Databases serve as repositories for critical business and personal data. From an attacker’s perspective, attacking a database is much more lucrative than eavesdropping on network links. Privacy, and how companies store and protect sensitive information, is going to be a huge issue in the coming years. Database designers and system administrators have put new security mechanisms in place, but, when those defensive measures crash, the last powerful line of defense remains cryptography. Kenan, a leading cryptography expert at Symantec, demonstrates in this book exactly how to use encryption in enterprise databases and applications.
The first part of the book covers database security, presenting some different types of database-specific attacks, explaining the need to secure data, and discussing how cryptography can address these concerns. The author briefly introduces the main topics of cryptography.
The second part of the book prese!nts the design of a cryptosystem, covering guidelines for cryptographic engines, cryptographic algorithms and keys, key vaults, key managers and manifests, and cryptographic providers and consumers. Many aspects of this part can be applied to any cryptographic project, not just database cryptography. However, we can also find here good advice from the author on how to eliminate weaknesses in the algorithms, and on vulnerabilities that can appear in a database-specific application. Encrypting all data is not a cure-all security solution. Encryption does not address access control issues, and, if everything is encrypted, all data must be decrypted to be read, updated, or deleted. In addition, the encryption process must not interfere with normal access controls, or significantly affect performance. Availability is a key aspect of security, and if, by encrypting data, it becomes unavailable, or the system’s performance is dramatically reduced, a new security problem is cr!eated. Encryption keys must be changed regularly as part of a security policy, which means the database will be inaccessible while data is being decrypted and re-encrypted with a new key or keys. New special difficulties arise in the handling of encrypted data that is indexed.
In the third part of the book, the author covers all of the phases of the life cycle of a cryptographic project. He discusses the requirements, design, development, testing, and deployment phases of a project.
The Java-source example in the last part of the book demonstrates a live implementation of a database cryptosystem, covering the main theoretical aspects discussed in the earlier parts of the book. The 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.
The author proposes a solution to protect information from the threats that arise from users with unlimi!ted or power rights to databases. He covers confidentiality from the perspective of information assurance, and focuses on protection through encryption. The book presents good case studies about database-applied cryptography. Many technical aspects of database cryptography are presented, and the information covered by the book is of current interest. The text assumes readers have knowledge about cryptography, though there are some explanations presented in the book.
From the author’s point of view, the main audience for this book is made up of the technical leads responsible for protecting sensitive information in a database. These people might be architects, senior system or security analysts, database administrators, or technical project managers. To be successful, the cryptographic architecture must be implemented correctly and securely. The lead must provide guidance throughout the project on secure development practices, as well as technology. I think anyone! who wants to build a system to protect sensitive data could find useful information in this book.
After reading the book, readers will be able to understand why database cryptography must be implemented in a professional manner, since an incorrect or amateur implementation of cryptography can often be worse than no cryptography at all. Architects and administrators who are involved in the design of database security are strongly advised to read this book. Books like this are vital to ensuring that the last line of defense is not easily breached. This book provides a general review of cryptographic concepts, with some attention paid to examples that address certain database issues. Those who maintain large databases who wish to see practical solutions for the problems they face may be slightly disappointed.
