Browse archive

Latest news

CISOs need to engage with the board

Wi-Fi client security weaknesses still prevalent

Find TrueCrypt and BitLocker encrypted containers and images

Sourcefire goes beyond the sandbox

The CSO perspective on healthcare security and compliance

Jailed hacker designs device to thwart ATM card skimming

U.S. Congress has questions about Google Glass and privacy

Cyber espionage campaign uses professionally-made malware

Form-grabbing rootkit sold on underground forums

Large cyber espionage emanating from India

Over 45% of IT pros snitch on their colleagues

Thoughts on the need for anonymity

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

A Database Encryption Solution That Is Protecting Against External And Internal Threats, And Meeting Regulatory Requirements

by Ulf Mattsson - CTO of Protegrity - Wednesday, 28 July 2004.

Security is becoming one of the most urgent challenges in database research and industry, and there has also been increasing interest in the problem of building accurate data mining models over aggregate data, while protecting privacy at the level of individual records. Instead of building walls around servers or hard drives, a protective layer of encryption is provided around specific sensitive data-items or objects. This prevents outside attacks as well as infiltration from within the server itself. This also allows the security administrator to define which data stored in databases are sensitive and thereby focusing the protection only on the sensitive data, which in turn minimizes the delays or burdens on the system that may occur from other bulk encryption methods. Encryption can provide strong security for data at rest, but developing a database encryption strategy must take many factors into consideration.

This paper presents a practical implementation of field level encryption in enterprise database systems, based on research and practical experience from many years of commercial use of cryptography in database security. We present how this column-level database encryption is the only solution that is capable of protecting against external and internal threats, and at the same time meeting all regulatory requirements. We use the key concepts of security dictionary, type transparent cryptography and propose solutions on how to transparently store and search encrypted database fields. In this paper we will outline the different strategies for encrypting stored data so you can make the decision that is best to use in each different situation, for each individual field in your database to be able to practically handle different security and operating requirements. Application code and database schemas are sensitive to changes in the data type and data length. The paper presents a policy driven solution that allows transparent data level encryption that does not change the data field type or length. We focus on how to integrate modern cryptography technology into a relational database management system to solve some major security problems.

Download the paper in PDF format here.