Cloud storage technologies have their gains and pains. While they enable distributed operations, they also raise the question of keeping data well-protected.
Encrypting sensitive data is one of the first steps in this field. However, encryption makes it harder to search over the data once it is encrypted, which is both what encryption is needed for and a huge operational downside. In an ideal world, it would be convenient to keep the data encrypted and still be able to securely search over it, without constraining the application architecture. And today it's possible.
To solve the issue, we built a technology called Acra Searchable Encryption. It’s basic version is available in Acra Community Edition, a more sophisticated one—in Acra Enterprise Edition.
Searchable encryption means that data is stored encrypted in the database, yet it’s possible to run simple queries on encrypted fields without decrypting them.
💡 There are various searchable encryption schemes available, but in Acra we use one that balances security and usability the best—it's keyword search.
Acra’s search through encrypted data is based on blind indexing with probabilistic bloom filters, built around strong AES-GCM-256 and HMAC.
Acra encrypts data fields and builds a searchable index for them. Acra supports exact queries out of the box (
select * from emails where email=<query>), and allows building compound encrypted indexes to make even sophisticated queries possible over encrypted data.
💡 Unlike the existing solutions, Acra provides adjustable performance-leakage ratio for protected search, strict separation of duties which guarantees absence of cryptographic key leakage from application, secure storage and management of cryptographic keys, and a set of additional security features that better correspond to the real-world threats.
🔥 Ready to learn more Acra features? Follow the link to get acquainted with another feather in our cap :)