17

I am working on a desktop app that will use Lucerne as search engine. The app will be installed on the user's machine and the index will be stored on the local hard disk.

The data is potentially confidential so I would like to protect the index from unauthorized access. The data needs to be secure even when the user's machine gets stolen.

2 approaches I have come up with so far:

  • Use Windows NTFS encryption. Should be secure unless the unauthorized person knows how log in as the user that created the index.
  • Use TrueCrypt. This should be very safe but it requires the installation of TrueCrypt and administrative rights to install the encrypted drive.

The application will be distributed to many users so I would like to keep the installation as simple as possible.

Does anybody have experience with this scenario? Right now I think the easiest approach would be NTFS encryption. What do you think?

Thanks!

skaffman
  • 398,947
  • 96
  • 818
  • 769
user46703
  • 351
  • 4
  • 9

4 Answers4

9

Check out the source code of FSDirectory. All the disk IO of lucene passes through this class. You could place your encryption/decryption code in this class and distribute this custom binary of lucene.

If you are using symmetric encryption, you probably will embed your key in this code. That could be vulnerable to decompilation.

With custom FSDirectory, you may ward off most of the curious people who would open this index with Luke. But, you may have to think through everything to make it unbreakable for the really determined folks.

Shashikant Kore
  • 4,952
  • 3
  • 31
  • 40
  • 1
    Where I agree that technically yes you could write your own encrypted version of FSDirectory, in reality doing secure encryption is hard and there is a good chance that unless you really know what you are doing you will do something which makes it insecure. – Justin Apr 20 '10 at 08:26
  • 1
    Definitely don't "homebrew" your encryption. Just don't. As a minimum, use JCA/JCE. That's still fiddly, so you probably want to use a library like Jasypt (http://www.jasypt.org/) or (my personal favourite) Cryptolite (https://github.com/workdocx/Cryptolite) – David Carboni Dec 10 '12 at 14:37
  • Hmm sorry, this is lucene.net – David Carboni Dec 10 '12 at 14:46
3

Maybe this helps: https://issues.apache.org/jira/browse/LUCENE-2228 . I'm not sure about the status however

Rob Audenaerde
  • 19,195
  • 10
  • 76
  • 121
2
  1. extend FSDirectory and use symmetric (AES) encryption for all file operations.
  2. use key based on salt-ed hash of user password so you don't have to distribute key with the code.
mikhailgarber
  • 536
  • 4
  • 4
0

If you encrypt the index store, I'm not sure how you would be searching it later, you might want to use something like symmetric searchable encryption and asymmetric searchable encryption techniques , which would guarantee you search operations on even a remote disk without actually decrypting it.

lmcanavals
  • 2,339
  • 1
  • 24
  • 35
sashank
  • 1,531
  • 2
  • 13
  • 26