Cryptography
in SQL Server is the advance technique of encrypting and decrypting the data existing
in SQL Server databases for preventing unauthorized access. This technique is
important to protect databases from illegal activities as it helps in
authentication, authorization, assigning permissions and encryption/decryption
operations. There are various functions that can be used for ciphering the data
components in SQL databases, and these includes.
i. Symmetric Keys
ii. Asymmetric Keys
iii. One-Way Hashing
In
the upcoming section, detailed description about all these terms has been
provided.
Symmetric
Keys:
Under
this approach, a single key is used to encrypt or decrypt the data. The key
that is used to encrypt data will exactly be used to decrypt that data. The key
is created at initial stage when SQL Server is started; and is utilized for
protecting sensitive data.
There
are several pros and cons associated to the Symmetric Key and these parameters
include:
Pros:
· Quickly executable with simple encryption
algorithms and faster performance.
· Random codes easily remembered by users and
offers maximum security.
Cons:
· The major drawback of the Symmetric keys is
their ’Symmetry’ itself.
· An easily predictable password makes it the
point for email ‘phishing’.
Asymmetric
Keys:
‘Asymmetric
Keys’ exist in the pair of keys; one private and another public. Data when
encrypted via one key will only be decrypted through the alternate key. Here,
users with access to public key can encrypt the data components; but the
encrypted data can only be de-ciphered by the one with access to the private
key.
Likewise
Symmetric keys, this approach is also associated with corresponding pros and
cons:
Pros:
· Capable of handling issues associated to
identity with appropriate verification algorithms.
· Ensures complete security to the users and
the database elements.
Cons:
· Complex keys those are difficult to
remember with comparatively slower performance.
· IT requires implementing more computing
resources for using the key.
One-Way
Hash:
The
numbers generated corresponding to the components of a message or document is
known as ‘hash’. Hash value is affected
by the addition or deletion of text and even with the case of the alphabets.
Different values are generated for uppercase alphabets but when the letters are
changed to lowercase; the corresponding value gets modified instantly. Hash
algorithm is associated with some distinct properties that are defined in this
section.
i. Even a minute modification in the document text will lead to generation of entirely different hash codes.
ii. If changes are made in the document; it is
harder to detect the modifications via examining the hash values. Due to this
feature; this is known as “One Way Hash”.
iii. It is often considered an efficient
approach as these files are very large in volume and thus difficult to
navigate.
The
advantages and disadvantages relevant to this approach are as under:
Pros:
· This approach is highly efficient and
faster.
· Ensures improved data security as the hash
codes are difficult to understand.
Cons:
· Two different messages can generate similar
hash values.
· Individual with sound knowledge could
detect and break the hash values.
Public
Key Infrastructure:
The
public key infrastructure can better be understood by use of an example:
Suppose, the activities performed by a team are under analysis. A member
outside the team sends an encrypted message to the monitored team. To gain
access to the message, you can capture the public key through DNS hack and can
assign any public key according to you. Further, you can capture the messages
sent to the monitored team from outside resources and can decrypt the message
by using the private key. You can even re-encrypt the text to prevent detection
of the original information and can transfer it to the team. This activity is
often known as “man-in-the-middle” attack.
Certificate
Authorities:
You
can protect yourself from “man-in-the-middle” attacks and any fraudulent
activities through setting a confirmable association between individual
identity and the personal key. Here, digital signatures work as a ‘Notary
Public’ that ensures that the information mentioned herein is true and hence
verified. The highest authority in the certification hierarchy is known as “root
authority”.
SQL
Server Authentication Cryptography:
SQL
Server security parameters comprises of two parts:
i. Authentication: To verify the identity of a
user.
ii. Authorization: Rights and Permissions assigned
to a user.
Authentication
refers to the procedure of authenticating or verifying the user’s identity and
is further categorized into two sections. These segments include “Windows
Authentication” and “SQL Server Authentication”.
Authorization
is the process of granting or assigning permissions and appropriate rights to
the users existing in the database. The user can then act according to the
assigned authorities on the incorporated data components and database files.
Conclusion:
The
techniques of Cryptography in SQL Server are categorized into distinct segments
and these can be used as per requirement by the DBA or the users. These
techniques and measures ensure that the incorporated data is secured and is
protected from various sorts of external threats. Sound understanding and
technical expertise is required to implement these measures; to ensure security
and integrity of data.
EmoticonEmoticon