New encryption capabilities in MongoDB 4.2 provide client-side field-level encryption that protects sensitive data. The encryption is performed by the client drivers using modern cryptography, keeping encrypted fields opaque to the database server and operators. This allows individual fields to be encrypted per document with customer-managed keys. The presentation provides a history of database security methods and covers the new encryption in terms of design, cryptography used, and developer experience. A code example demonstrates how to configure and use the new encryption capabilities.

2. New encryption capabilities in MongoDB 4.2:
A deep dive into protecting sensitive workloads
Prasad Pillalamarri
Technical Director, MongoDB Software India Private Limited

3. New encryption capabilities in MongoDB 4.2:
A deep dive into protecting sensitive workloads
Agenda
▪ A brief history of database security
▪ Trust models: server vs. client
▪ Encrypting data-in-use
▪ Hands on deep dive
▪ Q&A

4. A brief history of database security

5. A brief history of database security
Evolution
▪ access controls
▪ passwords
▪ plaintext > hashing > key derivation
▪ bearer tokens
▪ NTLM, Kerberos tickets, LDAP/S, SCRAM, web session

6. A brief history of database security
Evolution
▪ access controls
▪ passwords
▪ plaintext > hashing > key derivation
▪ bearer tokens
▪ NTLM, Kerberos tickets, LDAP/S, SCRAM, web session
▪ multi-factor auth
▪ LCD fobs / SMS / 2FA apps / FIDO-U2F / WebAuthn / mobile enclaves
▪ federated RBAC

7. A brief history of database security
Evolution
▪ network
▪ (plaintext) native wire protocols
▪ SSL encryption
▪ TLS
▪ TLS w/ PFS

8. A brief history of database security
Evolution
▪ storage
▪ volume-level / full disk encryption (FDE)
▪ BitLocker, DMCrypt, FileVault, encrypted EBS

9. A brief history of database security
Evolution
▪ storage
▪ volume-level / full disk encryption (FDE)
▪ BitLocker, DMCrypt, FileVault, encrypted EBS
▪ file-level encryption
▪ whole database
▪ per-database (WiredTiger ESE)
▪ tablespace
▪ database-level encryption
▪ column / field

10. A brief history of database security
These are all important defenses, but…
What is the threat?
Against whom/what are we defending?
▪ “hackers”?
▪ criminal blackhats?
▪ competitors?
▪ activists?
▪ unknown actors?

11. A brief history of database security
These are all important defenses, but…
What is the threat?
Against whom/what are we defending?
▪ “hackers”?
▪ criminal blackhats?
▪ competitors?
▪ activists?
▪ unknown actors?
▪ insiders?
▪ admins?

12. The security model for many Prod databases

13. A brief history of database security
Every sector of the global economy has been impacted
▪ enterprise
▪ consumer tech
▪ retail
▪ government
▪ healthcare
▪ finance
…

14. A brief history of database security
Major shifts in regulatory & privacy climate
▪ GDPR
▪ HIPAA
▪ PCI DSS
▪ NIST/FISMA
▪ Consumer protection
▪ State & provincial

15. A brief history of database security
System architect & developer security challenges
Meeting legal/regulatory obligations
▪ Controls
▪ Audit/attestation
Defending real-world attacks
▪ First Principles: C/I/A
▪ Separation of duties
▪ Access control
▪ Identifying & protecting sensitive data

16. A brief history of database security
System architects & develop security challenges
Meeting legal/regulatory obligations
▪ Controls
▪ Audit/attestation
Defending real-world attacks
▪ First Principles: C/I/A
▪ Separation of duties
▪ Access control
▪ Identifying & protecting sensitive data

17. Trust models: server vs. client

18. Trust models: server vs. client
What is the source of trust?
▪ Traditionally, DB encryption has relied on server-side trust
▪ This has implications, many not so obvious
▪ With a few caveats, the database operator typically has
unrestricted technical access, including:
▪ DBAs
▪ system admins
▪ hosting/infrastructure providers

19. Trust models: server vs. client
The fundamental challenge is protecting the confidentiality of
data while it’s in use.

20. Encrypting Data-in-Use

21. Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ encryption as a first-class citizen
▪ modern, authenticated encryption algorithms

22. Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ encryption as a first-class citizen
▪ modern, authenticated encryption algorithms
▪ strong security guarantees
▪ customer-managed keys
▪ content is opaque to server & server operator

23. Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ major investment
▪ 2 years in the making
▪ 16+ engineers spanning core server, query, security, cloud, drivers
▪ targeting 12+ languages
▪ all major hardware & operating system platforms
▪ Linux, MacOS, Windows

24. MongoDB Client-Side Field-Level Encryption
Core design
▪ enabled in drivers
▪ drivers have expanded MQL awareness
▪ extends existing JSON Schema with new “encrypt” propert

25. MongoDB Client-Side Field-Level Encryption
Core design
▪ enabled in drivers
▪ drivers have expanded MQL awareness
▪ extends existing JSON Schema with new “encrypt” propert
▪ adds JSON Schema validation to the client
▪ individual fields within collections can be marked as encrypte
▪ keys can be used on a per-field, per-document basis

26. MongoDB Client-Side Field-Level Encryption
Cryptography
▪ multiple encryption options, including deterministic search
▪ cloud key services are natively integrated
▪ modern authenticated encryption with AES-256 & SHA-2
▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson)

27. MongoDB Client-Side Field-Level Encryption
Cryptography
▪ multiple encryption options, including deterministic search
▪ cloud key services are natively integrated
▪ modern authenticated encryption with AES-256 & SHA-2
▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson)
▪ abuse-resistant derived deterministic IVs
▪ native OS libraries used for crypto primitives

28. MongoDB Client-Side Field-Level Encryption
Developer view
▪ new JSON Schema attribute “encrypt”
▪ schema validation extended to the client/application
▪ key management services integrated into drivers

29. MongoDB Client-Side Field-Level Encryption
Developer view
▪ new JSON Schema attribute “encrypt”
▪ schema validation extended to the client/application
▪ key management services integrated into drivers
▪ driver generates secure request for field keys
▪ all encryption/decryption is done in the driver (on the client)
▪ server only sees encrypted binary data (BinData subtype-6)

30. MongoDB Client-Side Field-Level Encryption
How does it work?

31. MongoDB Client-Side Field-Level Encryption
{
firstName: "Pat",
lastName: "Lee",
ssn: "901-01-0001",
email: "lee@example.com",
mobile: "+1-212-555-1234",
medRecNum: 235498
}
{
firstName: "Pat",
lastName: "Lee",
! ssn: "r6EaUcgZ4lGw…",
! email: "K4b5U3TlcIXh…",
! mobile: "oR72CW4Wf5Ej…",
medRecNum: 235498
}
View from application
View from database (admin, server, DB logs, process memory)

33. Let’s look at some code

34. "test.patients" : {
"bsonType" : "object",
"properties" : {
"medRecNum" : { "bsonType" : "int" },
"firstName" : { "bsonType" : "string" },
"lastName" : { "bsonType" : "string" },
"ssn" : {
"encrypt" : {
"bsonType" : "string",
"algorithm" : encryption_mode,
"keyId" : [ key1 ]
}
},
"mobile" : { "bsonType" : "string" },
"email" : { "bsonType" : "string" },
}}

35. "test.patients" : {
"bsonType" : "object",
"properties" : {
"medRecNum" : { "bsonType" : "int" },
"firstName" : { "bsonType" : "string" },
"lastName" : { "bsonType" : "string" },
"ssn" : {
"encrypt" : {
"bsonType" : "string",
"algorithm" : encryption_mode,
"keyId" : [ key1 ]
}
},
"mobile" : { "bsonType" : "string" },
"email" : { "bsonType" : "string" },
}}

36. "test.patients" : {
"bsonType" : "object",
"properties" : {
"medRecNum" : { "bsonType" : "int" },
"firstName" : { "bsonType" : "string" },
"lastName" : { "bsonType" : "string" },
"ssn" : {
"encrypt" : {
"bsonType" : "string",
"algorithm" : encryption_mode,
"keyId" : [ key1 ]
}
},
"mobile" : { "bsonType" : "string" },
"email" : { "bsonType" : "string" },
}}

37. var keystore = db.getCollection("__keystore")
var clientSideFLEOptions = {
"kmsProviders" : {
"aws" : {
"accessKeyId" : env.KMSKID ,
"secretAccessKey" : env.KMSKEY
}
},
"schemas" : { patientSchema } ,
"keyVaultCollection" : keystore
}
encryptedSession = new Mongo("localhost",clientSideFLEOptions)

38. var keystore = db.getCollection("__keystore")
var clientSideFLEOptions = {
"kmsProviders" : {
"aws" : {
"accessKeyId" : env.KMSKID ,
"secretAccessKey" : env.KMSKEY
}
},
"schemas" : { patientSchema } ,
"keyVaultCollection" : keystore
}
encryptedSession = new Mongo("localhost",clientSideFLEOptions)

39. var encryptedDb = encryptedSession.getDB("test");
encryptedSession.getKeyStore().createKey(
"aws", env.KMSARN, ["key1"]
)
var keys = encryptedSession.getKeyStore().getKeys()
var key1 = keys.getKeyByAltName("key1")

40. Query on an unencrypted field

41. encryptedDb.patients.find({ "medRecNum" : 235498 })
Query on an unencrypted field

42. {
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : "901-01-0001",
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to a client holding a valid key:

43. {
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to a client lacking a valid key:

44. {
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to legacy clients:

45. {
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to database administrator:

46. {
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to database, server memory, logs, backups:

47. Query on an encrypted field

48. encryptedDb.patients.find({ "ssn": "901-01-0001" })
Query on an encrypted field

49. encryptedDb.patients.find({ "ssn": "901-01-0001" })
Query on an encrypted field

50. encryptedDb.patients.find({ "ssn": "901-01-0001" })
encryptedDb.patients.find({ "ssn": BinData(6,"ASV2YBzOhUY…" )})
Query on an encrypted field

51. Quick Demo

52. MongoDB Client-Side Field-Level Encryption
Roadmap
▪ beta preview 4.2 rc2 available now – Java, Node.js & Shell fi
▪ additional language beta previews in coming weeks
▪ server support in Atlas via rc1+ preview
▪ 3rd party cryptography reviews in progress
▪ Docs & University – In Flight

53. MongoDB Client-Side Field-Level Encryption
Takeaways
▪ 4.2 introduces client-side field-level encryption
▪ designed for the most sensitive workloads
▪ enabled in all supported drivers on all supported platforms
▪ allows fields to be marked as encrypted, at the document-leve

54. MongoDB Client-Side Field-Level Encryption
Takeaways
▪ 4.2 introduces client-side field-level encryption
▪ designed for the most sensitive workloads
▪ enabled in all supported drivers on all supported platforms
▪ allows fields to be marked as encrypted, at the document-leve
▪ multiple enforcement options (client-side, server-side, or both)
▪ backwards compatible with existing admin & cluster tools
▪ EA/Atlas – automatic/transparent encryption (no app changes
▪ Community – explicit/manual encryption(requires app changes

55. Q&A

56. Thank You!