db security & encryption. topics discussed discretionary access control mandatory access...
TRANSCRIPT
DB Security & Encryption
Topics Discussed
Discretionary Access ControlDiscretionary Access Control Mandatory Access ControlMandatory Access Control EncryptionEncryption AuthenticationAuthentication
Access and the DBA
Ultimately the DBA is responsible for Ultimately the DBA is responsible for security on the DBsecurity on the DB
In addition to Disc. & Mand. control, audits In addition to Disc. & Mand. control, audits provide an opportunity to discover breaches provide an opportunity to discover breaches and who is responsibleand who is responsible
Important note: DB security is similar to a Important note: DB security is similar to a chain: Only strongest as weakest linkchain: Only strongest as weakest link
Access Control
Basic method of user name and passwordBasic method of user name and password• Also applies to application programsAlso applies to application programs
The file of usernames and passwords is The file of usernames and passwords is encrypted and stored on the DBencrypted and stored on the DB
Used to keep unauthorized persons off the Used to keep unauthorized persons off the DB entirelyDB entirely
Discretionary Access Control
Disc access control involves the granting Disc access control involves the granting and revoking of privileges on the DBand revoking of privileges on the DB
A new user account starts with no access on A new user account starts with no access on the DB, all privileges need to be granted. In the DB, all privileges need to be granted. In other words, new users get nothing other words, new users get nothing automatically.automatically.
There are two types of privileges:There are two types of privileges:Account levelAccount levelRelation levelRelation level
Account level privileges
Consist of privileges independent of what Consist of privileges independent of what relations or information is in the DBrelations or information is in the DB• Ex: Gaining functionality on your account, like the ability to Ex: Gaining functionality on your account, like the ability to
create, retrieve, add or delete information.create, retrieve, add or delete information.
• Privileges mean being allowed to use SQL commands such as Privileges mean being allowed to use SQL commands such as CREATE SCHEMA, CREATE VIEW, or UPDATE.CREATE SCHEMA, CREATE VIEW, or UPDATE.
• In Oracle, account level privileges are called System In Oracle, account level privileges are called System privileges having an identical function.privileges having an identical function.
Relation level privileges Consist of privileges dealing directly with the Consist of privileges dealing directly with the
information/relations in the DB.information/relations in the DB.• Involves both base relations- the actual tables &Involves both base relations- the actual tables &• Virtual relations- views of the tablesVirtual relations- views of the tables
Relation level privileges specify what tables the Relation level privileges specify what tables the privileges you gain with account level can be used privileges you gain with account level can be used on.on.
Oracle has Object privileges in place of relation Oracle has Object privileges in place of relation privileges.privileges.– The total number of privileges currently available on The total number of privileges currently available on
Oracle is approx. 100.Oracle is approx. 100.
(Relation level cont’d)
• Also can be applied to the attributes (columns) Also can be applied to the attributes (columns) within each relation (table).within each relation (table).
• Example: You may have the UPDATE Example: You may have the UPDATE privilege, and are given access on the privilege, and are given access on the InventoryInventory table, but only to the “Cleaning Supplies” table, but only to the “Cleaning Supplies” column. You can only update that one field for column. You can only update that one field for each tuple.each tuple.
SQL2 provides relation level privileges at SQL2 provides relation level privileges at both the table and attribute levelboth the table and attribute level
Access Matrix Model
Account level & Relation level privileges Account level & Relation level privileges combine to form the access matrix model.combine to form the access matrix model.
Rows represent subjectsRows represent subjects• Subjects = persons or application programsSubjects = persons or application programs
Columns represent objectsColumns represent objects• Objects = relations, attributes on DBObjects = relations, attributes on DB
Example using Access Matrix: ObjectObject
SubjectSubject
Program Guest Program Guest InfoInfo
Building Building MaintenanceMaintenance
Employee InfoEmployee Info
KermitKermitCREATE CREATE SCHEMA SCHEMA CREATE TABLE CREATE TABLE DROPDROP
CREATE VIEW CREATE VIEW SELECTSELECT
CREATE VIEW CREATE VIEW SELECTSELECT
Ms. PiggyMs. PiggyXXXXXX XXXXXX MODIFYMODIFY
DROPDROP
CREATE VIEWCREATE VIEW
BeakerBeakerXXXXXX CREATE CREATE
SCHEMASCHEMA
ALTERALTER
SELECTSELECT
Authoring Accounts
A secondary purpose for Discretionary A secondary purpose for Discretionary Access privilege use.Access privilege use.– Someone who creates a table automatically Someone who creates a table automatically
gains full privileges for that table.gains full privileges for that table.– They can then “grant” privileges They can then “grant” privileges on that tableon that table
to others, just like the DBA.to others, just like the DBA.• Example: If Ozzy creates a table, and then Jack wants to Example: If Ozzy creates a table, and then Jack wants to
access it, Ozzy can grant UPDATE, ADD, & DELETE to Jack access it, Ozzy can grant UPDATE, ADD, & DELETE to Jack to work on the table. to work on the table. Also, if Ozzy desires, he can revoke Also, if Ozzy desires, he can revoke Jack’s privileges at any time.Jack’s privileges at any time.
Discretionary Access Example: The DBA around Christmas, gives the privileges CREATE VIEW, SELECT, The DBA around Christmas, gives the privileges CREATE VIEW, SELECT,
INSERT, and DELETE to INSERT, and DELETE to RudolphRudolph::
– GrantGrant SELECT, CREATE VIEW, UPDATE, INSERT, DELETE SELECT, CREATE VIEW, UPDATE, INSERT, DELETE onon CHRISTMAS LIST, FLIGHT TABLE CHRISTMAS LIST, FLIGHT TABLE toto Rudolph Rudolph with Grant Optionwith Grant Option
Rudolph then create a view of the flight table- FTVIEW- but excludes the Rudolph then create a view of the flight table- FTVIEW- but excludes the attribute concerning the flight in Britain, and proceeds to give the privilege of attribute concerning the flight in Britain, and proceeds to give the privilege of SELECT on that view to Comet (Comet doesn’t like flying over Britain):SELECT on that view to Comet (Comet doesn’t like flying over Britain):
– GrantGrant SELECT SELECT onon FTVIEW FTVIEW toto Comet Comet Rudolph now grants the privileges SELECT, UPDATE, INSERT and Rudolph now grants the privileges SELECT, UPDATE, INSERT and
DELETE on the Christmas list table to Blitzen, because Blitzen saw some DELETE on the Christmas list table to Blitzen, because Blitzen saw some things the DBA missed, and needs to amend it:things the DBA missed, and needs to amend it:
– GrantGrant SELECT, UPDATE, INSERT, DELETE SELECT, UPDATE, INSERT, DELETE on on CHRISTMAS LIST CHRISTMAS LIST to to Blitzen Blitzen with Grant optionwith Grant option
Mandatory Access Control
Mandatory access control is the assigning Mandatory access control is the assigning of security levels to the subjects and objects of security levels to the subjects and objects on the DBon the DB– It is a secondary security mechanism, meant to It is a secondary security mechanism, meant to
assist with discretionary access control.assist with discretionary access control.– It enables an easier, less detailed assignment of It enables an easier, less detailed assignment of
privileges to large numbers of users.privileges to large numbers of users.
Security levels
The model typically followed is the Bell-The model typically followed is the Bell-LaPadula model.LaPadula model.– It classifies into 4 security levels:It classifies into 4 security levels:
• TS- top secretTS- top secret
• S- secretS- secret
• C- confidentialC- confidential
• UC- unclassifiedUC- unclassified
Two rules are implemented based on these security levels:Two rules are implemented based on these security levels:– The simple security property: Read access for users is allowed The simple security property: Read access for users is allowed
only if S>=O.only if S>=O.
– *-property: Write access (creation) for users is allowed only if *-property: Write access (creation) for users is allowed only if S<=O.S<=O.
(Mandatory access cont’d.)
Attributes can also be assigned security Attributes can also be assigned security levels, creating multilevel tables.levels, creating multilevel tables.– This is useful because you can allow someone access to This is useful because you can allow someone access to
a table that you otherwise would not based on one a table that you otherwise would not based on one attribute being restricted, resulting in that person being attribute being restricted, resulting in that person being able to access the other information in the table, with a able to access the other information in the table, with a NULL field for that attribute when they access it.NULL field for that attribute when they access it.
Oracle 8i
An option offered in Oracle called An option offered in Oracle called “profiles” mixes discretionary and “profiles” mixes discretionary and mandatory access abilities.mandatory access abilities.– They are predefined groups of privileges on the system, They are predefined groups of privileges on the system,
which are then assigned to users, similar to security which are then assigned to users, similar to security level assignment. Privileges include limits on CPU level assignment. Privileges include limits on CPU time, idle time on the system, and the number of data time, idle time on the system, and the number of data blocks that can be read per program call.blocks that can be read per program call.
Cryptology
Cryptology- the study of both Cryptology- the study of both cryptographycryptography and and cryptanalysis.cryptanalysis.– Cryptography- creation and use of cryptosystems ie. Cryptography- creation and use of cryptosystems ie.
Methods of encryption.Methods of encryption.
– Cryptanalysis- field of breaking cryptosystems, in order Cryptanalysis- field of breaking cryptosystems, in order to ascertain their security strength.to ascertain their security strength.
Plaintext- message before encryptionPlaintext- message before encryption Ciphertext- message after encryptionCiphertext- message after encryption
Confusion & Diffusion
Confusion & Diffusion are the two basic Confusion & Diffusion are the two basic goals a cryptosystem attempts to satisfy.goals a cryptosystem attempts to satisfy.– The goal of Confusion is to obscure the relationship The goal of Confusion is to obscure the relationship
between the plaintext and ciphertext.between the plaintext and ciphertext.
• Example: Substitution, such as Caesar cipherExample: Substitution, such as Caesar cipher
– The goal of Diffusion is to dissipate the redundancy of The goal of Diffusion is to dissipate the redundancy of the plaintext by spreading it out over the ciphertext.the plaintext by spreading it out over the ciphertext.
• Example: transposition aka permutationExample: transposition aka permutationThe order of the plaintext is spread throughout the ciphertextThe order of the plaintext is spread throughout the ciphertext
Public & Secret key Cryptography Two of the main types of cryptography in Two of the main types of cryptography in
use are use are publicpublic and and secret keysecret key cryptography. cryptography. Secret key cryptography is the more Secret key cryptography is the more
familiar and often used of the two, dating familiar and often used of the two, dating back to the time of the Greeks. It is also back to the time of the Greeks. It is also known as symmetric key cryptography.known as symmetric key cryptography.
Public key is also known as asymmetric key Public key is also known as asymmetric key cryptography.cryptography.
Many encryption methods today involve a Many encryption methods today involve a combination of both.combination of both.
Secret key cryptography
Secret key is so named because of the need Secret key is so named because of the need to keep the key a secret to keep the system to keep the key a secret to keep the system secure.secure.
The same key or computationally similar The same key or computationally similar keys are used on both ends.keys are used on both ends.
A message is encrypted with an algorithm A message is encrypted with an algorithm and a key, and on the other end an inverse and a key, and on the other end an inverse of that algorithm with the same key is used of that algorithm with the same key is used to decrypt it.to decrypt it.
Secret key Problems
This method has some practical problems:This method has some practical problems:– Keys need to be exchanged in order to use the system. Keys need to be exchanged in order to use the system.
However, there is no secure means of information However, there is no secure means of information exchange if the encryption method is required.exchange if the encryption method is required.
– A person needs a separate key to communicate with A person needs a separate key to communicate with each person they talk with. So, if you are exchanging each person they talk with. So, if you are exchanging with 10 people, you need 10 different keys. Otherwise with 10 people, you need 10 different keys. Otherwise the other 9 could decode anything to or from you.the other 9 could decode anything to or from you.
Enter public key!Enter public key!
Public key Cryptography Public key cryptography is relatively new and it’s Public key cryptography is relatively new and it’s
emergence was fueled by the problems of using emergence was fueled by the problems of using secret key alone.secret key alone.
The difference with public key is that two The difference with public key is that two different keys are found/calculated for encryption different keys are found/calculated for encryption and decryption. The same algorithm is used for and decryption. The same algorithm is used for both however.both however.
Consequently, a public key used to encrypt Consequently, a public key used to encrypt something cannot be used to decrypt it. The something cannot be used to decrypt it. The partner (secret) key is the only key that can partner (secret) key is the only key that can decrypt the message.decrypt the message.
Public key cont’d
The issues with secret key are solved in the The issues with secret key are solved in the case of having the two distinct keys.case of having the two distinct keys.– Because my keys are different, I can publish Because my keys are different, I can publish
one of them publicly, calling it the public key, one of them publicly, calling it the public key, and keep the other, calling it the private key.and keep the other, calling it the private key.
• If I wish to establish communication with someone, I can If I wish to establish communication with someone, I can simply direct them to send messages to me using my public simply direct them to send messages to me using my public key for encryption. With this method, there was no need to key for encryption. With this method, there was no need to exchange keys by questionably insecure means.exchange keys by questionably insecure means.
• To speak to that person, I simply use their public key. It To speak to that person, I simply use their public key. It doesn’t matter who knows it, because once I encrypt it, only doesn’t matter who knows it, because once I encrypt it, only the owner’s private key can decrypt it.the owner’s private key can decrypt it.
Public key cont’d
The other secret key problem is that of multiple The other secret key problem is that of multiple keys.keys.– In this case, only one set of keys is needed for each In this case, only one set of keys is needed for each
person, regardless of how many people are trying to person, regardless of how many people are trying to communicate. Everyone uses my public key to contact communicate. Everyone uses my public key to contact me, and I get the public key of each person, and use it me, and I get the public key of each person, and use it to communicate with them.to communicate with them.
– Example: 100 people trying to communicate using Example: 100 people trying to communicate using secret key: 100! (factorial) key sets. That’s a lot of secret key: 100! (factorial) key sets. That’s a lot of keys.keys.
– With public key: 100 key sets. That’s all.With public key: 100 key sets. That’s all.
Public key problems
Of course, there has to be a disadvantage to public Of course, there has to be a disadvantage to public key. Nothing’s perfect.key. Nothing’s perfect.– Public key, because of the nature of how it encrypts, Public key, because of the nature of how it encrypts,
requires huge numbers, which in turn require requires huge numbers, which in turn require lotslots of of processor time. processor time. Much moreMuch more than secret key does. than secret key does.
– It takes between 100 & 10,000 times longer to encrypt It takes between 100 & 10,000 times longer to encrypt something with public than secret key cryptography.something with public than secret key cryptography.
Consequently, public key is only used by itself to Consequently, public key is only used by itself to encrypt if the message needs extreme security, or encrypt if the message needs extreme security, or the message is extremely small.the message is extremely small.
Combination encryption
As a result of public key security but slow speed, As a result of public key security but slow speed, the methods are combined for efficient but secure the methods are combined for efficient but secure information transport.information transport.– A message is encrypted with a secret key, and then the A message is encrypted with a secret key, and then the
secret key is encrypted with public key cryptography. secret key is encrypted with public key cryptography. The ciphertext secret key is then attached to the The ciphertext secret key is then attached to the encrypted message and sent.encrypted message and sent.
– At the other side, the private key of a public key At the other side, the private key of a public key cryptography pair is used to decrypt the secret key, and cryptography pair is used to decrypt the secret key, and this is then used to decrypt the message.this is then used to decrypt the message.
RSA- public key system
One of the most popular public key systems used One of the most popular public key systems used today is RSA encryption.today is RSA encryption.– RSA RSA RRivest, ivest, SShamir, hamir, AAdleman.dleman.
Public key- including RSA, is considered very Public key- including RSA, is considered very secure because of its reliance on large prime secure because of its reliance on large prime numbers to encrypt and decrypt.numbers to encrypt and decrypt.– It hasn’t been proven but it is widely believed that RSA It hasn’t been proven but it is widely believed that RSA
is so secure because the only method to break it rests in is so secure because the only method to break it rests in being able to factor large prime numbers.being able to factor large prime numbers.
– Up to this point, methods for factoring large prime Up to this point, methods for factoring large prime numbers are still painfully slow, relative to the numbers numbers are still painfully slow, relative to the numbers being used for encryption. being used for encryption.
RSA- Large primes
Estimates of how long it could take to factor Estimates of how long it could take to factor the primes used in RSA keys range from 70 the primes used in RSA keys range from 70 years to the end of the universe.years to the end of the universe.
The size of the prime numbers used are The size of the prime numbers used are approx 250 to 1024 bits long, or up to 100 approx 250 to 1024 bits long, or up to 100 characters long.characters long.
RSA- how it works
Initially, you need to find two large prime Initially, you need to find two large prime numbers, calling them P & Q.numbers, calling them P & Q.
You multiply them together and the result You multiply them together and the result will be S. PQ = S.will be S. PQ = S.
You next choose E, a number such that it You next choose E, a number such that it and the product (P-1)(Q-1) are relatively and the product (P-1)(Q-1) are relatively prime- meaning they have no prime factors prime- meaning they have no prime factors in common. E must be greater than one and in common. E must be greater than one and less than S. 1<E<S.less than S. 1<E<S.
Cont’d
Next you choose D, a number such that Next you choose D, a number such that DE – 1 is evenly divisible by (P-1)(Q-1). In DE – 1 is evenly divisible by (P-1)(Q-1). In other words, other words,
DE is congruent to 1 mod(P-1)(Q-1)DE is congruent to 1 mod(P-1)(Q-1)DEDE==1mod(p-1)(Q-1).1mod(p-1)(Q-1).
RSA cont’d
With these numbers E & D, and P & Q, you have With these numbers E & D, and P & Q, you have your encryption algorithm.your encryption algorithm.
P & Q must be disposed of, and never referenced P & Q must be disposed of, and never referenced again. again. – The security of the system relies on needing to factor S The security of the system relies on needing to factor S
back into P & Q.back into P & Q.
E & D become the public and private keys. They E & D become the public and private keys. They are multiplicative inverses of each other.are multiplicative inverses of each other.– This means either can become the public or private key.This means either can become the public or private key.
Yet more RSA
The encryption algorithm, with The encryption algorithm, with T=plaintext and C=ciphertext:T=plaintext and C=ciphertext:
– C = TC = TEE mod S mod S
The decryption algorithm:The decryption algorithm:
– T = CT = CDD mod S mod S
A little more RSA
Obviously, the plaintext and ciphertext are Obviously, the plaintext and ciphertext are converted to numbers prior to encryption.converted to numbers prior to encryption.
The number S and one of the keys, say D, The number S and one of the keys, say D, become your public key, and can be become your public key, and can be distributed freely. (S, D).distributed freely. (S, D).
The number E and S become your private The number E and S become your private key. (S, E).key. (S, E).
That’s RSA folks!!!!!!!That’s RSA folks!!!!!!!
Authentication
An involved issue with public key An involved issue with public key cryptography is that of authentication.cryptography is that of authentication.
One facet of authentication is digital One facet of authentication is digital signature.signature.– Digital signature is simply the private key of a Digital signature is simply the private key of a
public key set.public key set.
Guess what? That’s right, Authentication. Digital signature enables someone to verify Digital signature enables someone to verify
if the person who sent something is really if the person who sent something is really who they say. It works like this:who they say. It works like this:– I send something, encrypting it with my private I send something, encrypting it with my private
key. This means only one key will decrypt it, key. This means only one key will decrypt it, my public key. If this key is used and the my public key. If this key is used and the message is decrypted, it proves that my private message is decrypted, it proves that my private key is the author of the message.key is the author of the message.
– This is admissible in court to prove identity.This is admissible in court to prove identity.
Yeah, you know
It is important to note that secrecy is not It is important to note that secrecy is not secured with this method, because when I secured with this method, because when I encrypt something with my private key, encrypt something with my private key, anyone can get access to my public key and anyone can get access to my public key and decrypt the message. It is used for decrypt the message. It is used for authentication of the sender.authentication of the sender.
DES- Data Encryption Standard
Created by IBM and adopted by the US Created by IBM and adopted by the US gov’t for non-classified use.gov’t for non-classified use.
A 64-bit key is used for encryption in DES.A 64-bit key is used for encryption in DES. It operates on 64-bit blocks of data.It operates on 64-bit blocks of data. The process of encryption involves sending The process of encryption involves sending
the 64-bit text through a process called the 64-bit text through a process called function Ffunction F 16 times, applying the a sub-key 16 times, applying the a sub-key derived from the original each time.derived from the original each time.
Data …
The 64-bit key is reduced to 56 bits prior to The 64-bit key is reduced to 56 bits prior to encryption. The 8 removed bits are parity encryption. The 8 removed bits are parity bits to check the correctness of the key.bits to check the correctness of the key.
Prior to being sent into Prior to being sent into function Ffunction F, the 64-, the 64-bit plaintext is sent through a matrix that bit plaintext is sent through a matrix that permutates the bits. After the 16 cycles of permutates the bits. After the 16 cycles of function Ffunction F, another matrix, the inverse of , another matrix, the inverse of the first, is applied, and the finished result is the first, is applied, and the finished result is the ciphertext.the ciphertext.
DES key
The 56-bit key is broken into halves, and The 56-bit key is broken into halves, and each halve is rotated left 1 or 2 bits, each halve is rotated left 1 or 2 bits, depending on the cycle of depending on the cycle of function f.function f.
The halves are then recombinedThe halves are then recombined Lastly, the key is compression permutated Lastly, the key is compression permutated
into a 48-bit sub-key. This process occurs into a 48-bit sub-key. This process occurs 16 times, producing different sub-keys each 16 times, producing different sub-keys each time.time.
64-bit plaintext64-bit plaintext 64-bit key64-bit key
Matrix- permutationMatrix- permutation 56-bit key56-bit key
Function FFunction FRepeated 16 timesRepeated 16 times
28-bit left 28-bit left half half
28-bit right28-bit righthalfhalf
Rotated leftRotated left Rotated leftRotated left
Rotated and recombined Rotated and recombined 56-bit key56-bit key
Compression P-boxCompression P-boxReduces key to 48 bitsReduces key to 48 bits
Matrix- inverseMatrix- inversepermutationpermutation
Oh yeah, it’s Function F
64-bit input64-bit input Broken into halvesBroken into halves Right half is expansion permutated into 48 bitsRight half is expansion permutated into 48 bits This 48 bits is then exclusive OR’d with the 48 bit This 48 bits is then exclusive OR’d with the 48 bit
sub-key.sub-key. The resulting 48 bits is then run through an S-box The resulting 48 bits is then run through an S-box
(similar to a compression permutation), reducing (similar to a compression permutation), reducing the 48 bits to 32 bits.the 48 bits to 32 bits.
Functions Functions Functions yeah! The 32 bits is then permutated, and the resulting The 32 bits is then permutated, and the resulting
32 bits is then exclusive OR’d with the original 32 bits is then exclusive OR’d with the original left half of the input 64 bits.left half of the input 64 bits.
The output of all that becomes the right half in the The output of all that becomes the right half in the output of the function, and the original right half, output of the function, and the original right half, before all the operations were performed on it before all the operations were performed on it becomes the new left half.becomes the new left half.
This is repeated 16 times!! Whoa yeah, fun fun!!This is repeated 16 times!! Whoa yeah, fun fun!!
Conclusion
Database security- discretionary and Database security- discretionary and mandatory access, attempt to control the mandatory access, attempt to control the access of users on the system.access of users on the system.
Encryption is used to secure information on Encryption is used to secure information on the system,and information in transport to the system,and information in transport to or from the system.or from the system.
Authentication is used to verify the sender Authentication is used to verify the sender of informationof information
Yes, this is the last slide!!!!!!!!!!
Secret key is less secure but quickerSecret key is less secure but quicker Public key is much more secure and much Public key is much more secure and much
slower.slower. Dr. Vert is the best teacher in the CS Dr. Vert is the best teacher in the CS
departmentdepartment