Database Encryption

Database environment would not be completely secured without
consideration of encryption technology. The term database encryption
refers to the practice of obscuring the meaning of a piece of data by
means of encoding before storing it in tables. The database encryption
is implemented in such a way that it can only be decoded, read and
understood by people for whom the data is intended. It is the process
of encoding data to prevent unauthorized parties from viewing or
modifying it.

Data Protection in Daffodil DB

Probably the most widely used application of encryption is in the area
of data protection. The information that a business owns is invaluable
to its productive operation; consequently, the protection of this
information is paramount.

Encryption of files protects the data that is written to the column of
a table. This information protection is vital in the event of theft of
the computer itself or if an attacker successfully breaks into the
system.
To ensure a tight-leashed security, Daffodil DB supports various
encryption algorithms like idea, DES, two fish etc. The users can
encrypt objects and data before storing them in a table with the help
of these proven encryption algorithms.

How can we use Encryption capabilities of Daffodil DB?

Process of encrypting data in Daffodil DB is efficient and simple.
While creating a new database users can specify the value for key and
the algorithm, which will be used for encrypting the objects and data
contained in tables. The following things should be considered before
applying encryption techniques.

1. Managing security with encryption becomes more difficult if the
office has multiple employees, which know or share the user
information.

2. The super user information shall be changed, as the super user is
in charge of the Daffodil DB database. Someone logged in as a super
user can make use of the data stored in your table.
Uses of Data Encryption

Authentication

Authentication is the process of verifying that the user is in fact
the legitimate, authorized user of the data. This is most commonly
seen in encrypted passwords. Another example of authentication is
digital signatures.

Integrity


This refers to system integrity and data integrity. For example,
encryption allows users to confirm that an unauthorized user has not
breached the system and the system retains its expected consistency
and integrity.

Confidentiality

Confidentiality, or the protection of data from unauthorized viewing,
is the most basic form of data security. By obscuring the message as
cipher text, encryption allows database users to encode the original
data so that the confidentiality of the data is assured. For example:
encrypting raw data like one's entire hard drive can be done simply to
ensure that if the network has been hacked, the data on the disk is
still secure from unauthorized viewing by someone from outside.
Encryption can also be used to ensure the confidentiality of e-mail
messages being sent over the Internet.

Encryption algorithms supported by Daffodil DB


As time has progressed, data encryption algorithms have become more
complex and secure. Encryption algorithms can be used to provide high
levels of security to files stored in the database. Daffodil DB
encryption techniques are based on following proven algorithms.

1. Blowfish

Blowfish is a symmetric block cipher for encrypting text with a
variable key length. The variable-length key, ranges from 32 bits to
448 bits, making it ideal for both domestic and exportable use

2. DES

Data Encryption Standard (DES) is the name of the Federal Information
Processing Standard, which describes the data encryption algorithm
(DEA). DES has a 64-bit block size and uses a 56-bit key during
execution (8 parity bits are stripped off from the full 64-bit key).
DES is a symmetric cryptosystem, specifically a 16-round Feistel
cipher.

3. Idea

IDEA is a block cipher that uses a 128-bit length key to encrypt
successive 64-bit blocks of plaintext. The procedure is quite
complicated using sub keys generated from the key to carry out a
series of modular arithmetic and XOR operations on segments of the
64-bit plaintext block. The encryption scheme uses fifty-two 16-bit
sub keys. These are generated from the 128-bit sub key.

4. AES

The Advanced Encryption Standard (AES) is a computer security standard
for cryptography and encryption. AES uses a symmetric block cipher
that encrypts and decrypts 128-bit blocks of data. AES supports key
lengths of 128, and 256-bits.

5. TEA

Tiny Encryption Algorithm (TEA) is one of the fastest and most
efficient cryptographic algorithms in existence. It encrypts 64 data
bits at a time using a 128-bit key. It seems highly resistant to
differential cryptanalysis, and achieves complete diffusion (where a
one-bit difference in the plaintext will cause approximately 32-bit
differences in the cipher text) after only six iterations.


6. DES3

Triple DES or DES-3 is an enhancement over the existing DES standard.
DES-3 encrypts each block three times with the DES. The algorithm uses
either two or three different 56-bit algorithm, using either two or
three different 56-bit keys. This approach yields effective key
lengths of 112 or 168 bits

7. Twofish

Twofish is a 128-bit block cipher, meaning that data is encrypted and
decrypted in 128-bit chunks. Its conservative design allows the
ability to trade off key setup time for encryption speed, as well as
sacrificing smaller memory requirements to obtain greater encryption
speed.


How to create encrypted databases with Daffodil DB


Users can create an encrypted database with Daffodil DB in two ways


1. Database creation by get connection method of JDBC 3.0.


User can encrypt a database to prevent any unauthorized access to data
stored on a disk. Daffodil DB allows user to make use of above
mentioned encryption algorithms. Encryption algorithms use a block of
bytes as the secret key. The key length is algorithm-specific; popular
algorithms use keys of 64,128, or 256 bits in length.


Important: Users need to set ENCRYPTIONSUPPORT property as true at
time of creation of a Daffodil DB database.


Example:
String url = "jdbc:daffodilDB_embedded:STUDENTDB;create=tru e";
String driver = "in.co.daffodil.db.jdbc.DaffodilDBDriver";
Properties prop = new Properties();
prop.setProperty("user","daisy");
prop.setProperty("password","daisy");
prop.setProperty("create","true");
prop.setProperty("ENCRYPTIONSUPPORT","true");
prop.setProperty("ENCRYPTIONALGO","tea");
prop.setProperty("ENCRYPTIONKEY","daisy");
Class.forName(driver);
java.sql.Connection con = DriverManager.getConnection(url,prop);

In the above stated example, a database named STUDENTDB is created
which will be stored in
encrypted form using TEA encryption algorithm & encryption key is
daisy.









2. Using Daffodil DB Browser to create a database


Open Daffodil DB browser


Choose create Database


Check the Encryption check box


Choose the encryption algorithm


Provide the encryption key


modern Day businesses rely heavily on strategic information and they
need to store and secure it. Daffodil DB encryption mechanism serves
as an effective framework to maintain the consistency and safety of
data.

For more information on Database encryption, you can contact us at
support (AT) daffodildb (DOT) com

Join Daffodil DB Online community at Daffodil DB Forums.


Disclaimer: Daffodil DB is a registered trademark of Daffodil Software
Ltd. All other registered trademarks are a property of their
respective organizations.

webmaster (AT) daffodildb (DOT) com (DaffodilDB Sales Team) wrote in message news:<aec69450.0407112155.4f8d2570 (AT) posting (DOT) google.com>...
So far nothing new.

This seems backwards. Why protect the data in the database rather than
prevent a thief from getting into the database in the first place?


Again, backwards. wouldn't storing encripted data screw any kind of
query?

Which is typical of MOST databases. So why are you adding a "feature"
that makes sharing the data harder?

Is the "super user" referring to the DBA?

IOW, the DBA/super user is not stopped from reading ANY data. Does
this mean there is a backdoor to the encryption? Or does the DBA
account have access to all the keys? (And if he has global access in
either manner, then the thief/hacker that gains entry to the DBA
account has the saem access as if there was no encryption at all)

Okay so far.

Huh?
How is encryption going to tell you whether a hacker was able to READ
the data?

Like I said this seems backwards. If you block unauthorized users from
accessing the DBMS then whether the contents of the Database are
encrypted is unnecessary.

Poor example. If they got access to your HD via the network, they are
likely logged into your account or the Administrator's account, and
has view rights to the data anyway!

Finally a good example of use of encryption, but this has NO relevance
to data within a database.

I'm no encryption expert, but wasn't 64-bit DES broken about a year or
so ago?


(yes, it was just an example, sorry that was a cheap shot.)

What's the price in performance?

You post here, you get your replies here. usenet is not your personal
advertizing forum.


When will you begin to respect the readers here and contribute to the
discussions instead of just posting ads?

Ed.