Q

Using asymmetric encryption

SQL Server Security expert Steven Andres explains how the asymmetric encryption system could help protect against an attacker.

I read a front-end program that would take sensitive data, say a social security number, and store parts of it in different databases, aaa-bb-cccc for instance and encrypt each part/database with a different key. If by chance a user could access the information, the users would only have part of the encrypted data with a dissimilar key. Therefore, breaking the crypto apart would not compromise the other portions. Could you tell me more about this?
It sounds like you're thinking of an asymmetric (public/private key) encryption system where the information is encrypted with a different key than it is decrypted with. There wouldn't be very much additional security provided by breaking up a chunk of data and encrypting it separately. You'd only end up increasing the surface area of a directed clear text attack on the cipher.

In the classic asymmetric encryption tiered-server scenario, the front-end (or middle tier) application would have access to the public key and use this to encrypt the data. Then, a second system (presumably more secure) would have access to the private key for accessing this data (such as the SSN info). In this way, if the front end was compromised and the data was extracted from the database, the data would be useless without the...

private key. Since it does not exist on the front end nor the database, the attacker would still need to find this "secure" server with the private key in order to access the data.

This was first published in August 2006

Dig deeper on SQL Server Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close