Protection of Relations Within Large Datasets 123.5.2013

Protection of RelationsWithin Large DatasetsMgr. Boleslav Bobčík, T-Systems Czech Republic, a.s.

Protection of Relations Within Large Datasets 2

Let’s Start With Basic Facts…

• Assets: valuable data contained in information systems

• Two families of threats targeted at data:• Active threats – modification, unauthorized

alteration, destruction• Passive threats – unauthorized copying,

eavesdropping, data leaks

• Concerns with data leak detection• Easy to create a copy of data• The original data are unaffected by copying23.5.2013

Protection of Relations Within Large Datasets 3

Data And Their Context

• Isolated (standalone) data• Low value• Their occurrence in

information systems is rather rare

• Context of data• Relations between data

records: substantial part of assets’ value

• Reason for relational DBMS popularity

• Usual target of attackers 23.5.2013

Protection of Relations Within Large Datasets 4

Information System VulnerabilitiesHow the Architects Imagine Things...

23.5.2013

Protection of Relations Within Large Datasets 5

Information System VulnerabilitiesHow the System Actually Looks...

23.5.2013

Protection of Relations Within Large Datasets 6

Information System Vulnerabilities – Exploited

• Sony PlayStation® Network• April 2011• External attacker• Stolen 77 million

records• Direct damage: $171

million• Indirect damage: ???

• Lessons learned?• SonyPictures.com data

breach• June 2011

• Goold Health Systems• January 2013• Loss of backup media

with patient data• 6000 Medicaid records

including personal and payment data

• Gatineau Townhall, Canada• January 2013• Loss of student loans

data• 583 thousands records

23.5.2013

Protection of Relations Within Large Datasets 7

Usual Approaches To Data Protection

• Securing the perimeter• Objective: prevent

access of unauthorized people

• Authentication/authorization

• Problems• Threat of rogue insiders• Data taken out of the

perimeter are „defenseless“

• Data encryption• Objective: protect

static representation of data

• Database-level encryption

• Data accessible only for authorized users

• Problems• Often „All-or-Nothing“

solution• Cryptographic key

management• Data recovery risks

23.5.2013

Protection of Relations Within Large Datasets 823.5.2013

Alternative Approach

• Securing the relations between data• Idea (based on relational database theory)• Divide the data into „context domains“• Link the records across domain boundaries with

secure identifiers• Secure identifier construction• Initial data structure• Encrypted with domain-related key• Result: seemingly random sequence of bits• All identifier transformations performed in secure

environment

Protection of Relations Within Large Datasets 9

Data Before Secure Identifier Application

23.5.2013

Protection of Relations Within Large Datasets 10

Data After Secure Identifier Application

23.5.2013

?

Protection of Relations Within Large Datasets 11

... But We Can Go Further

23.5.2013

Protection of Relations Within Large Datasets 12

Aspects Of Successful Deployment

• Applications in legacy information systems• Invasive change,

impact depends on architecture of the IS

• Intentional break of normal relationship implementation• Unable to utilize

standard database query techniques

• Possible solutions: NoSQL technologies, proxy drivers

• Large datasets are necessary• Avoiding the brute-

force threats• Reduced data

throughput• Security level is a

compromise between data protection and other parameters (performance, price, ease of use…)

23.5.2013

Protection of Relations Within Large Datasets 13

Benefits Of Protected Relationships

• Data access control• Context domains have isolated data character• Easy to manage access to individual domains

• Secure identifier operations performed by a separate subsystem• Dependency between data and physical device

prevents data theft• Additional security layers can be included

• Breach recovery mechanism• Compromised identifiers can be replaced 23.5.2013

Protection of Relations Within Large Datasets 14

Similar Approaches

• PCI/DSS• Data tokenization• Opaque (uninterpretable) values substituting

sensitive data

• Format-preserving Encryption• Less-known / rarely used method

• IS ORG – personal identifier translator• Internal component of Czech eGovernment system• No public interface

23.5.2013

Protection of Relations Within Large Datasets 1523.5.2013

Final Remarks

• Present and future trends• Advances in system integration – new

vulnerabilities• Cybercrime (esp. „identity theft“) on the rise• Increasing adversary professionalization (e.g.

Chinese PLA Unit 61398)• Data protection legislation (EU – „General Data

Protection Regulation“, expected adoption in 2014)

• Conclusion: new information systems should consider protection of the data as well as data relations• Secure identifier system is a useful part of the

security landscape

Thank You for Your Attentionboleslav.bobcik@t-systems.cz