Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 7, 2013 SQL Encryption and You By Todd Kleinhans

Published byWillis Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "March 7, 2013 SQL Encryption and You By Todd Kleinhans"— Presentation transcript:

1 March 7, 2013 SQL Encryption and You By Todd Kleinhans (todd.kleinhans@datavail.com)

2 March 7, 2013 Who is Todd Kleinhans? To quote HHG2G, “Well, Todd's just this guy, you know?” Worked with SQL Server since 1999, SQL7.0 Developer, dba, manager, enterprise data architect, consultant Defense, home building, gov’t, and finance Currently a Sr DBA Consultant with Datavail A geek who thinks about more stuff than time in the day

3 March 7, 2013 What is Encryption? Process to obscure information Plaintext -> algorithm -> ciphertext Decrypt by key(s) back into plaintext Ciphertext -> algorithm -> plaintext

4 March 7, 2013 Quick Example Plaintext: 0999-1838-7598-2353 Becomes a varbinary ciphertext: 0x89FAC818B09F6BFCAE9505B1C764E761770F512 1794895B14256F9AD57AD33FDCBC6D98F70E10 9519B96D59323C52B19C4763A23A961DDD453 E8F3E9BFDA4A1D1E5A8E7AC2A61F8825F47BB4 47E9D28C14654A52A2E91DDDCE53068167630F F30350ABBD391FA8EE5165FD74EBE9F72B9106 AC4A950C9FC4A3B7DD06E7C2F63A Decrypted ciphertext: 0999-1838-7598-2353

5 March 7, 2013 Why Do You Need It? Avoid if possible!!! Translation: Only encrypt what is absolutely needed Storing Sensitive Business Info Industry Requirements, Laws, Regulations Contractual

6 March 7, 2013 Security, Security, Security A Security Mind-Set Only the Paranoid are truly Paranoid “The enemy knows the system” Security Should Be Designed in – Not Bolted-On

7 March 7, 2013

8 Security, Security, Security (cont) Defense in Depth (DID) – Encryption is last line of defense – In layers (physical and logical) – Threat modeling Documentation of systems is key Internal/External threats – Security audits “Don’t show me anything”

9 March 7, 2013 A Brief History of Cryptology Ciphers and Codes – Mono & Polyalphabetic – Morse Code – WWI and WWII Cryptology – Cryptography – create – Cryptanalysis – break Switch to Computers

10 March 7, 2013 A Brief History of Cryptology (cont) 1976 – Data Encryption Standard (DES) 1977 – RSA – asymmetric encryption algorithm 1997 – DESCHALL cracks DES in public 1998 – EFF & Deep Crack – 56hrs; $250k 1999 – Deep Crack & distributed.net – 22hrs 1999 – Triple DES (until 2030) 2001 – Advanced Encryption Standard (AES) 2006 – COPACOBANA – (DES) 6.4 days; $10k 2008 – RIVYERA - 1 day 2010 – Cloud services - $15k

11 March 7, 2013 Alice Meets Bob Demo Alice has a secret message to get to Bob 2 lock box – Alice lock & Bob lock Begin: – Alice inserts message, attaches her lock, sends box – Bob receives box, attaches his lock, sends back – Alice removes her lock and sends back – Bob removes his lock and reads message Takeaway: Owners maintained possession of their keys the entire time!

12 March 7, 2013 E* and D* Encrypt anything and Decrypt anything In SQL Server – What can you encrypt/decrypt? Data in tables in databases (column level) Entire database (Transparent Data Encryption) Files and folders (Encrypted File System) Entire storage system (BitLocker) Encrypted connections via SSL – How? Keys (symmetric & asymmetric), Certificates, Hashing

13 March 7, 2013 Bits and Blocks and Keys 8 bits = 1byte 1 character = 1byte 1 block is a consistent chunk of data AlgorithmBlock SizeKey Size DES64-bit (8byte)56-bit (7byte) Triple DES 3-key64-bit (8byte)168-bit (21byte); {112-bit effective} AES128-bit (16byte)128/192/256-bit (16/24/32 byte)

14 March 7, 2013 Bits and Blocks and Keys (cont) The GOAL: Remove patterns & relationships Block Cipher – S-box Confusion – replace plaintext with other symbols – Creates initial ciphertext – P-box Diffusion – shuffle and transpose ciphertext

15 March 7, 2013 Triple DES (3 Different Keys) Encrypt – Decrypt - Encrypt Encrypt plaintext – ciphertext = E K3 (D K2 (E K1 (plaintext))) Decrypt in reverse – plaintext = D K1 (E K2 (D K3 (ciphertext)))

16 March 7, 2013 Bits and Blocks and Keys (cont) Hashing – One-way process; basically a fingerprint Deterministic – create same value every time One-way – irreversible Cascades – any change to input will change output Collision-free – no two ciphertexts are alike – Almost like a GUID – SHA1 | SHA2_256 | SHA2_512

17 March 7, 2013 Encryption Hierarchy & Mgmt Key Management – One of the hardest tasks in cryptography Enterprise Key Management (EKM) & SQL Server – Store keys & can off-load high CPU encrypt/decrypt operations to dedicated Crypto hardware In SQL Server – Use one key to secure another key – Automatic Key Management ServiceMK -> DatabaseMK -> Certificate -> Symmetric Key

18 March 7, 2013 Notice: Multiple Layers

19 March 7, 2013 SQL Encryption Algorithms Symmetric Encryption Algorithms KeywordAlgorithmKey Length (Bits) AES_256AES256 AES_192AES192 AES_128AES128 TRIPLE_DES_3KEYTriple DES (3-Key)112 Asymmetric Encryption Algorithms KeywordAlgorithmKey Length (Bits) RSA_2048RSA2048 RSA_1024RSA1024 RSA_512RSA512

20 March 7, 2013 And Microsoft Recommends? Using either certificates or asymmetric keys to secure symmetric keys that protect the data – Is fast compared to other hierarchies Some Potential Reasons Why – Cannot backup asymmetric keys created by SQL! – Asymmetric keys to directly protect data is slow

21 March 7, 2013 SQL Server Encrypt/Decrypt Demo – certificate and symmetric key encrypt/decrypt

22 March 7, 2013 System Encryption Transparent Data Encryption (TDE) – 5-10% overhead – Log files and backup files observation… Encrypted File System (EFS) – Specific files and/or folders BitLocker – Entire Logical Drive End-to-End – Over the wire

23 March 7, 2013 System Encryption Demo - TDE

24 March 7, 2013 Rotating Keys and RBAR Row by Agonizing Row Encryption hardware/software migrations

25 March 7, 2013 Cloud Encryption Where to Encrypt/Decrypt – Server – Client Recovery and Testing.NET CLR for encryption in app…

26 March 7, 2013 The End! todd.kleinhans@datavail.com Primary Book referenced: – Expert SQL Server 2008 Encryption by Michael Coles (Apress) March 2013 SQL Server Magazine article SQL 2012 BOL

Download ppt "March 7, 2013 SQL Encryption and You By Todd Kleinhans"

Similar presentations

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Cryptology Making & Breaking Codes & Ciphers. AJ 1152 Cryptology Cryptography –Science of creating codes or ciphers Cryptanalysis –Science of breaking.

Cryptology Making & Breaking Codes & Ciphers. AJ 1152 Cryptology Cryptography –Science of creating codes or ciphers Cryptanalysis –Science of breaking.
Modern Cryptography.

Modern Cryptography.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Cryptography.

Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 8 Network Security 4/17/2017 www.noteshit.com.

Chapter 8 Network Security 4/17/2017
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google