Professional Documents
Culture Documents
Database Security and Encryption: A Survey Study: International Journal of Computer Applications May 2012
Database Security and Encryption: A Survey Study: International Journal of Computer Applications May 2012
net/publication/235992242
CITATIONS READS
43 16,937
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Iqra Basharat on 21 May 2014.
General Terms
Your general terms must be any term which can be used for
general classification of the submitted material such as Pattern
Database
Recognition, Security, Algorithms et. al.
Security
Keywords
Database, Security, Encryption, Access Control.
Fig 1: Properties of Database Security
1. INTRODUCTION
We ask that authors follow some simple guidelines. In Access controls ensures that all direct accesses to the system
essence, we ask you to make your paper look exactly like this are authorized. The access controls governs that that can
document. The easiest way to do this is simply to download access the system’s objects. Often it happens that important
the template, and replace the content with your own material. information or data is leaked out or misused not because of
defective access control but because of improper information
Information or data is a valuable asset in any organization. flow. When policies for information flow are not properly
Almost all organization whether social, governmental, defined than the system data is less protected. The
educational etc., have now automated their information cryptographic control, controls (secures) the data by
systems and other operational functions. They have encrypting it. [1][2]
maintained the databases that contain the crucial information.
So database security is a serious concern. To go further, we Another approach has been adopted for securing the
shall first discuss what actually the database security is? databases. It has been discussed that to make the databases
secure different policies at organization level can be
Protecting the confidential/sensitive data stored in a repository implemented. Data/information is always a most important
is actually the database security. It deals with making database asset for any organization whose security cannot be
secure from any form of illegal access or threat at any level. compromised. With the advances in technology, the risk to
Database security demands permitting or prohibiting user these valuable assets increases. So their security is a big
actions on the database and the objects inside it. Organizations challenge. In [8] different database security layers are defined
that are running successfully demand the confidentiality of shown in figure (2) below. These layers are: database
their database. They do not allow the unauthorized access to administrator, system administrator, security officer,
their data/information. And they also demand the assurance developers and employee. For each layer some well-defined
that their data is protected against any malicious or accidental security policies have been anticipated. These policies ensure
modification. Data protection and confidentiality are the the security features, privacy, confidentiality and integrity.
security concerns. Figure 1 below shows the properties of
database security that are: confidentiality, integrity and This study mainly focuses on issues in databases security and
availability [6][7][8]. measures taken to solve those issues. Securing sensitive data
from illegal access, theft and forging becomes a big challenge
As discussed previously confidentiality imposes limits while for different organizations, like government, no-government
retrieving the secure data and therefore averting the illegal and privates sectors. Encryption of data in client or server side
access to the data. Integrity means that the data will not be where data is shared between different parties is not sufficient.
tainted in any way. Availability of data on time is the property Basically the problem is to ensure that semi trusted database is
of secure databases. [1][5] secure or not. [6]
28
International Journal of Computer Applications (0975 – 888)
Volume 47– No.12, June 2012
A new hypothesis for database encryption is proposed in example of university can be quoted in which an administrator
which database encryption can be provided as a service to who is given access to all databases and holds the privilege to
applications with unified access to encrypted database. Using change the records of any student. This may lead to misuse
such an encrypted data management model, applications can such as changing of grades, marks of students or change in the
concentrate on their core businesses and protect data privacy amount of fine charged to any student. As a result, all users
against both malicious outsiders and the untrusted database who perform different tasks are given default level of
service users without need to know encryption details. [12] privileges that grants access in excess.
Data
Database Communication
Protocol
Weak Vulnerabilities Denial of
Security Officer Authentication Service
Securit
DBA
y Backup Data Privilege
System Admin
policie Exposure
Security
Elevation
Developer
s are Risks
Employee Weak Audit
checke SQL
Trail Injection
d at
these
Excessive Legitimate
Internet layers
Privilege Abuse privilege
Database Abuse
Platform
Vulnerabilities
29
International Journal of Computer Applications (0975 – 888)
Volume 47– No.12, June 2012
30
International Journal of Computer Applications (0975 – 888)
Volume 47– No.12, June 2012
31
International Journal of Computer Applications (0975 – 888)
Volume 47– No.12, June 2012
32
International Journal of Computer Applications (0975 – 888)
Volume 47– No.12, June 2012
protected.
Access
Fast Fast indexing control
Comparison operation
Encryption Efficienc
Low decryption y
overhead
Privacy
The following section will give an empirical analysis. With the help of data obtained in Table 1 we can calculate the
percentage and criticality also as shown in Table 2.
3.3 Empirical Analysis
This empirical study is done by keen observation of the Table 4: Empirical Analysis of security parameters
literature and then results are drawn. achieved using Encryption methods
6
Percentage Criticality Frequency Analysis
5
10-20 % Medium
4
20%-50% Moderate
No. Of 3
Papers
51%-80% High
2
81%-100% Very High
1
33
International Journal of Computer Applications (0975 – 888)
Volume 47– No.12, June 2012
at any level. In today’s technological world, database is Conference on; Publication Year: 2009, Page(s): 163 –
vulnerable to hosts of attacks. In this study major security 170
issues faced databases are identified and some encryption
methods are discussed that can help to reduce the attacks risks [7] Luc Bouganim; Yanli GUO; Database Encryption;
and protect the sensitive data. It has been concluded that Encyclopedia of Cryptography and Security, S. Jajodia
encryption provides confidentiality but give no assurance of and H. van Tilborg (Ed.) 2009, page(s): ) 1-9
integrity unless we use some digital signature or Hash [8] Khaleel Ahmad; JayantShekhar; Nitesh Kumar; K.P.
function. Using strong encryption algorithms reduces the Yadav; Policy Levels Concerning Database Security;
performance. The future work could be carried out make International Journal of Computer Science & Emerging
encryption more effective and efficient . Technologies (E-ISSN: 2044-6004) 368 Volume 2, Issue
3, June 2011, page(s); 368-372
[4] Tanya Bacca; Making Database Security an IT Security [11] TingjianGe, Stan Zdonik; Fast, Secure Encryption for
Priority A SANS Whitepaper – November 2009 Indexing in a Column-Oriented DBMS; 2007 IEEE 23rd
International Conference on Data Engineering (2007)
[5] http://www.freetechexams.com/computers- Publisher: IEEE, Page(s): 676-685.
tips/computer-tips/database-security.html
[12] Lianzhong Liu and JingfenGai; A New Lightweight
[6] Kadhem, H.; Amagasa, T.; Kitagawa, H.; A Novel Database Encryption Scheme Transparent to
Framework for Database Security based on Mixed Applications; Published in Industrial Informatics, 2008.
Cryptography; Internet and Web Applications and INDIN 2008. 6th IEEE International Conference Issue
Services, 2009. ICIW '09. Fourth International Date: 13-16 July 2008 On page(s): 135 - 140
34