The Evolution of Database Encryption

If you’re like me, and you grew up with several siblings, you know what it’s like to leave your halloween candy in your closet and come back to find some of the good stuff has gone missing.

So what do you do? You hide it someplace good. Really good, like, in mom’s sewing kit good (sorry mom). But it’s easy to forget these things, you know? So you write down your hiding spots, and what’s placed where, and you quickly realize if anyone were to find this list, well, all your stuff would be gone.

No Encryption

Enter your friend Sam. You tell Sam about your plight and, being the bro he is, offers to keep the list for you.

A protocol is hatched. If you want to hide something, you call him up on the phone and tell him where you put it. He’ll write it down and keep the list someplace safe, and if you want to know where something is, he can look it up and tell you. Great.

“What could go wrong, bro?” “Absolutely nothing, bro”

All is well in the world for a few weeks. No one can find your hiding spots because you know how to pick’em and Sam always comes through.

One day, though, Sam’s dad is putting away some socks Sam left out. He finds the list hidden there and, after glancing at it, accidentally leaves it out.

Sam’s brother finds it before you do. It’s got your name on it and he quickly figures out what it is. He calls up your sister who he knows from school and together they plot to split the spoils.

Encryption

You recover your stuff (except the candy), and you’re back to square one. Sam’s brother knows about the list now. Guaranteed he’s going to be looking for it.

You’ve resigned yourself to the situation when Sam comes up with an idea. He’s recently learned about asymmetric encryption in 7th grade math class which evidently has come a long way since the early 2000's. Basically:

1. if you turn your message into a number
2. you can take two large numbers and use
3. one to scramble the message
4. the other to unscramble it.
5. You can use either to scramble or unscramble and only they can unscramble each other because of the way you picked them.

How do you turn a message into a number?

One way would be to substitute each letter in the message for it’s number in the alphabet. “A” would be “01”, “Z” would be “26”, and so on. A space could be “27”. Then, you bookend your number with something special like “88” on both sides, to get rid of any leading zeros. The result would be a unique number that could only be given by that message.

This is essentially how words are stored in computers, but with different rules

Sam explains this to you. This feels weird, but you agree. If every character is two digits, then there can only be one message for any number, and one number for any message. They’re the same thing.

Database only encryption

Sam continues, “So there’s a website that does this encryption for you, if you’ve got your message and your numbers. Let’s do the same thing, except this time, I’ll encrypt the message before writing it down. I’ll keep one of the numbers on the list so I don’t lose it and one on a note in my backpack. That way if someone finds the list, they won’t be able to use it.”

Sounds legit so you agree.

When you and the boys reinvent encryption at rest

This is great. It works for a long time. Sam’s brother finds the list one day and nothing happens. Sam was right, the math checks out.

Then, your sister overhears you sending a message. You fortunately catch her listening in outside your bedroom door and re-locate the item, but she’s found a flaw.

She starts listening outside your room more and is able to catch you a few times. She knows Sam is on a landline and enlists Sam’s brother to try and intercept messages by picking up another phone in the house when she hears you start a call.

Sam’s new girlfriend finds the key in the backpack and knows what it’s for, but fortunately doesn’t do anything with it because she’s nice. No harm but not ideal.

Still, your game boy is missing again and now your brother is singing a song about you sitting in a tree with Jessica from history class because your crush list was found. This isn’t working.

Encryption Everywhere

You and Sam put your heads together and come up with a new plan. This time, you’ll hold on to the keys, and you’ll do all the encryption stuff before sending it over to Sam. Sam will just write down the numbers you tell him.

Encryption in transit and encryption at rest = Encryption Everywhere

This works well. This works really well. You find a way to put the keys on your phone which is password protected so you don’t have to worry about losing slips of paper.

There’s no vulnerability on Sam’s side, nothing for his girlfriend or dad to accidentally leave out, nothing for his brother to find. As long as you hold on to the keys, you’re set.

Sam’s brother, determined to show who’s boss, comes up with a clever plan. He works with your sister to find the location of one item you’ve stashed. She eventually finds the comic book in the sofa.

Sam’s brother looks at your list and now knows that 0x1D85F means “sofa.” This means he can take “sofa,” translate it to a number (using the same process described earlier) and try lots of guesses until he finds the numbers used to scramble and unscramble it.

He’s now cracked the encryption and is able to see the rest of your list.

Column Level Encryption

Half frustrated, half impressed, you and Sam revise your protocol. Unfortunately, Sam tells you, there is no way to get around him being able to crack the code if he knows what it means.

Best you can do is isolate them from each other by using different keys.

This could mean a lot of keys, and you’re worried about losing or messing one of them up. You’d rather not have to keep track of so many different keys if you don’t have to. It would be nice if Sam kept track of the keys, but you’ve already learned your lesson about keeping the keys next to the list.

Sam comes up with an idea. A key is just a number, and we can encrypt numbers, right? You decide to do the following:

1. each item gets its own encryption keys
2. we encrypt these keys with your key and keep the encrypted item keys on the list
3. every time you ask for a location, Sam will give you the location and the encrypted item key
4. you use your key to decrypt the item key, and then use that key to decrypt the item
5. you follow a similar flow for adding updates

After hashing out the details, you come up with the following plan.

Decrypting a value

Adding an encrypted value

This is a complex scheme, but offers a lot in terms of security and flexibility.

Wrapping things up

In this analogy, Sam is a database, you are a client application that uses the database to store whatever data you need, your password protected phone is a key vault, and the phone calls between you are the network.

The siblings are threat actors (i.e. hackers) which use a variety of methods to get your data. For example, overhearing the phone calls is called a “man-in-the-middle” attack and guessing the numbers using “sofa” is an inference attack.

Sam’s dad and girlfriend are what’s known as privileged users. Databases are applications that, like any old application, run on an operating system and computer. These need to be maintained and updated, which requires granting high level access to them.

A number of people that might typically have or be trying to access data

Whether this is in the cloud or on-premise servers, these privileged users are increasingly a source of data leaks, either by intent or by carelessness.

This has pushed firms to adopt a “zero trust” policy of security wherein the assumption that all agents past a certain barrier are trustworthy is tossed out the window.

In a zero trust world, your threats could come from outside or inside the house

It’s important to note that all encryption schemes we’ve covered have their use cases. Just because some have more vulnerabilities than others does not mean they’re useless.

Encryption comes with its limitations, and sometimes a less secure encryption scheme makes sense.

That’s it! Hope you enjoyed reading.