Found an interesting paper on database security. Key takeaways:
1. AES outperforms RSA and Blowfish. Not a surprise, given that performance was an important criteria for AES selection. I missed rationale for RSA comparison though, how is asymmetric algorithm compared to symmetric algorithm?
2. Encryption over network attached devices performs poorly due to couple of reasons. First, network delay, and second, additional encryption/decryption operations at end points to secure network traffic.
3. Accelerated search index increases throughput and response time significantly for encrypted data. Only rows that match search criteria move to decryption step.
4. Hybrid model where keys are stored in a HSM, while encryption/decryption operations are performed in software provides acceptable compromise between security and performance. Performing crypto operations in hardware has initialization overhead that offsets savings.
5. DBA and SA (security administrator) should be separate to achieve security goals.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment