This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Oracle offers many advanced security for the database. Most of them uses transparent data encryption (TDE) for the security purpose the encryption is transparent because it falls below the structured query language (SQL) layer. The database automatically encrypts and decrypts data as it reads and writes from the file system. Oracle provides some level of cryptographic support for data stored in a database.
GOAL OF ENCRYPTION
It protect the data from the hackers we have to implement encryption technique .Encryption provides protection of sensitive data in a unprotected medium. Database and database security are significantly different from network security. Encryption sits behind every secure socket layer connection, practically every internet login page and e-commerce site.
The process of converting the data into an undecipherable form from its original plain text know as encryption if the data is encrypted means it needs some technique to encrypt to its original plain text. The process of decryption is also known as act of unencrypting. While the decrypting process decrypts the data from cipher text to its original plaintext forms. These two processes of encrypting and decrypting are known as the cryptography.
GENERATION OF TRANSPARENT DATA ENCRYPTION
At first oracle develop the DBMS_OBFUCATION_TOOLKIT which gave a set of PL/SQL libraries to the developers for encrypting data hashing data and generating keys in the database. DBMS_OBFUCATION_TOOLKIT suffered many difficulties and requires many changes in application design next the encryption technology came with many improvements in the second generation. It provides DBMS_CRPTO package. This DBMS_CRPTO package served as the primary and reasonable method of encrypting data in the database
DBMS_CRPTO offers many key generations, algorithms and data types better then DBMS_OBFUCATION_TOOLKIT for encrypt and decrypt data we have to write the PL/SQL functions and spend the data through those functions.
This technology faces many difficulties to use with many commercial of- the- shelf (COTS) applications for the process of encryption we have to insert code into the application there by it alter the structure and break the support for it.
The third generation of encryption technology is known as transparent data encryption (TDE). It offers significant difference from the DBMS_CRPTO and DBMS_OBFUCATION_TOOLKIT. DBMS_ CRPTO and DBMS_ OBFUCATION_ TOOLKIT have the features of the database where TDE is a licensed option. TDE offers database engine to integrate with data and provide encryption through SQL Data Definition Language. This two activities makes TDE unique from other encryption technique also TDE does not require any significant development effort to implement as in DBMS_CRPTO it provides SQL syntax to change the columns are entire table space. TDE process is more convenient and it provides many practical ways to solve the challenges given by DBMS_CRPTO.
SECURE STORE DATA USING TRANSPARENT DATA ENCRYPTION:
Transparent data encryption means protecting the sensitive data by using encryption such as credit card number. The data that is encrypted is accessed by the database user by decrypting mechanism. This encryption method mainly used for safeguarding the database which stores the data sensitive data or any secret information.
TRANSPARENT DATA ENCRYPTION:
Many mechanisms were used to protect the oracle database such as authentication and many auditing techniques used for providing security for the database. But that type of authentication mechanism cannot be suitable for operating system files where it can stores data. To protect those data we can use transparent data encryption methods. To provide a secure decryption this mechanism stores key that can be used for encryption in a security module.
We can make sure that the sensitive data is secure in case of the storage media stolen.
In case of decrypting you donâ€™t need to create trigger or view.
Database can manage encryption and decryption.
Restriction of using of transparent:
Each and every column should have unique column encryption. So donâ€™t use transparent data encryption to encrypt the foreign key column.
Transparent data encryption cannot be used for the following databases:
Materialized View Logs
Transportable Table spaces
Original import/export utilities
Working of transparent data encryption:
It is a key based control access system. It cannot understand whether the decryption occur is authorized or not. When the encrypted data is received. Instead of using more number of encrypted columns it can use single key for encrypted columns in the table. This way approach we can call as column encryption key. Keys are not stored clear. It can be used for all tables that contain encrypted columns.
Figure 3-1 Transparent Data Encryption Overview
This illustration is described in the text.
OPERATION OF TRANSPARENT DATA ENCRYPTION:
Use ALTER SYSTEM PRIVILEGES and you have give a password for enable transparent encryption.
Use this command for master encryption key:
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY password
Use must enclose the password in double quotation. Master encryption key can be generated by the use of this command.
CREATE TABLE table name (column_namecolumn_type ENCRYPT ...);
Encrypt keyword can be specifies that the column should encrypted.
Use the command to disable the encrypted column:
ALTER SYSTEM SET ENCRYPTION WALLET CLOSE
This can be used in the table to disable where the data encrypted column created.
Resetting and setting of master encrypted key:
Column encryption key can be protected by using master encryption key that can be stored in oracle wallet set or reset the master key using ALTER SYSTEM
SETTING THE MASTER KEY ENCRYPTION:
Before applying a encryption or decryption column used in database generate a master key.
SQL> ALTER SYSTEM SET ENCRYPTION KEY [certificate_ID] IDENTIFIED BY password
Password is a compulsory wallet. Used in secure module. There is no default setting for this.
Certificate ID is not a mandatory one it should provide a unique ID for the certificate that can be stored in wallet. You can search this ID by using some v$views.
If it canâ€™t find a wallet it will create a new at the location specified in the wallet. It should be case sensitive.
ENCRYPTING DATA STORED IN THE DATABASE
The primary goal of encryption is to provide security to the data in the data base i.e. protect the important data in an unprotected medium. Many companies created internal rules to encrypt data while storing in the database.Before the data stored into the database we have to encrypt it and store them into the database. We have to encrypt the data to give brand value and to have good customer relationship.
The other requirement of encrypting the data is to protect the data throughout the life cycle. We are considering the storing of data to a life cycle:
Creating the data
Storing the data
Modifying the data
Moving the data
Deletion of data
Data travels from one stage to other stage among the life cycle of the database, in certain phases the data need to be protected. Such as while moving the data to the other system or to other medium, transferring data from one system to the other through email and so on. Also while taking backup of the important data.