Ruby Video
Talks
Speakers
Events
Topics
Leaderboard
Sign in
Talks
Speakers
Events
Topics
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Recently I've been working in Rails applications where protecting sensitive data is a priority. But keeping data secure sometimes comes at the cost of utility. The types of queries you can execute can be limited. In this talk, I'll share what I've been learning about application level encryption, and an encryption scheme called Order Revealing Encryption (ORE). ORE enables querying capabilities while still keeping data encrypted when in use. I'll be demonstrating ORE's capabilities using a toy ORE library that I have built in Ruby.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In this talk titled **"Encrypted Search Party"**, Fiona McCawley discusses the challenges and techniques in protecting sensitive data, particularly in Rails applications where application-level encryption is vital. She focuses on **Order Revealing Encryption (ORE)**, a scheme that enables querying capabilities while maintaining data in an encrypted state. Fiona introduces the necessity of encryption for securing sensitive information and highlights various encryption approaches, specifically differentiating between deterministic and non-deterministic encryption modes. ### Key Points Discussed: - **Introduction to Encryption:** - Encryption transforms plaintext into ciphertext, making the data unreadable without a specific key. - Deterministic output produces the same ciphertext for identical plaintexts, whereas non-deterministic output generates different ciphertexts each time, using an IV (Initialization Vector). - **Application-Level Encryption:** - This type refers to the control of the encryption and decryption processes by the client, ensuring sensitive data is encrypted as close to the client as possible throughout its lifecycle. - Demonstrated using Rails 7’s Active Record, which now supports application-level encryption, highlighting the steps involved in setting it up. - **Challenges of Querying Encrypted Data:** - Attempting to run SQL queries against encrypted data often returns no results since the encrypted values don't match the database's plaintext expectations. - **Overview of ORE:** - ORE allows for comparing two ciphertexts to determine the order of their plaintext equivalents without revealing the actual plaintext values. - It operates using two keys (PRF and PRP) to facilitate encryption and secure comparisons. - **Demonstration of ORE Library:** - A toy ORE library was built to exemplify how the scheme works, showcasing how ciphertexts are generated and compared in a secure manner. ### Conclusion and Takeaways: - ORE presents a viable solution for maintaining data privacy while allowing necessary querying capabilities. - Adoption of application-level encryption, such as that supported in Rails, can enhance data security practices in modern web applications. - The toy ORE library is available on RubyGems, inviting developers to experiment and implement these concepts in their own Ruby applications. - Fiona encourages further discussion and exploration of these practices after her talk to deepen understanding of data security challenges and solutions.
Suggest modifications
Cancel