How to secure/encrypt a Lucene index?

Question

I am working on a desktop app that will use Lucerne as search engine. The app will be installed on the user's machine and the index will be stored on the local hard disk.

The data is potentially confidential so I would like to protect the index from unauthorized access. The data needs to be secure even when the user's machine gets stolen.

2 approaches I have come up with so far:

• Use Windows NTFS encryption. Should be secure unless the unauthorized person knows how log in as the user that created the index.
• Use TrueCrypt. This should be very safe but it requires the installation of TrueCrypt and administrative rights to install the encrypted drive.

The application will be distributed to many users so I would like to keep the installation as simple as possible.

Does anybody have experience with this scenario? Right now I think the easiest approach would be NTFS encryption. What do you think?

Thanks!

Answer 1

Check out the source code of FSDirectory. All the disk IO of lucene passes through this class. You could place your encryption/decryption code in this class and distribute this custom binary of lucene.

If you are using symmetric encryption, you probably will embed your key in this code. That could be vulnerable to decompilation.

With custom FSDirectory, you may ward off most of the curious people who would open this index with Luke. But, you may have to think through everything to make it unbreakable for the really determined folks.

Answer 2

Maybe this helps: https://issues.apache.org/jira/browse/LUCENE-2228 . I'm not sure about the status however

Answer 3

1. extend FSDirectory and use symmetric (AES) encryption for all file operations.
2. use key based on salt-ed hash of user password so you don't have to distribute key with the code.