Data at Rest Encryption - Addressing Modern Attacks Beyond the Basics

Explore advanced data encryption techniques for protecting data at rest in this 47-minute OWASP Foundation conference talk. Delve into the limitations of current encryption methods for data at rest and discover alternative approaches that offer enhanced protection against modern security threats. Learn about Application-Level Encryption (ALE), Transparent Data Encryption (TDE), Field-Level Encryption (FLE), client-side encryption, and custom implementations. Gain insights into addressing ransomware, data theft, insider threats, and application layer attacks such as SQL injection. Understand the fundamentals of cryptography, encryption, and key management, and explore real-world examples of security incidents and improved encryption strategies for medical records systems.

Intro
What will they talk about? • Quick primer on cryptography, encryption, and key management • Issues with current at-rest data encryption approaches
A02:2021 - Cryptographic Failures
Cryptography Cryptography was practiced for millennia before the Invention of computers One of the original and fundamental mechanisms for computer security
Cryptographic Attacks . Modern cryptography is exceptionally strong against direct attacks
Problem - Keys
Two Predominant Use Cases for Encryption
The Central Implicit Trust Model
So, what's the problem with that?
Two Real-world Examples Security Incident
Better Approach
Example - Medical Records System Only a subset of data values and attachments are to be protected
Column-Level Encryption
Application-Level Encryption (ALE)
Parting Words of Crypto Advice