25-10-2016, 09:38 AM
1460960367-DATABASESECURITYUSINGENCRYPTION.docx (Size: 192.21 KB / Downloads: 8)
ABSTRACT
Today in the world of technology everything is so fast, everybody communicates through the internet .All the sensitive information are send and stored in the network connected databases. All the personal data about the individuals are stored in database so the risk in leakage of these sensitive information are high. Everytime the intruders are trying to attack these data systems. Thus the security is becoming an inevitable part in this technological world. This paper discourses the different types of encryption techniques used to preserve data in the databases.
INTRODUCTION
In this busy world, each and every work done via internet. Everything is online available. In order to get these online service we stores our information in the online databases. The social media, organisations, governments etc. everybody uses the databases to every information about individual stored in the databases. So every database contains vital information. An intruder will try to penetrate in to the database. In order to protect the database from such threats we use database encryption scheme.
Authentication, authorization, confidentiality, integrity are needed to be provided for the user data. There are various protection mechanisms available to achieve this. But since some methods are complex and hence we are trying find the optimal solution for the data encryption scheme.
THE NEED FOR ENCRYPTION
An intruder will try penetrating to the database but what if the intruder some how gets into the database. He may try to do malpractices with the data available to him. Here the encryption of the data is necessary. This is preventive and protective mechanism in the database.The fig.1 shows an example of intrusion in to a database.
DATABASE ENCRYPTION
What does a database encryption means is that it is a transformation of message from a meaningful message (plaintext) to an unintelligible form(cipher text) . For encryption we may use a key for preventing it from unauthorised person or group. This cipher text is saved into the database. When authorized user wants to access this encrypted data, he simply decrypts the data.
Database encryption can be done in two possible ways:
a)Encryption: A mechanism in which the plain text is converted to cipher text with the help of the key. There are two types of encryption techniques. Private Key Encryption and Public Key Encryption. In Private Key encryption the same key is used for the encryption and decryption. In public key encryption two different keys are used for the encryption and decryption. Here for encryption purpose we use the private key encryption since it has fast processing. So the encryption takes place fastly. So far there many algorithms available. But there are pros and cons for these algorithms. Most common algorithm techniques are DES,AES,RC2 etc. Fig. 3 shows the simple encryption mechanism.
b) Hashing: It is a one way process in which the plaintext is converted into a Hashed Value. Once the process data is hashing. The reverse operation of hashing is not possible. The encrypted plaintext cannot be converted back to the plaintext. This technique is used mainly for the Password encryption. Whenever a user try login with their password the entered password is hashed checked with the previously hashed password in the database. If they both match, then the user can login. If they do not match the user cannot login. Some of the popular algorithms are MD4,MD5,SHA-1,SHA etc. Fig 4 shows the hashing process.
RELATED WORK
Stand alone encryption systems
Samba Sey et.al.[4] points out the importance of the security in the e-commerce and the Enterprise Resource Planning(ERP). The database security leakages are also discussed in the paper. A minimum cost Data Encryption Standard is also introduced in their paper. Their proposed system provides the data integrity, confidentiality, access control, and authentication. The system reduces the encryption and decryption time. But the drawback of their encryption system is that queries such as sums, averages, counts and other aggregate functions cannot be performed directly on the encrypted data.
Min-Shiang Hwang and Wei-Pang Yang[3] proposed a two way encryption scheme . The concept of scheme was based on the one-way function and subkeys that ensures full security. To resolve the key management problem they introduced two new algorithms. In comparison with other two encryption schemes by GI Davida et.al.[1] and Lin,et.al.[2] the parameters like the storage space, the number of keys the two way encryption shows better results.
Arshad et.al.,[5] proposed a new affine block cipher named Enhanced Affine Block Cipher technique is for database encryption. This algorithm improves the weakness of the original affine cipher. The new encoding schema and modification Cipher Block Chaining (CBC) mode of operation for block cipher were designed for the algorithm.
Hybrid Approaches
According to Jinbiao Hou[6], database encryption of e-commerce can be done by the hybrid encryption. The proposed system was of combination of DES and RSA algorithms. The hybrid encryption technology used in the paper can also be used to enhance the other network databases.
W Xing-hui and M Xiu-jun[7], proposed a new hybrid encryption schemes. They used a combination of RSA and IDEA algorithms. First the key was encrypted using the RSA algorithm and this key was used to encrypt the plaintext using IDEA algorithm. This hybrid system gives strong encryption for data.
Hashing
Mary Cindy Ah Kioon, et. al.[8] discussed the importance of password encryption using the hashing algorithm like MD5. They also introduced methods like rainbow table,salts etc. to thwart various attacks. They also suggest modifications inorder to improve the security of database.
CONCLUSION
The necessity for the security in the database increasing day by day. The database encryption discussed above has both advantages. The proposed systems can be compromised. So this is still an area under research