Foreword
The database is the core of all information systems, database security generally refers to the security of the data stored therein, it is an important part of network security, information security. The encryption of data in the database, the database security is an important part. However, the database encryption has a relatively high technical threshold, for the majority of users, and even information security practitioners are more mysterious. This paper aims to analyze several issues related to database encryption to help you uncover the mystery.
1. What is a database encryption?
It refers to the database encryption data stored in the database, especially sensitive data, stored in an encrypted manner.
2. Why should database encryption?
Data is the core of the information system assets, loss, damage or leakage of data, it is likely to impose an incalculable loss. To encrypt sensitive data is one of the core data security protection means. Data are two types, one is unstructured data, such as documents and images, the other is structured data, such as data in the database. These two forms of data are very important and need to be encrypted. Structured data are typically carried by very concentrated and valuable information, and therefore particularly important to encrypt protected. Moreover, since the database management system used mostly domestic products abroad, for safe and controlled considerations, domestic database still can not completely replace foreign products at this stage, in particular, need a pure domestic database encryption product. Leakage of sensitive data frequently face the grim reality, although the encryption and decryption process will harm the efficiency of the database, but the database encryption is still necessary protective measures have to order. Database encryption can significantly improve the security of the database. After encryption, data is stored in encrypted manner to prevent direct exposure data, while enhancing control access to encrypted data, greatly reducing the risk of data leakage and malicious destruction.
3. Domestic database encryption product has gone through what stage?
Development of the domestic database encryption products can be divided into three stages:
The first stage is the exploratory stage. Prior to 2003, the domestic database encryption means is decompile foreign security database system completed. Foreign security version of the database system with encryption, domestic technicians reverse engineer, joined the domestic encryption algorithm, to complete the "localization." The encryption means in certain sensitive sectors has been the domestic small-scale applications, to achieve a certain effect. But with the further development of the database security technology, has been withdrawn from the market.
第二阶段是国外产品导入国内市场以及国产数据库加密产品萌芽阶段。从2003年开始,几家国外的数据库加密产品厂商,为了进入中国市场,将产品界面进行“中国化”,经由香港进入国内市场。但由于国家保密政策的限制,这些被伪装成国产的数据库加密产品并没有在国内数据库安全市场大行其道,反而逐渐销声匿迹。据作者所知,国内大概还有一两家“国产化”的外国数据库加密产品在市场销售,但也是局限在很小的一个范围内,无法被国内用户广泛接受。但在这一阶段,逐渐有国内科研人员开始进行数据库加密技术的研究。
2009年已有数据库加密技术的专利发明出现。其中北京理工大学戴林副教授的“一种支持密文索引的数据库透明加密方法”被学术界认为是国内数据库加密技术研究中较早重要的一个专利发明。随后,国内陆续有研发团队开始进行数据库加密产品的开发,虽说与国外顶级技术有不小差距,但毕竟是迈出了非常重要的第一步。
第三个阶段是国产数据库加密技术逐步产品化并走向市场的阶段。从2010年开始,随着科研成果的产业化,国内市场开始出现纯国产的数据库加密产品。经过市场的磨练,产品越来越成熟,越来越为数据库安全运维人员所接受。不难预见,假以时日,数据库加密产品将成为数据库安全市场的重要力量,甚至能取代数据库审计产品和数据库防火墙产品的市场地位,成为数据库安全市场的宠儿。
4. 何为数据库透明加密?
数据库透明加密是指对库内数据的加密和解密,对数据库的访问程序是完全无感知的。特别是应用系统,不需要做任何修改和编译,就能够直接应用到加密库上。
与透明加密相对应的,是在应用系统中对数据进行加密,然后再存储到数据库中。需要真实数据的时候,从数据库中读取密文,再解密出明文。严格的说,这种方式并不是数据库加密,而是数据加密。
本文所指的数据库加密都是指透明加密。
5.数据库加密实现方式有哪些,特性如何?
全盘加密:采用全盘加密系统或者存储加密网关系统,将数据库文件所在的磁盘扇区进行加密。当数据库访问磁盘扇区的时候,对加密扇区再进行解密。这种方式对于数据库自身来说是透明的,数据库管理系统也感觉不到加密解密过程的存在。这种加密方式工作在存储层,仅能防止磁盘丢失时敏感数据遭受泄漏。所有对磁盘具有访问权限的用户都可以访问到真实的数据库文件。因而,对于控制了操作系统的攻击者来说,并没有防护能力。
文件加密:在操作系统文件驱动层将数据库的存储文件经过加密后存储到磁盘上。当数据库访问存储文件的时候,再进行解密。这种方式对于数据库自身来说也是透明的,数据库管理系统也感觉不到加密解密过程的存在。这种加密方式能防止磁盘丢失和文件被复制导致的敏感数据泄漏。但是,对于控制了数据库系统的攻击者来说,文件还是开放的,因而也没有真正的防护能力。
数据库自带加密:某些数据库自身提供了加密机制,在数据库内核实现了存储的加密。这种加密方式能防止磁盘丢失和文件被复制导致的敏感数据泄漏。但是,对于控制了数据库系统的攻击者来说却是开放的,并没有防护能力。而且其密钥管理通常不会对数据库用户开放,安全性得不到保证,也得不到国内相关评测机构的认可。
库内扩展加密:通过使用视图、触发器、扩展索引等机制,实现透明加密。由于引入了独立于数据库的第三方程序,通过控制加密解密的权限,增加了额外的访问控制。对于数据库内不同的用户,也可以控制其对加密数据的访问。但是这种加密方式不能越过应用系统,实现应用系统用户对敏感数据的访问控制。而且这种加密方式依赖于数据库系统的扩展索引机制,并不能在所有数据库上实现。
数据库加密网关或加密驱动:通过对数据库前端部署数据库加密网关,或者通过扩展数据库访问驱动(如JDBC驱动)实现数据库加密。这种方式理论上能够支持所有的数据库,是一种通用的解决方案,且安全性更高。但是对于所有访问语句和访问机制却难以全部支持,例如对于网关之后的存储过程和触发器都无法支持。
应用加密网关:在应用系统之前放置加密网关,进一步将数据加密的位置提前,在数据进入应用系统之前进行加密。这种加密方式可以控制应用系统的用户对数据的访问权限,并且真实数据对所有数据库用户都是不可见的,是最安全的一种加密方式。事实上,这种加密方式与具体的数据库无关,是对立与数据库的。但是由于应用系统的复杂性,实现的难度也较大。
总之,数据被加密的位置离用户越近,安全性越高,同时实现的难度也越大。以上所述的几种加密方式,数据加密的位置离用户是逐步靠近的,防护能力也是逐步提升的。
目前国内数据库安全市场主流的数据库加密方式是库内扩展加密,本文中,如果没有特别指出,都特指这种加密方式。
6.数据库加密能解决哪些具体问题?
数据库加密能够通过有效的解决如下问题,来提升数据库的安全性:
1) 防止数据库文件被下载或者复制、以及直接分析数据文件导致的数据泄漏和破坏。由于敏感数据被加密,任何直接对数据库文件进行分析的攻击方式,都只能看到密文。
2) 防止DBA或高权限帐号密码泄露导致的数据泄漏和破坏。DBA或者高权限账号被攻击者获取后,虽然攻击者能够得到数据库中的全部数据,但是由于敏感数据是被加密的,所以仍然不能获得明文。或者攻击者试图修改授权用户的访问密码进行身份伪造攻击,但是加密系统额外的身份认证机制能够对这种伪造身份进行识别,致使攻击者仍然无法获取真实数据。
3) part of the way to prevent SQL injection whole library data leakage drag library and data corruption. SQL injection attacks who get all the contents of the database by dragging the library, but can only obtain the plaintext user permissions when used to attack corresponding, for sensitive data that the user does not have privileges, the attacker still can not access.
4) multi-factor authentication and authorization, only to make up for lack of safety defects by the way password authentication. You can increase authentication and authorization management application system, time, IP address, user name, and other factors.
7. Database encryption can not solve the problem?
Although transparent database encryption can significantly enhance the security of the database, but the database and Bunengjiejue all security issues:
1) can not completely prevent SQL injection attacks. If you are using SQL injection attackers authorized users access the database application system to attack the database, it is possible to obtain the appropriate authorization of the user's encryption system, can gain access to sensitive data under the Mandate.
2) not completely prevent an attacker to forge the identity of attacks on the database. When the attacker through social engineering, steal and forge a completely legitimate access to sensitive data in the user's account, password, and application systems, IP information, database encryption will not be able to limit their access.
3) authorization application systems can not completely prevent illegal backdoor access to the database. When the application is authorized to access sensitive data, but leave the back door by developers, database encryption systems do not recognize this and blocked the back door.
Other related questions such as "how to make up the database encryption system for the protection of databases?" "Database encryption key technology of what?" "Key Indicators Database encryption system is what?" And so on, we will continue to elaborate in subsequent articles . stay tuned.