jberling

jberling

Pseudonymization by storing PII in a long-living process

I’m pondering about a new business idea involving sensitive data. It will use an authentication service, and I would like to pseudonymize all PII. The authentication service will provide me with a person’s name and other PII that I will use for presentational purposes.

I got this idea, probably a stupid one, but I am still curious about your thoughts. I’m new to Elixir and OTP, and want to explore what you can do with it.

I read about someone who claimed you can avoid using databases in Erlang and use processes that hold their data instead. What if I saved all the PII from the authentication service in a process? I could map a person’s PII to a UUID, and the UUID could be used in conjunction with the rest of the data in my database.

Is this realistic? Is anyone doing something similar? I guess it would involve hot-swapping and fault tolerance involving several processes. It sounds like a big (fun) challenge.

Most Liked

hubertlepicki

hubertlepicki

you can do that but I am not sure why would you. You’re going to have to save that PII somewhere I assume anyway. Separate database if you’re thinking about separation of that data will do just fine.

If you’re thinking about storing it only in memory that’s asking for trouble. Power will go out. Cloud network will mess up. Cluster will decide to update. Hardware will fail. You’re going to get the PII erased entirely if you only keep it in RAM, this will simply happen no matter how much you’ll try.

hubertlepicki

hubertlepicki

If you do want to hide PII from yourself, I’d do it in two steps:

  1. verify that you really want to do it, and that it indeeds brings you some legal benefit rather than risk. NOT knowing your customers can be a liability and usually is too, even under regimes like GDPR.

  2. encrypt the data on the database/Ecto layer. It’ll get encrypted whenever you write it, decrypted when you fetch it. I know people do that on per-customer basis, with encryption keys unique for customer, and this is doable. I don’t do it like that, but in some projects use Google KMS + Ecto type to encrypt/decrypt data at rest.

hubertlepicki

hubertlepicki

No, although it’s a tempting one, but I would call it an antipattern. Much can be said, but OTP primitives and processes in princple are there to model the runtime of your application. Not the data.

If you want to hold data in memory, in most cases you’re better off using something like ETS rather than processes.

D4no0

D4no0

The question is what kind of attacks you are expecting? If your attacker has full control over the machine(or VM), there is nothing that can stop them from dumping RAM contents and eventually decoding it, even if it’s encrypted at application level.

In the IOT world this is one of the first problems you have to deal with. The reason being is that bad actors can get hold of your hardware and you want to make sure that they cannot dump the firmware, or at least the most critical part of data on the storage, the keys used to authenticate and fetch firmware updates.

If this is interesting for you, you can read a great article made by Nerves team on how to secure storage that doesn’t feature security setting by default by adding additional hardware: NervesKey for Raspberry Pi | NervesHub

Industrial servers provide such capabilities without needing additional hardware, so if you plan on keeping the data in a secure environment you will need your own hardware, using cloud providers and especially their machines will never give you any security guarantees, no matter what you do at application level.

jberling

jberling

I don’t know exactly what kind of attacks I’m expecting.

I’m in an early stage. I need to level up my security thinking. For now, I’m focusing on ways to keep PII from the rest of the data, which I learned recently is called pseudonymization.

Where Next?

Popular in Questions Top

dotdotdotPaul
Okay, I'm having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I'm sure I'...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
lk-geimfari
What is most correct way to open, read and parse JSON file with poison? For example if we have example.json file in root of some projec...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
vac
Hi, I'm quite new in Elixir and I'm trying to format a string to a PEM format. I have the certificate value like MIIDBTCCAe2...... and ...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New

Other popular topics Top

JDanielMartinez
Hi! May someone helps me, please! I have two apps into an umbrella project: the first one is Database, which manages queries, and the se...
New
axelson
This post is a wiki (feel free to hit the edit button near the bottom right of this post to add your own changes!) This post collects co...
239 45766 226
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
_russellb
I want to try my hand at web scraping. What tools/libraries do I need to use. I’m hoping to turn this into something professional so don’...
New
lk-geimfari
What is most correct way to open, read and parse JSON file with poison? For example if we have example.json file in root of some projec...
New
mgjohns61585
Could someone help me? I'm making my first elixir program, number guessing game. I can't figure out how to convert the user's guess from ...
New
aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
chrisalley
ExUnit now has describe blocks which is a welcome addition coming from RSpec. In the docs, it states that nested hierarchies of describe ...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
AstonJ
by Lance Halvorsen Elixir and Phoenix are generating tremendous excitement as an unbeatable platform for building modern web application...
460 27162 124
New

We're in Beta

About us Mission Statement