RE: [Proposal] Table-level Transparent Data Encryption (TDE) andKey Management Service (KMS) - Mailing list pgsql-hackers

From Tsunakawa, Takayuki
Subject RE: [Proposal] Table-level Transparent Data Encryption (TDE) andKey Management Service (KMS)
Date
Msg-id 0A3221C70F24FB45833433255569204D1F9A3BB2@G01JPEXMBYT05
Whole thread Raw
In response to Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)  (Tomas Vondra <tomas.vondra@2ndquadrant.com>)
Responses RE: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
List pgsql-hackers
> From: Tomas Vondra [mailto:tomas.vondra@2ndquadrant.com]
> On 05/25/2018 01:41 PM, Moon, Insung wrote:
> > BTW, I want to support CBC mode encryption[3]. However, I'm not sure
> > how to use the IV in CBC mode for this proposal. I'd like to hear
> > opinions by security engineer.
> >
> 
> I'm not a cryptographer either, but this is exactly where you need a
> prior discussion about the threat models - there are a couple of
> chaining modes, each with different weaknesses.
Our products uses XTS, which recent FDE software like BitLocker and TrueCrypt uses instead of CBC.

https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS

"According to SP 800-38E, "In the absence of authentication or access control, XTS-AES provides more protection than
theother approved confidentiality-only modes against unauthorized manipulation of the encrypted data.""
 



> FWIW it may also matter if data_checksums are enabled, because that may
> prevent malleability attacks affecting of the modes. Assuming active
> attacker (with the ability to modify the data files) is part of the
> threat model, of course.

Encrypt the page after embedding its checksum value.  If a malicious attacker modifies a page on disk, then the
decryptedpage would be corrupt anyway, which can be detected by checksum.
 


Regards
Takayuki Tsunakawa



pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: pg_config.h.win32 missing a set of flags from pg_config.h.inadded in v11 development
Next
From: Michael Paquier
Date:
Subject: Re: pg_config.h.win32 missing a set of flags from pg_config.h.inadded in v11 development