Versions Compared

Old Version 25

changes.mady.by.user Krishna Waidande

Saved on

compared with

New Version 26

changes.mady.by.user Krishna Waidande

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To ensure data privacy and minimize data vulnerability, OpenSpecimen provides an option to encrypt the MySQL database "at rest" and "at in transit".

  • At Rest: Ensures the database files are in an encrypted format on the disk.

  • At In Transit: Ensures the data passing through the network to the application is encrypted.

In both techniques, the malicious user won't be able to decrypt data.

Data

...

At Rest

In the database, all the patient data is stored in data files. There is a chance that an attacker can retrieve sensitive data if they get direct access to such files. To avoid this, one can encrypt the data files using the keyring plugin provided by MySQL.

...

Expand

i) To encrypt a database table we run ALTER TABLE <TABLE_NAME> ENCRYPTION=”Y”

ii)  Similarly, we’ll need to encrypt every table in the database. For this, we can generate a master-sql file, which will have the query to alter all the existing DB tables.

iii) Follow the below procedure to create a master-query.

Code Block
languagesql
mysql> USE <database_name>;
mysql> TEE encrypt_tables.sql;
mysql> SELECT CONCAT("ALTER TABLE `", TABLE_NAME,"` ENCRYPTION=\"Y\" ;") 
         as encryption_query
       FROM 
         INFORMATION_SCHEMA.TABLES
       WHERE 
         TABLE_SCHEMA="<database_name>" AND
         TABLE_TYPE="BASE TABLE";
mysql> NOTEE;
mysql> EXIT;

TEE: This command reads the standard input and writes it to the file as well as standard output.

iv) Remove the table structure and the select query captured in the ‘encrypt_tables.sql file using the below command.

Code Block
languagebash
grep -i "ALTER" encrypt_tables.sql | sed '1d' | sed 's/|//g' > processed_encryption_tables.sql

v) Again login into MySQL database and run the ‘source processed_encryption_table.sql’.

Code Block
languagesql
mysql> USE <database_name>;
mysql> SOURCE processed_encryption_table.sql

vi) Check if all tables are encrypted are not by noting ENCRYPTION="Y" flag under the CREATE_OPTIONS column.

Code Block
languagesql
SELECT 
  TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS 
FROM 
  INFORMATION_SCHEMA.TABLES 
WHERE 
  CREATE_OPTIONS LIKE '%ENCRYPTION%';

Data

...

In Transit

Gliffy
imageAttachmentIdatt925597708
baseUrlhttps://openspecimen.atlassian.net/wiki
macroId75956811-f91a-45ce-b650-9d45945d2268
nameData In Transit
diagramAttachmentIdatt925597703
containerId693338127
timestamp1594105315608

...