Secure Sensitive Data in Five Lines of Code
This blog will demonstrate how you can secure an application utilizing an Object Relational Mapper (ORM), such as Entity Framework, in as little as five lines of code.
Most applications need to capture and securely store sensitive data. This data may include customer and employee information, healthcare data, credentials, or business-sensitive data, such as supply chain logistics or pricing analysis.
In the event of a security breach, this data may result in a loss of sales, revenue, or reputation for the company. As a result, it becomes critical that an application correctly handles and stores this sensitive information.
Pros and Cons of Existing Encryption Solutions
- Database-Level Encryption - Prevents access to the physical drive but still allows an application with access to the database to see sensitive data.
- Encrypting Data at Rest - Ensures the data in the database is secured but requires additional solutions for encryption key management, key rotation, and key sharing.
- Database-Level Access Restrictions - Multiple applications with access to the same database can read the sensitive data. One application may need access to the original value, but another application should only have access to part of the value.
We can solve these problems by leveraging a tokenization solution, such as Basis Theory. The platform allows us to securely share the tokens across multiple applications and provide per-application permissions to the underlying data. In addition, tokenization removes the need to share encryption keys or manage encryption key rotation and storage.
To help simplify the tokenization of sensitive data and storage of the tokens, we developed a low code solution leveraging value converters with Entity Framework, a popular object relational mapper (ORM), to handle this for us.
Entity Framework Tokenization
Value Converters enable us to convert the state of a value when reading and writing to the database. Everyday use cases may be to serialize or encrypt a value. In this example, we will build a Value Converter to tokenize the sensitive value before writing to the database and detokenize when reading from the database.
Want to start playing with a working solution? Check out the Value Converter and a sample application in our GitHub repo.
1. Create a Value Converter
To get started, we are going to create a simple Value Converter which will automatically convert to and from our tokenized value:
2. Add Attributes
Next, we will need a way to identify which properties on our data model we want to tokenize. To do this, we will add an Attribute:
3. Create a class
To create and retrieve our tokens, we will create a class that will wrap our .NET SDK:
4. Finally, build an Extension Method
To tie everything together, we are going to build an extension method for our Entity Framework Database Context to automatically apply our ValueConverter for any properties with the Tokenize attribute:
Done. We can now secure any application using Entity Framework in as little as five lines of code! Let's take a look
1. Declare a new TokenizationProvider:
2. Add it to our Database Context and initialize the provider using the extension method we created:
3. Finally, annotate the properties of your data models you want to tokenize:
That’s it! We can now quickly secure any field in our database by adding the Tokenize attribute to additional properties and data models.