PGCon2019 - 3.4
PGCon 2019
The PostgreSQL Conference
| Speakers | |
|---|---|
|
Masahiko Sawada |
| Schedule | |
|---|---|
| Day | Talks - Day 2 - 2019-05-31 |
| Room | DMS 1110 |
| Start time | 11:00 |
| Duration | 00:45 |
| Info | |
| ID | 1325 |
| Event type | Other |
| Track | Hacking |
| Language used for presentation | English |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
Transparent data at rest encryption in PostgreSQL
Data encryption is one of the powerful methods to protect data from threats such as eavesdropping and theft. It is essential when storing confidential information such as credit card numbers, personal information of users, etc. Also, various data protection standards and regulations such as PCI DSS, GDPR, etc. require it.
We have been researching how to make PostgreSQL more secure by implementing the built-in transparent data encryption for PostgreSQL. In this talk I will first introduce some studies about database encryption. Then, I'll provide some internal details of the implementing transparent data encryption and the performance evaluation result of the PoC based on our solution. It also covers the robust encryption key management, which is another important feature for data encryption.
Various data protection standards and regulations such as PCI DSS, GDPR, etc. requires data encryption. There are methods to encrypt data stored in PostgreSQL, such as pgcrypto and file system level encryption using LUKS. However they don't satisfy the following properties of database encryption that are required by user and some security standards in practice:
- Transparent data encryption (TDE)
- Minimize performance impact
- Platform-independence
We have been researching the built-in database encryption for PostgreSQL. Our solution consists of per-tablespace transparent data encryption while keeping minimize performance impact. We made a proof-of-concept code to evaluate our solution's usability and impact on the performance.
In this talk, I will discuss about the principles of confidential information protection and database encryption methods. Then, I'll provide some internal details of built-in transparent data encryption of PostgreSQL and the evaluation results. It also covers the robust encryption key management, which is another important feature for data encryption.