did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780321320735

Cryptography in the Database The Last Line of Defense

by
  • ISBN13:

    9780321320735

  • ISBN10:

    0321320735

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2005-10-19
  • Publisher: Addison-Wesley Professional
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $54.99

Summary

Shows companies how to secure their databases with cryptography, thereby helping them comply with a bevy of new regulations.

Author Biography

Kevin Kenan leads Symantec's IT application and database security program. In this position, he works with application development teams to ensure that the applications and databases Symantec deploys internally are secure. This work includes specifying cryptographic solutions to protect sensitive information wherever it is stored.

    Prior to his work in Symantec's information security department, Kevin designed and developed applications for Symantec's information technology and product development teams often with an emphasis on security and cryptography. He previously provided enterprise support for Symantec's development tools, and he holds a Bachelor of Science in Mathematics from the University of Oregon.

Table of Contents

Acknowledgments xv
About the Author xvii
Preface xix
PART I Database Security
1(34)
The Case for Database Security
3(14)
Attacks Against Databases
4(7)
Types of Attacks
4(1)
Confidentiality Attacks
5(1)
Integrity Attacks
6(2)
Availability Attacks
8(1)
Threat Models
9(2)
External Requirements to Secure Databases
11(5)
Legislation
12(3)
Business Compliance
15(1)
Trade Regulations
15(1)
Reputation Damage
15(1)
Summary
16(1)
Securing Databases with Cryptography
17(18)
A Brief Database Refresher
17(2)
What Is Cryptography?
19(4)
Symmetric Cryptography
20(1)
Public-Key Cryptography
21(1)
Cryptographic Hashing
22(1)
Applying Cryptography
23(3)
Protecting Confidentiality
23(2)
Assuring Integrity
25(1)
Cryptographic Risks
26(1)
Cryptographic Attacks
27(3)
Indirect Access of Keys
29(1)
Obfuscation
30(1)
Transparent Encryption
31(2)
Summary
33(2)
PART II A Cryptographic Infrastructure
35(58)
An Overview of Cryptographic Infrastructure
37(20)
Application Architecture
38(2)
Cryptographic Architecture
40(2)
Cryptographic Keys
42(14)
Key Separation
42(1)
Key Families
43(3)
Key Life Cycle
46(2)
Key Scope
48(3)
Key Fatigue
51(2)
Key Migration
53(1)
Key Replacements and Schedules
54(1)
Key Aliases and the Key Manifest
55(1)
Summary
56(1)
Cryptographic Engines and Algorithms
57(14)
Local Engines
58(2)
Dedicated Engines
60(2)
FIPS 140
61(1)
Cryptographic Algorithms
62(7)
Symmetric Algorithms
62(1)
Modes of Operation
63(6)
Summary
69(2)
Keys: Vaults, Manifests, and Managers
71(14)
Key Vaults
71(6)
Protecting Key Vaults
73(3)
Key Backups and Restores
76(1)
Key Manifests
77(3)
Key Managers
80(3)
Key Zones
80(2)
Managing Keys
82(1)
Summary
83(2)
Cryptographic Providers and Consumers
85(8)
The Provider
86(3)
The Consumer
89(1)
Summary
90(3)
PART III The Cryptographic Project
93(64)
Managing the Cryptographic Project
95(8)
A Security Culture
96(1)
Engaging the Customer
97(2)
Project Scope
99(1)
Project Roles
100(2)
Summary
102(1)
Requirements Hardening
103(14)
Security Requirements, Policies, and Standards
105(1)
Common Requirements
106(4)
Access Controls
106(1)
Data Sanitization
107(1)
Logging and Monitoring
108(1)
Common Threats
109(1)
Information Confidentiality
109(1)
Requirements Review
110(2)
Specifying the Cryptographic Standard
112(1)
Data Classification
113(2)
Summary
115(2)
Design Hardening
117(16)
Data Flow Diagrams
118(2)
Design Guidelines
120(5)
Minimize the Attack Surface
120(1)
Assign the Least Privileges Possible
121(1)
Separate Duties
122(1)
Defend in Depth
123(1)
Fail Securely
124(1)
Default to Secure
124(1)
Plan a Defense Strategy
125(1)
Threat Modeling
125(2)
Security Patterns
127(2)
Designing the Cryptosystem
129(3)
Searching and Profiles
130(2)
Summary
132(1)
Secure Development
133(8)
Guidelines for Secure Development
134(6)
Sanitize All Inputs and Outputs
134(1)
Execute with the Least Privileges Possible
135(1)
Wipe Sensitive Data from Memory
136(1)
Log All Security Events
137(1)
Inspect Code and Binaries
138(1)
Unit Test Security
138(1)
Use a Language or Platform Security Guide
139(1)
Summary
140(1)
Testing
141(10)
Functional Security Testing
142(4)
Access Control
142(1)
Data Sanitization
143(1)
Logging and Monitoring
144(1)
Common Threats
144(1)
Information Confidentiality
145(1)
Inspecting Instead of Testing
145(1)
Penetration Testing
146(3)
Summary
149(2)
Deployment, Defense, and Decommissioning
151(6)
Deployment
151(2)
Defense
153(2)
Decommissioning
155(1)
Summary
156(1)
PART IV Example Code
157(98)
About the Examples
159(6)
Utilities and Common Services
160(3)
The Example Engine and Key Vault
163(1)
Summary
164(1)
A Key Vault
165(18)
The Local Key
166(3)
Local Key Store
169(10)
Generating a Key-Encrypting Key
170(2)
Generating a Key in the Local Key Store
172(1)
Encrypting a Key
172(3)
Saving a Key to the Key Store
175(1)
Replacing the Key-Encrypting Key
176(3)
Accessing a Local Key
179(1)
Summary
180(3)
The Manifest
183(12)
The Key Alias
183(11)
Creating a New Key Alias
186(2)
Reading a Key Alias from the Manifest
188(1)
Reading the Current Live Key
189(2)
Saving the Key Alias
191(1)
Determining the Key State
192(1)
Optimized State Checks
193(1)
Summary
194(1)
The Key Manager
195(14)
KeyTool
195(13)
Interacting with the KeyTool
196(3)
Generating the Key-Encrypting Key
199(1)
Loading a New Key into the Key Store
199(1)
Viewing Keys
200(2)
Retiring Keys
202(1)
Terminating Keys
203(1)
Updating Pending Keys
204(4)
Summary
208(1)
The Engine
209(4)
The Local Engine
209(3)
Summary
212(1)
Receipts and the Provider
213(8)
Encryption Requests and Decryption Results
213(1)
Receipts
214(3)
The Cryptographic Receipt
215(1)
The Compound Receipt
215(2)
The Provider
217(3)
Encrypting Business Data
217(1)
Decrypting Business Data
218(1)
Replacing Keys
219(1)
Summary
220(1)
The Consumer
221(20)
Customer Information
223(2)
Credit Card Information
225(1)
The Customer Manager
226(14)
Using the Customer Manager
227(2)
Adding a Customer
229(2)
Viewing a Customer Record
231(4)
Searching for Customers
235(1)
Key Replacement
236(4)
Summary
240(1)
Exceptions
241(4)
Alias Exception
241(1)
Invalid Key State Exception
241(1)
Key Not Found Exception
242(1)
Live Key Not Found Exception
242(1)
Multiple Alias ID Exception
243(1)
Customer Not Found Exception
243(1)
Summary
244(1)
The System at Work
245(10)
Setting Up Keys
245(3)
Generating the Key-Encrypting Key
245(1)
Creating a New Key
246(2)
Working with Customer Information
248(1)
Replacing a Key
249(4)
Replacing the Key-Encrypting Key
253(1)
Summary
254(1)
Bibliography 255(2)
Glossary 257(2)
Index 259

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

Cryptography in the Database Preface About This Book This book is about using established cryptographic techniques and algorithms to protect information while it is at rest in a database. The emphasis is on designing and building (or selecting and integrating) a cryptosystem to protect against clearly identified threats against the database. Security is assumed to be a top priority. As such, the discussions in this book cover not only encrypting the data, but also attacks against the encrypted data. If the cryptography is not implemented carefully, attackers can recover data even if it is protected by strong encryption. Many examples of this have been seen in the field of secure communications. For instance, the widely publicized weaknesses in the encrypted wireless protocol WEP have prompted many to move to WPA even at the cost of buying new equipment. Database encryption can suffer from the same sort of weaknesses. Simple, na#xEF;ve encryption of the data is not enough. My goal is to provide a solid blueprint and execution plan so that a team charged with the task of encrypting sensitive information in a database will be successful. The cryptosystem presented in this book should be seen as a template that outlines threats against data at rest and provides safeguards against those threats. Problems and pitfalls common to implementing cryptography, such as mode selection and key management, are identified and addressed. The architecture is flexible and should be adaptable to many environments. For situations where some element of the presented solution simply does not fit, you should find enough information and guidance to pursue variations in the design. Similarly, when you're evaluating database cryptosystems from vendors, you can use the design in this book and the reasons behind the decisions that shaped that design as a sort of baseline. Even if the proposed system differs markedly from the design in this book, it will still have to map keys to columns and rows and provide a key life cycle. It will still have to store and protect keys, select an appropriate encryption mode, and handle initialization vectors. Most importantly, any solution must adequately reduce the risks outlined in an organization's threat model. You must consider all these details. By working through these issues and presenting a working cryptosystem, my hope is that this book will enable a team to successfully build or buy a database cryptosystem. Who Should Read This Book The core audience for this book is the technical lead responsible for protecting sensitive information in a database. This person might be an architect, a senior system or security analyst, a database administrator, or a technical project manager. Because success requires that the team implement the cryptographic architecture correctly and securely, the lead must provide guidance throughout the project on secure development practices as well as technology. This book assumes that the technical lead is a senior application security analyst. Our analyst is part of a team responsible for an application that handles and stores sensitive information in a database. The analyst's job begins with convincing the team, its management, and the customer that encryption is necessary. From there, the analyst contributes to each stage of the project to ensure that the team specifies, designs, and implements the cryptographic solution correctly and securely. Forprojects that don't have a dedicated security analyst, one of the other roles, such as architect or system analyst, may serve just as well so long as security is explicitly called out as a core responsibility. In some projects, the security analyst role described here might be best split across multiple people. A logical split would be between a security-focused technical lead, such as the architect, and the project manager. Prerequisites This book assumes that you are familiar with databases and have a passing knowledge of cryptography. A brief refresher is offered on databases, and cryptography is introduced and treated in more depth. Experience with Java or some other programming language is necessary to get the most out of the code examples included at the end of the book. Knowledge of application development methodologies will also help provide context for the discussion of secure development practices. Structure This book is divided into four major parts. The opening covers database security at a high level, and the second part details a database cryptosystem design. The third part discusses development practices necessary to implement a cryptosystem securely, and the final part provides working code examples of the design. Part I, "Database Security," opens, unsurprisingly, with Chapter 1, "The Case for Database Security," which looks at why database security is important and what sort of attacks databases face. This discussion culminates in a generalized threat model for database security. The chapter concludes with a brief survey of regulatory requirements to secure data. Then, Chapter 2, "Securing Databases with Cryptography," discusses the kinds of protection that cryptography can provide to a database. This chapter also introduces the idea that the cryptography itself can introduce new risks and sets the groundwork for examining the cryptosystem itself forweaknesses. We can't just assume that encrypted data, even when encrypted with strong algorithms, is secure. Part II, "A Cryptographic Infrastructure," details the design of a cryptographic infrastructure. Chapter 3, "An Overview of Cryptographic Infrastructure," provides an overview of the cryptosystem and presents the fundamentals of key management and how keys are assigned to data for encryption. Chapter 4, "Cryptographic Engines and Algorithms," covers algorithms and engines. An engine is the component that actually carries out the cryptographic operations. Different types of engines are discussed. There are several ways to apply the cryptographic algorithm used in this book (which is AES), and the discussion of modes at the conclusion of this chapter explores these as well as considers the vulnerabilities that improper use of a mode can introduce. Chapter 5, "Keys: Vaults, Manifests, and Managers," covers the components that store and manage keys, and Chapter 6, "Cryptographic Providers and Consumers," describes how an application interacts with the cryptosystem. At first, Part III, "The Cryptographic Project," may seem somewhat out of place because it focuses on secure development practices. If you're an expert on developing secure applications, these six chapters may be review. However, experience has shown (not to mention the plethora of successfully attacked applications gracing the weekly news) that secure application development expertise is far from common. A database cryptosystem is a primary element of an organization's security infrastructure. Other applications will depend on thecryptosystem's security, so every effort must be made to ensure that the implementation is as secure as possible. Vulnerabilities in the database cryptosystem put data throughout the organization at risk. The seriousness of this situation earned the topic this prominent placement. The discussion of secure development practices begins with an overview of managing a cryptographic project in Chapter 7, "Managing the Cryptographic Project." Chapter 8, "Requirements Hardening," covers specifying security and cryptographic requirements and includes a discussion of data classification. Securing the design itself is the subject of Chapter 9, "Design Hardening," which consists of guidelines, threat modeling, and the application of security patterns. General guidelines for secure programming (what most people think of as development) are covered

Rewards Program