In today’s digital age, data is more valuable than ever before, and the security of that data is paramount. One way to protect data is by using encryption to secure it while it is at rest, which means it is stored in a database or on a hard drive. SQLite is a popular open-source database engine used by many applications, including mobile apps, web browsers, and operating systems. In this article, we will explore the mechanisms by which
P6R’s SqliteTDE library is secured with encryption using two popular
AEAD ciphers, AES-GCM and ChaCha20Poly1305, and why we chose those specific ciphers.
First, let’s talk about why securing data at rest is important. Data at rest is vulnerable to attacks by hackers, insiders, and malware. Encryption can make it more difficult for an attacker to access sensitive information, even if they manage to access the database or hard drive. Encryption works by scrambling the data so that only authorized users with the correct key can unscramble it. This makes it virtually impossible for an attacker to read the data, even if they have physical access to the storage device.
SQlite
SQLiteTDE is based on SQLite, and we periodically integrate stable upstream features into it. We’ve minimized our changes to the SQLite core wherever possible. SQLite modifications for SQLiteTDE enable the encryption of all database pages. Only the file header identifying the file as a SQLite database remains unencrypted. Encryption/decryption are performed as database pages are written and read.
In addition to minimizing our changes in SQLite, we also wanted to minimize any changes to your application. you only need a change requiring adding a single line of code to enable encryption. The rest is completely transparent to your application.
OpenSSL
We use OpenSSL to provide these ciphers for SQliteTDE. OpenSSL’s ciphers have undergone extensive review and testing to ensure they provide strong security against known attacks.
OpenSSL’s AEAD ciphers have undergone extensive review and testing to ensure they provide strong security against known attacks. Building your own AEAD from other ciphers may introduce vulnerabilities that have not been fully analyzed or understood.
AEAD
We chose to use only AEAD ciphers for encryption of the database blocks in our SQliteTDE library. AEAD stands for Authenticated Encryption with Associated Data. It is a cryptographic mode of operation that provides both confidentiality and authenticity guarantees for data being transmitted over an insecure channel.
AEAD achieves both confidentiality and authenticity by combining symmetric-key encryption with message authentication. It encrypts the data using a symmetric encryption algorithm, such as AES or ChaCha20, and then generates an authentication tag using a message authentication code (MAC), such as Poly1305 or HMAC. The authentication tag is then packaged with the encrypted data, and the recipient can use the same symmetric key and MAC algorithm to verify the authenticity of the data and decrypt it.
AEAD also allows additional associated data to be included in the authentication process, such as metadata or headers. This data is authenticated but not encrypted, allowing the recipient to verify its authenticity without needing to decrypt it.
Ciphers
Now, let’s dive into the two ciphers we mentioned earlier: AES-GCM and ChaCha20Poly1305. AES-GCM is a cipher that has been widely adopted as the standard for encryption in many applications. It is fast, can be hardware accelerated, is secure, and resistant to attacks such as the BEAST attack. GCM stands for Galois/Counter Mode, which is a mode of operation that provides authenticated encryption. This means that the data is not only encrypted but also verified to ensure its integrity.
AES-256-GCM
We chose to use AES-256-GCM over other modes of AES such as CBC (Cipher Block Chaining) because it offers several advantages over the other modes:
- Authentication: AES-GCM provides both encryption and authentication in a single operation. This means that data can be encrypted and protected from unauthorized access, while also ensuring that the data has not been tampered with or modified.
- Performance: AES-GCM is a fast encryption mode that can provide high-speed data processing and has wide support for hardware acceleration. It can perform encryption and authentication in parallel, which helps to reduce the processing time and improve performance.
- Security: AES-GCM is considered to be a secure encryption mode. It uses a counter mode of operation to ensure that each block of data is encrypted with a unique key, which makes it difficult for attackers to find patterns in the encrypted data.
- Data integrity: AES-GCM uses a message authentication code (MAC) to ensure data integrity. This means that if an attacker tries to modify the encrypted data, the MAC will fail and the decryption process will not succeed.
- Storage: AES-GCM produces encrypted data that is the same size as the original data, which makes it easy to store and transfer data.
ChaCha20Poly1305
ChaCha20Poly1305 is a stream cipher that is gaining popularity as an alternative to AES-GCM. It is also fast and secure, but it is designed to be more efficient on devices with limited processing power, such as mobile phones and IoT devices. ChaCha20 is the encryption algorithm, and Poly1305 is the message authentication code. Together, they provide authenticated encryption, similar to AES-GCM.
- Security: ChaCha20Poly1305 provides high security against attacks, including both encryption and message authentication. It has been selected as a recommended cipher suite for Transport Layer Security (TLS) by the Internet Engineering Task Force (IETF) due to its high security features.
- Efficiency: ChaCha20Poly1305 is designed to be highly efficient on a wide range of hardware, including mobile devices and embedded systems. It is lightweight, fast, and consumes less power, making it a great choice for devices with limited resources.
- Parallelism: ChaCha20Poly1305 allows for parallelism, which means it can encrypt or authenticate multiple messages simultaneously. This is particularly useful in multi-core systems, where it can take advantage of multiple cores to process multiple messages concurrently.
- Nonce misuse resistance: ChaCha20Poly1305 is designed to be resistant to nonce misuse. If a nonce is accidentally or deliberately reused, the algorithm will detect it and prevent any data from being decrypted or authenticated.
- Flexibility: ChaCha20Poly1305 can be used in a variety of applications, including secure communication protocols, data storage systems, and secure file sharing systems. It is also compatible with many different platforms, including Linux, Windows, macOS, and mobile operating systems.
- Storage: ChaCha20Poly1305 produces encrypted data that is the same size as the original data, which makes it easy to store and transfer data.
So, why are these ciphers the best to use for securing SQLiteTDE? They both provide authenticated encryption, which means they protect against both eavesdropping and tampering. They are also both fast and efficient. Finally, they are both well-tested and widely adopted, which means that they have been reviewed by security experts and are less likely to have vulnerabilities. In addition both only require a single key to use. This reduces the overhead and added complexity of managing multiple keys.
Conclusion
Securing data at rest is crucial in today’s digital age, and encryption is an effective way to do so. AES-GCM and ChaCha20Poly1305 are two ciphers that provide authenticated encryption, are fast and efficient, and are widely adopted and well-tested. If you are using SQLite, you can easily switch to using SQLiteTDE with the addition of a single line of code. The rest is completely transparent to your application. With the right precautions, you can protect your sensitive data from unauthorized access and ensure its integrity.