SYDO - Secure Your Data by Obscurity
-
Upload
avadanei-andrei -
Category
Technology
-
view
322 -
download
1
Transcript of SYDO - Secure Your Data by Obscurity
SYDO – Secure Your Data by Obscurity
Andrei AvădăneiWeb Developer, Security enthusiast, Blogger
www.worldit.info@AndreiAvadanei+AndreiAvadanei
Let's make some research :-)
Before that, what problems do we have?
mistrust in hosting provider aims
security problems
data stealing using SQL Injections
… or after server was hijacked
etc. etc.
“Information”
one the most dangerous weapons
you have it, you rule
...money, women and finally the world
take a look at Google, Facebook, M$ etc.
We should be more careful!
But we are lazy...
We introduce SYDO
aims to protect your data stored in SQL databases
a built-in interface for SQL functions
based on client/server API
help you to store and manage your data
How it works?
The problem divided in layers
Low Level processing (SQL Interfaces)
SYDO
Medium Level processing (here we can add patches over SQL queries)
High-level processing (WAFs, htaccess etc.)
Post-processing (client side)
Solution
data (rows/tables/databases) encrypted with AES 128
keys stored in SYDO Hash Center (remote - server)
unique identification key + AES keys related
SQL Query identification by generating a key stub(Anti-SQLI)
RESTful encrypted API protocol between Client and server
Demo
Features
support over multiple SQL interfaces
API statistics
multiple website management for SYDO Hash Center
P2P Hash Center Service (lower latency)
cache over SYDO Hash Center (even lower latency)
Anti-DOS for SYDO Hash Center
Project Status
available on GitHub v.01 Alpha
http://bit.ly/o6qzjn
soon update!
Important
SYDO is not bullet proof but is a better solution!
Questions?