Protecting Data Privacy in Sybase Adaptive Server Enterprise (1)

Security Vulnerabilities

Databases distributed throughout the company collect and store a variety of key personal privacy data, such as social insurance numbers, credit card numbers, birthdays, and bank account information, at the same time, the relevant health and insurance databases store a large amount of medical records. To protect user privacy and prevent data theft, people have adopted complex and effective security measures and steps to control network and database access.

However, one thing that is sometimes overlooked is that when a company loses computers, storage devices, backup tapes, or computers are hacked-personal data is exposed.

Data exposure in this form is not uncommon. recently:

◆ A Research Institute reported that it had lost a laptop that stores more than 98,000 pieces of personal data from applicants.
◆ The theft of two computers in a medical institution results in the loss of personal data of 185,000 patients.
◆ A federated contractor reported that 35,000 of its shareholders would be at risk due to the theft of a desktop computer.

Unfortunately, when these thieves get these devices, they can use some tools to bypass the database access control mechanism and directly read the physical block of the disk to restore key data.

To protect data on media such as disks and backup tapes, the most effective method today is to encrypt the data before writing it to the disk.

Encrypt Disks

To effectively manage disk encryption and provide advanced security protection, three key issues need to be solved, which can be solved by the Sybase ASE encryption option.

First, the entire encryption system must be independent of the application system and cannot change the application.Most database management systems are bundled with a series of application software. Modifications to applications will increase system overhead and increase the complexity of implementing security systems. This also raises a series of new problems, such as how to ensure the effectiveness of application systems and security software interfaces, without generating new security vulnerabilities. This is one of the reasons why simple "encryption" and "decryption" application features are not suitable for the entire security solution.

Unlike other solutions, the Sybase ASE encryption option does not need to be modified. On the contrary, it can encrypt data directly through the database security management mechanism, while keeping the existing applications and data unchanged. Because of Sybase's data encryption mechanism, the database table structure has not changed, so no need to change the query and data operation code.

Second, the key must be kept properly.Lack of key protection is a common problem for security systems. Key security is the most basic. Generally, the management key inside the system can protect the key more effectively than the key transmitted over the network.

To avoid external key defects, the Sybase ASE encryption option manages keys on the server. The key is stored in the database's sysencryptkeys table in an encrypted format. For example, to generate a key named ssn_key for the AES encryption algorithm, run the following command:

create encryption key ssn_key for AES

After this command is executed, the new ssn_key can be used.

Using the Sybase ASE encryption option, you only need two steps to change the key: generate a new key, and then use the new key for encryption. For example:

create encryption key new_ssn_key for AES alter table employee modify ssn encrypt with new_ssn_key

Third, authorization-based access mechanisms must be established.There are usually many ways to control access to encrypted data. The simplest way is to provide the key to users and applications. The application then transmits the key to the decryption point when accessing the data. However, this approach has two major drawbacks:

◆ In order to operate the key, the application must be modified.
◆ Keys are exposed outside the database.
◆ Keys must be protected during transmission
◆ Key publishing becomes a new issue because it must be ensured that the new key can be securely published to users and applications. Changing the key also faces this problem.
◆ Multiple programs need to share keys to access public encrypted data.

The Sybase ASE encryption option effectively avoids the preceding problems by using the authorization-based access mechanism. Users and user groups can access encrypted data only through authorization, without the transmission keys of users and applications. Unauthorized users cannot view the data. Table Primary Table owners) allows convenient management of license control through GRANT and REVOKE commands. For example, to authorize the user to decrypt the role account_manager_role In the ssn column of the customer table, the table owner uses the following command:

grant decrypt on employee(ssn) to account_manager_role

In this example, only users with the account_manager_role role can view the decrypted ssn column, and other users will receive an error message indicating a license error. In this process, the application does not need to be modified.

Security Assurance-performance at the same time

The Sybase ASE encryption option is operated at the column level. This can easily encrypt personal private data, such as the user's social security number, without the need to encrypt the general data, such as the place of residence. With the built-in encryption technology provided by the Sybase ASE encryption option, database TABLE administrators can use the extension of the alter table command to conveniently encrypt existing tables. For example, if you use a key named ssn_key to encrypt the ssn column of the customer table, the table owner can use the following command:

alter table employee modify ssn encrypt with ssn_key