1 / 44

DB Security & Encryption

DB Security & Encryption. Topics Discussed. Discretionary Access Control Mandatory Access Control Encryption Authentication. Access and the DBA. Ultimately the DBA is responsible for security on the DB

wayne
Télécharger la présentation

DB Security & Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DB Security & Encryption

  2. Topics Discussed • Discretionary Access Control • Mandatory Access Control • Encryption • Authentication

  3. Access and the DBA • Ultimately the DBA is responsible for security on the DB • In addition to Disc. & Mand. control, audits provide an opportunity to discover breaches and who is responsible • Important note: DB security is similar to a chain: Only strongest as weakest link

  4. Access Control • Basic method of user name and password • Also applies to application programs • The file of usernames and passwords is encrypted and stored on the DB • Used to keep unauthorized persons off the DB entirely

  5. Discretionary Access Control • Disc access control involves the granting and revoking of privileges on the DB • A new user account starts with no access on the DB, all privileges need to be granted. In other words, new users get nothing automatically. • There are two types of privileges: Account level Relation level

  6. Account level privileges • Consist of privileges independent of what relations or information is in the DB • Ex: Gaining functionality on your account, like the ability to create, retrieve, add or delete information. • Privileges mean being allowed to use SQL commands such as CREATE SCHEMA, CREATE VIEW, or UPDATE. • In Oracle, account level privileges are called System privileges having an identical function.

  7. Relation level privileges • Consist of privileges dealing directly with the information/relations in the DB. • Involves both base relations- the actual tables & • Virtual relations- views of the tables • Relation level privileges specify what tables the privileges you gain with account level can be used on. • Oracle has Object privileges in place of relation privileges. • The total number of privileges currently available on Oracle is approx. 100.

  8. (Relation level cont’d) • Also can be applied to the attributes (columns) within each relation (table). • Example: You may have the UPDATE privilege, and are given access on the Inventory table, but only to the “Cleaning Supplies” column. You can only update that one field for each tuple. • SQL2 provides relation level privileges at both the table and attribute level

  9. Access Matrix Model • Account level & Relation level privileges combine to form the access matrix model. • Rows represent subjects • Subjects = persons or application programs • Columns represent objects • Objects = relations, attributes on DB

  10. Example using Access Matrix:

  11. Authoring Accounts • A secondary purpose for Discretionary Access privilege use. • Someone who creates a table automatically gains full privileges for that table. • They can then “grant” privileges on that table to others, just like the DBA. • Example: If Ozzy creates a table, and then Jack wants to access it, Ozzy can grant UPDATE, ADD, & DELETE to Jack to work on the table. Also, if Ozzy desires, he can revoke Jack’s privileges at any time.

  12. Discretionary Access Example: • The DBA around Christmas, gives the privileges CREATE VIEW, SELECT, INSERT, and DELETE to Rudolph: • Grant SELECT, CREATE VIEW, UPDATE, INSERT, DELETE on CHRISTMAS LIST, FLIGHT TABLE to Rudolph with Grant Option • Rudolph then create a view of the flight table- FTVIEW- but excludes the attribute concerning the flight in Britain, and proceeds to give the privilege of SELECT on that view to Comet (Comet doesn’t like flying over Britain): • Grant SELECT on FTVIEW to Comet • Rudolph now grants the privileges SELECT, UPDATE, INSERT and DELETE on the Christmas list table to Blitzen, because Blitzen saw some things the DBA missed, and needs to amend it: • Grant SELECT, UPDATE, INSERT, DELETE on CHRISTMAS LIST to Blitzen with Grant option

  13. Mandatory Access Control • Mandatory access control is the assigning of security levels to the subjects and objects on the DB • It is a secondary security mechanism, meant to assist with discretionary access control. • It enables an easier, less detailed assignment of privileges to large numbers of users.

  14. Security levels • The model typically followed is the Bell-LaPadula model. • It classifies into 4 security levels: • TS- top secret • S- secret • C- confidential • UC- unclassified • Two rules are implemented based on these security levels: • The simple security property: Read access for users is allowed only if S>=O. • *-property: Write access (creation) for users is allowed only if S<=O.

  15. (Mandatory access cont’d.) • Attributes can also be assigned security levels, creating multilevel tables. • This is useful because you can allow someone access to a table that you otherwise would not based on one attribute being restricted, resulting in that person being able to access the other information in the table, with a NULL field for that attribute when they access it.

  16. Oracle 8i • An option offered in Oracle called “profiles” mixes discretionary and mandatory access abilities. • They are predefined groups of privileges on the system, which are then assigned to users, similar to security level assignment. Privileges include limits on CPU time, idle time on the system, and the number of data blocks that can be read per program call.

  17. Cryptology • Cryptology- the study of both cryptography and cryptanalysis. • Cryptography- creation and use of cryptosystems ie. Methods of encryption. • Cryptanalysis- field of breaking cryptosystems, in order to ascertain their security strength. • Plaintext- message before encryption • Ciphertext- message after encryption

  18. Confusion & Diffusion • Confusion & Diffusion are the two basic goals a cryptosystem attempts to satisfy. • The goal of Confusion is to obscure the relationship between the plaintext and ciphertext. • Example: Substitution, such as Caesar cipher • The goal of Diffusion is to dissipate the redundancy of the plaintext by spreading it out over the ciphertext. • Example: transposition aka permutation The order of the plaintext is spread throughout the ciphertext

  19. Public & Secret key Cryptography • Two of the main types of cryptography in use are public and secret key cryptography. • Secret key cryptography is the more familiar and often used of the two, dating back to the time of the Greeks. It is also known as symmetric key cryptography. • Public key is also known as asymmetric key cryptography. • Many encryption methods today involve a combination of both.

  20. Secret key cryptography • Secret key is so named because of the need to keep the key a secret to keep the system secure. • The same key or computationally similar keys are used on both ends. • A message is encrypted with an algorithm and a key, and on the other end an inverse of that algorithm with the same key is used to decrypt it.

  21. Secret key Problems • This method has some practical problems: • Keys need to be exchanged in order to use the system. However, there is no secure means of information exchange if the encryption method is required. • A person needs a separate key to communicate with each person they talk with. So, if you are exchanging with 10 people, you need 10 different keys. Otherwise the other 9 could decode anything to or from you. • Enter public key!

  22. Public key Cryptography • Public key cryptography is relatively new and it’s emergence was fueled by the problems of using secret key alone. • The difference with public key is that two different keys are found/calculated for encryption and decryption. The same algorithm is used for both however. • Consequently, a public key used to encrypt something cannot be used to decrypt it. The partner (secret) key is the only key that can decrypt the message.

  23. Public key cont’d • The issues with secret key are solved in the case of having the two distinct keys. • Because my keys are different, I can publish one of them publicly, calling it the public key, and keep the other, calling it the private key. • If I wish to establish communication with someone, I can simply direct them to send messages to me using my public key for encryption. With this method, there was no need to exchange keys by questionably insecure means. • To speak to that person, I simply use their public key. It doesn’t matter who knows it, because once I encrypt it, only the owner’s private key can decrypt it.

  24. Public key cont’d • The other secret key problem is that of multiple keys. • In this case, only one set of keys is needed for each person, regardless of how many people are trying to communicate. Everyone uses my public key to contact me, and I get the public key of each person, and use it to communicate with them. • Example: 100 people trying to communicate using secret key: 100! (factorial) key sets. That’s a lot of keys. • With public key: 100 key sets. That’s all.

  25. Public key problems • Of course, there has to be a disadvantage to public key. Nothing’s perfect. • Public key, because of the nature of how it encrypts, requires huge numbers, which in turn require lots of processor time. Much more than secret key does. • It takes between 100 & 10,000 times longer to encrypt something with public than secret key cryptography. • Consequently, public key is only used by itself to encrypt if the message needs extreme security, or the message is extremely small.

  26. Combination encryption • As a result of public key security but slow speed, the methods are combined for efficient but secure information transport. • A message is encrypted with a secret key, and then the secret key is encrypted with public key cryptography. The ciphertext secret key is then attached to the encrypted message and sent. • At the other side, the private key of a public key cryptography pair is used to decrypt the secret key, and this is then used to decrypt the message.

  27. RSA- public key system • One of the most popular public key systems used today is RSA encryption. • RSA Rivest, Shamir, Adleman. • Public key- including RSA, is considered very secure because of its reliance on large prime numbers to encrypt and decrypt. • It hasn’t been proven but it is widely believed that RSA is so secure because the only method to break it rests in being able to factor large prime numbers. • Up to this point, methods for factoring large prime numbers are still painfully slow, relative to the numbers being used for encryption.

  28. RSA- Large primes • Estimates of how long it could take to factor the primes used in RSA keys range from 70 years to the end of the universe. • The size of the prime numbers used are approx 250 to 1024 bits long, or up to 100 characters long.

  29. RSA- how it works • Initially, you need to find two large prime numbers, calling them P & Q. • You multiply them together and the result will be S. PQ = S. • You next choose E, a number such that it and the product (P-1)(Q-1) are relatively prime- meaning they have no prime factors in common. E must be greater than one and less than S. 1<E<S.

  30. Cont’d • Next you choose D, a number such that DE – 1 is evenly divisible by (P-1)(Q-1). In other words, DE is congruent to 1 mod(P-1)(Q-1) DE=1mod(p-1)(Q-1).

  31. RSA cont’d • With these numbers E & D, and P & Q, you have your encryption algorithm. • P & Q must be disposed of, and never referenced again. • The security of the system relies on needing to factor S back into P & Q. • E & D become the public and private keys. They are multiplicative inverses of each other. • This means either can become the public or private key.

  32. Yet more RSA • The encryption algorithm, with T=plaintext and C=ciphertext: • C = TE mod S • The decryption algorithm: • T = CD mod S

  33. A little more RSA • Obviously, the plaintext and ciphertext are converted to numbers prior to encryption. • The number S and one of the keys, say D, become your public key, and can be distributed freely. (S, D). • The number E and S become your private key. (S, E). • That’s RSA folks!!!!!!!

  34. Authentication • An involved issue with public key cryptography is that of authentication. • One facet of authentication is digital signature. • Digital signature is simply the private key of a public key set.

  35. Guess what? That’s right, Authentication. • Digital signature enables someone to verify if the person who sent something is really who they say. It works like this: • I send something, encrypting it with my private key. This means only one key will decrypt it, my public key. If this key is used and the message is decrypted, it proves that my private key is the author of the message. • This is admissible in court to prove identity.

  36. Yeah, you know • It is important to note that secrecy is not secured with this method, because when I encrypt something with my private key, anyone can get access to my public key and decrypt the message. It is used for authentication of the sender.

  37. DES- Data Encryption Standard • Created by IBM and adopted by the US gov’t for non-classified use. • A 64-bit key is used for encryption in DES. • It operates on 64-bit blocks of data. • The process of encryption involves sending the 64-bit text through a process called function F 16 times, applying the a sub-key derived from the original each time.

  38. Data … • The 64-bit key is reduced to 56 bits prior to encryption. The 8 removed bits are parity bits to check the correctness of the key. • Prior to being sent into function F, the 64-bit plaintext is sent through a matrix that permutates the bits. After the 16 cycles of function F, another matrix, the inverse of the first, is applied, and the finished result is the ciphertext.

  39. DES key • The 56-bit key is broken into halves, and each halve is rotated left 1 or 2 bits, depending on the cycle of function f. • The halves are then recombined • Lastly, the key is compression permutated into a 48-bit sub-key. This process occurs 16 times, producing different sub-keys each time.

  40. 64-bit plaintext 64-bit key Matrix- permutation 56-bit key 28-bit left half 28-bit right half Function F Repeated 16 times Rotated left Rotated left Rotated and recombined 56-bit key Compression P-box Reduces key to 48 bits Matrix- inverse permutation

  41. Oh yeah, it’s Function F • 64-bit input • Broken into halves • Right half is expansion permutated into 48 bits • This 48 bits is then exclusive OR’d with the 48 bit sub-key. • The resulting 48 bits is then run through an S-box (similar to a compression permutation), reducing the 48 bits to 32 bits.

  42. Functions Functions Functions yeah! • The 32 bits is then permutated, and the resulting 32 bits is then exclusive OR’d with the original left half of the input 64 bits. • The output of all that becomes the right half in the output of the function, and the original right half, before all the operations were performed on it becomes the new left half. • This is repeated 16 times!! Whoa yeah, fun fun!!

  43. Conclusion • Database security- discretionary and mandatory access, attempt to control the access of users on the system. • Encryption is used to secure information on the system,and information in transport to or from the system. • Authentication is used to verify the sender of information

  44. Yes, this is the last slide!!!!!!!!!! • Secret key is less secure but quicker • Public key is much more secure and much slower. • Dr. Vert is the best teacher in the CS department

More Related