Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security (File, Database, XML) Team: SecurityGurus Suresh Konda Jiji Nair Pallavi Shetty.

Published byMadlyn Coral Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Security (File, Database, XML) Team: SecurityGurus Suresh Konda Jiji Nair Pallavi Shetty."— Presentation transcript:

1 Data Security (File, Database, XML) Team: SecurityGurus Suresh Konda Jiji Nair Pallavi Shetty

2 File Encryption Disk Volume File PGP, crypt File System CryptFS, CFS, TCFS EFS (Windows)

3 Unix Encrypted File System (CryptFS) Kernel resident file system Sits on top of other file systems like NFS, UFS,etc. Key Management Key association with UID + Session ID Managed by users Blowfish + CBC

4 CryptFS

5 File Encryption Modes  ECB  CBC  Random Access Performance  ECB + OFB (Output Feedback Mode) OFB (B0 = IV; B0 | B1 | B2 | …. XOR data stream)

6 EPS for Windows

7 Supports file sharing Key encrypted with multiple public keys. Public + private key encryption Transparent and Ease of use Integrated into AD environment. Key Recovery

8 Issues with EFS File sharing Copies key can be used after removing access File copying Same key as that of original file Domain Administrators private key security. If compromised, all files can be read.

9 Data Security in Database Authentication Authorization and Access Control Encryption/Decryption Communication Channel Protection Logging and Auditing

10 Oracle DB DBMS_CRYPTO package supports ENCRYPT and DECRYPT functions. insert into CUSTOMER (NAME, CARD_NO) values ('Jane Doe', Sec_Manager.Secure_Package.Secure_Data('12341234123 41234','a1b2c3d4')); select NAME, Sec_Manager.Secure_Package.Clear_Data( CARD_NO, 'a1b2c3d4') from CUSTOMER; Keys can be stored with application or in database. Secure Environment Functions details are hidden, even to DBA (wrap utility).

11 IBM DB2 Pass phrase based encryption Key managed by user Pass phrase recovery Functions ENCRYPT, DECRYPT, DECRYPT_BIN, GETHINT Global password/pass-phrase Set encryption password = `password `

12 XML Security XML Digital Signature XML Encryption XKMS

13 XML data representation Data can be stored in separate XML files and HTML can be used to display that data. XML data can also be stored inside HTML pages as "Data Islands". URI (Uniform Resource Identifier) is used as identifier and data source.

14 XML Signature W3C Recommendation 12 February 2002 Provide integrity, message authentication and signer authentication. xmlns:ds='http://www.w3.org/2000/09/xmldsig#'

15 Hello World

16 Hello World cbPT0951Ghb2G3UjpVjWw+7q0Bc= …………….

17

18

19 XML Encryption  W3C Recommendation 10 December 2002  Differences w.r.t traditional PKI  Use of multiple keys for encryption  Part of data can be encrypted  Data that can encrypted  Arbitrary data  XML Element  XML Element Content

20 XML encryption on arbitrary data Source URI Encryption algorithm Encrypted XML document. Encryption Key

21 EncryptedData ? ? ? ?

22 XML document encryption (Plaintext Replacement) John Smith 123-45-6789 Engineer 60000 50000

23 xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Element’ Type='http://www.w3.org/2001/04/xmlenc#Content’

24 John Smith A23B45C564587 Engineer 60000 A23B45C564587

25 Three Entities Application Encryptor Decryptor

26 XKMS XKMS stands for XML Key Management Specification W3C Candidate Recommendation 5 April 2004 Components  X-KISS (XML Key Information Service Specification )  X-KRSS (XML Key Registration Service Specification )

27 XKMS (contd.) Distribution and registration of public keys. Validation, verification and trust.

28 Applications Microsoft® Office InfoPath™ RSA’s Cert-J XML Trust Assertion Service Specification (XTASS) Security Association Markup Language (SAML)

29 References http://www.oracle.com/technology/pub/articles/jucan_security.html http://www.devx.com/getHelpOn/10MinuteSolution/17712 http://www.w3.org/TR/xmlenc-core/ http://www.w3.org/TR/xkms2/ http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps. asp -windows encrypted file system. OS taking care of file security. http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps. asp www.secinf.net/unix_security/A_Cryptographic_File_System_for_Unix.html http://www.eracom-tech.com/products/pf/pfile.htm - Platform/OS neutral secure file storage. http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html http://www.oracle.com/technology/deploy/security/db_security/htdocs/enc.ht ml http://www.oracle.com/technology/deploy/security/db_security/htdocs/enc.ht ml http://www.oracle.com/technology/pub/articles/jucan_security.html http://www.devx.com/getHelpOn/10MinuteSolution/17712

30 Question and Answers Q&[A] ?

31 Wakeup, its over! Thank you

Download ppt "Data Security (File, Database, XML) Team: SecurityGurus Suresh Konda Jiji Nair Pallavi Shetty."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
XML Encryption Prabath Siriwardena Director, Security Architecture.

XML Encryption Prabath Siriwardena Director, Security Architecture.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004.

Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004.
1 XML Encryption Notes from encrypt/index.html by Bilal Siddiqui And “Secure XML” by Eastlake and Niles.

1 XML Encryption Notes from encrypt/index.html by Bilal Siddiqui And “Secure XML” by Eastlake and Niles.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Web services security I

Web services security I
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Working with SQL and PL/SQL/ Session 1 / 1 of 27 SQL Server Architecture.

Working with SQL and PL/SQL/ Session 1 / 1 of 27 SQL Server Architecture.
EFS: encrypted File system Project by: Andrew Grossman Gaurav Gupta CMSC 691X-Summer 2002 University of Maryland Baltimore County.

EFS: encrypted File system Project by: Andrew Grossman Gaurav Gupta CMSC 691X-Summer 2002 University of Maryland Baltimore County.

Similar presentations

Ads by Google