SYDO - Secure Your Data by Obscurity
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,990
On Slideshare
750
From Embeds
1,240
Number of Embeds
3

Actions

Shares
Downloads
11
Comments
0
Likes
0

Embeds 1,240

http://defcamp.ro 1,188
http://defcamp.com 49
http://lanyrd.com 3

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SYDO – Secure Your Data by Obscurity Andrei Avădănei Web Developer, Security enthusiast, Blogger www.worldit.info @AndreiAvadanei +AndreiAvadanei
  • 2. Let's make some research :-)
  • 3. Before that, what problems do we have?
    • mistrust in hosting provider aims
    • security problems
    • data stealing using SQL Injections
    • … or after server was hijacked
    • etc. etc.
  • 4. “ Information”
    • one the most dangerous weapons
    • you have it, you rule
    • ...money, women and finally the world
    • take a look at Google, Facebook, M$ etc.
  • 5. We should be more careful!
  • 6. But we are lazy...
  • 7. We introduce SYDO
    • aims to protect your data stored in SQL databases
    • a built-in interface for SQL functions
    • based on client/server API
    • help you to store and manage your data
  • 8. How it works?
  • 9. The problem divided in layers
    • Low Level processing (SQL Interfaces)
    • SYDO
    • Medium Level processing (here we can add patches over SQL queries)
    • High-level processing (WAFs, htaccess etc.)
    • Post-processing (client side)
  • 10. Solution
    • data (rows/tables/databases) encrypted with AES 128
    • keys stored in SYDO Hash Center (remote - server)
    • unique identification key + AES keys related
    • SQL Query identification by generating a key stub(Anti-SQLI)
    • RESTful encrypted API protocol between Client and server
  • 11. Demo
  • 12. Features
    • support over multiple SQL interfaces
    • API statistics
    • multiple website management for SYDO Hash Center
    • P2P Hash Center Service (lower latency)
    • cache over SYDO Hash Center (even lower latency)
    • Anti-DOS for SYDO Hash Center
  • 13. Project Status
    • available on GitHub v.01 Alpha
    • http://bit.ly/o6qzjn
    • soon update!
  • 14. Important
    • SYDO is not bullet proof but is a better solution!
  • 15. Questions?
  • 16.