What is data security

According to article 3 of the Data Security Law of the People’s Republic of China, the definition of data security is given, which means that necessary measures are taken to ensure that the data is in the state of effective protection and legal use, and that it has the ability to guarantee the continuous security state.

Why do companies do data security

Nowadays, with the prevalence of the Internet, criminals can steal personal information of users or even confidential information of enterprises by means of network attack and network deception. And after getting part of the user information, you can only lock a specific person, so the confidentiality of data is particularly important.

GrowingIO data is safely landed

To keep customer data secure, GrowingIO improves data production security by building a secure software runtime that statically encrypts data storage. We will introduce the process of data landing in detail.

[Software operation safety]

Software operation security is also the system operation security of the enterprise, which mainly includes two aspects: data logical isolation: the system provides a set of exclusive data operations based on users’ permissions and roles. KMS secret key management: the database on which the system depends, and the middleware will not cause data leakage because of the secret key leakage.

Logical data isolation

Logical data isolation is used to authenticate the identities, roles, and permissions of users operating on the platform. Certification process:

Users on all platforms are assigned different roles and permissions through the RBAC permission model. Only users with role rights can view or perform related operations.

KMS key management

Key Manage System (KMS) is a key management system. At present, cloud products such as Amazon Cloud and Ali Cloud have their own solutions. KMS supports multiple types of databases, middleware, and application key management. After using KMS, the user names and passwords of all databases and middleware are not visible to the production and research, and the secret keys corresponding to static data encryption are also not visible. Currently supports database and middleware as well as system keys:

[Interactive process]

【 Examples 】

Take Amazon Cloud (AWS) as an example: Application configuration

Aws: region: "" access_key_id: "" "secret_access_key: "" "test/json/redis" datasource: kms-key: "test/postgresql/accounts"Copy the code

Run initialization

The HikariCP connection pool of the PostgresQL database is used as an example.

@Bean @ConditionalOnProperty(value = "kms.enabled",havingValue = "true") public HikariDataSource dataSource(DataSourceProperties properties, KmsProperties kms,Configs configs) { SecretsManagerClient client = SecretsManagerClientBuilder.build(kms.getRegion(),kms.getAwsAccessKeyId(),kms.getAwsSecretAccessKey()); AwsSecretProvider secretProvider = new AwsSecretProvider(client); String secret; try{ secret = secretProvider.getSecret(configs.getDataSourceKmsKey()); //secret is the link information in JSON format. Final HashMap<String,String> map = jackson.readValue (secret, hashmap.class); String url = String.format("jdbc:postgresql://%s:%s/%s? useUnicode=true&useSSL=false&characterEncoding=utf8",map.get("host"),map.get("port"),map.get("dbname")); properties.setUrl(url); properties.setUsername(map.get("username")); properties.setPassword(map.get("password")); }catch (Exception e) { log.error("kms database error",e); } HikariDataSource dataSource = properties.initializeDataSourceBuilder().type(HikariDataSource.class).build(); if (StringUtils.hasText(properties.getName())) { dataSource.setPoolName(properties.getName()); } return dataSource; }Copy the code

Any database used in the actual development, middleware can manage the corresponding user name, password and other sensitive information through KMS.

Static Storage Security

PII management

What is PII?

PII, or Personally identifiable information, is any data that may identify a specific individual. Any information that can be used to distinguish one person from another and to de-anonymize previously anonymous data can be considered PII. PII can be used alone or in conjunction with other relevant data to identify individuals, and contain direct identifiers (such as passport information) or quasi-identifiers (such as race) that uniquely identify individuals, and can be used in combination with other quasi-identifiers, such as date of birth, to successfully identify individuals.

【PII meaning 】

Protecting PII is critical to personal privacy, data privacy, data protection, information privacy and information security. With just a fraction of a person’s information, thieves can create fake accounts in that person’s name, generate debt, forge passports or sell personal identities to criminals. As individuals’ personal data is recorded, tracked and used every day — for example in biometric scans that use fingerprints and facial recognition systems used to unlock devices — it is increasingly important to protect individuals’ identities and any identifying information unique to them.

【PII Encryption and decryption 】

PII encryption: All incoming user-sensitive data is encrypted using an encryption algorithm. PII decryption: Common users can view only encrypted ciphertext data. Users can view plaintext data through authorization.

GrowingIO chooses AES(AES/CBC/PKCS5Padding) algorithm by default, and uses 256-length secret keys as PII data encryption implementation.

Execute the process

Data encryption

Data decryption

Example shows

PII can obtain key data for encryption and decryption from the configuration center or KMS.

Secret key acquisition:

KMS SecretsManagerClient Client = SecretsManagerClientBuilder.build(kms.getRegion(),kms.getAwsAccessKeyId(),kms.getAwsSecretAccessKey()); AwsSecretProvider secretProvider = new AwsSecretProvider(client); String secret = secretProvider.getSecret("test/pii/json"); //secret is the link information in JSON format. Final HashMap<String,String> map = jackson.readValue (secret, hashmap.class); String algorithmIv = map.getOrElse("algorithm_iv", ""); / / vector String = DatatypeConverter iv. ParseHexBinary (algorithmIv); . / / the secret key String encryptionKey = DatatypeConverter parseHexBinary (map (" encryption_key ")); String decryptionKey = DatatypeConverter.parseHexBinary(map("decryption_key")); / / / / vector String configuration center way iv = Hex. DecodeHex (Configs. Encry. ConfigCenterIv); / / secret key String secret = Hex. DecodeHex (Configs. Encry. ConfigCenterSecret);Copy the code

Perform an encryption or decryption operation:

After data processing through PII, all sensitive data in the database is encrypted and stored. Page rendering determines whether to encrypt or decrypt display according to user permissions.

Data storage and rendering

Database data:

Only render decrypted data after administrator login:

Q&A

1. Support of vector IV

In AES encryption algorithm: AES_ECB_PKCS5Padding Does not support vector, AES_CBC_PKCS5Padding supports vector with higher security. If you’re already using AES, consider compatibility.

2. Problems caused by Base 64 encoding

Symptom: If the encrypted string is long and the length of the encrypted text exceeds 76 characters, a line break is added to the ciphertext, resulting in an exception in the subsequent line-by-line parsing.

After JDK1.8, the Base64 utility classes were moved to the java.util package. In order to be compatible with older JDK versions, MimeEncode is used in Base64.

private static final int MIMELINEMAX = 76;
private static final byte[] CRLF = new byte[] {'\r', '\n'};
static final Encoder RFC2045 = new Encoder(false, CRLF, MIMELINEMAX, true);
Copy the code

This means that ‘\r’ or ‘\n’ will be added when the encrypted string is longer than 76, which will cause fatal errors if certain operations on the data are performed on a row. So it is recommended to use the implementation of Encode in Base64:

static final Encoder RFC4648 = new Encoder(false, null, -1, true);
static final Encoder RFC4648_URLSAFE = new Encoder(true, null, -1, true);
Copy the code

No matter how long the encrypted string is, line breaks will not occur.

See JDK source code and key standards:

RFC 4648 www.ietf.org/rfc/rfc4648…

RFC 2045 www.ietf.org/rfc/rfc2045…