Versions Compared

Old Version 26

changes.mady.by.user Krishna Waidande

Saved on

compared with

New Version 27

changes.mady.by.user Swapnil Ingle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In both techniques, the malicious user won't be able to decrypt data.

Encrypting Data At Rest

In the database, all the patient data is stored in data files. There is a chance that an attacker can retrieve sensitive data if they get direct access to such files. To avoid this, one can encrypt the data files using the keyring plugin provided by MySQL.

Gliffy
imageAttachmentIdatt925433896
baseUrlhttps://openspecimen.atlassian.net/wiki
macroIdfb232f67-a777-492a-b3cc-da54c8a8f87f
nameData At Rest
diagramAttachmentIdatt926122045
containerId693338127
timestamp15941067751161594128141206

The keyring file is the main file that stores key using which the tablespace (where all table data files are stored) is encrypted. The keyring plugin is used for this purpose.

...

Expand

i) To encrypt a database table we run ALTER TABLE <TABLE_NAME> ENCRYPTION=”Y”

ii)  Similarly, we’ll need to encrypt every table in the database. For this, we can generate a master-sql file, which will have the query to alter all the existing DB tables.

iii) Follow the below procedure to create a master-query.

Code Block
languagesql
mysql> USE <database_name>;
mysql> TEE encrypt_tables.sql;
mysql> SELECT CONCAT("ALTER TABLE `", TABLE_NAME,"` ENCRYPTION=\"Y\" ;") 
         as encryption_query
       FROM 
         INFORMATION_SCHEMA.TABLES
       WHERE 
         TABLE_SCHEMA="<database_name>" AND
         TABLE_TYPE="BASE TABLE";
mysql> NOTEE;
mysql> EXIT;

TEE: This command reads the standard input and writes it to the file as well as standard output.

iv) Remove the table structure and the select query captured in the ‘encrypt_tables.sql file using the below command.

Code Block
languagebash
grep -i "ALTER" encrypt_tables.sql | sed '1d' | sed 's/|//g' > processed_encryption_tables.sql

v) Again login into MySQL database and run the ‘source processed_encryption_table.sql’.

Code Block
languagesql
mysql> USE <database_name>;
mysql> SOURCE processed_encryption_table.sql

vi) Check if all tables are encrypted are not by noting ENCRYPTION="Y" flag under the CREATE_OPTIONS column.

Code Block
languagesql
SELECT 
  TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS 
FROM 
  INFORMATION_SCHEMA.TABLES 
WHERE 
  CREATE_OPTIONS LIKE '%ENCRYPTION%';

Encrypting Data In Transit

Gliffy
imageAttachmentIdatt925597708
baseUrlhttps://openspecimen.atlassian.net/wiki
macroId75956811-f91a-45ce-b650-9d45945d2268
nameData In Transit
diagramAttachmentIdatt925597703
containerId693338127
timestamp15941053156081594128967409

In this step, we create self-signed SSL certificates for MySQL server to communicate using SSL. The certificate file is shared with the application so that it can store certificates in its TrustStore file and application can trust the MySQL server.

...