3

I'm working on a project that uses Entity Framework for programmers to access the data. We've recently found need to add fields that were determined that need to be encrypted. This will be the first fields that require encryption.

We plan on using Symmetric Key for cell level encryption for that specific field. For the developers to continue to use Entity Framework, I wanted to make a stored procedure to handle inserts for this table which would encrypt the cell needed, and a View to open the key and decrypt the field.

I plan on encrypting the stored procedure & view so the meta data isn't visible by looking at the definition.

Is this a sound plan? Am I overlooking anything?

marc_s
9,0626 gold badges46 silver badges52 bronze badges
asked Oct 15, 2015 at 17:25
3
  • is you want to encrypt column value right ?? if you encrypt SP then whole SP content will encrypted Commented Oct 15, 2015 at 17:28
  • @AaronBertrand Thanks Aaron! I'll read up on the Always Encrypted. It sounds promising. I was thinking about TDE, but our System Admin advised against it; however, if I had to implement cell level encryption - is using a view/sp with deny view definition to encrypt/decrypt that cell good practice? Otherwise I'm not sure how the programmers can get the data for the application. Commented Oct 15, 2015 at 18:00
  • Yes, TDE is like renting a steamroller to make pizza dough, because it's the whole database and it only protects the data at rest. Your approach seems fine, just note that it is still vulnerable to man-in-the-middle attacks (if the application passes unencrypted data to the procedure, and the view returns unencrypted data, this information can be viewed pretty easily). Always Encrypted was created to solve both of these problems, but now you have a different problem: it's not released yet (well, unless you are interested in Azure SQL Database). Commented Oct 15, 2015 at 18:02

1 Answer 1

4

Note that encryption of modules in SQL Server is not really encryption; it is more like weak obfuscation. Anyone with a search engine and a few minutes to kill can reverse engineer your objects, so encrypting them is almost completely pointless. DENY VIEW DEFINITION is far more effective here (as well as not giving your developers sysadmin and other privilege escalation).

As for the data, SQL Server 2016 will have Always Encrypted (read about it here), it may make a lot of your work easier if you can wait for that. One of the big plusses is that the app can send the data through the provider already encrypted, so it can't be sniffed out by trace or other man-in-the-middle attacks. Be aware of limitations, too, though:

answered Oct 15, 2015 at 17:59
1
  • thanks Aaron. I think we'll proceed with cell level encryption. A quick followup question I had: what prevents a hacker from using the Decryption View if the database was compromised? Commented Oct 24, 2015 at 18:49

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.