What is End-to-end Encryption?
The technical approach Aroki uses to protect databases is called "end-to-end encryption" and is sometimes referred to as "client-side encryption". In this approach, all data is encrypted at its point of origin, namely inside the trusted zone where the application is executing. It is then transmitted to the database server where it is processed (while encrypted) and then stored (still encrypted). Later, when the application wants to retrieve the data, it sends an encrypted query to the database which is then executed, causing a result set of still-encrypted data to be returned. Inside the trusted zone, it is decrypted and the application can display it or process it further. This approach is called end-to-end encryption (E2EE) since the data is encrypted throughout its lifecycle.
The information security news media has been covering the need for E2EE for several years and it has been growing in popularity for some time. Signal, Telegram, WhatsApp, even Facebook Messenger, all use it to protect their customers' messages from unauthorized access. In 2018 the Aroki team wrote an Android app called Pixek to demonstrate E2EE protecting pictures on a smartphone. More recently, E2EE email and E2EE videoconferencing have also become available.
The Encryption Key is Key
The reason for E2EE's growing adoption is that it allows only authorized users who possess the encryption key to see the data. This is central to the E2EE security guarantee that not even the operators of the data center where the data is stored can see the unencrypted data, unless they possess the encryption key.
The SysAdmin Problem
E2EE allows a cleaner and more secure separation of duties between the folks who need to run the applications that create and process the data on the one hand, and the folks who need to keep the database running smoothly on the other. Database Administrators (DBAs) and SysAdmins have long been the target of hackers because their login credentials give them (and a successful hacker) full access to all the data in a database - this is "The SysAdmin Problem".
With E2EE in place, the DBAs and SysAdmins can still manage the database but cannot see its contents. Note that Full Disk Encryption (FDE), sometimes called Transparent Data Encryption, provides no protection against this risk since the data is decrypted as it leaves the storage medium. Nor does Transport Layer Security (TLS) protect against this risk since the data is converted to plaintext as it leaves the network.
End-to-end database encryption gives IT professionals strong security guarantees for protecting sensitive database information.