cancel
Showing results for 
Search instead for 
Did you mean: 

Oracle data encryption

SOLVED
Go to solution
Fred Ruffet
Honored Contributor

Oracle data encryption

Hi all,

I've been asked a strange question...

A client doens't trust his DBA ! (If I was him, I would leave). Client asks me wether it is possible to have data in the database encrypted in such a way that DBA can not access it.

Software using this DB hasn't been created with such a feature (it doesn't use packages such as DBMS_CRYPTO to store data).

Everything I saw on the subject on Oracle Docs is advanced securityn, but it just seem to encrypt data transmission. Not storage.

Filesystem encryption wouldn't be of any help.

Is there any solution left ? (without having to explain client that a DBA is a person you can trust :)

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
12 REPLIES
Steven E. Protter
Exalted Contributor
Solution

Re: Oracle data encryption

I think you are out of luck. If you add a layer of encryption, you will probably invalidate your Oracle support agreement.

If you don't trust the DBA, why are you letting him DBA.

Apologies to Sam Kinison.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Simon Hargrave
Honored Contributor

Re: Oracle data encryption

If a database is encrtyped such that a DBA cannot access it, how can he administer it?

Such things as this should be handled by terms and conditions of employment, such that the DBA cannot abuse the data (which I assume is not the case, more a picky client).

If the DBA breaches those terms, there is call for dismissal. If he doesn't, then why would the client trust any other DBA over him?

From the DBA's point of view, I'd be bringing my CV/resume up to date!
Fred Ruffet
Honored Contributor

Re: Oracle data encryption

I knew I would get such answers, but I prefer to ask before giving mine to client :)

Simon,

When I talk about data encryption, I mean only application data. Of course Dictionnary can't. Depending on what you call a DBA job, even if you can read data, you can still administer. For me DBA aims at data integrity and availability. In this case, I think that integrity part is a bit more complicated, but you can still ensure data transmission to client and Oracle running fine.

SEP,

As I said : As a DBA, if my client doens't trust me, I leave.

Thanks a lot for those answers. I leave the thread open in case anybody know about a "encrypt-my-datafiles" Oracle option :)

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Yogeeraj_1
Honored Contributor

Re: Oracle data encryption

Hi fred!

did you also have a look at the dbms_obfuscation_toolkit ?

One example on how is to use the functions in there is:
dbms_obfuscation_toolkit.DESEncrypt
( input_string => mdata,
key_string => 'MagicKey',
encrypted_string=> mstr );

dbms_obfuscation_toolkit.DESDecrypt
( input_string => mstr,
key_string => 'MagicKey',
decrypted_string=> mdata );

if you need further help, do let us know.

best regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Fred Ruffet
Honored Contributor

Re: Oracle data encryption

yogeeraj,

I knew about that, but, it must be (as for dbms_crypto) implemented in the application.
Apparently, client has been answered that application must be modified.

Thanks,

Fred
--

"Reality is just a point of view." (P. K. D.)
Indira Aramandla
Honored Contributor

Re: Oracle data encryption

Hi fred,

As Yogeeraj mentioned, DBMS_OBFUSCATION_TOOLKIT is the way to encrypt non-dictionary data.

We did this once when working for a Police services client, and we had to send the Nominla and Vehicle data to another site where the application team was and I used this package to encrypt the data.

But in the end some body must know the key that is being used to encrypt the data (IF NOT A DBA........ELSE WHO).

Here is more.....
since Oracle 8i release Oracle provides the ability to encrypt data stored in the database at the column level encrypting data that is sensitive to your business.

The package, DBMS_OBFUSCATION_TOOLKIT, is provided in both Standard Edition and Enterprise Edition. It does not require additional licensing. Note that the Advanced Security Option (ASO) that supports Network Encryption does require alicense.

In the Oracle9i three options available to a developer are discussed:
Store the key in the database
Store the key in the operating system
Have the user manage the key

Care must be taken by the application developers to ensure the secure generation and storage of encryption keys used with the package. Furthermore, the encryption and decryption done by the DBMS_OBFUSCATION_TOOLKIT takes place on the server, not the client. If the key is passed over the connection between the client and the server, the connection must be protected using Oracle Advanced Security. Otherwise the key is vulnerable to capture over the wire.

Data can only be encrypted using the DES (Data Encryption Standard) symmetric key algorithm. When using symmetric key algorithms, once the data is encrypted with a given key you cannot decrypt without using the same key.

The secrecy of encrypted data is dependent on the existence of a secret key shared between the communicating parties. Providing and maintaining such secret keys is known as "key management". Key management, including both generation and secure storage of cryptographic keys, is one of the most important aspects of encryption. If keys are poorly chosen or stored improperly, it is far easier for a malefactor to break the encryption. Rather than using an exhaustive key search attack (that is, cycling through all the possible keys in hopes of finding the correct decryption key, also known as 'brute force attack'), cryptanalysts typically seek weaknesses in the choice of keys, or the way in which keys are stored.

Remember that encryption is something that is easily done wrong and very hard to get right. Once you have chosen a secure algorithm, consider that as the first step in achieving security requirements. The next main problem is key management. Imagine, when a corporation wants to protect credit card information from rogue DBAs, it makes no sense to trust the DBAs with the encryption keys. In the real world, key management is the hardest part of cryptography.

Key storage is one of the most important, yet difficult aspects of encryption and one of the hardest to manage properly. To recover data encrypted with a secret key, the key must be accessible to the application or user seeking to decrypt data. The key needs to be easy enough to retrieve that users can access encrypted data when they need to without significant performance degradation. The key also needs to be secure enough so that it is not easily recoverable by an unauthorized user trying to access encrypted data he is not supposed to see.

Indira A
Never give up, Keep Trying
Fred Ruffet
Honored Contributor

Re: Oracle data encryption

Indira,

I agree that DBMS_OBFUSCATION_TOOLKIT may be the most appropriate way of doing such things, but it have to be implemented *in* application, isn't it ?

Regarding key privacy, it is a really hard thing to keep... To make it short, I think that the only way is to have key coded in app and transfert in a secured way (ASO, secured tunelling...) to the server. If you want administrators out of data, you can't keep this key on server.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Eric Antunes
Honored Contributor

Re: Oracle data encryption

Hi Fred,

I did encrypt some passwords once with a using a dll library developed in C/C++ and calling the crypt and decrypt library functions in Forms with Built-in package ORA_FFI.

Your client must modify the application AND the current data in the database witch will be even more difficult to do...

My suggestion (similar to others) is that your client should forget this encryption idea and have a DBA he can trust (if he really can't trust the actual DBA).

Best Regards,

Eric Antunes
Each and every day is a good day to learn.
Fred Ruffet
Honored Contributor

Re: Oracle data encryption

Eric,

In a way, I must admit that, considering stored data, suspicion may not be a bad thing...

Now, as said, client has been told application have to be modified to get this new feature (data encryption). A good thing is that it is a new installation of this app, so it does not contain any existing data to encrypt.

One point I don't really know about is CPU overhead and slowness of app due to that encryption... Some told me about a 30% calculation overhead. I think it directly depends on key size and algorithm.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Eric Antunes
Honored Contributor

Re: Oracle data encryption

Hi again,

About DBMS_OBFUSCATION_TOOLKIT package, you just need to call the respective functions and/or procedures in Forms and Reports (for each database column I think): this will be a huge task!

Best Regards,

Eric Antunes
Each and every day is a good day to learn.
Eric Antunes
Honored Contributor

Re: Oracle data encryption

Hi again Fred

"Some told me about a 30% calculation overhead".

I think the CPU overhead won't be so high: may be 5%...

Best Regards,

Eric Antunes
Each and every day is a good day to learn.
Yogeeraj_1
Honored Contributor

Re: Oracle data encryption

hi Fred,

just came across this article.
http://www.oracle.com/technology/pub/articles/10gdba/nanda_10gr2dba_part1.html

very interesting.

Have a look!

cheers
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)