Cryptography API for MS SQL Server

  • Thread starter Thread starter Sav
  • Start date Start date
S

Sav

Hi,

I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application. Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.

So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.

The software runs on Windows 2k, Windows XP, Windows 2k3, Windows NT
and probably would have to be ported to Vista.

thanks a lot in advance for any help,

s
 
Sav said:
Hi,

I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application. Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.

So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.

The software runs on Windows 2k, Windows XP, Windows 2k3, Windows NT
and probably would have to be ported to Vista.

Maybe try here:
http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx

HTH,
TC (MVP MSAccess)
http://tc2.atspace.com
 
Sav said:
Hi,

I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system.

Do you need to encrypt at the row level? Do different rows have
different keys?
I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application.

Not natively I believe. If you're using SQL Server 2005 you could embed
an assembly in to the database. This assembly that could do the
encryption "closer" to the database and doing the encryption here would
probably allow greater throughput.
Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.

By this do you mean that you worry that while the drive is open, some
other application could steal the database?

I'd personally modify something like Truecrypt so that only your
application can access the information. This is probably not for the
faint of heart.
So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.

I'd like to know more about your threat model. After all, assuming that
some user can enter and retrieve information, don't they already have
access to all the information anyway?

What assests are you trying to protect?

Simon
 
Sav said:
I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application.

SQL Server 2005 has considerable additions in the encryption area, so
you can encrypt/decrypt in SQL Server. If you are using SQL 2000, you
should probably look into what SQL 2005 can give you.

But encryption of data, always means that things go slower. Not the least
if you encrypt everything, including the keys.



--
Erland Sommarskog, SQL Server MVP, (e-mail address removed)

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
 
Simon said:
Sav wrote:


Not natively I believe. If you're using SQL Server 2005 you could embed
an assembly in to the database. This assembly that could do the
encryption "closer" to the database and doing the encryption here would
probably allow greater throughput.

The reference that I cited describes various things that are
implemented natively; eg. managing keys, creating certificates,
encrypting & decrypting fields, & so on. Why would you need an external
assembly?

TC (MVP MSAccess)
http://tc2.atspace.com
 
Back
Top