Download Securing a Database

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
Document related concepts
no text concepts found
Transcript 
Securing a Database
Based on notes by
Fei Li and Hong Li
5/22/2017
1
Topics
 Securing the connections to the database:
1. SSL-tunneling between client machine and
database machine
2. A secure JDBC driver
 Securing the data within a database
 Secure Thin JDBC Connection Sample
5/22/2017
2
JDBC Basics
 JDBC is a Java API for executing SQL
statements
 JDBC makes it possible to do three things:
1.establish a connection with a database
2.send SQL statements
3.process the results.
5/22/2017
3
Securing a database
 Two points of attack against a database
– The connection between clients and database
– The data in the database
5/22/2017
4
Securing the JDBC driver transmission
 Approach 1: SSL-tunneling
– Running a daemon on the client machine
– Advantage: simplicity and performance
– Disadvantage: not enough of authentication, esp. if the
client machine is a shared or multi-user environment.
 Approach 2: Proxy to JDBC drivers
– developing a JDBC driver proxy
– Advantage: provide more security
– Disadvantage: much more complex
5/22/2017
5
SSL-Tunneling
Database Machine
TunnelServer
SSL Socket
Client Machine
TunnelServer
SQL request
SQL response
SQL request
Database instance
5/22/2017
SQL response
Client Application
6
The SSL-Tunneling Approach
 Two instances of the tunnel server, one on
the client machine and the other on the
database server machine
 Each instance serves as a proxy.
 Simplicity of encrypting the database
connection by SSL-tunneling between the
client application and the DBMS
5/22/2017
7
Query processing
Client Machine
• Client application
The JDBC client
• Client-side tunnel server
Reads unencrypted data from the JDBC client;
Write it to the database machine over SSL
Database Machine
• Server-side tunnel server
Reads the encrypted data from the client-side tunnel
server;
Sends it unencrypted to the DBMS over localhost
• Database server
5/22/2017
8
Response processing
Database Machine
• Database server
Sends query result to the tunnel server
• Server-side tunnel server
Reads the query result from the DBMS over
localhost;
Sends it encrypted to the client-side tunnel server;
Client Machine
• Client-side tunnel server
Reads encrypted data from the server-side tunnel
server;
Write it to the JDBC client;
• Client application
5/22/2017
9
The SSL-Tunneling Approach
Database Machine
2. Encrypted
SQL request
TunnelServer
4. SQL response
3. SQL request
Database instance
Client Machine
TunnelServer
1. SQL request
5. Encrypted SQL
response
6. SQL response
Client Application
•
Assumption: Connections to localhost cannot be
snooped.
True or false?
5/22/2017
10
Example 1: The Tunnel Server
 Two classes
– TunnelServer
– TunnelThread
 TunnelServer class (p. 310)
– Correction:
client (mRemote == false) or the server (mRemote == true)
public TunnelServer (String server, int appPort, int tunnelPort, boolean remote) {
super();
mDestServer = server;
mAppPort = appPort;
mTunnelPort = tunnelPort;
mRemote = remote;
waitForConnections();
}
5/22/2017
11
Example1: The Tunnel Server
 Get server socket, waiting for connections,
and create two instances of TunnelThread.
private void waitForConnections() {
……
serverSocket = getServerSocket();
while (mListening) {
try {
logMessage("Waiting for connections.");
srcSocket = serverSocket.accept();
……
destSocket = connect();
logMessage("Connected to remote server at " + destSocket
.getInetAddress() + ".");
fromClient = getTunnelThread("fromClient");
toClient = getTunnelThread("toClient");
……
5/22/2017
12
Example1: The Tunnel Server
 The TunnelThread class (p. 315-316)
– Forwarding requests and responds
/** Creates new TunnelThread
* @param name a name for this thread*/
public TunnelThread(String name) {
super(name);
setDaemon(true);
}
/**Default constructor -- create a tunnel thread with a default name*/
public TunnelThread( ) {
super( );
setDaemon(true);
}
public void run ( ) {
}
5/22/2017
13
Example1: The Tunnel Server
 Run the Tunnel Server with JDBC
1. Generate keystore/certificates for client and
server  serverKeyStore, clientKeyStore
(p.317)
2. Copy serverKeyStore to the database server;
Start the tunnel server on the server side
(database machine)
3. Copy clientKeyStore to the client machine;
Start the tunnel server on the client side
(client machine) (p.318)
4. Run a test application on the client machine
5/22/2017
14
Example1: The Tunnel Server
 Create Keystore
>keytool -genkey -keyalg RSA -keystore serverKeyStore
>keytool -genkey -keyalg RSA -keystore clientKeyStore
5/22/2017
15
Example1: The Tunnel Server
 Create Keystore
– Export the certificates
>keytool -export -keystore serverKeyStore -file server.cer
>keytool -export -keystore clientKeyStore -file client.cer
5/22/2017
16
Example1: The Tunnel Server
 Create Keystore
– Import the certificates
>keytool -import -file client.cer -alias client -keystore serverKeyStore
>keytool -import -file server.cer -alias server -keystore clientKeyStore
5/22/2017
17
Example1: The Tunnel Server
 Start the tunnel server on the server
– Copy serverKeyStore TunnelServer.class, and
TunnelThread.class to the database machine
>java -Djavax.net.ssl.keyStore=serverKeyStore
-Djavax.net.ssl.keyStorePassword=sps2020
-Djavax.net.ssl.trustStore=serverKeyStore
com.isnetworks.crypto.net.TunnelServer localhost 1521 6543 remote
 Exercise:
– Use the TunnelServer.java source code to trace
the execution of the server-side TunnelServer
and show its screen output.
5/22/2017
18
Example1: The Tunnel Server
 Start the tunnel server on the client
– Copy clientKeyStore TunnelServer.class, and
TunnelThread.class to the clinet machine
>java -Djavax.net.ssl.keyStore=clientKeyStore
-Djavax.net.ssl.keyStorePassword=cps2020
-Djavax.net.ssl.trustStore=clientKeyStore
com.isnetworks.crypto.net.TunnelServer
diamond.rocks.cl.uh.edu 1521 6543 local
5/22/2017
19
Example1: The Tunnel Server
 Run a test application on the client machine
– Use JDBCTest.java
– Set the JDBC driver (classes.zip) in the
classpath
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Connection conn = DriverManager.getConnection (
"jdbc:oracle:thin:@localhost:1521:nas",
“username", “password");
5/22/2017
20
Example1: The Tunnel Server
 Source codes and detailed instructions available
on the syllabus page:
– Sample programs for running Tunnel Server on
dcm.cl.uh.edu (the client application) and
diamond.rocks.cl.uh.edu (the DBMS server):
– TunnelServer.java
– TunnelThread.java
– JDBCTest.java
– Detailed instructions
– Supplementary note
5/22/2017
21
Securing the JDBC Driver
Transmission
 Approach 2: Proxy to JDBC drivers
– developing a JDBC driver proxy
– Advantage: provide more security
– Disadvantage: much more complex
5/22/2017
22
The JDBC Driver Proxy
 Provide the encryption and authentication
for many applications
– Delegate all the calls to dynamically bound
driver
 Provide proxies to JDBC driver classes
– Proxy design pattern in distributed computing
 Use SSL for the connection
– Encryption
– Authentication later on
5/22/2017
23
The JDBC Driver
Database Machine
Proxy
Secure
JDBC Driver
Database client
(application server)
DB
5/22/2017
24
The JDBC Driver
 Client-Server communication
– Server handles configuration, connections to
the DB, and delegation of the JDBC calls
– Client delegates all the connections to the
server
 Choose RMI as a network transport for
communication
– Have to add one more layer to the remote call
– The diagram on p.321.
5/22/2017
25
The JDBC Driver
 Implementation
– Delegate the common operations to an abstract
super class.
– Use a single remote class to pass any method
call instead of creating an RMI proxy for each
JDBC interface
– Is a complex solution to a simple problem
– Proxy pattern enables developer to add service
5/22/2017
26
The JDBC Driver
 Using the secure JDBC driver
Detailed instructions for running the sample
application: SecureDriver.rtf
 Steps of Configuring the driver:
1. Generate the keys and certificates
2. Edit the SecureDriver_config.xml file
3. Create policy files for the server and client
5/22/2017
27
The JDBC Driver
 Edit the SecureDriver_config.xml file
– Defines JDBC connection directly to the database from
the secure driver
 Create policy files
– RMI requires that code run with a security manager
– Add some special permissions to policy files
– Server policy file
• The ability to connect to the database
• The ability to talk to the RMI registry
• The ability to receive a connection from a remote client
5/22/2017
28
The JDBC Driver
 Connecting to the RMI server process:
– The connect( ) method is called by
DriverManager and connects to the RMI server
process, which is where the actual JDBC
connections reside.
5/22/2017
29
The JDBC Driver
 Discussion:
Can the application be modified to run without
RMI?
How?
5/22/2017
30
Securing Data in the Database
 Protect the data in database
– Database permission
• Should be set properly by the administrator
– Read- or write-only database
• If it is well protected, highly controlled, and not
often accessed
• Large online retailers use write-only database
5/22/2017
31
Securing data in the database
 Protect the data in databases
– Symmetric encryption
• Applications storing a secret key need to be
completely safe
– Asymmetric encryption
• Public key is used for encrypting the data in the DB
• Private key must be stored somewhere safe.
 Disadvantage of encrypting data
– Expensive
– Remove some of the value of using a database
5/22/2017
32
Example3: Encrypting credit
cards
One-way encrypt
Server
Database (Stores
encrypted credit
card data)
Credit Cards
3Xizmj2
Cg31C1l
…
Decrypt
Finance client
5/22/2017
33
Encrypting credit cards
CreditCardFactory
CreditCard
-mPublicKey
-mAccountID
-mCreditCardNumber
+createCreditCard()
+findAllCreditCards()
+findCreditCard()
+CreditCard()
+getAccountID()
+getCreditCardNumber()
CrditCardDBO
DatabaseOperations
+getAllCreditCardAccountIDs()
+loadCreditCardDBO()
+store(creditCardDBO:CreditCardDBO)
5/22/2017
-mAccountID
-mEncryptedCCNumber
-mEncryptedSessionKey
+CreditCardDBO()
+getAccountID()
+getEncryptedCCNumber()
+getEncryptedSessionKey()
34
Encrypting credit cards
 Testing the application – CreateTest.java
– Create a credit card based on user-specified
account ID and credit card number
• Create a Properties object from the file system
Properties properties = new Properties();
FileInputStream fis = new FileInputStream(PROPERTIES_FILE);
properties.load(fis);
fis.close();
// Create the credit card
CreditCardFactory factory = new CreditCardFactory(properties);
CreditCard creditCard = factory.createCreditCard(id,ccNumber);
5/22/2017
35
Encrypting credit cards
 Testing the application – ViewTest
– Define the location of the keystore
– Load the keystore to retrieve the private key
private static final String KEYSTORE = "creditcardExample.ks";
……
// Load the keystore to retrieve the private key.
String ksType = KeyStore.getDefaultType();
KeyStore ks = KeyStore.getInstance(ksType);
FileInputStream fis = new FileInputStream(KEYSTORE);
ks.load(fis,PASSWORD);
fis.close();
PrivateKey privateKey = (PrivateKey)ks.getKey("mykey",PASSWORD
5/22/2017
36
Secure Thin JDBC Connection
 Oracle JDBC Thin Driver
– The Oracle JDBC Thin driver is a 'Type IV'
(native protocol, 100% Pure Java)
implementation that complies with the JDBC
1.22 standard.
– The JDBC Thin driver uses Java Sockets to
connect directly to the Oracle Server
– The JDBC Thin driver does not require Oracle
software on the client side
5/22/2017
37
Secure Thin JDBC Connection
 Encryption and integrity support
– use Oracle Advanced Security data encryption
and integrity features in your Java database
applications
– When using the Thin driver, the parameters are
set through a Java properties file
– Encryption is enabled or disabled based on a
combination of the client-side encryption-level
setting and the server-side encryption-level
setting
5/22/2017
38
Secure Thin JDBC Connection
 Get SecureThinDriver.jar to run the sample
– Configuring Encryption Parameter Using
Oracle Net Manager
– Run the Application using JDeveloper
Environment
– Run the Application from JDK Environment
5/22/2017
39
Reference
[1] JDBC Introduction
http://java.sun.com/docs/books/jdbc/intro.html
[2] J. Garms and D. Somerfield. Professional Java Security
[3] Secure Thin JDBC Connection
http://otn.oracle.com/sample_code/deploy/security/files/secure_thin_dr
iver/Readme.html
[4] The status of HIPNS
http://nfdfn.jinr.ru/~litvin/nobugs2000/nobugs2000_litvin_hipns_proce
eding.htm
[5] Improving Database Performance with Oracle8‚
http://otn.oracle.com/products/oracle8/htdocs/xo8p3twp.htm
5/22/2017
40
Related documents