User:MRackardBellevueUniversity/sandbox

DATABASE ENCRYPTION
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. Ancient Eqyptians used encryption to carve secrets in Egyptian hieroglyphs on tomb walls or stone tablets. Encryption now uses digital keys encoded with bits of data, to lock and unlock e-mail messages, files or Internet-commerce transactions. By the 1970s, digital keys with 56 encoded bits were being used to encrypt data. Today, larger and more complex keys are used to help prevent attacks by computer hackers. . Federal Information Processing Standard (FIPS) validated key storage, originated in the United States. Advanced security through database encryption is now a regulatory mandate in many industries. The financial services industry is required to comply with the Payment Card Industry Data Security Standard (PCI DSS). Advanced Encryption Standard (AES) is FIPS approved cryptographic algorithm used to protect electronic data. Health care providers, health insurance companies and all its' business affiliates are required by the government to comply with a standardized level of data encryption whenever protected health information in electronic form is transmitted, stored or accessed.

Database encryption levels
Database encryption products can be selected based on level of protection needed. The two levels of database encryption are Column-level encryption and File-level encryption. Column-level encryption encrypts individual columns. This methods can be used to protect stored Personal Identifiable Information(PII) such as social security numbers, credit card numbers, and date of births. Often called whole-database encryption, File-level encryption works at the OS level, just above the file system, securing underlying files that store database data. Encryption and decryption are done in file-system blocks as the database process reads or writes to database files. Encryption occurs independently of the database. Modifications to applications, database schema, and the network are not needed to implement file-level encryption.

Database encryption security
Transparent data encryption (TDE) performs real-time I/O encryption and decryption of data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest" - the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.

Implementing Transparent Database Encryption (TDE) requires


 * creating a master key
 * obtaining a protected master key certificate
 * creating a protected database encryption certificate
 * setting database encryption perimeters

A database encryption key is required before a database can be encrypted by using Transparent Database Encryption (TDE). When a database is transparently encrypted, the whole database is encrypted at the file level, without any special code modifications. The certificate or asymmetric key that is used to encrypt the database encryption key must be located in the master system database. The database encryption key cannot be exported from the database. It is available only to the system, to users who have debugging permissions on the server, and to users who have access to the certificates that encrypt and decrypt the database encryption key.

Database encryption keys

 * Database master key - symmetric key used to protect the private keys of certificates and asymmetric keys that are present in the database. A master key is encrypted by using the AES_256 algorithm and a user-supplied password. To enable the automatic decryption of the master key, a copy of the key is encrypted by using the service master key and stored in both the database and in master. A master key that is not encrypted by the service master key must be opened by using the OPEN MASTER KEY statement and a password.


 * Open master key - a copy of the database master key (encrypted by the service master key) is not yet stored in the server when a database is first attached or restored to a new instance of SQL server. An OPEN MASTER KEY statement is needed to decrypt the database master key (DMK).


 * Close master key - reverses the operation performed by OPEN MASTER KEY. CLOSE MASTER KEY only succeeds when the database master key was opened in the current session by using the OPEN MASTER KEY statement.

Other common keys include


 * ALTER MASTER KEY
 * BACKUP MASTER KEY
 * RESTORE MASTER KEY
 * DROP MASTER KEY

Database certificates
Certificates are used to protect the Database Encryption Key (DEK). The Certificate must be created in the master database. Backup files of databases that are Transport Data Encryption (TDE)enabled are encrypted by using the database encryption key. The backup of the Certificate and Database Master Key is needed when the database is enabled for Transport Data Encryption (TDE) and is used in Log Shipping or Database Mirroring. Dropping a Certificate that is being used to protect the Database Encryption Key will cause the encrypted database to become inaccessible. The certificate used for encrypting the database encryption key will not automatically back up. If a certificate becomes unavailable or must be restore, backups of both the certificate and the private key is needed to open the database. Electronic documents consist of a specially formatted block of data containing the name of the certificate holder (either a user or a system name) and the holder's public key, as well as the digital signature of a certification authority for authentication. The certification authority attests that the sender's name is the one associated with the public key in the document.