Encrypted Search does not weaken the strength of Virtru’s symmetric encryption or give Virtru access to unencrypted content. It is an extra step added on top of the AES-256 symmetric encryption used to encrypt the message as a whole.
At a high level, the output of Virtru’s Encrypted Search has stronger security properties than Tokenization, so, if Tokenization is appropriate for use in your context, then Virtru’s Encrypted Search likely is, too. However, like tokenization, enabling Encrypted Search may allow a third party to infer relationships between messages.
For setup of up searchable content, Virtru will authorize only specific users to obtain search keys. These are keys that enable your users to both create and search content. Loss of these keys must be protected against, as loss of these keys may result in other users interrogating encrypted content determining whether an encrypted object is likely to contain a particular keyword. This process would NOT reveal the word’s position in the content, and it is NOT guaranteed that the word actually appears, since the algorithm has a built-in false positive to mitigate this kind of attack.
On query, cloud providers or other adversaries may associate each search token to all documents that match the token. Whenever a user searches for the same keywords, an adversary can infer the frequency of the search. When searching for both plaintext and encrypted content in the same session, it can imply an association between the encrypted tokens and the plaintext words.
If you are a single-user Virtru account owner or the admin for your organization, you can enable Encrypted Search by going to the ‘Features’ tab on the left side of your Virtru dashboard and clicking the ‘Enable’ button next to ‘Encrypted Search.’
NOTE: Virtru account admins must toggle on ‘Organization Admin Mode’ in the top left of their dashboards.
If you’re not the owner of your Virtru account, contact your organization’s admin to enable Encrypted Search, or reach out to us to set up your own account.