Showing papers on "Database encryption published in 2007"

Deterministic and efficiently searchable encryption

Abstract: We present as-strong-as-possible definitions of privacy, and constructions achieving them, for public-key encryption schemes where the encryption algorithm is deterministic. We obtain as a consequence database encryption methods that permit fast (i.e. sub-linear, and in fact logarithmic, time) search while provably providing privacy that is as strong as possible subject to this fast search constraint. One of our constructs, called RSA-DOAEP, has the added feature of being length preserving, so that it is the first example of a public-key cipher. We generalize this to obtain a notion of efficiently-searchable encryption schemes which permit more flexible privacy to search-time trade-offs via a technique called bucketization. Our results answer much-asked questions in the database community and provide foundations for work done there.

Answering aggregation queries in a secure system model

Abstract: As more sensitive data is captured in electronic form, security becomes more and more important. Data encryption is the main technique for achieving security. While in the past enterprises were hesitant to implement database encryption because of the very high cost, complexity, and performance degradation, they now have to face the ever-growing risk of data theft as well as emerging legislative requirements. Data encryption can be done at multiple tiers within the enterprise. Different choices on where to encrypt the data offer different security features that protect against different attacks. One class of attack that needs to be taken seriously is the compromise of the database server, its software or administrator. A secure way to address this threat is for a DBMS to directly process queries on the ciphertext, without decryption. We conduct a comprehensive study on answering SUM and AVG aggregation queries in such a system model by using a secure homomorphic encryption scheme in a novel way. We demonstrate that the performance of such a solution is comparable to a traditional symmetric encryption scheme (e.g., DES) in which each value is decrypted and the computation is performed on the plaintext. Clearly this traditional encryption scheme is not a viable solution to the problem because the server must have access to the secret key and the plaintext, which violates our system model and security requirements. We study the problem in the setting of a read-optimized DBMS for data warehousing applications, in which SUM and AVG are frequent and crucial.

Fast, Secure Encryption for Indexing in a Column-Oriented DBMS

Abstract: Networked information systems require strong security guarantees because of the new threats that they face. Various forms of encryption have been proposed to deal with this problem. In a database system, there are often two contradictory goals: security of the encryption and fast performance of queries. There have been a number of proposals of database encryption schemes to facilitate queries on encrypted columns. Order-preserving encryption techniques are well-suited for databases since they support a simple, and efficient way to build indices. However, as we will show, they are insecure under straightforward attack scenarios. We propose a new light-weight database encryption scheme (called FCE) for column stores in data warehouses with trusted servers. The low decryption overhead of FCE makes comparisons of ciphertexts and hence indexing operations very fast. Since it is hard to use classical security definitions in cryptography to prove the security of any existing symmetric encryption scheme, we propose a relaxed measure of security, called INFO-CPA-DB. INFO-CPA-DB is based on a well-established security definition in cryptography and relaxes it using information theoretic concepts. Using INFO-CPA-DB, we give strong evidence that FCE is as secure as any underlying block cipher (yet more efficient than using the block cipher itself). Using the same security measure we also show the inherent insecurity of any order preserving encryption scheme under straightforward attack scenarios. We discuss indexing techniques based on FCE as well.

Research and Implementation of Database Encryption System

Abstract: An effective method to realize database information security is to use MiddlewareThe design integrates the identity verification,access control,encrypted transmission and data encryption in the network encrypted Data Base Safety Middleware(DBSM),which providing the safe access service of the database information to ensure data confidentiality,integrity and availabilityConsequently,the legal rights and interests of the owners and users are guaranteed

The Design and Implementation of Database Encryption

Abstract: Information inside the database is shared by multiple parties such as internal users, partners, contractors and others. Sensitive data stored in database could be a target to attackers. The attacker for data stored in database not only from external but also from within the organization. Adding the database encryption, valuable information in database becomes more secure since the encrypted data ensure the confidentiality of the data. A new affine block cipher named Enhanced Affine Block Cipher technique is proposed for database encryption. This algorithm improves the weakness of the original affine cipher. The new encoding schema and modification Cipher Block Chaining (CBC) mode of operation for block cipher is designed for the new algorithm and then the prototype of the system is built and implemented into existing system for protecting user password. The result has shown that the algorithm is working properly, where the decryption process produced similar output as the original plaintext and it ran through specified configuration and evaluated thoroughly with respect to database approach and algorithm technique to prove the design.

Research on Security Mechanisms of Outsourced Database

Abstract: In the outsourced database model,organizations outsource their data management needs to an external service provider.The service provider offers mechanisms to create,store,update and query the database for the organizations.Since a server is almost never fully trusted,this model introduces several research issues related to data security.This paper discusses the classification of database security system,studies the architecture of outsourced database,overviews the state-of-the-art in database encryption,query policy of encrypted database,privacy protection,data integrity verification,and database copyright protection based on database watermarking,introduces the latest progress in security mechanisms of outsourced database,and looks ahead its future development.A conclusion is drawn at the end of this paper that it is critical to integrate various security mechanisms and trade off the security and the availability to build an outsourced database.

Research and implementation of database encryption system

Abstract: An effective method to realize database information security is to use middlewareThe design integrates the identity verification,access control,encrypted transmission and data encryption in the network encrypted Data Base Safety Middleware(DBSAPI),which provides the safe access service of the database information to ensure data confidentiality,integrity and availability,and consequently guarantee the legal rights and interests of the owners and users

Cryptographic relational algebra for databases using the field authenticator

Abstract: In this paper, a field authentication scheme, suitable for providing more efficient operations within an encrypted database, is introduced and discussed. Applying the concept of this proposed scheme, the database will be safeguarded and protected for situations such as a ciphertext search attack, a plaintext substitution attack, and/or a ciphertext substitution attack. In addition, this proposed scheme can be used to facilitate the ''projections'' operation executed in the database while also allowing the individual field value to be decrypted and authenticated. It is also important to note that the ''selection'' operation can be directly applied to the resultant database without the tediousness of going through the decryption process by using the random filters concept in the field authentication. Furthermore, the use of the aforementioned concept can eliminate exposure of some unqualified records and, as a result, speed up the process of executing the query.

A Study of UniSQL Encryption System : Case Study of Developing SAMS

Abstract: SAMS (school affairs management system) was developed as one of the subsequent NEIS (national education information system) e-Government projects by Ministry of Education and Human Resource Development (MOE&HRD) in Korea Politically NEIS was installed and managed in each provincial Office of Education so that huge amount of students' personal information is stored in central integrated NEIS database system But Korea Teachers' Union and some of civilian groups have raised a possibility of infringement on student's privacy Education Informatization Committee, as an advisory organization, proposed separation of school administration section from NEIS as of March 2004 to resolve the conflicts between Government and Teachers Union SAMS was originated in separated school administration When the SAMS project was started, use of domestic S/W industries are encouraged and guided During the SAMS project, Linux and UniSQL was adopted and improved in order to meet the needs of sophisticated system So, database level of encryption system based on commercial UniSQL was studied and designed in order to increase security and not to harm infringement on privacy In this paper, we show the procedural step and consideration of design UniSQL embedded encryption and decryption based on our experience Design of architecture on UniSQL version 63 will be touched in this paper as well as detailed encryption module After implementing encryption system on UniSQL, we simulated performance and compared query-processing factors between encryption embedded UniSQL and UniSQL without one The results of performance evaluation shows reasonable performance compared with non-encryption function

Design of Key-Managing Module of Database Encryption System

Abstract: When a security system is designed, the design of key-managing module is a very difficult problem and must be solved firstly. This paper proposes a scheme of design and implementation of key-managing module of database encryption system in detail, based on analysis of such aspects as creating keys, distributing keys, verifying keys, replacing keys, etc. The presented results show that the key-managing module built by the scheme is secure, feasible, and efficient.

A Database Encryption Method Based on Information Dissociation and Association

Abstract: Aiming at the issues of lower efficiency on database queries or processing and limited SQL queries,a kind of database encryption method is presented in this paper.Unlike traditional database encryption methods,it does not rely on data encryption.According to the characteristics that the data is structured in relational databases,it implements data security through information dissociation and information association.Meanwhile,the definition and rules of information dissociation and association are presented in this paper,and the query processing of the method is described.Finally,a performance comparison is performed with traditional database encryption through experiments.

Research and Comparison of Several Database Encryption Technologies

Abstract: With the development of database usage into economy and production of our daily life,the database security is more and more concerned. Nowadays the main technology used in the database security is access control,but when the access control mechanics is broken through,the whole security system is collapsed.Database encryption is introduced to solve this problem.Several technologies of database encryption are discussed in this paper,as well as the direction of corresponding researches.

Database Encryption Scheme for Enhanced Security and Easy Sharing

Abstract: Inspired by the PGP technique,a novel database encryption scheme was proposed for enhanced data sharing inside a database,while preserving data privacy.It was characterized by both the fast speed of the conventional encryption and the convenience of key distribution of public key encryption.It also provided secured storage for sensitive data and effective key management.The scheme had been implemented and successfully applied on Oscar v5.1,a DBMS developed for aerospace application.

Research of Sub-key Encryption Method for Database System Security

Abstract: Methods of database encryption and its characteristics are firstly discussed. Then the method of encryption algorithm like DES (Data Encryption Standard)--sub-key database encryption algorithm is introduced in detail; meanwhile, how to fulfill database encryption, database decryption, and database update is analyzed and discussed. Finally, Microsoft database-SQL (Structured Query Language) Server 2000 is taken as an example to illustrate the implementation procedure of database encryption algorithm. This example is widely used as reference in many fields, particularly in MIS (Management Information System) security and e-commerce.

A Survey on Techniques of Database Encryption and Query over Encrypted Data

Abstract: Database encryption is an effective method for protecting sensitive data.The requirements for database encryption system are summarized,the implemental mechanism,cryptographic granularity, cryptographic algorithm and cryptographic key management of database encryption are overviewed,the index mechanism and query policy of encrypted database are analyzed,the limits of database encryption are disussed and the future development of database encryption and query over encrypted data are looked ahead.

Key technique researching of database encryption engine

Abstract: Database encryption engine is the core of database encryption system.It's security and efficiency has great effect on whole function of database encryption system.And some difficult problems in the process must be overcome.Those problems of it are discussed,and some methods are put forward to solve it.The experiment shows that these methods can solve these problems which encountered in the process of encrypting and decrypting.

A BucketIDTransformation SchemeforEfficient Database Encryption

Abstract: Encryption isa wellestablished technology for protecting sensitive data.Unfortunately, the integration ofexisting encryption techniques with database systems causesundesirable performance degradation. Wepropose thebucket IDtransformation that supports range queries without exposing theorder ofplaintext. TheBucketID Transformation is performed bymoduloarithmetic orpseudo-random number generation. This method ismorepowerful than theprevious order-preserving methods andisexpected tohandle datamoreefficiently thanother methods. Experiment results showthat ourscheme outperforms other method inencryption andquery speed.