Vous voulez voir cette page en français ? Cliquez ici.

Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Cryptography in the Database: The Last Line of Defense [Paperback]

Kevin Kenan

List Price: CDN$ 57.99
Price: CDN$ 36.53 & FREE Shipping. Details
You Save: CDN$ 21.46 (37%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Usually ships within 1 to 2 months.
Ships from and sold by Amazon.ca. Gift-wrap available.
Save Up to 90% on Textbooks
Hit the books in Amazon.ca's Textbook Store and save up to 90% on used textbooks and 35% on new textbooks. Learn more.
Join Amazon Student in Canada

Book Description

Oct. 19 2005 0321320735 978-0321320735 1
Protect Your Enterprise Data with Rock-Solid Database Encryption. If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure-from your customers, your partners, your stockholders, and now, the government-to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications. Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building-or selecting and integrating-a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption. This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.

Special Offers and Product Promotions

  • Join Amazon Student in Canada

Product Details

Product Description

From the Inside Flap

Cryptography in the DatabasePrefaceAbout This Book

This book is about using established cryptographic techniques and algorithms to protect information while it is at rest in a database. The emphasis is on designing and building (or selecting and integrating) a cryptosystem to protect against clearly identified threats against the database. Security is assumed to be a top priority. As such, the discussions in this book cover not only encrypting the data, but also attacks against the encrypted data.

If the cryptography is not implemented carefully, attackers can recover data even if it is protected by strong encryption. Many examples of this have been seen in the field of secure communications. For instance, the widely publicized weaknesses in the encrypted wireless protocol WEP have prompted many to move to WPA even at the cost of buying new equipment. Database encryption can suffer from the same sort of weaknesses. Simple, naïve encryption of the data is not enough. My goal is to provide a solid blueprint and execution plan so that a team charged with the task of encrypting sensitive information in a database will be successful.

The cryptosystem presented in this book should be seen as a template that outlines threats against data at rest and provides safeguards against those threats. Problems and pitfalls common to implementing cryptography, such as mode selection and key management, are identified and addressed. The architecture is flexible and should be adaptable to many environments.

For situations where some element of the presented solution simply does not fit, you should find enough information and guidance to pursue variations in the design. Similarly, when you're evaluating database cryptosystems from vendors, you can use the design in this book and the reasons behind the decisions that shaped that design as a sort of baseline.

Even if the proposed system differs markedly from the design in this book, it will still have to map keys to columns and rows and provide a key life cycle. It will still have to store and protect keys, select an appropriate encryption mode, and handle initialization vectors. Most importantly, any solution must adequately reduce the risks outlined in an organization's threat model. You must consider all these details. By working through these issues and presenting a working cryptosystem, my hope is that this book will enable a team to successfully build or buy a database cryptosystem.

Who Should Read This Book

The core audience for this book is the technical lead responsible for protecting sensitive information in a database. This person might be an architect, a senior system or security analyst, a database administrator, or a technical project manager. Because success requires that the team implement the cryptographic architecture correctly and securely, the lead must provide guidance throughout the project on secure development practices as well as technology.

This book assumes that the technical lead is a senior application security analyst. Our analyst is part of a team responsible for an application that handles and stores sensitive information in a database. The analyst's job begins with convincing the team, its management, and the customer that encryption is necessary. From there, the analyst contributes to each stage of the project to ensure that the team specifies, designs, and implements the cryptographic solution correctly and securely.

Forprojects that don't have a dedicated security analyst, one of the other roles, such as architect or system analyst, may serve just as well so long as security is explicitly called out as a core responsibility. In some projects, the security analyst role described here might be best split across multiple people. A logical split would be between a security-focused technical lead, such as the architect, and the project manager.


This book assumes that you are familiar with databases and have a passing knowledge of cryptography. A brief refresher is offered on databases, and cryptography is introduced and treated in more depth. Experience with Java or some other programming language is necessary to get the most out of the code examples included at the end of the book. Knowledge of application development methodologies will also help provide context for the discussion of secure development practices.


This book is divided into four major parts. The opening covers database security at a high level, and the second part details a database cryptosystem design. The third part discusses development practices necessary to implement a cryptosystem securely, and the final part provides working code examples of the design.

Part I, "Database Security," opens, unsurprisingly, with Chapter 1, "The Case for Database Security," which looks at why database security is important and what sort of attacks databases face. This discussion culminates in a generalized threat model for database security. The chapter concludes with a brief survey of regulatory requirements to secure data. Then, Chapter 2, "Securing Databases with Cryptography," discusses the kinds of protection that cryptography can provide to a database. This chapter also introduces the idea that the cryptography itself can introduce new risks and sets the groundwork for examining the cryptosystem itself forweaknesses. We can't just assume that encrypted data, even when encrypted with strong algorithms, is secure.

Part II, "A Cryptographic Infrastructure," details the design of a cryptographic infrastructure. Chapter 3, "An Overview of Cryptographic Infrastructure," provides an overview of the cryptosystem and presents the fundamentals of key management and how keys are assigned to data for encryption. Chapter 4, "Cryptographic Engines and Algorithms," covers algorithms and engines. An engine is the component that actually carries out the cryptographic operations. Different types of engines are discussed. There are several ways to apply the cryptographic algorithm used in this book (which is AES), and the discussion of modes at the conclusion of this chapter explores these as well as considers the vulnerabilities that improper use of a mode can introduce. Chapter 5, "Keys: Vaults, Manifests, and Managers," covers the components that store and manage keys, and Chapter 6, "Cryptographic Providers and Consumers," describes how an application interacts with the cryptosystem.

At first, Part III, "The Cryptographic Project," may seem somewhat out of place because it focuses on secure development practices. If you're an expert on developing secure applications, these six chapters may be review. However, experience has shown (not to mention the plethora of successfully attacked applications gracing the weekly news) that secure application development expertise is far from common. A database cryptosystem is a primary element of an organization's security infrastructure. Other applications will depend on thecryptosystem's security, so every effort must be made to ensure that the implementation is as secure as possible. Vulnerabilities in the database cryptosystem put data throughout the organization at risk. The seriousness of this situation earned the topic this prominent placement.

The discussion of secure development practices begins with an overview of managing a cryptographic project in Chapter 7, "Managing the Cryptographic Project." Chapter 8, "Requirements Hardening," covers specifying security and cryptographic requirements and includes a discussion of data classification. Securing the design itself is the subject of Chapter 9, "Design Hardening," which consists of guidelines, threat modeling, and the application of security patterns. General guidelines for secure programming (what most people think of as development) are covered in Chapter 10, "Secure Development." The last two chapters of this part, Chapters 11, "Testing," and 12, "Deployment, Defense, and Decommissioning," cover testing and the three Ds—deployment, defense, and decommissioning.

Part IV, "Example Code," consists of code examples and explanations. Each component discussed in Part II is represented, along with nearly all the core functionality. This code lets you explore and experiment with the functioning of a live database cryptosystem. Hopefully these concrete examples will help remove any ambiguities introduced by the more theoretical exposition in the earlier parts of the book and will prepare you to implement or evaluate a production cryptosystem. The final chapter, Chapter 21, "The System at Work," shows the example system at work.It illustrates everything from setting up key-encrypting keys to searching for encrypted data.

© Copyright Pearson Education. All rights reserved.

From the Back Cover

Protect Your Enterprise Data with Rock-Solid Database Encryption

If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure—from your customers, your partners, your stockholders, and now, the government—to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications.

Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building—or selecting and integrating—a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption.

This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.

This book's coverage includes

  • Understanding your legal obligations to protect data

  • Constructing a realistic database security threat model and ensuring that you address critical threats

  • Designing robust database cryptographic infrastructure around today's most effective security patterns

  • Hardening your database security requirements

  • Classifying the sensitivity of your data

  • Writing database applications that interact securely with your cryptosystem

  • Avoiding the common vulnerabilities that compromise database applications

  • Managing cryptographic projects in your enterprise database environment

  • Testing, deploying, defending, and decommissioning secure database applications

Cryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others.

© Copyright Pearson Education. All rights reserved.

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.3 out of 5 stars  7 reviews
15 of 16 people found the following review helpful
4.0 out of 5 stars In a year of high profile data tape loss, this is just right Nov. 2 2005
By Stephen Northcutt - Published on Amazon.com
Iorn mountain, UPS both had very drastic failures this year, backup tapes with thousands of customer records were lost. Everybody in the industry is scrambling to figure out how to encrypt the backup tapes. Most of us feel the option of simply making a backup of already encrypted data is a better choice than piping the backup through an encryption process. This book arrives in our hour of need and it has the feel of a been there, done that author.

The code examples are MySQL and Java 1.4.2 and really helped me understand just what needs to happen. The majority of the book is platform agnostic, so if you run a different platform it will still be valuable.

The book is well written, well edited, well laid out, what you expect to see from Addison-Wesley and Symantec Press.

The only thing that drove me crazy about the book is on page 163, the author recommends HSMs ( Hardware Security Model) for storing the keys to the kingdom, yup, yup, I agree, we all agree. And then he goes on to say, Java 1.4.2 does not support this -- ouch! However, his code examples are a nice work around using AES on the local engine which is good'nuff.

Got sensitive data? Then get this book!
13 of 14 people found the following review helpful
4.0 out of 5 stars Good for developers March 9 2006
By Dr Anton Chuvakin - Published on Amazon.com
To be honest, when picking up this book, I was not interested in implementation details and internals of database cryptography (part II), but more in enabling database security by means of encryption (part I). Therefore, I was coming more from the user vs developer perspective. I was even less interested in managing the database cryptographic project.

As a result, I enjoyed the part I on database security with motivations, attacks against databases, threat models and a primer on securing databases with cryptography. If you are "doing security" read part I, if you are implementing database encryption or record hashing - read the rest of the book.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and book author. A frequent conference speaker, he also participates in various security industry initiatives and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". He also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal [...] and a blog at [...]
9 of 10 people found the following review helpful
5.0 out of 5 stars An Excellent Reference for Database Security and Encryption Nov. 11 2005
By Charles Hornat - www.infosecwriters.com - Published on Amazon.com
When I pick up a Symantec Press book, I will either love them or dislike them. I never have mixed emotions about them. This book I love. His book should be titled, Database Security. While the primary focus is on encryption, the author dives into several topics I wish some of my past DBAs had known.

The book is divided into four major parts: Database Security, A Crpytographic Infrastructure, The Cryptographic project, and Example Code. I however would calssify the book into two major parts. The first part is reading and understanding some fundamentals that are very important. Throughout this first part, there are many graphical presentations to help the reader understand, in a graphical way, what the author is discussing. This is most visible in the third chapter entitled An overview of Cryptographic Infrastructure.

The second part of the book is actual code written in Java, and designed for plain SQL, the author does confirm that all examples work in MYSQL. The examples give common scenarios such as consumer input. Consumer input requires first name, last name, credit card information, the verification code and other fields. This example discusses and demonstrates a best practice model around that code.

Given the two parts above, this book is solid, and I would have recommended it. However, the author went a step further, and included information on security surrounding the database, penetration testing and methodologies for databases, architecture and design best practices, and so many other important points. This makes this book valuable to anyone working with databases.

The section breakdown is as follows:
* Database Security - Common Attacks Against Databases; Laws and Regulations; and Cryptography
* Cryptographic Infrastructure - Introduction to Keys, and Their Management; Engines and Algorithms; and Vaults, Manifests and Managers
* The Cryptographic Project - Outlines the Security Culture; Hardening, Classifications, and Policies; Securing Design; Securing Development; and Testing
* Example Code - Key Vaults; Manifest; Key Managers; Engines; Receipts and the Provider; The Consumer; Exceptions; and the System at Work.

Overall this book is geared to medium level technicians for best practices and coding examples. Although anyone working with databases in general could find something useful in this book, even if its design, architecture and implementation best practices.
7 of 8 people found the following review helpful
5.0 out of 5 stars describes a key management system Nov. 9 2005
By W Boudville - Published on Amazon.com
Much attention has been focused on network attacks by crackers, and how to stop these. So powerful software like Snort and Nessus have emerged, with books dedicated to them. But Kenan describes a relatively overlooked situation, where you might have to encrypt your database. The main reason is confidentiality. You don't want unauthorised usage. Either for copying or changing.

Here, you still have to defend against network attacks, possibly by using the above tools. But now there is the chance that your users or sysadmins might have nefarious intent. So the book shows how to design a system such that various columns in a SQL table can be encrypted. Different keys could be used for different columns, though a given key might apply over several columns if you wish.

The book uses a symmetric key cryptosystem. It downplays a PKI system. Those are slower. Plus their forte might be for distributed systems. Here, the scenario is more likely to be a central data centre.

There are several excellent system diagrams that nicely describe the data flow, and the various software (and perhaps hardware) players that make up the system. In essence, there needs to be an entire key management system along with a cryptographic engine. The former handles requests for a key by generating one and an alias for the key. Plus it stashes away the keys, preferably in a separate computer. There is even the necessity for a key to encrypt the keys!

Kenan also explains a "honeycomb". You may have heard of a honeypot, which is a dedicated computer or maybe an email account, that is used to attract crackers and spam. Well, a honeycomb could be a table in the database used for a similar purpose. Or even some rows in a given table. If these are accessed, software alarms go off, because no normal usage of the database should do so. Nifty idea.

Code examples for a simple system implementation are given in Java. Though if you are considering this book, you are likely no tyro in whatever language you use. The Java code is straightforward enough to be understandable and recoded.
4 of 5 people found the following review helpful
4.0 out of 5 stars A little more like "Cryptography Alongside The Database" Dec 17 2005
By Christopher B. Browne - Published on Amazon.com
I kind of went in expecting this to be some form of "marketing spiel" for someone's embedding of crypto tools into one or another DBMS. I was pleasantly surprised, instead, to see that this was much more an "analytical" work; something of an account of some of the practices at Symantec.

What is particularly laudable is that they start not by explaining crypto technologies, but rather motivating things by enumerating a threat model. Sensitive data needs to be protected from various sorts of attacks that can come from outsiders as well as insiders, the latter requiring *much* more care as they may legitimately need to have access.

The assumption (which seems entirely valid) is that crypto keys need to be particularly carefully managed as a *very* tightly restricted database of their own.

The examples quite conspicuously *don't* involve cryptography taking place inside the database; that practice is one that would necessarily be equivalent to giving all of the keys to the DBAs and/or system administrators, as they control database engine deployment. Instead, crypto activity takes place outside the database; secure applications require a particularly secured portion of the application infrastructure.

The one place that they get a bit "hand-wavy" is in proposing that Hardware Security Modules are the only really forcible way to achieve strong security. I tend to agree with that doctrine; I suspect they intentionally glossed over it in that their approach of using standard Java libraries for all of their examples did not admit the ability to use HSMs. Implementing an HSM requires going to a great deal of trouble, and that feels like it ought to be a subsequent project for another book.

In view of emerging sorts of privacy legislation that mandate keeping data secure, this looks like one of the books that anyone storing sensitive information should read and heed...

Look for similar items by category