Table of Contents
Advertisement
Diffie-Hellman Based Key Management
Data Integrity Algorithms Supported
Oracle Advanced Security lets you select a keyed, sequenced implementation of the
Message Digest 5 (MD5) algorithm or the Secure Hash Algorithm (SHA-1) to
protect against both of these forms of attack. Both of these hash algorithms create a
checksum that changes if the data is altered in any way. This protection operates
independently from the encryption process so you can enable data integrity with or
without enabling encryption.
Diffie-Hellman Based Key Management
The secrecy of encrypted data depends upon the existence of a secret key shared
between the communicating parties. A key is a secret exclusively shared by parties
on both sides of a connection. Without the key, it is extremely difficult
(computationally infeasible) to decrypt an encrypted message or to alter a
cryptographic, checksummed message without detection. Providing and
maintaining such secret keys is referred to as key management.
Secure key distribution is difficult in a multiuser environment. Oracle Advanced
Security uses the well known
perform secure key distribution for both encryption and data integrity.
When encryption is used to protect the security of encrypted data, keys must be
changed frequently to minimize the effects of a compromised key. Accordingly, the
3-4 Oracle Database Advanced Security Administrator's Guide
Data modification attack
This type of attack occurs when an unauthorized party intercepts data in
transit, alters it, and retransmits it. For example, if a bank deposit of $100 is
intercepted, the monetary amount is changed to $10,000, and then the higher
amount is retransmitted, then that is a data modification attack.
Replay attack
This type of attack occurs when an entire set of valid data is repetitively
retransmitted. For example, if a bank withdrawal of $100 is intercepted and
then retransmitted ten times so the final withdrawal amount equals $1,000, then
that is a replay attack.
See Also:
"Configuring Integrity on the Client and the Server"
page 3-11.
Table 3–3, "Valid Integrity Algorithms"
Diffie-Hellman key negotiation algorithm
on
on page 3-13.
to
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Oracle Database B10772-01 and is the answer not in the manual?