Back to Security Pattern Catalog




Encrypted Storage


Classification Key : Core Security, Information Disclosure

Problem

Firewalls provide protection of data stored in a server by limiting access to it. However, data can still be accessed by hackers. The extreme option to protect data in server is not to store any sensitive information at all in server. This is infeasible, because the server needs to keep state. Since firewalls do not provide security at data level, there is need of some additional security in this level. How can server data be protected from unauthorized access ?

Solution

Encrypt critical data before storing them in the server. Decrypt data in memory before they are used by the server. Use a single key for encrypting all the data and periodically alter it if possible. This involves decrypting all data stored with previous key and re-encrypting it with the new key. If this leads to an availability problem, use a large encryption key that is difficult to compromise.

Known Uses

UNIX password file hashes the password and stores the hashed form.

Source

Kienzle et. al. Repository

Tags

Client Server, Confidentiality


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz