Secure Enterprise Collaboration with Searchable Encryption
Although virtual data rooms are becoming more popular, most collaboration between companies and their auditors, law firms, and other service providers is through email and email attachments. It is rather stunning how much valuable information is vulnerable inside corporate email systems. The Black Forest Digital Trust Platform can provide a much more secure collaborative environment through the use of high performance searchable encryption and data compartmentalization/micro-segmentation.
Imagine that a financial controller or CFO within a corporation wants to securely share documents with their auditor. What if they could simply drop those documents into a folder on their computer and those documents could be stored in the cloud and easily accessed by the auditor? Clearly they could simply use a cloud storage provider to do this. However, it is more likely today that they would attach the documents to an email and send to the auditor, trusting their email system and the auditors email system. Somehow neither of these methods seem secure enough, especially with recent hacks that have been in the news. But what happens when we add strong encryption to either of these seamless information sharing methods? They become anything but seamless.
Encryption is a PITA
We all know encryption is the answer for protecting our information. So why don't we encrypt all documents before we email them to anyone? We don't because exchanging keys or using document passwords is a hassle. We have enough of these things to remember. Another problem is that often we aren't simply collaborating with one person, but with several, making key or password distribution another hassle. The other problem with encryption is that once encrypted, we can't easily find what we need out of the thousands of documents we have. Because encryption is a hassle, we often leave our documents sitting as unencrypted attachments in email systems, sitting on shared drives, or in cloud storage.
Solution is Zero Knowledge, Searchable Encryption, and Compartmentalization
The following diagram shows a conceptual solution to the enterprise collaboration problem, specifically between a professional services provider such as an auditor and their corporate client. The top half of the diagram shows a zero knowledge trust layer that contains zero knowledge document storage, zero knowledge search index, zero knowledge key management, and a zero knowledge distributed ledger. Only strongly encrypted information lives in the zero knowledge trust layer. The bottom half of the diagram shows how users can securely share documents and persistent messages with each other. This architecture minimizes where data and keys are colocated and vulnerable, thereby minimizing attack surface.
Step 1 shows a user that wants to share a Word document with their auditor. The user drops the file into a client integrated into Windows shell (like DropBox) and is asked what security compartment the file belongs in. The user selects "Very secret audit info". Step 2 shows the client retrieves the encryption key for that security compartment from key management and decrypts it for use. (possibly with an HSM). Step 3 shows the client extracts metadata and search terms from the Word document, encrypts the resulting tuples, and stores in the document index. Step 4 shows the encrypted word document being stored in document storage. The user also wants to send a message with nonrepudiation to the auditor. Black Forest Distributed Ledger supports millions of ledgers and each can function as a secure two-way or multi-party digital trust channel for exchanging information. Step 5 shows the message being sent to one such channel.
The auditor receives the message and decides to work on this corporation's audit. They search for some relevant documents in Step 7. The Black Forest DB returns the encrypted tuples that correspond to the user's search. The user chooses a document and it is retrieved in Step 9 and decrypted. As part of the search, the correct encryption key must be retrieved from the key management service. Step 10 shows the document being presented to the user.
Zero Knowledge Key Management
A very interesting part of this diagram is the zero knowledge key manager. We envision using Black Forest DB to hold very large numbers of keys and using Black Forest DB's fine grain security labels and signed user assertions to manage access to these encrypted keys. If the key manager is zero knowledge and the keys are encrypted how does a user actually decrypt the key to use it? A mechanism of some kind such as an HSM or even passphrase access is required. That mechanism should be integrated with identity management and multi-factor authentication. Unfortunately, hardware security modules do not have the needed properties to manage large numbers of keys. Instead, they can be used to "bootstrap" trust using a smaller number of master keys. The whole point of zero knowledge is to minimize where trust is required, but it can't eliminate it completely. The ability to manage large number of keys is an important enabler of cryptographic compartmentalization of information. Compartmentalization or micro-segmentation of data means encrypting sets of data with different encryption keys so that a breach of one compartment does not impact any other, limiting the total impact of a breach.
Black Forest Digital Trust Platform can deliver seamless and secure enterprise collaboration on a massive scale between service providers such as auditors and their corporate clients. This architecture securely delivers the right information to the right people at the right time. It improves information security and the flow of information. Information is completely secure in the zero knowledge trust layer and due to high performance searchable encryption documents are easy to find, even while encrypted. Key management can be performed for a large number of security compartments, enabling data segmentation, greatly minimizing the impact of any breach. This architecture supports cloud, hybrid or on-premises architectures. The ability to store documents, search indexes, and encryption keys with zero knowledge means that they can be hosted in the cloud without needing to trust the cloud provider. Our approach minimizes the locations within the architecture where trust is required, providing a highly secure, effective, seamless, and scalable enterprise collaboration capability. We expect that someday, most document sharing and enterprise collaboration will take advantage of a zero knowledge architecture.