23.5.2013Protection of Relations Within Large Datasets1 Protection of Relations Within Large Datasets Mgr. Boleslav Bobčík, T-Systems Czech Republic, a.s.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Advertisements

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Lecture 1: Overview modified from slides of Lawrie Brown.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Security Controls – What Works

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

1 An Overview of Computer Security computer security.

Introducing Computer and Network Security

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Introduction (Pendahuluan)  Information Security.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Information Security Technological Security Implementation and Privacy Protection.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Storage Security and Management: Security Framework

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

Introduction (Based on Lecture slides by J. H. Wang)

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Network Security Essentials Chapter 1 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Security Architecture

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security in Computer System 491 CS-G(172) By Manesh T

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Information Security What is Information Security?

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Wireless Network Security. How Does Wireless Differ? Wireless networks are inherently insecure because data is transmitted over a very insecure medium,

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Chap1: Is there a Security Problem in Computing?.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Security Vulnerabilities in A Virtual Environment

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

1 Certification and Accreditation CS Unit 4:RISK MANAGEMENT Jesus Gonzalez Kalpana Bahunoothula Jocelyne Farah.

Information Management System Ali Saeed Khan 29 th April, 2016.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.

PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

Cloud Security for eHealth – Study Validation

Securing Network Servers

Issues and Protections

Systems Design Chapter 6.

IS4680 Security Auditing for Compliance

Presentation transcript:

Protection of Relations Within Large Datasets1 Protection of Relations Within Large Datasets Mgr. Boleslav Bobčík, T-Systems Czech Republic, a.s.

Let’s Start With Basic Facts … Assets: valuable data contained in information systems Two families of threats targeted at data: Active threats – modification, unauthorized alteration, destruction Passive threats – unauthorized copying, eavesdropping, data leaks Concerns with data leak detection Easy to create a copy of data The original data are unaffected by copying Protection of Relations Within Large Datasets2

Data And Their Context Isolated (standalone) data Low value Their occurrence in information systems is rather rare Context of data Relations between data records: substantial part of assets’ value Reason for relational DBMS popularity Usual target of attackers Protection of Relations Within Large Datasets3

Information System Vulnerabilities How the Architects Imagine Things Protection of Relations Within Large Datasets4

Information System Vulnerabilities How the System Actually Looks Protection of Relations Within Large Datasets5

Information System Vulnerabilities – Exploited Sony PlayStation ® Network April 2011 External attacker Stolen 77 million records Direct damage: $171 million Indirect damage: ??? Lessons learned? SonyPictures.com data breach June 2011 Goold Health Systems January 2013 Loss of backup media with patient data 6000 Medicaid records including personal and payment data Gatineau Townhall, Canada January 2013 Loss of student loans data 583 thousands records Protection of Relations Within Large Datasets6

Usual Approaches To Data Protection Securing the perimeter Objective: prevent access of unauthorized people Authentication/authorization Problems Threat of rogue insiders Data taken out of the perimeter are „defenseless“ Data encryption Objective: protect static representation of data Database-level encryption Data accessible only for authorized users Problems Often „All-or-Nothing“ solution Cryptographic key management Data recovery risks Protection of Relations Within Large Datasets7

Protection of Relations Within Large Datasets8 Alternative Approach Securing the relations between data Idea (based on relational database theory) Divide the data into „context domains“ Link the records across domain boundaries with secure identifiers Secure identifier construction Initial data structure Encrypted with domain-related key Result: seemingly random sequence of bits All identifier transformations performed in secure environment

Data Before Secure Identifier Application Protection of Relations Within Large Datasets9

Data After Secure Identifier Application Protection of Relations Within Large Datasets10 ? ?

... But We Can Go Further Protection of Relations Within Large Datasets11

Aspects Of Successful Deployment Applications in legacy information systems Invasive change, impact depends on architecture of the IS Intentional break of normal relationship implementation Unable to utilize standard database query techniques Possible solutions: NoSQL technologies, proxy drivers Large datasets are necessary Avoiding the brute-force threats Reduced data throughput Security level is a compromise between data protection and other parameters (performance, price, ease of use…) Protection of Relations Within Large Datasets12

Benefits Of Protected Relationships Data access control Context domains have isolated data character Easy to manage access to individual domains Secure identifier operations performed by a separate subsystem Dependency between data and physical device prevents data theft Additional security layers can be included Breach recovery mechanism Compromised identifiers can be replaced Protection of Relations Within Large Datasets13

Similar Approaches PCI/DSS Data tokenization Opaque (uninterpretable) values substituting sensitive data Format-preserving Encryption Less-known / rarely used method IS ORG – personal identifier translator Internal component of Czech eGovernment system No public interface Protection of Relations Within Large Datasets14

Protection of Relations Within Large Datasets15 Final Remarks Present and future trends Advances in system integration – new vulnerabilities Cybercrime (esp. „identity theft“) on the rise Increasing adversary professionalization (e.g. Chinese PLA Unit 61398) Data protection legislation (EU – „General Data Protection Regulation“, expected adoption in 2014) Conclusion: new information systems should consider protection of the data as well as data relations Secure identifier system is a useful part of the security landscape

Thank You for Your Attention