UNDER LOCK AND KEY:ENCRYPTION WITH SQL

SERVER

Jim McLeodMyDBA

Jim.mcleod@mydba.com

Who Am I?

SQL Server Performance Tuning Consultant with MyDBA

Microsoft Certified Trainer with SQLskills Australia

MCITP:Database Administration

Aims

Examine the basics of encryption Determine when to use encryption Explore how SQL Server handles

encryption technology Examine how to structure your tables in

order to encrypt information efficiently Consider how to protect your data from

the DBA

What is Encryption?

Plaintext “This is a plaintext message.”

Codes “Fred likes to eat cake.” Fred = This, likes = is, to = a, eat = plaintext,

cake = message. Not terribly useful in computing

Ciphertext “Guvf vf n cynvagrkg zrffntr.” Operates on a group of letters, individual

letters or bits

Key-based Algorithms

Key based encryption uses mathematical algorithms to encrypt data by use of a key

Typically non-deterministic Symmetric Keys

The same key will encrypt and decrypt the message Asymmetric Keys

A public key is used to encrypt the message Only the private key can be used to decrypt the message

For a given key length: Symmetric algorithms are faster to encrypt/decrypt Asymmetric algorithms are more secure Compromise: encrypt data with a symmetric key, and

encrypt the symmetric key with an asymmetric key.

Why Encrypt Data?

Business Requirements Hide sensitive data

Passwords, Credit Card numbers, etc Hide sensitive data from the DBA Protect against unauthorised changes

What to Encrypt?

On disk encryption Encrypted file system Transparent Data Encryption – SQL Server

2008 Backup encryption – 3rd Party

Client Connections (SSL) Network Traffic Individual Columns Stored Procedures, Triggers, Functions,

Views, etc

When to Encrypt?

Data can be encrypted at one of two points Before it gets to the database engine (Application) After it gets to the database engine (Database)

Application encryption: Key must be stored in the application/another tier Prevents Profiler from sniffing unencrypted data passed into

stored procedures Database cannot search efficiently

Database Encryption Unencrypted data accessible inside the database Unencrypted data passed to the database engine Key may be held in an Hardware Security Module

via Extensible Key Management (2008) via Extended Stored Procedures/SQLCLR (2005)

Hashing

A deterministic, one-way method of obfuscating data Original source data cannot be retrieved Easy to compute Extremely difficult to construct a string with a

given hash A single bit changed in the source string will

radically alter the result Extremely unlikely that two source strings will

produce the same hash Deterministic means dictionary attacks are

possible

Hashing Functions

SUM() is a hashing function SELECT SUM(1 + 50 + 20 + 25) = 96

HashBytes() function 128 bit - MD2, MD4, MD5 160 bit - SHA, SHA1

Why Use Hashing Functions?

Passwords and authentication Salting

Data integrity Protect your data from changes via

Management Studio Detecting changes in a table Creating indexes for types that cannot be

indexed Images, varchar(max)

Demonstration – enforcing row integrity

Simple Encryption

EncryptByPassphrase() DecryptByPassphrase() Uses a Triple-DES symmetric key

AES128, AES192, AES256 are stronger No Database Master key, or certificate

management required If the passphrase is lost, the data is lost Demonstration

Profiler Visibility

Profiler can expose data that should be encrypted

Stored Procedures Passphrase or unencrypted data can be

passed through as a parameter in plaintext Passphrase can be hardcoded into the stored

procedure Ad Hoc Queries

Passphrase may be visible over the network Profiler will hide the event details Application must supply the passphrase

SQL Server Key Architecture

Service/Database Master Keys

Service Master Key Instance scope Is created the first time it is required to

encrypt something Can be regenerated.

Database Master Key Database scope Created by the DBA when the database needs

to use encryption

Encrypting with Asymmetric Keys/Certificates

Asymmetric Keys If VIEW DEFINITION is granted, the user can encrypt

data If CONTROL is granted, the user can encrypt and

decrypt data Public Key Certificates

Expiry Dates Self Signed X.509 Standard (1024 bit) Signed by a Certification Authority (384-3456 bit) Used for encryption and authentication

Demonstrations Asymmetric Key Encryption Certificate Encryption

Encrypting with Symmetric Keys

A symmetric key is similar to Passphrase Not restricted to Triple-DES

Fast to encrypt, but if you know how to encrypt, you can also decrypt

Symmetric Key with Certificate Demonstration

Searching Encrypted Data

Encrypted data cannot be searched on without decrypting the data, resulting in a table scan

Need some way of narrowing the search Reduce the number of rows requiring decryption from 1

million to 100. AdventureWorks comes with an index on Email,

indicating that they search for customers based on an Email Address

Non-deterministic encryption means we can’t index the encrypted value

Create a hash of the first part of the email Doesn’t give away any information about the Contact Can be indexed

Demonstration

Hiding Data from the DBA

DBA has control over all certificates in all databases

Database Master Keys encrypted via the Service Master Key will be wide open to the DBA

Certificates/keys protected by passwords will be hidden from the DBA via Profiler

Demonstration

Transparent Data Encryption (TDE)

Feature of SQL Server 2008 Enterprise Edition Encrypts data on disk, and is unencrypted when loaded

into memory Uses a symmetric key called the Database Encryption

Key Replication or memory dumps may expose unencrypted

data No application architecture changes required. Small performance hit on every disk I/O Recovery of an encrypted database MUST be tested on

a separate server before a disaster Backup your keys/certificates

Backups of encrypted database will not compress well, but Page Compression will still work

Options for SQL Server 2000 Encryption

Roll your own encryption functions Try the SQL 2000 DBA Toolkit

Uses extended stored procedures http://www.sqlservercentral.com/articles/Secur

ity/sql2000dbatoolkitpart1/2361/ Encrypt data at the application layer Put database files on an encrypted

partition

Summary

Examine the basics of encryption Determine when to use encryption

Disk, Connection, Column, Network, Backups Explore how SQL Server handles encryption

technology Hashing, Certificates, Symmetric Keys, Asymmetric

Keys, Transparent Data Encryption, Extensible Key Management

Examine how to structure your tables in order to encrypt information efficiently Indexes of hashes

Consider how to protect your data from the DBA