All About Encryption
Encryption Overview• Two main types we are concerned with    –   Data in motion, over the network    –   Data at rest, dat...
Encryption Overview• Data in motion is easily done with SQL*Net and  ASO   –   Network traffic entirely encrypted, snoop p...
Encryption Overview• Data at rest options…    –   DBMS_OBFUSCATION_TOOLKIT         • 8i-9iR2         • Would not use this ...
DBMS_CRYPTO• Encrypt/Decrypt data procedurally   –   DES, 3DES   –   AES   –   RC4• Hash functions   –   MD5, SHA-1, MD4  ...
DBMS_CRYPTO• The major problem – KEY MANAGEMENT   –   Do you store the key in the application?        • How do you secure ...
DBMS_CRYPTO• API driven.• You code it, definitely not transparent.• Definite performance impact (compared to column and/or...
DBMS_CRYPTO• Simple Examples   –   Input raw after converting   –   Specify typ – the stream or block cipher type. Block  ...
Encryption oracle
Upcoming SlideShare
Loading in...5
×

Encryption oracle

533
-1

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
533
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Encryption oracle

  1. 1. All About Encryption
  2. 2. Encryption Overview• Two main types we are concerned with – Data in motion, over the network – Data at rest, datafiles, backups, redo, exports• We will be concentrating on data at rest• Question & Discussion: – What is the goal behind encrypting data? – Why do we do it? – What doesn’t it do for us? What can it NOT protect us from?
  3. 3. Encryption Overview• Data in motion is easily done with SQL*Net and ASO – Network traffic entirely encrypted, snoop proof – Encrypted checksum as well – to prevent “replay” attacks (eg: let’s do that bank transfer twice) – And to prevent modification (eg: let’s change the leading 1 to a 9 in that transaction)
  4. 4. Encryption Overview• Data at rest options… – DBMS_OBFUSCATION_TOOLKIT • 8i-9iR2 • Would not use this anymore • Will not talk about it beyond this slide • Let’s have a quick talk about wrapper packages… – DBMS_CRYPTO • 10gR1 and above • Would not use this unless I had to (because of the next two bullets) – Column Level Encryption • 10gR2 and above (ASO) – Tablespace Encryption • 11gR1 and above (ASO)
  5. 5. DBMS_CRYPTO• Encrypt/Decrypt data procedurally – DES, 3DES – AES – RC4• Hash functions – MD5, SHA-1, MD4 – Can use secret key as well• Random functions – Raw keys – Number and Integers as well
  6. 6. DBMS_CRYPTO• The major problem – KEY MANAGEMENT – Do you store the key in the application? • How do you secure it there? • You need to retrieve it and transmit it – Do you store the key in the database? • If I steal your database, I have your keys • You will have code that retrieves the key, I will find out how – There are no good answers to this problem.
  7. 7. DBMS_CRYPTO• API driven.• You code it, definitely not transparent.• Definite performance impact (compared to column and/or tablespace encryption)• Supports as inputs – RAW – CLOB – BLOB• And always returns binary output – You will use BLOB or RAW to store – If you use varchar2, you need to round up to multiple of 16 and double the length and RAWTOHEX or base64 encode the data. – Discuss legacy obfuscation toolkit and varchar2 flaw
  8. 8. DBMS_CRYPTO• Simple Examples – Input raw after converting – Specify typ – the stream or block cipher type. Block cipher is what we use for storing data persistently – Key – the encryption key – Use varchar2 interface and the CLOB• Performance – What impact will this have? (it will be different for everyone) Encrypt1.sql – How to measure it? Encrypt2.sql Encrypt3.sql
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×