encryption database in oracle
TRANSCRIPT
-
8/12/2019 Encryption Database in Oracle
1/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin i
MC LC
MC LC ......................................................................................................... I
DANH MC CC CHVIT TT ..........................................................IIIDANH MC CC BNG ............................................................................ IVDANH MC CC HNH V ....................................................................... VCHNG 1: CBN VM HA ........................................................... 1
1.1. Gii thiu ............................................................................................. 11.2. La chn m ha .................................................................................. 21.3. Thut ton m ha v kha .................................................................. 31.4. Cc phng php m ha ..................................................................... 3
1.4.1. Qu trnh m ha kha i xng ................................................. 41.4.2. Qu trnh m ha kha cng khai ................................................ 5
CHNG 2: TNG QUAN VM HA CSDLIU ................... 92.1. Tm tt ngn gn vcsdliu ....................................................... 9
2.1.1. nh ngha csdliu (DataBase) ........................................... 92.1.2. u im ca csdliu ........................................................... 92.1.3. Nhng vn m CSDL cn phi gii quyt .............................. 9
2.1.4. Cc i tng sdng CSDL .................................................... 102.1.5. Hqun trcsdliu (Database Management System) ...... 112.1.6. Cc ng dng ca csdliu ................................................. 12
2.2. An ton thng tin trong csdliu ................................................ 122.2.1. Ti sao phi bo vcsdliu .............................................. 122.2.2. Cc tn cng vo csdliu .................................................. 132.2.3. Cc phng php bo vcsliu ........................................... 152.2.4. p dng m ha ......................................................................... 16
2.3. Cc mc m ha (Encryption Level) ................................................. 162.3.1. M ha mc lu tr(Storage-Level Encryption) ...................... 162.3.2. M ha mc hqun trcsdliu (DBMS-LevelEncryption) ........................................................................................... 172.3.3. M ha mc ng dng (Application-Level Encryption) ........... 172.3.4. Thut ton m ha v chhot ng .................................... 182.3.5. Qun l kha .............................................................................. 19
CHNG 3: M HA CSDLIU TRONG HQT ORACLE 9I 223.1. Gii thiu vhqun trcsdliu Oracle 9i ............................... 22
3.1.1. Lch spht trin ca Oracle ..................................................... 22
-
8/12/2019 Encryption Database in Oracle
2/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin ii
3.1.2. u im ca Oracle ................................................................... 243.2. Gii php m ha dliu lu trtrong Oracle 9i .............................. 25
3.2.1. Cc khnng m ha dliu ca Oracle 9i .............................. 25
3.2.2. Cc thch thc ca m ha dliu ............................................ 41CHNG 4: TRIN KHAI M HA TRN CSDL NHN VIN ....... 494.1. Bng nhn vin .................................................................................. 494.2. Thit klc m ha cho bng nhn vin .................................... 514.3. Cc bc trin khai ............................................................................ 53
4.3.1. To ngi dng SA .................................................................... 544.3.2. Xy dng package m ha/gii m ............................................ 544.3.3. M ha/gii m dliu .............................................................. 54
4.3.4. Xl qu trnh thm, cp nht v xa nhn vin ...................... 574.3.5. Qun l kha .............................................................................. 574.3.6. Qun l ngi dng truy cp dliu r..................................... 57
4.4. Kt qukim tra ................................................................................. 584.5. nh gi lc m ha bng nhn vin.......................................... 61
KT LUN .................................................................................................... 63TI LIU THAM KHO ............................................................................ 64PHLC ....................................................................................................... 65
A. Ngi dng SA ...................................................................................... 65B. Gi CRYPT_UTIL ................................................................................ 65C. Khung nhn NhanVien_vw .................................................................... 67D. Trigger NhanVien_vw_trg .................................................................... 68
-
8/12/2019 Encryption Database in Oracle
3/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin iii
DANH MC CC CHVIT TT
AES Advanced Encryption Standard
ANSI American National Standards InstituteCBC Cipher-Block Chaining
DAC Discretionary Access Control
DBA Database Administrator
DBMS Database Management System
DCL Data Control Language
DDL Data Description LanguageDEA Encryption Standard Algorithm
DES Data Encryption Standard
DML Data Manipulation Language
ECB Electronic Codebook
FW Firewall
HSM Hardware Security Module
IDS Intrusion Detection System
ISO International Organization for Standardization
IV Initialization Vector
MAC Mandatory Access Control
MD Message-Digest
PL/SQLProcedural Language/Structured Query
LanguageRBAC Role-Based Access Control
RC Rivest Cipher
SA Security Administrator
SHA Secure Hash Algorithm
SQL Structured Query Language
SSL Secure Sockets Layer
-
8/12/2019 Encryption Database in Oracle
4/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin iv
DANH MC CC BNG
Bng 3.1: Hot ng ca TripleDES .............................................................. 27
Bng 3.2: Cc chng trnh con ca gi DBMS_OBFUSCATION .............. 30Bng 3.3: Cc tham sca DES3DECRYPT cho dliu th ........................ 31
Bng 3.4: Cc tham sca hm v thtcDES3ENCRYPT ......................... 33
Bng 3.5: Cc tham sca hm v thtc DES3GETKEY .......................... 36
Bng 3.6: Cc tham sca hm v thtcDESDECRYPT ........................... 37
Bng 3.7: Cc tham sca hm v thtcDESENCRYPT ........................... 38
Bng 3.8: Cc tham sca hm v thtc DESGETKEY ............................ 40
Bng 3.9: Cc tham sca hm v thtc MD5 ............................................ 41
Bng 4.1: Bng nhn vin ............................................................................... 50
-
8/12/2019 Encryption Database in Oracle
5/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin v
DANH MC CC HNH V
Hnh 1.1: Qu trnh m ha kha i xng ....................................................... 4Hnh 1.2: Qu trnh m ha kha cng khai ..................................................... 6Hnh 1.3: M ha kha cng khai c sdng xc thc ........................... 7Hnh 2.1: Ba ty chn cho cc mc m ha csdliu 18Hnh 2.2: Cc phng php qun l kha 20Hnh 2.3: Chlin kt khi m CBC ...................................................... 28Hnh 4.1: Bng NhanVien ............................................................................... 51Hnh 4.2: Bng Nhanvien_Ecrypt ................................................................... 51Hnh 4.3: Bng NhanVien_Key ...................................................................... 52
Hnh 4.4: To khung nhn NhanVien_Table ................................................... 53Hnh 4.5: Qu trnh m ha bng NhanVien .................................................. 55Hnh 4.6: Bng nhn vin m ha .............................................................. 55Hnh 4.7: To khung nhn NhanVien_Table ................................................... 56Hnh 4.8: Bng Nhanvien_table ...................................................................... 57Hnh 4.9: Nhn vin A xem dliu r ............................................................ 58Hnh 4.10: Select tbng NhanVien_Encrypt................................................ 59Hnh 4.11: Insert vo bng NhanVien ............................................................ 60
Hnh 4.12: Update bng NhanVien ................................................................. 61Hnh 4.13: So snh kt qum ha cc bn ghi ging nhau .......................... 62
-
8/12/2019 Encryption Database in Oracle
6/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin vi
LI NI U
Vi nhiu t chc, c sd liu l mt kho tng thng tin nhy cm
cha nhiu loi d liu khc nhau, t thng tin chi tit v khch hng vthng tin cnh tranh b mt n cc thng tin shu tr tu. Mt mt hoc b
trm cp d liu, c bit l d liu ca khch hng, c thnh hng n
danh ting, bt li cnh tranh v thit hi vti chnh nghim trng.
Chnh v vy, an ton csdliu l mt u tin hng u cho cc t
chc ngy nay. Tuy nhin, cc kthut bo m an ton csdliu truyn
thng nhtng la v an ton ng dng trong nhng nm gn y bc lrt
nhiu thiu st v cc phng php bo m an ton ny khng bovcc doanh nghip v dliu trong thi i hin nay, mt mi trng cng
nghthng tin mv phc tp. Trong cc bin php bo m an ton cs
dliu m ha c coi nhl phng php phng thsu nht chng li cc
lhng an ton.
Tthc t, em chn ti M ha csdliu trong Oracle
lm n tt nghip. Mc tiu ca ti l tm hiu vcc phng php m
ha c sd liu v ng dng vo m ha mt c sd liu nh trong h
qun trOracle.
Bo co ca n ca em c chia thnh 3 chng:
- Chng 1:Cbn vm ha- Chng 2:Tng quan vm ha csdliu- Chng 3:M ha csdliu trong hqun trOracle 9i- Chng 4:Trin khai m ha trn csdliu nhn vin
Trong chng 1 gii thiu tng quan vm ha, tm quan trng ca
m ha trong vic bo vthng tin v cc phng php m ha cbn hin
nay; chng 2 trnh by vcc vn lin quan n csdliu v cc mc
c thp dng m ha bo vdliu; chng 3 trnh by khnng m ha
-
8/12/2019 Encryption Database in Oracle
7/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin vii
c sd liu ca hqun trOracle; chng 4 sa ra cch p dng kh
nng m ha ca Oracle m bo an ton cho csdliu nhn vin.
Em xin chn thnh cm n sgip tn tnh ca TS. Nguyn Nam
Hiv CN. Trn ThLngn ca em c hon thnh.
Do thi gian c hn nn n ca em chc chn cn nhiu thiu st.
Em rt mong nhn c sgip , chbo ca qu thy cn ca em
c hon thin hn.
Em xin chn thnh cm n!
H Ni, Ngy 16 thng 06 nm 2010
Sinh vin
Ong ThHng
-
8/12/2019 Encryption Database in Oracle
8/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 1
Chng 1
CBN VM HA
Chng ny gii thiu tng quan vm ha, tm quan trng ca m
ha trong vic bo vthng tin v cc phng php m ha cbn hin nay.
1.1. Gii thiuQu trnh m ha c lch sra i rt th v. Vic m ha c ra i
thng nghn nm trc, thm ch c th ra i t thi k quc La M.
Trong thi gian , Julius Caesar, ngi nm chnh quyn Roma ci mun
truyn thng ip ti cc vtng ca mnh trong trn a. Nhng thng ip
ny ht sc nhy cm, b mt bi n l thng ip truyn lnh chra cch bt
u mt chin dch qun smi i vi mt mc tiu no .
Nhng thng ip ny c gi i bng nhng sgia tin, v y l
mt vic ht sc mo him bi v nhng thng ip ny c thb chn bt
trc khi ti c ch. y l iu ht sc nghim trng bi v n gy tht
bi ti chin dch qun s. Chnh v vy, thut ton m ha n gin rai, v c sdng m ha nhng thng ip. Julius Caesar c bit ti
nh l ngi m ha v gii m nhng thng ip u tin. Nh vy khi
thng ip bchn bt, hoc ngi sgibmua chuc hay tra tn nhm tm
ra ni dung thng ip c m ha u c thbloi bnhphng php
ny.
Vy phi kt hp sdng m ha nh thno. iu quan trng l ta
phi hiu c bn cht ca vn . Qu trnh m ha cung cp sbo vcho
nhng dliu nhy cm c truyn trn nhng knh lin lc khng an ton.
Thng ip c m ha tnhng dliu nhy cm, sau sc sgi
a tin chuyn thng ip qua knh lin lc khng an ton (qua vng ch,
sng, ni ...).
Qu trnh m ha bo m d liu nhy cm c truyn i an ton
trn nhng knh lin lc khng tin cy.
-
8/12/2019 Encryption Database in Oracle
9/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 2
Ngy nay, trong thgii kt ni Internet, qu trnh m ha c s
dng mt cch rng r bi v n kh ph hp trong iu kin hin nay: qu
trnh m ha s m bo truyn nhng d liu nhy cm qua mi trng
khng an ton l Internet mt cch an ton. T cng xut hin nhiuchuyn gia va c nhng kinh nghim phong ph trong cc lnh vc an ton
mng va c nhng hiu bit su rng trong lnh vc mt m. y l mt
trong nhng l do lm cho qu trnh m ha trnn phbin ngy nay.
Qu trnh m ha l qu trnh x l d liu t bn r v chuyn i
chng sang dng khng thc c. Kt qu nhn c s l d liu
c m ha, thng thng sc gi l bn m. Khi dliu c m
ha, th sau n scn c gii m tr li. Qu trnh gii m (qu trnh
thc hin nhng hnh ng ngc vi qu trnh m ha) dliu l qu trnh
a bn m trvdng ban u l bn r. Vic nghin cu hai qu trnh xl
ny c gi l mn mt m hc.
1.2. La chn m haC rt nhiu cch m ha dliu, nhng chc mt vi cch c th
em li hiu qucao. Nhiu ngi c khuyn khch vit nhng bn m ca
ring mnh, nhi Julius Caesar lm. Tuy nhin, tr phi h phi l
nhng thin ti, hoc l ngi cc k may mn, nn cho ti ginhng bn m
ca ring c nhn l ht sc t i. Ngy nay, hiu sut ca vic m ha c
nh gi da trn 1 tiu chun chung v da vo vic phn tch, xem xt
nhng thut ton m ha . Nhng thnghim l ht sc quan trng bi v
n m bo rng qu trnh m ha c thloi bc nhng sai st khng
ng c, dn ti vic nhng ngi khng c cho php c thxc nh c
ni dung thng tin nhy cm.
C mt s chun m ha m ta c th la chn, nhng trc khi bt
u la chn nhng thut ton ny sdng trong csdliu, ta cn phi
hiu c mt vi iu vqu trnh thc hin m ha.
-
8/12/2019 Encryption Database in Oracle
10/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 3
1.3. Thut ton m ha v kham ha c s d liu c hai iu cn c t ra nh sau: l
thut ton m ha v kha m ha. Qu trnh m ha dliu din ra kh ngin nhsau: bn r sc a vo thut ton m ha. Kha m ha cng
c thm vo. Kt hp thut ton ssdng kha v nhng qu trnh logic
phc tp m ha dliu. Qu trnh gii m c tin hnh tng t, ngha
l n cng yu cu kha v thut ton gii m.
mnh ca qu trnh m ha l khng xc nh bi thut ton hoc
di ca kha. mnh ca qu trnh ny c xc nh bi chai yu t
trn. Thng thng quan nim sai cho rng, kha cng ln c ngha l thutton cng mnh hn nhng thut ton khc sdng kha c di nhhn.
Mt vi thut ton yu cu kha c di ln th mi c mnh ging nh
thut ton khc c di kha nhhn. Trong mt s trng hp th kha
vi di ln c sdng trong cng mt thut ton lm cho qu trnh m
ha trnn an ton hn.
Thch thc cn li chnh l hiu sut ca qu trnh m ha. Nu Julius
mun gi ti cho cc v tng mt thng ip c m ha, th u tin
Julius cn c cthut ton v kha mi c th m ha thng ip . Nhng
nghin cu ca mt m hc chra cho chng ta thy rng i vi cc thut
ton hin nay chcn khm ph mt im mu cht chnh l kha. Nhng
thut ton ph bin khng h tr k tn cng tm ra c nhng thng tin
nhy cm. R rng nhng thut ton ny dng nh l nhng cng c an
ninh tt, ngai trrc ri ti tnhng ktn cng xc nh trc.
1.4. Cc phng php m haBa phng php m ha sc trnh by bao gm:
Mt m i xng: Sdng mt kha duy nht cho cvic m hav gii m.
Mt m bt i xng: Sdng mt kha m ha v mt khakhc gii m.
-
8/12/2019 Encryption Database in Oracle
11/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 4
Hm bm: Sdng mt php bin i ton hc m ha thngtin theo mt chiu.
1.4.1.Qu trnh m ha kha i xngNgy nay c hai loi m ha sdng. Loi u tin c tn gi l m
ha kha i xng. Thut ton v kha trong m ha kha i xng c s
dng ctrong qu trnh m ha v gii m, chng i xng vi nhau. Thng
ip c m ha bng mt kha v c gii m cng chnh bng kha .
Hnh 1.1: Qu trnh m ha kha i xng
Thut ton kha i xng m bo an ninh cao v em li hiu sut ln
trong cqu trnh m ha v gii m thng tin. Mt vi thut ton kha i
xng phbin l RC4, RC5, DES, 3-DES v AES. Bi v nhng thut tonm ha ny mnh v em li hiu sut cao nn chng thng c sdng
m ha slng thng tin ln.
Cc m php i xng hin nay chia thnh hai loi: m khi v m
dng. M khi m ha mt on vi bit ca dliu mt lc, trong khi m
dng m ha mt bit mt nhlung dliu chuyn qua. Khi m khi phi m
ha d liu c kch cdi hn mt khi, th u tin d liu phi c
chia thnh cc khi c kch cph hp, v sau thut ton m ha c p
-
8/12/2019 Encryption Database in Oracle
12/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 5
dng cho mi khi. C vi chhot ng chra cch m cc khi c
x l. Cc chcho php mt thut ton sdng mt cch an ton trong
nhiu tnh hung. Bng cch la chn mt chthch hp, mt m khi c
thsdng nhm dng.
u im ca m dng trong m ha d liu l khng cn phi thm
phn m. Vi cc m khi hot ng trn mt kch thc cnh, th cc
khi dliu c kch thc nhhn phi c thm phn m. M dng trnh
c iu ny, v khi dng dliu kt thc, vic m ha cng kt thc.
Khi hai ngi mun sdng thut ton kha i xng, hcn thit lp
trc kha chung v cch truyn kha m bo an ton. Khi hai bn bitnhau, c thh bit kha ca nhau, nhng hai bn cha tng gp g
nhng gimun trao i dliu mt cch an ton, ny sinh thch thc l
vn trao i kha. Bn khng thchuyn kha cng vi bn r v nhth
ktn cng spht hin ra. Nu bn m ha kha, bn li phi sdng mt
kha khc m ha, t spht sinh thm vn mi. Trc nhng thc
y cn pht trin , mt qu trnh m ha khc c ra i, l qu trnh
m ha kha bt i xng hay cn gi l qu trnh m ha kha cng khai.
1.4.2.Qu trnh m ha kha cng khaiTrong qu trnh m ha kha cng khai, c hai kha to thnh mt cp
hot ng mt cch bsung. Thut ton m ha kha cng khai l thut ton
o ngc. Nu mt kha thc hin m ha th kha kia thc hin qu trnh
gii m v ngc li. Hn na, mc d bit c thut ton v mt kha trong
cp kha th ktn cng cng khng thxc nh kha cn li v gii m dliu.
Trong qu trnh m ha kha cng khai, mt kha sc gi l kha
cng khai, kha kia sc gi l kha ring.
D liu c m ha vi kha cng khai v c gii m bng kha
ring.
-
8/12/2019 Encryption Database in Oracle
13/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 6
Kha ring v kha cng khai c s dng m t thut ng
kha, bi v kha cng khai c thc bit bi nhiu ngi, cn kha
ring c gi b mt, v ch c ngi s hu mi c th bit. Chng no
kha ring c cn gib mt, th qu trnh m ha kha cng khai cn hotng tt.
Do vy Qu trnh m ha kha cng khai gii quyt c vn phn
phi kha. hai bn c th trao i vi nhau, hcn phi bit c kha
cng khai ca bn kia. Hnh 2 m tcch m ha kha cng khai gi thng
ip b mt gia hai bn lin lc. m bo rng ngi nhn (l Alice trong
hnh 1.2) c thnhn c ng thng ip, th thng ip ny phi c m
ha bng kha cng khai ca Alice. V chAlice mi c thgii m c
thng ip bi v chc kha ring ca Alice mi c thgii m c thng
ip c m ha bng kha cng khai ca c ta. Cgng gii m thng
ip vi kha ring khng chnh xc l iu khng tng.
Kha cng khai khng thsdng gii m thng ip c, d cho
n c m ha cng vi thng ip.
Hnh 1.2: Qu trnh m ha kha cng khai
Ngoi ra, kha ring c sdng nh l mt phng php xc thc
i vi ngi gi. Nhhnh 1.3 m tngi gi c thm ha thng ip
-
8/12/2019 Encryption Database in Oracle
14/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 7
bng kha ring ca h. Ngi nhn sdng kha cng khai ca ngi gi
gii m thng ip. Nu thng ip c gii m th ngi gi c xc
thc bi v chc ngi gi mi c thsdng kha ring ca hm ha
thng ip.
Hnh 1.3: M ha kha cng khai c sdng xc thc
ng tic l thut ton m ha kha cng khai yu cu kha c kch
thc ln c thc cng mnh nhkhi m ha vi kha i xng. Do
vy thut ton kha cng khai thc hin chm hn ng thi cng thc hin
tnh ton phc tp hn so vi thut ton kha i xng.
Ngy nay, m ha kha cng khai v m ha kha i xng c s
dng song song nhl 1 thnh phn ca giao thc mng SSL. Giao thc SSL
l k thut m ha d liu ph bin trn mng Internet. chuyn d liu
gia 2 bn, kha cng khai c sdng m ha kha i xng. Trong
hnh 1.2 v 1.3 thng ip b mt thc schnh l kha ring.
1.4.3.Hm bm mt mMt hm bm mt m, cn c gi l mt tm lc thng bo, ging
nhdu tay ca dliu. Thut ton hm bm mt m nn mt lng dliu
ln thnh mt gi trnhduy nht. iu khc bit quan trng ca hm bm
mt m vi cc hm bm khc l gn nhkhng thtnh ton c dliu
gc tgi trbm hoc tm bn dliu khc c gi trbm ging nhvy.
-
8/12/2019 Encryption Database in Oracle
15/80
-
8/12/2019 Encryption Database in Oracle
16/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 9
Chng 2
TNG QUAN VM HA CSDLIU
Chng ny em strnh by cc khi nim cbn ca csdliu v
hqun trcsdliu, vai tr ca n trong mi trng cng nghthng tin
hin nay. T sa ra cc nguy cmt an ton i vi mt csdliu,
v tm hiu cc mc c thp dng m ha bo vcsdliu lu tr.
2.1. Tm tt ngn gn vcsdliu2.1.1.nh ngha csdliu (Database)
Csdliu (CSDL) l mt hthng cc thng tin c cu trc c
lu trtrn cc thit bnhbng t, a t, c ththomn yu cu khai
thc ng thi ca nhiu ngi sdng.
CSDL gn lin vi i s, logic ton v mt slnh vc khc.
2.1.2.u im ca csdliu- Gim s trng lp thng tin xung mc thp nht v do bo m
c tnh nht qun v ton vn dliu.
- m bo dliu c thtruy xut theo nhiu cch khc nhau.- Khnng chia sthng tin cho nhiu ngi sdng.
2.1.3.Nhng vn m CSDL cn phi gii quyt- Tnh chquyn ca dliuTnh chquyn ca dliu c thhin phng din an ton dliu,
khnng biu din cc mi lin hngngha ca dliu v tnh chnh xc
ca dliu. iu ny c ngha l ngi khai thc CSDL phi c nhim vcp
nht cc thng tin mi nht ca CSDL.
- Tnh bo mt v quyn khai thc thng tin ca ngi sdng
-
8/12/2019 Encryption Database in Oracle
17/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 10
Do c nhiu ngi c php khai thc d liu mt cch ng thi, nn
cn thit phi c mt cchbo mt v phn quyn hn khai thc CSDL. Cc
hiu hnh nhiu ngi sdng hay hiu hnh mng cc bu c cung
cp cchny.
- Tranh chp dliuNhiu ngi c php truy nhp cng mt lc vo ti nguyn dliu ca
CSDL vi nhng mc ch khc nhau, do cn thit phi c mt cchu
tin khi truy nhp dliu. Cchu tin c thc thc hin bng vic cp
quyn u tin cho tng ngi khai thc.
- m bo an ton dliu khi c scVic qun l dliu tp trung c thlm tng khnng mt mt hoc sai
lch thng tin khi c scnhmt in t xut, hay mt phn a lu tr
CSDL bh, mt shiu hnh mng c cung cp dch vsao lu nh
a cng, tng kim tra v khc phc li khi c sc. Tuy nhin, bn cnh
dch vca hiu hnh, m bo CSDL lun n nh, mt CSDL nht
thit phi c mt cchkhi phc dliu khi c cc scbt ngxy ra.
2.1.4.Cc i tng sdng CSDL- Nhng ngi s dng CSDL khng chuyn v lnh vc tin hc v
CSDL.
- Cc chuyn vin CSDL bit khai thc CSDL Nhng ngi ny c thxy dng cc ng dng khc nhau, phc v cho cc mc ch khcnhau trn CSDL.
- Nhng ngi qun trCSDL, l nhng ngi hiu bit vtin hc, vcc h qun tr CSDL v h thng my tnh. H l ngi t chc
CSDL, do hphi nm r cc vn kthut vCSDL c th
phc hi CSDL khi c sc. H l nhng ngi cp quyn hn khai
thc CSDL, do vy hc thgii quyt c cc vn tranh chp d
liu nu c.
-
8/12/2019 Encryption Database in Oracle
18/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 11
2.1.5.Hqun trcsdliu (Database management system)gii quyt tt nhng vn tchc CSDL nh ni trn, cn
thit phi c nhng phn mm chuyn dng khai thc chng. Nhng phnmm ny c gi l cc hqun trCSDL. Cc hqun trCSDL c nhim
vh trcho cc nh phn tch thit kCSDL cng nhnhng ngi khai
thc CSDL. Hin nay trn th trng phn mm c nhng h qun tr
CSDL h tr c nhiu tin ch nh: MS Access, Visual Foxpro, SQL
Server Oracle,
Mi hqun trCSDL u c ci t da trn mt m hnh dliu
cth. D l da trn m hnh dliu no, mt hqun trCSDL cng phihi tcc yu tsau:
- Ngn nggiao tip gia ngi sdng v CSDL, bao gm :Ngn ng m t d liu (DDL): cho php khai bo cu trc ca
CSDL, khai bo cc mi lin hca dliu v cc quy tc qun l p t ln
cc dliu .
Ngn ng thao tc d liu (DML): Cho php ngi s dng c th cp
nht dliu (thm/sa/xo)
Ngn ng truy vn d liu (SQL):Cho php ngi khai thc sdng
truy vn cc thng tin cn thit trong CSDL
Ngn ngqun l dliu (DCL):Cho php nhng ngi qun trhthng
thay i cu trc ca cc bng d liu, khai bo bo mt thng tin v cpquyn hn khai thc CSDL cho ngi sdng.,
- Tin dliu:Dng m tcc nh xlin kt, ghi nhn cc thnh phn cu trc ca
CSDL, cc chng trnh ng dng, mt m, quyn hn sdng,
- Cchgii quyt vn tranh chp dliu:
-
8/12/2019 Encryption Database in Oracle
19/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 12
Mi hqun trCSDL cng c thci t mt cchring gii quyt
cc vn ny. Mt sbin php sau y thng c sdng: thnht: cp
quyn u tin cho tng ngi sdng; thhai: nh du yu cu truy xut
d liu, phn chia thi gian, ngi no c yu cu trc th c quyn truyxut dliu trc,
- Hqun trCSDL cng phi c cchsao lu (backup) v phc hi(restore) dliu khi c scxy ra.
iu ny c ththc hin bng cch sau mt thi gian nht nh hqun
trCSDL stng to ra mt bn sao nhng CSDL, cch ny hi tn km,
nht l i vi CSDL ln.
- Hqun trCSDL phi cung cp mt giao din thn thin, dsdng.2.1.6.Cc ng dng ca csdliu
Hin nay, hu nhCSDL gn lin vi mi ng dng ca tin hc; chng
hn nhvic qun l hthng thng tin trong cc cquan nh nc, vic lu
trv xl thng tin trong cc doanh nghip, trong cc lnh vc nghin cukhoa hc, trong cng tc ging dy, cng nhtrong vic tchc thng tin a
phng tin,
2.2. An ton thng tin trong csdliu2.2.1.Ti sao phi bo vcsdliu
Csd liu l tri tim ca mt doanh nghip. l ni lu trcc
thng tin c gi trv quan trng. D liu ca mt cng ty c thlin quann cc bn ghi ti chnh, hoc cc bn ghi khc cn thit cho sthnh cng
ca mt tchc, nhb mt thng mi, thng tin miu tvc nhn vi cc
thng tin cn c bo v.
Gi tr ca nhng thng tin nhy cm ny c th l ch ca k tn
cng. Cc tn cng thnh cng c thgy thit hi ln cho cc doanh vti
chnh, nh hng nghim trng n danh ting v quan hvi khch hng,
thm ch lm mt tnh cnh tranh, Hn na, vi mt k tn cng, khi tn
-
8/12/2019 Encryption Database in Oracle
20/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 13
cng vo csdliu sc li hn l nghe nn giao tip trn mng. Bi v
thng thng dliu thng c m ha trn ng truyn nhng li c
lu di dng r trong csdliu.
An ton thng tin trong CSDL bao gm 3 yu t chnh: tnh b mt,
ton vnv sn sng.
- m botnh b mt (secrecy) c ngha l ngn chn/phthin/cn tr nhng truy nhp thng tin tri php. Ni chung, tnh b
mt c sdng bo vdliu trong nhng mi trng bo mt
cao nh cc trung tm qun s hay kinh t quan trng. Bo v tnh
ring tca dliu.
- m botnh ton vn (integrity) ca thng tin c ngha l ngnchn/pht hin/cn trcc sa i thng tin tri php.
- m bo tnh sn sng (availability) ca h thng c ngha lngn chn/pht hin/cn tr s t chi tri php cc truy nhp hp
php n dch vtrong hthng.
2.2.2.Cc tn cng vo csdliuDa vo vtr ca ktn cng ta c thchia cc tn cng vo csd
liu thnh 2 kiu:
- Tn cng bn trong:ktn cng l ngi bn trong tchc (bn trongtng la), hbit vkin trc ca mng.
- Tn cng bn ngoi: k tn cng phi vt qua tng la, IDS vkhng bit vkin trc ca mngKtn cng bn trong (c thgm cngi qun trca CSDL) l mi
e da cn ln hn cc tn cng bn ngoi.
a. Tn cng tnh b mtTn cng tnh b mt l loi tn cng trong , nhng ngi dng bt
hp php c kh nng truy nhp vo thng tin nhy cm ca CSDL. Kim
-
8/12/2019 Encryption Database in Oracle
21/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 14
sot mc thp nht hc ththc hin l c CSDL. V dnhktn cng
c thkim sot ton bmy chCSDL, do anh ta c thti xung ton
bfile CSDL ri np file vo Database engine truy nhp dliu nhngi
dng bnh thng.
duy tr c tnh b mt ca dliu, chnh sch kim sot truy cp
bt buc c nh ngha trong DBMS l mt phng thc phbin c s
dng bo vCSDL. Mt chnh sch kim sot truy cp c thc hnh thc
khc nhau ty thuc vo m hnh CSDL nm di v cch xc thc c
thc thi nh: DAC, RBAC, MAC. Tuy nhin phng php kim sot truy cp
thng c cu hnh cha ng, to khe h cho nhng ngi dng mun
lm dng quyn, hoc l ktn cng c thtruy cp trc tip vo file CSDL
vt l.
Mt khnng khc lm cho k tn cng c thtruy cp d liu nhy
cm l tvic sao lu csdliu khng an ton. Ngi ta thng sao
lu cc h thng csd liu trnh cc thm ha mt mt d liu. Tuy
nhin, dliu sao lu ny thng c lu mt ni khc, nn ktn cng
c thtn cng ly trm cc thng tin nhy cm tcc dliu ny.
b. Tn cng tnh ton vny l loi tn cng gy ra nhng sa i tri php i vi thng tin
trong CSDL. thc hin c tn cng ny th k tn cng phi c kh
nng ghi vo CSDL. Do , trong loi tn cng ny ta khng lo ngi i vi
cc ktn cng c thc CSDL.
Mt stn cng tnh ton vn phbin:
Tn cng tngi qun trc Sgy hi ca cc ng dng bli Sdng ti khon nh cp c truy nhp ghi vo CSDL Khnng leo thang c quyn ca mt sti khon
-
8/12/2019 Encryption Database in Oracle
22/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 15
2.2.3.Cc phng php bo vcsliuTrng hp CSDL lu tr thng tin nhy cm v then cht l khng
him, do cn cung cp y cc mc bo vcho ni dung ca CSDL.Cc phng php bo vsan ton cho CSDL c chia thnh 4 lp:
An ton vt l An ton hiu hnh An ton hqun trcsdliu M ha
Chsdng 3 lp u tin th khng bo m an ton cho CSDL v
d liu c lu tr dng r, dng c thc c. V vy bt k ai c
quyn truy cp ti CSDL bao gm DBA u c khnng c dliu.
Mt skthut in hnh bo vdliu trong CSDL, nhtng la,
hthng pht hin xm nhp, v kim sot truy cp. Tuy nhin tng la v
hthng pht hin xm nhp chcung cp sbo vlp mng. Kim sottruy cp cng trnn v dng khi ktn cng t c quyn truy cp vo d
liu th bng cch vt qua cc cchtruyn thng. Cc thc tn cng ny
rt ddng t c bi nhng ngi bn trong, nhngi qun trhthng
v DBA.
Mt trong nhng phng php tin bang c cc tchc kt hp
cht chgii quyt cc thch thc bc ldliu nhy cm, c bit trong
ngn hng, ti chnh, bo him, chnh phv y tl m ha CSDL.
Do , cch tt nht bo m an ton dliu trng thi nghl m
ha. M ha smang li sphng thhiu qunht bo vdliu, ng
thi bxung an ton cho cc phng php khc.
-
8/12/2019 Encryption Database in Oracle
23/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 16
2.2.4.p dng m haVi tinh thn ca mt nguyn tc quan trng c gi l phng th
theo chiu su (v dphng thphn lp nhktn cng phi vt qua lpny n lp khc ca vic bo v), dng n cc kthut mt m bsung
v cng c vic iu khin truy cp gn y nhn c nhiu s ch t
cng ng CSDL. Mc ch ca m ha CSDL l m bo tnh khng
trong sut ca CSDL bng cch githng tin c n vi bt k ngi no
khng c thm quyn (v dkxm nhp). Thm ch k tn cng vt qua
FW v trnh cc chnh sch kim sot truy cp, th hvn khng c kha
gii m dliu.
M ha CSDL sbo vc tnh b mt v tnh ton vn ca dliu
lu tr.
M ha csdliu mang li nhng li ch sau:
- Bo m sb mt ca khc hng khi sdng cc dch vca cng ty- Phng php n gin v hiu qunht lp y cc yu cu- Bo nhm an ton dliu c gi trnht ca cng ty- Nng cao sbo van ton dliu- Gim cc ri ro an ton dliu- Bo m hot ng kinh doanh- Duy tr tnh cnh tranh- Bo m dliu outsource- Lp y cc yu cu v quy nh qun tr
2.3. Cc mc m ha (Encryption Level)2.3.1.M ha mc lu tr(Storage-Level Encryption)
M ha mc lu trchung quy l m ha dliu trong hthng lu tr
phv v vy bo vdliu lu tr(v dtnhng ktrm phng tin lu
tr). Phng php ny ph hp cho vic m ha tp tin v ton bthmc
trong phm vi hiu hnh. Tquan im CSDL, m ha mc lu trc u
im l trong sut v vy trnh c bt kthay i trong ng dng hin c.
Mt khc, v hthng phlu trkhng bit vcu trc v i tng CSDL,
-
8/12/2019 Encryption Database in Oracle
24/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 17
nn chin lc m ha khng lin quan vi c quyn ngi dng (v d:
bng cch sdng cc kha ring bit cho ngi dng ring bit), hoc l vi
d liu nhy cm. V vy la chn m ha nn m ha ch mt phn ca
CSDL gim chi ph m ha, hn chm ha trong cc tp tin c chi titcao. Hn na, vic la chn cc tp tin m ha l mo him v cn m bo
rng khng c bn sao dliu nhy cm no cha c m ha (v dtrong
tp tin nht k, tp tin tm thi).
2.3.2.M ha mc hqun trcsdliu (DBMS-Level Encryption)M ha mc hqun trc sd liu cho php bo m d liu khi
chn hoc khi phc tCSDL. Chin lc m ha l mt phn trong thit kCSDL v c thlin quan vi dliu nhy cm v/hoc c quyn ngi s
dng. M ha chn lc c th c thc hin ti nhiu mc chi tit khc
nhau, nh l bng, ct v hng. Thm ch c th lin quan ti mt vi iu
kin logic (v dm ha lng ln hn 1000$/1 thng). Ty thuc vo mc
tch hp ca tnh nng m ha v hqun trcsdliu, qu trnh m
ha c th thay i tng dng. Hn na, m ha c thgy gim hiu sut
hqun trcsdliu v m ha thng ngn cn ngi dng ghi chstrn d liu c m ha. Thc cht nu khng s dng thut ton c th
hoc chm ha cthth vic ghi chsdliu c m ha l v ch.
Vi hai mc m ha trn, dliu c gii m trn my chCSDL khi
thc hin. V vy kha m phi c truyn hoc lu tr cng vi d liu
c m ha pha my ch, do vy hai mc m ha ny hn chtrong vic
chng li cc tn cng ca ngi qun trmy chhoc bt kkxm nhp
no chim ot quyn qun tr. Thc cht ktn cng cng c thd xt b
nhv khm ph ra kha m hoc bn r.
2.3.3.M ha mc ng dng (Application-Level Encryption)M ha mc ng dng chuyn qu trnh m ha/gii m ti ng dng
hin thdliu. V vy m ha c thc hin ng dng, dliu c gi
dng m ha, do c lu trv khi phc dng m ha mt cch t
nhin, cui cng c gii m ng dng. Phng php ny c li ch l
-
8/12/2019 Encryption Database in Oracle
25/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 18
tch kha m vi d liu m ha c lu trong CSDL, v vy cc kha
khng bao giphi tch ri khi pha ng dng. Tuy nhin, cc ng dng cn
c iu chnh thc thi theo gii php ny. Thm vo , phthuc vo
mc chi tit ca m ha, ng dng c thphi khi phc mt lng dliu ln hn ngi dng cn thc t, v vy m ra mt lhng van ton.
Thc vy ngi dng bt k (hoc k tn cng thu c quyn truy cp vo
my m ng dng ang chy) c thhack ng dng truy cp d liu tri
php. Cui cng nhmt phng php gy ra chi ph hiu sut v ngn chn
sdng vi tnh nng ci tin ca CSDL trn dliu m ha, nhcc thtc
lu tr(nhcc on m dc lu trong hqun trcsdliu c thc
chia sv yu cu bi vi ng dng) v cc trigger (nhon chng trnh tkhi ng khi dliu trong CSDL c chnh sa). Trong khi nim chi
titv qun l kha, m ha mc ng dng a ra slinh hot cao nht v
chi tit m ha v cc kha m c thc chn phthuc vo slogic ca
ng dng.
Ba phng php miu ttrn c minh ha trong Hnh 2.1
Hnh 2.1: Ba ty chn cho cc mc m ha csdliu
2.3.4.Thut ton m ha v chhot ngTy thuc vo chin lc m ha, san ton ca dliu m ha ph
thuc vo thut ton m, kch thc kha m v sbo vkha m. Thm chsdng thut ton mnh, nhAES, th bn m vn c thbphi by thng
-
8/12/2019 Encryption Database in Oracle
26/80
-
8/12/2019 Encryption Database in Oracle
27/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 20
Hnh 2.2: Cc phng php qun l kha
gii quyt vn ny, cc chipset mt m c tnh khng xo trn
chuyn dng, c gi l module an ton phn cng (HSM-hardware security
module), c thc sdng cung cp ni lu tran ton cho kha m.
Ni chung cc kha m c lu trtrn my chc m ha bi mt kha
chlu trong HSM. Ti thi im m ha /gii m, cc kha c m st
ng gii m bi HSM (bng cch dng kha ch) v chuyn ti bnhcamy chngay khi hot ng mt m c thc hin, nhhnh 2.2.a.
Mt gii php c la chn khc l chuyn cc cng vic lin quan
n vn an ton ti mt phn mm chy trn mt my ch(vt l) khc,
c gi l my chan ton, nhhnh 2.2.b. Sau my chan ton qun l
ngi dng, vai tr, c quyn, chnh sch m ha v kha m (hon ton tin
cy vo HSM). Trong phm vi DBMS, mt module an ton truyn thng vimy chan ton xc thc ngi dng, kim tra c quyn v dliu m
ha hoc gii m. Sau cc kha m c thc lin kt vi ngi dng
hoc c quyn ngi dng. Mt khc bit r rng cng c to ra gia vai
tr ca DBA, qun l ti nguyn CSDL, v vai tr ca SA (ngi qun tran
ton Security Administrator), qun l cc tham san ton. S tin cy thu
c tthc tl tn cng yu cu skt hp gia DBA v SA.
-
8/12/2019 Encryption Database in Oracle
28/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 21
Trong khi thm mt my chan ton hoc HSM sgim thiu c s
phi by ca cc kha m, nhng n khng hon ton bo vCSDL. Tht vy
cc kha m, cng nhl dliu c m ha vn xut hin trong bnh
my chCSDL v c thl ch tn ca ktn cng.
-
8/12/2019 Encryption Database in Oracle
29/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 22
Chng 3
M HA CSDLIU TRONG HQT ORACLE 9i
Hqun trcsdliu Oracle l mt hqun trln, c sdng
kh rng ri hin nay trong cc doanh nghip. N cung cp khnng an ton
cao cho csdliu. Trong cchm ha dliu cng c Oracle cung
cp tphin bn 8i, l gi DBMS_OBFUSCATION_TOOLKIT. V vy
chng ny strnh by vkhnng m ha dliu ca Oracle v cc vn
xung quanh.
3.1. Gii thiu vhqun trcsdliu Oracle 9i3.1.1.Lch spht trin ca Oracle
u tin ta hy i ngc li lch shiu r hn vOracl
- 1977 Thnh lp Relational Software Inc.- 1978 Phin bn Oracle v1 u tin, chy trn hiu hnh PDP-11 ca
my RSX (dng ca hng DEC), khnng sdng bnhti a l 128
KB, vit bng ngn ngAssemblOracle V1 chc sdng trong
ni bcng ty, khng c pht hnh ra bn ngoi.
- 1980 Pht hnh phin bn Oracle v2 - y cng l h c s d liuthng mi u tin sdng ngn ngSQL. Phin bn ny vn c
vit bng Assembly cho PDP-11, tuy nhin, n cn chy c trn
Vax/VMS.
- 1982 Pht hnh Oracle v3 released, Oracle tr thnh DBMS u tinchy trn cc my mainframes, minicomputers, v PC's (portable
codebase). Phin bn Oracle u tin thlm vic theo "transactional".
Oracle v3 c vit bng C.
- 1983 Relational Software Inc. i tn thnh Oracle Corporation.
-
8/12/2019 Encryption Database in Oracle
30/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 23
- 1984 Pht hnh Oracle v4, gii thiu tnh nng "read consistency", cthchy trn nhiu Hiu Hnh, v cng l phin bn u tin chy
theo m hnh PC - Server.
- 1986 Pht hnh Oracle v5. Thc s l CSDL client/server, h trcluster trn VAX. CSDL u tin s dng truy vn d liu phn tn
(distributed queries).
- 1988 Pht hnh Oracle v6. Gii thiu ngn ngPL/SQL. Oracle cnggii thiu sn phm ng dng sdng CSDL Oracle - Oracle Financial
Applications.
- 1989 Pht hnh Oracle v6.2 vi tnh nng chy song song - OracleParallel Server
- 1992 Pht hnh Oracle v7 chy trn UNIX- 1993 Pht hnh bcng cpht trin ng dng - Oracls Cooperative
Development Environment (CDE). Gii thiu "Oracle Industries" v
"Oracle Media Server"- 1994 Pht hnh Oracle v7.1 v Oracle v7 trn my PC.- 1997 Pht hnh Oracle8 , gii thiu CsDliu Hng i Tng -
object-relational
- 1998 Pht hnh phin bn trn Intel Linux- 1999 Pht hnh Oracl8i (i = internet), tch hp vi my o Java JVM- 2000 Pht hnh Oracl8i Release 2. Ngoi Oracle Database, Oracle cn
pht trin bsn phm ng dng cho doanh nghip ERP. Pht hnh
Oracl9i Application Server, y l mt sn phm thuc lp gia (midle
tier)
- 2001 Pht hnh Oracl9i Release 1 vi tnh nng Cluster (RAC) vAdvanced Analytic Service
-
8/12/2019 Encryption Database in Oracle
31/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 24
- 2002 Pht hnh Oracl9i Release 2- 2004 Pht hnh Oracle10g Release 1 (g = grid)- 2005 Pht hnh Oracle10g Release 2
u im ca OracleNhiu ngi cho rng Oracle ch s dng cho nhng Doanh Nghip
(DN) ln nn khng thch hp Vit Nam. iu ny l hon ton sai lm.
Oracle khng chnhm ti nhng DN ln m cn nhm ti nhng DN trung
bnh v cho cnhng DN nh. Cthl Oracle Server c cc phin bn
thng mi tPersonal, Standard n Enterprise (ngoi ra cn c Oracle litena).
- Vpha cc DN:Oracle tra rt c u im nhtnh bo mt cao, tnhan ton d liu cao, d dng bo tr-nng cp, c ch quyn hn r
rng, n nh,...
- Vpha nhng nh pht trin:Oracle cng tra rt c u im nhdci t, dtrin khai v dnng cp ln phin bn mi. Hn na Oracle
cn tch hp thm PL/SQL, l mt ngn ng lp trnh c cu trc -
Structure Language. To thun li cho cc lp trnh vin vit cc
Trigger, StoreProcedure, Package. y l im rt mnh so vi cc
CSDL hin c trn thtrng.
Trong Oracle, ngoi cc kiu dliu thng thng cn c cc kiu d
liu c bit khc gp phn mang li sc mnh cho Oracle nhBlob, Clob,Bfile,...
Ngoi ra, bn c th trin khai Oracle trn nhiu h iu hnh khc
nhau (Windows, Solaris, Linux,...) m khng cn phi vit li m PL/SQL.
C thimport mt dumpFile (backupFile) tmt my chy hiu hnh ny
sang hiu hnh khc hoc tmt phin bn thp ln mt phin bn cao hn
m khng gp bt ctrngi no (ngc li cng c ththc hin c nu
nhbn khng sdng cc tnh nng mi so vi phin bn trc ).
-
8/12/2019 Encryption Database in Oracle
32/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 25
Csd liu Oracle ang ngy cng c sdng phbin ti Vit
Nam. Rt nhiu hthng csdliu ti cc cquan, doanh nghip ln u
sdng hthng csdliu Oracle phc vcho cng tc lu trdliu.
Danh sch mt scquan, doanh nghip sdng Oracle:
- Khi cquan nh nc:BTi chnh, Tng cc Thu, Kho bc Nhnc
- Khi vin thng:Tng cng ty Vin thng Qun i Viettel; Cc nv thuc tp on Bu chnh Vin thng Vit Nam (VNPT) nh
Mobifone, Vinaphone, Vin thng H Ni- Khi ngn hng:Vietcombank, Techcombank, BIDV, SeABank- Khi chng khon:SeABS, VPBS, Click and Phone- Khi doanh nghip nc ngoi:Toyota Vit Nam, Honda Vit Nam,
Jamil Steel
3.2. Gii php m ha dliu lu trtrong Oracle 9igii quyt bi ton m ha thng tin nhy cm trc khi lu trvo
trong csdliu, Oracle9i cung cp mt gi PL/SQL m ha v gii m
dliu lu tr. l gi DBMS_OBFUSCATION_TOOLKIT, gi ny c
cung cp c2 phin bn Oracle9i Standard Edition v Oracle9iEnterprise
Edition Oracle9i.
3.2.1.Cc khnng m ha dliu ca Oracle 9iHin nay, gi DBMS_OBFUSCATION_TOOLKIT h trm ha d
liu khi lng ln bng cch s dng thut ton DES (Data Encryption
Standard), v bao gm cc th tc m ha (DESEncrypt) v gii m
(DESDecrypt) bng cch s dng DES. Gi
DBMS_OBFUSCATION_TOOLKIT cng bao gm cc hm m ha v
gii m bng cch sdng DES 2 kha v 3 kha, trong chCBC.
-
8/12/2019 Encryption Database in Oracle
33/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 26
Gi DBMS_OBFUSCATION_TOOLKIT cng bao gm khnng tng
kim tra mt m (MD5), v kh nng to s ngu nhin an ton (GetKey).
Vic to sngu nhin an ton l mt phn quan trng ca mt m; cc kha
c thdon l cc kha ddng phng on, v cc kha don c thdn ti vic ddng gii m d liu. Hu ht vic thm m c thc hin
bng cch tm cc kha yu hoc cc kha c lu trkm, nhiu hn l
thng qua phn tch thut ton (duyt tt ccc kha c thc).
Qun l kha gn lin vi chng trnh. Ngha l, cc ng dng (gi
chc nng m ha ny) phi cung cp kha m; iu ny c ngha l ngi
pht trin ng dng phi tm cch lu trv gi kha ra mt cc an ton. Gi
DBMS_OBFUSCATION_TOOLKIT, c thxl dliu cdng chui v
dng th, yu cu a ra kha 64 bit.
Oracle ci t gi DBMS_OBFUSCATION_TOOLKIT trong lc
SYS v c gn quyn truy cp mc nh cho vai tr PUBLIC. Oracle
khuyn co rng quyn ny nn c thu hi. Sau bn c thgn quyn s
dng gi cho ngi dng v cc vai tr khi cn thit.
3.2.1.1.Cc thut tona.Thut ton DES
Thut ton DES, cn c gi l thut ton DEA theo vin tiu chun
quc gia Hoa K(ANSI ) v DEA-1 theo Tchc tiu chun quc t(ISO),
tr thnh mt chun m ha ton thgii trn 20 nm qua. Ngnh cng
nghip ngn hng chp nhn cc chun da trn DES cho cc giao dch gia
cc tchc ti chnh, v gia cc tchc ti chnh v cc c nhn.
DES l mt thut ton m ha i xng; ngha l, sdng cng mt
kha m ha cng nhl gii m dliu. DES m ha khi dliu 64 bit
bng mt kha 56 bit. Thut ton DES bqua 8 bit ca 64 bit kha; tuy nhin,
cc nh pht trin phi cung cp mt kha 64 bit cho thut ton. DES m ha
thng tin qua 16 bc, mi bc mt na khi thng tin sc chuyn i
v hon vtheo mt qu trnh phc tp.
-
8/12/2019 Encryption Database in Oracle
34/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 27
Hin nay DES c xem l khng an ton cho nhiu ng dng.
Nguyn nhn chyu l di 56 bit ca kha l qu nh. Kha DES tng
bph trong vng cha y 24 gi. c rt nhiu kt quphn tch cho thy
nhng im yu vmt l thuyt ca m ha c thdn n ph kha, tuychng khng kh thi trong thc tin. Thut ton c tin tng l an ton
trong thc tin c dng Triple DES (thc hin DES ba ln), mc d trn l
thuyt phng php ny vn c thbph. Gn y DES c thay th
bng AES (Advanced Encryption Standard, hay Tiu chun M ha Tin
tin).
b.Thut ton 3DES3DES (Triple DES), l thut ton m ha khi trong thng khi
thng tin 64 bit sc ln lt m ha 3 ln bng thut ton m ha DES
vi 2 hoc 3 kha khc nhau.
Hot ng 3 kha 2 kha
M ha Ek3(Dk2(Ek1(m))) Ek1(Dk2(Ek1(m)))
Gii m Dk3(Ek2(Dk1(m))) Dk1(Ek2(Dk1(m)))
Bng 3.1: Hot ng ca TripleDES
-
8/12/2019 Encryption Database in Oracle
35/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 28
c.Chlin kt khi m - CBC
Hnh 2.3: Chlin kt khi m CBC
ChCBC loi trc tn cng tin bng cch sdng ni dung
ca khi trc m ha khi hin ti. Trong qu trnh m ha khi bn
r c XOR vi khi bn m trc , v vector khi to (IV) c sdng
nhmt khi u tin (Hnh 2.3.a). Theo cch khi cui cng sphthuc
vo tt c cc khi trc . Tng t qu trnh gii m nh hnh 2.3.b,
nhng mi khi chphthuc vo khi trc , chkhng phi tt ccc
khi. Do vy vic gii m c thc thc hin song song, lm cho vic giim snhanh hn m ha.
u v nhc ca chCBC
- Mi khi m phthuc vo tt ccc khi bn r- Sthay i ca bn tin u sko theo sthay i ca mi khi
m
-
8/12/2019 Encryption Database in Oracle
36/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 29
- Cn gi trvc tban u IV c bit trc bi ngi gi v nginhn
d.Hm bm MD5
MD5 (Message-Digest algorithm 5) l mt hm bm m ha vi gi
trbm l 128bit. Tng c xem l mt chun trn Internet, MD5 c s
dng rng ri trong cc chng trnh an ninh mng, v cng thng c
dng kim tra tnh nguyn vn ca tp tin.
MD5 c thit kbi Ronald Rivest vo nm 1991 thay thcho
hm bm trc , MD4 (cng do ng thit k, trc na l MD2).MD5 c 2 ng dng quan trng:
1/ MD5 c s dng rng ri trong th gii phn mm m bo
rng tp tin ti vkhng bhng. Ngi sdng c thso snh gia thng s
kim tra phn mm bng MD5 c cng bvi thng skim tra phn mm
ti vbng MD5.
2/ MD5 c dng m ha mt khu. Mc ch ca vic m ha nyl bin i mt chui mt khu thnh mt on m khc, sao cho ton m
khng thno ln trli mt khu. C ngha l vic gii m l khng th
hoc phi mt mt khong thi gian v tn (lm nn lng cc hacker).
3.2.1.2.Tm tt cc chng trnh con ca gi DBMS_OBFUSCATIONChng trnh con M t
DES3DECRYPT
Procedures and Functions
To ra dng gii m ca dliu u vo.
DES3ENCRYPT
Procedures and Functions
To ra dng m ha ca d liu u vo bng
cch chuyn qua thut ton m ha TripleDES
DES3GETKEY Procedures
and Functions
a vo mt gi trngu nhin v s dng
to mt kha mt m, bng cch s dng
TripleDES.
-
8/12/2019 Encryption Database in Oracle
37/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 30
Chng trnh con M t
DESDECRYPT Procedures
and Functions
To ra dng gii m ca dliu u vo.
DESENCRYPT Procedures
and Functions
To ra dng m ha ca dliu u vo
DESGETKEY Procedures
and Functions
a vo mt gi trngu nhin v s dng
to mt kha mt m
MD5 Procedures and
Functions
To ra hm bm MD5 ca dliu
Bng 3.2: Cc chng trnh con ca gi DBMS_OBFUSCATION
a.Cc hm v thtc DES3DECRYPTCc chng trnh con ny to ra dng gii m ca dliu u vo.
C php
DBMS_OBFUSCATION_TOOLKIT.DES3DECRYPT(
input IN RAW,
key IN RAW,
decrypted_data OUT RAW,
which IN PLS_INTEGER DEFAULT TwoKeyMode
iv IN RAW DEFAULT NULL);
DBMS_OBFUSCATION_TOOLKIT.DES3DECRYPT(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
decrypted_string OUT VARCHAR2,
which IN PLS_INTEGER DEFAULT TwoKeyMode
iv_string IN VARCHAR2 DEFAUTL NULL);
DBMS_OBFUSCATION_TOOLKIT.DES3DECRYPT(
input IN RAW,
key IN RAW,
which IN PLS_INTEGER DEFAULT TwoKeyMode
iv IN RAW DEFAULT NULL)
RETURN RAW;
-
8/12/2019 Encryption Database in Oracle
38/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 31
DBMS_OBFUSCATION_TOOLKIT.DES3DECRYPT(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
which IN PLS_INTEGER DEFAULT TwoKeyMode
iv_string IN VARCHAR2 DEFAULT NULL)
RETURN VARCHAR2;
Tham s
Tham s M t
input Dliu c m ha
key Kha gii m
decrypted_data Dliu gii m
which Nu bng 0 (mc nh) th chTwoKeyMode c s
dng.
Nu bng 1 th chThreeKeyMode c sdng.
iv Vector khi to
input_string Chui gim
key_string Chui kha gii m
decrypted_string Chui gii m
iv_string Chui vector khi to
Bng 3.3: Cc tham sca DES3DECRYPT cho dliu th
Sdng cn ch :
Nu d liu u vo hoc kha a vo th tc DES3DECRYPT l
trng, th th tc sa ra thng bo li ORA-28231 "Invalid input
to Obfuscation toolkit."
Nu dliu u vo a cho thtc DES3DECRYPT khng l bi s
ca 8 byte, th th tc s a ra thng bo li ORA-28232 "Invalid
-
8/12/2019 Encryption Database in Oracle
39/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 32
input size for Obfuscation toolkit." Thng bo li ORA-
28233 khng p dng c cho hm DES3DECRYPT.
Nu di kha t hn 8 byte, th thtc a ra thng bo li ORA-28234 "Key length too short. Ch rng nu kha di hn c s
dng, th cc byte thm bbqua. V vy mt kha 9 byte skhng to ra
mt trng hp ngoi l.
Nu mt gi trsai c chra cho tham swhich, thng bo li ORA-
28236 "Invalid Triple DES mode" c a ra. Chgi tr0 (vi ch
TwoKeyMode) v 1 (vi chThreeKeyMode)l c gi tr
Hn ch
Ta phi cung cp mt kha 128 bit cho ci t 2-kha (trong ch112
bit c sdng), hoc mt kha 192 bit cho ci t 3-kha (trong ch168
bit c sdng). Oracle stng cht kha c cung cp thnh cc
di 56 bit cho vic gii m. di cc kha ny c cnh v khng th
thay i.
Vic gii hn di kha v ngn chn sm ha nhiu ln l cc yu
cu ca nhng quy nh ca Mvvic xut khu sn phm mt m.
b.Cc hm v thtc DES3ENCRYPTCc chng trnh ny to ra dng m ha ca d liu u vo bng
cch chuyn dliu qua thut ton m ha Triple DES (3DES)
Vic trin khai 3DES ca Oracle h tr ci t 2 kha hoc 3 kha,
trong chlin kt khi m (CBC).
C php
DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt(
input IN RAW,
key IN RAW,
encrypted_data OUT RAW,
which IN PLS_INTEGER DEFAULT TwoKeyMode
-
8/12/2019 Encryption Database in Oracle
40/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 33
iv IN RAW DEFAULT NULL);
DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,encrypted_string OUT VARCHAR2,
which IN PLS_INTEGER DEFAULT TwoKeyMode
iv_string IN VARCHAR2 DEFAULT NULL);
DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt(
input IN RAW,
key IN RAW,
which IN PLS_INTEGER DEFAULT TwoKeyMode
iv IN RAW DEFAULT NULL)
RETURN RAW;
DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
which IN PLS_INTEGER DEFAULT TwoKeyMode
iv_string IN VARCHAR2 DEFAULT NULL)
RETURN VARCHAR2;
Cc tham s
Tham s M t
input Dliu m ha
key Kha m ha
encrypted_data Dliu m ha
which Nu bng 0 (mc nh) th chTwoKeyMode c sdng.
Nu bng 1 th chThreeKeyMode c sdng.iv Vector khi to
input_string Chui m ha
key_string Chui kha m ha
encrypted_string Chui m ha
iv_string Chui vector khi to
Bng 3.4: Cc tham sca hm v thtcDES3ENCRYPT
-
8/12/2019 Encryption Database in Oracle
41/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 34
Sdng cn ch :
Nu sdng thut ton 3DES vi ci t 2-kha, th cn phi cung cp
mt kha 128 bit nh l mt tham sca th tc DES3ENCRYPT. Vi cit 3-kha, th phi cung cp mt kha 192 bit. Sau oracle cht kha c
cung cp thnh 2-kha 64 bit hoc 3 kha 64 bit. Th tc DES3ENCRYPT
mc nh sdng ci t 2-kha
Cng c ty chn cho vic cung cp mt vector khi to (IV) vi th
tc DES3ENCRYPT. Mt vector khi to IV l mt khi dliu ngu nhin
thm vo d liu d nh m ha ngay t u. Vector khi to khng c
ngha, chlm cho mi thng ip l duy nht. Vic thm vo mt vector khito IV trc d liu nhp trnh bt u khi d liu c m ha vi
thng tin on u ging nhau, m c thcung cp cho thm m nhng thng
tin m hc thsdng gii m dliu.
Nu d liu u vo hoc kha a vo th tc DES3ENCRYPT l
trng, th th tc a ra thng bo li ORA-28231 "Invalid input
to Obfuscation toolkit."Nu c gng gp i d liu m ha bng cch s dng th tc
DES3ENCRYPT, th th tc s thng bo li ORA-28233 "Double
encryption not supported."
Nu di kha nh hn 8 byte th th tc sa ra thng bo li
ORA-28234 "Key length too short."Ch nu di kha ln
hn 8 byte th phn tha sc li. V vy trng hp mt kha di 9 bytekhng c xem l ngoi l.
Nu gi trkhng chnh xc c chra cho tham swhich, li a l
li ORA-28236 "Invalid Triple DES mode". Ch c gi tr 0
(TwoKeyMode) v gi tr1 (ThreeKeyMode) l hp l.
-
8/12/2019 Encryption Database in Oracle
42/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 35
Hn ch:
Thtc DES3ENCRYPT c 2 hn ch. Hn chu tin l di kha
DES cho thut ton m ha l cnh 128 bit (cho DES 2-kha) hoc 192 bit(cho DES 3-kha); v vy khng ththay i di ca cc kha ny.
Hn ch th2 l khng th thc hin chuyn nhiu ln m ha bng
cch sdng 3DES. (Ch : bn thn thut ton 3DES m ha dliu nhiu
ln; tuy nhin khng thgi bn thn hm DES3ENCRYPT nhiu hn mt
ln m ha cng dliu bng cch sdng 3DES)
c.Cc hm v thtc DES3GETKEY
Cc chng trnh con ny a ra mt gi trngu nhin v sdng gi
tr to mt kha mt m. Vi TripleDES, khi chra ch th a ra
kha c di thch hp.
C php:
DBMS_OBFUSCATION_TOOLKIT.DES3GetKey(
which IN PLS_INTEGER DEFAULT TwoKeyMode,seed IN RAW,
key OUT RAW);
DBMS_OBFUSCATION_TOOLKIT.DES3GetKey(
which IN PLS_INTEGER DEFAULT TwoKeyMode,
seed_string IN VARCHAR2,
key OUT VARCHAR2);
DBMS_OBFUSCATION_TOOLKIT.DES3GetKey(which IN PLS_INTEGER DEFAULT TwoKeyMode,
seed IN RAW)
RETURN RAW;
DBMS_OBFUSCATION_TOOLKIT.DES3GetKey(
which IN PLS_INTEGER DEFAULT TwoKeyMode,
seed_string IN VARCHAR2)
RETURN VARCHAR2;
-
8/12/2019 Encryption Database in Oracle
43/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 36
Cc tham s:
Tham s M t
which Nu bng 0 (mc nh) th chTwoKeyMode c sdng.Nu bng 1 th chThreeKeyMode c sdng.
seed Mt gi trc t nht 80 k t
key Encryption key.Kha m ha
seed_string Mt gi trc t nht 80 k t
key Kha m ha
Bng 3.5: Cc tham sca hm v thtc DES3GETKEY
d.Cc hm v thtc DESDECRYPTCc chng trnh con ny a ra dng gii m tdliu u vo.
C php:
DBMS_OBFUSCATION_TOOLKIT.DESDecrypt(
input IN RAW,key IN RAW,
decrypted_data OUT RAW);
DBMS_OBFUSCATION_TOOLKIT.DESDecrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
decrypted_string OUT VARCHAR2);
DBMS_OBFUSCATION_TOOLKIT.DESDecrypt(
input IN RAW,
key IN RAW)
RETURN RAW;
DBMS_OBFUSCATION_TOOLKIT.DESDecrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2)
RETURN VARCHAR2;
-
8/12/2019 Encryption Database in Oracle
44/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 37
Cc tham s:
Tham s M t
input Dliu gii mkey Kha gii m
decrypted_data Dliu gii m
input_string Chui gii m
key_string Chui kha gii m
decrypted_string Chui gii m
Bng 3.6: Cc tham sca hm v thtcDESDECRYPT
Sdng cn lu :
Nu d liu vo hoc kha a cho hm DESDECRYPT l trng th
Oracle a ra thng bo li ORA error 28231 "Invalid input to
Obfuscation toolkit."
Nu dliu u vo a cho thtc DES3DECRYPT khng l bi sca 8 byte, th th tc s a ra thng bo li ORA-28232 "Invalid
input size for Obfuscation toolkit."
Nu di kha nh hn 8 byte th th tc sa ra thng bo li
ORA-28234 "Key length too short."Ch nu di kha ln
hn 8 byte th phn tha sc li. V vy trng hp mt kha di 9 byte
khng c xem l ngoi l.
Ch :
Thng bo li ORA-28233 khng dng c cho hm
DESDECRYPT
Hn ch:
di kha DES cho vic m ha c cnh l 64 bit ( trong 56bit c sdng ); khng ththay i di kha.
-
8/12/2019 Encryption Database in Oracle
45/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 38
e.Cc hm v thtc DESENCRYPTCc chng trnh con ny a ra dng m ha ca dliu u vo.
C php
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(
input IN RAW,
key IN RAW,
encrypted_data OUT RAW);
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
encrypted_string OUT VARCHAR2);
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(
input IN RAW,
key IN RAW)
RETURN RAW;
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(
input_string IN VARCHAR2,key_string IN VARCHAR2)
RETURN VARCHAR2;
Cc tham s
Tham s M t
input Dliu m ha
key Kha m haencrypted_data Dliu m ha
input_string Chui m ha
key_string Chui kha m ha
encrypted_string Chui gii m
Bng 3.7: Cc tham sca hm v thtcDESENCRYPT
-
8/12/2019 Encryption Database in Oracle
46/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 39
Sdng cn ch :
Thut ton DES m ha dliu theo cc khi 64 bit bng cch sdng
mt kha 56 bit. Thut ton DES bi 8 bit ca kha a vo. Tuy nhin, khisdng thut ton, ta phi cung cp 64 bt nu khng li spht sinh.
Nu d liu vo hoc kha a cho hm DESEncrypt l trng th
Oracle a ra thng bo li ORA 28231 "Invalid input to
Obfuscation toolkit."
Nu d liu u vo a cho th tc DESENCRYPT khng l bi s
ca 8 byte, th th tc s a ra thng bo li ORA-28232 "Invalidinput size for Obfuscation toolkit."
Nu c gng m ha d liu hai ln bng cch s dng th tc
DESENCRYPT th thtc sa ra thng bo li ORA-28233 "Double
encryption not supported."
Nu di kha nh hn 8 byte th th tc sa ra thng bo li
ORA-28234 "Key length too short."Ch nu di kha lnhn 8 byte th phn tha sc li. V vy trng hp mt kha di 9 byte
khng c xem l ngoi l.
Hn ch:
Thtc DESENCRYPT c nhng hn chsau:
di kha DES cho vic m ha l cnh vi 56 bit; khng ththayi di kha.
Khng ththc hin m ha nhiu ln. Ngha l, khng thtip tc mha dliu m ha bng cch gi hm hai ln.
f.Cc hm v thtc DESGETKEYCc chng trnh con ny a ra mt gi trngu nhin v sdng gi
trny to mt kha m ha.
-
8/12/2019 Encryption Database in Oracle
47/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 40
C php
DBMS_OBFUSCATION_TOOLKIT.DESGetKey(
seed IN RAW,
key OUT RAW);
DBMS_OBFUSCATION_TOOLKIT.DESGetKey(
seed_string IN VARCHAR2,
key OUT VARCHAR2);
DBMS_OBFUSCATION_TOOLKIT.DESGetKey(
seed IN RAW)
RETURN RAW;
DBMS_OBFUSCATION_TOOLKIT.DESGetKey(
seed_string IN VARCHAR2)
RETURN VARCHAR2;
Cc tham s
Tham s M t
seed Mt gi trc t nht 80 k t
key Kha m ha
seed_string Mt gi trc t nht 80 k t
key Kha m ha
Bng 3.8: Cc tham sca hm v thtc DESGETKEY
g.Cc hm v thtc MD5Cc chng trnh con ny to ra cc gi tr bm MD5 ca d liu.
Thut ton MD5 m bo tnh ton vn d liu bng cch to ra mt gi tr
tm lc thng bo mt m tdliu a cho.
C php
DBMS_OBFUSCATION_TOOLKIT.MD5(
input IN RAW,
checksum OUT raw_checksum);
-
8/12/2019 Encryption Database in Oracle
48/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 41
DBMS_OBFUSCATION_TOOLKIT.MD5(
input_string IN VARCHAR2,
checksum_string OUT varchar2_checksum);
DBMS_OBFUSCATION_TOOLKIT.MD5(
input IN RAW)
RETURN raw_checksum;
DBMS_OBFUSCATION_TOOLKIT.MD5(
input_string IN VARCHAR2)
RETURN varchar2_checksum;
Cc tham s:
Tham s M tinput Dliu bm
checksum Tm lc thng bo 128 bit
input_string Dliu bm
checksum_string Tm lc thng bo 128 bit
Bng 3.9: Cc tham sca hm v thtc MD5
3.2.2.Cc thch thc ca m ha dliuThm ch trong trng hp m ha cng c thm v vn an ton,
nhng vn c nhng thch thc khng thuc vk thut. Nhng thch thc
ny bao gm:
M ha dliu c nh chmc (Indexed Data) Qun l kha Truyn kha Lu trkha Thay i cc kha m ha
Cc i tng nhphn ln (BLOB - Binary large object)
-
8/12/2019 Encryption Database in Oracle
49/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 42
3.2.2.1.M ha dliu c nh chmcNhng kh khn c bit ny ny sinh trong qu trnh xl dliu
m ha c nh ch s. V d, gi smt cng ty sdng snh danhquc gia (v dnhsan sinh x hi Hoa Ksca nhn vin cho cc nhn
vin trong cng ty mnh). Cng ty xem slng nhn vin l dliu rt nhy
cm v v vy mun m ha dliu trong ct EMPLOYEE_NUMBER ca
bng EMPLOYEES. V ct EMPLOYEE_NUMBER cha gi tr duy nht,
nhn vin thit kcsdliu mun lp chmc trn nng cao hiu
sut.
Tuy nhin, nu gi DBMS_OBFUSCATION_TOOLKIT (hoc cchkhc) c sdng m ha dliu trong mt ct, th mt chmc trn ct
cng scha gi trm ha. Song mc d chmc c thc sdng
cho vic kim tra ng thc (v d, SELECT * FROM emp WHERE
employee_number = '123245'), nu chmc trn ct cha cc gi trm ha,
th sau chmc cbn l khng thsdng cho bt k mc ch khc. Do
vy Oracle khuyn co cc nh pht trin khng m ha d liu c nh
chmc.
Mt cc gii quyt vn ny cho cc cng ty ang tm kim m
ha cc snh danh quc gia l to mt thay thbng snh danh duy nht
cho mi nhn vin ca h. Cng ty sau ny c thto mt chmc trn cc s
nhn vin thay thny v duy tr chng dng r. Cc snh danh quc gia
tng ng c ththay thtrong mt ct tch bit m khng cn nh chmc,
v cc gi ttrong c thc m ha bi mt ng dng cng c thxl
vic gii m mt cch thch hp. Theo cch ny, snh danh quc gia c th
thu c khi cn thit m khng c sdng nhmt sduy nht nh danh
nhn vin.
3.2.2.2.Qun l khaQun l kha, bao gm cvic to kha v bo mt lu trcc kha
m, ngi ta cho rng l mt kha cnh quan trng ca m ha. Nu cc
kha c chn khng tt hoc lu trkhng ng cch th n slm cho k
-
8/12/2019 Encryption Database in Oracle
50/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 43
tn cng ddng c thph vsbo mt. Thay v sdng tn cng vt
cn (ngha l: thtt ccc kha c thv hy vng c thtm thy kha gii
m ng), th ngi phn tch m thng c gng tm ra nhng im yu
trong vic la chn kha, hoc trong cch lu cc kha. Vic sinh kha lmt vn quan trng trong m ha.
a.Sinh khaCc kha c sinh mt cch tng qua mt bsinh sngu nhin t
mt mm mt m. Vi iu kin ssinh sngu nhin mnh th vic sinh
kha ny c thdng an ton. Tuy nhin, nu cc sngu nhin khng c
cc phn tc thdon c th c thddng lm nh hng n santon ca m ha.
Vi nm trc, Netscape c mt lhng bo mt trong thc thi SSL
c cng bkhi pht hin c rng 2 trong s3 phn t trong qu trnh
sinh sngu nhin khng phi l ngu nhin (V d: S serial my v thi
gian trong ngy). Kha m cho cc phin SSL c di kha thc t 9 bit so
vi qung co l 40 bit, nguyn nhn l do ssinh kha yu. Mt kha phin
SSL c thddng bph, khng phi do thut ton m yu m l do kha c
thddng c tm ra.
a ra qu trnh sinh kha m an ton, Oracle9i thm h trcho
qu trnh sinh s ngu nhin an ton bng th tc GetKey ca
DBMS_OBFUSCATION_TOOLKIT. Th tc GetKey gi ti b sinh s
ngu nhin an ton (RNG - Random Number Generator), bsinh ny c
chng nhn trong Federal Information Processing Standard (FIPS)- 140 nhmt phn ca nh gi vOracle Advanced Security FIPS- 140. Nhng ngi
pht trin khng nn sdng gi DBMS_RANDOM. Gi DBMS_RANDOM
sinh cc sgingu nhin; nhRFC-1750 pht biu, Sdng cc quy
trnh gingu nhin sinh nhiu kha b mt c th scho kt qugian
ton.
-
8/12/2019 Encryption Database in Oracle
51/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 44
b. Truyn khaNu kha c truyn bi ng dng ti csdliu, th n phi c
m ha. Nu khng, mt krnh m c thly c kha khi n c truyntrn ng truyn. Sdng m ha mng, nhc cung cp bi bo mt
cp cao Oracle Oracle Advanced Security, sbo vtt cdliu trn ng
truyn, bao gm cc kha, trnh khi ssa i, schn bt.
c.Lu khaLu trkha l mt cng vic quan trng, kh khn vkha cnh m
ha. khi phc li dliu c m ha vi kha i xng, kha phic thc sdng bi ng dng hoc ngi dng tm kim m ha d
liu. kha cn d ly li c ngi dng c th truy cp d liu
c m ha m khng lm gim hiu quthc thi. Cc kha cn c bo
mt va phi n khng thddng bly bi mt vi ngi ctnh truy
cp dliu c m ha m anh ta khng c php xem dliu . Ba ty
chn cbn sn c cho ngi pht trin l:
Lu trcc kha trong csdliu Lu trcc kha trong hiu hnh C mt ngi dng qun l cc kha
1/ Lu trkha trong csdliu
Lu trcc kha trong csd liu c thkhng phi lc no cng
cung cp bo mt bullet-proof nu bn cgng bo vcc dliu chng li
truy cp d liu c m ha DBA. V mt ngi c tt c cc c quyn
DBA c th truy cp cc bng cha cc kha m, nhng n thng c th
cung cp s bo mt kh tt chng li nhng tn cng khng c chch,
hoc chng li stn cng vo cc file csdliu trn hiu hnh.
y l mt v dnh, gisbn to bng E9MP Employee) cha d
liu nhn vin. Bn mun m ha san ninh x hi (SSN - Social Security
Number) ca mi nhn vin (l mt trong cc ct). Bn c thm ha sanninh x hi ca mi nhn vin sdng kha c lu trtrong ct ring. Tuy
-
8/12/2019 Encryption Database in Oracle
52/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 45
nhin, bt kngi no truy cp dng cu lnh SELECT trn ton bbng c
thly li kha m v kha gim ph hp vi SSN.
Cch m ha ny c vddng bnh bi, vi mt cht nlc bn cthto ra mt gii php lm cho n kh b ph vhn. V dbn c thm
ha SNN bng vic thm vo mt sbin i dliu trn employee_number
trc khi s dng n m ha SSN, v d n gin nh vic XOR
employee_number vi employee s birthdate.
Khi thc hin bo vbsung, phn thn gi PL/SQL thc hin m ha
c thc bao bc li (sdng tin ch gi), n lm ri on m v vy phn
thn gi khng thc c n. V d, a kha vo trong thn gi PL/SQLv sau bao n li lm cho phn thn gi bao gm ckha bao bc - v
lm cho n kh c vi DBA v ngi dng khc. Ngi pht trin c th
ng gi mt thn gi gi l KEYMANAGE nhsau:
wrap iname=/mydir/keymanage.sql
Mt ngi pht trin c th c mt hm trong gi gi l
DBMS_OBFUSCATION_TOOLKIT vi kha c cha trong gi cbao.
Khi phn bao bc khng thph vc, n gy kh khn vi ngi
nghe ln hthng ly c kha. lm cho vic kh khn hn, cc
kha c tch ra trong gi v sau c mt thtc rp li n trc khi c
sdng. Ngay ctrong trng hp mi kha khc nhau c cung cp cho
mi gi tr
d
liu
c m ha, do vy gi tr
ca cc kha l khng
cnh km trong mt package, ng gi cc package l thc hin qun l kha
(bin i d liu hoc m vo) c a ra. B sung thng tin v Wrap
Utility l sn c trong sch hng dn ngi dng PL/SQL v tham kho
Sc mt sa i c mt bng ring bit lu kha m, v phn
bao bc cc cuc gi n cc bng cc kha vi mt thtc. Cc bng kha
c thc ni ti bng dliu bng cch sdng mt quan hkha chnh-
-
8/12/2019 Encryption Database in Oracle
53/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 46
kha ngoi, v d, EMPLOYEE_NUMBER chnh l kha chnh trong bng
NHN VIN, n lu trthng tin nhn vin v SSN c m ha.
EMPLOYEE_NUMBER l mt kha ngoi ti bng SSN_KEYS,bng ny cha cc kha m ha SSN ca tng nhn vin. Kha lu trong
bng SSN_KEYS cng c thc thay i trc khi s dng (V d qua
php XOR), v vy cc kha khng c lu. Thtc nn c ng gi
giu i cch m cc kha c thay i trc khi sdng.
u im ca phng php ny:
Ngi dng c quyn truy nhp bng skhng thy c cc dliu nhy cm khng c m ha, cng khng thc c cc
kha m ha dliu
Truy cp ti cc dliu c m ha c thc iu khinqua mt thtc thc hin chn lc dliu ( c m ha), ly
ra nhng kha gii m tbng kha, v thay i n trc khi n
c thc dng m ha dliu.
Thut ton bin i dliu c giu trnh khi srnh mkhng chnh bng cch ng gi thtc nhm lm ri m th
tc.
Truy nhp SELECT ti cbng dliu v bng cc kha khngc bo m rng ngi dng vi quyn truy nhp ny c th
m ha dliu, bi v kha c thay i trc khi sdng.
Nhc im phng php ny l:
Mt ngi dng c quyn truy nhp SELECT ti cbng khav bng d liu, tc l c th c c cc thut ton thay i
kha, th hc thph vkiu m ha.
Phng php trn khng phi l bullet-proof (ngn c tn cng),
nhng n mnh bo vchng li vic c thddng ly c cc thng
tin nhy cm c lu trdng r (v d: sthtn dng).
2/ Lu trkha trong hiu hnh
-
8/12/2019 Encryption Database in Oracle
54/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 47
Lu trkha trong hiu hnh (v d: trong mt file flat) l mt la
chn khc. Oracle9i cho php bn to cc callout tPL/SQL, bn c ths
dng cc callout c c cc kha m ha. Tuy nhin, nu bn lu cc
kha trong hiu hnh v to cc callout cho n, th d liu ca bn chc bo vnhbo vtrn hiu hnh. Nu phn an ton csca bn l
thc hin m ha d liu lu trong CSDL th CSDL c thbph v th
iu hnh, v vy lu trcc kha trong hiu hnh c thc cho rng n
lm cho cc hacker ddng ly c dliu c m ha hn l lu kha
trong chnh cc csdliu.
3/ Mt ngi dng qun l kha
Khi c ngi dng cung cp kha, gii srng ngi dng ny sc
trch nhim vi kha. C 40% cc cuc gi yu cu tr gip l t nhng
ngi dng qun mt khu, v bn c ththy c cc nguy ctrong vic
ngi dng qun l cc kha m. Trong cc khnng c thxy ra, ngi
dng c thqun mt kha m, hoc vit kha m ra ri sau to ra mt bo
v khng mnh. Nu mt ngi dng qun mt kha m hoc ri khi
cng ty, th dliu ca bn skhng thly li c.
Nu bn thc hin chn ra mt ngi dng cung cp hoc qun l cc
kha, th bn cn m bo rng bn ang sdng m ha mng, v vy kha
skhng i tclient ti server theo dng r. Bn cng phi pht trin kthut
lu trkha, cng l mt vn bo mt kh khn.
d.Thay i cc khaThc hin bo mt thn trng bng cch thay i nh kcc kha m.
i vi lu trdliu, yu cu gii m v m ha li dliu mt cch nh
kvi mt kha c chn khc. iu ny phi thc hin khi dliu khng
truy nhp c, m to ra mt thch thc khc, c bit cho cc ng dng cho
web m ha sthtn dng, v bn khng mun ton bcc ng dng gp s
ckhi chuyn cc kha m.
-
8/12/2019 Encryption Database in Oracle
55/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 48
3.2.2.3.Cc i tng nhphn ln (BLOB)Mt kiu dliu yu cu nhiu hot ng hn m ha. V d, Oracle
htr lu trcc i tng nhphn ln, cho php ngi dng lu trcci tng nhphn ln (ln ti gigabyte) trong csdliu. Mt i tng
nhphn ln c thc lu trhoc l trong hqun trnhl trong mt
ct, hoc trong mt tp tin bn ngoi. s dng gi
DBMS_OBFUSCATION_TOOLKIT, ngi dng phi chia nh d liu
thnh cc on 32767 k t( gi trti a PL/SQL cho php) v sau c th
m ha cc on v gn vo cc BLOB. gii m, th tc tng tphi
c tip ni dng o ngc.
-
8/12/2019 Encryption Database in Oracle
56/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 49
Chng 4
TRIN KHAI M HA TRN CSDLIU NHN VIN
Cc cng ty hin nay thng thng tr lng cho nhn vin qua ti
khon hoc nu trbng tin mt cng hn chti a vic cc nhn vin
bit v tm hiu thng tin v lng thng ca nhau. Ti sao tin lng li
c gib mt nhvy?
i vi spht trin ca mt cng ty, bn cnh mt khoch v chin
lc r rng th cn phi c mt i ng nhn vin nng n nhit tnh ht
mnh v cng vic. S so snh thit hn v nhng thc mc v tng s thunhp snh hng n scng hin ca tng c nhn. Scnh tranh nhau v
mc thu nhp spht sinh mu thun v lm mt i son kt ca cc nhn
vin trong cng. Ty t ra cc vn cn phi thc hin l b mt tin
lng i vi cc c nhn c thtranh thsnhit tnh ti a ca cc nhn
vin trong cng ty.
Mt scng ty cng mun bo mt chc vca cc nhn vin, khng
mun nhn vin bnh thng bit c nhng ai c chc vcao hn mnh.
Do vi mt scng ty dliu vchc vv lng thng l cc d
liu nhy cm cn c bo mt.
4.1. Bng nhn vinV m ha csdliu l mt vn phc tp nn em chxt css
dliu n gin trn mt bng nhn vin.
-
8/12/2019 Encryption Database in Oracle
57/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 50
Cng ty lu trcc thng tin sau vnhn vin:htn, chc v, phng
lm vic, tui, gii tnh v lng nhv dsau:
MNV HTn Chc v Phng Tui Giitnh Lng
02001 Nguyn VnTi
Nhnvin
Marketing 29 M 3500
02002 Trn ThMai Trngphng
Khoch 33 F 6200
02003 Nguyn Quang
Huy
Nhn
vin
Khoch 27 M 4000
02004 Hong VnMinh
Gim stvin
Marketing 24 M 3600
02005 Nguyn ThHoa
Nhnvin
Khoch 24 F 2900
02006 Nguyn ThThu Hng
Gim stvin
Marketing 24 F 4000
02007 Nguyn ThNgn
Trngphng
Kinhdoanh
35 F 7000
02008 Kiu VitPhng
Nhnvin
Kinhdoanh
27 M 4500
02009 Phm ThLng
Nhnvin
Kinhdoanh
26 F 3500
02010 Nguyn Th
Nhung
Nhn
vin
Kinh
doanh
23 F 3000
02011 Nguyn VnTun
Phphng
Kinhdoanh
32 M 6500
Bng 4.1: Bng nhn vin
Do yu cu ca cng ty l cn m ha chc vv lngca nhn vin
nn cn thit k lc thc hin c cng vic ny. Lc ny cn
-
8/12/2019 Encryption Database in Oracle
58/80
-
8/12/2019 Encryption Database in Oracle
59/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 52
Cc kha m sc lu bng NhanVien_Key vi kha chnh tham
chiu n kha chnh ca bng NhanVien_Encrypt.
Hnh 4.3: Bng NhanVien_Key
Ban u cn phi m ha dliu bng NhanVien, sau chuyn d
liu m ha ny sang bng NhanVien_Encrypt, ng thi lu kha tng ng
vo bng NhanVien_Key.
Sau khi m ha v chuyn dliu thnh cng cn phi xa bng d
liu r, ngha l xa bng NhanVien.
Kt qu: chcn li hai bng l NhanVien_Encrypt v NhanVien_Key.
Lu : Mi dng dliu cn m ha trong bng NhanVien sc s
dng mt kha tng ng ca bng kha NhanVien_Key.xem d liu r (d liu gii m) ta snh ngha mt khung nhn
da trn bng dliu m NhanVien_Encrypt v bng kha NhanVien_key.
-
8/12/2019 Encryption Database in Oracle
60/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 53
Hnh 4.4: To khung nhn NhanVien_Table
V tin cho vic qun trv phn tch bn phn ta sto mt ngi
dng thc thi cng vic m ha bng nhn vin trn. Khi cc bng
NhanVien_Encrypt v NhanVien_Key sdo ngi dng ny to ra.
4.3. Cc bc trin khaiCc bc cn thc hin thc hin cng vic trn l:
To ngi dng Xy dng gi cho vic m ha/gii m M ha/Gii m dliu To trigger gii quyt vn thm, cp nht v xa nhn vin Phn phi kha
-
8/12/2019 Encryption Database in Oracle
61/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 54
Thm bt ngi dng4.3.1.To ngi dng SA
Ngi dng SA c to thc thi vic m ha. SA slm gim btc cng vic ca ngi qun tr, ng thi cng c thgip cho vic tch
bn phn c ddng hn.
ngi dng SA c ththc thi c cng vic ny ta cn phi gn
cho anh ta mt s c quyn: connect session, create view, create public
synonym, drop public synonym.
4.3.2. Xy dng package m ha/gii mV dbms_obfuscation_toolkit khng thuc v trc gic gi, v vy
chng ta s to mt vbc thn thin vi ngi dng hn, dsdng hn.
Chng ta sgi chc nng vbc m ha v gii m d liu thay v gi
trc tip dbms_obfuscation_toolkit. y ta sto gi CRYPT_UTIL.
Phng php m ha c la chn trong gi CRYPT_UTIL l 3DES.
Gi ny gm 3 hm nhsau:
Crypt() thc hin vic m ha Get_key() thc hin sinh kha Decrypt() thc hin vic gii m
Chi tit v m ngun ca chng trnh c chng ti a ra trongphn phlc.
4.3.3.M ha/gii m dliuQu trnh m hadliu sc thc hin qua mt sbc sau:
Bc 1: M ha bng NhanVien c sn
-
8/12/2019 Encryption Database in Oracle
62/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 55
Hnh 4.5: Qu trnh m ha bng NhanVien
Bc 2: Xa bng NhanVienKt qusau khi m ha bng nhn vin:
Hnh 4.6: Bng nhn vin m ha
Qu trnh gii m s c thc hin thng qua khung nhn
NhanVien_vw (to tn ng ngha vi khung nhn NhanVien_vw l
NhanVien_Table), c to trn bng NhanVien_Ecrypt. Khung nhn ny s
-
8/12/2019 Encryption Database in Oracle
63/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 56
kt hp bng NhanVien_Ecrypt v NhanVien_Key v bc ltt ccc ct tr
ct kha. Khung nhn ny sbc lgi trct chc vv lng c gii
m bng cch sdng crypt_util.decrypt. V crypt_util.decryt trvkiu d
liu varchar2(2000). trnh iu ny chng ta s chuyn cc ct vngkiu dliu.
Hnh 4.7: To khung nhn NhanVien_Table
Kt qukhi to khung nhn c bng r ca bng nhn vin lNhanvien_table:
-
8/12/2019 Encryption Database in Oracle
64/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 57
Hnh 4.8: Bng Nhanvien_table
4.3.4.Xl qu trnh thm, cp nht v xa nhn vinTa ssdng cc trigger INSTEAD OF thao tc dliu. Cc trigger
ny sthao tc dliu trn bng csbt ckhi no ngi dng thm, cp
nht hay xa trn khung nhn. Trong khi cp nht cc trigger ny cng m
bo gi trcc dliu cn c m ha cng c cp nht.
Ni dung chi tit on m chng trnh trigger NhanVien_vw_trg c
ti a vo trong phn phlc.
4.3.5.Qun l khaCc kha m c lu trong bng ring NhanVien_Key, bng ny l s
hu ca SA, do anh ta c ton quyn trn bng ny. Do vic thay i
kha ta c ththc hin bng cch cp nht li dliu trong bng kha. Lu
, khi thay i kha phi thc hin qu trnh gii m d liu ang c m
ha bng cch kha ny, ri m li bng kha mi.
4.3.6.Qun l ngi dng truy cp dliu r
-
8/12/2019 Encryption Database in Oracle
65/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 58
Ngi dng no c quyn c xem ct chc vv lng th chcn
gn cho hquyn trn khung nhn NhanVien_Table.
4.4.
Kt qukim traGisc 2 nhn vin: NhanvienA v NhanvienB
NhanvienA:c php xem ct chc vv lng, ngha l anh ta cquyn truy cp vo bng Nhanvien_Table v xem c dliu dng
r.
NhanvienB:khng c php xem ct chc vv lng, ngha l anhta k c quyn truy cp d liu r v ch c truy cp vo bng
NhanVien_Encrypt (hay l bng NhanVien)
Khi NhanvienA kt ni vo csdliu thc hin cu lnh: select *
from NhanVien_Tableth kt qusl:
Hnh 4.9: Nhn vin A xem dliu r
Khi NhanvienB kt ni vo csd liu thc hin cu lnh: select *
from NhanVien_Encrypt th kt qusl:
-
8/12/2019 Encryption Database in Oracle
66/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 59
Hnh 4.10: Select tbng NhanVien_Encrypt
Gn cho NhanVienA quyn cp nht v thay i bng NhanVien
Qu trnh cp nht dliu vo bng NhanVien:- Htn: Ong ThHng- Chc v: Nhn vin- Phng: Khoch- Tui: 24
-
Gii tnh: N- Lng: 2500
-
8/12/2019 Encryption Database in Oracle
67/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 60
Hnh 4.11: Insert vo bng NhanVien
Qu trnh cp nht nhn vin c MaNV=02004 vi lng l5000
-
8/12/2019 Encryption Database in Oracle
68/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 61
Hnh 4.12: Update bng NhanVien
4.5. nh gi lc m ha bng nhn vinCht lng bn m:
- Khi m ha kch thc dliu tng ln ( trng hp nhnht l bng),v vy vi mt bn m ca mt bn c kch thc ngn (v d luong=3000,
chc 5 k t) ngi thm m vn kh c thsuy on ra c bn r ban
u.
- Hn na vi lc m ha c thit ktrn th vi hai bn ghi cgi trging nhau nhng khi m ha sc gi trkhc nhautng thm s
kh khn cho thm m.V d: Nguyn Vn Ti v Nguyn Quang Huy u l nhn vin, kt
qum ha chc vca hnhsau:
Nguyn Vn Ti: CCF0BFD96FFD7F5477386D5CDCF787F6
Nguyn Quang Huy: 457BC1E73A754F9813F9AE47139EE61B
-
8/12/2019 Encryption Database in Oracle
69/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 62
Hnh 4.13: So snh kt qum ha cc bn ghi ging nhau
Tm li lc m ha trn bng nhn vin c nhng u nhc im
sau:u im:
- m bo c ct lng v chc vc m ha khi lu trvo csdliu.
- Ngi dng tri php khng thxem c dliu vchc vv lng.- Qu trnh m ha/gii m trong sut vi ngi dng cui.
Nhc im:
- Hiu sut gim v qu trnh thao tc d liu phi thm nhim vmha/gii m dliu.
- Kch thc dliu cn lu trtng ln kh nhiu tng dung lngbnhcn thit.
-
8/12/2019 Encryption Database in Oracle
70/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 63
KT LUN
Hin nay, bo m an ton cho thng tin nhy cm l mt vn cn
thit v quan trng i vi mt tchc. Phng php m ha csdliu lmt phng php phng th theo chiu su, n b sung mt cch hiu qucho cc phng php khc.
Vi mc tiu m ti t ra, qua mi phn, em tm hiu va ra c nhng nghin cu ca mnh nhsau:
- Tm hiu c tng quan vmt m, cc phng php m ha, v mtsthut ton phbin.
- Nghin cu c vn an ton trong csdliu, v cc mc mha m bo an ton cho cc dliu lu trtrong .
- Tm hiu c khnng m ha ca hqun trOracle v cc thchthc ny sinh khi p dng m ha vo csdliu.
- ng thi cng p dng c m ha mc hqun trcsdliucho mt csdliu cth.
Tuy nhin, do thi gian c hn v kin thc thc tin cn hn chnn vn cn mt shn ch:
- Vic p dng mi chmc mt bng n gin cha p dng cmt csdliu phc tp.
- Phng php m ha cn n gin, vic qun l kha mc hquntrnn cha tht stch bit c bn phn ca nhn vin an ton vnhn vin qun trbnh thng.
- Cc hm m ha c sdng l do Oracle cung cp, nn cn nhiuhn ch. V dnhphin bn Oracle 9i chcung cp thut ton m haDES, m hin nay th DES c thay thbng AES.
T hng pht trin trong tng lai em s:
- Pht trin module m ha/gii m ring.- p dng cho mt csdliu hon chnh.
-
8/12/2019 Encryption Database in Oracle
71/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 64
TI LIU THAM KHO
[1]. TS. Nguyn Nam Hi, Gio trnh An ton csdliu, Hc vin K
thut mt m, 2006
[2]. GS.TS. Nguyn Bnh, TS. Trn c S, Gio trnh Csl thuyt mt
m, Hc vin Kthut mt m, 2006
[3]. TS. Trn Vn Trng, gio trnh Mt m hc nng cao, Hc vin K
thut mt m, 2006.
[4]. D.E. Denning, Cryptography and Data Security, Addison-Wesley.
[5]. D.R. Stinson, Cryptography: Theory and pracetise, CRC Press, 1995.
[6]. Oracle Corporation, Database Encryption in Oracle9i, technique white
paper, 2001.
[7]. RSA Security company, Securing Data at Rest: Developing a Database
Encryption Strategy, whiter paper, 2002.
[8]. Luc Bouganim, Yanli GUO, Database Encryption
[9]. Erez Shmueli, Ronen Vaisenberg, Yuval Elovici, Chanan Glezer,
Database Encryption An Overview of Contemporary Challenges and
Design Considerations
-
8/12/2019 Encryption Database in Oracle
72/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 65
PHLC
A.Ngi dng SA/************Tao user SA****************/
Drop user sa cascade;
create user SA identified by sa default tablespace users
temporary tablespace temp ;
/********Gan cac quyen cho user SA**********/
grant connect, resource to SA;
grant create view to SA;
Grant create public synonym to SA;
Grant drop public synonym to SA;
B.Gi CRYPT_UTILcreate or replace package crypt_util
as
function crypt (p_str in varchar2, p_key in raw)
return raw;
function decrypt (p_data in raw, p_key in raw)
return varchar2;
function get_key return raw;
end crypt_util;
create or replace package body crypt_util
as
function crypt (p_str in varchar2, p_key in raw)
return raw
as
-
8/12/2019 Encryption Database in Oracle
73/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 66
l_data varchar2(255);
l_datar raw(255);
l_retval raw(255);
begin
l_data := rpad( p_str,
(trunc(length(p_str)/8)+1)*8, chr(0) );
l_datar := utl_raw.cast_to_raw(l_data);
dbms_obfuscation_toolkit.des3encrypt
( input => l_datar,
key => p_key,
which =>
dbms_obfuscation_toolkit.ThreeKeyMode,
encrypted_data => l_retval );
return l_retval;
end;
function get_key
return raw
as
l_keyr raw(255);
l_seed varchar2(255);
l_seedr raw(255);
begin
l_seed :=
'UpKYrZHeiooBqkvpJHuImXrLOmVzYhgBhJcNLQL'||
'wkKYAhKgoZKnXPDBjcgYPGnfPyQOBAGmtRTJUhXAo';
l_seedr := utl_raw.cast_to_raw(l_seed);
dbms_obfuscation_toolkit.des3GetKey
(which=>dbms_obfuscation_toolkit.ThreeKeyMode,
seed => l_seedr,
key => l_keyr
);
return l_keyr;end;
-
8/12/2019 Encryption Database in Oracle
74/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 67
function decrypt (p_data in raw, p_key in raw)
return varchar2
as
l_data varchar2(255);
l_datar raw(255);
begin
l_datar := dbms_obfuscation_toolkit.des3decrypt
(input => p_data,
key => p_key,
which =>
dbms_obfuscation_toolkit.ThreeKeyMode);
return (substr
(utl_raw.cast_to_varchar2(l_datar),
1,instr(utl_raw.cast_to_varchar2(l_datar),chr(0),1)-1
));
end;
end crypt_util;
C.Khung nhn NhanVien_vwCreate or replace view nhanvien_vw
as
select
n.MaNV,
n.HoTen,
cast (crypt_util.decrypt(n.ChucVu,k.key) as
varchar2(30)) chucvu,n.Phong,
n.Tuoi,
n.Gioitinh,
cast (crypt_util.decrypt(n.Luong,k.key) as
varchar2(10)) luong
from nhanvien n, nhanvien_key k
where n.manv=k.manv;
Create public synonym nhanvien_table for nhanvien_vw;
-
8/12/2019 Encryption Database in Oracle
75/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 68
D.Trigger NhanVien_vw_trgcreate or replace trigger nhanvien_vw_trg
instead of insert or update or delete on
nhanvien_vw for each row
declare
l_key raw(255);
begin
if (inserting)
then
/* Lay khoa ma hoa cho cac cot */
l_key := crypt_util.get_key;
/* Them hang vao trong bang nhanvien voi
truong
chuc vu va luong duoc ma hoa*/
insert into nhanvien
( manv,
HoTen,
ChucVu,
Phong,
Tuoi,
Gioitinh,
Luong
)
values
(
:new.manv,
:new.HoTen,
crypt_util.crypt(to_char(:new.ChucVu),l_key),
:new.Phong,
:new.Tuoi,
:new.Gioitinh,
crypt_util.crypt(to_char(:new.Luong),l_key)
);
/* Them khoa vao trong bang nhanvien_key */insert into nhanvien_key
-
8/12/2019 Encryption Database in Oracle
76/80
-
8/12/2019 Encryption Database in Oracle
77/80
M ha csdliu trong Oracle
SVTH: Ong ThHng AT020128 Khoa An Ton Thng Tin 70
delete from nhanvien_key
where manv = :old.manv;
update nhanvien
set manv = :new.manv
where manv = :old.manv;
insert into nhanvien_key
(
manv,
key
)
values
(
:new.manv,
l_key
);
end if;
/* Neu thay doi HoTen thi cap nhat HoTen*/
if ( :new.HoTen =:old.HoTen )
then
update nhanvien
set HoTen = :new.HoTen
where manv = :new.manv;
end if;
/* Neu thay doi Chuc vu */
if ( :new.ChucVu =:old.ChucVu )
then
update nhanvien
set ChucVu =
cr