Searchable encryption solution


Hi everyone! Hopefully I can get an insight from anyone here.

To provide a little of context and background, we are currently developing a SaaS product for prospective clients (even from different companies in the future) to use it as a tool to integrate different AI services (custom and proprietaries) in a secured and controlled manner.

Among many more, we have this specific use case, where a knowledge worker would leverage a given AI model’s capabilities to get an optimized output based on some interactions this user has had with the model. This output could then be saved to be shared or reused down the line.

Regarding our product’s general architecture, we have a React frontend client, a gateway for the API, a set of Lambdas associated to different endpoints and a group of DynamoDB tables for different entities we have currently. In the end, we want part of the information the user is handling, for instance the content from the AI’s model output, and some other sensitive information to be encrypted and only be read, managed or transformed by the intended recipient.

As an important caveat and dealbreaker, we have a searching feature in the app whose business logic interacts with the databases to retrieve the results that were previously persisted according to specific matches (keywords). Let’s say we want some sensitive properties, in one of our data structures, to be encrypted but at the same time it’s key that information is still searchable by the right recipient and here lies the origin of our research.

We have been delving into the AWS Encryption SDK documentation which I guess, correct me if I’m wrong, is a general-purpose encryption solution but, in the other side, I have come across this feature (Searchable encryption) in the AWS Database Encryption SDK which is a different library altogether and both SDK’s cannot interoperate with each other due to different encryption outcomes, right?

Sorry if it’s not clear enough but according to the above and your experience, which solution would you think should be more suitable for us? or in general, where should I keep delving into more to avoid as much as possible going back and forth among different solutions, documentation, etc?

  • You have an interesting use case! Do you have a dedicated AWS account rep who work with your organization? If so, I suggest reaching out to your rep for deeper dive.

1 Answer

For your needs, where you must encrypt sensitive information while enabling searching, you'll require a solution that supports searchable encryption. While the AWS Encryption SDK is a versatile encryption tool, it may not directly fulfill your specific requirement for searchable encryption. Conversely, the AWS Database Encryption SDK, which you've identified, does offer searchable encryption capabilities but is more tailored to database encryption.

The primary distinction between the AWS Encryption SDK and the AWS Database Encryption SDK lies in their focus and intended use cases:

  1. AWS Encryption SDK:

    • Focus: A general-purpose client-side encryption library.
    • Use Case: Encrypting and decrypting data in various scenarios, such as before storing data in AWS services like S3, DynamoDB, or RDS, or before transmitting data over the network.
    • Key Features: Manages key management, encryption, and decryption, simplifying the implementation of encryption in applications.
  2. AWS Database Encryption SDK:

    • Focus: Specifically designed for encrypting data at rest in databases.
    • Use Case: Encrypting and decrypting data stored in databases, such as DynamoDB, to protect it from unauthorized access.
    • Key Features: Offers functionalities for encrypting and decrypting data in databases, ensuring data remains encrypted even if the underlying storage is compromised.
profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions