Database Security Oracle - Free Download of Data Encryption Software

The Encryption Wizard, database encryption software, now released for
Oracle 11g databases, offers cost-effective transparent data
encryption and security. Free downloads are available at:

http://www.relationalwizards.com/htm...ncryption.html

RDC, Inc. announced today that their flagship security software
offering, the Encryption Wizard for Oracle, is now available for the
new Oracle 11g database. The Encryption Wizard is the first
transparent data encryption tool designed for the Oracle RDBMS and
affords users point-and-click encryption of sensitive corporate data
to guard against data-theft.

Try our free full-featured download of the Encryption Wizard for
Oracle today!

The Encryption Wizard for Oracle is the only database encryption
software in existence that allows you to specify the encryption of
data at the schema, table, or column levels.

Along with database encryption features, the Encryption Wizard ships
with advanced security and auditing functions built on the foundation
of dependable encryption techniques - an intuitive interface to
Oracle's own certified and tested DBMS_Crypto and
DBMS_Obfuscation_Tookit packages.


I. Encryption Types

The Encryption Wizard gives you five encryption methods that you can
employ to protect your data:

1. Obfuscation - Obfuscation is not technically encryption.
Obfuscation simply obscures and makes your data apparently useless.
Advanced decryption techniques can break obfuscation, yet obfuscation
makes casual data theft\ unlikely among threats inside or outside your
organization unless sophisticated and time- consuming techniques are
employed to break the obfuscation keys.

2. DES Encryption - DES Encryption is the certified encryption
standard provided by the Oracle Corporation through their package
DBMS_Obfuscation_Toolkit. The Encryption Wizard utilizes a 64 bit key
to protect your data.

3. Triple DES Encryption - Triple DES Encryption (3DES) is a response
to advanced techniques used to break standard DES encrypted data.
With Triple DES, a data value is encrypted recursively using three 64-
bit keys to insure an almost infinite number of key combinations.
Currently the Encryption Wizard uses the Triple DES scheme:

C=Ek3(Dk2(Ek1(P)))

4. AES 128-bit Encryption - AES (Advanced Encryption Standard)
encryption is available to Oracle 10g users through the new
DBMS_Crypto toolkit. AES encryption is more secure than DES
Encryption and we have tested it as 20% faster on small and medium-
sized tables.

5. AES 256-bit Encryption - 256-bit AES encryption uses large 32 byte
encryption keys. This encryption type also is called through Oracle's
certified DBMS_Crypto toolkit and is only available to Oracle 10g
users.

Both DES algorithms employ Cipher-Block Chaining (CBC).

The Encryption Wizard does not employee public key strategies to
encrypt corporate data. Public keys are more ideal for E-Commerce,
but less secure. Single-key encryption is the standard of the
DBMS_Crypto and DBMS_Obfuscation_Toolkit packages supplied by the
Oracle Corporation and utilized by the Encryption Wizard. The
Encryption Wizard stores these single keys in the Oracle database
using recursive Triple DES Encryption techniques. Encryption Keys can
either be specified by the user or automatically generated by the
Encryption Wizard.


II. Key Management

All key values are stored as 2048 bit raw variables within the Oracle
RDBMS - the potential mathematical seed of the eventual key to be
utilized. At runtime this key matrix is again Triple DES encrypted
and cached in user memory. This allows for a hidden mutating key
strategy for the Encryption Wizard's eventual sets of Triple DES 64
bit keys. Thus, the Encryption Wizard uses an algorithm to choose
mutating 64 bit subsets of a 2048 bit key per encryption round. This
key is Triple DES protected at runtime using Oracle's certified
DBMS_Obfuscation_Toolkit.

All user-defined keys, or pass-phrases, are expanded to the 256 byte
key value and obfuscated using Triple DES and then again obfuscated at
runtime. Yet with a user-defined key, recovery is possible if the key
is lost. This recovery can only be performed using the Encryption
Wizard API. All keys exist in the database table encrypted_column.
This table, along with encrypted_table, can and should be backed up
using your favorite database backup tool.

Because the Encryption Wizard performs another Triple DES round on
these stored keys at runtime, it is not necessary to encrypt the
backup file - unless you want another level of protection.

The Encryption Wizard always generates one unique key per database
column. This makes unauthorized decryption much more difficult for
large data sets containing many columns. The Encryption Wizard also
employs Cipher-Block Chaining (CBC) which improves encryption of
larger character strings.


III. Supported Data Types


The Encryption Wizard for Oracle allows you to encrypt these basic
types of data:

1. Character Data

Varchar2 and Character data types can be encrypted using any of the
three above methods. If DES, AES-128 bit, or AES-256 bit encryption
is utilized, the Encryption Wizard will modify the column lengths of
your character column lengths upwards to the nearest multiple of 8, 16
or 32 bytes respectively.

2. Number and Date Data

Date and Number data can only be obfuscated.

3. Large Binary Objects, BLOB and CLOB data types.

Binary Large Objects are now supported with the Encryption Wizard
release 5.0 for all Oracle 8i, 9i and 10g databases.

**The Encryption Wizard will not encrypt Primary, Unique, or Foreign
Keys, nor does it encrypt columns with default values or condition
constraints, aside from the popular "Not Null" constraint.


IV. Transparent Decrypted Views

To allow for applications to access physically encrypted data, the
Encryption Wizard Administrator can optionally create decrypted views
against any table with encrypted data. Decrypted views allow
applications to seamlessly read and/or write to encrypted data
objects.

This is accomplished through automatically generated transparent
database triggers within each decrypted view. These decrypted views
can be dynamically created and dropped at any time through the
Encryption Wizard user interface.

The Encryption Wizard now offers bit-mapped function indexes to use in
conjunction with Decrypted Views. These indexes are for large
encrypted tables that require access by an encrypted column index for
performance reasons.


V. Session Auditing

The Encryption Wizard also offers the administrator the ability to
specify session auditing at the schema, table, or column level.
Database Security Oracle - Free Download of Data Encryption Software

Session auditing, will record all distinct Encryption and Decryption
(read/write) requests for all sessions. Session Auditing allows you
to see who has had access to your encrypted data down to the Terminal
ID and database column level.

The Encryption Wizard supplies you with management reports to trace
audited activity against your encrypted table data.


VI. Restricted User Lists

A Restricted User List allows you to specify which users you wish to
grant the ability to read and/or write encrypted data. You can specify
user lists for a given schema, table, or column. If there is no user
list specified, then a user's ability to access encrypted data is
based on traditional Oracle grants.

Restricted User Lists allow you to block out any Oracle user from
viewing your encrypted data, even a DBA user such as SYS. This is
accomplished by using an optional Runtime Passoword that can be
assigned to authorized users.

To thwart malicious DBA access to data, use Restricted User Lists in
conjunction with the Administrative Password which is discussed
below.


VII. Administrative Password

To prevent Database Administrators unauthorized access to the
Encryption Wizard, the Encryption Wizard Administrator can set an
optional password required to Encrypt and Decrypt data and use the
Encryption Wizard interface.

Likewise, the Encryption Wizard administrator does not require DBA
privileges to use the Encryption Wizard.


VIII. Data Consistency

The Encryption Wizard employs intelligent recovery operations if any
encryption or decryption attempt fails.

The Encryption Wizard will self-diagnose any incomplete Encryption or
Decryption operation and allow the administrator to simply continue
the process or back out. This helps guard against serious data
inconsistency due to partially completed operations that may occur
because of an unexpected database event like a shutdown.


IX. Key Backup & Recovery for Disaster Continuity Planning

The Encryption Wizard allows users to backup encryption keys to a
flat-file. These files may be password protected and cannot be used
on any other database other than the Oracle database they were created
from.

Password protected backups enhance the security of your key backup
and recovery operations and reduce
chances of data-loss and down-time.


X. Table-Driven & Configurable Management Reports

The Encryption Wizard supports your encryption efforts with simple to
use management reports. These reports allow you to view your overall
encryption scheme and track or summarize specific auditing events.

All of the Encryption Wizard reports can be exported to HTML or PDF
format for formal presentations. We have provided the source-code of
these reports to allow for easy modifications to support individual
reporting needs.