Algoritma Transparent Data Encryption : Analisis dan Evaluasi Kinerja pada Sistem Keamanan Data At Rest SQL Server

Abstract

This study evaluates the data-at-rest security enhancement and performance impact of Transparent Data Encryption (TDE) implementation on Microsoft SQL Server by comparing three conditions: no TDE, TDE AES-128, and TDE AES-256. Three databases with identical schemas were prepared. They were filled with a mix of text, numeric, image, and video data. The databases were then tested sequentially according to the methodology. The process included schema and integrity validation, SMK key hierarchy configuration, certificates, DE, encryption status verification, encryption and decryption throughput measurement, backup and recovery time evaluation, I/O stall analysis, and CPU and memory usage monitoring. Data-at-rest security validation was performed using file and log access tests, as well as cross-server recovery requiring keys. The results showed that TDE successfully eliminates file and log readability during direct access. It also requires the presence of keys during recovery, thus significantly reducing the risk of data exposure. Performance impacts are at acceptable levels: average CPU load increases around 1–2% and memory load increases by 1–8% under load. Encryption and decryption throughput between AES-128 and AES-256 are relatively equivalent. Backup operations tend to be slightly slower on TDE, while restores are faster, in line with lower read I/O stalls on the encrypted basis. Overall, TDE provides significant security enhancements with minimal performance compromise. Limitations of this study lie in the test load profile and hardware