slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Protection of Relations Within Large Datasets PowerPoint Presentation
Download Presentation
Protection of Relations Within Large Datasets

Loading in 2 Seconds...

play fullscreen
1 / 16

Protection of Relations Within Large Datasets - PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on

Protection of Relations Within Large Datasets. Mgr. Boleslav Bobčík, T-Systems Czech Republic, a.s. Let’s Start With Basic Facts …. Assets : valuable data contained in information systems Two families of threats targeted at data :

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Protection of Relations Within Large Datasets' - zia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Protection of Relations

Within Large Datasets

Mgr. Boleslav Bobčík, T-Systems Czech Republic, a.s.

Protection of Relations Within Large Datasets

let s start with basic facts
Let’s Start With Basic Facts…
  • Assets: valuable data contained in information systems
  • Two families of threats targeted at data:
    • Active threats– modification, unauthorized alteration, destruction
    • Passive threats – unauthorized copying, eavesdropping, data leaks
  • Concerns with data leak detection
    • Easy to create a copy of data
    • The original data are unaffected by copying

Protection of Relations Within Large Datasets

data and their context
Data And Their Context
  • Isolated (standalone) data
    • Low value
    • Their occurrence in information systems is rather rare
  • Context of data
    • Relations between data records: substantial part of assets’ value
    • Reason for relational DBMS popularity
    • Usual target of attackers

Protection of Relations Within Large Datasets

information s ystem v ulnerabilities how the architects imagine things
Information System VulnerabilitiesHow the Architects Imagine Things...

Protection of Relations Within Large Datasets

information s ystem v ulnerabilities how the system actually looks
Information System VulnerabilitiesHow the System Actually Looks...

Protection of Relations Within Large Datasets

information system vulnerabilities exploited
Information System Vulnerabilities – Exploited
  • Sony PlayStation® Network
    • April 2011
    • External attacker
    • Stolen 77 million records
    • Direct damage: $171 million
    • Indirect damage: ???
  • Lessons learned?
    • SonyPictures.com data breach
    • June 2011
  • Goold Health Systems
    • January 2013
    • Loss of backup media with patient data
    • 6000 Medicaid records including personal and payment data
  • Gatineau Townhall, Canada
    • January 2013
    • Loss of student loans data
    • 583 thousands records

Protection of Relations Within Large Datasets

usual approaches to data protection
Usual Approaches To Data Protection
  • Securing the perimeter
    • Objective: prevent access of unauthorized people
    • Authentication/authorization
  • Problems
    • Threat of rogue insiders
    • Data taken out of the perimeter are „defenseless“
  • Data encryption
    • Objective: protect static representation of data
    • Database-level encryption
    • Data accessible only for authorized users
  • Problems
    • Often „All-or-Nothing“ solution
    • Cryptographic key management
    • Data recovery risks

Protection of Relations Within Large Datasets

alternative approach
Alternative Approach
  • Securing the relations between data
  • Idea (based on relational database theory)
    • Divide the data into „context domains“
    • Link the records across domain boundaries with secure identifiers
  • Secure identifier construction
    • Initial data structure
    • Encrypted with domain-related key
    • Result: seemingly random sequence of bits
  • All identifier transformations performed in secure environment

Protection of Relations Within Large Datasets

data before secure identifier application
Data Before Secure Identifier Application

Protection of Relations Within Large Datasets

data after secure identifier application
Data After Secure Identifier Application

?

Protection of Relations Within Large Datasets

but we can go further
... But We Can Go Further

Protection of Relations Within Large Datasets

aspects of successful deployment
Aspects Of Successful Deployment
  • Applications in legacy information systems
    • Invasive change, impact depends on architecture of the IS
  • Intentional break of normal relationship implementation
    • Unable to utilize standard database query techniques
    • Possible solutions: NoSQL technologies, proxy drivers
  • Large datasets are necessary
    • Avoiding the brute-force threats
  • Reduced data throughput
    • Security level is a compromise between data protection and other parameters (performance, price, ease of use…)

Protection of Relations Within Large Datasets

benefits of protected relationships
Benefits Of Protected Relationships
  • Data access control
    • Context domains have isolated data character
    • Easy to manage access to individual domains
  • Secure identifier operations performed by a separate subsystem
    • Dependency between data and physical device prevents data theft
    • Additional security layers can be included
  • Breach recovery mechanism
    • Compromised identifiers can be replaced

Protection of Relations Within Large Datasets

similar approaches
Similar Approaches
  • PCI/DSS
    • Data tokenization
    • Opaque (uninterpretable) values substituting sensitive data
  • Format-preserving Encryption
    • Less-known / rarely used method
  • IS ORG – personal identifier translator
    • Internal component of Czech eGovernment system
    • No public interface

Protection of Relations Within Large Datasets

final remarks
Final Remarks
  • Present and future trends
    • Advances in system integration – new vulnerabilities
    • Cybercrime (esp. „identity theft“) on the rise
    • Increasing adversary professionalization (e.g. Chinese PLA Unit 61398)
    • Data protection legislation(EU – „General Data Protection Regulation“, expected adoption in 2014)
  • Conclusion: new information systems should consider protection of the data as well as data relations
    • Secure identifier system is a useful part of the security landscape

Protection of Relations Within Large Datasets