23.5.2013protection of relations within large datasets1 protection of relations within large...
TRANSCRIPT
Protection of Relations Within Large Datasets 123.5.2013
Protection of RelationsWithin Large DatasetsMgr. Boleslav Bobčík, T-Systems Czech Republic, a.s.
Protection of Relations Within Large Datasets 2
Let’s Start With Basic Facts…
• Assets: valuable data contained in information systems
• Two families of threats targeted at data:• Active threats – modification, unauthorized
alteration, destruction• Passive threats – unauthorized copying,
eavesdropping, data leaks
• Concerns with data leak detection• Easy to create a copy of data• The original data are unaffected by copying
23.5.2013
Protection of Relations Within Large Datasets 3
Data And Their Context
• Isolated (standalone) data• Low value• Their occurrence in
information systems is rather rare
• Context of data• Relations between data
records: substantial part of assets’ value
• Reason for relational DBMS popularity
• Usual target of attackers23.5.2013
Protection of Relations Within Large Datasets 4
Information System VulnerabilitiesHow the Architects Imagine Things...
23.5.2013
Protection of Relations Within Large Datasets 5
Information System VulnerabilitiesHow the System Actually Looks...
23.5.2013
Protection of Relations Within Large Datasets 6
Information System Vulnerabilities – Exploited
• Sony PlayStation® Network• April 2011• External attacker• Stolen 77 million
records• Direct damage: $171
million• Indirect damage: ???
• Lessons learned?• SonyPictures.com data
breach• June 2011
• Goold Health Systems• January 2013• Loss of backup media
with patient data• 6000 Medicaid records
including personal and payment data
• Gatineau Townhall, Canada• January 2013• Loss of student loans
data• 583 thousands records
23.5.2013
Protection of Relations Within Large Datasets 7
Usual Approaches To Data Protection
• Securing the perimeter• Objective: prevent
access of unauthorized people
• Authentication/authorization
• Problems• Threat of rogue insiders• Data taken out of the
perimeter are „defenseless“
• Data encryption• Objective: protect
static representation of data
• Database-level encryption
• Data accessible only for authorized users
• Problems• Often „All-or-Nothing“
solution• Cryptographic key
management• Data recovery risks
23.5.2013
Protection of Relations Within Large Datasets 823.5.2013
Alternative Approach
• Securing the relations between data• Idea (based on relational database theory)• Divide the data into „context domains“• Link the records across domain boundaries with
secure identifiers• Secure identifier construction• Initial data structure• Encrypted with domain-related key• Result: seemingly random sequence of bits• All identifier transformations performed in secure
environment
Protection of Relations Within Large Datasets 9
Data Before Secure Identifier Application
23.5.2013
Protection of Relations Within Large Datasets 10
Data After Secure Identifier Application
23.5.2013
?
Protection of Relations Within Large Datasets 11
... But We Can Go Further
23.5.2013
Protection of Relations Within Large Datasets 12
Aspects Of Successful Deployment
• Applications in legacy information systems• Invasive change,
impact depends on architecture of the IS
• Intentional break of normal relationship implementation• Unable to utilize
standard database query techniques
• Possible solutions: NoSQL technologies, proxy drivers
• Large datasets are necessary• Avoiding the brute-
force threats• Reduced data
throughput• Security level is a
compromise between data protection and other parameters (performance, price, ease of use…)
23.5.2013
Protection of Relations Within Large Datasets 13
Benefits Of Protected Relationships
• Data access control• Context domains have isolated data character• Easy to manage access to individual domains
• Secure identifier operations performed by a separate subsystem• Dependency between data and physical device
prevents data theft• Additional security layers can be included
• Breach recovery mechanism• Compromised identifiers can be replaced
23.5.2013
Protection of Relations Within Large Datasets 14
Similar Approaches
• PCI/DSS• Data tokenization• Opaque (uninterpretable) values substituting
sensitive data
• Format-preserving Encryption• Less-known / rarely used method
• IS ORG – personal identifier translator• Internal component of Czech eGovernment system• No public interface
23.5.2013
Protection of Relations Within Large Datasets 1523.5.2013
Final Remarks
• Present and future trends• Advances in system integration – new
vulnerabilities• Cybercrime (esp. „identity theft“) on the rise• Increasing adversary professionalization (e.g.
Chinese PLA Unit 61398)• Data protection legislation (EU – „General Data
Protection Regulation“, expected adoption in 2014)
• Conclusion: new information systems should consider protection of the data as well as data relations• Secure identifier system is a useful part of the
security landscape
Thank You for Your [email protected]