jberling
Pseudonymization by storing PII in a long-living process
I’m pondering about a new business idea involving sensitive data. It will use an authentication service, and I would like to pseudonymize all PII. The authentication service will provide me with a person’s name and other PII that I will use for presentational purposes.
I got this idea, probably a stupid one, but I am still curious about your thoughts. I’m new to Elixir and OTP, and want to explore what you can do with it.
I read about someone who claimed you can avoid using databases in Erlang and use processes that hold their data instead. What if I saved all the PII from the authentication service in a process? I could map a person’s PII to a UUID, and the UUID could be used in conjunction with the rest of the data in my database.
Is this realistic? Is anyone doing something similar? I guess it would involve hot-swapping and fault tolerance involving several processes. It sounds like a big (fun) challenge.
Most Liked
hubertlepicki
you can do that but I am not sure why would you. You’re going to have to save that PII somewhere I assume anyway. Separate database if you’re thinking about separation of that data will do just fine.
If you’re thinking about storing it only in memory that’s asking for trouble. Power will go out. Cloud network will mess up. Cluster will decide to update. Hardware will fail. You’re going to get the PII erased entirely if you only keep it in RAM, this will simply happen no matter how much you’ll try.
hubertlepicki
If you do want to hide PII from yourself, I’d do it in two steps:
-
verify that you really want to do it, and that it indeeds brings you some legal benefit rather than risk. NOT knowing your customers can be a liability and usually is too, even under regimes like GDPR.
-
encrypt the data on the database/Ecto layer. It’ll get encrypted whenever you write it, decrypted when you fetch it. I know people do that on per-customer basis, with encryption keys unique for customer, and this is doable. I don’t do it like that, but in some projects use Google KMS + Ecto type to encrypt/decrypt data at rest.
hubertlepicki
No, although it’s a tempting one, but I would call it an antipattern. Much can be said, but OTP primitives and processes in princple are there to model the runtime of your application. Not the data.
If you want to hold data in memory, in most cases you’re better off using something like ETS rather than processes.
D4no0
The question is what kind of attacks you are expecting? If your attacker has full control over the machine(or VM), there is nothing that can stop them from dumping RAM contents and eventually decoding it, even if it’s encrypted at application level.
In the IOT world this is one of the first problems you have to deal with. The reason being is that bad actors can get hold of your hardware and you want to make sure that they cannot dump the firmware, or at least the most critical part of data on the storage, the keys used to authenticate and fetch firmware updates.
If this is interesting for you, you can read a great article made by Nerves team on how to secure storage that doesn’t feature security setting by default by adding additional hardware: NervesKey for Raspberry Pi | NervesHub
Industrial servers provide such capabilities without needing additional hardware, so if you plan on keeping the data in a secure environment you will need your own hardware, using cloud providers and especially their machines will never give you any security guarantees, no matter what you do at application level.
jberling
I don’t know exactly what kind of attacks I’m expecting.
I’m in an early stage. I need to level up my security thinking. For now, I’m focusing on ways to keep PII from the rest of the data, which I learned recently is called pseudonymization.







