THIS BLOG INCLUDES THE LATEST REVIEWS BY BASSOCANTOR

Cyber Security: Introduction to Oracle Transparent Data Encryption (TDE)

Cyber Security: Introduction to Oracle Transparent Data Encryption (TDE)

Using Tablespace Encryption

pexels-photo-277763.jpg

Introduction

Since Oracle database release 11g, Oracle provides for data encryption at the tablespace level. This feature allows the entire tablespace data to be encrypted, including all tables and indexes.

Table encryption is a good alternative compared to TDE column encryption. Keep in mind that this feature does not encrypt data that is outside of the tablespace.

A big advantage of TDE is that only an authorized user can view or modify the data.

Implementation

To enable TDE tablespace encryption, the Oracle database version must be 11g release 1 or higher. Here are the high level steps to configure:

  1. Create Oracle Wallet and set a master TDE key.
  2. Create an encrypted tablespace using clause, "encryption default storage(encrypt)”.
  3. Create tables, specifying the TDE tablespace. 
  4. Oracle Wallet should be opened to query the table inside the encrypted tablespace.

You can view the newly created tablespace by joining the v$tablespace and v$encrypted_tablespace views. 

pexels-photo-846288.jpg

Building the Oracle Wallet

Create a physical directory on the database server to contain the wallet.  Then, modify file sqlnet.ora to specify the location of the wallet. Use the parameter, ENCRYPTION_WALLET_LOCATION to specify the Wallet location. For example:

ENCRYPTION_WALLET_LOCATION=
  (SOURCE=
   (METHOD=FILE)
    (METHOD_DATA=
     (DIRECTORY=/etc/oracle/wallet)))
 

credit-squeeze-taxation-purse-tax-46242.jpg

Create the Master key inside the Oracle Wallet. Connect as sysdba to the database, then execute:
     ALTER SYSTEM SET ENCRYPTION KEY ["certificate_ID"] IDENTIFIED BY "password"

The above command creates the wallet along with the password. This also establishes the master key, which is mandatory for tablespace encryption.

Encryption Algorithm

The encryption algorithm can have one of the following values: 3DES168, AES128, AES192, AES256. For example:

CREATE TABLESPACE securespace
DATAFILE '/home/user/oradata/secure01.dbf'
SIZE 150M
ENCRYPTION USING '3DES168'
DEFAULT STORAGE(ENCRYPT);
 

Advantages

Transparent Data Encryption is a simple way to protect your Oracle data via bulk encryption. Using this method, all objects and data in the encrypted tablespace are automatically encrypted.

Perhaps best of all, no modification is required at the application level.

pexels-photo-792289.jpg
Movie Nights with the Reagans: A Memoir by Mark Weinberg

Movie Nights with the Reagans: A Memoir by Mark Weinberg

Endure: Mind, Muscle, and the Extraordinary Science of Human Performance by Alex Hutchinson

Endure: Mind, Muscle, and the Extraordinary Science of Human Performance by Alex Hutchinson