to deal with it. This question requires additional research. We have to understand: Is there any issue here? But at first glance, We can encrypt blocks in reverse order – from last to first. Last blocks don't have well know so there is no issue here. В Пт, 27/04/2018 в 19:41 +0300, Nikolay Izhikov пишет: > Hello, Igniters. > > We've discussed TDE design privately with some respected community members > including Vladimir Ozerov and Alexey Goncharyuk. > Here the list of questions we have to address before starting TDE > implementation: > > 1. MEK, CEK rotation. > Should we provide the way to change(regenerate) MEK, CEK from time to time? > Is it required by PCI DSS standard? > > 2. Does CEK(table keys) relate to user access permission? > Need to study other vendors implementation. > > 3. WAL encryption. How will it be implemented? What issues we have to solve? > > 4. We should keep CEKs in MetaStore. > Not a question, just to write down decision. > > 5. How should we handle following case: > a. Node X left cluster. > b. Node X joins cluster. > c. Between steps a and b encryption keys has been changed > > 6. Public API to deal with CEK should be provided. > Looks like we need to support following methods: > a. Generate new CEK when encrypted cache are created > b. Decrypt CEK whenever needed. > > 7. Can each node use own CEK? What are pros and cons for that? > > 8. How we can ensure that decryption succeed? > In case CEK is broken. It can be broken because of memory corruption, network > errors, etc. > > 9. Specific encryption algorithm has to be chosen prior an implementation. > We have to support usage of other algorithms. > > 10. Page integrity are checked by CRC. How this process would be changed for > encrypted pages? > > 11. Page header has well-known content. This can be used for known-plain-text > attacks. > We should measure the treatment and find the way to deal with it.
signature.asc
Description: This is a digitally signed message part
