330 likes | 351 Views
Data Security - Encryption Strategies for Data at Rest. Protecting Enterprise DBMS Data. Presenter Background. Michael McGrattan - CISSP, PMP, OCP Director of Data Management Blue Oasis Technologies 12 years of Information Technology experience Data Management Information Security
E N D
Data Security - Encryption Strategies for Data at Rest Protecting Enterprise DBMS Data Blue Oasis Technologies, Inc 2005
Presenter Background • Michael McGrattan - CISSP, PMP, OCP • Director of Data Management • Blue Oasis Technologies • 12 years of Information Technology experience • Data Management • Information Security • Corporate Compliance • Currently working on Sarbanes-Oxley IT General Computer Control (Section 404) compliance with Fortune 500 company. Blue Oasis Technologies, Inc 2005
Presentation Overview • Electronic Data • Structured (predetermined data types and understood relationships - i.e. data stored and managed by a DBMS) • Unstructured (no conceptual definition and no data type definition – i.e. data stored in a document or email message) • Primary States • “Data at Rest” – persistent data residing on storage media • Desktops/Laptops • Email servers • File servers • Database Management Systems (DBMS) • “Data in Transit” – data moving across the network • Within the Data Center • Within the internal Corporate network • External to the Corporate network • What are we going to discuss today? • Encrypting structured “Data at Rest” in enterprise DBMS Blue Oasis Technologies, Inc 2005
PART 1 Database Encryption Architectures Blue Oasis Technologies, Inc 2005
Business Drivers • Current State, Federal, and Industry Legislation • California Senate Bill No. 1386 (SB1386) • Health Insurance Portability and Accountability Act (HIPAA) • Gramm-Leach-Bliley Act (GLBA) • Visa's Cardholder Information Security Program (CISP) • PCI Data Security Standard • Future Legislation • S.1350 – “Notification of Risk to Personal Data Act” • Corporate Policies • Defense in Depth Programs • Segregation of Duties Blue Oasis Technologies, Inc 2005
Primary Objectives • Ensure confidentiality of data • Minimize performance and operational impacts • Maximize application transparency Blue Oasis Technologies, Inc 2005
Breaches in Data Security • Hacking • DSW - Database breach – 1.4 million credit card transactions • CardSystems – Database breach – 40 million credit card customers • Cons and Scams • BofA - Insider information – 676,000 bank customers • ChoicePoint – Imposters – 145,000 financial accounts • Lack of Care • CitiFinancial - Lost parcel of tapes – 3.9 million customers • Stolen Hardware • UC Berkeley - Stolen laptop – 98,400 graduate students • Time Warner – Stolen backup tapes – 600,000 employees • MCI – Stolen laptop – 16,500 employees * Personally • Undergraduate College – disclosure of SSN and personal info • LexusNexus – disclosure of SSN and personal info Blue Oasis Technologies, Inc 2005
Encryption Architecture Overviews • Essential to categorize architectures • Clarifies market solutions • Different technical, operational, and procedural issues • Enforces understanding for all stake-holders • Categorization criteria for today’s discussion • “Initiation point of cryptography processing” • 3 Categories of Architectures • Application • Database (DBMS) • Operating System Blue Oasis Technologies, Inc 2005
Application Encryption Architectures Crypto API • “Initiation point” at application layer APP LAYER DB LAYER Crypto Services OS LAYER OS LAYER • Advantages • Addresses wide-range of confidentiality threats • Granular encryption control • Disadvantages • Not application transparent • Inability to support all “touch points” Blue Oasis Technologies, Inc 2005
Database Encryption Architectures ExtendedProcs • “Initiation point” at database layer APP LAYER DB LAYER Crypto Services OS LAYER OS LAYER • Advantages • Degree of application transparency • Centralization of encryption processing • Potential to support all “touch points” • Disadvantages • Performance impacts • Disparate DBMS support Blue Oasis Technologies, Inc 2005
OS Encryption Architectures • “Initiation point” at operating system layer APP LAYER DB LAYER I/O Sub-system Crypto Services OS LAYER OS LAYER • Advantages • Application transparent • Supports all “touch points” • Disadvantages • Reliance on the DBMS procedural controls to protect data • Limited “Segregation of Duties” options at database layer Blue Oasis Technologies, Inc 2005
Risk • Risk is a function of the likelihood of a given perpetrator(s) exercising a particular potential vulnerability and the resulting impact of that adverse event on the organization1 • “Likelihood” and “Impact” often difficult to quantify • Threats are always present, but vulnerabilities are flaws or weaknesses that make a threat more likely to be successful or have a significant impact • Minimally, qualitative analysis can be used to assess threats and associated vulnerabilities • Quantitative analysis more challenging in absence of relevant statistical data 1NIST Risk Management Guide for Information Technology Systems Blue Oasis Technologies, Inc 2005
DBMS Confidentiality Threats * Does not include potential threats once the data has left the management structure of the DBMS Blue Oasis Technologies, Inc 2005
Current Market Place • Two main categories of solutions • Encryption toolkits and API’s • Packaged Encryption Solutions • Players in the market place • DBMS Vendors • Commercial Application Vendors • Application Platforms • Security Vendors Blue Oasis Technologies, Inc 2005
Product Evaluation Criteria • Vendor Support - The compatibility of the vendor solution with the application, database, and operating system platforms and versions of enterprise computing environment. • Access Controls - The mechanisms and granularity of control the solution provides with respect to segregation of duties and existing access controls. • Key Management - The protocols and controls surrounding the storage, maintenance, and retrieval of encryption keys. • Management Console - The user interface for administering and managing the encryption solutions. • Cryptography - The compatibility of the solution’s cryptography standards with those defined by organization’s security policies. Blue Oasis Technologies, Inc 2005
Product Evaluation Criteria (cont.) • Remote Administration - The remote administration capabilities of the encryption solution. • Application Transparency - The aspects of the encryption architecture that would require the customization of existing applications and business processes to integrate with the solution. • Performance Impact - The performance impact of the encryption solution on application, database, and system resources. • Database Administration - The configuration, management, and operational impact of the encryption solution on the database administration teams. • Cost - The license, support, implementation, and maintenance costs associated to the encryption solution. Blue Oasis Technologies, Inc 2005
Application Centric Solutions • Eruces Tricryption Engine • www.eruces.com • Segregation of processing components • Extensible storage solution of encryption keys • nCipher • www.ncipher.com • Language agnostic XML interface for crypto processing • Segregated HSM • RSA BSafe • www.rsa.com • Well-respected security vendor • ClearTrust management interface Blue Oasis Technologies, Inc 2005
Database Centric Solutions • Application Security DBEncrypt • www.appsecinc.com • Ease of use • IBM Data Encryption for IMS and DB2 • www.ibm.com • Hybrid Database/OS centric solution • Oracle DBMS_CRYPTO • www.oracle.com • Enhancements from 9i DBMS_OBFUSCATION_TOOLKIT • Protegrity Secure.Data • www.protegrity.com • Recently back in the market place • Sybase and SQL Server • www.sybase.com • www.microsoft.com Blue Oasis Technologies, Inc 2005
OS Centric Solutions • Vormetric CoreGuard • www.vormetric.com • Application and database transparency Blue Oasis Technologies, Inc 2005
Alternatives to Encryption • Start with the obvious AND THEN justify need!!! • Implementing database encryption solutions non-trivial • Numerous “house keeping” measures should be addressed first • Reduce unnecessary propagation of sensitive data assets • Identify sensitive data assets • Identify all “touch points” • Identify all process flaws • Focus and resolve unnecessary propagation • Enforce strict database procedural controls • Principle of least privilege • Strict authentication, authorization, access restrictions Blue Oasis Technologies, Inc 2005
PART 2 A Deeper Look at the Mechanics of Database Encryption Blue Oasis Technologies, Inc 2005
Database Centric Solution • Application Security DBEncrypt • www.appsecinc.com • Version 2.1 • SQL Server 2000 • Windows 2000 • Test will include encrypting sample ‘TEST_TABLE’ elements create table TEST_TABLE (id integer null, col_integer integer null, col_numeric numeric(10,2) null, col_char char(40) null, col_varchar varchar(40) null, col_datetime datetime null) Blue Oasis Technologies, Inc 2005
Encryption Setup • When DBEncrypt encrypts a table column, a series of related database objects are created • Recreates original table and changes name to ‘<table_name>_base’ • Column datatype for encrypted column changed to accommodate the encrypted value • 2 views created: ‘<table_name>’ and ‘<table_name>_dbe’ • ‘<table_name>’ view simply references ‘<table_name>_dbe’ view • ‘<table_name>_dbe’ view responsible for making necessary procedure calls to decrypt encrypted column data • View is the key to the application transparency!! - The fact that the original table ‘<table_name>’ is now a view is transparent to existing SQL logic so long as the view ‘<table_name>’ supports necessary DML (Data Manipulation Language) operations INSERT, UPDATE, SELECT, and DELETE • Ability to handle DML operations accomplished via ‘Instead of Triggers’ ‘<table_name>_dbe_ins_trg’, ‘<table_name>_dbe_upd_trg’ • SELECT and DELETE operations do not require explicit trigger logic Blue Oasis Technologies, Inc 2005
Database Objects • CREATE TABLE TEST_TABLE _base (id integer null, col_integer varbinary(20) null, col_numeric varbinary(20) null, col_char char(80) null, col_varchar varchar(80) null, col_datetime datetime null dbe_row_id integer identity(1,1)) • CREATE VIEW TEST_TABLE WITH VIEW_METADATA AS SELECT id, col_integer, col_numeric, col_char, col_varchar, col_datetime FROM TEST_TABLE_dbe Blue Oasis Technologies, Inc 2005
Database Objects (cont.) • CREATE VIEW TEST_TABLE_dbe WITH VIEW_METADATA AS SELECT id, master.dbo.dbe_view_decrypt_int( col_integer, '2', 'AES', 'CTS') as 'col_integer', cast(master.dbo.dbe_view_decrypt_num( col_numeric, '3', 'AES', 'CTS') as numeric(10,2)) as 'col_numeric', convert(char(40), master.dbo.dbe_decrypt_stringc( col_char, '4', 'AES', 'CTS')) as 'col_char', master.dbo.dbe_decrypt_string( col_varchar, '5', 'AES', 'CTS') as 'col_varchar', col_datetime, dbe_row_id, col_integer as col_integer_encrypted, col_numeric as col_numeric_encrypted, col_char as col_char_encrypted, col_varchar as col_varchar_encrypted FROM TEST_TABLE_base Blue Oasis Technologies, Inc 2005
Database Objects (cont.) • create trigger TEST_TABLE_dbe_ins_trg on TEST_TABLE instead of insert …. insert into TEST_TABLE_base (id, col_integer, col_numeric, col_char, col_varchar, col_datetime) values (@update_id, master.dbo.dbe_trg_encrypt_varbinary(cast(@update_col_integer as varbinary(4000)), '2', 'AES', 'CTS'), master.dbo.dbe_trg_encrypt_varbinary(cast(@update_col_numeric as varbinary(4000)), '3', 'AES', 'CTS'), master.dbo.dbe_trg_encrypt_char(@update_col_char, '4', 'AES', 'CTS'), master.dbo.dbe_trg_encrypt_varchar(@update_col_varchar, '5', 'AES', 'CTS'), @update_col_datetime) …. Blue Oasis Technologies, Inc 2005
Performance Test Logic • SQL script created to exercise DML operations: INSERT, UPDATE, SELECT, DELETE • SQL script executed a total of 15 times • 5 Test Sets • Test set for each number of encrypted columns: • O, 1, 2, 3, 4 • Test set run values: • 1000 rows, 10,000 rows, and 100,000 rows Blue Oasis Technologies, Inc 2005
Performance Results Blue Oasis Technologies, Inc 2005
Execution Duration Blue Oasis Technologies, Inc 2005
CPU UTILIZATION Blue Oasis Technologies, Inc 2005
DBEncrypt (2.1) Limitations • Columns cannot be involved in a primary key/foreign key relationship • Column must have a data type of varchars, chars, int, smallint, tinyint, decimal, numeric, money, smallmoney, nvarchar, nchar • Column data size for varchar and char data types must not exceed 4000 • Column data size for nvarchar and nchar data types must not exceed 1000 • Column cannot already be encrypted through DBEncrypt • Column cannot be indexed • Column can not have a rule set on it • Column cannot be computed • Table must not have any columns with a default value • Table must not have a trigger • Table must not have a full text index • Bulk Inserts not permitted • Truncate Table not permitted Blue Oasis Technologies, Inc 2005
Database Design Considerations • Design is significant part of effort!!! • Easy to miss critical components • Reactively addressing issues will lead to failure • Design Areas • Table Keys • Stored Procedures and Functions • SQL Logic • SQL Operations • Datatypes • Key Storage Blue Oasis Technologies, Inc 2005
Conclusion • Q&A • Michael McGrattan • Director of Data Management • Blue Oasis Technologies • mmcgrattan@blueoasistech.com • 858 335 1659 Blue Oasis Technologies, Inc 2005