ADO.NET 1.1 Security Guidelines - Sensitive Data

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan


Contents

Encrypt sensitive data if you need to store it

Avoid storing sensitive data if possible. If you must store sensitive data, encrypt the data.

Note The .NET Framework 2.0 provides support for Advanced Encryption Standard (AES), a symmetric encryption algorithm, in addition to DES and 3DES. It is recommended that you use a strong symmetric encryption algorithm such as 3DES or AES.


Using 3DES Encryption

To store sensitive data, such as credit card numbers, in the database, use a strong symmetric encryption algorithm such as 3DES.


During development, to enable 3DES encryption

  • Use the RNGCryptoServiceProvider class to generate a strong (192 bit, 24 byte) encryption key.
  • Back up the encryption key, and store the backup in a physically secure location.
  • Encrypt the key with DPAPI and store it in a registry key. Use the following ACL to secure the registry key:
     Administrators: Full Control
     Process Account (for example ASPNET): Read


At runtime, to store encrypted data in the database

  • Obtain the data to be encrypted.
  • Retrieve the encrypted encryption key from the registry.
  • Use DPAPI to decrypt the encryption key.
  • Use the TripleDESCryptoServiceProvider class with the encryption key to encrypt the data.
  • Store the encrypted data in the database.


At runtime, to decrypt the encrypted secrets

  • Retrieve the encrypted data from the database.
  • Retrieve the encrypted encryption key from the registry.
  • Use DPAPI to decrypt the encryption key.
  • Use the TripleDESCryptoServiceProvider class to decrypt the data.


With this process, if the DPAPI account used to encrypt the encryption key is damaged, the backup of the 3DES key can be retrieved from the backup location and be encrypted using DPAPI under a new account. The new encrypted key can be stored in the registry and the data in the database can still be decrypted.

Note Using DPAPI is easier in .NET 2.0 because the ProtectedData class now provides a managed wrapper to DPAPI, For more information, see ".NET Framework Class Library - ProtectedData Class." at http://msdn2.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx


If you are running .NET 1.1, you need create a managed DPAPI library. For more information, see "How To: Create a DPAPI Library" in the "How To" section of "Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication" at http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp.


References


Secure sensitive data over the network

Sensitive data passed across the network to and from the database server may include application specific data or database login credentials. To ensure the privacy and integrity of data over the network, either use a platform-level solution (such as that provided by a secure datacenter where IPSec encrypted communication channels are used between servers) or configure your application to establish SSL connections to the database. The latter approach requires a server certificate installed on the database server.


For more information about using SSL and IPSec, see "How To: Use IPSec to Provide Secure Communication Between Two Servers" and "How To: Use SSL to Secure Communication to SQL Server 2000" in the "How To" section of "Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication" at http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp.


References


Store password hashes with salt

If you need to implement a user store that contains user names and passwords, do not store the passwords either in clear text or in encrypted format. Instead of storing passwords, store non-reversible hash values with added salt to mitigate the risk of dictionary attacks.

Note A salt value is a cryptographically strong random number.


Creating a Salt Value

The following code shows how to generate a salt value by using random number generation functionality provided by the RNGCryptoServiceProvider class within the System.Security.Cryptography namespace.

public static string CreateSalt(int size)
{
  RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
  byte[] buff = new byte[size];
  rng.GetBytes(buff);
  return Convert.ToBase64String(buff);
}


Creating a Hash Value (with Salt)

The following code fragment shows how to generate a hash value from a supplied password and salt value.

public static string CreatePasswordHash(string pwd, string salt)
{
  string saltAndPwd = string.Concat(pwd, salt);
  string hashedPwd =
       FormsAuthentication.HashPasswordForStoringInConfigFile(
                                            saltAndPwd, "SHA1");
  return hashedPwd;
}


More Information

For more information about implementing a user store that stores password hashes with salt, see "How To: Use Forms Authentication with SQL Server 2000" in the "How To" section of "Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication" at http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp.


References

Personal tools