Specification

Home / Product / Specification

MyDiamo Specification

#fancy-title-5ba21757627a2 a{ color: #274e75; }

MyDiamo comprehensive security solution comes with encryption, access control and auditing in one single package.

#fancy-title-5ba2175762a96 a{ color: #000000; }
.page-section-5ba21757619bc { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5ba21757619bc .alt-title span { } .page-section-5ba21757619bc.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5ba21757619bc .expandable-section-trigger i { opacity:1; top:0 !important; }

Encryption

#fancy-title-5ba2175763764 a{ color: #274e75; }
For more details, click here
Encryption with MyDiamo is enabled on the application and column level with the following features to enhance usability.

Supported encryption algorithms: AES, AES256, TDES, BLOWFISH, BLOWFISH256, RC4, AES-NI, AES-NI256

Supported operation modes: CBC, CFB, CFB_BYTE, RC4

Supported Initial Vectors: Fixed IV, Variable IV

  • Fixed IV: Each column has a different initial vector. If there are records that have the same value in a particular column, they will have identical encrypted values after the column is encrypted.
  • Variable IV: Each record has a different initial vector. Even if records contain the same value in a particular column, they will be encrypted into different values after the column is encrypted.

Supported encryption types:

char, varchar, varbinary, tinyint, smallint, mediumint, int, bigint, float, double, tinyblob, blob, mediumblob, longblob, tinytext, text, mediumtext, longtext

Partial encryption supported types: char, varchar, varbinary

  • Trigger column encryption
  • Default column encryption
  • Partial encryption
  • Masking – The MyDiamo admin can set the result values for empty data, masking, error codes, and encrypted values when someone without decryption privileges attempts to view data.
  • One way encryption (Keyed Hash): Based on SHA-256 algorithm and supports raw and base64 type encryption.
  • Encryption key import and export
  • Encryption and decryption privilege management
.page-section-5ba2175762edc { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5ba2175762edc .alt-title span { } .page-section-5ba2175762edc.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5ba2175762edc .expandable-section-trigger i { opacity:1; top:0 !important; }

Access Control and Auditing

#fancy-title-5ba2175765703 a{ color: #274e75; }
For more details, click here
Alongside database encryption, access control and auditing are also provided to achieve an all-inclusive security software package. Access control allows administrators to monitor users’ access to the data as well as security policy controls.

 

  • Access control for encrypted columns (can be assigned to each IP address & DB user)
  • Audit log for encrypted columns
    • Deny log: records the number of permission denials
    • Access log: records the number of accesses and encryption or decryption attempts for each encrypted column
    • Query log: records queries
  • Forgery prevention for audit logs
    • Hash logs available

Security policy backup and restoration function supported

.page-section-5ba2175764e1f { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5ba2175764e1f .alt-title span { } .page-section-5ba2175764e1f.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5ba2175764e1f .expandable-section-trigger i { opacity:1; top:0 !important; }

Performance

#fancy-title-5ba217576653f a{ color: #274e75; }
For more details, click here
Most encryption implementations will impact the overall performance but MyDiamo has been developed with continuous improvements to its technology to minimize the effect on performance. The numbers below illustrate MyDiamo’s potential performance results.

  • Performance improved by 22% when using AES-NI
  • Overall practical performance effect on the database with MyDiamo was 6.5%, measured by the sysbench tool
    • Tested on CentOS 7 64Bit/ 8Core/ 8GB Memory/ MySQL TDE 5.7.17/ Sysbench-0.5 OLTP Test Mode
  • The overall effect on the practical performance was less than 5%
.page-section-5ba2175765cee { padding:0px 0; background-attachment:scroll; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5ba2175765cee .alt-title span { } .page-section-5ba2175765cee.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.8 !important; } .page-section-5ba2175765cee .expandable-section-trigger i { opacity:1; top:0 !important; }