March 7, 2013 SQL Encryption and You By Todd Kleinhans

Slides:



Advertisements
Similar presentations
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Advertisements

Cryptology Making & Breaking Codes & Ciphers. AJ 1152 Cryptology Cryptography –Science of creating codes or ciphers Cryptanalysis –Science of breaking.
Modern Cryptography.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.
Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.
Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption
Chapter 8 Network Security 4/17/2017
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Crypto Bro Rigby. History
Computer encryption is… Based on the science of cryptography.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Additional Security Tools Lesson 15. Skills Matrix.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Day 18. Concepts Plaintext: the original message Ciphertext: the transformed message Encryption: transformation of plaintext into ciphertext Decryption:
Chapter 20 Symmetric Encryption and Message Confidentiality.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
Lecture 23 Symmetric Encryption
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
Mort Anvari Introduction to Encryption Technology To insert your company logo on this slide From the Insert Menu Select “Picture” Locate your logo file.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
DES: Data Encryption Standard
CHAOS CRYPTOGRAPHY Nathaniel Speiser Physics
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
SQL Server Encryption Ben Miller Blog:
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Chapter 8 Network Security.
Cryptography.
Lecture 3: Symmetric Key Encryption
Encryption Not just for the NSA anymore
End to End Security and Encryption in SQL Server
Modern Cryptography.
Presentation transcript:

March 7, 2013 SQL Encryption and You By Todd Kleinhans

March 7, 2013 Who is Todd Kleinhans? To quote HHG2G, “Well, Todd's just this guy, you know?” Worked with SQL Server since 1999, SQL7.0 Developer, dba, manager, enterprise data architect, consultant Defense, home building, gov’t, and finance Currently a Sr DBA Consultant with Datavail A geek who thinks about more stuff than time in the day

March 7, 2013 What is Encryption? Process to obscure information Plaintext -> algorithm -> ciphertext Decrypt by key(s) back into plaintext Ciphertext -> algorithm -> plaintext

March 7, 2013 Quick Example Plaintext: Becomes a varbinary ciphertext: 0x89FAC818B09F6BFCAE9505B1C764E761770F B14256F9AD57AD33FDCBC6D98F70E B96D59323C52B19C4763A23A961DDD453 E8F3E9BFDA4A1D1E5A8E7AC2A61F8825F47BB4 47E9D28C14654A52A2E91DDDCE F F30350ABBD391FA8EE5165FD74EBE9F72B9106 AC4A950C9FC4A3B7DD06E7C2F63A Decrypted ciphertext:

March 7, 2013 Why Do You Need It? Avoid if possible!!! Translation: Only encrypt what is absolutely needed Storing Sensitive Business Info Industry Requirements, Laws, Regulations Contractual

March 7, 2013 Security, Security, Security A Security Mind-Set Only the Paranoid are truly Paranoid “The enemy knows the system” Security Should Be Designed in – Not Bolted-On

March 7, 2013

Security, Security, Security (cont) Defense in Depth (DID) – Encryption is last line of defense – In layers (physical and logical) – Threat modeling Documentation of systems is key Internal/External threats – Security audits “Don’t show me anything”

March 7, 2013 A Brief History of Cryptology Ciphers and Codes – Mono & Polyalphabetic – Morse Code – WWI and WWII Cryptology – Cryptography – create – Cryptanalysis – break Switch to Computers

March 7, 2013 A Brief History of Cryptology (cont) 1976 – Data Encryption Standard (DES) 1977 – RSA – asymmetric encryption algorithm 1997 – DESCHALL cracks DES in public 1998 – EFF & Deep Crack – 56hrs; $250k 1999 – Deep Crack & distributed.net – 22hrs 1999 – Triple DES (until 2030) 2001 – Advanced Encryption Standard (AES) 2006 – COPACOBANA – (DES) 6.4 days; $10k 2008 – RIVYERA - 1 day 2010 – Cloud services - $15k

March 7, 2013 Alice Meets Bob Demo Alice has a secret message to get to Bob 2 lock box – Alice lock & Bob lock Begin: – Alice inserts message, attaches her lock, sends box – Bob receives box, attaches his lock, sends back – Alice removes her lock and sends back – Bob removes his lock and reads message Takeaway: Owners maintained possession of their keys the entire time!

March 7, 2013 E* and D* Encrypt anything and Decrypt anything In SQL Server – What can you encrypt/decrypt? Data in tables in databases (column level) Entire database (Transparent Data Encryption) Files and folders (Encrypted File System) Entire storage system (BitLocker) Encrypted connections via SSL – How? Keys (symmetric & asymmetric), Certificates, Hashing

March 7, 2013 Bits and Blocks and Keys 8 bits = 1byte 1 character = 1byte 1 block is a consistent chunk of data AlgorithmBlock SizeKey Size DES64-bit (8byte)56-bit (7byte) Triple DES 3-key64-bit (8byte)168-bit (21byte); {112-bit effective} AES128-bit (16byte)128/192/256-bit (16/24/32 byte)

March 7, 2013 Bits and Blocks and Keys (cont) The GOAL: Remove patterns & relationships Block Cipher – S-box Confusion – replace plaintext with other symbols – Creates initial ciphertext – P-box Diffusion – shuffle and transpose ciphertext

March 7, 2013 Triple DES (3 Different Keys) Encrypt – Decrypt - Encrypt Encrypt plaintext – ciphertext = E K3 (D K2 (E K1 (plaintext))) Decrypt in reverse – plaintext = D K1 (E K2 (D K3 (ciphertext)))

March 7, 2013 Bits and Blocks and Keys (cont) Hashing – One-way process; basically a fingerprint Deterministic – create same value every time One-way – irreversible Cascades – any change to input will change output Collision-free – no two ciphertexts are alike – Almost like a GUID – SHA1 | SHA2_256 | SHA2_512

March 7, 2013 Encryption Hierarchy & Mgmt Key Management – One of the hardest tasks in cryptography Enterprise Key Management (EKM) & SQL Server – Store keys & can off-load high CPU encrypt/decrypt operations to dedicated Crypto hardware In SQL Server – Use one key to secure another key – Automatic Key Management ServiceMK -> DatabaseMK -> Certificate -> Symmetric Key

March 7, 2013 Notice: Multiple Layers

March 7, 2013 SQL Encryption Algorithms Symmetric Encryption Algorithms KeywordAlgorithmKey Length (Bits) AES_256AES256 AES_192AES192 AES_128AES128 TRIPLE_DES_3KEYTriple DES (3-Key)112 Asymmetric Encryption Algorithms KeywordAlgorithmKey Length (Bits) RSA_2048RSA2048 RSA_1024RSA1024 RSA_512RSA512

March 7, 2013 And Microsoft Recommends? Using either certificates or asymmetric keys to secure symmetric keys that protect the data – Is fast compared to other hierarchies Some Potential Reasons Why – Cannot backup asymmetric keys created by SQL! – Asymmetric keys to directly protect data is slow

March 7, 2013 SQL Server Encrypt/Decrypt Demo – certificate and symmetric key encrypt/decrypt

March 7, 2013 System Encryption Transparent Data Encryption (TDE) – 5-10% overhead – Log files and backup files observation… Encrypted File System (EFS) – Specific files and/or folders BitLocker – Entire Logical Drive End-to-End – Over the wire

March 7, 2013 System Encryption Demo - TDE

March 7, 2013 Rotating Keys and RBAR Row by Agonizing Row Encryption hardware/software migrations

March 7, 2013 Cloud Encryption Where to Encrypt/Decrypt – Server – Client Recovery and Testing.NET CLR for encryption in app…

March 7, 2013 The End! Primary Book referenced: – Expert SQL Server 2008 Encryption by Michael Coles (Apress) March 2013 SQL Server Magazine article SQL 2012 BOL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.