Database Encryption
Content
DATABASE ENCRYPTION
Introduction In this modern world, security is important wherein everything you do can be tamper by people around you. Encryption is the process of encoding messages or information so that eavesdroppers or hackers cannot read it and only those authorized parties can. The obscurity of the algorithms used means that a strongly encrypted message might require thousands of years of processing by very fast computers to break the encryption. Nowadays much encryption is done by generating very large prime numbers and using those. The most popular use of encryption is for securing web servers that are accessed by the https protocol not http so that data such as credit cards can be sent safely over the internet. Encryption is also applied in databases and is called Database Encryption. Database Encryption is the process of converting data, within a database, in plain text format into a meaningless code text by means of a right algorithm. Encryption of a database is costly and requires more storage space than the original data. Numerous algorithms are used for encryption. These algorithms generate keys related to the encrypted data. Database encryption can add a valuable layer of security to critical data stores, but only if the encryption is done well. As the number of database encryption deployments increases, so, too, does the number of bad encryption deployments. Database-level encryption allows securing the data as it is inserted to, or retrieved from the database. The encryption strategy can thus be part of the database design and can be related with data sensitivity and/or user privileges. Selective encryption is possible and can be done at various granularities, such as tables, columns, rows. It can even be related with some logical conditions (e.g., encrypt salaries greater than 10K€/month). Depending on the level of integration of the encryption feature and the DBMS, the encryption process may incur some change to applications. Moreover, it may cause DBMS performance degradation since encryption generally forbids the use of index on encrypted data. Indeed, unless using specific encryption algorithms or mode of operation, indexing encrypted data is useless. For both strategies, data is decrypted on the database server at runtime. Thus, the encryption
keys must be transmitted or kept with the encrypted data on the server side, thereby providing a limited protection against the server administrator or any intruder usurping the administrator identity. Indeed, attackers could spy the memory and discover encryption keys or plain text data.
Introduction In this modern world, security is important wherein everything you do can be tamper by people around you. Encryption is the process of encoding messages or information so that eavesdroppers or hackers cannot read it and only those authorized parties can. The obscurity of the algorithms used means that a strongly encrypted message might require thousands of years of processing by very fast computers to break the encryption. Nowadays much encryption is done by generating very large prime numbers and using those. The most popular use of encryption is for securing web servers that are accessed by the https protocol not http so that data such as credit cards can be sent safely over the internet. Encryption is also applied in databases and is called Database Encryption. Database Encryption is the process of converting data, within a database, in plain text format into a meaningless code text by means of a right algorithm. Encryption of a database is costly and requires more storage space than the original data. Numerous algorithms are used for encryption. These algorithms generate keys related to the encrypted data. Database encryption can add a valuable layer of security to critical data stores, but only if the encryption is done well. As the number of database encryption deployments increases, so, too, does the number of bad encryption deployments. Database-level encryption allows securing the data as it is inserted to, or retrieved from the database. The encryption strategy can thus be part of the database design and can be related with data sensitivity and/or user privileges. Selective encryption is possible and can be done at various granularities, such as tables, columns, rows. It can even be related with some logical conditions (e.g., encrypt salaries greater than 10K€/month). Depending on the level of integration of the encryption feature and the DBMS, the encryption process may incur some change to applications. Moreover, it may cause DBMS performance degradation since encryption generally forbids the use of index on encrypted data. Indeed, unless using specific encryption algorithms or mode of operation, indexing encrypted data is useless. For both strategies, data is decrypted on the database server at runtime. Thus, the encryption
keys must be transmitted or kept with the encrypted data on the server side, thereby providing a limited protection against the server administrator or any intruder usurping the administrator identity. Indeed, attackers could spy the memory and discover encryption keys or plain text data.
