- The types of encryption the databases can use.
- Big players like IBM and MySQL use various encryption methods and key protection mechanisms.
Data encryption is a way to protect secret and sensitive information by scrambling the data when it is being stored. There are so many methods to create and apply the secret codes. But, the end result should be the data that is inaccessible to the attacker in all possible ways.
Data encryption can be carried out by the process of encoding which can be categorized in the following use cases:
- Complete Secrecy: All the contents of the database are completely locked up to prevent any kind of access.
- Partial Secrecy: partial secrecy offers and access to certain columns or rows yet others are scrambled to prevent access. Regular operations can be carried out on the open data without impediment. But the scrambled columns offer limited access to the queries.
- Audit trails: Audit trails consist of digital signatures for hash functions to monitor and track down the changes in the database and to connect to the users that authorized those changes.
- Client-side secrecy: The user’s system scrambles and encrypts the data before it is stored in the database. Therefore the database cannot be accessed by the code being executed on the server.
- Homomorphic secrecy: This form of encryption makes it possible to analyze the data without unscrambling it using sophisticated mathematical algorithms.
- Hardware-level secrecy: certain applications are dependent on encryption which is built into the system hardware like a disk drive.
The process of encryption is similar to mathematical algorithms that build the foundation of a blockchain database. The digital signature algorithms which authorize and guarantee the updation in the ledgers are developed and supported using the same library.
The approach of legacy players towards encryption:
When it comes to Oracle it has shipped tools that enable data encryption for years now. The feature that they offer is called transparent database encryption which is specially designed to minimize the difficulty level of usage. The database administrators can choose to secure the entire database, specific sets of rows are columns, just the table. The Oracle Key Vault stores the keys separately. The benefit of these keys is that the authorized users don’t have to input the keys to access the database.
The reason behind this is that the database is transparently decrypted for its users and applications. This kind of automated encryption provides a strong defense mechanism against the attackers who managed to access the raw data stored on the disks.
Microsoft SQL Server also supports a similar encryption mechanism where the data is encrypted and secured before it is committed to the hard drive. They also called the mechanism transparent database encryption. The versions that use Azure cloud can use this encryption mechanism. They also provide a separate layer that is designed to ensure encrypted connections from the servers to the database.
Various operating systems like Mac OS, Linux, or Windows support the encryption of all the files as they are being committed to the hard drive. It also covers the indices and data columns committed by the database software. But, a downside to this is that encryption of the file system affects the load of the server significantly. This is because it takes a lot of time to record the data.
How are upstarts approaching it?
Open-source databases like MySQL or PostgreSQL include an encryption library that simplifies the process of encryption. Most of the platforms use predefined cryptographic libraries instead of creating their own encryption code. The pgcrypto module offers encryption that can be applied in SQL queries. The crypt() function can scramble passwords before they are saved.
MongoDB has added field-level encryption to secure and protect certain parts of the data in the database across all its offerings in December 2019. IBM doesn’t fall into the upstart category but it has been exploring very sophisticated algorithms for the implementation of homomorphic encryption. The company released a toolkit to add fully homomorphic encryption to iOS and Mac OS.
Management of Governance:
The challenge as far as encryption is concerned lies in keeping the keys safe and secure. The keys control the access to the data and should be kept separate when the database is not in use. Extra care should be exercised with the backups because losing a key can render an entire database useless.
Cloud companies offer key management services which isolate the keys from the regular computation. Microsoft Azure calls it a “Key Vault” and maintains the keys in a Hardware Security Module (HSM) which are stored with another layer of encryption. IBM calls the same service “Key Protect” and also uses HSM to secure the local keys that the database uses.
Limitations of Encrypted Database:
The process of encryption needs a great deal of computation which increases the cost of storage and Information retrieval. In certain situations, the CPUs are idle and the extra cost thus incurred can be ignored. Many computers and mobile phones rarely used a fraction of the available CPU cycle. If these devices encrypt the data then the computational burden starts to build up but you don’t want to overload the central database.
In other situations, the implementation of encryption may require strong database servers and large clusters to handle the load. This depends on how the encryption is applied and how the data is used. Certain hard disks come with bulk encryption and it is possible to use this feature without slowing down the hardware.
Conclusion:
Sophisticated algorithms like homomorphic encryption need a large computational infrastructure. The domain continues to be under extreme active exploration. Moreover, new algorithms can be several magnitudes faster compared to their predecessor but it may affect the performance significantly.
