Understanding Encryption at Rest and Beyond: Strengths and Weaknesses

In the ongoing effort to secure sensitive data, the concept of "encryption at rest" often surfaces as a critical defense mechanism. A recent article titled "Encryption At Rest: Whose Threat Model Is It Anyway?" takes a deep dive into this topic, exploring the practicalities, challenges, and often misunderstood aspects of this security measure. The discussion that followed on Hacker News and reddit further emphasized the need for clarity and a well-defined threat model. Here, we summarize the article's key points and reflect on the ongoing discussion it sparked. 

The Core of Encryption at Rest

Encryption at rest refers to the process of encrypting data stored on physical media to protect it from being accessed by unauthorized parties who gain physical access to the device. The main objective is to ensure that even if a storage medium is physically compromised, the data remains inaccessible without the appropriate decryption key.

The article begins by addressing a common misconception: the effectiveness of encryption at rest. Some argue that it offers little protection against sophisticated online attacks. While it's true that encryption at rest won't safeguard against every type of threat, dismissing it as simply a performative security measure is misleading. Encryption at rest is not a one-size-fits-all solution. Its effectiveness depends significantly on the threat model it’s designed to counter.

Defining the Threat Model

A threat model is a detailed analysis of potential security threats to a system, including their impact level and what assets can be affected as well as prioritizing it all, and lastly outlining how these threats can be mitigated. For encryption at rest, the threat model often remains misunderstood, leading to misconceptions about its protective efficacy.

Encryption at rest is highly effective in scenarios where physical access to storage devices is a concern. Consider mobile phones, which are often at risk of being stolen and accessed physically by unauthorized parties. In such a situation encryption at rest is highly efficient and deters thieves from accessing personal data. It just works. In the 90s, encryption at rest was highly effective against physical access or theft, as there were no data centers, and everyone had their own PC’s and servers, making physical theft easier. For example, today all mobile phones come with strong encryption and protection technologies of securing the storage media.

High-Level Attacks

On the other hand, in today’s tech world where cloud environments are common, encryption at rest no longer serves its purpose and often remains in use as a relic of the past. Compliance mandates its use, but it fails against simple attacks like SQL injection, lateral movement, or compromised credentials, where attackers can dump all data, often without detection, leading to no proper post-mortem analysis or monitoring. Implementing encryption at the application level raises the bar for attackers but requires more work and knowledge from developers, which can be a barrier today and is not yet common practice for data protection. 

Advanced Encryption Techniques

Encrypting data in cloud environments is still paramount to data security. And it might cover you from different threats that are less common but still very likely. For example, cross tenant attacks on the cloud provider to access your customer data by breaking into your own shared database instance. Therefore, it depends where and how you do it and what threats you wish to thwart.

Using more advanced encryption methods such as Authenticated Encryption with Associated Data (AEAD) or client-side encryption provides stronger security features. Implementing AEAD modes like AES-GCM or XChaCha20-Poly1305 can significantly enhance the security of data at rest. For instance, AES-GCM combines encryption and authentication, ensuring both confidentiality and integrity of data. Similarly, XChaCha20-Poly1305 offers strong cryptographic guarantees suitable for securing sensitive information.

Piiano Vault applies these advanced encryption techniques rigorously to safeguard data at the highest standard. By implementing AEAD modes and client-side encryption, Piiano Vault ensures that sensitive information remains protected from unauthorized access and tampering. This approach is particularly crucial for systems managing data from multiple tenants, where key-committing AEAD modes bind encryption keys to specific data contexts, preventing cross-segment misuse and bolstering overall security. Additionally, using advanced security solutions that include advanced encryption methods can also address the vulnerabilities of encryption at rest. Specifically by using a vault you guarantee that anyone accessing the database directly will never see any data in plaintext, thus reducing the attack surface.

High-Level Attack Vectors and Why a Vault Is Necessary

We stated earlier that no matter what encryption algorithms for at-rest data protection are used, still threat actors can bypass them when attacking the application or DB servers using SQL injections, lateral movement, backdoors, or other similar attacks.

In reality it’s even worse! Even if data is encrypted at the application level, such attack vectors still bypass them all. So this problem isn’t eliminated.

To counter these attacks, it's essential to consider security measures that can mitigate them directly. Here are some security primitives that make a vault much more fortified than a database:

1. APIs that get only parameterized arguments, promoting natural security and less error-prone to injections.
2. All read-data APIs enforce pagination, there’s no way to dump everything in one shot, unless your dataset is very small anyway.
3. A few granular access controls that guarantee to reduce attack surface, such as READ permissions (read and list everything) and removing a LIST permission (imagine directory listing, normally it’s used inversely to block listing, so you must have in advance the key identifiers of objects you want to access) and even SEARCH permissions (so you can look up a record by a specific field but not read it back).
4. Easily employing data masking out of the box, so a web-server can only read masked data and even if compromised the attacker won’t be able to dump it all, like a SSN column.
5. Rate limiting is also very important, so some users that have access to the vault can be limited in how much data they can fetch. This is more suitable for human users.
6. For machine to machine data access we employ impersonation by using JWT of the end users, making access to data only by its logical owners. So even a fully compromised web-app can’t dump all customers’ data.
7. Last but not least, everything is fully audited and monitored, so you have visibility of what’s going on with data access patterns and can learn over time its behaviors.

A Dialogue on Security

While encryption at rest is a powerful tool, its effectiveness depends on a well-defined threat model or specific use-case, and careful implementation. By understanding and applying the appropriate encryption techniques, organizations can significantly bolster their defenses against various threats. The conversation extends beyond the article and sparked lively debates on platforms like Hacker News and Reddit, highlighting the nuanced perspectives on encryption strategies and threat models. Participants raised interesting questions and explored concepts such as cloud provider security, the role of encryption keys, and the evolving threat landscape. As one Reddit user shared, “It's one of those controls that moves an attack from an invisible space into a visible space; with encryption at rest it's possible to have strong audit logs.”

At Piiano, we continue to refine our approach and technically raise the bar against data theft, ensuring that our Vault product not only meets but exceeds industry standards for data protection. By adopting best practices in key management and context-aware encryption, we provide our customers with robust and reliable security for their most sensitive data.