• Call: +1 (858) 429-9131

Posts Tagged ‘Cryptography’

Applying blockchain innovations to Highly transnational Network dependent services

This is a discussion of recent innovative developments in the blockchain related technologies which needs to be understood. I am no expert in cryptography or economics and this not on crypto-currency or economics but mostly on the blockchain, transactions & storage as well as various opportunities and applications.

Transactions


(a typical database transaction from : http://www.writeopinions.com/database-transaction)

One the issues around blockchain is the slow transaction times. Blockchains used by bitcoin suffers very slow speeds and this is impacting the entire ecosystem surrounding it. The newer blockchain, Etherium is also facing similar trait and this is much more evident with the recent curiosity around crypto-kitties. [reference 1]

 

STEEM & bitshares blockchains as well as the new EOS blockchains addresses this problem with Graphene.

 

Graphene

This technology could be a solution for various distributed – highly transactional applications & can act as the engine of public-ledger implementations.

Graphene is an open-source blockchain implementation which theoretically supports 100K transactions per second. This is been proved with STEEM blockchain where the steemit.com social media platform is already performing very large number of transactions similar to the like, post, comment operations on social media applications like facebook.com. The behind Graphene is well established and the CTO for all the 3 block chains which uses Graphene is Dan Larimer who is blockchain expert.

Exploring graphene to replace traditional databases at the transaction layers could be a possibility that can be explored.

 

Storage

Another major aspect of distributed applications is storage. This not just a capacity planning and CAPEX problem, but as the technology needs to address the highly mobile user base. Further complications are added by the low internet speeds of developing countries where mobile based payments (eg: mPesa in Kenya, IMPS based systems in India) & related applications are becoming mainstream. These markets are important not only because of the large volumes but also the speed at which innovative trends are adopted but the governments are pushing digital payments, e-governance etc.

 

The storage layer has two issues at a very high level

  • storage
  • retrieval

We will skip the storage for the time being and directly jump to retrial as I believe tats where the new blockchain based technologies has an advantage above other systems.

Traditionally the retrieval can be slow due to multiple reasons like disk failures, slow network speed, congestion in the network, denial of service attacks etc. The block chain evolution has contributed in the development of new file systems which can address many of the issues associated with accessing content over a network.

Inter Planetary File System (IPFS)

This is another innovative development which has its roots in the blockchain — especially the bitcoin blockchain technology. The file system provides uniquely addressable HTTP / Web URL like unique identifiers for files. This means, we get a truly distributed, de-duplicated file system which is accessible like a traditional URL. This also means, web servers for content delivery & CDNs can be atleast in theory replaced as well !

 

Possible applications of these new innovations

Graphene — can be seen as a high speed, fault tolerant, in-memory transnational data store. Though more study is required, this sounds like meeting the ACID requirements for databases & offers faster transaction times.

This faster transaction times can be used in Telecom HLRs, Financial processors & even facebook like systems where Likes/comments etc happens at a very fast pace. As a proof of concept the social media portal Steemit.com uses Graphene as the underlying datastore.

IPFS — IPFS can be used as the data store where all the metadata and the content itself gets stored. This can be considered as disc storage and object/data store in the database. Thogh it doubles as a disk and database the access speeds are very high and the distributed nature makes denial services difficult. So is censorship. Surprisinly this was recently used during the Catalan independence referendum, 2017 to provide free access to content.

In a nutshell, these technologies can be applied to solve many of the issues around transacton speeds, storage etc in addition to crypto-currency. Finding innovative use cases with maximum impact can provide opportunities for both service providers as well as for enterprises.

Existing use cases and deployments

There are multiple existing non-crypto-currency deployments out there which can be considered to be out of beta.

  1. Steemit.com — a unique blend of crypto-currency and social media platform
  2. The Catalan Independence Referendum, 2017 use case
  3. Everipedia.org is planning to migrate their platform to IPFS and Graphene
  4. Fllowmyvote — uses Graphene for storing the transactions
  5. FileCoin – uses IPFS for its distributed, redundant storage mechanism

A much larger set of existing use cases including the crypto-currency scene is pictured below.

Conclusion

In a nutshell, these technologies can be applied to solve many of the issues around transaction speeds, storage etc in addition to crypto-currency. Finding innovative use cases with maximum impact can provide opportunities for both service providers as well as for enterprises.

 

References:

  1. Crypto-kitties & Etheritum blockchain congestion
  2. Graphene documentation : http://docs.bitshares.eu//index.html
  3. https://followmyvote.com/understanding-the-graphene-blockchain-ecosystem/
  4. Start your own block chain ! : https://objectcomputing.com/resources/publications/sett/march-2017-graphene-an-open-source-blockchain/

 

Migrate2Cloud provides innovative solutions which are scalable and reliable in the healthcare, banking, manufacturing and retail sectors. To know more, feel free to reach out to innovation@migrate2cloud.com

Microsoft SQL Server 2008 Encryption: Part l

Entrusted with a project where we have to implement data protection and privacy guidelines in accordance with international regulations we found ourselves investigating ways to implement data encryption in MSSQL database in Amazon EC2. We are deploying an application which has to deployed in all the AWS availability zones and our problems like syncing between zones are still at large as fine tune MS-SQL for the cloud.

Data security and privacy

The applications which storing sensitive information like customer information, Financial information, personal health information(PHI) etc, will have to meet certain data privacy and security acts. The Health Information Portability and Accountability Act (HIPAA) of 1996 protects health information. To make applications HIPAA compliance we can use some of new security features in SQL server 2008. MSSQL Server 2008 introduce new with security feature enhancements for powerful encryption and better key management capabilities

Data security in cloud

The data in cloud is in a shared hardware environment. Therefore data segregation is one of the major security issue. All cloud providers have their own storage management. But the security and privacy of data is again an issue because the customers don’t have much control over this storage area. They don’t know the exact location where data is stored. Customers can overcome these issues by implementing their own security features based own their application.

We had 2 issues to address:

1. Encrypt data in transit
2. Encrypt data at rest

In this one we are starting by implementing encryption of data in transit for MSSQL server. MSSQL Server uses the Secure Socket Layer(SSL) to encrypt data transfer between SQL server and applications. This encryption will ensure secure data transmission over the network. This is much more important when application and database are distributed on many AWS availability zones.

Implementation of SSL

1.Creating a self-singned cert using makecert

[text]
makecert -r -pe -n “CN=SERVER-FQDN” -b 01/01/2010 -e 01/01/2015 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp “SSL Providerl” -sy 12 c:\testssl.cer
[/text]

2.Install this cert

Copy c:\tesssl.cer into your client machine, run c:\testssl.cer from command window, select “Install Certificate”. -> click “Next” -> select “Place all certificates in the following store” –> click “Browser” -> select “Trusted Root Certification Authorities” -> select OK and Finish

3.Open SQL Server Configuration Manager

Expand SQL Server Network Configuration, right-click “Protocols for MSSQLSERVER” then click “properties”. On the “Certificate” tab select the certificate just installed . On the “Flags” tab, set “ForceEncryption” YES.

Now SSL is ready to use on server. You have modify your connection string to use SSL.

For Example

connectionString=”Data Source=db.server.com;Initial Catalog=mydb;User ID=user1;Password=pas@123;Encrypt=true;TrustServerCertificate=true”

You are Done!

Microsoft SQL Server 2008 Encryption: Part ll

In our first article we had discussed security and privacy of data in cloud and how to meet MSSQL server HIPPA(Health Information Portability and Accountability Act) compliance. We had also learn how to encrypt data in transit between MSSQL server and applications. Here you will learn how to encrypt data in rest in MSSQL using Transparent Data Encryption(TDE).

It seems that most of the security products focused their effort on securing data in transit only, using SSL/TLS. But when you build a security system that meet the international security regulations and acts, you need to encrypt data in rest also. The insecure configuration of server, operating system, firewall and network in general, will make it easier for some one to gain access to data at rest.

TDE performs real time encryption and decryption of data while writing and reading data from MSSQL. As the name implies encryption is transparent, that is no need to modify code or architecture of applications when implementing TDE.

Implementation of TDE

1. Create a master key
A master key is a symmetric key that is used to create certificates and asymmetric keys.

[sql]
USE master;
CREATE MASTER KEY
ENCRYPTION BY PASSWORD = ‘<password>’;
GO
[/sql]

2.Create Certificate

Certificates can be used to create symmetric keys for data encryption or to encrypt the data directly. Execute the following script to create a certificate:

[sql]
CREATE CERTIFICATE TDECert
WITH SUBJECT = ‘TDECertificate’
GO
[/sql]

3.Create a Database Encryption Key and Protect it by the Certificate

1.Click object explorer in the left pane of the MSSQL SERVER Management Studio
2.Right Click on the database which you want to encrypt
3.Click Tasks and Navigate to Manage Database Encryption
4. Select the encrytion algorithm (AES 128/192/256) and select the certificate you have created
5.Then Mark the check Box for Set Database Encryption On

You can query the is_encrypted column in sys.databases to determine whether TDE is enabled for a particular database.

[sql]
SELECT [name], is_encrypted FROM sys.databases
GO
[/sql]

Important Back up the certifi cate and private key to a fi le to ensure recoverability as follows

[sql]
BACKUP CERTIFICATE TDECert TO FILE = ‘C:\TDECert.cer’
[/sql]

You are Done!!