How implement Zero-knowledge/client-side encryption for personal data in a cloud?

Question

Is 8:00 and a hacker (or PRISM!) already have a full copy of my customers data with personal details. Assuming the data is already readable, how protect the personal details?

Before the current scandal about PRISM, I was thinking in how protect some specific fields of my customers database (like name, email, password, etc.). The default, is have a secure server with the keys to encrypt the passwords and that. But now, how do the reverse?

I store the data in iOS with sqlite. There, the data will be readable (i.e.: In this scenario, the client is assumed to have full access and be "trusted" but the server not. so is Client-Side encryption?).

I want to have Name= John Doe in the client and Name=***** in the server. The server can't decode it. Only the customers devices.

The customers could have several devices that access the same data. Encrypt all the data in the server is not feasible (because performance and other business logic stuff<-mainly this) plus a big part of the data is numeric, non-personal anyway.

I understand is necessary to compromise here. Have a reasonable easy for the end-user to use it and increase the data protection as much as possible (I know that access to the client device will provide access to the data, but, I'm thinking in avoid the headline of "Popular service X was hacked, millions of password on bad hands!", not against a attack to a single customer.

Answer 1

If you want the server to not have the data, you have to make it such that the server never gets the data. The client needs to do the encryption, using key material which only exists on that client. (e.g. if the key is sent to the server then this provides no protection)

If you want multiple devices to be able to access the data, then you need to base the key you use for encryption on something the customer knows and can tell the device, such as a password or pass code. Basing it on device identifiers or something like that obviously won't work if you want multiple devices to be able to access the data.

Cryptography is "mechanical leverage" -- it lets you protect a large secret (the cleartext) using a small secret (the key).

As for performance, I'd be HUGELY surprised if encryption and decryption made more than a couple of percent difference in server performance, especially on platforms supporting AES-NI.

(Of course, if the attacker already has the data, they have the data. There's nothing you can do after the fact)