Jim McLeod MyDBA
SQL Server Performance Tuning Consultant with MyDBA Microsoft Certified Trainer with SQLskills Australia MCITP:Database Administration
Examine the basics of encryption Determine when to use encryption Explore how SQL Server handles encryption technology Examine how to structure your tables in order to encrypt information efficiently Consider how to protect your data from the DBA
Plaintext “This is a plaintext message.” Codes “Fred likes to eat cake.” Fred = This, likes = is, to = a, eat = plaintext, cake = message. Not terribly useful in computing Ciphertext “Guvf vf n cynvagrkg zrffntr.” Operates on a group of letters, individual letters or bits
Key based encryption uses mathematical algorithms to encrypt data by use of a key Typically non-deterministic Symmetric Keys The same key will encrypt and decrypt the message Asymmetric Keys A public key is used to encrypt the message Only the private key can be used to decrypt the message For a given key length: Symmetric algorithms are faster to encrypt/decrypt Asymmetric algorithms are more secure Compromise: encrypt data with a symmetric key, and encrypt the symmetric key with an asymmetric key.
Business Requirements Hide sensitive data Passwords, Credit Card numbers, etc Hide sensitive data from the DBA Protect against unauthorised changes
On disk encryption Encrypted file system Transparent Data Encryption – SQL Server 2008 Backup encryption – 3 rd Party Client Connections (SSL) Network Traffic Individual Columns Stored Procedures, Triggers, Functions, Views, etc
Data can be encrypted at one of two points Before it gets to the database engine (Application) After it gets to the database engine (Database) Application encryption: Key must be stored in the application/another tier Prevents Profiler from sniffing unencrypted data passed into stored procedures Database cannot search efficiently Database Encryption Unencrypted data accessible inside the database Unencrypted data passed to the database engine Key may be held in an Hardware Security Module via Extensible Key Management (2008) via Extended Stored Procedures/SQLCLR (2005)
A deterministic, one-way method of obfuscating data Original source data cannot be retrieved Easy to compute Extremely difficult to construct a string with a given hash A single bit changed in the source string will radically alter the result Extremely unlikely that two source strings will produce the same hash Deterministic means dictionary attacks are possible
SUM() is a hashing function SELECT SUM( ) = 96 HashBytes() function 128 bit - MD2, MD4, MD5 160 bit - SHA, SHA1
Passwords and authentication Salting Data integrity Protect your data from changes via Management Studio Detecting changes in a table Creating indexes for types that cannot be indexed Images, varchar(max) Demonstration – enforcing row integrity
EncryptByPassphrase() DecryptByPassphrase() Uses a Triple-DES symmetric key AES128, AES192, AES256 are stronger No Database Master key, or certificate management required If the passphrase is lost, the data is lost Demonstration
Profiler can expose data that should be encrypted Stored Procedures Passphrase or unencrypted data can be passed through as a parameter in plaintext Passphrase can be hardcoded into the stored procedure Ad Hoc Queries Passphrase may be visible over the network Profiler will hide the event details Application must supply the passphrase
Service Master Key Instance scope Is created the first time it is required to encrypt something Can be regenerated. Database Master Key Database scope Created by the DBA when the database needs to use encryption
Asymmetric Keys If VIEW DEFINITION is granted, the user can encrypt data If CONTROL is granted, the user can encrypt and decrypt data Public Key Certificates Expiry Dates Self Signed X.509 Standard (1024 bit) Signed by a Certification Authority ( bit) Used for encryption and authentication Demonstrations Asymmetric Key Encryption Certificate Encryption
A symmetric key is similar to Passphrase Not restricted to Triple-DES Fast to encrypt, but if you know how to encrypt, you can also decrypt Symmetric Key with Certificate Demonstration
Encrypted data cannot be searched on without decrypting the data, resulting in a table scan Need some way of narrowing the search Reduce the number of rows requiring decryption from 1 million to 100. AdventureWorks comes with an index on , indicating that they search for customers based on an Address Non-deterministic encryption means we can’t index the encrypted value Create a hash of the first part of the Doesn’t give away any information about the Contact Can be indexed Demonstration
DBA has control over all certificates in all databases Database Master Keys encrypted via the Service Master Key will be wide open to the DBA Certificates/keys protected by passwords will be hidden from the DBA via Profiler Demonstration
Feature of SQL Server 2008 Enterprise Edition Encrypts data on disk, and is unencrypted when loaded into memory Uses a symmetric key called the Database Encryption Key Replication or memory dumps may expose unencrypted data No application architecture changes required. Small performance hit on every disk I/O Recovery of an encrypted database MUST be tested on a separate server before a disaster Backup your keys/certificates Backups of encrypted database will not compress well, but Page Compression will still work
Roll your own encryption functions Try the SQL 2000 DBA Toolkit Uses extended stored procedures urity/sql2000dbatoolkitpart1/2361/ urity/sql2000dbatoolkitpart1/2361/ Encrypt data at the application layer Put database files on an encrypted partition
Examine the basics of encryption Determine when to use encryption Disk, Connection, Column, Network, Backups Explore how SQL Server handles encryption technology Hashing, Certificates, Symmetric Keys, Asymmetric Keys, Transparent Data Encryption, Extensible Key Management Examine how to structure your tables in order to encrypt information efficiently Indexes of hashes Consider how to protect your data from the DBA