Implementing PII Encryption with PDX Serialization
Download as PPTX, PDF1 like260 views
The document discusses the implementation of Personally Identifiable Information (PII) encryption using PDX serialization, highlighting alarming data security trends and the importance of encrypting data both during storage and transit. Key features include encryption on the client side without un-encrypted data ever reaching the server and the ability to perform searches based on encrypted PII fields. It also outlines the fundamentals of PDX serialization for encrypting individual PII fields and integrating with existing application logic to enhance data security.
Implementing PII Encryption with PDX Serialization
- 1. Implementing PII Encryption with PDX Serialization Gideon Low & Niranjan Sarvi Pivotal Data Engineering
- 2. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Some Disturbing Data Security Trends . . . ● According to breachlevelindex.com, there were over 1.3 billion data records stolen or lost in 2017, up 86 million from 2016. 2/3rds due to malicious intent. ● In the last 5 years, only 4% were “Secure Breaches”, where the record data was encrypted. ● Industry analyst group Forrester reports that “51% of global network security decision makers reported at least one breach in the past 12 months” 3 ● Kaspersky Lab reports that 31% of data security breaches lead to the firing of employees(!) Anecdotal: In 2018, I have personally been asked about protecting PII data by every one of my customers and prospects.
- 3. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ PDX-Based PII Encryption Features • PII data Encrypted on Disk, In memory, and in-transit (within TCP Network stack). • All encryption/decryption happens on the Geode client (App Server). Server- side never handles un-encrypted PII. • Retain the ability to search data based on encrypted PII fields: • Support OQL queries/indexes with equality predicates (no range queries). • Support encrypted PII as Region keys. MAYBE NOT FOR S1 insufficient time? • Minimize Performance impact • Minimize impact to existing application logic • Integrate with key management tools. 4
- 4. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ PDX PII Serialization Fundamentals • PDX PII Serialization logic installed on Geode client-side only: Geode servers receive/handle only encrypted PII. • Serialization Logic encrypts each PII field individually, replacing the original String with a Base64-encrypted String. • A short char sequence is prepended as a marker to enable migration (first- time encryption & re-encryption due to key rotation). • Deserialization logic reads encrypted String field from the inbound PDX byte array, decrypts the PII value, and assigns the decrypted value to the POJO member field. • Enabled via Java Annotations — Designate PII fields via annotations, which drive the custom serializer behavior. 5
- 5. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Basic Concept Distilled . . . 6 Serialize Before: public boolean toData(Object o, PdxWriter writer) { Customer instance = (Customer) o; writer.writeDate("creationDate", instance.creationDate) .writeString("name", instance.name) .writeObject("ssn", instance.ssn) .writeString("dob", instance.dob); return true; } After: public boolean toData(Object o, PdxWriter writer) { Customer instance = (Customer) o; writer.writeDate("creationDate", instance.creationDate) .writeString("name", instance.name) .writeObject("ssn", encryptorBean.encrypt(instance.ssn)) .writeString("dob", encryptorBean.encrypt(instance.dob)); return true; } Deserialize Before: public Object fromData(Class<?> clazz, PdxReader reader) { if (!clazz.equals(Customer.class)) return null; Customer c = new Customer (); c.creationDate = reader.readDate("creationDate"); c.name = reader.readString("name"); c.ssn = reader.readString("ssn"); c.dob = reader.readString("dob"); return c; } After: public Object fromData(Class<?> clazz, PdxReader reader) { if (!clazz.equals(Customer.class)) return null; Customer c = new Customer (); c.creationDate = reader.readDate("creationDate"); c.name = reader.readString("name"); c.ssn = piiEncryptionBean.decrypt(reader.readString("ssn")); c.dob = piiEncryptionBean.decrypt(reader.readString("dob")); return c; }
- 6. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Encryption Service Details • NOTE: Encryption service does not use Geode API . . . • Encapsulates Logic into a single service class ("ICryptoService"): • Init( ) logic obtains encryption key & instantiates Cipher • Only Public methods are: • encrypt(String pii) • decrypt(String encryptedPii) • Ciphers provided via JRE Java Cryptography Extensions (JCE). • Wired-in as a Singleton Spring Bean 7
- 7. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Putting it Together: Custom PDX AutoSerializer Brief Description of Geode’s ReflectionBasedAutoSerializer: • Enabled via PDX Configuration (cache-client.xml, API, or SDG) • Reflects on Java Class definitions to construct PDX Type metadata and runtime serialization logic. • Extensible via these methods: • boolean transformFieldValue ( Field f, Class type ) — Is the Field PII? • Object writeTransform ( Object origValue ) — Modify default serialization logic. • Object readTransform ( Object serializedValue ) — Modify default de- serialization logic. 8
- 8. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Putting it Together: Annotated PII Fields @EnableEncryption private String ccardNumber; Add Annotation Checks public boolean transformFieldValue(Field field, Class<?> type) { // Check if encryption is enabled on the field if (field.isAnnotationPresent( EnableEncryption.class)) { return true; } else return super.transformFieldValue(field, type); }
- 9. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Java JRE JCE Ciphers Spring Initialization Steps 1 1 Initialization/Startup Logic AutoSerializer: - Reflects on D.O. Classes - Builds PDX metadata repo incl. annotated PII Fields CryptoService: - Obtains Encryption Key(s) - Instantiates Cipher from JCE Geode Client: - Connect to Geode Server Cluster Boot
- 10. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Runtime 1 2 Java JRE JCE Ciphers Spring Runtime Logic PIIAutoSerializer: - Reflects on D.O. Classes - Builds PDX metadata repo incl. annotated PII Fields CryptoService: - Obtains Encryption Key(s) - Instantiates Cipher from JCE Geode Client: - Connect to Geode Server Cluster Boot Geode Client API (Region, Function Service, Subscriptions) Geode PDX Serialization Geode Client Connection Pool CryptoService:: - encrypt() - decrypt() Data Ops Requests
- 11. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Code & Demo
- 12. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Demo’able Items 1 4 ● Data model ● Encryption implementation ● Gemfire operations ● OQL queries ● gfsh queries with encrypted data Geode PII Encryption code is at https://github.com/Pivotal-Data-Engineering/geode-pii-encryption
- 13. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Zero downtime migration ● Our follow-up blog titled “PDX PII Encryption Migration Strategies” will be published in the next few weeks. ● Meanwhile, please see us after the session if you’d pick-up a hard-copy.
- 14. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Q & A