Week 10 Lecture
Database Security, Privacy & Blockchain Security

Copyright By cscodehelp代写 加微信 cscodehelp

Database Security & Privacy
● Securityissuesinrelationaldatabases ● SQLinjectionattacks
● Privacy: inference threats
● Securityissuesinstatisticaldatabases
● Security against cloud exposure
● Searchableencryption
● Security against insider attacks
● Blockchainsystems 2

Security of Relational Databases

Database Security & Privacy
● structuredcollectionof(sensitive)data ○ atasinglelocation/system
○ manypartiesallowed(differenttypesof)access ○ needDatabaseSecurity

Relational Databases
Database Security & Privacy
● containrelationshipsbetweendataitems&groupsofdataitems
● databasemanagementsystem(DBMS)
○ suiteofprogramstoconstruct&maintainthedatabase
○ allowstodoadhocqueryfacilitiestomultipleusers&applications ○ accesscontroltorecords/fields,fordifferentcommands
● vsOS:accesscontroltodatabasefiles,notrecords/field 5

Database Security & Privacy
● whydatabasesecurityishard
○ DBMScomplex,manyoptions ○ differenttypesofdatabases
○ complicatedinteractionprotocol:
• Structured Query Language (SQL)
○ mismatch:databaseadminvssecurity ○ outsourcingtoclouds

Relational Databases
Database Security & Privacy
● tableofdataconsistingofrowsandcolumns
○ eachcolumnholdsaparticulartypeofdata
○ eachrowcontainsaspecificvalueforeachcolumn
○ ideallyhasonecolumnwhereallvaluesareunique,formingan identifier/key for that row
● enablesthecreationofmultipletableslinkedtogetherbyaunique identifier that is present in all tables

Relational Databases: Example
Database Security & Privacy

Relational Databases
Database Security & Privacy
● usearelationalquerylanguagetoaccessthedatabase
○ allowstheusertorequestdatathatfitagivensetofcriteria ○ e.g.MySQL
○ virtualtable(unifiesresultsfrommanytables)
○ resultofaquery,returningselectedrows/columns

Relational Databases: Example
Database Security & Privacy

SQL: Structured Query Language
Database Security & Privacy
● SQL: most popular DBMS query language
○ Many variants: MySQL, Microsoft, Oracle, …
• minor syntax variations b/w variants
• we use MySQL in our examples/lab
● List of important SQL commands
○ SELECT – extracts data from a database
○ UPDATE – updates data in a database
○ DELETE – deletes data from a database
○ INSERT INTO – inserts new data into a database
○ CREATE DATABASE – creates a new database
○ ALTER DATABASE – modifies a database
○ CREATE TABLE – creates a new table
○ ALTER TABLE – modifies a table
○ DROP TABLE – deletes a table
○ CREATE INDEX – creates an index (search key)
○ DROP INDEX – deletes an index

SQL: Structured Query Language
Database Security & Privacy
● Most used query statement: SELECT
○ Retrieves data from a database table ○ Syntax:
• SELECT column1, column2, …
FROM table_name; (select specific columns)
• SELECT * FROM table_name; (select all columns)
● e.g. SELECT CustomerName,City FROM Customers;

Ana y helados
México D.F.
México D.F.
● Reference / tutorial on SQL: https://www.w3schools.com/sql/default.asp 12

Database Security Requirements
Database Security & Privacy
● Physicaldatabaseintegrity
○ Thedataareimmunetophysicalproblems
● Logicaldatabaseintegrity
○ Thestructureofthedatabaseispreserved
● Elementintegrity
○ Thedatacontainedineachelementareaccurate
● Auditability
○ possibletotrackwhohasaccessedtheelements
● Accesscontrol/UserAuthentication
● Confidentiality/Privacyofdata/privateinfo ● Availability

SQL Injection Attacks
Database Security & Privacy
● One of the most prevalent & dangerous network-based security threats
● Designed to exploit the nature of Web application pages
● Sends malicious SQL commands to the database server
● A type of command injection vulnerability
● Most common attack goal is bulk extraction of data
● Depending on the environment SQL injection can also be exploited to:
○ Modify or delete data
○ Execute arbitrary operating system commands
○ Launch denial-of-service (DoS) attacks

Database Security & Privacy
● Exploits:
○ server connected to database
○ server MySQL queries database, based on query from user
• assumed: user input is value for variable
• variable used in MySQL query to database
○ input not checked

Database Security & Privacy
● SQLcommandsthatreturn#ofrowsthatcontainacombinationof UserName & Password input by user:
SELECT Count(*) FROM UsersTable WHERE UserName=‘Joanne’
AND Password= ‘JoannePassword’

Database Security & Privacy
● InsertotherSQLcommands&(optionally)terminatewith–
SELECT Count(*) FROM UsersTable
WHERE UserName=‘Joanne’ OR 1=1–’ AND Password= ‘’
● theOR1=1alwaysreturnsTRUE,sothequerywillalwaysreturnacount greater than zero, resulting in a successful login
Q: What does — symbol mean in SQL and why does attacker use it here?

Database Security & Privacy
● SQLi attack typically works by prematurely terminating a text string & appending a new command
○ because inserted command may have additional strings appended to it before it is executed, the attacker terminates the injected string with a comment mark “–”

SQL: Example
Database Security & Privacy

SQL: Example
Database Security & Privacy

SQL: Example
Database Security & Privacy

SQL: Example
Database Security & Privacy

SQL: Countermeasures
Database Security & Privacy
● defensivecoding
○ e.g.incode:inputtypechecking,inputvalidation
● detection
○ signaturebased:matchattackpatterns
○ anomalybased:detectbehaviourbeyondnorm
● codeanalysis
○ testsuitetodetectSQLivulnerabilities ○ checkqueriesatruntime

Privacy of Databases

Databases: Inferences vs Privacy
Database Security & Privacy
● processofperformingqueries&deducingunauthorizedinformationfrom legitimate responses received
● inferencechannel
○ theinformationtransferpath
by which unauthorized data is obtained

Database Inference: Example
Database Security & Privacy
● Analyzingfunctionaldependencies ● Mergingviewswithsameconstraints ● individualwithuniquevaluefor
Position attribute
○ Position is a “Quasi-ID”
Q: In the example database, which employee salaries are uniquely revealed by the published views (Position-Salary and Name-Position)?


Salary ($)

Position Quasi ID used to link b/w published views

Inference Attacks: Countermeasures
Database Security & Privacy
● Toprotectadatabasefrominferenceattacks,followingtechniquestobe used prior to making the database public
○ Cellsuppression
• some of the cells in a database are removed and left blank in the published
○ Generalization/Averaging
• some values in a published database are replaced with more general/averaged
○ Noiseaddition
• values in a published database have random values added to them, so that the noise across all records for the same attribute averages out to zero

Inference Attacks: Example
Database Security & Privacy

Privacy Definitions
Database Security & Privacy
● k-anonymity [Sweeney 2002]
○ averaging… each is indistinguishable from k–1 others
○ On the values of ”Quasi-ID” attributes that could be linked with other released data (e.g. ZIP Code, Age below)

Privacy Definitions
Database Security & Privacy
● k-anonymity applied to faces [Gross et al. 2009] ○ averaging…
○ each is indistinguishable from k-1 others

Privacy Definitions
Database Security & Privacy
● k-anonymity [Sweeney 2002]
○ but other private attributes still leak (if low diversity / range of possibilities),
○ i.e. though don’t know which row/image links to which person, class-specific attribute leaks e.g. heart disease, fatal disease, …
k-anony 4-anonymized

Privacy Definitions
Database Security & Privacy
● l-diversity [Machanavajjhala et al. 2007]
○ ensure sufficient diversity within each equivalence class
○ privacy in the sense of non-linkability to certain specific attribute values
e.g. more diverse mix of faces

Inference: General Countermeasures
Database Security & Privacy
● inference detection at database design
○ alter database structure or access controls
● inference detection at query time
○ by monitoring & altering or rejecting queries
● need some inference detection algorithm ○ a difficult problem
○ on-going research

Security of Statistical Databases

Statistical Databases
Database Security & Privacy
● dataofstatisticalnaturee.g.counts,averages ● twotypes:
○ purestatisticaldatabase
○ ordinarydatabasewithstatisticalaccess • contains individual entries
● accesscontrolobjectiveistoprovideuserswithneededinformationwithout compromising CONF of database
● securityproblemisoneofinference

Statistical Databases: Example
Database Security & Privacy

Statistical Database Security
Database Security & Privacy
● useacharacteristicformulaC
○ alogicalformulaoverthevaluesofattributes
○ e.g. (Sex=Male) AND ((Major=CS) OR (Major=EE))
● querysetX(C)ofcharacteristicformulaC,isthesetofrecordsmatchingC ● astatisticalquery:producesavaluecalculatedoveraqueryset
○ e.g.statisticsarecount,sum,average,median,max,min

Statistical Databases Security
Database Security & Privacy
● Securityagainstinference

# Statistical Database Security
Database Security & Privacy
● Somequeryrestrictions
● querysetoverlapcontrol
○ limitoverlapbetweennew&previousqueries
○ hasproblems&overheads
● partitioning
○ clusterrecordsintonumberofmutuallyexclusivegroups ○ querythestatisticalpropertiesofeachgroupasawhole
● querydenial&informationleakage
○ denialscanleakinformation
○ tocountermusttrackqueriesfromuser

Database Security & Privacy
● addnoisetostatisticsgeneratedfromdata
● dataperturbationtechniques
○ data modified to produce statistics that cannot infer values for individual records
● outputperturbationtechniques
○ random-sample query
○ system generates statistics that are modified from those that the original
database would provide
● goal is to minimize differences between original results & perturbed results
● main challenge: to determine the average size of the error/difference to be used

Searchable Encryption

Database Security: Searchable Encryption
Database Security & Privacy
● encryptionforparticularlysensitivedata
○ canbeappliedtotheentiredatabaseattherecordlevel,theattribute level, or level of the individual field
● specialencryptiontechniquefordatabaseencryption,toallowserverto efficiently search encrypted database without decrypting

Database Security: Searchable Encryption
Database Security & Privacy
● Data owner – organization that produces data
● User – human entity that presents queries
● Client – frontend that transforms user queries into queries on the encrypted data
● Server – an organization that receives the encrypted data from a data owner and makes them available for distribution to clients

Searchable Encryption
Database Security & Privacy
● Use special encryption technique for database encryption, to allow server to efficiently search encrypted database without decrypting
● e.g.1: use encrypted index based on deterministic encryption (no randomness) to encrypt search values
○ Search token for “50000” is C = Enc(K, “50000”)
○ Server returns encrypted rows where encrypted salary = C
○ Efficiency Advantage: fast server search lookup
○ Security Drawback: deterministic encryption leaks frequency statistics (recall ECB mode security problem)
● e.g.2: to support range query (e.g. “salary <60k”) store/query only index of salary interval on server ○ E.g. 1=50k-59k, 2=60k-69k, 3=70k-79,... in plain form, actual salary values encrypted. ○ Still info. leakage to server! ● Active research area to improve efficiency-security tradeoff and allow flexible queries 44 Encrypted Table: Example Database Security & Privacy Blockchain Database Security: Blockchain Database Security & Privacy What if the DB insider (DB administrator) is compromised? ● Toavoidtrustinacentraliseddatabaseadministrator,wantadistributed database administrator ○ manyserversacttogetherasdatabaseadministrators ○ Goal:Preservedatabaseintegrityaslongasa“majority”of administrators are honest ○ ReducedriskofcompromisecomparedtosingleDBadministrator(no single point of failure) • Different distributed database models interpret “majority” in a different way ● Possiblesolution:ablockchaindatabasesystem ○ Mostpopularexample:Bitcoincryptocurrency Blockchain: Overview Database Security & Privacy ● Blockchain administrators usually called miners ● Users submit transactions to blockchain miner ○ e.g. transfer of bitcoin currency from one user to another ● Blockchain database records a sequence of blocks ○ Each block contains a header and a sequence of valid transactions • Valid transaction meaning: • Correct formatting (e.g. input account not already spent) • Authentic (digitally signed by user) • Block header consists of : • Block number • Previous block header’s cryptographic hash value • Cryptographic hash of the block transactions Blockchain: Overview Database Security & Privacy Image source: NIST R8202 document Blockchain: Overview Database Security & Privacy Image source: NIST R8202 document HOW TRANSACTION WORKS AT THE BACK OF BLOCK CHAIN? 1. When someone does the transaction exchange, the transaction message is being sent to the network 2. The message is then passed around all the network participants which is called nodes 3. The transaction now is currently having ‘unconfirmed’ status 4. All the unconfirmed transactions are gathered in an area called transaction pool Blockchain: Security Database Security & Privacy Central Blockchain Security against Insiders Goal: ● Tamperresistance(”appendonlyledger”)property:Pasttransactions recorded in blockchain cannot be modified/deleted by blockchain miners ○ As long as “majority” of miners are honest ● Enforcedbyaprotocolbetweenminerstoagreeonblockchainstate (previous and new blocks): called a consensus protocol Blockchain: Security Database Security & Privacy ● Typesofblockchainconsensusprotocols: ○ ProofofWork(PoW):minerpublishesnewblockbysolvinga computationally intensive “puzzle” • Used in bitcoin and many other cryptocurrencies: called mining • Puzzle: find a nonce for new block such that hash(nonce + header + new block) has N leftmost 0 bits. • In Bitcoin: N is adjusted so that it takes on average 10 mins for first miner to find a puzzle solution • Once a solution is found, solving miner sends it to all other miners and they can easily verify the solution and accept the new block • Purpose: attacker must control > 50% of miner computational power to change past blocks and consistently solve the puzzles first (to get honest miners to accept modified blockchain)
Q: What do you think is one practical drawback of the PoW consensus mechanism?

Blockchain: Security
Database Security & Privacy
● Othertypesofconsensusprotocolsexist,e.g.:
○ ProofofStake(PoS):contributingminerchosenforeachblockwith probability proportional to percentage of ownership (wealth) of the miner
• Purpose: attacker must control > 50% of blockchain stake (wealth) to change past blocks and consistently get honest miners to accept modified blockchain
○ ByzantineFaultTolerance(BFT):protocolinvolvingcommunication among all miners to agree on new block
• Purpose: attacker must control > 33% of participating miners to change past blocks and get honest miners to accept modified blockchain

• Mining is the process of validating new transactions and record them on the
global ledger (block chain itself)
Generally miners will choose the transaction with high transaction fees (need more confirmations) from the transaction pool. For example:
Where each confirmation represents adding each block
When the miners identify that the 998th block is a valid block in the
whole block chain, they will try to add a candidate block
The miners need to solve an intensive computational problem (”puzzle”) in order to add a block after the 998th block – this puzzle is is known as a proof of work
…… 997 998

In case of a “fork” in the blockchain with several candidate new
blocks, the block accepted as valid is the one in the longest chain
(with largest number of solved POW puzzle blocks following it) – 999A called the longest chain rule.

…… 997 998

Assume we have 3 miners working on the same block chain, each of them has the proof of work, with candidate block each added after 998th block, which are 999A, 999B, 999C.
The miner with computer having higher processing speed will solve the puzzles to create subsequent blocks faster (on average). This allows the miners in control of the majority of computing power to produce the longest chain (with blocks numbered 1000, 1001… added after the 999th block) first, which means this chain will be the one accepted by the honest miners.

Looking at current situation, the longest chain is the one created by 999B, thus only 999B will be considered valid by miners, among the three candidate blocks.
When there are enough (say 6) subsequent blocks in longest chain following 999B, the chance of a competing chain with slower puzzle solving rate to overtake it is very small. We say that 999B status is transformed from unconfirmed to confirmed

Now you understand how the basic transactions work in block chain.
Next, you need to know what are the roles of digital signatures and hashing in block chain.
Verification Key (Public) Signing Key (Private)
010010… 010011…
110001… 111100…
A will sign the block A with its private key which ensures that only A can produce that signature.
Sign(message, private key)
If someone wants to verify the block (transaction), they need to use A’s public key. = YES/NO
By successfully validating the signature, the transaction done by A turned from unconfirmed to confirmed transaction and new blocks can be added behind it.

Now we have ensured that no one can forge digital signature to create fake transaction record. However, attacker is still able to delete a past transaction as shown, so he can spend it again later, or copy it multiple times to increase the amount of money spent.
Original block 999
1. A paid B $100 110110… 2. C paid D $50 100011…
3. E paid F $1000 111101… 4. G paid H $10 010110…
Modified block 999 .
1. C paid D $50 100011…
2. E paid F $1000 111101… 3. G paid H $10 010110…
To get around with this, we need to add some sort of unique number associated with the transaction message, and that will affect all subsequent blocks – we use collision-resistant one- way hashing for this.
depends on
Block 1000
depends on
Block 1001
Block nonce value
Block header value
Generated hash value for each block
Since each of the transaction block can only create new hashes based on the previous block, an att

程序代写 CS代考 加微信: cscodehelp QQ: 2235208643 Email: kyit630461@163.com

Leave a Reply

Your email address will not be published. Required fields are marked *