Cryptography in the Database: The Last Line of Defense 

By Kevin Kenan Published by AddisonWesley Professional ISBN: 0321320735 Buy Now! Published:October 2005 Pages:312 

2.2.1 Symmetric Cryptography
Symmetric key cryptography is so named because the cipher uses the same key for both encryption and decryption. Two famous ciphers, Data Encryption Standard (DES) and Advanced Encryption Standard (AES), both use symmetric keys.Because symmetric key ciphers are generally much faster than publickey ciphers, they are suitable for encrypting small and large data items.
Modern symmetric ciphers come in two flavors. Block ciphers encrypt a chunk of several bits all at once, while stream ciphers generally encrypt one bit at a time as the data stream flows past. When a block cipher must encrypt data longer than the block size, the data is first broken into blocks of the appropriate size, and then the encryption algorithm is applied to each. Several modes exist that specify how each block is handled. The modes enable an algorithm to be used securely in a variety of situations. By selecting an appropriate mode, for instance, a block cipher can even be used as stream cipher.
The chief advantage of a stream cipher for database cryptography is that the need for padding is avoided. Given that block ciphers operate on a fixed block size, any blocks of data smaller than that size must be padded. Stream ciphers avoid this, and when the data stream ends, the encryption ends.We'll return to block and stream ciphers in the algorithm discussion in Chapter 4 "Cryptographic Engines and Algorithms."
The primary drawback of symmetric key ciphers is key management. Because the same key is used for both encryption and decryption, the key must be distributed to every entity that needs to work with the data. Should an adversary obtain the key, not only is the confidentiality of the data compromised, but integrity is also threatened given that the key can be used to encrypt as well as decrypt.
The risks posed by losing control of the key make distributing and storing the key difficult. How can the key be moved securely to all the entities that need to decrypt the data? Encrypting the key for transmission would make sense, but what key would be used to encrypt the key, and how would you get the keyencrypting key to the destination? Once the key is at the decryption location, how should it be secured so that an attacker can't steal it? Again, encryption offers a tempting solution, but then you face the problem of securing the key used to encrypt the original key.
We'll look at these problems in more detail in Chapter 5 "Keys: Vaults, Manifests, and Managers." In terms of the key distribution problem, cryptographers have devised an elegant solution using publickey cryptography, which we examine next.
2.2.2 PublicKey Cryptography
Publickey cryptography, also known as asymmetric cryptography, is a relatively recent invention. As you might guess from the name, the decryption key is different from the encryption key. Together, the two keys are called a key pair and consist of a public key, which can be distributed to the public, and a private key, which must remain a secret. Typically the public key is the encryption key and the private key is the decryption key, but this is not always the case. Wellknown asymmetric algorithms include RSA, ElGamal, and DiffieHellman. Elliptic curve cryptography provides a different mathematical basis for implementing existing publickey algorithms.Publickey ciphers are much slower than symmetrickey ciphers and so are typically used to encrypt smaller data items. One common use is to securely distribute a symmetric key. A sender first encrypts a message with a symmetric key and then encrypts that symmetric key with the intended receiver's public key. He then sends both to the receiver. The receiver uses her private key to decrypt the symmetric key and then uses the recovered symmetric key to decrypt the message.
In this manner the speed of the symmetric cipher is still a benefit, and the problem of distributing the symmetric key is removed. Such systems are known as hybrid cryptosystems.
Another important use for publickey cryptography is to create digital signatures. Digital signatures are used much like real signatures to verify who sent a message. The private key is used to sign the message, and the public key is used to verify the signature.
A common, easily understood digital signature scheme is as follows. To sign a message, the sender encrypts the message with the private key. Anyone with the corresponding public key can decrypt the message and know that it could only have been encrypted with the private key, which presumably only the sender possesses. Note that this does not protect the confidentiality of the message, considering anyone could have the sender's public key. The goal of a digital signature is simply to verify the sender.
Because the public key can be distributed to anyone, we don't have the same problem as we do with symmetric cryptography. However, we do have a problem of unambiguously matching the public key with the right person. How do we know that a particular public key truly belongs to the person or entity we think it does? This is the problem that public key infrastructure (PKI) has tried to solve.
Unfortunately, PKI hasn't lived up to its promise, and the jury is still out on what the longterm accepted solution will be.
Publickey cryptography is mentioned here to help readers new to cryptography understand how it is different from symmetric algorithms. We do not use publickey cryptography in this book, and we do not cover particular algorithms or implementation details. As is discussed in section 2.3, "Applying Cryptography," publickey schemes aren't necessary for solving the problems in which we're interested.
2.2.3 Cryptographic Hashing
The last type of cryptographic algorithm we'll look at is cryptographic hashing.A cryptographic hash, also known as a message digest, is like the fingerprint of some data. A cryptographic hash algorithm reduces even very large data to a small unique value. The interesting thing that separates cryptographic hashes from other hashes is that it is virtually impossible to either compute the original data from the hash value or to find other data that hashes to the same value.
A common role played by hashing in modern cryptosystems is improving the efficiency of digital signatures. Because publickey ciphers are much slower than symmetric ciphers, signing large blocks of data is very timeconsuming. Instead, most digital signature protocols specify that the digital signature is instead applied to a hash of the data. Given that computing a hash is generally fast and the resulting value is typically much smaller than the data, the signing time is drastically reduced.
Other common uses of cryptographic hashes include protecting passwords, timestamping data to securely track creation and modification dates and times, and assuring data integrity. The wellknown Secure Hash Algorithm family includes SHA224, SHA256, SHA384, and SHA512. The older SHA1 and MD5 algorithms are currently in wider use, but flaws in both have been identified, and both should be retired in favor of a more secure hash.
2.3 Applying Cryptography
Now that you've freshened your recollection of database terminology and surveyed the basics of modern cryptography, we examine how cryptography can help secure your databases against the classes of threats covered in Chapter 1.As we discuss the types of solutions offered by cryptography, we'll also consider the threats that cryptography is expected to mitigate. This threat analysis, as discussed previously, is an essential component of any cryptographic project, and the answers significantly shape the cryptographic solution. Unfortunately, in practice, a requirement to encrypt data is rarely supported with a description of the relevant threats. Encrypting to protect confidentiality from external attackers launching SQL injection attacks is different from protecting against internal developers with readonly access to the production database. The precise nature of the threat determines the protection.
About the author
Kevin Kenan leads Symantec's IT application and database security program. In this position, he works with application development teams to ensure that the applications and databases Symantec deploys internally are secure. This work includes specifying cryptographic solutions to protect sensitive information wherever it is stored. Prior to his work in Symantec's information security department, Kevin designed and developed applications for Symantec's information technology and product development teams often with an emphasis on security and cryptography. He previously provided enterprise support for Symantec's development tools, and he holds a Bachelor of Science in Mathematics from the University of Oregon. 