Securing Data by encryption on fly during storage.

Encrypting the data of sensitive information is very essential in enterprise environment; especially when we are working on multiple environments (Dev/Test/Production) and increasingly developer are having access to production data for the legitimate purpose of production support.  Securing the data and preventing its access outside the application is a mandatory requirement for today’s business solution. In spite of that many business application store sensitive information as plain data because of performance issues, accessibility from different application and complexity associated with cryptographic techniques.

There many solution available at database level and in application level. Many of them are product specific or technology specific. Like SQL server 2008 allow you to encrypt the data in database level, table level and column level. But if you are using SQL server 2000 or my SQL most probably you have no option other than developing some custom application or using application level encryption which eats your performance and limit you accessibility.
My objective here is provide simple solution of encryption using XOR that will very effective and very high performing compare to other hash algorithms.
XOR cipher is a simple encryption algorithm that operates according to the principles:
1 + 0 = 1
0+1 =1
1+1 =0
0+0=0
(A + B)+ C = A + (B + C),
(B + A) + A = B + 0 = B,
 XOR bit operator is extremely common as a component in more complex ciphers. Its primary merit is that it is simple to implement, and that the XOR operation is computationally inexpensive. If the key is random and is as long as the message (so it never repeats), the XOR cipher is more secure. With a key that is truly random, the result is a one-time pad, which is unbreakable even in theory.

Here is the sample in C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace SimpleXORMultipleEncryption
{
    class Program
    {
        static void Main(string[] args)
        {
            string plaintTxt = "Sample Plain Message";
            string plaintTxtResult = string.Empty;
            string encryptTxt = string.Empty;
            string key = "123456";
            encryptTxt = XOREncryptDecryptStr(plaintTxt, key,3);
            Console.WriteLine(encryptTxt);
            plaintTxtResult = XOREncryptDecryptStr(encryptTxt, key,3);
            Console.WriteLine(plaintTxtResult);
            Console.ReadLine();
        }
        private static string XOREncryptDecryptStr(string inputStr, string keyTxt,int keyLoop)
        {
            string resultStr = string.Empty;
            char[] inputStrarr = inputStr.ToCharArray();
            char[] key = keyTxt.ToCharArray();
            char[] resultStrarr = new char[inputStrarr.Length];

            while (keyLoop > 0)
            {
                int k = 0;
                for (int i = 0; i < inputStrarr.Length; i++)
                {
                    while (k < key.Length - 1)
                    {
                        k++;
                        resultStrarr[i] = (char)(inputStrarr[i] ^ key[k]);
                    }
                    k = 0;
                }
                keyLoop--;
            }
            resultStr = new string(resultStrarr);
            return resultStr;
        }
    }
}

Note: The above code sample is provided as is without any warranty.

In the sample “XOREncryptDecryptStr” takes three parameter inputStr, keyTxt and KeyLoop.
You call the XOREncryptDecryptStr to encrypt and also to decrypt.  To encrypt you set the
inputStr as plain txt and to decrypt you set the inputStr as encrypted text. The KeyTxt is the key that is used to secure the message. By randomly generating it theoretically it is impossible to break it.  keyLoop is my idea of adding additional complexity by encrypting the results again. You can do as many loops you want the above algorithm will not break.

This simple solution can be easily added to any solution and it is not technology and frame work specific. It uses the fundamental XOR bit operator to secure the data.

Traditional hosting model to Private cloud hosting model.

In this post I am specifically addressing private cloud hosting, not commercial cloud hosting systems.  In a typical traditional hosting we have several application servers that are specifically assigned to do specific operations like, Active directory server, Web server, Application server, Custom application servers, CRM, Workflow Servers, reporting services servers, Data warehousing servers, and Databases.  Apart from those we have Firewalls, DNS, and Load Balancing and clusters.
In a private cloud technology we can move all underutilized services or servers where each of them take equal load by distributing the hosting on all servers using private cloud technology or consolidate all the services in to two servers using the same private cloud technology and expand it based on the need.
By this we are implementing virtualization of the application services. The kind of architecture takes the advantages of cloud computing at the same time addressed the concerns like data security, corporate governance, and reliability.
Windows Azure a Microsoft technology for cloud services, it provide the cloud services operating system that serves as the development, service hosting and service management environment for the private/public cloud hosting services. It simplifies the storage to host, scale, and manage Web applications on the Intranet/ Internet.
 Microsoft enables customers to build the foundation for private cloud infrastructure using Hyper-V and the System Center family of products with the Dynamic Infrastructure Toolkit for System Center.


Framework Fundamentals Tips: Nullable Value Types

I am writing some of the .net fundamental tips that will rarely come to me apparent when I do coding. I guess that is true for some of you. One of them is Nullable Value Types. An extraordinary feature and a privilege reserved only for Reference object in previous versions of .NET (1.1). The Nullable type is a featured introduced since .NET 2.0. This allows a value type variable to hold null value and does not force the developer to initialize the variable to avoid possible confusion. This feature also allows you to check whether a variable has assigned a value or not.
Syntax for declaring a variable as Nullable (C#)


Nullable b = null;

OR

boll? b = null


Declaring a variable as Nullable enables two key members which are “HasValue” and “Value”. HasValue allows you to check whether a value has been set or not and Value member is used to access the value. Here is simple example that will test whether a Nullable bool variable is set or not

Example 1: to demonstrate Nullable value type
private void button1_Click(object sender, EventArgs e)
{
bool? b = null;
b = true; // comment this line for null test
if (b.HasValue)
{
MessageBox.Show("The value of B is : " + b.Value);
}
else
{
MessageBox.Show("The value of B is not set : ");
}
}

Message Security Exception/ Sporadic Failure in WCF calls.

Message Security Exception/ Sporadic Failure in WCF calls.

If you have load balanced WCF service over https with Http binding, you may encounter Message Security exception. Here is the exception details.
Type : System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Cause: In WCF Load balanced   environment the security context is maintained in a separate WCF specific session ( note not a ASP.NET sessions); where when load balanced switches between sever the context is lost. To avoid it we are forcing the application to send the security context in every message call to WC. To do that follow below configuration change in both client and in WCF service.
Configuration change in Client and WCF Service

<wsHttpBinding>

        <binding name="Transport_UserName">

          <security mode="TransportWithMessageCredential">

            <message clientCredentialType="UserName"

                     negotiateServiceCredential="false"

                     establishSecurityContext="false"/>

          </security>

        </binding>

</wsHttpBinding>

Reference Article:
http://msdn.microsoft.com/en-us/library/ms730128.aspx     

WCF simple performance increasing techniques.

WCF simple performance increasing techniques.
Many times this recommendation listed below are not part of WCF suggested improving performance; and in my personal experience they make a considerable impact in the performance of WCF calls. You will primarily see the difference when you go live where you are dealing the full load on the application service calls.
1. Disable sessions on bindings.
a. Default Setting is enable session on service contracts which slows down the process.
b. Change it to on public interface. This does not enable session on the Service’s contract unless the client asks it to.
2. Force client-side WCF proxy classes to call .Close() when successful, and .Abort() when errors are encountered. This will significantly improve the performance since you won’t leave active connections in the server. (Note; WCF expects application to manage the number of maximum connection)
3. Set InstanceContextMode to Single and ConcurrencyMode to Multiple in Service implementations, then focus on the MaxConcurrentCalls value in configuraiton to get the right amount of support for the number of inbound calls from consumers.
Decorate Service implementation code as follows to achieve this:
_

1. Value Types

There are three general values types; Build-in Types, User Defines Types, and Enumeration

1.1 Build-in Types

The Build-in values types are derived from System.ValueType base type. We choose a specific value type based on the size of the value you need to store and the level of precision required on value. Bellow table (table 1) list the most common value types used in .NET





Table – 1 Common value type used in .NET 2.0





Important point in value type

The .NET runtime optimizes the performance of 32- bit integer values, so for frequently used integral variable like counters use Int32 or UInt32. Same way for floating point operation use Double. These types are more efficient since they are optimized by hardware.

For More details refer : http://msdn2.microsoft.com/en-us/library/hfa3fa08(VS.71).aspx

Nullable Value Types

The Nullable type is a new featured introduced in .NET 2.0. This allows a value type variable to hold null value (a privilege reserved only for Reference object in previous versions of .NET) and does not force the developer to initialize the variable to avoid possible confusion. This feature also allows you to check whether a variable has assigned a value or not.

Syntax for declaring a variable as Nullable (C#)


Nullable<bool> b = null;

OR

boll? b = null


Declaring a variable as Nullable enables two key members which are “HasValue” and “Value”. HasValue allows you to check whether a value has been set or not and Value member is used to access the value. Here is simple example that will test whether a Nullable bool variable is set or not

Example 1: to demonstrate Nullable value type
private void button1_Click(object sender, EventArgs e)
{
bool? b = null;
b = true; // comment this line for null test
if (b.HasValue)
{
MessageBox.Show("The value of B is : " + b.Value);
}
else
{
MessageBox.Show("The value of B is not set : ");
}
}

1.2 User Defined Types

Used defined types are also called Structures or Structs. In simple terms, structures are composite of other types that are logically grouped for simplicity. Please see the bellow example and it is self explanatory.

Example 2 : For structures

//Declare a Structure
struct box
{
public int length, width, height;
//override tostring function
public box(int ln,int wd ,int hg)
{
this.length = ln;
this.width = wd ;
this.height = hg;
}
// override function for toString
public override string ToString()
{
int area = length * width * height;
return area.ToString();
}
//operator new feature in .NET 2.0
public static box operator +(box arg1, box arg2)
{
box result = new box(arg1.length + arg2.length, arg1.width + arg2.width, arg1.height + arg2.height);
return result;
}
}


Calling function code

private void button1_Click(object sender, EventArgs e)
{
box box1 = new box(3, 3, 3);
box box2 = new box(4, 4, 4);
box box3 = box1+box2;
MessageBox.Show(box3.ToString());
}


The above structure represent simple box with length, width and height. Some of thing we need to know in structures.

1. Structure create instance in the stack not in heap.
2. You can not have explicit parameterless constructors
3. Structure can be instantiated with out the New operator
4. operator is new feature introduced in .NET 2.0


1.3 Enumeration

Enumerations are related symbols that have fixed values. Use enumeration to provide list of choices. Please seen the example 3 that provide list of choices for developer to choose size of a shirt.



Example 3: Enum to define shirt size.

enum shirtsize
{
xs,s,m,l,xl,xxl
}

Framework Fundamentals

.NET 2.0 System types

In this topic, we are going understand how we are going to manage data using .NET system types and more specific to .NET 2.0-frame work.

These are the key areas we will be covering under this topic


  1. Value Types

  2. Reference Types

  3. Attributes

  4. Generic Types

  5. Exception Class

  6. Boxing UnBoxing

  7. TypeForwardedToAttribute Class



WCF

WCF specific postings
  1. WCF simple performance increasing techniques.
  2. Message Security Exception/ Sporadic Failure in WCF calls.s

Cloud computing

Cloud computing/hosting and Windows Azure related postings.

  1. Traditional hosting model to Private cloud hosting model.
  2. Windows Azure tools

Security

Security specific postings
  1. Securing Data by encryption on fly during storage.