Seminar Presentation

On

Application of encrypting techniques

In

Database Security

By

Uweh SKelvin

ABSTRACT

Security in today’s world is one of the important challenges that people are facing all over the world in every aspect of their lives. Similarly security in electronic world has a great significance. In this seminar work, we discuss the applications of encryption techniques in database security. This is an area of substantial interest in database because we know that, the use of database is becoming very important in today’s enterprise and databases contains information that is major enterprise asset. This research work discuses the application of various encryption techniques in database security, and how encryption is used at different levels to provide the security.

1. INTRODUCTION
Information or data is a valuable asset in any organization. Almost all organization, whether social, governmental, educational etc., have now automated their information systems and other operational functions. They have maintained the databases that contain the crucial information. So database security is a serious concern. To go further, we shall first discuss what actually the database security is?
Protecting the confidential/sensitive data stored in a repository is actually the database security. It deals with making database secure from any form of illegal access or threat at any level. Database security demands permitting or prohibiting user actions on the database and the objects inside it. Organizations that are running successfully demand the confidentiality of their database. They do not allow the unauthorized access to their data/information. And they also demand the assurance that their data is protected against any malicious or accidental modification. Data protection and confidentiality are the security concerns. Figure 1 below shows the properties of database security that are: confidentiality, integrity and availability Kadhem, etal, (2009).
As discussed previously confidentiality imposes limits while retrieving the secure data and therefore averting the illegal access to the data. Integrity means that the data will not be tainted in any way. Availability of data on time is the property of secure databases. Ahmad (1996). There are four types of controls mentioned by Denning to obtain the database protection, those includes: access control, information flow control, cryptographic flow control and inference control.
[pic]
Access controls ensures that all direct accesses to the system are authorized. The access controls governs that that can access the system’s objects. Often it happens that important information or data is leaked out or misused not because of defective access control but because of improper information flow. When policies for information flow are not properly defined than the system data is less protected. The cryptographic control, controls (secures) the data by encrypting it.
Another approach has been adopted for securing the databases. It has been discussed that to make the databases secure different policies at organization level can be implemented. Data/information is always a most important asset for any organization whose security cannot be compromised. With the advances in technology, the risk to these valuable assets increases. So their security is a big challenge Khaleel etal (2011) .In different database security layers are defined shown in figure (2) below. These layers are: database administrator, system administrator, security officer, developers and employee. For each layer some well-defined security policies have been anticipated. These policies ensure the security features, privacy, confidentiality and integrity.
This study mainly focuses on issues of encryption techniques in databases security and measures taken to solve those issues. Securing sensitive data from illegal access, theft and forging becomes a big challenge for different organizations, like government, no-government and privates sectors. Encryption of data in client or server side where data is shared between different parties is not sufficient. Basically the problem is to ensure that semi trusted database is secure or not.
A new hypothesis for database encryption is proposed in which database encryption can be provided as a service to applications with unified access to encrypted database. Using such an encrypted data management model, applications can concentrate on their core businesses and protect data privacy against both malicious outsiders and the untrusted database service users without need to know encryption details.
[pic]
Further we shall discuss what actually has been implemented to reduce/eliminate the security threats and how the database security was enhanced in the past. And we shall see what needs to be done for securing a valuable asset, the databases, of organizations.

2.0 SECURITY RISKS TO DATABASES

Excessive Privilege Abuse
When users are specified with the access rights that allow them to perform other tasks not included in their job, harmful intent can be discovered through such tasks thus leading to misuse of such privileges. When we talk of such abuse, an example of university can be quoted in which an administrator who is given access to all databases and holds the privilege to change the records of any student. This may lead to misuse such as changing of grades, marks of students or change in the amount of fine charged to any student. As a result, all users who perform different tasks are given default level of privileges that grants access in excess.
Legitimate Privilege Abuse
Legitimate privilege abuse can be in the form of misuse by database users, administrators or a system manager doing any unlawful or unethical activity. It is, but not limited to, any misuse of sensitive data or unjustified use of privileges.
Privilege Elevation
Excessive exposure leads to discovery of flaws which is taken advantage of by attackers and may result in the change of privileges e.g. ordinary user given the access of administrative privileges. The loss of which could result in bogus accounts, transfer of funds, misinterpretation of certain sensitive analytical information. Such cases are also found to be in database functions, protocols and even SQL statements.

Database Platform Vulnerabilities
Vulnerabilities in the previous operating systems such as Widows 98, Windows 2000, etc. may create data loss from a database, data corruption or service denial conditions. For instance, the blaster worm created denial of service conditions from a vulnerability found in Windows 2000.
SQL Injection
Random SQL queries are executed on server by some spiteful attacker. In this attack SQL statement is followed by a string identifier as an input. That is validated by the server. If it does not get validated it might get executed. Through these unobstructed rights may gain by the attackers to the whole database.
Weak Audit Trail
A database audit policy ensures automated, timely and proper recording of database transactions. Such a policy should be a part of the database security considerations since all the sensitive database transactions have an automated record and the absence of which poses a serious risk to the organization’s databases and may cause instability in operations.
Denial of Service
It is the attack that prevents the legitimate users of a program/application/data to use or access that specific service. DOS can take place using different technique. Attacker may get access to database and tries to crash the server or resource overloading, network flooding and data corruption can be the techniques for creating conditions of DOS attack. It is a serious threat for any organization.
Database Communication Protocol
Vulnerabilities
Large number of security weaknesses is being identified in the database communication protocols of all database retailers. Deceitful activity directing these susceptibilities can varies from illegal data access, to data exploitation, to denial of service.
Weak Authentication
A weak authentication strategy renders the databases more vulnerable to attackers. The identity of database users are stolen or the login credentials are obtained through some source which then helps in modification of data or obtaining sensitive information and if authentication is not properly implemented and is weak, it helps the attacker to steal data.
Backup Data Exposure
Backup data exposure is an important threat that needs to be taken care of. Since backups on tapes, DVD’s or any external media are exposed to high risks, they need to be protected from attack such as theft or destruction. So far we he discussed some important threats to database security. Now we shall see what can be done to limit these risks and threats.

[pic]

3.0 Database Security Considerations
To eliminate the security threats every organization must define a security policy. And that security policy should be strictly enforced. A strong security policy must contain well defined security features. Figure 4 shows some critical areas that need to be considered are explained below.
[pic]

Access Control
Access control ensures all communications with the databases and other system objects are according to the policies and controls defined. This makes sure that no interference occurs by any attacker neither internally nor externally and thus, protects the databases from potential errors-errors that can make impact as big as stopping firm’s operations. Access control also helps in minimizing the risks that may directly impact the security of the database on the main servers. For example, if any table is accidentally deleted or access is modified the results can be roll backed or for certain files, access control can restrict their deletion.
Inference Policy
Inference policy is required to protect the data at a certain level. It occurs when the interpretations from certain data in the form of analysis or facts are required to be protected at a certain higher security level. It also determines how to protect the information from being disclosed.
User Identification/Authentication
User identification and authentication is the basic necessity to ensure security since the identification method defines a set of people that are allowed to access data and provides a complete mechanism of accessibility. To ensure security, the identity is authenticated and it keeps the sensitive data safe and from being modified by any ordinary user.

Accountability and auditing
Accountability and audit checks are required to ensure physical integrity of the data which requires defined access to the databases and that is managed through auditing and record keeping. It also helps in analysis of information held on servers for authentication, accounting and access of a user.
Encryption
Encryption is the process of concealing or transforming information by means of a cipher or a code so that it becomes unreadable to all other people except those who hold a key to the information. The resulting encoded information is called as encrypted information.

4.0 Encryption Techniques in Databases Security
Often there has been a need to protect information from 'prying eyes'. In the electronic age, information that could otherwise benefit or educate a group or individual can also be used against such groups or individuals. Industrial espionage among highly competitive businesses often requires that extensive security measures be put into place. And, those who wish to exercise their personal freedom, outside of the oppressive nature of governments, may also wish to encrypt certain information to avoid suffering the penalties of going against the wishes of those who attempt to control.
Still, the methods of data encryption and decryption are relatively straightforward, and easily mastered. I have been doing data encryption since my college days, when I used an encryption algorithm to store game programs and system information files on the university mini-computer, safe from 'prying eyes'. These were files that raised eyebrows amongst those who did not approve of such things, but were harmless [we were always careful NOT to run our games while people were trying to get work done on the machine]. I was occasionally asked what this "rather large file" contained, and I once demonstrated the program that accessed it, but you needed a password to get to 'certain files' nonetheless. And, some files needed a separate encryption program to decipher them.
Symmetric Encryption Techniques in Database Security
Symmetric cryptography, also called private-key cryptography, is one of the oldest and most secure encryption methods. The term "private key" comes from the fact that the key used to encrypt and decrypt data must remain secure because anyone with access to it can read the coded messages. A sender encodes a message into ciphertext using a key, and the receiver uses the same key to decode it.
People can use this encryption method as either a "stream" cipher or a "block" cipher, depending on the amount of data being encrypted or decrypted at a time. A stream cipher encrypts data one character at a time as it is sent or received, while a block cipher processes fixed chunks of data. Common symmetric encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), and International Data Encryption Algorithm (IDEA).
For symmetric key ciphers, there are basically two types: BLOCK CIPHERS, in which a fixed length block is encrypted, and STREAM CIPHERS, in which the data is encrypted one 'data unit' (typically 1 byte) at a time, in the same order it was received in. Fortunately, the simplest of all of the symmetric key 'stream cipher' methods is the TRANSLATION TABLE (or 'S table'), which should easily meet the performance requirements of even the most performance-intensive application that requires data to be encrypted. In a translation table, each 'chunk' of data (usually 1 byte) is used as an offset within one or more arrays, and the resulting 'translated' value is then written into the output stream. The encryption and decryption programs would each use a table that translates to and from the encrypted data. 80x86 CPU's have an instruction 'XLAT' that lends itself to this purpose.
While translation tables are very simple and fast, the down side is that once the translation table is known, the code is broken. Further, such a method is relatively straightforward for code breakers to decipher - such code methods have been used for years, even before the advent of the computer. Still, for general "unreadability" of encoded data, without adverse effects on performance, the 'translation table' method lends itself well.
A modification to the 'translation table' uses 2 or more tables, based on the position of the bytes within the data stream, or on the data stream itself. Decoding becomes more complex, since you have to reverse the same process reliably. But, by the use of more than one translation table, especially when implemented in a 'pseudo-random' order, this adaptation makes code breaking relatively difficult. An example of this method might use translation table 'A' on all of the 'even' bytes, and translation table 'B' on all of the 'odd' bytes. Unless a potential code breaker knows that there are exactly 2 tables, even with both source and encrypted data available the deciphering process is relatively difficult.
Similar to using a translation table, 'data repositioning' lends itself to use by a computer, but takes considerably more time to accomplish. This type of cipher would be a trivial example of a BLOCK CIPHER. A buffer of data is read from the input, then the order of the bytes (or other 'chunk' size) is rearranged, and written 'out of order'. The decryption program then reads this back in, and puts them back 'in order'. Often such a method is best used in combination with one or more of the other encryption methods mentioned here, making it even more difficult for code breakers to determine how to decipher your encrypted data. As an example, consider an anagram. The letters are all there, but the order has been changed. Some anagrams are easier than others to decipher, but a well written anagram is a brain teaser nonetheless, especially if it's intentionally misleading.
My favorite methods, however, involve something that only computers can do: word/byte rotation and XOR bit masking. This is very common since it has relatively high ENTROPY in the resulting cipher. High entropy data is difficult to extract information from, and the higher the entropy, the better the cipher. So, if you rotate the words or bytes within a data stream, using a method that involves multiple and variable direction and duration of rotation, in an easily reproducable pattern, you can quickly encode a stream of data with a method that can be nearly impossible to break. Further, if you use an 'XOR mask' in combination with this ('flipping' the bits in certain positions from 1 to 0, or 0 to 1) you end up making the code breaking process even more difficult. The best combination would also use 'pseudo random' effects, the easiest of which might involve a simple sequence like Fibbonaci numbers, which can appear 'pseudo-random' after many iterations of 'modular' arithmetic (i.e. math that 'wraps around' after reaching a limit, like integer math on a computer). The Fibbonaci sequence '1,1,2,3,5,...' is easily generated by adding the previous 2 numbers in the sequence to get the next. Doing modular arithmetic on the result and operating on multiple byte sequences (using a prime number of bytes for block rotation, as one example) would make the code breaker's job even more difficult, adding the 'pseudo-random' effect that is easily reproduced by your decryption program.
In some cases, you may want to detect whether data has been tampered with, and encrypt some kind of 'checksum' or CRC into the data stream itself. This is useful not only for authorization codes and licenses (where encrypted data is expected to be used) but also for programs themselves. A virus that infects such a 'protected' program is likely to neglect any encryption algorithm and authorization/checksum signature that has been written to the executable binary file(s). The program (and any dynamic library) could then check itself each time it loads, and thus detect the presence of file corruption. Such a method would have to be kept VERY secret, to prevent virus programmers from exploiting it at some point.
[pic]
Figure 1 Symmetric Encryption Techniques in Database Security

Asymmetric Encryption Techniques in Database Security

Asymmetric or public key, cryptography is, potentially, more secure than symmetric methods of encryption. This type of cryptography uses two keys, a "private" key and a "public key," to perform encryption and decryption. The use of two keys overcomes a major weakness in symmetric key cryptography, since a single key does not need to be securely managed among multiple users.
In asymmetric cryptography, a public key is freely available to everyone and used to encrypt messages before sending them. A different, private key remains with the receiver of ciphertext messages, who uses it to decrypt them. Algorithms that use public key encryption methods include RSA and Diffie-Hellman.
One very important feature of a good encryption scheme is the ability to specify a 'key' or 'password' of some kind, and have the encryption method alter itself such that each 'key' or 'password' produces a unique encrypted output, one that also requires a unique 'key' or 'password' to decrypt. This can either be a symmetric or asymmetric key. The popular 'PGP' public key encryption, and the 'RSA' encryption that it's based on, uses an 'asymmetrical' key, allowing you to share the 'public' encryption key with everyone, while keeping the 'private' decryption key safe. The encryption key is significantly different from the decryption key, such that attempting to derive the private key from the public key involves too many hours of computing time to be practical. It would NOT be impossible, just highly unlikely, which is 'pretty good'.
There are few operations in mathematics that are truly 'irreversible'. In nearly all cases, the commutative property or an 'inverse' operation applies. if an operation is performed on 'a', resulting in 'b', you can perform an equivalent operation on 'b' to get 'a'. In some cases you may get the absolute value (such as a square root), or the operation may be undefined (such as dividing by zero). However, it may be possible to base an encryption key on an algorithm such that you cannot perform a direct calculation to get the decryption key. An operation that would cause a division by zero would PREVENT a public key from being directly translated into a private key. As such, only 'trial and error' (otherwise known as a 'brute force' attack) would remain as a valid 'key cracking' method, and it would therefore require a significant amount of processing time to create the private key from the public key.
In the case of the RSA encryption algorithm, it uses very large prime numbers to generate the public key and the private key. Although it would be possible to factor out the public key to get the private key (a trivial matter once the 2 prime factors are known), the numbers are so large as to make it very impractical to do so. The encryption algorithm itself is ALSO very slow, which makes it impractical to use RSA to encrypt large data sets. So PGP (and other RSA-based encryption schemes) encrypt a symmetrical key using the public key, then encrypt the remainder of the data with a faster algorithm using the symmetrical key. The symmetrical itself key is randomly generated, so that the only (theoretical) way to get it would be by using the private key to decrypt the RSA-encrypted symmetrical key.
Example: Suppose you want to encrypt data (let's say this web page) with a key of 12345. Using your public key, you RSA-encrypt the 12345, and put that at the front of the data stream (possibly followed by a marker or preceded by a data length to distinguish it from the rest of the data). THEN, you follow the 'encrypted key' data with the encrypted web page text, encrypted using your favorite method and the key '12345'. Upon receipt, the decrypt program looks for (and finds) the encrypted key, uses the 'private key' to decrypt it, and gets back the '12345'. It then locates the beginning of the encrypted data stream, and applies the key '12345' to decrypt the data. The result: a very well protected data stream that is reliably and efficiently encrypted, transmitted, and decrypted.
[pic]
Figure 2 Asymmetric Encryption Techniques in Database Security

Hashing Encryption Techniques in Database Security

The first encryption method, called hashing, creates a unique, fixed-length signature for a message or data set. Hashes are created with an algorithm, or hash function, and people commonly use them to compare sets of data. Since a hash is unique to a specific message, even minor changes to that message result in a dramatically different hash, thereby alerting a user to potential tampering.
A key difference between hashing and the other two encryption methods is that once the data is encrypted, the process cannot be reversed or deciphered. This means that even if a potential attacker were able to obtain a hash, he or she would not be able to use a decryption method to discover the contents of the original message. Some common hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA).
[pic]
Figure 2 Asymmetric Encryption Techniques in Database Security

5.0 CONCLUSION
Data to any organization is a most valuable property. Security of sensitive data is always a big challenge for an organization at any level. In today’s technological world, database is vulnerable to hosts of attacks. In this study major security issues faced databases are identified and some encryption methods are discussed that can help to reduce the attacks risks and protect the sensitive data. It has been concluded that encryption provides confidentiality but give no assurance of integrity unless we use some digital signature or Hash function. Using strong encryption algorithms reduces the performance.

REFERENCES
Ahmad Baraani-Dastjerdi; Josef Pieprzyk; Baraanidastjerdi
Josef Pieprzyk ; ReihanedSafavi-Naini, Security
In Databases: A Survey Study, 1996
Amichai Shulman; Top Ten Database Security Threats,
How to Mitigate the Most Significant Database
Vulnerabilities, 2006 White Paper
Tanya Bacca; Making Database Security an IT Security
Priority A SANS Whitepaper – November 2009
Kadhem, H.; Amagasa, T.; Kitagawa, H.; A Novel
Framework for Database Security based on Mixed
Cryptography; Internet and Web Applications and
Services, 2009. ICIW '09. Fourth International
Conference on; Publication Year: 2009, Page(s): 163 –
170
Luc Bouganim; Yanli GUO; Database Encryption;
Encyclopedia of Cryptography and Security, S. Jajodia and H. van Tilborg (Ed.) 2009, page(s): ) 1-9
Khaleel Ahmad; JayantShekhar; Nitesh Kumar; K.P.
Yadav; Policy Levels Concerning Database Security;
International Journal of Computer Science & Emerging
Technologies (E-ISSN: 2044-6004) 368 Volume 2, Issue
3, June 2011, page(s); 368-372
Gang Chen; Ke Chen; Jinxiang Dong; A Database
Encryption Scheme for Enhanced Security and Easy
Sharing; Computer Supported Cooperative Work in
Design, 2006. CSCWD '06. 10th International
Conference on ; Publishing year 2006, page(s): 1 – 6
Dr. Anwar Pasha Abdul GafoorDeshmukh; Dr. Anwar
Pasha Abdul GafoorDeshmukh; Transparent Data
Encryption- Solution for Security of Database Contents;
(IJACSA) International Journal of Advanced Computer
Science and Applications, Vol. 2, No.3, March 2011
TingjianGe, Stan Zdonik; Fast, Secure Encryption for
Indexing in a Column-Oriented DBMS; 2007 IEEE 23rd
International Conference on Data Engineering (2007)
Publisher: IEEE, Page(s): 676-685.
Lianzhong Liu and JingfenGai; A New Lightweight
Database Encryption Scheme Transparent to
Applications; Published in Industrial Informatics, 2008.
INDIN 2008. 6th IEEE International Conference Issue
Date: 13-16 July 2008 On page(s): 135 - 140