Specification

Home / Product / Specification

All About MyDiamo

#fancy-title-5a5f499087e21 a{ color: #274e75; }

MyDiamo provides a comprehensive security solution with encryption, access control and auditing in a single package.

#fancy-title-5a5f4990880fe a{ color: #274e75; }
.page-section-5a5f49908716f { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5a5f49908716f .alt-title span { } .page-section-5a5f49908716f.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5a5f49908716f .expandable-section-trigger i { opacity:1; top:0 !important; }

Encryption

#fancy-title-5a5f499088ea4 a{ color: #274e75; }
To enhance the usability of open source database encryption, encryption with MyDiamo is enabled on the application and column level with the following features.

  • Supported encryption algorithms: AES, AES256, TDES, BLOWFISH, BLOWFISH256, RC4, AES-NI, AES-NI256
  • Supported operation modes: CBC, CFB, CFB_BYTE, RC4
  • Supported Initial Vectors: Fixed IV, Variable IV
  • – Fixed IV: Each column has a different initial vector. If there are records that have the same value in a particular column, they will have identical encrypted values after the column is encrypted.
  • – Variable IV: Each record has a different initial vector. Even if records contain the same value in a particular column, they will be encrypted into different values after the column is encrypted.

#fancy-title-5a5f49908a077 a{ color: #313131; }

  • Supported encryption types:
  • – char, varchar, varbinary, tinyint, smallint, mediumint, int, bigint, float, double, tinyblob, blob, mediumblob, longblob, tinytext, text, mediumtext, longtext

#fancy-title-5a5f49908aa54 a{ color: #313131; }

  • Partial Encryption Supported Types: char, varchar, varbinary
  • Trigger column encryption
  • Default column encryption
  • Partial encryption
  • Masking
  • – The MyDiamo admin can set the result values for empty data, masking, error codes, and encrypted values when someone without decryption privileges attempts to view data.

#fancy-title-5a5f49908b465 a{ color: #313131; }

  • One way encryption (Keyed Hash):
  • – Based on SHA-256 algorithm and supports raw and base64 type encryption.

#fancy-title-5a5f49908be59 a{ color: #313131; }

  • Encryption key import and export
  • Encryption and decryption privilege management

#fancy-title-5a5f49908c0b6 a{ color: #313131; }
.page-section-5a5f499088564 { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5a5f499088564 .alt-title span { } .page-section-5a5f499088564.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5a5f499088564 .expandable-section-trigger i { opacity:1; top:0 !important; }

Access Control and Auditing

#fancy-title-5a5f49908ce78 a{ color: #274e75; }
Alongside database encryption, access control and auditing is provided to complete this comprehensive security software package. Administrators are able to monitor who has access to the data or security policy controls.

  • Access control for encrypted columns (Assigned to each IP address & DB user)
  • Audit log for encrypted columns
  • Deny log: records the number of permission denials
    – Access log: records the number of accesses and encryption or decryption attempts for each encrypted column
    – Query log: records queries

#fancy-title-5a5f49908dba9 a{ color: #313131; }

  • Forgery prevention for audit logs
  • – Hash logs available

#fancy-title-5a5f49908de16 a{ color: #313131; }

  • Security policy backup and restore function supported

#fancy-title-5a5f49908e07a a{ color: #313131; }
.page-section-5a5f49908c58d { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5a5f49908c58d .alt-title span { } .page-section-5a5f49908c58d.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5a5f49908c58d .expandable-section-trigger i { opacity:1; top:0 !important; }

Performance

#fancy-title-5a5f49908edfb a{ color: #274e75; }
While all forms of encryption implementations necessarily produce some impact to overall performance, MyDiamo have been developed with continuous improvements to its technology to minimize effect on overall practical performance. The numbers below illustrate MyDiamo’s superior performance capabilities.

  • Performance improved by 22% when using AES-NI
  • Overall practical performance effect on  database with MyDiamo was 6.5%, measured by the sysbench tool
  • – Tested on CentOS 7 64Bit/ 8Core/ 8GB Memory/ MySQL TDE 5.7.17/ Sysbench-0.5 OLTP Test Mode

#fancy-title-5a5f49908faca a{ color: #313131; }

  • Overall effect on overall practical performance was less than 5%

#fancy-title-5a5f49908fd36 a{ color: #313131; }
.page-section-5a5f49908e551 { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5a5f49908e551 .alt-title span { } .page-section-5a5f49908e551.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5a5f49908e551 .expandable-section-trigger i { opacity:1; top:0 !important; }