Click here to Skip to main content
15,900,589 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
For context, we are working in a SaaS product for clients (even from different companies in the future) to use it as a tool to integrate different AI services (custom and proprietaries) in a secured and controlled manner.
Among many more, we have this specific use case, where a knowledge worker would leverage a given AI model’s capabilities to get an optimized output based on some interactions this user has had with the model. This output could then be saved to be shared or reused down the line.
Regarding our product’s general architecture, we have a React frontend client, a gateway for the API, a set of Lambdas associated to different endpoints and a group of DynamoDB tables for different entities we have currently.
In the end, we want part of the information the user is handling, for instance the content from the AI’s model output, and some other sensitive information to be encrypted and only be read, managed or transformed by the intended recipient.
As an important caveat and dealbreaker, we have a searching feature in the app whose business logic interacts with the databases to retrieve the results that were previously persisted according to specific matches (keywords).
Let’s say we want some sensitive properties, in one of our data structures, to be encrypted but at the same time it’s key that information is still searchable by the right recipient and here lies the origin of our research.
We have been delving into the AWS Encryption SDK documentation which I guess, correct me if I’m wrong, is a general-purpose encryption solution but, in the other side, I have come across this feature (Searchable encryption) in the AWS Database Encryption SDK which is a different library altogether and both SDK’s cannot interoperate with each other due to different encryption outcomes, right?
Sorry if it’s still not clear enough but according to the above and your experience, which solution would you think should be more suitable for us? or in general, where should I keep delving into more to avoid as much as possible going back and forth among different solutions, documentation, etc?

What I have tried:

From now, we are just researching the best solution for us.
Posted

As you have deduced, the database encryption SDK applies at the database itself. If you were looking to apply searching through OpenSearch or ElasticSearch, you wouldn't be able to search these fields there. If you're searching on the DynamoDB instance, then you could search in the encrypted fields.
 
Share this answer
 
Quote:
Let’s say we want some sensitive properties, in one of our data structures, to be encrypted but at the same time it’s key that information is still searchable by the right recipient and here lies the origin of our research.

As far as I know, your data is encrypted or searcheable, but not both.
The only solution would be to use a dummy encryption like ROT13.
Rot13 is extremly weak.
ROT13 - Wikipedia[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900