2

An application does encrypt the data using a secrete key before the data is being written to the database to prevent the disclosure attack. However how do we verify the integrity of such data when application retrieve data from database and decrypt it? what if a privileged user (DB admin) update the encrypted data in the database directly ?

Usually an algorithm in application code trying to decrypt the tampered data would through an exception .A modified or tampered encrypted data fails to decrypt always ? if so this would give a hit that data integrity has lost.Is this control reliable ? or do we need to sign the data along with encryption before storing into the database and verify the hash when data is retrieved from database ?

user1493834
  • 177
  • 1
  • 10

1 Answers1

1

In some cases, a modified ciphertext may trigger a padding error upon decryption. However, this will not always be the case, therefore authentication is needed in addition to encryption.

Some modern modes of AES encryption (such as AES-GCM) combine authentication with encryption. Other modes of AES (such as AES-CBC) do not include authentication, so an authentication function (such as HMAC) is often used in conjunction with these modes.

See Why do you need message authentication in addition to encryption? for more information on this subject.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • I believe integrity check is needed for cases where the data is stored without encryption , for an attacker to modify the encrypted data for his benefit first it should be readable otherwise he wont be able to do much. i.e probability of getting this exploited is too low. what do you think about this? – user1493834 Nov 13 '20 at 04:02
  • Attacks on crypto protocols that do not verify integrity are easier to pull-off than you might think. See the answer by Squeamish Ossifrage at https://crypto.stackexchange.com/questions/59973/why-is-release-of-unverified-plaintext-so-bad for some interesting reading on this subject. – mti2935 Nov 13 '20 at 13:23