Product

Space and Time In-Database Encryption

Product announcement.

Henry Daly

Director of Platform Engineering

Shanthi Boppana

Co-Founder and CTO, Sotero

What it is and why we built it

Encryption is a vital component of any security solution, whereby data is scrambled to prevent unauthorized access. Web3 has historically been open-everything: all data is publicly viewable and there are no secrets, but there is at least some level of anonymity. As Web3 expands to new use cases, it will inevitably need to be able to support the storage, operation, and retrieval of sensitive data—data that should not be publicly accessible. As a decentralized data warehouse, Space and Time sits right in the middle of two important types of data: open-source, publicly-viewable blockchain data and customer-specific private data. To support the latter, we've developed a novel solution to a traditional problem: in-database encryption.

How it works

Traditional databases only support encryption on disk. In this scenario, the data is encrypted while in "cold" storage (i.e. on disk). As soon as a user makes a request for the data by running a query, the encrypted data is brought into memory and decrypted prior to query execution. There are a few security considerations here. First off, if the data can be decrypted on the machine, some decryption key must be present on the machine as well, which means a hacker could potentially just decrypt the data themselves directly from what's stored on disk. In addition, if the data is in memory and decrypted, there are many avenues of attack for a hacker to steal the data.

In-DB encryption is quite distinct from encryption on disk. In this scenario, data is encrypted prior to entering the cluster, remains encrypted for its lifetime residing on the cluster, and is still encrypted when it leaves the cluster. Thus, unlike encryption on disk, an attacker's avenues to steal data are drastically reduced—there are no decryption keys on the cluster, and the data is never even decrypted in memory. It is not simple to support this, as traditional SQL operations (e.g. joining two tables via a shared column value, filtering a query result by some numeric or string comparison, etc.) typically needs the data to be decrypted to ensure the operations still function correctly.

SxT has partnered with Sotero to provide a novel solution to a critical Web3 problem. Through this partnership, data remains encrypted while in use (i.e. queried/inserted), so the data warehouse cluster can respond to a query request without ever knowing the actual values of the encrypted data.

What it enables

The SxT decentralized authorization solution will prevent unauthorized access by platform users to customer data. However, the node operators who host the data on their clusters could potentially bypass this authorization given that they have physical access to the machines themselves. Thus, we needed a method to prevent access of highly sensitive data even from these node operators. Through the use of our in-DB encryption, customers can rest assured that their data will be encrypted end-to-end, from the moment it leaves their client machine all the way to when it's returned to the client machine. And all of this can be provided without limiting important SQL functionality.

Henry Daly

Director of Platform Engineering

Henry Daly is an autonomous architect with a demonstrated history in designing and implementing scalable, high-performance systems. As Director of Platform Engineering, he oversees the design and development of Space and Time's platform and services. Prior to Space and Time, Henry served as a software project manager, team lead, and technical lead for global enterprises across the logistics, civil engineering, and defense industries.

Shanthi Boppana

Co-Founder and CTO, Sotero

Shanthi Boppana is Sotero’s Co-founder and CTO, overseeing the company’s technology development.Shanthi has held several senior technology positions throughout her career built innovative analytical solutions on a broad range of modern platforms. Before Co-founding Sotero she worked as Vice President of Big Data and Analytics at Infogroup where she was responsible for modernizing legacy platforms and re-architecting applications to leverage Cloud Computing.Previously, Shanthi worked at a startup Syncra Systems where she architected the Value Chain Collaboration Platform which was acquired by Oracle in 2005. Shanthi also led the mobile advertising and data analytics platform at Nokia. She earned an M.S degree in Engineering Science from LSU.