Showing papers on "Database encryption published in 2011"

CryptDB: protecting confidentiality with encrypted query processing

Abstract: Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications backed by SQL databases. It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL. Chaining encryption keys to user passwords requires 11--13 unique schema annotations to secure more than 20 sensitive fields and 2--7 lines of source code changes for three multi-user web applications.

Realizing Proxy Re-encryption in the Symmetric World

Abstract: Proxy re-encryption is a useful concept and many proxy re-encryption schemes have been proposed in the asymmetric encryption setting. In the asymmetric encryption setting, proxy re-encryption can be beautifully implemented because many operations are available to directly transform a cipher to another cipher without the proxy needs to access the plaintexts. However, in many situations, for a better performance, the data is encrypted using symmetric ciphers. Most symmetric ciphers do not support proxy cryptography because of malleability (that is needed to implement the proxy re-encryption) is not a desired property in a secure encryption scheme. In this paper, we suggest an idea to implement a pure proxy re-encryption for the symmetric ciphers by first transforming the plaintext into a random sequence of blocks using an All or nothing transform (AONT). We show an example of the proxy re-encryption scheme using a weak encryption (i.e. simple permutation) that has a simple conversion function to convert a permutation to another. The encryption scheme exploits three characteristics of an AONT transformation: (1) the output of an AONT is a pseudorandom, (2) the output of an AONT cannot be transformed back if any parts is missing, and (3) the output of an AONT cannot be transformed back without having all blocks with correct position. We show security argument of the proposed scheme and its performance evaluation.

Securing Database as a Service: Issues and Compromises

Abstract: Database-as-a-service is one of many services being marketed as part of cloud computing. It has several major issues and concerns related to security, including data security, trust, expectations, regulations, and performance issues. Proposed resolutions include risk management and better contractual agreements, while solutions include database encryption and authenticity techniques. Other cloud computing issues include hardware security concerns and the balance of trust and risk.

A data masking technique for data warehouses

Abstract: Data Warehouses (DWs) are the enterprise's most valuable asset in what concerns critical business information, making them an appealing target for attackers. Packaged database encryption solutions are considered the best solution to protect sensitive data. However, given the volume of data typically processed by DW queries, the existing encryption solutions heavily increase storage space and introduce very large overheads in query response time, due to decryption costs. In many cases, this performance degradation makes encryption unfeasible for use in DWs. In this paper we propose a transparent data masking solution for numerical values in DWs based on the mathematical modulus operator, which can be used without changing user application and DBMS source code. Our solution provides strong data security while introducing small overheads in both storage space and database performance. Several experimental evaluations using the TPC-H decision support benchmark and a real-world DW are included. The results show the overall efficiency of our proposal, demonstrating that it is a valid alternative to existing standard encryption routines for enforcing data confidentiality in DWs.

Security data item level database encryption system

Abstract: The invention relates to a security data item level database encryption method. Confidential data is encrypted by a data item level particle size; a hash function is used for deriving an encryption key of each data item according to a derived key and unique positioning information of the data item, even the data item encryption keys for encryption of all integral databases can be derived by using one key to reduce the using amount of the keys and facilitate key management; and a stream cipher algorithm is used for encrypting the data items to avoid filling. A ciphertext index is also encrypted by the stream cipher algorithm; each field (column) is encrypted by using the same key; therefore, searching keywords can be encrypted and then ciphertexts of corresponding fields are matched in spite of precise complete or incomplete searching. The method also has complete security functions of key management, secret sharing, security backup, mandatory access control, security connection and the like.

Database security system based on storage encryption

Abstract: The invention provides a database security system based on storage encryption, comprising a database encryption server, a database encryption expansion component, a safe database access interface and a management tool. A database encryption service system encrypts and decrypts all data in the database security system and intensively applies safety control and management; the database encryption expansion component connects with the database encryption service system and a database management system and calls a cipher service function of the database safety service system to encrypt and decrypt routine data; the safe database access interface provides safe and transparent database access support to an application system; the management tool is used for safety configuration management by management personnel. The database security system provides an interface standard conforming to database access, supports transparent encryption and decryption of routine data and big data object, and screens complex details realizing the security function of the database for the application system.

Research on network database encryption technology

Abstract: At present, the security issue of large amount of computer data storage, sensitive defense data theft and tamper-proof issue has attracted people's attention increasingly. Database system as the core component of computer information system, database files as information aggregation, and their safety will be the top priority of the information industry. The core of information security is the database security, and database encryption security is one of the core questions of database security, compared with other safety means, in comprehensive consideration of safety degree, price, use maintenance costs, upgrade cost etc., the performance-price ratio of database encryption is the highest security means. This paper on database security, has discussed the application of database file in database security strategy and the related encryption technology, encryption algorithm and encryption method and data encryption technology.

Three-tier Structure Design of Database Security

Abstract: A key technology for database security is database encryption.Nowadays,one effective method for database encryption is to encrypt sensitive fields,and one sensitive field corresponds to a key,while the generation and security storage of the encryption key is the key problems.This paper proposes one new double encryption-key mechanism,in which the DES encryption algorithm is employed to get application keys from encryption transform of the main keys.The user just considers how to get secure storage of main keys,while considers no security storage and communication of the application keys.This natural combination integrating the security of the encryption algorithm and complex transformation generates the application keys,thus to provide reliable guarantees for the generation and management of the key in the database encryption.

Scalability of encryption techniques for electronic health record (EHR) retrieval

Abstract: Electronic Health Record (EHR) retrieval processes are complex demanding Information Technology (IT) resources exponentially in particular memory usage. Database-as-a-service (DAS) model approach is proposed to meet the scalability factor of EHR retrieval processes. A simulation study using ranged of EHR records with DAS model was presented. The bucket-indexing model incorporated partitioning fields and bloom filters in a Singleton design pattern were used to implement custom database encryption system. It effectively provided faster responses in the range query compared to different types of queries used such as aggregation queries among the DAS, built-in encryption and the plain-text DBMS. The study also presented with constraints around the approach should consider for other practical applications.

The scalability and the strategy for EMR database encryption techniques

Abstract: EMR (Electronic Medical Record) is an emerging technology that is highly-blended between non-IT and IT area. One methodology is to link the non-IT and IT area is to construct databases. Nowadays, it supports before and after-treatment for patients and should satisfy all stakeholders such as practitioners, nurses, researchers, administrators and financial departments and so on. In accordance with the database maintenance, DAS (Data as Service) model is one solution for outsourcing. However, there are some scalability and strategy issues when we need to plan to use DAS model properly. We constructed three kinds of databases such as plan-text, MS built-in encryption which is in-house model and custom AES (Advanced Encryption Standard) - DAS model scaling from 5K to 2560K records. To perform custom AES-DAS better, we also devised Bucket Index using Bloom Filter. The simulation showed the response times arithmetically increased in the beginning but after a certain threshold, exponentially increased in the end. In conclusion, if the database model is close to in-house model, then vendor technology is a good way to perform and get query response times in a consistent manner. If the model is DAS model, it is easy to outsource the database, however, some techniques like Bucket Index enhances its utilization. To get faster query response times, designing database such as consideration of the field type is also important. This study suggests cloud computing would be a next DAS model to satisfy the scalability and the security issues.

A Method of Transparently Encrypting Database Data Supporting Cipher-text Index

Abstract: As the database is applied widely,a critical challenge is to preserve data privacy and prevent sensitive information from disclosure.The database encryption technology has been proven an effective method to preserve data security.However,as the original partially ordered relationship of database data would be lost while the database is encrypted,it is impossible to quicken the conditional query on the cipher-text data.This paper proposes a new method of transparently encryption of records,which supports conditional query on encrypted database data.Experimental results of a database-encryption system designed based on this method are reported.

The Scalability and the Strategy for EMR Database Encryption Techniques

Abstract: EMR(Electronic Medical Record) is an emerging technology that is highly-blended between non-IT and IT area. One of methodology to link non-IT and IT area is to construct databases. Nowadays, it supports before and after-treatment for patients and should satisfy all stakeholders such as practitioners, nurses, researchers, administrators and financial department and so on. In accordance with the database maintenance, DAS (Data as Service) model is one solution for outsourcing. However, there are some scalability and strategy issues when we need to plan to use DAS model properly. We constructed three kinds of databases such as plain-text, MS built-in encryption which is in-house model and custom AES (Advanced Encryption Standard) . DAS model scaling from 5K to 2560K records. To perform custom AES-DAS better, we also devised Bucket Index using Bloom Filter. The simulation showed the response times arithmetically increased in the beginning but after a certain threshold, exponentially increased in the end. In conclusion, if the database model is close to in-house model, then vendor technology is a good way to perform and get query response times in a consistent manner. If the model is DAS model, it is easy to outsource the database, however, some technique like Bucket Index enhances its utilization. To get faster query response times, designing database such as consideration of the field type is also important. This study suggests cloud computing would be a next DAS model to satisfy the scalability and the security issues.

Research of Database Encryption Based on Fast AES Algorithm Implementation

Abstract: At present, there are many research achievements in the field of block cipher. Especially, the AES (Advanced Encryption Standard) algorithm should be considered the excellent representative of all the researches. When the data encryption standard was replaced by the advanced encryption standard, the whole world was putting light on the AES algorithm. Some research showed that the AES algorithm can be implemented fastly by shifting, xor and looking up tables. In this paper, we studied the implement of the fast AES algorithm in database system because database encryption technology was paid more attention. Through testing, we can see that the use of fast AES algorithm on the database system has little effect upon the efficiency of the database.

Database Encryption Storage and Query Based on Optimal Bucket Partition

Abstract: The database encryption scheme which supports the rapid inquires does not give the partition value extraction method of character and field,in order to solve the problem,this paper presents a database encryption storage and query based on optimal bucket partition.It chooses partition value based on optimal bucket partition,and the query and storage for encrypted string data is according to extract index value of agent encryption field and converse SQL statement of inquiry database.Experimental result shows that this scheme has higher first inquiry shooting and stable filtering efficiency,it can improve the encryption system performance.

Application of AES Encryption Algorithm in Air Defense System

Abstract: In air defense system,a lot of data are stored in database or files in the form of plain text.In order to secure important data from malicious access,these data need to be encrypted before stored.The encryption mode and granularity of database are discussed,and high security AES encryption arithmetic is introduced.Based on the AES algorithm,encrypt/decrypt process flows are proposed and corresponding modules are designed for air defense database and configuration file protection.Exact application shows that the proposed design method is efficient,easy to use and well applicable.

A New Mechanism of Database Encryption

Abstract: In order to improve the security of database system and resist threat from all aspects, especially the threat from database administrators, the paper designed a new database encryption system. In this system sensitive information is encrypted and establishes ciphertext address index table for it. Encryptions for character fields and numeric fields have different processing methods. Decryption key should be synthesized by both client and server. System can execute SQL query like equality queries, range queries and so on which are difficult to deal with after encryption. The analysis shows that the system has better security.

Database encryption method based on watermarking technique

Abstract: The present invention relates to a database encryption method based on watermarking technique. It conceals personal confidential information database tables and associated primary keys in a public accessible object. Because the primary keys are hidden in an existing database table (assuming the user table includes a personal photo column, and system will use a default photo when the user has not yet provided a personal photo), people will not be aware of the existence of sensitive information. Compared to traditional cryptography methods wherein encrypted contents are likely visible. The invention can be used to assist the traditional cryptography methods in enhancing the data safety. The invention enables important data to be securely saved and it can be applied to health care, or database security of other applications such as wireless sensor network, e-commerce and financial related services.

2 – Database Encryption

Abstract: Publisher Summary A key way to protect the data within one's database is to use database encryption. Data encryption can be done at many different points in the application depending on the goal that one is trying to meet. Some of these configurations are more complex to configure, such as encryption using the PowerPath MPIO driver, than others, such as the transparent data encryption (TDE). It is important that there are so many options as to how one can encrypt the database. Each option loads on some part of the database-driven application; it just depends on which part of the database-driven application one wants to put the additional CPU load on. One can select from the client computer, the middle tier, the database server's CPU, or the HBAs in the SQL server as long as where one wants to place the processor workload corresponds to the layer where one wants to encrypt the data for the SQL Server database. With SQL, Azure encryption can be handled within the application tier without issue. However, as of the summer of 2010, SQL Azure does not support any encryption within the SQL Azure database. SQL Azure does, however, support hashing using the same algorithms as the onsite SQL server instances.