Enabling Message Level Protection at Uber

Explore message-level protection strategies implemented at Uber in this 54-minute OWASP Foundation conference talk. Dive into field-level encryption, impacts on data security, and various approaches including volume/disk encryption, database encryption (TDE and column-level), and application-level encryption (server-side and client-side). Learn about envelope encryption, config-driven implementations, and technical specifications. Understand the dataflow, encryption locations, and crypto interfaces for crypter, hasher, and signer operations. Discover how to handle ciphertext schemas, language-specific devices, and support legacy flows. Gain insights into developer evangelism and techniques for searching over encrypted data to enhance your organization's data protection measures.

Syllabus

Intro
what are we trying to do?
example
requirements
Uber Service Graph
field-level encryption
impacts of encrypting data
approaches
volume/disk encryption
database (TDE)
database (column-level)
application ("server-side")
application ("client-side")
envelope encryption
config driven
tech specs
dataflow
where (and how) to encrypt?
crypto interfaces (crypter)
crypto interfaces (hasher)
crypto interfaces (options)
crypto interfaces (crypter, hasher)
ciphertext schema
language-specific devices
developer evangelism
supporting legacy flows
signer interface
search over encrypted data