Home > Store

Cryptography in the Database: The Last Line of Defense

Register your product to gain access to bonus material or receive a coupon.

Cryptography in the Database: The Last Line of Defense


  • Sorry, this book is no longer in print.
Not for Sale


  • Copyright 2006
  • Dimensions: 7" x 9-1/4"
  • Edition: 1st
  • Book
  • ISBN-10: 0-321-32073-5
  • ISBN-13: 978-0-321-32073-5

Protect Your Enterprise Data with Rock-Solid Database Encryption

If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure—from your customers, your partners, your stockholders, and now, the government—to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications.

Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building—or selecting and integrating—a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption.

This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.

This book's coverage includes

  • Understanding your legal obligations to protect data

  • Constructing a realistic database security threat model and ensuring that you address critical threats

  • Designing robust database cryptographic infrastructure around today's most effective security patterns

  • Hardening your database security requirements

  • Classifying the sensitivity of your data

  • Writing database applications that interact securely with your cryptosystem

  • Avoiding the common vulnerabilities that compromise database applications

  • Managing cryptographic projects in your enterprise database environment

  • Testing, deploying, defending, and decommissioning secure database applications

Cryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others.

© Copyright Pearson Education. All rights reserved.

Sample Content

Online Sample Chapter

Securing Databases with Cryptography

Downloadable Sample Chapter

Download the Sample Chapter related to this title.

Table of Contents


About the Author.



 1: The Case for Database Security.

 2: Securing Databases with Cryptography.


 3. An Overview of Cryptographic Infrastructure.

 4. Cryptographic Engines and Algorithms.

 5. Keys: Vaults, Manifests, and Managers.

 6. Cryptographic Providers and Consumers.


 7. Managing the Cryptographic Project.

 8. Requirements Hardening.

 9. Design Hardening.

10. Secure Development.

11. Testing.

12. Deployment, Defense, and Decommissioning.


13. About the Examples.

14. A Key Vault.

15. The Manifest.

16. The Key Manager.

17. The Engine.

18. Receipts and Provider.

19. The Consumer.

20. Exceptions.

21. The System at Work.





Untitled Document This book is about using established cryptographic techniques and algorithms to protect information while it is at rest in a database. The emphasis is on designing and building (or selecting and integrating) a cryptosystem to protect against clearly identified threats against the database. Security is assumed to be a top priority. As such, the discussions in this book cover not only encrypting the data, but also attacks against the encrypted data.

If the cryptography is not implemented carefully, attackers can recover data even if it is protected by strong encryption. Many examples of this have been seen in the field of secure communications. For instance, the widely publicized weaknesses in the encrypted wireless protocol WEP have prompted many to move to WPA even at the cost of buying new equipment. Database encryption can suffer from the same sort of weaknesses. Simple, naïve encryption of the data is not enough. My goal is to provide a solid blueprint and execution plan so that a team charged with the task of encrypting sensitive information in a database will be successful.

The cryptosystem presented in this book should be seen as a template that outlines threats against data at rest and provides safeguards against those threats. Problems and pitfalls common to implementing cryptography, such as mode selection and key management, are identified and addressed. The architecture is flexible and should be adaptable to many environments.

For situations where some element of the presented solution simply does not fit, you should find enough information and guidance to pursue variations in the design. Similarly, when you're evaluating database cryptosystems from vendors, you can use the design in this book and the reasons behind the decisions that shaped that design as a sort of baseline.

Even if the proposed system differs markedly from the design in this book, it will still have to map keys to columns and rows and provide a key life cycle. It will still have to store and protect keys, select an appropriate encryption mode, and handle initialization vectors. Most importantly, any solution must adequately reduce the risks outlined in an organization's threat model. You must consider all these details. By working through these issues and presenting a working cryptosystem, my hope is that this book will enable a team to successfully build or buy a database cryptosystem.

Who Should Read This Book

The core audience for this book is the technical lead responsible for protecting sensitive information in a database. This person might be an architect, a senior system or security analyst, a database administrator, or a technical project manager. Because success requires that the team implement the cryptographic architecture correctly and securely, the lead must provide guidance throughout the project on secure development practices as well as technology.

This book assumes that the technical lead is a senior application security analyst. Our analyst is part of a team responsible for an application that handles and stores sensitive information in a database. The analyst's job begins with convincing the team, its management, and the customer that encryption is necessary. From there, the analyst contributes to each stage of the project to ensure that the team specifies, designs, and implements the cryptographic solution correctly and securely.

Forprojects that don't have a dedicated security analyst, one of the other roles, such as architect or system analyst, may serve just as well so long as security is explicitly called out as a core responsibility. In some projects, the security analyst role described here might be best split across multiple people. A logical split would be between a security-focused technical lead, such as the architect, and the project manager.


This book assumes that you are familiar with databases and have a passing knowledge of cryptography. A brief refresher is offered on databases, and cryptography is introduced and treated in more depth. Experience with Java or some other programming language is necessary to get the most out of the code examples included at the end of the book. Knowledge of application development methodologies will also help provide context for the discussion of secure development practices.


This book is divided into four major parts. The opening covers database security at a high level, and the second part details a database cryptosystem design. The third part discusses development practices necessary to implement a cryptosystem securely, and the final part provides working code examples of the design.

Part I, "Database Security," opens, unsurprisingly, with Chapter 1, "The Case for Database Security," which looks at why database security is important and what sort of attacks databases face. This discussion culminates in a generalized threat model for database security. The chapter concludes with a brief survey of regulatory requirements to secure data. Then, Chapter 2, "Securing Databases with Cryptography," discusses the kinds of protection that cryptography can provide to a database. This chapter also introduces the idea that the cryptography itself can introduce new risks and sets the groundwork for examining the cryptosystem itself forweaknesses. We can't just assume that encrypted data, even when encrypted with strong algorithms, is secure.

Part II, "A Cryptographic Infrastructure," details the design of a cryptographic infrastructure. Chapter 3, "An Overview of Cryptographic Infrastructure," provides an overview of the cryptosystem and presents the fundamentals of key management and how keys are assigned to data for encryption. Chapter 4, "Cryptographic Engines and Algorithms," covers algorithms and engines. An engine is the component that actually carries out the cryptographic operations. Different types of engines are discussed. There are several ways to apply the cryptographic algorithm used in this book (which is AES), and the discussion of modes at the conclusion of this chapter explores these as well as considers the vulnerabilities that improper use of a mode can introduce. Chapter 5, "Keys: Vaults, Manifests, and Managers," covers the components that store and manage keys, and Chapter 6, "Cryptographic Providers and Consumers," describes how an application interacts with the cryptosystem.

At first, Part III, "The Cryptographic Project," may seem somewhat out of place because it focuses on secure development practices. If you're an expert on developing secure applications, these six chapters may be review. However, experience has shown (not to mention the plethora of successfully attacked applications gracing the weekly news) that secure application development expertise is far from common. A database cryptosystem is a primary element of an organization's security infrastructure. Other applications will depend on thecryptosystem's security, so every effort must be made to ensure that the implementation is as secure as possible. Vulnerabilities in the database cryptosystem put data throughout the organization at risk. The seriousness of this situation earned the topic this prominent placement.

The discussion of secure development practices begins with an overview of managing a cryptographic project in Chapter 7, "Managing the Cryptographic Project." Chapter 8, "Requirements Hardening," covers specifying security and cryptographic requirements and includes a discussion of data classification. Securing the design itself is the subject of Chapter 9, "Design Hardening," which consists of guidelines, threat modeling, and the application of security patterns. General guidelines for secure programming (what most people think of as development) are covered in Chapter 10, "Secure Development." The last two chapters of this part, Chapters 11, "Testing," and 12, "Deployment, Defense, and Decommissioning," cover testing and the three Ds—deployment, defense, and decommissioning.

Part IV, "Example Code," consists of code examples and explanations. Each component discussed in Part II is represented, along with nearly all the core functionality. This code lets you explore and experiment with the functioning of a live database cryptosystem. Hopefully these concrete examples will help remove any ambiguities introduced by the more theoretical exposition in the earlier parts of the book and will prepare you to implement or evaluate a production cryptosystem. The final chapter, Chapter 21, "The System at Work," shows the example system at work.It illustrates everything from setting up key-encrypting keys to searching for encrypted data.


Download the Index file related to this title.


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020