Database data security through the lens of cryptographic - - PowerPoint PPT Presentation

database data security through the lens of cryptographic
SMART_READER_LITE
LIVE PREVIEW

Database data security through the lens of cryptographic - - PowerPoint PPT Presentation

Mar 08, 2024 134 likes •718 views

Database data security through the lens of cryptographic engineering Eugene Pilyankevich, Chief Technical officer, Cossack Labs Data breaches, annually 1093 783 781 614 447 419 2011 2012 2013 2014 2015 2016 Airplane crashes,

slide-1
SLIDE 1

Database data security through the lens of cryptographic engineering

Eugene Pilyankevich,

Chief Technical officer, Cossack Labs

slide-2
SLIDE 2

419 447 614 783 781 1093 2011 2012 2013 2014 2015 2016

Data breaches, annually

slide-3
SLIDE 3

46 29 33 33 21 23 2011 2012 2013 2014 2015 2016

Airplane crashes, annually

slide-4
SLIDE 4

419 447 614 783 781 1093 2011 2012 2013 2014 2015 2016

Airplane crashes?

slide-5
SLIDE 5

Sensitive data 101

Any data, leakage or tampering of which can lead to damage to data

  • wner, data holder or related third

parties.

slide-6
SLIDE 6

Naïve security model

slide-7
SLIDE 7

Naïve security model

Ops-driven

Focused on components

slide-8
SLIDE 8

Naïve security model

Smash’n’grab Passive attacks Few generic vectors

slide-9
SLIDE 9

§ encryption-at-rest § encryption-in-transit § access distribution & control § event monitoring

Securing the naïve security model

slide-10
SLIDE 10

Pragmatic security model

slide-11
SLIDE 11

Real attackers are:

§ Smart and resourceful § Multi-skilled § Many vectors of attack … targeting an old vulnerability that you forgot to patch.

slide-12
SLIDE 12

Pragmatic security model

Poor perimeter

slide-13
SLIDE 13

Pragmatic security model

Poor perimeter Active and/or persistent attacks

slide-14
SLIDE 14

Pragmatic security model

Poor perimeter Active and/or persistent attacks Data-specific attacks

slide-15
SLIDE 15

Pragmatic security model

Poor perimeter Active and/or persistent attacks Data-specific attacks Systematic approach

slide-16
SLIDE 16

… anything else?

slide-17
SLIDE 17

Idealistic security model

slide-18
SLIDE 18

Idealistic security model:

Future is now Future is reliable Working as guinea pig is a great idea

slide-19
SLIDE 19

Idealistic security model:

Less than 10 years in public Assumptions assumptions Not tested in production

slide-20
SLIDE 20

Database encryption

slide-21
SLIDE 21

What does encryption do? Encryption narrows attack surface from data to keys

slide-22
SLIDE 22

Database encryption

Classic Modern

slide-23
SLIDE 23

Classic attacks

§ Smash ‘n’ grab § Snapshot attacker § Persistent passive attacker

slide-24
SLIDE 24

Сlassic encryption?

Row/column/table Database files Full disk encryption

slide-25
SLIDE 25

Сlassic encryption?

Row/column/table Database files Full disk encryption

NO DIFFE IFFERENCE

slide-26
SLIDE 26

Сlassic encryption, defeated

Leak keys: § Host compromise or snapshot § MiTM to leak from traffic Leak plaintext: § Host compromise § Passive/active MiTM § Source compromise

slide-27
SLIDE 27

Extended classic security

Protect data Protect database host Protect transport

slide-28
SLIDE 28

Typical modern attacks

§ Flow alternation (SQL Injection) § VM image leak § Full compromise (temporary or persistent)

slide-29
SLIDE 29
slide-30
SLIDE 30

Emerging DB attacks

slide-31
SLIDE 31

Emerging attacks

Write inference: § Reconstruct transaction from logs § Time transactions via bin logs to infer data Read inference: § Buffer pool § Slow query log if no full log is present

slide-32
SLIDE 32

Emerging attacks

SQL Injections to grab contents of diagnostic tables. information_schema.processlist, performance_schema.threads.

See also: events_statements_current, events_statements_history

slide-33
SLIDE 33

Emerging attacks

§ Snapshot attacks to get memory contents of: § Adaptive hash index § Query cache § Process heap (surprisingly revealing)

slide-34
SLIDE 34

New sources of risk

Communication volume Access patterns

slide-35
SLIDE 35

Practicalities

slide-36
SLIDE 36

Limit leakage

§ Limit key leakage: fetch keys from remote side, purge from memory before/after encryption § Limit data leakage: many keys, make

  • ne leak least problematic
slide-37
SLIDE 37

Offload

§ Encrypt/store keys on HSM. § Proxies! … not without drawbacks.

slide-38
SLIDE 38

Client-side encryption

§ Libraries § Various encryption schemes … not without drawbacks

slide-39
SLIDE 39

Encrypted databases

  • Client-side trust
  • Novel crypto scheme enabling remote
  • perations on ciphertext
  • Still a bit of a naïve model
slide-40
SLIDE 40

Ideally we want…

New ciphers?

slide-41
SLIDE 41

Constant failure so exciting!

NEW ATTACKS! DISPUTES ON SECURITY! IMPROVED ATTACKS! PROPOSED FIXES! BETTER ATTACKS! EMERGENCY UPDATES! DIFFERENT ATTACKS! NEW PROTOCOLS!

slide-42
SLIDE 42

Constant failure so exciting!

slide-43
SLIDE 43

Ideally we want boring crypto

Crypto that simply works, solidly resists attacks, never needs any upgrades. Daniel J. Bernstein, famous security/crypto scientist

slide-44
SLIDE 44

New ciphers! Better crypto schemes

Realistically we need…

slide-45
SLIDE 45

Practical ideas

§ Use great stuff § Use it correctly

slide-46
SLIDE 46

Practical ideas

§ Use proven ciphers: ECC, AES, Salsa20 / ChaCha20. § Don’t roll your own crypto: just don’t. § Use good libraries.

slide-47
SLIDE 47

Don’t roll your own crypto

§ Simple AES-GCM, ways to fail

slide-48
SLIDE 48

Don’t roll your own crypto

§ Simple AES-GCM call, ways to fail § Signed symmetric encryption, ways to fail

slide-49
SLIDE 49

Don’t roll your own crypto

§ Simple AES-GCM call, ways to fail § Signed symmetric encryption, ways to fail § Key wrapped symmetric encryption, ways to fail

slide-50
SLIDE 50

Don’t roll your own crypto

§ Buffer breaks here and now, with a memory fault. § Crypto leaks anywhere at any point in

  • time. Silently.
slide-51
SLIDE 51

Don’t roll your own crypto

JUST DON’T

slide-52
SLIDE 52

Practical ideas

  • Enforce non-leaky model(s).
  • Configure with query inference in mind.
slide-53
SLIDE 53

Practical ideas

  • Rotate encryption keys timely.
  • Revoke keys (rotate on compromise)
slide-54
SLIDE 54

Practical ideas

  • Focus on active attacks: SQL injections &

full compromise.

  • Focus on infrastructure around your DB.
  • Encrypt what is necessary.
slide-55
SLIDE 55

Practical ideas

  • Use native tools, if they’re well audited.
  • Use good frameworks :
  • Encryption: NaCl/Libsodium, Themis,

KeyCzar, tink

  • Encrypted shared access: ZeroKit,

Hermes, DocRaid

slide-56
SLIDE 56
slide-57
SLIDE 57

Thank you!

cossacklabs.com ivychapel.ink @9gunpi

slide-58
SLIDE 58

Links

General interest: Why Your Encrypted Database Is Not Secure, https://eprint.iacr.org/2017/468.pdf Cryptographically protected database search, https://arxiv.org/abs/1703.02014 Generic Attacks on Secure Outsourced Databases, http://scholar.harvard.edu/files/gkellaris/files/genericattacks.pdf Recontructing queries, inference, sensitive data leakage and other indirect attacks: InnoDB Database Forensics series: http://ieeexplore.ieee.org/document/5474822, http://ieeexplore.ieee.org/document/6329240/ Breaking Web Applications Built On Top of Encrypted Data, https://eprint.iacr.org/2016/920 Inference attacks Inference Attacks on Property-Preserving Encrypted Databases, https://cs.brown.edu/~seny/pubs/edb.pdf Database encryption: Protecting sensitive information with database encryption, https://www.owasp.org/images/c/c1/Database_Encryption.ppt Cossack Labs blog, Backend security series, https://www.cossacklabs.com/backend- security-series End-to-end data turnover, my talk at UISGCON 12, https://medium.com/@9gunpi/end-to- end-data-turnover-slides-and-notes-144006269863