Showing papers on "Database encryption published in 2004"

Order preserving encryption for numeric data

Abstract: Encryption is a well established technology for protecting sensitive data. However, once encrypted, data can no longer be easily queried aside from exact matches. We present an order-preserving encryption scheme for numeric data that allows any comparison operation to be directly applied on encrypted data. Query results produced are sound (no false hits) and complete (no false drops). Our scheme handles updates gracefully and new values can be added without requiring changes in the encryption of other values. It allows standard databse indexes to be built over encrypted tables and can easily be integrated with existing database systems. The proposed scheme has been designed to be deployed in application environments in which the intruder can get access to the encrypted database, but does not have prior domain information such as the distribution of values and annot encrypt or decrypt arbitrary values of his choice. The encryption is robust against estimation of the true value in such environments.

A Structure Preserving Database Encryption Scheme

Abstract: A new simple and efficient database encryption scheme is presented. The new scheme enables encrypting the entire content of the database without changing its structure. In addition, the scheme suggests how to convert the conventional database index to a secure index on the encrypted database so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without having the encryption key.

A Secure Database Encryption Scheme

Abstract: The need to protect database, would be an every growing one especially so in this age of e-commerce. Many conventional database security systems are bugged with holes that can be used by attackers to penetrate the database. No matter what degree of security is put in place, sensitive data in database are still vulnerable to attack. To avoid the risk posed by this threat, database encryption has been recommended. However encrypting all of database item will greatly degrade the performance of the database system. As an optimal solution this paper presents a database encryption scheme that provides maximum security, whilst limiting the added time cost of encryption and decryption.

Database Encryption as an Aspect

Abstract: Encryption is an important method for implementing confidentiality in information systems. Unfortunately applying encryption effectively can be quite complicated. Encryption, as well as other secur ...

An integrated approach for database security and fault tolerance

Abstract: This paper proposes a systematic approach to integrate database security (including database encryption and authentication) and fault tolerance so that the total overheads can be significantly reduced. An improved database encryption scheme with a consideration of fault tolerance are also presented and analyzed. The authentication and fault tolerance are realized by carefully designed checksums using redundant residue number systems (RRNS). The proposed authentication approach can not only check the data integrity of a record, but also ensure the data origin of a record in database systems. The integrated approach is able to correct a single error within each record. The proposed approach is ideal for many database applications in which both authentication and fault tolerance are required.

A new image-database encryption based on a hybrid approach of data-at-rest and data-in-motion encryption protocol

Abstract: A database contains data ranging from different degree of confidentiality, and is widely accessed by variety of users. As the importance of database become more and more vital in business, database security turn up to be a nonnegligible issue in order to protect data from its vulnerability to potential attackers and cryptanalysts. Encryption adds an additional layer of security to make data unusable if, despite all efforts, someone does get unauthorized access to the raw data. Previous researchers had done a lot of efforts in database encryption, including encrypting "data-at-rest" and "data-in-motion". Although encryption is being shown as the strongest security alternative for data protection, there are still some drawbacks observed by implementing encryption of data-at-rest. Furthermore, implementing either one of the above-said strategies is not sufficient to keep data safe from exposure. And hence, combining the two approaches is necessary and emerges as a better choice. The main objective of designing this hybrid solution is to boost up the performance of a database engine when data encryption is requisite.

Transparent Encryption and Separation of Duties for Enterprise Databases - A Solution for Field Level Privacy in Databases

Abstract: Security is becoming one of the most urgent challenges in database research and industry, and there has also been increasing interest in the problem of building accurate data mining models over aggregate data, while protecting privacy at the level of individual records. Instead of building walls around servers or hard drives, a protective layer of encryption is provided around specific sensitive data-items or objects. This prevents outside attacks as well as infiltration from within the server itself. This also allows the security administrator to define which data stored in databases are sensitive and thereby focusing the protection only on the sensitive data, which in turn minimizes the delays or burdens on the system that may occur from other bulk encryption methods. Encryption can provide strong security for data at rest, but developing a database encryption strategy must take many factors into consideration. This paper presents a practical implementation of field level encryption in enterprise database systems, based on research and practical experience from many years of commercial use of cryptography in database security. We presents how this column-level database encryption is the only solution that is capable of protecting against external and internal threats, and at the same time meeting all regulatory requirements. We use the key concepts of security dictionary, type transparent cryptography and propose solutions on how to transparently store and search encrypted database fields. In this paper we will outline the different strategies for encrypting stored data so you can make the decision that is best to use in each different situation, for each individual field in your database to be able to practically handle different security and operating requirements. Application code and database schemas are sensitive to changes in the data type and data length. The papers presents a policy driven solution that allows transparent data level encryption that does not change the data field type or length. We focus on how to integrate modern cryptography technology into a relational database management system to solve some major security problems.

The Research of Web-database Encryption Based on Hybrid Cipher System

Abstract: Web-database security problem is becoming more and more crucial on the Internet. After studying and analyzing different advanced secure technology, this paper introduces the encryption of web-database based on hybrid cipher system, the result demonstrate that it is a good scheme because of its strength and rapidity.

Encryption Arithmetic and Key Technology in Database Encryption

Abstract: Database encryption can be classified into physical encryption and logical encryption taking no account of the encryption in the kernel of DBMS. It must improve the commonly symmetrical key block cipher arithmetic for ensuring that the data length will not be increased after encryption. Forward shift bits mode is used in Triple DES with Two Keys, and cipher text stealing mode is used in RC5 with Cipher Block Chaining. The key of controlled encryption arithmetic that is the primary key can be created by random number and can be kept by person specially assigned, and the two dimensional matrix pattern formed by record lines and field rows can be adopted for the secondary key. At last, some solutions for some functions in DBMS that are invalidation after database encryption are provided.

New IV-Based database encryption schemeusing TS block cipher

Abstract: Current database security research classify four types of controls for the protection of data in databases: access controls, information flow controls, inference controls, and cryptographic controls. This paper covers the fourth type of controls, cryptographic controls in database security that provides security of data stored in commercial RDBMS like Oracle. The proposed database encryption scheme is based on TS Block and Stream Ciphers, and is capable of protecting data at the data element, row, and column levels using both block and stream encryptions. The design of the scheme’s key generation and management system allows the controls of users’ access to encrypted data in a multilevel fashion thus provide multilevel security. The scheme solves the problem of mandatory and discretionary access controls in a given organization. The security of the scheme is based on the fact that no cryptographic keys are stored in the database system. All encryption and decryption keys are stored securely in smartcards thus providing minimum cryptographic information to users. The design of the encryption scheme is based on the provably strong ciphers with 128-bit keys which is currently infeasible to be broken even by exhaustive key search. Implementation of the scheme has been conducted successfully in Oracle RDBMS and complements the Oracle encryption security available

A New IV-Based Database Encryption Scheme Using TS Block Cipher

Abstract: Current database security research classify four types of controls for the protection of data in databases: access controls, information flow controls, inference controls, and cryptographic controls. This paper covers the fourth type of controls, cryptographic controls in database security that provides security of data stored in commercial RDBMS like Oracle. The proposed database encryption scheme is based on TS Block and Stream Ciphers, and is capable of protecting data at the data element, row, and column levels using both block and stream encryptions. The design of the scheme's key generation and management system allows the controls of users' access to encrypted data in a multilevel fashion thus provide multilevel security. The scheme solves the problem of mandatory and discretionary access controls in a given organization. The security of the scheme is based on the fact that no cryptographic keys are stored in the database system. All encryption and decryption keys are stored securely in smartcards thus providing minimum cryptographic information to users. The design of the encryption scheme is based on the provably strong ciphers with 128-bit keys which is currently infeasible to be broken even by exhaustive key search. Implementation of the scheme has been conducted sudcessfully in Oracle RDBMS and complements the Oracle encryption security available.