Behnam Mohammadi, profile picture
Uploaded byBehnam Mohammadi
PPTX, PDF1,261 views

Column Level Encryption in Microsoft SQL Server

This document discusses column level encryption in Microsoft SQL Server. It begins with an introduction to the problem of protecting sensitive data like credit card numbers. It then provides an overview of encryption types in databases before detailing the encryption hierarchy and specific mechanisms in SQL Server, including Transact-SQL functions, asymmetric keys, symmetric keys, certificates, and Transparent Data Encryption (TDE). The document focuses on column level encryption, outlining the process of creating keys and certificates and using encryption at the column level, along with the advantages of high security and disadvantages of potential performance impacts.

Embed presentation

Downloaded 43 times
Column Level Encryption Presented by Behnam Mohammadi behnamm92@gmail.com Database Security Course by Dr. Meghdad Mirabi Fall 2016 Microsoft SQL Server Islamic Azad University South Tehran Branch
Table of content • Problem • Encryption • Database security tools • Encryption Hierarchy • Encryption Mechanisms • Transact-SQL functions • Asymmetric keys 228
Table of content • Symmetric keys • Certificates • Transparent Data Encryption (TDE) • Column Level Encryption • Advantages and Disadvantages • References 328
Problem • For example financial firms have sensitive data • Credit card numbers • Financial history • etc. • Needs to be protected from unauthorized access 428
Encryption • Most effective way to achieve data security • Cannot be easily understood by anyone except authorized parties • Main types of encryption in databases • Database level encryption • Column level encryption 528
Database Security Tools • Data stored in tables • Views • Column level permissions • Database encryption • Database • Column 628
Encryption Hierarchy 728
Encryption Mechanisms • Transact-SQL functions • Asymmetric keys • Symmetric keys • Certificates • Transparent Data Encryption (TDE) 828
Transact-SQL functions • SQL Server built-in encryption function • SQL Server built-in decryption function 928
Transact-SQL functions • The encryption function password is plain text • It can be stolen by a sniffer in case • SQL Server profiler 1028
Certificates • A public key certificate, usually just called a certificate • Digitally-signed statement • Certificates are issued and signed by a certification authority • Subject is entity that receives a certificate form CA • Relieve need to maintain a set of passwords for individual subjects for hosts 1128
Certificates • Certificate contents • Subject public key • Subject identifier information [name, e-mail and etc.] • Validity period • Issuer identifier information and digital signature 1228
Symmetric Keys • Used for both encryption and decryption • Encryption and decryption by using a symmetric key is fast 1328
Asymmetric Keys • Made up of a private key and the corresponding public key • Each key can decrypt data encrypted by the other • Higher level of security than symmetric encryption 1428
Transparent Data Encryption (TDE) • Transparent to end-user • Protect data and log files • Performed at page level • Real time I/O Encryption and Decryption • Impact on performance between 3% to 5% 1528
Transparent Data Encryption (TDE) • Use a symmetric key called the database encryption key • Protected by certificate that it also protected by the DMK • Protected by an asymmetric key stored in an EKM 1628
Column Level Encryption 1. Create SQL Server Database Master Key (DMK) 2. Create a Self Signed SQL Server Certificate 3. Create SQL Server Symmetric Key 4. Using Encryption 1728
Column Level Encryption 1. Create SQL Server Database Master Key (DMK) 1828
Column Level Encryption 2. Create a Self Signed SQL Server Certificate 1928
Column Level Encryption 3. Create SQL Server Symmetric Key 2028
Column Level Encryption 4. Using Encryption Encrypt 2128
Column Level Encryption 4. Using Encryption Decrypt 2228
Column Level Encryption • A user need to have permission to symmetric key and certificate to decrypt data • Decrypt with wrong key or certificate gives NULL for encrypted values 2328
Column Level Encryption • Grant Permissions to the Encrypted Data 2428
Advantages and Disadvantages • High level security • Requires no maintenance password for end-user • Impact on performance • Database migration is difficult 2528
References • www.msdn.microsoft.com • www.searchsecurity.techtarget.com [Margaret Rouse] • www.mssqltips.com [Nitansh Agarwal] 2628
xx END SIMPLICITY IS POWER Thanks 2727

More Related Content

PDF
Transparent Data Encryption in PostgreSQL
byMasahiko Sawada
 
PDF
Best Practices: How to Analyze IoT Sensor Data with InfluxDB
byInfluxData
 
PDF
Kubernetes From Scratch .pdf
byssuser9b44c7
 
PPTX
Transparent Data Encryption
byJohn Magnabosco
 
PPTX
Hyperledger fabric 20180528
byArnaud Le Hors
 
PDF
Hashicorp Vault: Open Source Secrets Management at #OPEN18
byKangaroot
 
PPTX
Designing High Availability for HashiCorp Vault in AWS
by☁ Bryan Krausen
 
PPTX
Steganography in images
byAishwarya Korde
 
Transparent Data Encryption in PostgreSQL
byMasahiko Sawada
 
Best Practices: How to Analyze IoT Sensor Data with InfluxDB
byInfluxData
 
Kubernetes From Scratch .pdf
byssuser9b44c7
 
Transparent Data Encryption
byJohn Magnabosco
 
Hyperledger fabric 20180528
byArnaud Le Hors
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
byKangaroot
 
Designing High Availability for HashiCorp Vault in AWS
by☁ Bryan Krausen
 
Steganography in images
byAishwarya Korde
 

What's hot

PDF
Docker 101: Introduction to Docker
byDocker, Inc.
 
PDF
Kafka Security 101 and Real-World Tips
byconfluent
 
PDF
Developing Kafka Streams Applications with Upgradability in Mind with Neil Bu...
byHostedbyConfluent
 
PDF
Intro to Time Series
byInfluxData
 
PDF
Volume Encryption In CloudStack
byShapeBlue
 
PDF
Secret Management with Hashicorp’s Vault
byAWS Germany
 
PPTX
Kubernetes for Beginners: An Introductory Guide
byBytemark
 
PDF
Kubernetes Introduction
byPeng Xiao
 
PPTX
Challenges of Kubernetes On-premise Deployment
byVietnam Open Infrastructure User Group
 
PDF
Image encryption and decryption using aes algorithm
byIAEME Publication
 
ODP
Kubernetes Architecture
byKnoldus Inc.
 
PPTX
Getting started with Docker
byRavindu Fernando
 
PPTX
Docker container
byNaveen Kumar
 
PDF
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
byLee Myring
 
PDF
Introduction to Docker storage, volume and image
byejlp12
 
PDF
Docker Introduction
byPeng Xiao
 
PDF
Exploring the replication and sharding in MongoDB
byIgor Donchovski
 
PPTX
virtualization-vs-containerization-paas
byrajdeep
 
PDF
Information Security Cryptography ( L02- Types Cryptography)
byAnas Rock
 
PPTX
Row-level security and Dynamic Data Masking
bySolidQ
 
Docker 101: Introduction to Docker
byDocker, Inc.
 
Kafka Security 101 and Real-World Tips
byconfluent
 
Developing Kafka Streams Applications with Upgradability in Mind with Neil Bu...
byHostedbyConfluent
 
Intro to Time Series
byInfluxData
 
Volume Encryption In CloudStack
byShapeBlue
 
Secret Management with Hashicorp’s Vault
byAWS Germany
 
Kubernetes for Beginners: An Introductory Guide
byBytemark
 
Kubernetes Introduction
byPeng Xiao
 
Challenges of Kubernetes On-premise Deployment
byVietnam Open Infrastructure User Group
 
Image encryption and decryption using aes algorithm
byIAEME Publication
 
Kubernetes Architecture
byKnoldus Inc.
 
Getting started with Docker
byRavindu Fernando
 
Docker container
byNaveen Kumar
 
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
byLee Myring
 
Introduction to Docker storage, volume and image
byejlp12
 
Docker Introduction
byPeng Xiao
 
Exploring the replication and sharding in MongoDB
byIgor Donchovski
 
virtualization-vs-containerization-paas
byrajdeep
 
Information Security Cryptography ( L02- Types Cryptography)
byAnas Rock
 
Row-level security and Dynamic Data Masking
bySolidQ
 

Viewers also liked

PPTX
Transparent Data Encryption for SharePoint Content Databases
byMichael Noel
 
PPT
SQL Server Encryption - Adi Cohn
bysqlserver.co.il
 
PPTX
SQL Server Security And Encryption
byHamid J. Fard
 
PPT
Dbms1
bySuleman Mohd
 
PPTX
YOUNG INDIA (3) (1)
bySADASIVA NADDI
 
PDF
Choosing Encryption for Microsoft SQL Server
byJerome J. Penna
 
PDF
SafeNet DataSecure vs. Native SQL Server Encryption
bySafeNet
 
Transparent Data Encryption for SharePoint Content Databases
byMichael Noel
 
SQL Server Encryption - Adi Cohn
bysqlserver.co.il
 
SQL Server Security And Encryption
byHamid J. Fard
 
Dbms1
bySuleman Mohd
 
YOUNG INDIA (3) (1)
bySADASIVA NADDI
 
Choosing Encryption for Microsoft SQL Server
byJerome J. Penna
 
SafeNet DataSecure vs. Native SQL Server Encryption
bySafeNet
 

Similar to Column Level Encryption in Microsoft SQL Server

PDF
Sql Server 2016 Always Encrypted
byDuncan Greaves PhD
 
PPTX
Always encrypted overview
bySolidQ
 
PPT
Steve Jones - Encrypting Data
byRed Gate Software
 
PPTX
Protecting Your SharePoint Content Databases using SQL Transparent Data Encry...
byMichael Noel
 
PDF
SQL Server Column Based Encryption
byDavid Dye
 
PDF
Organizational compliance and security in Microsoft SQL 2012-2016
byGeorge Walters
 
PDF
Organizational compliance and security SQL 2012-2019 by George Walters
byGeorge Walters
 
PPT
SQL Server 2008 Security Overview
byukdpe
 
PPTX
Ict conf td-evs_pcidss-final
byDejan Jeremic
 
PDF
Geek Sync | Always Encrypted for Beginners
byIDERA Software
 
PPTX
Isaca sql server 2008 r2 security & auditing
byAntonios Chatzipavlis
 
PPTX
The Spy Who Loathed Me - An Intro to SQL Server Security
byChris Bell
 
PPTX
Presentation
bySantosh Kumar
 
PPT
Formal Lecture.ppt
byEqinNiftalyev
 
PPTX
Seguridad en sql server 2016 y 2017
byMaximiliano Accotto
 
PPTX
Seguridad en sql server 2016 y 2017
byMaximiliano Accotto
 
PPTX
SQLCAT - Data and Admin Security
byDenny Lee
 
PDF
Sql Server 2008 Security Enhanments
byEduardo Castro
 
PDF
Sql server column level encryption
bymuhammadhashir57
 
PDF
Programming
byssuser4978d4
 
Sql Server 2016 Always Encrypted
byDuncan Greaves PhD
 
Always encrypted overview
bySolidQ
 
Steve Jones - Encrypting Data
byRed Gate Software
 
Protecting Your SharePoint Content Databases using SQL Transparent Data Encry...
byMichael Noel
 
SQL Server Column Based Encryption
byDavid Dye
 
Organizational compliance and security in Microsoft SQL 2012-2016
byGeorge Walters
 
Organizational compliance and security SQL 2012-2019 by George Walters
byGeorge Walters
 
SQL Server 2008 Security Overview
byukdpe
 
Ict conf td-evs_pcidss-final
byDejan Jeremic
 
Geek Sync | Always Encrypted for Beginners
byIDERA Software
 
Isaca sql server 2008 r2 security & auditing
byAntonios Chatzipavlis
 
The Spy Who Loathed Me - An Intro to SQL Server Security
byChris Bell
 
Presentation
bySantosh Kumar
 
Formal Lecture.ppt
byEqinNiftalyev
 
Seguridad en sql server 2016 y 2017
byMaximiliano Accotto
 
Seguridad en sql server 2016 y 2017
byMaximiliano Accotto
 
SQLCAT - Data and Admin Security
byDenny Lee
 
Sql Server 2008 Security Enhanments
byEduardo Castro
 
Sql server column level encryption
bymuhammadhashir57
 
Programming
byssuser4978d4
 

Recently uploaded

PDF
Building With Gemini: Hands-On AI for Developers
byhemish04082005
 
PDF
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PPTX
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
PPTX
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
PPTX
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PPTX
Best Application Development Consulting Company in Houston
byDesss Applying Technologies
 
PDF
IT Asset Lifecycle Management Solution | Infraon
byEverestIMS Technologies Pvt. Ltd
 
PDF
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
PDF
AI Concepts - MCP Neurons - part of a series
byPhilip Schwarz
 
PPTX
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
PDF
DSD-INT 2025 Modelling cold water infiltration with the Groundwater Energy (G...
byDeltares
 
PPTX
Aviation Fleet Management Software for Airlines & Operators
bySISGAIN
 
PDF
DSD-INT 2025 Multi-scale modeling to simulate Land Subsidence in the Central ...
byDeltares
 
PPTX
Build Smarter with Google: A Workshop on MediaPipe, Firebase, Gemini and Anti...
byvanshikaprakash05
 
PDF
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
PPTX
Testing Strategies for Agile Teams in 2026
byMatt Calder
 
PDF
DSD-INT 2025 An Introduction to MODFLOW 6 Solver Settings (Without the Agoniz...
byDeltares
 
PPTX
A practical and beginner-friendly guide to understanding data structures in J...
bynaingseihahs
 
PPT
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 
PDF
HTML 5 CSS 3 DEVELOPMENT TECHNOLOGY.pdf
bydavidjohansen1597
 
Building With Gemini: Hands-On AI for Developers
byhemish04082005
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
Best Application Development Consulting Company in Houston
byDesss Applying Technologies
 
IT Asset Lifecycle Management Solution | Infraon
byEverestIMS Technologies Pvt. Ltd
 
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
AI Concepts - MCP Neurons - part of a series
byPhilip Schwarz
 
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
DSD-INT 2025 Modelling cold water infiltration with the Groundwater Energy (G...
byDeltares
 
Aviation Fleet Management Software for Airlines & Operators
bySISGAIN
 
DSD-INT 2025 Multi-scale modeling to simulate Land Subsidence in the Central ...
byDeltares
 
Build Smarter with Google: A Workshop on MediaPipe, Firebase, Gemini and Anti...
byvanshikaprakash05
 
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
Testing Strategies for Agile Teams in 2026
byMatt Calder
 
DSD-INT 2025 An Introduction to MODFLOW 6 Solver Settings (Without the Agoniz...
byDeltares
 
A practical and beginner-friendly guide to understanding data structures in J...
bynaingseihahs
 
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 
HTML 5 CSS 3 DEVELOPMENT TECHNOLOGY.pdf
bydavidjohansen1597
 

Column Level Encryption in Microsoft SQL Server

Editor's Notes

  • #5 داده های حساس باید از دسترس کاربران احراز هویت نشده یا کاربران احراز هویت شده ای که دسترسی ندارد مخفی نگه داشته شود
  • #6 رمزگذاری بهترین ابزار برای محافظت از داده هاست با استفاده از رمز گذاری داده ها برای فقط کاربران مجاز قابل مشاهده و فهم می شود در دیتابیس در دو سطح کلی می توانیم رمز گذاری انجام دهیم: کل پایگاه داده یا ستون
  • #8 SMK: Service Master Key DMK: Database Master Key EKM: External Key Module DPAPI: Windows Data Protection API For best performance, encrypt data using symmetric keys instead of certificates or asymmetric keys. Database master keys are protected by the Service Master Key. The Service Master Key is created by SQL Server setup and is encrypted with the Windows Data Protection API (DPAPI). Other encryption hierarchies stacking additional layers are possible. An Extensible Key Management (EKM) module holds symmetric or asymmetric keys outside of SQL Server. Transparent Data Encryption (TDE) must use a symmetric key called the database encryption key which is protected by either a certificate protected by the database master key of the master database, or by an asymmetric key stored in an EKM. The Service Master Key and all Database Master Keys are symmetric keys.
  • #12 ارائه دهنده های CA Symantec Comodo Godaddy سرتیفیکیت یک عبارت است که توسط سی آی ها یا خود شخص امضا شده است مزیت آن این است که کلید به صورت یک سرتیفیکیت که یک فایل است در اختیار شخص کاربر قرار می گیرد و کاربر نیزا ندارد برای هر سرور یک سرتیقیکت ویژه داشته باشد
  • #26 High Level Password Security