# Securing Databases with Cryptography

This chapter is from the book

## 2.2 What Is Cryptography?

Cryptography is the art of "extreme information security." It is extreme in the sense that once treated with a cryptographic algorithm, a message (or a database field) is expected to remain secure even if the adversary has full access to the treated message. The adversary may even know which algorithm was used. If the cryptography is good, the message will remain secure.

This is in contrast to most information security techniques, which are designed to keep adversaries away from the information. Most security mechanisms prevent access and often have complicated procedures to allow access to only authorized users. Cryptography assumes that the adversary has full access to the message and still provides unbroken security. That is extreme security.

A more popular conception of cryptography characterizes it as the science of "scrambling" data. Cryptographers invent algorithms that take input data, called plaintext, and produce scrambled output. Scrambling, used in this sense, is much more than just moving letters around or exchanging some letters for others. After a proper cryptographic scrambling, the output is typically indistinguishable from a random string of data. For instance, a cryptographic function might turn "Hello, whirled!" into 0x397B3AF517B6892C.

While simply turning a message into a random sequence of bits may not seem useful, you’ll soon see that cryptographic hashes, as such functions are known, are very important to modern computer security. Cryptography, though, offers much more.

Many cryptographic algorithms, but not all, are easily reversible if you know a particular secret. Armed with that secret, a recipient could turn 0x397B3AF517B6892C back into "Hello, whirled!" Anyone who did not know the secret would not be able to recover the original data. Such reversible algorithms are known as ciphers, and the scrambled output of a cipher is ciphertext. The secret used to unscramble ciphertext is called a key. Generally, the key is used for both scrambling, called encryption, and unscrambling, called decryption.

A fundamental principle in cryptography, Kerckhoffs’ Principle, states that the security of a cipher should depend only on keeping the key secret. Even if everything else about the cipher is known, so long as the key remains secret, the plaintext should not be recoverable from the ciphertext.

The opposite of Kerckhoffs’ Principle is security through obscurity. Any cryptographic system where the cipher is kept secret depends on security through obscurity.1 Given the difficulty that even professional cryptographers have in designing robust and efficient encryption systems, the likelihood of a secret cipher providing better security than any of the well-known and tested ciphers is vanishingly small. Plus, modern decompilers, disassemblers, debuggers, and other reverse-engineering tools ensure that any secret cipher likely won’t remain secret for long.

Cryptographic algorithms can be broadly grouped into three categories: symmetric cryptography, asymmetric (or public-key) cryptography, and cryptographic hashing. Each of these types has a part to play in most cryptographic systems, and we next consider each of them in turn.

### 2.2.1 Symmetric Cryptography

Symmetric key cryptography is so named because the cipher uses the same key for both encryption and decryption. Two famous ciphers, Data Encryption Standard (DES) and Advanced Encryption Standard (AES), both use symmetric keys. Because symmetric key ciphers are generally much faster than public-key ciphers, they are suitable for encrypting small and large data items.

Modern symmetric ciphers come in two flavors. Block ciphers encrypt a chunk of several bits all at once, while stream ciphers generally encrypt one bit at a time as the data stream flows past. When a block cipher must encrypt data longer than the block size, the data is first broken into blocks of the appropriate size, and then the encryption algorithm is applied to each. Several modes exist that specify how each block is handled. The modes enable an algorithm to be used securely in a variety of situations. By selecting an appropriate mode, for instance, a block cipher can even be used as stream cipher.

The chief advantage of a stream cipher for database cryptography is that the need for padding is avoided. Given that block ciphers operate on a fixed block size, any blocks of data smaller than that size must be padded. Stream ciphers avoid this, and when the data stream ends, the encryption ends. We’ll return to block and stream ciphers in the algorithm discussion in Chapter 4 "Cryptographic Engines and Algorithms."

The primary drawback of symmetric key ciphers is key management. Because the same key is used for both encryption and decryption, the key must be distributed to every entity that needs to work with the data. Should an adversary obtain the key, not only is the confidentiality of the data compromised, but integrity is also threatened given that the key can be used to encrypt as well as decrypt.

The risks posed by losing control of the key make distributing and storing the key difficult. How can the key be moved securely to all the entities that need to decrypt the data? Encrypting the key for transmission would make sense, but what key would be used to encrypt the key, and how would you get the key-encrypting key to the destination?

Once the key is at the decryption location, how should it be secured so that an attacker can’t steal it? Again, encryption offers a tempting solution, but then you face the problem of securing the key used to encrypt the original key.

### 2.2.2 Public-Key Cryptography

Public-key cryptography, also known as asymmetric cryptography, is a relatively recent invention. As you might guess from the name, the decryption key is different from the encryption key. Together, the two keys are called a key pair and consist of a public key, which can be distributed to the public, and a private key, which must remain a secret. Typically the public key is the encryption key and the private key is the decryption key, but this is not always the case. Well-known asymmetric algorithms include RSA, ElGamal, and Diffie-Hellman. Elliptic curve cryptography provides a different mathematical basis for implementing existing public-key algorithms.

Public-key ciphers are much slower than symmetric-key ciphers and so are typically used to encrypt smaller data items. One common use is to securely distribute a symmetric key. A sender first encrypts a message with a symmetric key and then encrypts that symmetric key with the intended receiver’s public key. He then sends both to the receiver. The receiver uses her private key to decrypt the symmetric key and then uses the recovered symmetric key to decrypt the message. In this manner the speed of the symmetric cipher is still a benefit, and the problem of distributing the symmetric key is removed. Such systems are known as hybrid cryptosystems.

Another important use for public-key cryptography is to create digital signatures. Digital signatures are used much like real signatures to verify who sent a message. The private key is used to sign the message, and the public key is used to verify the signature.

A common, easily understood digital signature scheme is as follows. To sign a message, the sender encrypts the message with the private key. Anyone with the corresponding public key can decrypt the message and know that it could only have been encrypted with the private key, which presumably only the sender possesses. Note that this does not protect the confidentiality of the message, considering anyone could have the sender’s public key. The goal of a digital signature is simply to verify the sender.

Because the public key can be distributed to anyone, we don’t have the same problem as we do with symmetric cryptography. However, we do have a problem of unambiguously matching the public key with the right person. How do we know that a particular public key truly belongs to the person or entity we think it does? This is the problem that public key infrastructure (PK I) has tried to solve. Unfortunately, PK I hasn’t lived up to its promise, and the jury is still out on what the long-term accepted solution will be.

Public-key cryptography is mentioned here to help readers new to cryptography understand how it is different from symmetric algorithms. We do not use public-key cryptography in this book, and we do not cover particular algorithms or implementation details. As is discussed in section 2.3, "Applying Cryptography," public-key schemes aren’t necessary for solving the problems in which we’re interested.

### 2.2.3 Cryptographic Hashing

The last type of cryptographic algorithm we’ll look at is cryptographic hashing. A cryptographic hash, also known as a message digest, is like the fingerprint of some data. A cryptographic hash algorithm reduces even very large data to a small unique value. The interesting thing that separates cryptographic hashes from other hashes is that it is virtually impossible to either compute the original data from the hash value or to find other data that hashes to the same value.

A common role played by hashing in modern cryptosystems is improving the efficiency of digital signatures. Because public-key ciphers are much slower than symmetric ciphers, signing large blocks of data is very time-consuming. Instead, most digital signature protocols specify that the digital signature is instead applied to a hash of the data. Given that computing a hash is generally fast and the resulting value is typically much smaller than the data, the signing time is drastically reduced.

Other common uses of cryptographic hashes include protecting passwords, time-stamping data to securely track creation and modification dates and times, and assuring data integrity. The well-known Secure Hash Algorithm family includes SHA-224, SHA-256, SHA-384, and SHA-512. The older SHA-1 and MD5 algorithms are currently in wider use, but flaws in both have been identified, and both should be retired in favor of a more secure hash.

### InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

## Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

## Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

### Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

### Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

### Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

### Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

### Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

### Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

## Other Collection and Use of Information

### Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

### Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

### Do Not Track

This site currently does not respond to Do Not Track signals.

## Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

## Children

This site is not directed to children under the age of 13.

## Marketing

Pearson may send or direct marketing communications to users, provided that

• Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
• Such marketing is consistent with applicable law and Pearson's legal obligations.
• Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
• Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

## Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

## Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

## Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

## Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

## Sharing and Disclosure

Pearson may disclose personal information, as follows:

• As required by law.
• With the consent of the individual (or their parent, if the individual is a minor)
• In response to a subpoena, court order or legal process, to the extent permitted or required by law
• To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
• In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
• To investigate or address actual or suspected fraud or other illegal activities
• To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
• To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
• To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.