Skip to main content

Transparent Data Encryption for Databases

If you are creating a software application that needs to store and retrieve data, then most probably you have to use Databases. Unless it is not an in-memory database, Database store data on the disk as a file. Your application may be running on a remote server and database also reside on a remote server. Your application may collect sensitive data such as passwords, bank account data, and health data etc. Imagine a hacker somehow login into your database server and stolen your database file. Now, Unfortunately Hacker able access to all of your information by reading that file. So, How could you overcome this problem?

Encryption comes to Rescue

Encryption commonly used in day to day network communication to hide data from the third party. Encryption scrambles your data by a given key. Only the person who knows the right key can read the real message. Encryption could be either symmetric or asymmetric. In this case, we just need symmetric encryption since the user does not need to generate a shared secret.
The simplest solution to overcome this problem is by storing data encrypted rather storing as a flat file. But, encrypting the whole file is not a practical solution since its need to decrypt whole database file to execute each of the SQL queries. It is a huge performance drawback. Instead of encrypting the whole file we can use pages to encrypt database data as blocks. Pages are the smallest unit of transaction in a database. Pages are fixed in size (normally 4KB). Pages used to store Btree nodes in a database. These nodes can be either a collection of table rows or keys that used for indexing (To learn more about Btree and Pages, read this blog post).

How Transparent Data Encryption works?

Now, keeping data on remote file is not an issue since now we know we can store data in encrypted form. Here on, we are going to discussing how everything put in together. For that, let us see how MySQL implement this feature.
TDE in MySQL
Here, an application needs to store a table in MySQL server. It sends SQL query to the MySQL server. MySQL server read the database pages to evaluate the SQL expression. But, Page is in the encrypted format. Now the database needs to find the relevant key to decrypt page. Obviously, you need to keep this key in a secure place. Key Vault is a secure vault that used to store such keys, certificates, and passwords. MySQL read the key from Key Vault and decrypt the pages and execute the SQL Query. If any modification happens on Pages, then it encrypts the page and saves it on the file. Here AES encryption used with CBC mode used to encrypt and decrypt the data.

Key Vault

Centralized management of TDE direct connection of TDE master key (Image from: https://docs.oracle.com/cd/E50341_01/doc.1210/e41361/okv_concepts.htm)
Key vault provides centralized storage to store keys even in the distributed database. Instead of using separate keys for multiple TDE requirements, you can maintain a single key called Master key. Additional to storing keys, Key vault provides a way to administrate roles. Following are the roles used in Oracle Key Vault.
  1. System Administrator
  2. Key Administrator
  3. Audit Manager
System administrator having authority to create, modify and delete a user. It can add a new endpoint to the system. Further, this role is responsible to schedule backup and set up high availability.
Key Administrator control user and endpoint access to the virtual wallet. It can manage user groups and endpoint groups.
Audit manager has read access to all security objects. It is responsible to manage the audit trails.

Pros and Cons

Seems TDE is a nice way to save data from a hacker. However, TDE has both pros and cons, when it using in the production.
Pros
  1. Easy to implement
  2. No changes required in the application layer
  3. Features such as Mirroring, Always On and Log Shipping can be used along with TDE
Cons
  1. Data secured only when it at rest. Database server still can read your data and keys.
  2. Data that not required to hide, is also stored in encrypted form.
  3. Small performance impact due to encryption overhead.
  4. The database backup may become heavier when it compressed

Other Database encryption methods

Other than using TDE to hide data in page level, Column Level encryption also available. In this case, Database encrypts the column rather encrypting pages. This makes column level encryption much more flexible compared to TDE. Further, Database can use separate keys to encrypt each of the columns. Performance of the database becomes a drawback since multiple keys used to encrypt a single database.

Conclusion

TDE protect your data in remote database server by using encryption. Purpose of the TDE is secure data in databases file level(at rest). Almost all of the commercial databases provide the ability to use TDE to protect data. Even though you use TDE to secure your database from a hacker, still you need to take action to save your data from other possible adversaries such as XSS attack, SQL injection, Replay attack etc. Designing software that runs on the web requires lot more security than it runs as a single desktop application. Therefore whole design should be tightly secure, in order to provide a fully secure platform to the end user.

Comments

  1. Thanks a lot for sharing this amazing knowledge with us. This site is fantastic. I always find great knowledge from it.  Transparent File Level Encryption

    ReplyDelete

Post a Comment

Popular posts from this blog

Database Internel Architecture: SQLite

Introduction A database is an essential part of building a software system which used to store and read data efficiently. Here, We are going to discuss some architectural details of database implementation by using an early version of SQLite. SQLite is a small database application which used in millions of software and devices. SQLite invented by D.Richard Hipp in August 2000. SQLite is a high performance, lightweight relational database. If you are willing to learn internal of a database in coding level, then SQLite is the best open source database available out there with highly readable source code with lots of documentation. Reading later versions of SQLite become a little harder since it contains lots of new features. In order to understand the basic implementation of database internals, You should have good knowledge about data structures, some knowledge about Theory of Computing and how an operating system works. Here we are looking into the SQLite 2.5.0 version. Here

Weird Programming Languages

There are thousands of programming languages are invented and only about hundred of programming languages are commonly used to build software. Among this thousands of programming languages, there are some weird type of programming languages can be also found. These programming languages are seems to be called weird, since their programming syntax and the way it represent its code. In this blog we will look into some of these language syntax. Legit Have you ever wonder, when you come to a Github project that print hello world program, but you cannot see any codes or any content. Check this link  https://github.com/blinry/legit-hello  and you will see nothing in this repository. But trust me, there is hidden code in this project. If you see the  commit  section, you can reveal the magic. Yeah, you are right. Its storing hello world code in inside the git commit history. If you clone this project and run the following command, then you can see the hidden code in this project. g

Basic Concepts of the Kubernetes

Handling large software which has multiple services is a tedious, time-consuming task for DevOps engineer. Microservices comes into the rescue DevOps engineers from all these complicated deployment processes. Simply, each microservice in the system has it own responsibility to handle one specific task. The container can be used to deploy each of these micro-tasks as a unit of service. If you are not that familiar with Containers, read this article to get to know about Docker, Which is the most popular and widely used container technology to deploy microservices. As I described early, we can use single container to deploy a single service and container contain all required configurations and dependencies. Single service always faces a common problem of a single point of failure. In order to avoid single point failure, we need to set up another service such that if one service is getting down, next available service takes that load and continue to provide the service. Another requi