View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Saving sensitive data securely.
Log in to Ask a Question

Saving sensitive data securely.

development

Hello,

Looking for any advice on how to save sensitive data such as Social Security numbers in a database. I am wondering if anyone else needs to do this, and if so, how you do it securely. We are saving this information for the purpose or running a background check and degree verification. Any and all advice is very much appreciated.

4 Replies

SSN and other personal information fall under Federal HIPAA regulations (in the US) and you should check with someone familiar with proper storage and usage procedures for doing that.

The usual method is using AES encryption provided by your RDBMS. An example using MySQL could be :

INSERT INTO table(field) VALUES(AESENCRYPT('SSNDATA','KEY'));

This would store the data encrypted with AES within the table. You would need to store the key somewhere safe in order to keep the security model valid. You would then read the data using the following decrypt function:

SELECT AESDECRYPT(field, 'key') from table WHERE field = AESDECRYPT(field, 'key');

More on http://dev.mysql.com/doc/refman//5.5/en … tions.html">http://dev.mysql.com/doc/refman//5.5/en/encryption-functions.html

You can find a tutorial at :

http://thinkdiff.net/mysql/encrypt-mysq … echniques/">http://thinkdiff.net/mysql/encrypt-mysql-data-using-aes-techniques/

While AES encryption is secure, it only secure if the key is not compromised and it does not provide a multi-user cryptosystem (ie; an admin with access to multiple users encrypted data).

I hope this answer your question.

Regards,

Max

You help is much appreciated. I'll let you know if I or my team have any other questions.

Worth noting is that:

1) The key and data will, by default, be unencrypted between the database client and server (i.e. your application and the database) in the most popular RDBMSes.

1a) This is a sniffing threat as well as a MITM threat.

2) As a symmetric cipher, knowledge of the AES key is a necessary and sufficient condition to either encrypt or decrypt the data. In other words, if a server has the key stored, breaching that server provides enough information to decrypt everything encrypted with that key.

3) There are companies who specialize in securely handling data like this. It's one of those things that is somewhat complex, very specialized, and at a high risk of great catastrophe should a simple, subtle mistake be made. It's like radioactive waste.

If you do decide to roll your own, be sure to run it past your attorney and insurance company, to ensure that you're doing so legally and with adequate financial protection. People tend to get bent out of shape about credit card numbers, which are easily invalidated/replaced and leave little lasting damage; imagine how cranky folks would get if SSNs were leaked.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct