Se você está procurando uma solução para fazer a segurança dos dados, o Format Preserve Encryption (FPE) sem dúvida pode ajudar.
Nesta palestra abordaremos este conjunto de técnicas de codificação de dados onde o texto cifrado terá o mesmo formato que o texto simples. Este novo padrão de segurança da informação publicado pelo NIST não só irá apoiar métodos de criptografia que são utilizados para proteger seu número de cartão, mas também manter outras informações altamente sensíveis protegidas também.
3. 3
real ecosystems
In 93% of cases, it took attackers minutes or less to compromise systems; [1]
95% of web app attacks where criminals stole data were financially motivated; [1]
The median traffic of a DoS attack is 1.89 million packets per second; [1]
39% of crimeware incidents in 2015 involved ransomware. [1]
4. 4
data everywhere
Vendor as a vector; [1]
More than 90% breaches had a compromise time of “days or less”; [1]
63% of confirmed data breaches involved weak, default or stolen passwords; [1]
70% of breaches involving insider misuse took months or years to discover; [1]
7. 7
NIST 800-38G
Approved methods for FPE; [3]
FF1 is FFX[Radix] "Feistel-based”
FF3 is BPS
Shared-key; [3]
Deterministic encryption; [3]
8. 8
trade offs
Whole database encryption; [2] • Encrypt data within DB – slows all apps down
• Separate solution for each database vendor
• No separation of duties – DBA can decrypt
• No security of data within applications and networks
Database column encryption; [2] • Encrypt data via trigger and stored procedure
• Require schema changes
• No data masking support or separation of duties
Native or traditional application-level encryption; [2] • Encrypt data itself, throughout lifecycle
• Requires DB schema/app format changes
• Heavy implementation cost
Weak, breakable encryption; [2] • E.g., stream ciphers, alphabetic substitution
• Not secure – easily reversible by attacker
• Key management challenges
9. 9
trade offs
Shuffling; [2] • Shuffle existing data rows so data doesn’t match up
• Breaks referential integrity
• Can still leak data
Data tables and rules; [2] • Consistently map original data to fake data
• Allows for referential integrity, reversibility
• Security risks due to use of look-up tables