SlideShare ist ein Scribd-Unternehmen logo

Encryption oracle

Als PPTX, PDF herunterladen
M
manong007
TechnologieBildung
1 von 9
All About Encryption
Encryption Overview • Two main types we are concerned with – Data in motion, over the network – Data at rest, datafiles, backups, redo, exports • We will be concentrating on data at rest • Question & Discussion: – What is the goal behind encrypting data? – Why do we do it? – What doesn’t it do for us? What can it NOT protect us from?
Encryption Overview • Data in motion is easily done with SQL*Net and ASO – Network traffic entirely encrypted, snoop proof – Encrypted checksum as well – to prevent “replay” attacks (eg: let’s do that bank transfer twice) – And to prevent modification (eg: let’s change the leading 1 to a 9 in that transaction)
Encryption Overview • Data at rest options… – DBMS_OBFUSCATION_TOOLKIT • 8i-9iR2 • Would not use this anymore • Will not talk about it beyond this slide • Let’s have a quick talk about wrapper packages… – DBMS_CRYPTO • 10gR1 and above • Would not use this unless I had to (because of the next two bullets) – Column Level Encryption • 10gR2 and above (ASO) – Tablespace Encryption • 11gR1 and above (ASO)
DBMS_CRYPTO • Encrypt/Decrypt data procedurally – DES, 3DES – AES – RC4 • Hash functions – MD5, SHA-1, MD4 – Can use secret key as well • Random functions – Raw keys – Number and Integers as well
DBMS_CRYPTO • The major problem – KEY MANAGEMENT – Do you store the key in the application? • How do you secure it there? • You need to retrieve it and transmit it – Do you store the key in the database? • If I steal your database, I have your keys • You will have code that retrieves the key, I will find out how – There are no good answers to this problem.
DBMS_CRYPTO • API driven. • You code it, definitely not transparent. • Definite performance impact (compared to column and/or tablespace encryption) • Supports as inputs – RAW – CLOB – BLOB • And always returns binary output – You will use BLOB or RAW to store – If you use varchar2, you need to round up to multiple of 16 and double the length and RAWTOHEX or base64 encode the data. – Discuss legacy obfuscation toolkit and varchar2 flaw
DBMS_CRYPTO • Simple Examples – Input raw after converting – Specify typ – the stream or block cipher type. Block cipher is what we use for storing data persistently – Key – the encryption key – Use varchar2 interface and the CLOB • Performance – What impact will this have? (it will be different for everyone) Encrypt1.sql – How to measure it? Encrypt2.sql Encrypt3.sql

Empfohlen

Mp26 : Tachyon, sloppiness is bliss
Mp26 : Tachyon, sloppiness is blissMp26 : Tachyon, sloppiness is bliss
Mp26 : Tachyon, sloppiness is blissMontreal Python
 
Hash cat
Hash catHash cat
Hash catSreekanth Narendran
 
The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOUYurii Bilyk
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodYurii Bilyk
 
KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...
KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...
KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...Yiran Wang
 
Distributed unique id generation
Distributed unique id generationDistributed unique id generation
Distributed unique id generationTung Nguyen
 
Class 16
Class 16Class 16
Class 16Dr. Ajith Sundaram
 
Class 17
Class 17Class 17
Class 17Dr. Ajith Sundaram
 

Empfohlen

Mp26 : Tachyon, sloppiness is bliss
Mp26 : Tachyon, sloppiness is blissMp26 : Tachyon, sloppiness is bliss
Mp26 : Tachyon, sloppiness is blissMontreal Python
 
Hash cat
Hash catHash cat
Hash catSreekanth Narendran
 
The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOUYurii Bilyk
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodYurii Bilyk
 
KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...
KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...
KubeCon EU 2019 - P2P Docker Image Distribution in Hybrid Cloud Environment w...Yiran Wang
 
Distributed unique id generation
Distributed unique id generationDistributed unique id generation
Distributed unique id generationTung Nguyen
 
Class 16
Class 16Class 16
Class 16Dr. Ajith Sundaram
 
Class 17
Class 17Class 17
Class 17Dr. Ajith Sundaram
 
Nats
NatsNats
Nats泓諺 陳
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 
NLP techniques for log analysis
NLP techniques for log analysisNLP techniques for log analysis
NLP techniques for log analysisJacob Perkins
 
Druid beginner performance tips
Druid beginner performance tipsDruid beginner performance tips
Druid beginner performance tipsvishnu rao
 
Welcome to the nightmare of locking, blocking and isolation levels!
Welcome to the nightmare of locking, blocking and isolation levels!Welcome to the nightmare of locking, blocking and isolation levels!
Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov
 
The nightmare of locking, blocking and isolation levels!
The nightmare of locking, blocking and isolation levels!The nightmare of locking, blocking and isolation levels!
The nightmare of locking, blocking and isolation levels!Boris Hristov
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Functional Programming and Concurrency Patterns in Scala
Functional Programming and Concurrency Patterns in ScalaFunctional Programming and Concurrency Patterns in Scala
Functional Programming and Concurrency Patterns in Scalakellogh
 
Cryptography
CryptographyCryptography
CryptographyKetan Thakkar
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
Rootconf2019
Rootconf2019Rootconf2019
Rootconf2019Huzaifa Sidhpurwala
 
SPDY @Zynga
SPDY @ZyngaSPDY @Zynga
SPDY @ZyngaMike Belshe
 
Windows Domains Part 2
Windows Domains Part 2Windows Domains Part 2
Windows Domains Part 2UTD Computer Security Group
 
Tim purinton gcc 2016
Tim purinton gcc 2016Tim purinton gcc 2016
Tim purinton gcc 2016GWT
 
Fuentes, Fortalezas, Etc
Fuentes, Fortalezas, EtcFuentes, Fortalezas, Etc
Fuentes, Fortalezas, EtcJOSE DOMINGUEZ
 
Joan perreault gcc 2016
Joan perreault gcc 2016Joan perreault gcc 2016
Joan perreault gcc 2016GWT
 
String_Theory_Essay_Malay
String_Theory_Essay_MalayString_Theory_Essay_Malay
String_Theory_Essay_MalayRaif Sam
 
Railsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDRailsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDFlurry, Inc.
 
Conflict Minerals - A Supply Chain Check for Electronic OEMs Industry
Conflict Minerals - A Supply Chain Check for Electronic OEMs IndustryConflict Minerals - A Supply Chain Check for Electronic OEMs Industry
Conflict Minerals - A Supply Chain Check for Electronic OEMs IndustryBeroe Inc - Advantage Procurement
 
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...firmanahyuda
 
Cover Letter Alzando Van As Updated
Cover Letter Alzando Van As UpdatedCover Letter Alzando Van As Updated
Cover Letter Alzando Van As UpdatedAlzando Van As
 

Weitere ähnliche Inhalte

Was ist angesagt?

UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 
NLP techniques for log analysis
NLP techniques for log analysisNLP techniques for log analysis
NLP techniques for log analysisJacob Perkins
 
Druid beginner performance tips
Druid beginner performance tipsDruid beginner performance tips
Druid beginner performance tipsvishnu rao
 
Welcome to the nightmare of locking, blocking and isolation levels!
Welcome to the nightmare of locking, blocking and isolation levels!Welcome to the nightmare of locking, blocking and isolation levels!
Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov
 
The nightmare of locking, blocking and isolation levels!
The nightmare of locking, blocking and isolation levels!The nightmare of locking, blocking and isolation levels!
The nightmare of locking, blocking and isolation levels!Boris Hristov
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Functional Programming and Concurrency Patterns in Scala
Functional Programming and Concurrency Patterns in ScalaFunctional Programming and Concurrency Patterns in Scala
Functional Programming and Concurrency Patterns in Scalakellogh
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 

Was ist angesagt? (14)

Nats
NatsNats
Nats
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
 
NLP techniques for log analysis
NLP techniques for log analysisNLP techniques for log analysis
NLP techniques for log analysis
 
Druid beginner performance tips
Druid beginner performance tipsDruid beginner performance tips
Druid beginner performance tips
 
Welcome to the nightmare of locking, blocking and isolation levels!
Welcome to the nightmare of locking, blocking and isolation levels!Welcome to the nightmare of locking, blocking and isolation levels!
Welcome to the nightmare of locking, blocking and isolation levels!
 
The nightmare of locking, blocking and isolation levels!
The nightmare of locking, blocking and isolation levels!The nightmare of locking, blocking and isolation levels!
The nightmare of locking, blocking and isolation levels!
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed Hashing
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
 
Functional Programming and Concurrency Patterns in Scala
Functional Programming and Concurrency Patterns in ScalaFunctional Programming and Concurrency Patterns in Scala
Functional Programming and Concurrency Patterns in Scala
 
Cryptography
CryptographyCryptography
Cryptography
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Rootconf2019
Rootconf2019Rootconf2019
Rootconf2019
 
SPDY @Zynga
SPDY @ZyngaSPDY @Zynga
SPDY @Zynga
 
Windows Domains Part 2
Windows Domains Part 2Windows Domains Part 2
Windows Domains Part 2
 

Andere mochten auch

Tim purinton gcc 2016
Tim purinton gcc 2016Tim purinton gcc 2016
Tim purinton gcc 2016GWT
 
Fuentes, Fortalezas, Etc
Fuentes, Fortalezas, EtcFuentes, Fortalezas, Etc
Fuentes, Fortalezas, EtcJOSE DOMINGUEZ
 
Joan perreault gcc 2016
Joan perreault gcc 2016Joan perreault gcc 2016
Joan perreault gcc 2016GWT
 
String_Theory_Essay_Malay
String_Theory_Essay_MalayString_Theory_Essay_Malay
String_Theory_Essay_MalayRaif Sam
 
Railsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDRailsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDFlurry, Inc.
 
Conflict Minerals - A Supply Chain Check for Electronic OEMs Industry
Conflict Minerals - A Supply Chain Check for Electronic OEMs IndustryConflict Minerals - A Supply Chain Check for Electronic OEMs Industry
Conflict Minerals - A Supply Chain Check for Electronic OEMs IndustryBeroe Inc - Advantage Procurement
 
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...firmanahyuda
 
Cover Letter Alzando Van As Updated
Cover Letter Alzando Van As UpdatedCover Letter Alzando Van As Updated
Cover Letter Alzando Van As UpdatedAlzando Van As
 
ум ктп 8 кл. 2016 2017
ум ктп 8 кл. 2016 2017ум ктп 8 кл. 2016 2017
ум ктп 8 кл. 2016 2017PolinaMokrushina
 
Nucleas Research Supply.com Case Study.PDF
Nucleas Research Supply.com Case Study.PDFNucleas Research Supply.com Case Study.PDF
Nucleas Research Supply.com Case Study.PDFTyler Furnari
 
1513717 김유정 한스 퀴즈
1513717 김유정 한스 퀴즈1513717 김유정 한스 퀴즈
1513717 김유정 한스 퀴즈유정 김
 
Flurry State of App Nation 2016 - CES APPNATION VII
Flurry State of App Nation 2016 - CES APPNATION VII Flurry State of App Nation 2016 - CES APPNATION VII
Flurry State of App Nation 2016 - CES APPNATION VII Flurry, Inc.
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Presentation at Big Data & Analytics for Insurance 2016
Presentation at Big Data & Analytics for Insurance 2016Presentation at Big Data & Analytics for Insurance 2016
Presentation at Big Data & Analytics for Insurance 2016Paul Laughlin
 

Andere mochten auch (17)

Tim purinton gcc 2016
Tim purinton gcc 2016Tim purinton gcc 2016
Tim purinton gcc 2016
 
Fuentes, Fortalezas, Etc
Fuentes, Fortalezas, EtcFuentes, Fortalezas, Etc
Fuentes, Fortalezas, Etc
 
Joan perreault gcc 2016
Joan perreault gcc 2016Joan perreault gcc 2016
Joan perreault gcc 2016
 
String_Theory_Essay_Malay
String_Theory_Essay_MalayString_Theory_Essay_Malay
String_Theory_Essay_Malay
 
Railsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDRailsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUD
 
Conflict Minerals - A Supply Chain Check for Electronic OEMs Industry
Conflict Minerals - A Supply Chain Check for Electronic OEMs IndustryConflict Minerals - A Supply Chain Check for Electronic OEMs Industry
Conflict Minerals - A Supply Chain Check for Electronic OEMs Industry
 
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...
Ppt PENGARUH LAMA PENJEMURAN TERHADAP EFISIENSI MESIN PENGUPAS KULIT ARI KOPI...
 
Cover Letter Alzando Van As Updated
Cover Letter Alzando Van As UpdatedCover Letter Alzando Van As Updated
Cover Letter Alzando Van As Updated
 
ум ктп 8 кл. 2016 2017
ум ктп 8 кл. 2016 2017ум ктп 8 кл. 2016 2017
ум ктп 8 кл. 2016 2017
 
Nucleas Research Supply.com Case Study.PDF
Nucleas Research Supply.com Case Study.PDFNucleas Research Supply.com Case Study.PDF
Nucleas Research Supply.com Case Study.PDF
 
Constituciones 3
Constituciones 3Constituciones 3
Constituciones 3
 
Security Threat Mapping
Security Threat MappingSecurity Threat Mapping
Security Threat Mapping
 
Deep Dive on Amazon Redshift
Deep Dive on Amazon RedshiftDeep Dive on Amazon Redshift
Deep Dive on Amazon Redshift
 
1513717 김유정 한스 퀴즈
1513717 김유정 한스 퀴즈1513717 김유정 한스 퀴즈
1513717 김유정 한스 퀴즈
 
Flurry State of App Nation 2016 - CES APPNATION VII
Flurry State of App Nation 2016 - CES APPNATION VII Flurry State of App Nation 2016 - CES APPNATION VII
Flurry State of App Nation 2016 - CES APPNATION VII
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
Presentation at Big Data & Analytics for Insurance 2016
Presentation at Big Data & Analytics for Insurance 2016Presentation at Big Data & Analytics for Insurance 2016
Presentation at Big Data & Analytics for Insurance 2016
 

Ähnlich wie Encryption oracle

Share winter 2016 encryption
Share winter 2016 encryptionShare winter 2016 encryption
Share winter 2016 encryptionbigendiansmalls
 
7. Key-Value Databases: In Depth
7. Key-Value Databases: In Depth7. Key-Value Databases: In Depth
7. Key-Value Databases: In DepthFabio Fumarola
 
Introduction to Akka-Streams
Introduction to Akka-StreamsIntroduction to Akka-Streams
Introduction to Akka-Streamsdmantula
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Peter Hlavaty
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?Marko Bevc
 
Introduction to cryptography part1-final
Introduction to cryptography part1-finalIntroduction to cryptography part1-final
Introduction to cryptography part1-finalTaymoor Nazmy
 
Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)Nate Lawson
 
Why databases cry at night
Why databases cry at nightWhy databases cry at night
Why databases cry at nightMichael Yarichuk
 
ATLRUG Security Workshop - 9/10/2014
ATLRUG Security Workshop - 9/10/2014 ATLRUG Security Workshop - 9/10/2014
ATLRUG Security Workshop - 9/10/2014 jasnow
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
inside-linux-kernel-rng-presentation-sept-13-2022.pdf
inside-linux-kernel-rng-presentation-sept-13-2022.pdfinside-linux-kernel-rng-presentation-sept-13-2022.pdf
inside-linux-kernel-rng-presentation-sept-13-2022.pdfxiso
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting DataRed Gate Software
 

Ähnlich wie Encryption oracle (20)

Outsourced database
Outsourced databaseOutsourced database
Outsourced database
 
Outsourced database
Outsourced databaseOutsourced database
Outsourced database
 
Share winter 2016 encryption
Share winter 2016 encryptionShare winter 2016 encryption
Share winter 2016 encryption
 
7. Key-Value Databases: In Depth
7. Key-Value Databases: In Depth7. Key-Value Databases: In Depth
7. Key-Value Databases: In Depth
 
Introduction to Akka-Streams
Introduction to Akka-StreamsIntroduction to Akka-Streams
Introduction to Akka-Streams
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
 
Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
MySQL highav Availability
MySQL highav AvailabilityMySQL highav Availability
MySQL highav Availability
 
How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?
 
Introduction to cryptography part1-final
Introduction to cryptography part1-finalIntroduction to cryptography part1-final
Introduction to cryptography part1-final
 
Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)
 
Why databases cry at night
Why databases cry at nightWhy databases cry at night
Why databases cry at night
 
ATLRUG Security Workshop - 9/10/2014
ATLRUG Security Workshop - 9/10/2014 ATLRUG Security Workshop - 9/10/2014
ATLRUG Security Workshop - 9/10/2014
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysis
 
inside-linux-kernel-rng-presentation-sept-13-2022.pdf
inside-linux-kernel-rng-presentation-sept-13-2022.pdfinside-linux-kernel-rng-presentation-sept-13-2022.pdf
inside-linux-kernel-rng-presentation-sept-13-2022.pdf
 
AllBits presentation - Security in Theory
AllBits presentation - Security in TheoryAllBits presentation - Security in Theory
AllBits presentation - Security in Theory
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting Data
 

Kürzlich hochgeladen

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Kürzlich hochgeladen (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Encryption oracle

  • 1.
  • 3. Encryption Overview • Two main types we are concerned with – Data in motion, over the network – Data at rest, datafiles, backups, redo, exports • We will be concentrating on data at rest • Question & Discussion: – What is the goal behind encrypting data? – Why do we do it? – What doesn’t it do for us? What can it NOT protect us from?
  • 4. Encryption Overview • Data in motion is easily done with SQL*Net and ASO – Network traffic entirely encrypted, snoop proof – Encrypted checksum as well – to prevent “replay” attacks (eg: let’s do that bank transfer twice) – And to prevent modification (eg: let’s change the leading 1 to a 9 in that transaction)
  • 5. Encryption Overview • Data at rest options… – DBMS_OBFUSCATION_TOOLKIT • 8i-9iR2 • Would not use this anymore • Will not talk about it beyond this slide • Let’s have a quick talk about wrapper packages… – DBMS_CRYPTO • 10gR1 and above • Would not use this unless I had to (because of the next two bullets) – Column Level Encryption • 10gR2 and above (ASO) – Tablespace Encryption • 11gR1 and above (ASO)
  • 6. DBMS_CRYPTO • Encrypt/Decrypt data procedurally – DES, 3DES – AES – RC4 • Hash functions – MD5, SHA-1, MD4 – Can use secret key as well • Random functions – Raw keys – Number and Integers as well
  • 7. DBMS_CRYPTO • The major problem – KEY MANAGEMENT – Do you store the key in the application? • How do you secure it there? • You need to retrieve it and transmit it – Do you store the key in the database? • If I steal your database, I have your keys • You will have code that retrieves the key, I will find out how – There are no good answers to this problem.
  • 8. DBMS_CRYPTO • API driven. • You code it, definitely not transparent. • Definite performance impact (compared to column and/or tablespace encryption) • Supports as inputs – RAW – CLOB – BLOB • And always returns binary output – You will use BLOB or RAW to store – If you use varchar2, you need to round up to multiple of 16 and double the length and RAWTOHEX or base64 encode the data. – Discuss legacy obfuscation toolkit and varchar2 flaw
  • 9. DBMS_CRYPTO • Simple Examples – Input raw after converting – Specify typ – the stream or block cipher type. Block cipher is what we use for storing data persistently – Key – the encryption key – Use varchar2 interface and the CLOB • Performance – What impact will this have? (it will be different for everyone) Encrypt1.sql – How to measure it? Encrypt2.sql Encrypt3.sql