SYDO – Secure Your Data by Obscurity

Andrei AvădăneiWeb Developer, Security enthusiast, Blogger

www.worldit.info@AndreiAvadanei+AndreiAvadanei

Let's make some research :-)

Before that, what problems do we have?

mistrust in hosting provider aims

security problems

data stealing using SQL Injections

… or after server was hijacked

etc. etc.

“Information”

one the most dangerous weapons

you have it, you rule

...money, women and finally the world

take a look at Google, Facebook, M$ etc.

We should be more careful!

But we are lazy...

We introduce SYDO

aims to protect your data stored in SQL databases

a built-in interface for SQL functions

based on client/server API

help you to store and manage your data

How it works?

The problem divided in layers

Low Level processing (SQL Interfaces)

SYDO

Medium Level processing (here we can add patches over SQL queries)

High-level processing (WAFs, htaccess etc.)

Post-processing (client side)

Solution

data (rows/tables/databases) encrypted with AES 128

keys stored in SYDO Hash Center (remote - server)

unique identification key + AES keys related

SQL Query identification by generating a key stub(Anti-SQLI)

RESTful encrypted API protocol between Client and server

Demo

Features

support over multiple SQL interfaces

API statistics

multiple website management for SYDO Hash Center

P2P Hash Center Service (lower latency)

cache over SYDO Hash Center (even lower latency)

Anti-DOS for SYDO Hash Center

Project Status

available on GitHub v.01 Alpha

http://bit.ly/o6qzjn

soon update!

Important

SYDO is not bullet proof but is a better solution!

Questions?