04/21/23 1

Securing a Database

Based on notes by

Fei Li and Hong Li

04/21/23 2

Topics

Securing the connections to the database:1. SSL-tunneling between client machine and

database machine

2. A secure JDBC driver

Securing the data within a database

Secure Thin JDBC Connection Sample

04/21/23 3

JDBC Basics

JDBC is a Java API for executing SQL statements

JDBC makes it possible to do three things: 1.establish a connection with a database

2.send SQL statements

3.process the results.

04/21/23 4

Securing a database

Two points of attack against a database– The connection between clients and database– The data in the database

04/21/23 5

Securing the JDBC driver transmission

Approach 1: SSL-tunneling– Running a daemon on the client machine

– Advantage: simplicity and performance

– Disadvantage: not enough of authentication, esp. if the client machine is a shared or multi-user environment.

Approach 2: Proxy to JDBC drivers– developing a JDBC driver proxy

– Advantage: provide more security

– Disadvantage: much more complex

04/21/23 6

SSL-Tunneling

TunnelServer

Database instance

Database Machine

TunnelServer

Client Machine

Client Application

SQL requestSQL response

SQL response

SQL request

SSL Socket

04/21/23 7

The SSL-Tunneling Approach

Two instances of the tunnel server, one on the client machine and the other on the database server machine

Each instance serves as a proxy. Simplicity of encrypting the database

connection by SSL-tunneling between the client application and the DBMS

04/21/23 8

Query processing Client Machine• Client application

The JDBC client• Client-side tunnel server

Reads unencrypted data from the JDBC client;Write it to the database machine over SSL

Database Machine• Server-side tunnel server

Reads the encrypted data from the client-side tunnel server;Sends it unencrypted to the DBMS over localhost

• Database server

04/21/23 9

Response processing

Client Machine• Client-side tunnel server

Reads encrypted data from the server-side tunnel server;Write it to the JDBC client;

• Client application

Database Machine• Database server

Sends query result to the tunnel server• Server-side tunnel server

Reads the query result from the DBMS over localhost;Sends it encrypted to the client-side tunnel server;

04/21/23 10

The SSL-Tunneling Approach

TunnelServer

Database instance

Database Machine

TunnelServer

Client Machine

Client Application

3. SQL request4. SQL response

6. SQL response

1. SQL request

2. Encrypted SQL request

5. Encrypted SQL response

• Assumption: Connections to localhost cannot be snooped. True or false?

04/21/23 11

Example 1: The Tunnel Server Two classes

– TunnelServer– TunnelThread

TunnelServer class (p. 310)– Correction: client (mRemote == false) or the server (mRemote == true)

public TunnelServer (String server, int appPort, int tunnelPort, boolean remote) { super(); mDestServer = server; mAppPort = appPort; mTunnelPort = tunnelPort; mRemote = remote; waitForConnections(); }

04/21/23 12

Example1: The Tunnel Server Get server socket, waiting for connections,

and create two instances of TunnelThread.

private void waitForConnections() { …… serverSocket = getServerSocket(); while (mListening) { try { logMessage("Waiting for connections."); srcSocket = serverSocket.accept(); …… destSocket = connect(); logMessage("Connected to remote server at " + destSocket .getInetAddress() + "."); fromClient = getTunnelThread("fromClient"); toClient = getTunnelThread("toClient"); ……

04/21/23 13

Example1: The Tunnel Server The TunnelThread class (p. 315-316)

– Forwarding requests and responds/** Creates new TunnelThread * @param name a name for this thread*/ public TunnelThread(String name) { super(name); setDaemon(true); } /**Default constructor -- create a tunnel thread with a default name*/ public TunnelThread( ) { super( ); setDaemon(true); }

public void run ( ) {

}

04/21/23 14

Example1: The Tunnel Server Run the Tunnel Server with JDBC

1. Generate keystore/certificates for client and server serverKeyStore, clientKeyStore (p.317)

2. Copy serverKeyStore to the database server; Start the tunnel server on the server side (database machine)

3. Copy clientKeyStore to the client machine; Start the tunnel server on the client side (client machine) (p.318)

4. Run a test application on the client machine

04/21/23 15

Example1: The Tunnel Server Create Keystore

>keytool -genkey -keyalg RSA -keystore serverKeyStore>keytool -genkey -keyalg RSA -keystore clientKeyStore

04/21/23 16

Example1: The Tunnel Server Create Keystore

– Export the certificates >keytool -export -keystore serverKeyStore -file server.cer>keytool -export -keystore clientKeyStore -file client.cer

04/21/23 17

Example1: The Tunnel Server Create Keystore

– Import the certificates

>keytool -import -file client.cer -alias client -keystore serverKeyStore>keytool -import -file server.cer -alias server -keystore clientKeyStore

04/21/23 18

Example1: The Tunnel Server Start the tunnel server on the server

– Copy serverKeyStore TunnelServer.class, and TunnelThread.class to the database machine

>java -Djavax.net.ssl.keyStore=serverKeyStore -Djavax.net.ssl.keyStorePassword=sps2020 -Djavax.net.ssl.trustStore=serverKeyStore com.isnetworks.crypto.net.TunnelServer localhost 1521 6543 remote

Exercise: – Use the TunnelServer.java source code to trace

the execution of the server-side TunnelServer and show its screen output.

04/21/23 19

Example1: The Tunnel Server

Start the tunnel server on the client– Copy clientKeyStore TunnelServer.class, and

TunnelThread.class to the clinet machine

>java -Djavax.net.ssl.keyStore=clientKeyStore -Djavax.net.ssl.keyStorePassword=cps2020 -Djavax.net.ssl.trustStore=clientKeyStore com.isnetworks.crypto.net.TunnelServer diamond.rocks.cl.uh.edu 1521 6543 local

04/21/23 20

Example1: The Tunnel Server

Run a test application on the client machine– Use JDBCTest.java– Set the JDBC driver (classes.zip) in the

classpath

DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());Connection conn = DriverManager.getConnection (

"jdbc:oracle:thin:@localhost:1521:nas", “username", “password");

04/21/23 21

Example1: The Tunnel Server Source codes and detailed instructions available

on the syllabus page:

– Sample programs for running Tunnel Server on dcm.cl.uh.edu (the client application) and diamond.rocks.cl.uh.edu (the DBMS server):

– TunnelServer.java

– TunnelThread.java

– JDBCTest.java

– Detailed instructions

– Supplementary note

04/21/23 22

Securing the JDBC Driver Transmission

Approach 2: Proxy to JDBC drivers– developing a JDBC driver proxy– Advantage: provide more security– Disadvantage: much more complex

04/21/23 23

The JDBC Driver Proxy

Provide the encryption and authentication for many applications– Delegate all the calls to dynamically bound

driver Provide proxies to JDBC driver classes

– Proxy design pattern in distributed computing Use SSL for the connection

– Encryption– Authentication later on

04/21/23 24

The JDBC Driver

Database Machine

DB

Secure JDBC Driver

Proxy

Database client (application server)

04/21/23 25

The JDBC Driver

Client-Server communication– Server handles configuration, connections to

the DB, and delegation of the JDBC calls– Client delegates all the connections to the

server Choose RMI as a network transport for

communication– Have to add one more layer to the remote call– The diagram on p.321.

04/21/23 26

Implementation– Delegate the common operations to an abstract

super class.– Use a single remote class to pass any method

call instead of creating an RMI proxy for each JDBC interface

– Is a complex solution to a simple problem– Proxy pattern enables developer to add service

The JDBC Driver

04/21/23 27

Using the secure JDBC driverDetailed instructions for running the sample

application: SecureDriver.rtf

Steps of Configuring the driver: 1. Generate the keys and certificates

2. Edit the SecureDriver_config.xml file

3. Create policy files for the server and client

The JDBC Driver

04/21/23 28

Edit the SecureDriver_config.xml file– Defines JDBC connection directly to the database from

the secure driver

Create policy files– RMI requires that code run with a security manager– Add some special permissions to policy files– Server policy file

• The ability to connect to the database• The ability to talk to the RMI registry• The ability to receive a connection from a remote client

The JDBC Driver

04/21/23 29

The JDBC Driver

Connecting to the RMI server process:– The connect( ) method is called by

DriverManager and connects to the RMI server process, which is where the actual JDBC connections reside.

04/21/23 30

The JDBC Driver

Discussion:Can the application be modified to run without

RMI?

How?

04/21/23 31

Securing Data in the Database

Protect the data in database– Database permission

• Should be set properly by the administrator

– Read- or write-only database• If it is well protected, highly controlled, and not

often accessed

• Large online retailers use write-only database

04/21/23 32

Securing data in the database

Protect the data in databases– Symmetric encryption

• Applications storing a secret key need to be completely safe

– Asymmetric encryption• Public key is used for encrypting the data in the DB• Private key must be stored somewhere safe.

Disadvantage of encrypting data– Expensive– Remove some of the value of using a database

04/21/23 33

Example3: Encrypting credit cards

Credit Cards3Xizmj2Cg31C1l

…Database (Stores encrypted credit card data)

Finance client

Decrypt

Server

One-way encrypt

04/21/23 34

Encrypting credit cards

CreditCardFactory

-mPublicKey

+createCreditCard()+findAllCreditCards()+findCreditCard()

CreditCard

-mAccountID-mCreditCardNumber

+CreditCard()+getAccountID()+getCreditCardNumber()

DatabaseOperations

+getAllCreditCardAccountIDs()+loadCreditCardDBO()+store(creditCardDBO:CreditCardDBO)

CrditCardDBO

-mAccountID-mEncryptedCCNumber-mEncryptedSessionKey

+CreditCardDBO()+getAccountID()+getEncryptedCCNumber()+getEncryptedSessionKey()

04/21/23 35

Encrypting credit cards

Testing the application – CreateTest.java– Create a credit card based on user-specified

account ID and credit card number• Create a Properties object from the file system

Properties properties = new Properties();FileInputStream fis = new FileInputStream(PROPERTIES_FILE);properties.load(fis);fis.close();

// Create the credit cardCreditCardFactory factory = new CreditCardFactory(properties);CreditCard creditCard = factory.createCreditCard(id,ccNumber);

04/21/23 36

Encrypting credit cards

Testing the application – ViewTest– Define the location of the keystore– Load the keystore to retrieve the private key

private static final String KEYSTORE = "creditcardExample.ks";……// Load the keystore to retrieve the private key.String ksType = KeyStore.getDefaultType();KeyStore ks = KeyStore.getInstance(ksType);FileInputStream fis = new FileInputStream(KEYSTORE);ks.load(fis,PASSWORD);fis.close();PrivateKey privateKey = (PrivateKey)ks.getKey("mykey",PASSWORD);

04/21/23 37

Secure Thin JDBC Connection

Oracle JDBC Thin Driver– The Oracle JDBC Thin driver is a 'Type IV'

(native protocol, 100% Pure Java) implementation that complies with the JDBC 1.22 standard.

– The JDBC Thin driver uses Java Sockets to connect directly to the Oracle Server

– The JDBC Thin driver does not require Oracle software on the client side

04/21/23 38

Secure Thin JDBC Connection

Encryption and integrity support– use Oracle Advanced Security data encryption

and integrity features in your Java database applications

– When using the Thin driver, the parameters are set through a Java properties file

– Encryption is enabled or disabled based on a combination of the client-side encryption-level setting and the server-side encryption-level setting

04/21/23 39

Secure Thin JDBC Connection

Get SecureThinDriver.jar to run the sample – Configuring Encryption Parameter Using

Oracle Net Manager– Run the Application using JDeveloper

Environment– Run the Application from JDK Environment 

04/21/23 40

Reference[1] JDBC Introduction

http://java.sun.com/docs/books/jdbc/intro.html

[2] J. Garms and D. Somerfield. Professional Java Security

[3] Secure Thin JDBC Connection

http://otn.oracle.com/sample_code/deploy/security/files/secure_thin_driver/Readme.html

[4] The status of HIPNS

http://nfdfn.jinr.ru/~litvin/nobugs2000/nobugs2000_litvin_hipns_proceeding.htm

[5] Improving Database Performance with Oracle8‚

http://otn.oracle.com/products/oracle8/htdocs/xo8p3twp.htm