Cryptography in the Database: The Last Line of Defense
By Kevin Kenan
Published by Addison-Wesley Professional
ISBN: 0321320735 Buy Now!
Chapter 2: Securing Databases with CryptographyThis chapter discusses how cryptography can address the concerns raised in the previous chapter. After explaining what cryptography is and providing a general idea of how it works, we dig into the various types of cryptographic algorithms and see where the strengths and weaknesses of each lie.
Finally, we look at where database cryptography sits in an organization's security portfolio.With respect to threats against confidentiality and integrity, we examine how cryptography can help with security. We also look at the common pitfalls and difficulties encountered in implementing a cryptographic system. Not only does a poorly implemented system not provide the needed protection, it can actually weaken overall security. We spend time looking at what kinds of risks a poor cryptographic system introduces.
2.1 A Brief Database RefresherFor the most part, this book assumes knowledge of databases, but we'll quickly go over the fundamentals in case you've been away from the topic for some time. A relational database stores information in tables consisting of rows and columns. A field or cell is the intersection of a row and column.
Tables are related to each other through primary and foreign keys (these keys are quite different from cryptographic keys, which are discussed later). A primary key is a subset of the information in a row that uniquely identifies that row from all the other rows in the table. A foreign key links a row in one table to a row in another table by referencing the latter table's primary key.
Indexes allow for quick searching through a table. By specifying an index on a column, the database creates a special data structure that allows it to rapidly find any information stored in that column. Primary key columns are typically indexed.
A standard language, structured query language (SQL), is used to manage data.
Database objects, such as tables and indexes, are created, modified, and destroyed using a subset of SQL known as data definition language (DDL). Information is entered, viewed, altered, and deleted from a database using another subset of SQL called data manipulation language (DML).
The most common interaction with a database is the select statement, which is an element of DML. The select statement allows an operator to dig though one or more database tables and display just the data that meets specific criteria. A basic select statement contains three clauses. The select clause specifies which columns should be displayed. The from clause specifies which tables should be included in the search. The where clause details the criteria a row must meet to be selected.
The where clause frequently contains join statements, which tell the database how to include multiple tables in the query. Typically, a join follows the link established by a foreign key.
Other frequently used statements include insert, for inserting new data into a table; update, for modifying existing data in a table; and delete for removing rows. All of these statements also include from and where clauses.
Programs typically interact with databases by building and passing these statements to the database. For instance, when a customer wishes to see the items she added to her shopping cart last week, the application passes a select statement to the database to select all of the items in that customer's cart. Then, when the customer adds an item, the application might pass an insert to the database.
Stored procedures offer another avenue for an application to interact with a database. A stored procedure is a program that is loaded into the database itself.
Then, instead of the application building an insert statement to add a new item to the customer's cart, the application would call the add item to cart stored procedure and pass the item and quantity as arguments.
Databases are much more complex and feature-rich than what we've described here, but this overview should provide enough context to help you make sense of the database terminology used in this book. The code examples at the end of the book contain many examples of SQL statements. See Chapter 21, "The System at Work," for example.
2.2 What Is Cryptography?Cryptography is the art of "extreme information security." It is extreme in the sense that once treated with a cryptographic algorithm, a message (or a database field) is expected to remain secure even if the adversary has full access to the treated message. The adversary may even know which algorithm was used. If the cryptography is good, the message will remain secure.
This is in contrast to most information security techniques, which are designed to keep adversaries away from the information. Most security mechanisms prevent access and often have complicated procedures to allow access to only authorized users. Cryptography assumes that the adversary has full access to the message and still provides unbroken security. That is extreme security.
A more popular conception of cryptography characterizes it as the science of "scrambling" data. Cryptographers invent algorithms that take input data, called plaintext, and produce scrambled output. Scrambling, used in this sense, is much more than just moving letters around or exchanging some letters for others. After a proper cryptographic scrambling, the output is typically indistinguishable from a random string of data. For instance, a cryptographic function might turn "Hello, whirled!" into 0x397B3AF517B6892C.
While simply turning a message into a random sequence of bits may not seem useful, you'll soon see that cryptographic hashes, as such functions are known, are very important to modern computer security. Cryptography, though, offers much more.
Many cryptographic algorithms, but not all, are easily reversible if you know a particular secret. Armed with that secret, a recipient could turn 0x397B3AF517B6892C back into "Hello, whirled!" Anyone who did not know the secret would not be able to recover the original data. Such reversible algorithms are known as ciphers, and the scrambled output of a cipher is ciphertext. The secret used to unscramble ciphertext is called a key. Generally, the key is used for both scrambling, called encryption, and unscrambling, called decryption.
A fundamental principle in cryptography, Kerckhoffs' Principle, states that the security of a cipher should depend only on keeping the key secret. Even if everything else about the cipher is known, so long as the key remains secret, the plaintext should not be recoverable from the ciphertext.
The opposite of Kerckhoffs' Principle is security through obscurity. Any cryptographic system where the cipher is kept secret depends on security through obscurity. Given the difficulty that even professional cryptographers have in designing robust and efficient encryption systems, the likelihood of a secret cipher providing better security than any of the well-known and tested ciphers is vanishingly small. Plus, modern decompilers, disassemblers, debuggers, and other reverse-engineering tools ensure that any secret cipher likely won't remain secret for long.
Cryptographic algorithms can be broadly grouped into three categories: symmetric cryptography, asymmetric (or public-key) cryptography, and cryptographic hashing. Each of these types has a part to play in most cryptographic systems, and we next consider each of them in turn.
About the author
|Kevin Kenan leads Symantec's IT application and database security program. In this position, he works with application development teams to ensure that the applications and databases Symantec deploys internally are secure. This work includes specifying cryptographic solutions to protect sensitive information wherever it is stored. Prior to his work in Symantec's information security department, Kevin designed and developed applications for Symantec's information technology and product development teams often with an emphasis on security and cryptography. He previously provided enterprise support for Symantec's development tools, and he holds a Bachelor of Science in Mathematics from the University of Oregon.|