Achieving Crypto-Secure Data Management with Blockchain

Oracle announced Blockchain Tables in 21c in January 2021, and later made it available on 19c as well due to customer demand. Oracle is now introducing the ability to use Immutable Tables as well as Blockchain Tables. Immutable Tables, available in April, are insert-only tables and the data is not cryptographically chained.

The key elements of Oracle’s blockchain offerings and their significance to customers were highlighted in a recent blog post by Maria Colgan, distinguished product manager, Oracle. “The primary focus of conventional data security technologies like passwords, firewalls, and data encryption is to keep criminal out of your company and your data stores,” wrote Colgan. “But what protects your data, especially your essential asset (contracts, property titles, account statements, etc.), from being modified or even deleted by folks who gain access to your systems legitimately or illegitimately (hackers)?”

According to Colgan, this is where blockchain comes in because the layering of blockchain technologies on top of conventional data security features provides an extra level of protection that prevents unauthorize modifications or deletes of data.

According to Colgan, there are four key aspects to blockchain technology: immutability, cryptographic digests, cryptographic signatures, and distributed systems. “Each part works to protect against a different aspect of illicit data changes performed using legitimate user credentials or by hackers.”

Colgan explained how Oracle implemented blockchain technologies in the Oracle Database and how it can be used to protect critical business data. According to Colgan:

  • Immutable tables (insert-only tables) in Oracle Database 21c (21.3) will be available in April and protect against illicit data changes made by rogue insiders or malicious actors using insiders' credentials. “With an Immutable table, it is possible to insert new data, but existing data cannot be changed or deleted by anyone using the database, even the database administrators (SYSDBA). It is also impossible to change an immutable table's definition or convert it to an updatable table. However, an Immutable table appears like any other table in the database from an application's point of view. It can store both relational data and JSON documents, and it can be indexed and partitioned or used as the basis of a view.”
  • In contrast, Blockchain tables are immutable tables that organize rows into several chains. “Each row, except the first row in the chain, is chained to the previous row via a cryptographic digest or hash. The hash is automatically calculated on insert based on that row's data and the hash value of the previous row in the chain. Timestamps are also recorded for each row on insertion. Any modification to data in a Blockchain table breaks the cryptographic chain because the hash value of the row will change. You can verify the contents of a blockchain table have not been modified since they were inserted using the DBMS_BLOCKCHAIN_TABLE.VERIFY_ROWS procedure.”

Even with Immutable or Blockchain tables, said Colgan, data can be surreptitiously inserted in an end user's name by someone using stolen credentials. To address this vulnerability, Oracle allows end users to cryptographically sign the data they insert using their private key that is never passed to the database. Each end user registers a digital certificate containing their public key with this database and the digital certificate allows the database to validate the end users’ signature when new data is inserted. Even if a hacker were able to steal a valid set of credentials without the private key, the signature on the newly inserted data would not match and would therefore not be accepted, Colgan wrote.

Colgan noted it is also possible for end users to ensure the database has received their changes by requesting Oracle countersign the newly inserted data. “Oracle returns a crypto-receipt to the user, ensuring nothing on the mid-tier can filter specific data to prevent it from being recorded.”

For more information on Oracle’s blockchain capabilities, go to the Oracle Blockchain blog or the Oracle Blockchain documentation.