Encryption Keys Matter

Perhaps the importance of protecting encryption keys is even greater than we realize. It appears that the NSA and the US Government have been able to read encrypted traffic for some time on the Internet, perhaps for most of the last decade. There was an exploit in Cisco PIX routers, which I’ve used in many companies, that allowed the NSA to gain the encryption keys used by VPN traffic. In fact, it is likely the NSA could actually penetrate the networks on either end of the VPN with those keys.

Some of you may be against back doors for governments in encryption products, and some of you may be for allowing governments access with legal protections. However, the most disturbing part of this for me is that no organization knew their communications, supposedly secure, were being intercepted and read. The nature of the digital world is that exploits can copy information without the holders of that information being aware of the effort. This is much harder with physical items, where the movement of an object from one person to the next is easily noticed.

One of the very difficult things with protecting the data in our databases is trying to understand when someone has actually retreived information they shouldn’t. This is much more difficult than just tracking changes to data, which is more straightforward. We have auditing mechanisms that easily track changes to data, though most of us don’t have this set up or configured to catch all changes. In practice, that might be good enough to prevent data quality issues, but it doesn’t necessarily protect data from read disclosure.

Monitoring what information is accessed is far harder than tracking changes. Do you know if someone in Sales is accessing a single row with customer details or the sensitive information for all customers? Can you tell when a request is legitimate for an application or if there’s an unusual query that might be seeking massive amount of data for download? Those are hard questions, and ones that I think can only be handled by a large amount of activity monitoring along with machine learning assistance to look for patterns in user activity. Other features like Row Level Security can help limit the inadvertent mistakes made by developers or users, but not necessarily prevent a single user, especially a malicious user, from querying information.

Apart from the activity issues, we should ensure that where it is possible, we should be using encryption to prevent accidental disclosures outside of our applications. I think Always Encrypted has possibilities for the database, but the key management for this, as well as key management for VPNs, disk encryption, and other protection mechanisms, needs both more maturity and the open disclosure to prevent back doors from being included in products. We also need more maturity in our software development that takes the implementation and protection of encryption mechanisms seriously.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 3.7MB) podcast or subscribe to the feed at iTunes and Mevio .

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged , . Bookmark the permalink.

4 Responses to Encryption Keys Matter

  1. rsterbal says:

    “no organization knew their communications, supposedly secure, were being intercepted and read” is willfully ignorant of reporting since the Enigma machines were broken.

    There is a difference between knowing and what you are going to do about it. I think we all knew since Echelon https://en.wikipedia.org/wiki/ECHELON was reported by 60 minutes decades ago.


    • way0utwest says:

      I don’t know about that. I think plenty of people assumed products sold with encryption, with keys controlled by users, would be secure to some extent. Nothing has ever been 100% secure across time, but across practical timeframes, a session, a few weeks, strong encryption should not be broken by anything other than luck or brute force. Having fundamental flaws built in to allow cracking by government was not something anyone expected.

      If you think all encryption has been easily broken since Enigma, I think you’re wrong.


  2. rsterbal says:

    With a current budget of over $50 billion dollars a year, and no doubt similar figures during the cold war, the resources were there to break encryption.

    This isn’t easy work, and I think the tools are secure to some extent, but not “no organization knew their communications, supposedly secure, were being intercepted and read.”


Comments are closed.