开源数据屏蔽 数据加密

As tracking behavioral data becomes increasingly popular, firms may overlook areas where they can collect the same information while data masking details that can be used in a compromise. Behavioral data collection can be extremely dangerous as it allows attackers a wide range of attacks, from spoofing targets to automating custom attacks on targets. Since behavior can reveal key details about us, this information may be as costly as private identifiable information. When tracking behavioral data, we want to weigh risks, and, in some cases, we can accomplish the same result without specific details. In other cases, we may want to mask specific behavioral information on reports that are generated, even if we retain the specific time. We’ll look at a method where we can accomplish either – updating data to remove time or data masking specific time while returning the information we want.

随着跟踪行为数据的日益流行，公司可能会忽略可以收集相同信息的区域，同时掩盖可以妥协使用的数据细节。 行为数据收集可能非常危险，因为它允许攻击者进行广泛的攻击，从欺骗目标到自动对目标进行自定义攻击。 由于行为可以揭示有关我们的关键细节，因此此信息可能与私人可识别信息一样昂贵。 在跟踪行为数据时，我们要权衡风险，在某些情况下，我们可以在没有特定细节的情况下完成相同的结果。 在其他情况下，即使我们保留特定时间，我们仍可能希望掩盖所生成报告的特定行为信息。 我们将研究一种方法，该方法可以实现以下目的：更新数据以消除时间，或者在返回所需信息的同时屏蔽特定时间的数据。

一个涉及行为一致性的例子 (An example involving Behavioral Consistency)

One popular metric to track that involves behavior data is consistency – the number of times a person performs a behavior over a period. Attackers value behavioral data because knowing when a person does something is useful when you’re preparing an attack. For instance, in a sim-swapping attack, knowing when a person isn’t on their phone helps the hacker proceed with the attack before it can be stopped. This also applies to attacking a bank account while a customer is on vacation. Behavioral data involving time are often tracked by the specific time of the activity and the length of the activity during the day.

跟踪涉及行为数据的一种流行指标是一致性-人在一段时间内执行行为的次数。 攻击者重视行为数据，因为在准备攻击时，知道一个人何时做某事非常有用。 例如，在sim卡交换攻击中，知道某人何时不在手机上有助于黑客在阻止攻击之前进行攻击。 这也适用于在客户休假期间攻击银行帐户。 经常通过活动的特定时间和一天中活动的时间来跟踪涉及时间的行为数据。

For our example, we’ll only look at a scenario where we track the behavior by day and time of day and how we can use data masking or altering to accomplish the same solution, but without tracking specific times which may help attackers. We’ll start by creating a table with 11 records and have random times of sequential days added to the table to mimic an 11-day behavioral streak of a user. What we see in our result (below image) is that we have 11 days in a row of various times where a user has done an activity. Because we use the RAND() function to create these times, your time values will differ.

对于我们的示例，我们将仅研究一种场景，该场景按一天的一天和一天的时间跟踪行为，以及如何使用数据屏蔽或更改来完成相同的解决方案，而没有跟踪可能帮助攻击者的特定时间。 我们将从创建具有11条记录的表开始，并向表中添加随机的连续天数，以模仿用户11天的行为。 我们在结果中看到的结果（下图）是用户连续11天在不同时间进行了一项活动。 由于我们使用RAND（）函数创建这些时间，因此您的时间值将有所不同。

CREATE TABLE UserStreak(UseDate DATETIME
)DECLARE @b TINYINT = 0
WHILE @b < 11
BEGININSERT INTO UserStreakSELECT DATEADD(MI,(RAND()*500)+1,DATEADD(DD,-@b,GETDATE()))SET @b = @b+1
ENDSELECT *
FROM UserStreak

What we see in our example is unmasked data of the time a user completed a task for a specific day. This, along with other behavioral data, would uncover the activities of a user, which could be useful to an attacker.

在我们的示例中看到的是用户在特定日期完成任务的时间的未屏蔽数据。 这以及其他行为数据将揭示用户的活动，这可能对攻击者有用。

Before data masking in this example, we should ask, “What are we trying to accomplish by tracking this behavior?” In this example, we may want to identify the number of days that a user has completed a task and track the days of the activity over time. Or we may want to know how many times the user has done a task over the past month. Unless we have other uses for more detailed information (while factoring in risks), we can accomplish the same result without tracking as many details. This follows the least data principle for risk scenarios – in situations where we may be liable for data; we should track the least amount of data possible to accomplish the same task. In addition to saving us resources, this reduces our risk of being liable for data exposure if an attack exposes information.

在此示例中，在进行数据屏蔽之前，我们应该问：“通过跟踪此行为我们要完成什么？” 在此示例中，我们可能希望确定用户完成任务的天数，并跟踪一段时间内活动的天数。 或者，我们可能想知道用户在过去一个月中完成了多少次任务。 除非我们有其他用途可用于获取更详细的信息（同时考虑风险），否则我们无需跟踪尽可能多的细节就可以实现相同的结果。 对于风险场景，这遵循最小数据原则–在可能对数据负责的情况下； 我们应该跟踪完成同一任务所需的最少数据量。 除了节省资源外，这还降低了我们在攻击暴露信息时对数据暴露负责的风险。

To mask detailed information while returning the information we want, we can format our date without the time, by resetting the time of day to midnight or tracking only the last month of a login. The below query shows us three ways in which we can use data masking with a date to these alternative values that accomplish the same task:

要在返回所需信息时掩盖详细信息，我们可以通过将一天中的时间重置为午夜或仅跟踪登录的最后一个月来格式化日期而不用时间。 下面的查询向我们展示了三种方式，可以对具有相同功能的这些替代值使用带有日期的数据掩码：

SELECT UseDate , CAST(UseDate AS DATE) SimpleDate, CAST((CAST(UseDate AS DATE)) AS DATETIME) ComplexDate, (DATENAME(MONTH,UseDate) + ' ' + CAST(YEAR(UseDate) AS VARCHAR(4))) MonthOnly
FROM UserStreak

Depending on what we find most appropriate, we would choose the solution that accomplishes the same task while masking a user’s behavior information involving specific times of the day.

根据我们认为最合适的选择，我们将选择可以完成相同任务的解决方案，同时掩盖涉及一天中特定时间的用户行为信息。

• The simple date results in us knowing the streak without knowing the specific time along with the latest date 简单的日期使我们知道条纹，而又不知道具体的时间以及最新的日期
• The complex date results in us knowing the streak and setting the time to its earliest possible value along with the latest date 复杂的日期使我们知道条纹，并将时间设置为最早的值以及最新的日期
• The month only results in us knowing the latest month of activity 这个月只能让我们知道最近的活动月份

From these example outputs, we could return these values in a report to hide the specific time (masking), or we could update the values and remove the specific time (altering).

从这些示例输出中，我们可以在报表中返回这些值以隐藏特定时间（屏蔽），也可以更新值并删除特定时间（更改）。

按功能跟踪特定数据 (Tracking Specific Data by Feature)

Before we solve for data masking or altering of behavioral data, consider that if users want detailed information in our software, we may have these as features, they can add over standard features that exist. Because risks exist for some of these features (like specific times in our example), we can both caution users and charge them for these additional features – as their compromise may result in litigation for our firm and a charge prepares for this. Unfortunately, some users may not be aware of risks with behavioral data. Cautioning users before they add the feature with a charge would alert them to these risks. In general, a good software principle regarding optional data features is don’t create data features that users haven’t requested and may add risks if compromised.

在解决数据掩盖或行为数据更改之前，请考虑一下，如果用户想要我们软件中的详细信息，我们可能会将其作为功能部件，他们可以添加现有的标准功能部件。 由于其中某些功能存在风险（例如本示例中的特定时间），因此我们可以警告用户并就这些附加功能向用户收费-因为它们的妥协可能会导致本公司提起诉讼，并且为此付费要做好准备。 不幸的是，某些用户可能不了解行为数据的风险。 在用户付费添加功能之前警告用户会警告他们这些风险。 通常，关于可选数据功能的良好软件原则是不要创建用户未请求的数据功能，如果受到损害，可能会增加风险。

We should also consider that sometimes detailed information may not be required even for the user. We can avoid data masking because we wouldn’t need to store data in these situations. Consider an example with orders where an email confirms an order – if the user needed the specific day and time of the order, the email confirmation would identify this for the user outside our system without us having the specific time in our database.

我们还应该考虑到有时即使对于用户也可能不需要详细的信息。 我们可以避免数据屏蔽，因为在这种情况下我们不需要存储数据。 考虑一个订单示例，其中一封电子邮件确认了一个订单–如果用户需要订单的特定日期和时间，则电子邮件确认将为我们系统外的用户识别此订单，而我们无需在数据库中指定特定时间。

摘要 (Summary)

The principles of tracking as little data as required with behavioral data apply to personally identifiable data. For example, never ask for information that is not required and would be costly if compromised. In most cases, our application may need very little information from users. The more we ask for, the more we may be responsible for in the long run as data breaches increase. When we do store information, we should use data masking techniques that accomplish the same task with the least amount of data.

跟踪行为数据所需的数据尽可能少的原则适用于个人身份数据。 例如，切勿要求提供不需要的信息，如果这些信息受到损害，则信息的成本很高。 在大多数情况下，我们的应用程序可能需要用户很少的信息。 我们要求的越多，从长远来看，随着数据泄露的增加，我们可能要承担更多的责任。 当我们存储信息时，我们应该使用数据屏蔽技术，以最少的数据量完成相同的任务。

翻译自: https://www.sqlshack.com/data-masking-or-altering-behavioral-information/

开源数据屏蔽 数据加密