FAQ
Q: What are translucent databases?
A: A term for databases that must
protect some information while revealing other data. In other words, a phrase
to capture how the database must exist somewhere between translucency and
opacity.
Q: Do they encrypt things?
A: Yes, but only some things and
then only in a careful way. Standard encryption algorithms lock data away
in an inscrutible pile of bits. Only the person with the right key can make
sense of the information. Translucent databases use the same algorithms in
a more controlled fashion. Some of the information is turned into an inscrutible
pile of bits, but other parts can be read, understood and acted upon by the
database engine.
Q: So what's scrambled beyond recognition?
A: Anything you want. The database
administrator usually chooses personal or sensitive information. Social security
numbers or credit card numbers are ideal choices. Passwords are another choice.
Q: But are they really beyond all
recognition?
A: Actually, no. The book describes
how to control the scrambling so that useful work can be done with the result.
In some cases, you can still compare the information to see if it matches
other scrambled entries. In others, you can add or multiply the data too.
All of this work is done behind a curtain of encryption so the privacy is
still protected.
Q: So why would I use something like
this?
A: Databases come with good security
already, but nothing is perfect. Sometimes someone leaves a backdoor open.
The operating system, not the database itself, is often the culprit. Sometimes
clerks, bosses and everyone in between abuse their legitimate access. Translucent
databases provide a way to work with sensitive information in a more secure
way.
Q: Are there advantages?
A: The security mechanism of translucent
databases is much simpler. Translucent databases don't require heavily tested
operating systems running the in the most secure mode to protect the information.
They can save administrative costs by making life easier for system administrators.
The mechanism also runs faster in many cases because there's no need for
a complicated security layer to evaluate every request.
Q: Isn't hardware cheap?
A: Yes, but it's not just about speed
and cost. Translucent databases also make ideal satellite databases placed
in remote sites or branch offices. They can accomplish all of their tasks
without the extra security. There's no need to lock away the database or check
out all of the staff. The translucent database strips away the sensitive
information.
Q: Are they perfect too?
A: Nothing is perfect, but translucent
databases can withstand some attacks that would cripple a regular database.
If a hacker breaks in or an employee turns traitor, the information is still
secure. There are still ways that information can leak out, but they're significantly
fewer and harder to exploit.In many ideal situations, the database administrator
can publish the root password and remain sure that the sensitive information
will stay locked up.
Q: How is the book written?
A: As a high-level idea book with
the full source code to dozens of examples. Each chapter describes a different
technique for locking up the information. Most come with two or three different
databases as examples. The book comes with a license to use the source code
in any way you want.
Q: Who would want to read the book?
A: Database administrators who need
to guard sensitive information.
Q: Do the examples help?
A: There are
href="case.html">dozens of examples in the book. If there's nothing directly
useful, then most database administrators will find something that is close.
The book is meant to teach by example.
Q: Is this idea new?
A: Yes and no. People have been encrypting
databases for a long time, but most of it isn't permanent. Many databases
can be protected by a password, but it is unscrambled whenever someone does
a query. That's not ideal. Translucent databases are scrambled beyond recognition.
This book takes some of the standard techniques from cryptography and reapplies
them in a different way. The one-way functions and the digital signatures
aren't new, but the attitude to protecting data is.
Q: What about password databases?
A: The UNIX password file scrambling
mechanism is a great example of a translucent database. It's been around for
a long time. The book is really an attempt to see how far the idea will go.
Can we help people schedule meetings? Can we protect the plans of a baby sitter
or an executive threatened with kidnapping? Can we protect the ships at sea
while still letting family members follow their movements? Can we take care
of credit card numbers? It turns out we can build a central database using
some of the same techniques that protects the average password files. People
can still do useful work, but no hacker can punch through.
Q: Is there code?
A: Yes, plenty of SQL and Java code.
Q: Can I use it?
A: Sure. Owners of the book get a
royalty-free license to reuse the source code as they desire. You can copy
it verbatim, change it slightly, or rewrite large parts.
Q: Can I contact the author?
A: p3 (at) wayner (dot) org should work.