These two years the country has become increasingly important for the storage, transmission and exchange of sensitive personal information. Obtaining sensitive personal information, such as mobile phone numbers and ID cards, requires active authorization from the subject.

0x01: How can sensitive information be leaked

  • Plaintext storage, such as direct mobile phone number, ID card storage to the database. If the user and password of the data are seen by some people who should not, obtain; It could easily cause a leak

  • Plaintext transmission. For example, sensitive information is transmitted over the network without RSA or AES encryption

  • The group’s subsidiaries exchange sensitive data when they interconnect with third-party systems. Sensitive information on our system was transferred to a third party without authorization

0x02: The best way to solve sensitive information leakage

  • Plaintext storage

Data sensitive information is encrypted before being stored. Here is a scenario where a user table contains, among other fields, mobile phone number mobile_no and IDENTITY card, two sensitive information storage fields. If you store the mobile_no and identity_card plaintext directly, you can easily leak it.

These two fields can be symmetrically encrypted or asymmetrically encrypted, and two encryption fields mobile_NO_encrypted and identity_card_encrypted can be defined respectively. However, encrypting storage to the database inevitably leads to the following two problems:

How to perform accurate query matching

  • How to perform fuzzy query matching

  • How to perform accurate query matching?

To solve this problem, add another field, mobile_NO_SHA for mobile numbers and identity_card_SHA for ID cards. These two fields store the hash code of the sha-1 of the phone number and id card, respectively (you can also use the MD5 algorithm). That way, if the query is accurate, just compare the SHA-1 hash code directly.

Select * from T_user where mobile_no_SHA = SHA-1 (mobile_no)

Corresponding fuzzy query is a bit of trouble!!

Most databases come with decryption functions, such as MySQL PASSWORD, MD5, AES_ENCRYPT, and so on. You can use unidirectional encryption for passwords and other information, and use the same encryption and matching method for authentication. For fuzzy queries that need to compare the original content, bidirectional encryption is required, that is, it can be decrypted. In MySQL, it can use its own AES encryption. Complete storage encryption, read decryption, you can achieve fuzzy search:

select * 
from t_user 
where AES_DECRYPT(UNHEX(mobile_no_sha ),'key') 
like 'xxx%';
Copy the code

Fuzzy search can be achieved by restoring the original content using functions and then matching with the like keyword.

MySQL uses AES_ENCRYPT()/AES_DECRYPT() to decrypt properly

http://blog.itpub.net/29773961/viewspace-2142305/
Copy the code
  • Clear transmission

For plaintext transmission, HTTPS is used instead of HTTP. If you want to increase the level of security, you are defining your own encryption method to do extra encryption for sensitive information. For example, the symmetric encryption ALGORITHM (AES) or asymmetric encryption algorithm (RSA) is used for custom encryption.

  • The group’s subsidiaries exchange sensitive data when they interconnect with third-party systems

This situation is more troublesome and can be divided into data exchange between subsidiaries within the group and data exchange between third-party companies

Group internal subsidiary data exchange

There is A community of interests between group companies. For example, there is A scenario where group A has an insurance company and A mall system To C. Is there such A possibility? Insurance companies need to collect a large number of personal information, and then analyze the situation of these individuals with big data to see which person has more money, and then give him a reasonable push insurance, just the mall has done a good job, a lot of people register, through the mall can get a lot of personal mobile phone numbers and so on.

Data exchange between third-party companies

Data exchange between third-party company systems. There may also be interface calls that transmit sensitive information. I remember that two years ago, SF Logistics and Cainiao logistics had such a thing, that is, Cainiao logistics required SF Logistics must upload all logistics information, sf Express directly cut off the interaction between the two systems.

In both cases, I think the relevant user agreement needs to be given in an obvious place, and when the subject agrees to the authorization, the data exchange can take place. But in both cases, almost no company has yet done so through such channels, exchanging data secretly.