Data Security CenterData Security Center

Compute
Elastic Cloud Server
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
Domain Name Service
VPC Endpoint
Cloud Connect
Enterprise Switch
Security & Compliance
Anti-DDoS
Web Application Firewall
Host Security Service
Data Encryption Workshop
Database Security Service
Advanced Anti-DDoS
Data Security Center
Container Guard Service
Situation Awareness
Managed Threat Detection
Compass
Cloud Certificate Manager
Anti-DDoS Service
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GaussDB NoSQL
GaussDB(for MySQL)
Distributed Database Middleware
GaussDB(for openGauss)
Developer Services
ServiceStage
Distributed Cache Service
Simple Message Notification
Application Performance Management
Application Operations Management
Blockchain
API Gateway
Cloud Performance Test Service
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
DevCloud
ProjectMan
CodeHub
CloudRelease
CloudPipeline
CloudBuild
CloudDeploy
Cloud Communications
Message & SMS
Cloud Ecosystem
Marketplace
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP License Service
Support Plans
Customer Operation Capabilities
Partner Support Plans
Professional Services
enterprise-collaboration
Meeting
IoT
IoT
Intelligent EdgeFabric
DeveloperTools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Help Center> Data Security Center> User Guide> Data Masking> Configuring a Data Masking Rule
Updated at: Apr 02, 2022 GMT+08:00

Configuring a Data Masking Rule

This section describes how to configure a masking rule. For more details about masking algorithms, see Introduction.

Prerequisites

You have obtained credentials for logging in to the management console.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Data Security Center.
  4. In the navigation pane, choose Data Masking. On the displayed page, click the Masking Rule tab.

    Figure 1 Masking rules

  5. On the Masking Rule tab page, select a proper masking method and configure a masking rule.

    • If you select Hash, configure a masking rule based on Hash.
    • If you select Encryption, configure a masking rule based on Encryption.
    • If you select Character Masking, configure a masking rule based on Character Masking.
    • If you select Keyword Replacement, configure a masking rule based on Keyword Replacement.
    • If you select Value Change, configure a masking rule based on Value Change.
    • If you select Roundup, configure a masking rule based on Roundup.

Hash

Hash functions are used in data storage to replace a character string fields with hash values. In a relational database, the length of a field must be the same as that of hash values so that the hash values can be completely written to the destination database. By default, two hash algorithms, SHA-256 and SHA-512, are configured for DSC.

Hash algorithms are built-in DSC and do not need to be configured. If you want to test the masking effect, perform the following steps:

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Hash tab.

    Figure 2 Hash algorithm

  3. In the column where the SHA-256 or SHA-512 algorithm is located, click Test.
  4. On the displayed page, enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.

    Figure 3 Hash method

Encryption

Use the encryption algorithms and master key to implement data masking. In the encryption and data masking result, the first 16 bytes of an encrypted string is the initialization vector (IV) and the rest is the enciphered text.

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Encryption tab.

    • Encryption Algorithm: Select an encryption algorithm from the drop-down list box. DSC provides three encryption algorithms AES-128, AES-192, and AES-256.
    • KMS Key: If you have created a master key in other HUAWEI CLOUD services, select the created master key from the drop-down list box. If you do not have a master key, click Create KMS Key to go to the DEW console and create one. For details, see Creating a CMK.
      Figure 4 Encryption algorithm

  3. After the configuration is complete, click Generate Encryption Configuration.

    If you want to delete the configured encryption configuration, click Delete in the Operation column.

Character Masking

Use the specified character * or a random character to hide part of the content as required.

The following six masking approaches are supported: Retain first N and last M, Retain from X to Y, Mask first N and last M, Mask from X to Y, Mask data ahead of special characters, and Mask data followed by special characters.

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Character Masking tab.

    Figure 5 Character masking method

  3. Click Add to configure a character masking rule.

    Figure 6 Adding a character masking rule

  4. Enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.
  5. Verify the testing result and click Save.

    • Multiple character masking rules have been preset in DSC. Built-in masking rules cannot be deleted. To delete a customized masking rule, click Delete in the Operation column of the rule list.
    • All rules can be edited. In the Operation column of the rule list, click Edit to modify a rule.

Keyword Replacement

Replace the matched keyword with customized characters. For example, if the original characters are abcdefgbcdefgkjkoij, the keyword is bcde. Replace the preset value 12 with the keyword, and the masking result is a12fg12fgkjkoij.

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Keyword Replacement tab.

    Figure 7 Keyword replacement method

  3. Set the keyword to be replaced and the characters to be replaced with.

    After that, the keywords matched in the raw data will be replaced with the configured replacement characters.
    Figure 8 Adding a keyword

  4. Enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.
  5. Verify the testing result and click Save.

    • If you want to modify a configured masking rule, click Edit and Test in the Operation.
    • If you want to delete a configured masking rule, click Delete in the Operation column.

Value Change

DSC has the following two built-in data masking algorithms:
  • Masking Using the Null Value: Set fields of any type to NULL. If a field is set to NOT NULL, this algorithm changes the attribute of the file to NULL when copying the column.
  • Masking Using a Custom Value: Set the specified field to an empty value. Specifically, a character field is left blank, a numeric field is set to 0, a date field is set to 1970, and time field is set to 00:00.

This is the built-in masking rule of DSC and does not need to be configured. To view the masking rule, perform the following steps:

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Value Change tab.

    Figure 9 Accessing the Value Change tab page

Roundup

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click Round.

    DSC has the following two built-in data masking algorithms:

    • Date Roundup: Used for time-related fields such as timestamp, time, data, and datatime in RDS.
    • Number Roundup: Used for value types fields such as double, float, int, and long. After data masking, the original field type remains unchanged.
    Figure 10 Roundup masking algorithms

  3. In the Number Roundup column, click Edit and Test to configure the rounding value.

    Masking Result: Rounds a given value down towards the closest multiple of the integer. For example, if the given value is set to 5 and the raw data is 14, the closest multiple of 5 that are close to 14 is rounded down to 10. That is, the masking result is 10.
    Figure 11 Number roundup

  4. Enter the raw data, click Test.
  5. Verify the testing result and click Save.

Did you find this page helpful?

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel