Translucent Databases (Paperback)

~ Peter Wayner (Author)

Editorial Reviews

Review

"I would like to recommend this book to everyone who is storing sensitive information in their database. " -- Michael Widenius, MySQL

"I would like to recommend this book to everyone who is storing sensitive information or credit cards in their database. -- Michael Widenius, MySQL

Every database programmer should have a copy of this simple and elegant book on his reference bookshelf. -- Robert Hettinga in Slashdot

Had either Yale or Princeton adopted Wayner's principles, this nasty little episode might never have happened. -- Simson Garfinkel on the O'Reilly Network

From the Inside Flap

Here's an FAQ:

Q: What are translucent databases? A: A term for databases that must protect some information while revealing other data. In other words, a phrase to capture how the database must exist somewhere between translucency and opacity.

Q: Do they encrypt things? A: Yes, but only some things and then only in a careful way. Standard encryption algorithms lock data away in an inscrutible pile of bits. Only the person with the right key can make sense of the information. Translucent databases use the same algorithms in a more controlled fashion. Some of the information is turned into an inscrutible pile of bits, but other parts can be read, understood and acted upon by the database engine.

Q: So what's scrambled beyond recognition? A: Anything you want. The database administrator usually chooses personal or sensitive information. Social security numbers or credit card numbers are ideal choices. Passwords are another choice.

Q: But are they really beyond all recognition? A: Actually, no. The book describes how to control the scrambling so that useful work can be done with the result. In some cases, you can still compare the information to see if it matches other scrambled entries. In others, you can add or multiply the data too. All of this work is done behind a curtain of encryption so the privacy is still protected.

Q: So why would I use something like this? A: Databases come with good security already, but nothing is perfect. Sometimes someone leaves a backdoor open. The operating system, not the database itself, is often the culprit. Sometimes clerks, bosses and everyone in between abuse their legitimate access. Translucent databases provide a way to work with sensitive information in a more secure way.

Q: Are there advantages? A: The security mechanism of translucent databases is much simpler. Translucent databases don't require heavily tested operating systems running the in the most secure mode to protect the information. They can save administrative costs by making life easier for system administrators. The mechanism also runs faster in many cases because there's no need for a complicated security layer to evaluate every request.

Q: Isn't hardware cheap? A: Yes, but it's not just about speed and cost. Translucent databases also make ideal satellite databases placed in remote sites or branch offices. They can accomplish all of their tasks without the extra security. There's no need to lock away the database or check out all of the staff. The translucent database strips away the sensitive information.

Q: Are they perfect too? A: Nothing is perfect, but translucent databases can withstand some attacks that would cripple a regular database. If a hacker breaks in or an employee turns traitor, the information is still secure. There are still ways that information can leak out, but they're significantly fewer and harder to exploit.In many ideal situations, the database administrator can publish the root password and remain sure that the sensitive information will stay locked up.

Q: How is the book written? A: As a high-level idea book with the full source code to dozens of examples. Each chapter describes a different technique for locking up the information. Most come with two or three different databases as examples. The book comes with a license to use the source code in any way you want.

Q: Who would want to read the book? A: Database administrators who need to guard sensitive information.

Q: Do the examples help? A: There are dozens of examples in the book. If there's nothing directly useful, then most database administrators will find something that is close. The book is meant to teach by example.

Q: Is this idea new? A: Yes and no. People have been encrypting databases for a long time, but most of it isn't permanent. Many databases can be protected by a password, but it is unscrambled whenever someone does a query. That's not ideal. Translucent databases are scrambled beyond recognition. This book takes some of the standard techniques from cryptography and reapplies them in a different way. The one-way functions and the digital signatures aren't new, but the attitude to protecting data is.

Q: What about password databases? A: The UNIX password file scrambling mechanism is a great example of a translucent database. It's been around for a long time. The book is really an attempt to see how far the idea will go. Can we help people schedule meetings? Can we protect the plans of a baby sitter or an executive threatened with kidnapping? Can we protect the ships at sea while still letting family members follow their movements? Can we take care of credit card numbers? It turns out we can build a central database using some of the same techniques that protects the average password files. People can still do useful work, but no hacker can punch through.

Q: Is there code? A: Yes, plenty of SQL and Java code.

Q: Can I use it? A: Sure. Owners of the book get a royalty-free license to reuse the source code as they desire. You can copy it verbatim, change it slightly, or rewrite large parts.

Q: Can I contact the author? A: p3@wayner.org or pcw@flyzone.com should work

See all Editorial Reviews

Product Details

• Paperback: 193 pages
• Publisher: Flyzone Sr Llc (April 20, 2002)
• Language: English
• ISBN-10: 0967584418
• ISBN-13: 978-0967584416
• Product Dimensions: 8.8 x 7.3 x 0.5 inches
• Shipping Weight: 12.8 ounces (View shipping rates and policies)
• Average Customer Review: 3.9 out of 5 stars  See all reviews (10 customer reviews)
• Amazon.com Sales Rank: #474,076 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

24 of 27 people found the following review helpful:

5.0 out of 5 stars Unique approach that turns theory into practical solutions, June 25, 2002

By	Mike Tarrani "www.tarrani.com" (Deltona, FL USA) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)    (COMMUNITY FORUM 04)

This book contains an innovative and viable approach to securing databases, and one that I've not encountered anywhere else. In a nutshell the author provides techniques, based on standard SQL and Java, for securing sensitive data without restricting general access of less sensitive data to authorized users. The core of this approach is based on encryption and one-way functions, including PKI and secure hashing, and accepted authentication techniques such as digital signatures.

What makes this book unique is that while it's based on solid theoretical ground, the material is practical. As the techniques are discussed they are illustrated by 15 different scenarios, all of which contain problems faced by e-commerce, HIPAA and other high security environments, and code examples that show how to solve the problems. I like the way the author shows how to implement his solutions in common database environments (PostgreSQL, MySQL and Oracle - the approach should also work in the MS SQL Server environment). As I read this book I saw interesting possibilities for implementing role-based access controls and securing against SQL-based statistical attacks using the author's approach.

This book is essential reading for DBAs, system architects and IT security professionals, especially those in healthcare who are struggling with meeting HIPAA requirements, and in e-commerce who are challenged by protecting credit card and account information. This book shows the DBA how to secure his or her database, and the system architects and security professionals what is possible using SQL and Java. The book also has an associated web site which is supposed to have soft copies of all of the source code contained in the book. As of 6/25/02 the link to the source code is on the site, but the code itself is not yet available. When it is the value of this book will increase even more because of the time it will save by not having to manually create the code from scratch.

If you are new to the cryptographic techniques introduced in this book I recommend "Cryptography Decrypted" by H. X. Mel and Doris M. Baker, which is one of the best introductions to this complex subject. I also recommend reading "Secrets and Lies: Digital Security in a Networked World" by Bruce Schneier, which covers the technical, organizational and social aspects of security and gives a clear description of the technical underpinnings discussed in this book.

9 of 9 people found the following review helpful:

5.0 out of 5 stars Straight-forward and helpful, July 2, 2003

By A Customer

You can skip this book if you're a super crypto geek as the other obnoxious reviews make clear. If you've got sensitive information to store, check this out. The book is filled with several dozen examples worked out in raw SQL and Java. It could use a bit more crazy examples like his other book, Disappearing Cryptography, but at least the book is crisp, helpful and to the point.

11 of 13 people found the following review helpful:

5.0 out of 5 stars An accessible and pragmatic resource for working developers, February 21, 2003

By	Zak Greant (Calgary, Alberta, Canada) - See all my reviews

Translucent Databases deals with the issue of building applications that store and manipulate sensitive data in a very accessible and pragmatic fashion.

It provides working developers with a practical understanding of the fundaments of cryptography and stenography as applied to the specific needs of data storage, retrieval and manipulation.

The author has been careful to support major concepts with examples, discussions, real-world rationales, supporting mathematics and recommendations for additional reading. In particular, developers who do not have formal computer science background will appreciate the clear explanations of the base mechanics of the various hashing and private/public key schemes.

Given the profusion of applications that store sensitive data, this book is a timely guide that helps developers quickly solve problems in time-constrained development environments.

Additionally, the author writes in a highly-readable style that makes the topic material less fearsome for timid readers who fear daunting subjects like cryptography.

The book is not perfect - it contains more than its fair share of typos and could benefit from tighter editing. However, these are minor flaws that do not compromise the utility of the book.