You are on page 1of 9

1.

Introduction
Most security initiatives are defensive strategies aimed at protecting the perimeter of the network. But these efforts may ignore a crucial vulnerability. Sensitive data stored on networked servers are at risk from attackers who only need to find one way inside the network to access this confidential information. Additionally, perimeter defenses like firewalls cannot protect stored sensitive data from the internal threat employees with the means to access and exploit this data. Theft of sensitive private data is a significant problem . Database management systems (DBMSs) are an especially appealing target for attackers, because they often contain large amounts of private information. When individual users or enterprises store their sensitive data in a DBMS today, they must trust that the server hardware and software are not e are not subject to compromise, that the data center itself is physically protected, and assume that the system and database administrators (DBAs) are trustworthy. Otherwise, an adversary who gains access to any of these avenues of attack can compromise the entire database, as has been documented in a number of published reports of data thefts (and presumably there are more compromises that have not been publicized)(Raluca). Encryption can provide strong security for data at rest, but developing a database encryption strategy must take many factors into consideration. For example, where should be performed the encryption, in the storage layer, in the database or in the application where the data has been produced? How much data should be encrypted to provide adequate security? What should be the encryption algorithm and mode of operation? Who should have access to the encryption keys? How to minimize the impact of database encryption on performance?

Page 1

2. What is encryption?
(From Microsoft) Encryption is a way to enhance the security of a message, data or file by scrambling the contents so that it can be read only by someone who has the right encryption key to unscramble it. And Dorothy E. Denning (1982) A cipher is a secret method of writing, whereby plaintext (or clear text) is transformed into cipher text (sometimes called a cryptogram). The process of transforming plaintext into cipher text is called encipherment or encryption; the reverse process of transforming cipher text into plaintext is called decipherment or decryption. For example, if you purchase something from a website, the information for the transaction (such as your address, phone number, and credit card number) is usually encrypted to help keep it safe. Use encryption when you want a strong level of protection for your information.

Figure (1) How Encryption works.

2.1 Types of encryption methods


There are three basic encryption methods: hashing, symmetric cryptography, and asymmetric cryptography. Each of these encryption methods has their own uses, advantages, and disadvantages. All three of these encryption methods use cryptography, or the science of scrambling data. The first encryption method, called Hashing, creates a unique fixed length signature of a group of data. Hashes are created with an algorithm, or hash function, and are used to compare sets of data. Since a hash is unique to a specific message, any changes to that message would result in a different hash, thereby alerting a user to potential tampering.
Page 2

A key difference between a hash and the other two encryption methods is that once the data is encrypted, the process cannot be reversed or deciphered. This means that even if a potential attacker were able to obtain a hash, he would not be able to use a decryption method to discover the contents of the original message. Some common hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA). The second encryption method is Symmetric cryptography, which is also called privatekey cryptography, The term "private key" comes from the fact that the key used to encrypt and decrypt data must remain secure because anyone with access to it can read the coded messages. This encryption method can be categorized as either a stream cipher or a block cipher, depending upon the amount of data being encrypted or decrypted at a time. A stream cipher encrypts data one character at a time while a block cipher processes fixed chunks of data. Common symmetric encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), and Blowfish.

Figure (2) Symmetric encryption

Asymmetric or public key cryptography is the last encryption method. This type of cryptography uses two keys, a private key and a public key, to perform encryption and decryption. The use of two keys overcomes a major weakness in symmetric key
Page 3

cryptography in that a single key does not need to be securely managed among multiple users. In asymmetric cryptography, a public key is freely available to everyone while the private key remains with receiver of cipher text to decrypt messages. Algorithms that use public key cryptography include RSA and Diffie-Hellman.

Figure (3) Asymmetric encryption

3. Database encryption
Database encryption refers to the use of encryption techniques to transform a plain text database into a (partially) encrypted database, thus making it unreadable to anyone except those who possess the knowledge of the encryption key(s). Database security encompasses three main properties: confidentiality, integrity and availability. The confidentiality property enforces predefined restrictions while accessing the protected data, thus preventing disclosure to unauthorized persons. The integrity property guarantees that the data cannot be corrupted in an invisible way. And, the availability property ensures timely and reliable access to the database. To preserve the data confidentiality, enforcing access control policies defined on the database management system (DBMS) is a prevailing method. An access control policy, that
Page 4

is to put a set of authorizations, can take different forms. Whatever the access control model, the authorizations enforced by the database server can be bypassed in a number of ways. For example, an intruder can infiltrate the information system and try to access the database on disk. Another source of threats comes from the fact that many databases are today outsourced to Database Service Providers (DSP). Then, data owners have no other choice than trusting DSPs arguing that their systems are fully secured and their employees are beyond any suspicion, an assumption frequently denied by facts . Another way, a database administrator (DBA) has enough privileges to tamper the access control definition and to spy on the DBMS behavior.

3.1 Encryption in SQL Server 2008


In earlier SQL Server versions, you have to create your own user-defined functions to encrypt the data or use external DLLs to encrypt the data. In SQL Server 2005 and above, these functions and methods are available by default. The most powerful encryption feature In SQL Server 2008 is the Transparent Data Encryption (TDE) which is designed to provide protection for the entire database at rest without affecting existing applications. Implementing encryption in a database traditionally involves complicated application changes such as modifying table schemas, removing functionality, and significant performance degradations. TDE solves these problems by simply encrypting everything. Thus, all data types, keys, indexes, and so on can be used to their full potential without sacrificing security or leaking information on the disk.

3.1.1 Cryptographic Key Hierarchy


At the root of encryption tree is the Windows Data Protection API (DPAPI), which secures the key hierarchy at the machine level and is used to protect the service master key (SMK) for the database server instance. The SMK protects the database master key (DMK), which is stored at the user database level and which in turn protects certificates and asymmetric keys. These in turn protect symmetric keys, which protect the data. TDE uses a similar hierarchy down to the certificate. The primary difference is that when you use TDE,
Page 5

the DMK and certificate must be stored in the master database rather than in the user database. A new key, used only for TDE and referred to as the database encryption key (DEK), is created and stored in the user database.

Figure (4) TDE architecture To use TDE, follow these steps. Create a master key Create or obtain a certificate protected by the master key Create a database encryption key and protect it by the certificate
Page 6

Set the database to use encryption

The following example illustrates encrypting the dreamHome database using a certificate installed on the server named MyServerCert.
USE master; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPasswordHere>'; go CREATE CERTIFICATE MyServerCert WITH SUBJECT = 'My DEK Certificate' go USE DreamHome GO CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE MyServerCert GO ALTER DATABASE DreamHome SET ENCRYPTION ON GO

4. Five worst practices in Database encryption


Database encryption can add a valuable layer of security to critical data stores, but only if the encryption is done well. Following are the five most common encryption worst practices that security experts see organizations engage in today 1- Storing Keys In The Wrong Place If youre encrypting sensitive data in your database, then one of the worst practices is to store either the key used to encrypt the data or the authentication credentials that are used to get that key in the same database as the encrypted data. 2- Failing To Centralize Key Management Organizations should endeavor to centralize key management as much as possible in order to know what the organization has in its inventory, where keys are located, and how they're protected. 3- Depending On Home-Made Solutions Unless your staff consists of cryptographic experts with years of experience, building home-brew encryption or key management systems is just setting your organization up for disaster.

Page 7

4- Leaving Backups Unencrypted If you encrypt your databases but leave backups of that data unencrypted, then you're setting your organization up for a fall. 5- Using Out-of-Date Cryptographic Algorithms Some older systems continue to use algorithms that have been broken years ago," Wlasuk says. Organizations have to be mindful not only that they encrypt their databases, but that they encrypt with technology that leverages new algorithms.

5. Conclusion
The paper presented the database encryption and its types and the last techniques used in DBMS to ensure the best encryption, represented in the Transparent Data Encryption (TDE) in SQL Server 2008. TDE uses a mix of encryption algorithms to encrypt the data and encryption keys. The encryption process in TDE is divided into a number of layers; each layer encrypted by the above layer, starts with the user data encryption and ends up in server layer. Lastly, Encryption techniques, even though being good tool to protect your critical data, it does not provide a permanent protection due to changing of information criminals thinking and tools, so, no one can predict the time of the next strike to the database server. Hence, the database administrators should implement the best strategy to maintain the integrity of database and it's backups, and avoiding the well-known bad five database encryption practices to get out with the lowest possible loses.

Page 8

6. References
Dorothy E. Denning, Cryptography and Data Security, Purdue University, AddisonWesley Publishing, 1982. John Goodson and Robert A. Steward, The Data Access Handbook : Achieving Optimal Database Application Performance and Scalability, Pearson Education, Inc. 2009. Sung Hsueh, Database Encryption in SQL Server 2008 Enterprise Edition, http://msdn.microsoft.com/en-us/library/cc278098(v=sql.100).aspx#_Toc189384694 2008 ,

Understanding Transparent Data Encryption (TDE), http://msdn.microsoft.com/enus/library/bb934049(SQL.100).aspx

Five worst practices in Database encryption, http://www.darkreading.com/databaseecurity/167901020/security/news/231900083/five-worst-practices-in-databaseencryption.html

Page 9

You might also like