What Is Searchable Encryption?
Encryption is the method by which information is converted into a secret code that hides the information’s true meaning. Encryption is widely used to protect different kinds of data stored and transferred online, in order to protect malicious actors from revealing the information encrypted.
However, users not only store data, but they also search for it. Sometimes they enter sensitive data in the search fields, such as credit card details, or health information. Imagine what would happen in such cases, if someone gets access to search history and be able to link the search data with the user searching for it. That’s why it’s important the data employees search for to be also encrypted. Encrypted search (search in encrypted data) is the process of encrypting information users are searching for.
Encrypted Vs Unencrypted Search
Encryption can make the information a user searches for private.
In 2020, the encrypted search is still a popular practice mainly for search engines. And although it’s proven to be an important security measure, it’s often neglected by different kinds of software supporting search in records.
We at LogSentinel have developed an algorithm for searching in encrypted data based on state-of-the-art research, in order to ensure the full security of our products.
SentinelTrails, LogSentinel SIEM’s secure audit trail, ensures that no one can delete or modify event logs. However, searching within logs would mean a security gap if the information is not encrypted. This would mean that somewhere the data is stored unencrypted. For this reason, we minimize the risk of security breaches by the implemented encrypted searches.
This way, even within the centralized dashboard data breach attempts have been minimized by implementing the encrypted search.
And while for SentinelTrails the encrypted search feature sounds like a far-fetched scenario, for our product – SentineDB – it is a must-have.
SentinelDB is a privacy-by-design, secure database, ensuring total protection of the critical data stored, utilizing multi-level data encryption and AI-powered anomaly detection. To be able to quickly search within data, developers usually store an unencrypted version of the so-called encrypted database, which appears to be a huge security gap, especially if the data is sensitive. We solved this problem by implementing a search algorithm that is able to find results within encrypted data, minimizing the risk of backdoor breaches.
Searchable Encryption: Best Practices
The area of encrypted search focuses on the design and cryptanalysis of practical algorithms and systems that can search on end-to-end encrypted data. With encrypted search algorithms, data can remain encrypted even in use. As such, encrypted search algorithms have a wide array of applications including in data management, healthcare, cloud computing, mobile security, blockchains, and censorship- and surveillance-resistant systems.
When it comes to confidential data, privacy concerns are only one aspect of the data that can be exposed. Users happen to paste strings containing various types of confidential information when searching in records – from user names and passwords to data critical to the business continuity.
Another security concern is the database it’s being searched in. To be truly protected, not only the search query should be protected but also the database it’s being searched in.
The following types of objects within a protected search system are vulnerable to leakage:
- Records returned in response to queries, or other relationships between the data items and the queries (e.g., records that partially match a conjunction query).
- Access control rules and the results of their application.
- Data items, and any indexing data structures.
Why Does Log Search Need To Be Encrypted?
As we discussed, search queries can contain highly sensitive information. Therefore, to ensure zero chance of data breach attempts, organizations need to review and evaluate all possible security gaps and try to follow as many security best practices as possible.
We at LogSentinel realize that it takes time and effort for an information security team to perform R&D about search in encrypted logs, and that’s why we implemented this functionality in our ready-to-use product. We already covered how audit trail and SIEM complement each other in this article, and why audit trail is so important for organizations to achieve information security compliance in terms of data integrity.
How LogSentinel Ensures Log Security Utilizing Searchable Encryption?
LogSentinel’s API provides a mechanism of searching in encrypted details, without putting sensitive data at risk. The encrypted search can be easily performed by following 3 steps before sending data to the API:
- Extract parameters and keywords from the payload, by which events will be searchable
- Encrypt payload details with a symmetric key. The algorithm must be AES (128 or 256). Important: for better security, you should put a random block of 16 bytes in front of plain message before encrypting.
- Encrypt each keyword with the same key as in step 2 and hash it with SHA-256
With this feature, LogSentinel ensures total security of your logs – and zero chances of compromising even the data your users search for. Using LogSentinel’s security solutions, you can implement the security best practices provided by NIST in terms of audit logs and encryption with simple API integration.
If you want to develop a long-term strategy that enables your organization to reap the benefits of the cloud infrastructure for achieving stronger information security, without the risk of losing control or consistency, then you need to work with suppliers you trust and technologies that are proven to help guide your journey.
Interested to learn more about how LogSentinel can help you secure your sensitive data? Talk to us today:
Denitsa Stefanova is a Senior IT Business Analyst with solid experience in Marketing and Data Analytics. She is involved in IT projects related to marketing and data analytics software improvements, as well as the development of effective methods for fraud and data breach prevention. Denitsa supports her IT-related experience by applying her skills into her everyday duties, including IT and quality auditing, detecting IT vulnerabilities, and GDPR-related gaps.