Maybe in this scenario a Secure Enclave could make sense (eg Intel sgx)? The scenario that you describes looks like MIT CryptDB, eg https://css.csail.mit.edu/cryptdb/
> Am 25.06.2019 um 21:05 schrieb Tim Casey <tca...@gmail.com>: > > My two cents worth of comment, > > For our local lucene indexes we use AES encryption. We encrypt the blocks > on the way out, decrypt on the way in. > We are using a C version of lucene, not the java version. But, I suspect > the same methodology could be applied. This assumes the data at rest is > the attack vector for discovering what is in the invertible index. But > allows for the indexing/querying to be done in the clear. This would allow > for stemming and the like. > > If you have an attack vector in which the indexing/querying are not > trusted, then you have a whole different set of problems. > > To do stemming, you need a homomorphic encryption scheme which would allow > per character/byte queries. This is different type of attack vector than > the on-disk encryption. To me, this implies the query system itself is > untrusted and you are indexing/querying encrypted content. The first > "thing" people are going to try is to hash a token into a 256bit value > which becomes the indexable token value. This leads to the lack of > stemming from above comments. Depending on how keys are handled and hashes > are generated you can run out of token space in the various underlying > lucene indexes because you have more than 2 million tokens. > > > >> On Tue, Jun 25, 2019 at 10:21 AM Ahuja, Sakshi <ahuj...@upmc.edu> wrote: >> >> I am actually looking for the best option so currently doing research on >> it. >> For Window's FS encryption I didn't find a way to use different >> Username/Password. It by default takes window's username/password to >> encrypt and decrypt. >> >> I tried bitlocker too for creating encrypted virtual directory (Which >> allows me to use different credentials) and to keep Solr Index in that but >> somehow Solr Admin was unable to access Index from that encrypted >> directory. Not sure how that is working. >> >> If you have any idea on that- will wok for me. Thanks! >> >> -----Original Message----- >> From: Jörn Franke <jornfra...@gmail.com> >> Sent: Tuesday, June 25, 2019 12:47 PM >> To: solr-user@lucene.apache.org >> Subject: Re: Encrypting Solr Index >> >> Why does FS encryption does not serve your use case? >> >> Can’t you apply it also for backups etc? >> >>> Am 25.06.2019 um 17:32 schrieb Ahuja, Sakshi <ahuj...@upmc.edu>: >>> >>> Hi, >>> >>> I am using solr 6.6 and want to encrypt index for security reasons. I >> have tried Windows FS encryption option that works but want to know if solr >> has some inbuilt feature to encrypt index or any good way to encrypt solr >> index? >>> >>> Thanks, >>> Sakshi >>
