Monday, June 3, 2019
The Data Inscription Standard Computer Science Essay
The info Inscription Standard Computer Science EssayWhenever selective information is exchanged electronic on the wholey umpteen times the privacy of the data is a required. encryption is single- ranged functiond to restrict unintended recipients from viewing the data, which ar deemed confidential and potenti exclusivelyy dangerous if made kn let to irresponsible parties. In other word, encoding is the social function of transforming plain text data that provoke be rent by anyone to cipher text data that tin only be read by roughone with a secret decodeion cay.A message in the first place being changed in any way is called plain text. Plain text messages are converted to ciphertext via some encoding rule. An enryption method is called a crypto transcription.In 1972, the National thorax of Standards (NBS), a part of the U.S. Department of Commerce, initiated a program to develop standards for the resistance of computing machine data. The Institute for Computer Scie nces and Technology (ICST), one of the major operate units of the National Bureau of Standards, had been recently established in response to a 1965 federal law known as the Brooks Act (PL89-306) that required new standards for improving utilization of computers by the federal government. Computer pledge had been identified by an ICST study as one of the high-priority areas requiring standards if computers were to be effectively used. A set of guidelines and standards were defined by the ICST that were to be developed as resources became forthcoming in computer auspices. The guidelines were to include areas such(prenominal) as physical security, risk management, contingency planning, and security auditing. Guidelines were adequate in areas non requiring interoperability among various computers. Standards were required in areas such as encoding, ain authentication, approach supremacy, secure data stor-age, and transmission because they could affect interoperability.Standards can be divided into different sections basic, interoperability, interface, and implementation.1. Basic standards (also called 4standards of ethical practice) are used to qualify generic functions (services, methods, results) required to achieve a certain set of common goals. Examples include standards for purity of chemicals, contents of food products, and in the computer field, structured schedule practices.2. Interoperability standards specify functions and formats so that data transmitted from one computer can be properly acted on when received by a nonher computer.The implementation (hardware, firmware, software) or structure (integrated, isolated, interfaced layers) collect non be specified in interoperability standards, since there is no intent of replacing one implementation or structure deep down a system with another.3. Interface standards specify not only the function and format of data crossing the interface, just now also include physical, electrical, and logical specifications able to replace one implementation (device, program, component) on either side of the interface with another.4. Implementation standards not only specify the interfaces, functions, and formats, but also the structure and the method of implementation. These may be necessary to assure that secondary characteristics such as speed, reliability, physical security, etc. also obtain certain needs. Such standards are a lot used to permit component replacement in an overall system.Services or ApplicationsThe basic stilbesterol algorithm can be used for twain data encoding and data authentication.1. Data Encryption It is easy to see how the DES may be used to encode a 64-bit plaintext input to a 64-bit cipher text output, but data are seldom limited to 64 bits. In order to use DES in a miscellanea of cryptographic applications, four modes of operation were developed electronic codebook (ECB) cipher feedback (CFB) cipher occlude chaining (CBC) and output feedback (OFB) 26 (Figs. 1-4). Each mode has its advantages and disadvantages. ECB is excellent for encrypting keys CFB is typically used for encrypting singular characters and OFB is often used for encrypting satellite communications. Both CBC and CFB can be used to authenticate data. These modes of operation permit the use of DES for interactive magnetic pole to host encoding, crypto-graphic key encryption for automated key management applications, load encryption, mail encryption, satellite data encryption, and other applications. In fact, it is extremely difficult, if not impossible, to project a cryptographic application where the DES cannot be applied.Figure 1 Electronic codebook (ECB) mode.Figure2 Cipher block chaining (CBC) mode.History of encryptionIn its earliest form, passel live with been at allure to conceal certain education that they wanted to keep to their own possession by substituting parts of the cultivation with symbols, numbers and pictures. Ancient Babylonian merch ants used intaglio, a piece of flat stone carved into a collage of images and some writing to identify themselves in trading transactions. Using this mechanism, they are producing what right away we know as digital signature. The public knew that a particular signature belonged to this trader, but only he had the intaglio to produce that signature.Of course, technology at once has evolved at such rapid pace that the need to protect information grows with the lessening reliability of older encryption techniques. Basic modern encryption is not much different from the ancient civilisations substitution using symbols. Translation put back, lends itself very well in making a piece of data generally unreadable. moreover computers today are much too advanced that translation table is advantageously broken and thus no longer viable. Instead encryption today has grown into such specialised field that involve mathematical, non-linear cryptosystem that even a relatively powerful computers take months or even years to break the ciphertext.The origins of DES go back to the early 1970s. In 1972, after concluding a study on the US governments computer security needs, the US standards body NBS (National Bureau of Standards) now named NIST (National Institute of Standards and Technology) identified a need for a government-wide standard for encrypting unclassified, keen information.1 Accordingly, on 15 May 1973, after consulting with the NSA, NBS solicited proposals for a cipher that would meet rigorous design criteria. None of the submissions, however, cristaled out to be suitable. A second request was issued on 27 August 1974. This time, IBM submitted a candidate which was deemed pleasurable a cipher developed during the period 1973-1974 based on an earlier algorithm, Horst Feistels Lucifer cipher. The team at IBM involved in cipher design and digest included Feistel, Walter Tuchman, wear thin Coppersmith, Alan Konheim, Carl Meyer, Mike Matyas, Roy Adler, Edna Gro ssman, Bill Notz, Lynn Smith, and Bryant Tuckerman.NSAs involvement in the designOn 17 March 1975, the proposed DES was published in the Federal Register. familiar comments were requested, and in the following year two open workshops were held to discuss the proposed standard. there was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie, citing a shortened key length and the mysterious S-boxes as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they but no-one else could easily read encrypted messages.2 Alan Konheim (one of the designers of DES) commented, We sent the S-boxes off to Washington. They came back and were all different.3 The United States Senate Select Committee on Intelligence reviewed the NSAs actions to determine whether there had been any improper involvement. In the unclassified summary of their findings, published in 1978, the Committee wroteIn the development of DES, NSA convinced IBM that a reduced key size was sufficient indirectly help in the development of the S-box structures and certified that the final DES algorithm was, to the best of their knowledge, free from any statistical or mathematical weakness.4However, it also found thatNSA did not tamper with the design of the algorithm in any way. IBM invented and designed the algorithm, made all pertinent decisions regarding it, and concurred that the agreed upon key size was more than adequate for all commercial applications for which the DES was intended.5Another member of the DES team, Walter Tuchman, stated We developed the DES algorithm fullly within IBM using IBMers. The NSA did not dictate a single wire6 In contrast, a declassified NSA book on cryptologic history statesIn 1973 NBS solicited private industry for a data encryption standard (DES). The offshoot offerings were disappointing, so NSA began working on its own algorithm. Then Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a adaption to Lucifer for general use. NSA gave Tuchman a clearance and brought him in to work jointly with the Agency on his Lucifer modification.7and NSA worked closely with IBM to strengthen the algorithm against all besides brute force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key.8 approximately of the suspicions nigh hidden weaknesses in the S-boxes were allayed in 1990, with the independent discovery and open publication by Eli Biham and Adi Shamir of differential cryptanalysis, a general method for breaking block ciphers. The S-boxes of DES were much more resistant to the attack than if they had been chosen at random, strongly suggesting that IBM knew about the technique in the 1970 s. This was indeed the case in 1994, Don Coppersmith published some of the original design criteria for the S-boxes.9 According to Steven Levy, IBM Watson researchers discovered differential cryptanalytic attacks in 1974 and were asked by the NSA to keep the technique secret.10 Coppersmith explains IBMs secrecy decision by saying, that was because differential cryptanalysis can be a very powerful tool, used against many schemes, and there was concern that such information in the public domain could adversely affect national security. Levy quotes Walter Tuchman the asked us to stamp all our documents confidential We actually put a number on each one and locked them up in safes, because they were considered U.S. government classified. They said do it. So I did it. Bruce Schneier observed that It took the academic community two decades to figure out that the NSA tweaks actually improved the security of DES.Encryption Now a DaysIndustrial espionage among highly competitive businesses of ten requires that extensive security measures be put into place. And, those who wish to exercise their personal freedom, outside of the oppressive nature of governments, may also wish to encrypt certain information to avoid legalities that entailed possession of such.With respect to the Internet, there are many types of data and messages that people would want to be kept secret. Now that commercial trading on the Net is a reality, one of the main targets of data encryption is credit card numbers. Other information that could otherwise win or educate a group or individual can also be used against such groups or individuals.Security Problems That Encryption Does Not SolveWhile there are many good reasons to encrypt data, there are many reasons not to encrypt data. Encryption does not solve all security businesss, and may make some problems worse. The following sections describe some misconceptions about encryption of stored data rationale 1 Encryption Does Not Solve Access constra int Problems Principle 2 Encryption Does Not Protect Against a Malicious Database Administrator Principle 3 Encrypting Everything Does Not Make Data SecurePrinciple 1 Encryption Does Not Solve Access Control ProblemsMost organizations must limit data admission price to users who must see this data. For example, a human resources system may limit employees to viewing only their own employment records, while allowing managers of employees to see the employment records of subordinates. Human resource specialists may also need to see employee records for multiple employees.Typically, you can use access reign over mechanisms to address security policies that limit data access to those with a need to see it. Oracle Database has provided strong, independently evaluated access control mechanisms for many years. It enables access control enforcement to a fine level of granularity through Virtual Private Database.Because human resource records are considered sensitive information, it is tem pting to think that all information should be encrypted for break off security. However, encryption cannot enforce granular access control, and it may hinder data access. For example, an employee, his manager, and a human resources salesclerk may all need to access an employee record. If all employee data is encrypted, then all three must be able to access the data in unencrypted form. Therefore, the employee, the manager and the human resources clerk would have to share the same encryption key to rewrite the data. Encryption would, therefore, not provide any additional security in the sense of damp access control, and the encryption might hinder the proper or efficient functioning of the application. An additional issue is that it is difficult to securely transmit and share encryption keys among multiple users of a system.A basic principle behind encrypting stored data is that it must not interfere with access control. For example, a user who has the SELECT exclusive right on emp should not be limited by the encryption mechanism from seeing all the data he is otherwise allowed to see. Similarly, there is little benefit to encrypting part of a table with one key and part of a table with another key if users must see all encrypted data in the table. In this case, encryption adds to the overhead of decrypting the data before users can read it. If access controls are implemented well, then encryption adds little additional security within the database itself. A user who has privileges to access data within the database has no more nor any less privileges as a result of encryption. Therefore, you should never use encryption to solve access control problems.Principle 2 Encryption Does Not Protect Against a Malicious Database Administrator some organizations, concerned that a malicious user might gain elevated (database administrator) privileges by guessing a password, like the idea of encrypting stored data to protect against this threat. However, the correct solution to this problem is to protect the database administrator account, and to change default passwords for other privileged accounts. The easiest way to break into a database is by using a default password for a privileged account that an administrator allowed to remain unchanged. One example is SYS/CHANGE_ON_INSTALL.While there are many destructive things a malicious user can do to a database after gaining the DBA privilege, encryption pass on not protect against many of them. Examples include corrupting or deleting data, exporting user data to the charge up system to e-mail the data back to himself to run a password cracker on it, and so on.Some organizations are concerned that database administrators, typically having all privileges, are able to see all data in the database. These organizations feel that the database administrators should administer the database, but should not be able to see the data that the database contains. Some organizations are also concerned about c oncentrating so much privilege in one person, and would prefer to partition the DBA function, or enforce two-person access rules.It is tempting to think that encrypting all data (or significant amounts of data) allow solve these problems, but there are better ways to protect against these threats. For example, Oracle Database reenforcements limited sectionalization of DBA privileges. Oracle Database provides native support for SYSDBA and SYSOPER users. SYSDBA has all privileges, but SYSOPER has a limited privilege set (such as startup and shutdown of the database).Furthermore, you can render small roles encompassing several system privileges. A jr_dba role might not include all system privileges, but only those appropriate to a lowly database administrator (such as CREATE TABLE, CREATE USER, and so on).Oracle Database also enables auditing the actions taken by SYS (or SYS-privileged users) and storing that audit trail in a secure run system location. Using this model, a reco gnize attender who has root privileges on the in operation(p) system can audit all actions by SYS, enabling the auditor to hold all database administrators accountable for their actions.See Auditing SYS Administrative Users for information about ways to audit database administrators.You can also fine-tune the access and control that database administrators have by using Oracle Database Vault. See Oracle Database Vault Administrators Guide for more information.The database administrator function is a trusted position. Even organizations with the nearly sensitive data, such as intelligence agencies, do not typically partition the database administrator function. Instead, they manage their database administrators strongly, because it is a position of trust. Periodic auditing can help to expose inappropriate activities.Encryption of stored data must not interfere with the administration of the database, because otherwise, larger security issues can result. For example, if by encrypt ing data you corrupt the data, then you create a security problem, the data itself cannot be interpreted, and it may not be recoverable.You can use encryption to limit the ability of a database administrator or other privileged user to see data in the database. However, it is not a substitute for managing the database administrator privileges properly, or for controlling the use of powerful system privileges. If untrustworthy users have significant privileges, then they can pose multiple threats to an organization, some of them far more significant than viewing unencrypted credit card numbers.Principle 3 Encrypting Everything Does Not Make Data SecureA common error is to think that if encrypting some data strengthens security, then encrypting everything makes all data secure.As the discussion of the previous two principles illustrates, encryption does not address access control issues well, and it is important that encryption not interfere with normal access controls. Furthermore, e ncrypting an entire production database means that all data must be decrypted to be read, updated, or deleted. Encryption is inherently a consummation-intensive operation encrypting all data will significantly affect performance.Availability is a key aspect of security. If encrypting data makes data unavailable, or adversely affects availability by reducing performance, then encrypting everything will create a new security problem. Availability is also adversely affected by the database being inaccessible when encryption keys are changed, as good security practices require on a reparation basis. When the keys are to be changed, the database is inaccessible while data is decrypted and re-encrypted with a new key or keys.There may be advantages to encrypting data stored off-line. For example, an organization may store backups for a period of 6 months to a year off-line, in a remote location. Of course, the first line of protection is to secure the facility storing the data, by estab lishing physical access controls. Encrypting this data before it is stored may provide additional benefits. Because it is not being accessed on-line, performance need not be a consideration. While an Oracle database does not provide this capability, there are vendors who provide encryption services. Before embarking on large encryption of backup data, organizations considering this approach should thoroughly test the process. It is essential to verify that data encrypted before off-line storage can be decrypted and re-imported successfully.AdvantagesEFS technology makes it so that files encrypted by one user cannot be opened by another user if the latter does not possess appropriate licenses. After encryption is activated, the file remains encrypted in any storage location on the disk, regardless of where it is moved. Encryption is can be used on any files, including executables.The user with permission to decrypt a file is able to work with the file like with any other, without ex periencing any restrictions or difficulties. Meanwhile, other users receive a restricted access notification when they attempt to access the EFS encrypted file.This approach is definitely very convenient. The user gets the opportunity to reliably and quickly (using standard means) limit access to confidential information for other household members or colleagues who also use the computer.EFS seems like an all-around winning tool, but this is not the case. Data encrypted using this technology can be entirely lost, for example during operating system reinstallation.We should remember that the files on disk are encrypted using the FEK (File Encryption Key), which is stored in their attributes. FEK is encrypted using the master key, which in turn is encrypted using the respective keys of the system users with access to the file. The user keys themselves are encrypted with the users password hashes, and the password hashes use the SYSKEY security feature.This chain of encryption, accordi ng to EFS developers, should reliably protect data, but in practice, as explained below, the protection can be ultimately reduced to the good old login-pass-word combination.Thanks to this encryption chain, if the password is lost or reset, or if the operating system fails or is reinstalled, it becomes impossible to gain access to the EFS-encrypted files on the drive. In fact, access can be lost irreversibly.Regular users do not fully understand how EFS works and often pay for it when they lose their data. Microsoft has issued EFS documentation that explains how it works and the main issues that may be encountered when encrypting, but these are difficult for regular users to understand, and few read the documentation before starting to work.Data Encryption ChallengesIn cases where encryption can provide additional security, there are some associated technical challenges, as described in the following sections Encrypting Indexed Data Generating Encryption Keys Transmitting Encryption Keys Storing Encryption Keys Changing Encryption Keys Encrypting Binary Large ObjectsEncrypting Indexed DataSpecial difficulties arise when encrypted data is indicationed. For example, suppose a company uses a national individualism number, such as the U.S. Social Security number (SSN), as the employee number for its employees. The company considers employee numbers to be sensitive data, and, therefore, wants to encrypt data in the employee_number column of the employees table. Because employee_number contains unique values, the database designers want to have an index on it for better performance.However, if DBMS_CRYPTO or the DBMS_OBFUSCATION_TOOLKIT (or another mechanism) is used to encrypt data in a column, then an index on that column will also contain encrypted values. Although an index can be used for equality checking (for example, SELECT * FROM emp WHERE employee_number = 987654321), if the index on that column contains encrypted values, then the index is essentially unu sable for any other purpose. You should not encrypt indexed data.Oracle recommends that you do not use national identity numbers as unique IDs. Instead, use the CREATE SEQUENCE statement to incur unique identity numbers. Reasons to avoid using national identity numbers are as follows There are privacy issues associated with overuse of national identity numbers (for example, identity theft). Sometimes national identity numbers can have duplicates, as with U.S. Social Security numbers.Generating Encryption KeysEncrypted data is only as secure as the key used for encrypting it. An encryption key must be securely generated using secure cryptographic key generation. Oracle Database provides support for secure random number generation, with the RANDOMBYTES function of DBMS_CRYPTO. (This function replaces the capabilities provided by the GetKey procedure of the earlier DBMS_OBFUSCATION_TOOLKIT.) DBMS_CRYPTO calls the secure random number generator (RNG) previously certified by RSA Securit y.NoteDo not use the DBMS_RANDOM portion. The DBMS_RANDOM package generates pseudo-random numbers, which, as Randomness Recommendations for Security (RFC-1750) states that using pseudo-random processes to generate secret quantities can result in pseudo-security.Be sure to provide the correct number of bytes when you encrypt a key value. For example, you must provide a 16-byte key for the ENCRYPT_AES128 encryption algorithm.Transmitting Encryption KeysIf the encryption key is to be passed by the application to the database, then you must encrypt it. Otherwise, an intruder could get access to the key as it is being transmitted. Network encryption, such as that provided by Oracle Advanced Security, protects all data in transit from modification or interception, including cryptographic keys.Storing Encryption KeysStoring encryption keys is one of the most important, yet difficult, aspects of encryption. To recover data encrypted with a symmetric key, the key must be accessible to an au thorized application or user seeking to decrypt the data. At the same time, the key must be inaccessible to someone who is maliciously trying to access encrypted data that he is not supposed to see.The options available to a developer areStoring the Encryption Keys in the DatabaseStoring the Encryption Keys in the Operating SystemUsers Managing Their Own Encryption KeysUsing Transparent Database Encryption and Table situation EncryptionStoring the Encryption Keys in the DatabaseStoring the keys in the database cannot always provide infallible security if you are trying to protect against the database administrator accessing encrypted data. An all-privileged database administrator could still access tables containing encryption keys. However, it can often provide good security against the casual curious user or against someone compromising the database file on the operating system.As a trivial example, suppose you create a table (EMP) that contains employee data. You want to encrypt the employee Social Security number (SSN) stored in one of the columns. You could encrypt employee SSN using a key that is stored in a separate column. However, anyone with SELECT access on the entire table could see the encryption key and decrypt the matching SSN.While this encryption scheme seems easily defeated, with a little more effort you can create a solution that is much harder to break. For example, you could encrypt the SSN using a technique that performs some additional data transformation on the employee_number before using it to encrypt the SSN. This technique might be as simple as using an XOR operation on the employee_number and the birth date of the employee to determine the validity of the values.As additional protection, PL/SQL source code performing encryption can be wrapped, (using the WRAP utility) which obfuscates (scrambles) the code. The WRAP utility processes an input SQL file and obfuscates the PL/SQL units in it. For example, the following command uses t he keymanage.sql file as the inputwrap iname=/mydir/keymanage.sqlA developer can subsequently have a function in the package call the DBMS_OBFUSCATION_TOOLKIT with the key contained in the wrapped package.Oracle Database enables you to obfuscate dynamically generated PL/SQL code. The DBMS_DDL package contains two subprograms that allow you to obfuscate dynamically generated PL/SQL program units. For example, the following block uses the DBMS_DDL.CREATE_WRAPPED procedure to wrap dynamically generated PL/SQL code.BEGINSYS.DBMS_DDL.CREATE_WRAPPED (function_returning_PLSQL_code())ENDWhile wrapping is not unbreakable, it makes it harder for an intruder to get access to the encryption key. Even in cases where a different key is supplied for each encrypted data value, you should not embed the key value within a package. Instead, wrap the package that performs the key management (that is, data transformation or padding).An alternative to wrapping the data is to have a separate table in whic h to store the encryption key and to envelope the call to the keys table with a procedure. The key table can be joined to the data table using a primary key to hostile key relationship. For example, employee_number is the primary key in the employees table that stores employee information and the encrypted SSN. The employee_number column is a foreign key to the ssn_keys table that stores the encryption keys for the employee SSN. The key stored in the ssn_keys table can also be transformed before use (by using an XOR operation), so the key itself is not stored unencrypted. If you wrap the procedure, then that can hide the way in which the keys are transformed before use.The strengths of this approach are Users who have direct table access cannot see the sensitive data unencrypted, nor can they retrieve the keys to decrypt the data. Access to decrypted data can be controlled through a procedure that selects the encrypted data, retrieves the decipherment key from the key table, and t ransforms it before it can be used to decrypt the data. The data transformation algorithm is hidden from casual snooping by wrapping the procedure, which obfuscates the procedure code. SELECT access to both the data table and the keys table does not guarantee that the user with this access can decrypt the data, because the key is transformed before use.The weakness to this approach is that a user who has SELECT access to both the key table and the data table, and who can derive the key transformation algorithm, can break the encryption scheme.The preceding approach is not infallible, but it is adequate to protect against easy retrieval of sensitive information stored in clear text.Storing the Encryption Keys in the Operating SystemStoring keys in a flat file in the operating system is another option. Oracle Database enables you to make callouts from PL/SQL, which you could use to retrieve encryption keys. However, if you store keys in the operating system and make callouts to it, th en your data is only as secure as the protection on the operating system. If your primary security concern is that the database can be broken into from the operating system, then storing the keys in the operating system makes it easier for an intruder to retrieve encrypted data than storing the keys in the database itself.Users Managing Their Own Encryption KeysUsing Transparent Database Encryption and Table space EncryptionTransparent database encryption and table space encryption provide secu
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.