Skip to content

Administrator

Developer

Tools

External Tools

13. Securing Data#

The chapter covers how to use security modules to develop a database encryption strategy.

Overview#

As the protection of information becomes an increasingly important issue, and with the increased awareness of the highly sensitive nature of personal and business information, information protection legislation is being enacted, which is creating the need for more sophisticated database security management functionality.

With the goal of protecting your database from both internal and external threats, Altibase provides security module integration function to effectively protect the database by interlocking a security module suitable for user needs.

This chapter will focus on how to implement security modules in an integrated manner with the aim of protecting your data.

The Altibase security module integration functionality provides powerful encryption management that integrates Altibase server and independent security modules without modifying client applications to provide a complete system for protecting personal information. Altibase supports the integration of trusted third-party security modules with the Altibase server to improve on vulnerabilities in database security, and provides an interface that can be used to integrate security modules effectively.

Altibase provides an architectural framework that allows security modules to be used to encrypt data, intensively control database access and performing at the database level. All operations pertaining to security are performed by the security module that is integrated with Altibase server, rather than by the Altibase server itself.

Encryption applies to columns in tables. The data in encrypted columns are secured regardless of whether the data reside on disk or in a memory buffer.

Access control tasks are roughly categorized into two areas: determining what is to be protected and determining which users have the right to access protected objects.

Like encryption, access control also applies to columns in tables. Every user wishing to access a protected column must first have been granted access rights for the corresponding object.

Which items are protected, which users have the right to access protected data, and all encryption tasks are logged for auditing purposes

The security-related features provided with Altibase are as follows:

  • Encrypted data can be stored and managed either on disk or in memory
  • Data to be output is decrypted according to security privileges
  • Indexes are built in such a way that the chronological order of the original data is maintained
  • Tables that contain encrypted columns can be replicated

How Security is Organized in Altibase#

Altibase and a security module are independent of each other. Encryption keys, security policy, and information about security privileges are managed in a security module that is not part of the database itself.

Altibase can operate normally even when it is not integrated with a security module. However, queries executed on encrypted columns will fail if no security modules are present.

Altibase is integrated with a security module both by setting security module-related properties appropriately and by executing SQL statements. Altibase evaluates the validity of the connection between the security module and Altibase server and guarantees that the connection is valid.

When Altibase evaluates the connection with the security module, it compares security-related information, such as the module name, version, and information about encrypted columns, in the database with the corresponding information in the security module.

Columns can be encrypted without requiring that any changes be made to existing applications that connect to Altibase. Encrypted columns can be created and deleted using SQL. Other tasks can be accomplished without changing any of the queries that are used in the existing application.

In Altibase, the security-related functions of the main module are as follows:

  • Integrating Altibase with security modules in accordance with environment variables and SQL statements while the database is running
  • Supporting data structures and meta information for managing encrypted data
  • Supporting extended SQL for security
  • Supporting replication

The roles played by an external security module are as follows:

  • Managing encryption algorithm settings, including the kind of algorithm that is used and the initialization vector, if applicable
  • Managing settings for encrypted columns, including the encryption algorithm and encryption/decryption permissions
  • Encrypting and decrypting data
  • Managing access control settings, including access to specific IPs and access by specific users
  • Auditing, including encryption/decryption logging and access control logging

Integrating a Security Module#

This section describes the important steps to integrate the security module.

The tasks that must be performed in order to integrate a security module will now be explained.

A single server can be integrated with only one security module. In order to integrate the security module, the security policy of the ECC algorithm (the Altibase ECC algorithm is a form of Order Preserving Encryption), which guarantees that the order of the encrypted data is the same as the order of the original data, the name of the module and the location of the module in the file system are set. The security module can then be integrated.

In Altibase, ECC is an acronym for Encrypted Comparison Code, and is a hash value that guarantees that the order of the encrypted data is the same as the order of the original data. An ECC is generated using a hashing algorithm that allows only one-way transformation to ensure that encrypted data cannot be converted back to their original form. Using an ECC allows comparison operations to be rapidly executed on encrypted columns within Altibase, without exposing the actual data to database administrators or users.

The term ECC algorithm denotes a hashing algorithm used to generate an ECC. External security modules support various ECC algorithms. However, only one ECC algorithm can be used at one time on one server.

The following steps are taken to integrate a security module with Altibase:

  • Install the external security module
  • Configure the Altibase environment
  • Start the security module
  • Create encrypted columns and convert existing columns into encrypted columns

Because the step of installing the external security module varies depending on the type of security module that is used, please refer to the documentation for the external security module to be installed. The remaining steps, such as the steps of configuring the Altibase environment, starting the security module, creating encrypted columns, or converting existing columns into encrypted columns, as well as stopping the security module and decrypting columns will be explained in this document.

Configuring Altibase for Security#

Set the path of the security module in the Altibase properties file, which is located at $ALTIBASE_HOME/conf/altibase.properties, as follows:

SECURITY_MODULE_NAME        = altibase 
SECURITY_MODULE_LIBRARY     = libsecurity.so
SECURITY_ECC_POLICY_NAME    = ecc_policy1

Please note in mind that the property values are case-sensitive. Set the value of the SECURITY_MODULE_NAME property appropriately to identify the security module being used.

Set the value of the SECURITY_MODULE_LIBRARY property to the name of the installed security module library file. The SECURITY_ECC_POLICY_NAME property must be set in order for Altibase to distinguish the security policy from other items internally.

The values of these properties can be set or changed using the ALTER SYSTEM statement while the system is running. When the values of these properties are changed using the ALTER SYSTEM statement, the value set for the SECURITY_MODULE_LIBRARY must include the absolute path to the library file.

ALTER SYSTEM SET SECURITY_MODULE_NAME = 'altibase';
ALTER SYSTEM SET SECURITY_MODULE_LIBRARY = '/altibase_home/lib/libsecurity.so';
ALTER SYSTEM SET SECURITY_ECC_POLICY_NAME = 'ecc_policy1';

Starting Security Modules and Encrypting Data#

This section explains how to start security modules and encrypt data, and introduces the related statements.

Starting up the Security Module#

Once all of the properties related to the security module have been set, it can be started up. The following is a brief description of the internal processes that occur when the security module is started:

Security module authentication#

If mutual authentication fails, the security module cannot be used.

Initialization and validation of the security module#

The security module's internal settings, license, and the like are checked.

Examining ECC security policy#

The ECC security policy, which is set using properties in the security module, is checked to determine whether it is valid or not.

The security module can be started up using the ALTER SYSTEM statement with the START SECURITY option. It will be necessary to access the system as an administrator with suitable privileges.

Example#

Access an idle instance of Altibase as an administrator with suitable privileges

iSQL> CONNECT sys/manager

Set security module-related properties as appropriate. 

iSQL> ALTER SYSTEM SET SECURITY_MODULE_NAME = 'altibase';
iSQL> ALTER SYSTEM SET SECURITY_MODULE_LIBRARY = '/altibase_home/lib/libsecurity.so';
iSQL> ALTER SYSTEM SET SECURITY_ECC_POLICY_NAME = 'ecc_policy1';

Start the security module.

iSQL> ALTER SYSTEM START SECURITY;

Check if the security module is running correctly.

iSQL> SELECT * FROM SYSTEM_.SYS_SECURITY_;
MODULE_NAME  MODULE_VERSION  ECC_POLICY_NAME  ECC_POLICY_CODE  
--------------------------------------------------------------------
altibase     1.0             ecc_policy1      abcde12345

Stopping the Security Module#

Just as when starting up the security module, it is necessary to access Altibase as an administrator with suitable privileges in order to stop the security module. Then, execute the following statement:

iSQL> ALTER SYSTEM STOP SECURITY;

The inactive status of the security module can be verified using the following statement:

iSQL> SELECT * FROM SYSTEM_.SYS_SECURITY_;
MODULE_NAME  MODULE_VERSION  ECC_POLICY_NAME  ECC_POLICY_CODE  
--------------------------------------------------------------------
No rows selected.

Note: The security module can be shut down only if there are no encrypted columns.

Column Encryption#

When it is necessary to secure confidential data in particular columns, those columns can be encrypted. Column encryption is supported for the CHAR and VARCHAR data types.

Columns can be encrypted at the time that they are created using the CREATE TABLE statement, or alternatively, columns in existing tables can be encrypted using the ALTER TABLE statement.

In both cases, use the ENCRYPT USING clause to specify the security policy to use to encrypt the column data.

Use the DESC statement to confirm that a column has been encrypted.

Command Syntax#

CREATE TABLE table_name (column_name datatype [ENCRYPT USING 'policy_name']);
Restriction:#

The data type of an encrypted column cannot be changed.

Example#

Query1> Specify the empID1 and ssn1 columns as encrypted columns when creating a table.

CREATE TABLE t1 ( name1 VARCHAR(5), empid1 VARCHAR(10) ENCRYPT USING 'POLICY_ID', ssn1 CHAR(12) ENCRYPT USING 'POLICY_SSN' ); 

Query2> Check whether any encrypted columns exist in a table.

```sql
    iSQL> DESC t1
    ----------------------------------------------------------------
    NAME            TYPE                                    IS NULL
    ----------------------------------------------------------------
    NAME1           VARCHAR(10)                 FIXED
    EMPID1          VARCHAR(8)      ENCRYPT     FIXED
    SSN             CHAR(12)        ENCRYPT     FIXED

Encrypting Existing Columns#

Regular columns can be converted into encrypted columns using the ALTER TABLE statement.

Command Syntax#

ALTER TABLE table_name MODIFY (column_name [ENCRYPT USING 'policy_name']);
Restrictions:#
  • Encrypted columns cannot be encrypted again.
  • The data type of an encrypted column cannot be changed.

Example#

Query> Convert the empID1 column in t1, an existing table, to an encrypted column using the policy_ssn policy.

ALTER TABLE t1 MODIFY (empID1 ENCRYPT USING 'policy_ssn');

Canceling Encryption#

Encrypted columns can be converted back into regular columns using the ALTER TABLE statement with the MODIFY option.

Command Syntax#

ALTER TABLE table_name MODIFY (column_name [DECRYPT]);

Example#

Query> Convert the empID1 column in table t1 back into a regular column.

ALTER TABLE t1 MODIFY (empID1 DECRYPT);