Protecting Your Data with Coretex Encryption

Coretex encryption supports User-owned AI through multiple layers of end-to-end encryption which guarantees that no one except the user can read that data - not even those with access to Coretex servers. This is achieved by using multiple durable encryption techniques and state-of-the-art algorithms for encryption.

To fully show the power of User-owned AI on Coretex, we will go through multiple steps to ensure that everything is safely encrypted:

‍

Setting Up the Master Key

Setting up the Master key is as simple as entering a secret (similar to a password) which is used to initialize the Master key. The first time you enter a Master key, a private and a public part of the key will be initialized. The public part of the key will be submitted to Coretex to perform the validation to ensure that the next time you enter your Master key, it is correctly entered. The private part of the key is kept fully secure and never leaves the user's PC. You can verify that the private part of the Master key never leaves the user's PC by inspecting the outgoing network traffic of the browser. For more details, refer to Coretex Encryption Documentation.

‍

‍

Creating an Encrypted Project

Now that you've successfully initialized your Master Key, you can move onto creating an encrypted Project. Creating an encrypted Project is just a matter of pressing the "Encrypted" toggle during the Project creation. If your Master key was initialized, that's it; you'll be able to create your first encrypted project. It is not possible to create an encrypted Project if you do not have a Master key initialized.

‍

‍

Using Coretex Secrets for Sensitive Data

Sometimes running some Workflows requires providing sensitive data as parameters (e.g., database credentials, AWS S3 access token, etc.). Coretex provides a way of storing this data securely by encrypting it using your Master key, yet allowing the usage of this data through Workflow parameters. To create a Coretex Secret, press on your user icon in the top right corner of Coretex and select "Secrets" in the popup that appears. This will take you to the Coretex Secrets page, from which the Secrets can be created and previewed.

‍

Authorizing Nodes to Access Encrypted Data

Since the user is the only one with knowledge of the decryption key used to decrypt encrypted data, a question arises on how you can execute Workflows inside an encrypted Project without making your encryption key known to Coretex. There are two components to authorizing Node:

‍

• Node can also have its own Master key set
• If a Node has a Master key set, then a key used to encrypt and decrypt Project data can be shared between the Node and the user - this is known as Node Authorization on Coretex.

‍

Node's Master key can be set during Node configuration. If you want to authorize a Node to access your Project (or any other Coretex Secret), all you have to do is open that Node on Coretex and press the "Authorize Node" button. This will open a prompt asking you which Secret should be shared with the Node. Only trusted Nodes should be authorized to access encrypted data.

‍

‍

Verifying Your Master Key Setup

The Master key is used for encryption of everything on Coretex. The user generates a Master key by entering a secret (password) which is used as a seed to derive an RSA key-pair. The RSA key length currently supported by Coretex is 2048 bits. If it is the first time the key-pair gets generated, then the public key gets uploaded to the Coretex server, along with a randomly generated value that is signed by the user's private key. That signature is used to verify that the correct key-pair is generated the next time the user enters their secret. To make sure that the private key cannot be reverse-engineered based on the signature, PKCS#1v15 padding is used.

‍

Ensuring Secure Data Storage in Coretex

Coretex is built as a Project-centric platform, meaning that everything that gets uploaded is stored inside a Project. If you want to encrypt everything before uploading it to Coretex, all you need to do is enable encryption when creating a Project. Project data is encrypted using AES with a key length of 256 bits. The AES key is randomly generated when creating an encrypted Project and it is stored in Coretex Secrets encrypted using the user's public key. AES is used in CBC (Cipher Block Chaining) mode, meaning that a random IV (Initialization Vector) is generated for every single encryption operation to make the resulting ciphertext fully random even if the same data was encrypted multiple times.

‍

Collaborating on Encrypted Projects

Collaborating on an encrypted Project is as simple as collaborating on a standard Project. When adding a member to an encrypted Project, the key for encrypting that Project needs to be shared with the teammate as well. This is done automatically by leveraging the asymmetric encryption key exchange. The Coretex Secret, which contains the key for encrypting Projects, is retrieved and decrypted using the user's private key. The public key of the teammate with whom the Project is being shared is retrieved as well, and that key is used to encrypt the Project encryption key and submit that as the Coretex Secret of the teammate. If a user with whom the Project is being shared did not initialize their Master key at least once, you will not be able to add them as a member to an encrypted Project.

‍

Coretex Encryption Protocols Under the Hood

All of the encryption code is publicly available inside the Coretex Python library. You can check out the cryptography module for more details regarding the implementation. Encryption protocol on Coretex supports User-owned AI through multiple layers of end-to-end encryption. For more information, refer to the Coretex Encryption Protocols Documentation.

‍

Conclusion

In conclusion, Coretex ensures that all your data is safely encrypted and remains under your control. By using state-of-the-art algorithms and multiple durable encryption techniques, Coretex provides a secure environment for managing your projects and sensitive data. Setting up the Master key, creating encrypted Projects, using Coretex Secrets, and authorizing Nodes are all crucial steps to maintain the integrity and confidentiality of your information.

‍

‍

‍

Frequently Asked Questions About Coretex Encryption

What is User-Owned AI?

User-owned AI refers to the concept where only the user has access to their data, ensuring that no one else, including those with access to Coretex servers, can read it.

‍

How Secure is the Master Key?

The Master key is extremely secure, as it is generated by the user and involves both a private and a public part. The private part never leaves the user's PC, ensuring that it cannot be accessed by others.

‍

Can I Create an Encrypted Project without Master Key?

No, it is not possible to create an encrypted Project without first initializing a Master key. The Master key is essential for encrypting and decrypting data within the project.

‍

What types of secrets can be stored in Coretex Secrets?

Coretex Secrets can store various types of sensitive data, including credentials (e.g., database accounts), AWS tokens, and Git access tokens. This data is securely encrypted using the user's Master key.

‍

How do I Authorize a Node?

To authorize a Node, you need to ensure that the Node has its own Master key set. Then, you can authorize it by sharing the project encryption key with the Node through a key exchange process using RSA keys. Only trusted Nodes should be authorized to access sensitive data.

‍

Coretex is an intuitive AI Development solution for simplifying dataset management, experiment tracking, and scalable model serving and monitoring. To learn more and start experimenting, join our official Discord channel or take a look at our MLOps features.