I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.
views:
130answers:
4
+8
A:
This is a customer's requirement.
Customer's requirements must be projected onto the real world. If you application can read some business data, and if the aggresor takes control of your application, then the agressor can read that business data. Assymetric cryptography won't do magic.
leonbloy
2010-04-16 13:33:35
+1. Well said. Some times you get all sort of requirements.
Guru
2010-04-16 14:18:05
+2
A:
The place to store the private key is with the client, and decrypt it only on the client. The data would need to be at no time decrypted, read or passed through the server in unencrypted form.
Yishai
2010-04-16 13:42:00
It sounds reasonable, but it might be a problem for clients to keep the keys. Users of the system are not technically advanced and might not realize that the cryptographic key is the key for their work. I'm thinking of giving the responsibility of managing keys to system admin, but where he could store the key safely so that the application would work effectively? After some thoughts I think that it would be acceptable for the customer if admin provides the key to the server application while starting it, but is it secure to store the key in memory? Is it difficult to pick the key from memory?
Przemysław Różycki
2010-04-16 22:35:16
@Przemyslaw, it is certainly difficult to read it from memory, but it is also difficult to root a machine. If someone can get root, I would not view memory as a barrier, especially since they can dump it and analyze it.
Yishai
2010-04-18 01:02:59
+1
A:
I am not sure about the database options, but it's worth to have a look at Oracle Advanced Security(OAS). But, the key is not stored inside the database but in Oracle wallet (OS managed), as far as I can see, compromising this is hard.
OAS supports encryption at tablespace level and at column level. All these, it claims to be performing with no overhead.
Guru
2010-04-16 14:02:54
That's a good option, bu do you know if some free or at least cheaper databeses have an equivalent feature?
Przemysław Różycki
2010-04-16 22:38:36
Although not free, Microsoft SQL Server has an equivalent named Transparent Data Encryption in the 2008 Enterprise Edition.
John Asbeck
2010-04-18 00:35:53
Both Oracle and MsSQL (and Postgresql: http://www.postgresql.org/docs/8.4/static/encryption-options.html) encrypt at the DB layer. The business layer has the clear data, so if the hacker takes control of the application server, you have no protection.
leonbloy
2010-04-18 12:24:59