Showing papers on "Database encryption published in 2013"

Nonlinear order preserving index for encrypted database query in service cloud environments

Abstract: SUMMARY The database services on cloud are appearing as an attractive way of outsourcing databases. When a database is deployed on a cloud database service, the data security and privacy becomes a big concern for users. A straightforward way to address this concern is to encrypt the database. However, after encryption, the database cannot be easily queried. In this paper, we propose a nonlinear order preserving scheme for indexing encrypted data, which facilitates the range queries over encrypted databases. The scheme is secure even there are a large number of duplicates in plaintexts. Moreover, our scheme allows the programmability of basic indexing expressions and thus provides the capability of hiding the distribution of plaintexts from the distribution of indexes. This scheme is suitable for long-standing databases because its use does not need any assumption on the characteristics of database data, such as their distribution, range and number, which may change dramatically over time.Copyright © 2013 John Wiley & Sons, Ltd.

Searchable encrypted data

Abstract: Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.

Request-Based Comparable Encryption

Abstract: An order-preserving encryption (OPE) scheme preserves the numerical order of numbers under encryption while hiding their original values in a some extent. However, if all the numbers in a certain domain are encrypted by an OPE, the original numbers can be restored from their order. We introduce a notion of novel encryption scheme “request-based comparable encryption” that provides a certain level of security even when OPEs cannot. A request-based comparable encryption hides original values, but it enables any pair of encrypted values to be compared each other when and only when one of them is accompanied by a “token”. We also consider its weaker notion and a concrete construction satisfying it. We consider a request-based comparable encryption complements OPEs and can be an essential security primitive.

Secure query processing over encrypted data

Abstract: The subject disclosure is directed towards secure query processing over encrypted database records without disclosing information to an adversary except for permitted information. In order to adapting semantic security to a database encryption scheme, a security model for all query processing is specified by a client and used to determine which information is permitted to be disclosed and which information is not permitted. Based upon the security model, a trusted, secure query processor transforms each query and an encrypted database into secure query results. Even though the adversary can view the secure query results during communication to the client, the adversary cannot determine any reliable information regarding the secure query results or the encrypted database.

Field level database encryption using a transient key

Abstract: Embodiments of the present invention disclose a method, system, and computer program product for implementing user specific encryption in a database system. A computer receives a query statement including a user specific key and data, the data including data needing encryption and non-encrypted data. The computer encrypts the data needing encryption using the user specific key. The computer inserts both the encrypted data and the non-encrypted data into a table row in a database. The computer creates a hash of the user specific key, and stores the hash of the user specific key in the table row with the data.

Secured e-health data retrieval in DaaS and Big Data

Abstract: Big Data is one of rising IT trends such as cloud computing, social networking or ubiquitous computing. Big Data can offer beneficial scenarios in the e-health arena. However, one of the scenarios can be that Big Data needs to be kept secured for a long time in order to gain its benefits such as finding cures for infectious diseases and keeping patients' privacy. From this connection, it is beneficial to analyze Big Data to make meaningful information while the data are stored in a secure manner. Thus, the analysis of various database encryption techniques is essential. In this study, we simulated 3 types of technical environments such as Plain-text, Microsoft Built-in Encryption, and custom Advanced Encryption Standard using Bucket Index in Data-as-a-Service. The results showed that custom AES-DaaS has faster range query response time than MS built-in encryption. In addition, while carrying out the scalability test, we acknowledged there are performance thresholds according to physical IT resources. Therefore, for the purpose of efficient Big Data management in e-health, it is noteworthy to examine its scalability limits as well even if it is under cloud computing environment. Furthermore, when designing an e-health database, both patients' privacy and system performance needs to be dealt as top priorities.

Querying Encrypted Data (Tutorial)

Abstract: Data security is a serious concern when we migrate data to a cloud DBMS. Database encryption, where sensitive columns are encrypted before they are stored in the cloud, has been proposed as a mechanism to address such data security concerns. The intuitive expectation is that an adversary cannot “learn” anything about the encrypted columns, since she does not have access to the encryption key. However, query processing becomes a challenge since it needs to “look inside” the data. This tutorial explores the space of designs studied in prior work on processing queries over encrypted data. We cover approaches based on both classic client-server and involving the use of a trusted hardware module where data can be securely decrypted. We discuss the security challenges that arise in both approaches and how they may be addressed. Briefly, supporting the full complexity of a modern DBMS including complex queries, transactions and stored procedures leads to significant challenges that we survey.

A Survey on Querying Encrypted Data for Database as a Service

Abstract: Using database encryption to protect data in some situations where access control is not solely enough is inevitable. Database encryption provides an additional layer of protection to conventional access control techniques. It prevents unauthorized users, including intruders breaking into a network, from viewing the sensitive data. As a result data keeps protected even in the incident that database is successfully attacked or stolen. However, data encryption and decryption process result in database performance degradation. In the situation where all the information is stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an unwilling tradeoff between the security and the performance is normally forced. The appropriate approaches to increase the performance are methods to deal directly with the encrypted data without firstly decrypting them. This paper while introduce some methods for searching on encrypted data, provides a comparison study between current methods in terms of performance and security.

Querying encrypted data

Abstract: Data security is a serious concern when we migrate data to a cloud DBMS. Database encryption, where sensitive columns are encrypted before they are stored in the cloud, has been proposed as a mechanism to address such data security concerns. The intuitive expectation is that an adversary cannot “learn” anything about the encrypted columns, since she does not have access to the encryption key. However, query processing becomes a challenge since it needs to “look inside” the data. This tutorial explores the space of designs studied in prior work on processing queries over encrypted data. We cover approaches based on both classic client-server and involving the use of a trusted hardware module where data can be securely decrypted. We discuss the privacy challenges that arise in both approaches and how they may be addressed. Briefly, supporting the full complexity of a modern DBMS including complex queries, transactions and stored procedures leads to significant challenges that we survey.

Security Analysis of Reverse Encryption Algorithm for Databases

Abstract: provides strong security for databases. To develop a database encryption strategy, many factors must be taken into consideration. Organizations must balance between the requirement for security and the desire for excellent performance. In this paper a novel encryption algorithm is proposed "Reverse Encryption Algorithm (REA)". The proposed algorithm REA is simple and yet leads to a cipher. It has achieved security and is fast enough for most applications. REA algorithm is limiting the added time cost for encryption and decryption to not degrade the performance of a database system. Moreover, designing REA algorithm has enhanced security in data encryption. Besides, the secure and performance of the proposed encryption algorithm REA is evaluated and compare with the most common encryption algorithms. Experimental results show that the proposed encryption algorithm REA outperforms other encryption algorithms at performance and security in databases. Overall, the proposed encryption algorithm REA achieves balance between the security and the efficiency. This paper observes a method for evaluating the security and efficiency of the proposed encryption algorithm REA and compares with the most common encryption algorithms namely: DES, 3DES, RC2, AES and Blowfish. A comparison will be presented for those encryption algorithms for encryption and decryption times. Also, another comparison will be presented for the secure value (it is used to measure the information entropy). Furthermore, another measure of security is the correlation coefficient of encrypted fields with the proposed encryption algorithm REA. The results of the experimental shows that the encryption and decryption time of the proposed encryption algorithm REA has a very good performance compared to other encryption algorithms. The security measure (information entropy) results indicate that the proposed encryption algorithm REA and AES are more secure than DES, 3DES, RC2, and Blowfish. Also, the correlation coefficient measure results depict that the proposed encryption algorithm REA provides more security.

Field-level database encryption device

Abstract: The invention is suitable for the field of information security and provides a field-level database encryption device, which comprises a user information storage unit, a database field encryption setting unit and a database access preprocessor, wherein the user information storage unit is used for storing database encryption symmetric keys which are encrypted through user public keys; the database field encryption setting unit is used for setting whether fields in a database are encrypted or not; and the database access preprocessor is used for conducting encryption conversion or decryption conversion to database access statements according to the decrypted database encryption symmetric keys and field encryption setting information in the database field encryption setting unit. By using the field-level database encryption device, a user can select different symmetric encryption algorithms supported by a database system according to demands for different encryption intensities, an application program does not need to conduct encryption or decryption operation to the database, all data encryption and decryption operations are completed by the database system, a full-text retrieval function of data items can be supported, and the original database access statements are not needed to be changed and can be directly and transparently used.

Symmetric Searchable Encryption with Efficient Conjunctive Keyword Search

Abstract: Searchable encryption is a cryptographic protocol for searching a document in encrypted databases. A simple searchable encryption protocol, which is capable of using only one keyword at one time, is very limited and cannot satisfy demands of various applications. Thus, designing a searchable encryption with useful additional functions, for example, conjunctive keyword search, is one of the most important goals. There have been many attempts to construct a searchable encryption with conjunctive keyword search. However, most of the previously proposed protocols are based on public-key cryptosystems which require a large amount of computational cost. Moreover, the amount of computation in search procedure depends on the number of documents stored in the database. These previously proposed protocols are not suitable for extremely large data sets. In this paper, we propose a new searchable encryption protocol with a conjunctive keyword search based on a linked tree structure instead of public-key based techniques. The protocol requires a remarkably small computational cost, particularly when applied to extremely large databases. Actually, the amount of computation in search procedure depends on the number of documents matched to the query, instead of the size of the entire database.

Efficient Fpe Algorithm For Encrypting Credit Card Numbers

Abstract: The more highly used Internet world contains many sensitive information. Encryption is a process to secure information. An encrypted data requires more storage space for storing. It also needs many changes in queries and application programs. This paper we introduce an efficient algorithm to encrypt the credit card number without changing the format and type. Encryption is a process of converting the plaintext (clear text) to unreadable cipher text. Decryption is a reverse process in which the cipher text is converted into plaintext. We store and transmit much sensitive information through the internet. Encrypting data at flight means encryption is done in the sender side and decryption is done in the receiver side. Encrypting data at rest is used to protect confidential data stored on host from the privileged users. There are many database security policies like authentication, access rights, digital signature etc. But 45% of the attackers are insiders. The existing security techniques are not enough for protecting the data. So we need powerful encryption algorithm. Database encryption is the process of converting the plaintext in the database to unintelligible cipher text format. Database encryption is implemented using strong encryption such as AES, RSA or SHA256. II. DRAWBACKS IN DATABASE ENCRYPTION  Encrypted text requires more storage space than clear text data  Inserting encrypted text and decrypted queries are slower than the inserting plaintext.  SQL statements are slow down due to encryption.  Record searching is more complex in encrypted database.  Queries will be changed to handle the encrypted data.  An existing application programs are also changed to handle the encrypted database.  Cannot maintain intellectual property of the database such as index.

Query Log Attack on Encrypted Databases

Abstract: Encrypting data at rest has been one of the most common ways to protect the database data against honest but curious adversaries. In the literature there are more than a dozen mechanisms proposed on how to encrypt data to achieve different levels of confidentiality. However, a database system is more than just data. An inseparable aspect of a database system is its interaction with the users through queries. Yet, a query-enhanced adversary model that captures the security of user interactions with the encrypted database is missing. In this paper, we will first revisit a few well-known adversary models on the data encryption schemes. Also, to model the query-enhanced adversaries we additionally need new tools, which will be formally defined. Eventually, this paper introduces query-enhanced adversary models which additionally have access to the query logs or interact with the database in different ways. We will prove by reduction that breaking a cryptosystem by a query-enhanced adversary is at least as difficult as breaking the cryptosystem by a common adversary.

Enhanced TSFS algorithm for secure database encryption

Abstract: Security of databases has become increasingly crucial in all application areas. Database encryption is an important mechanism to secure databases from attacks and unauthorised access. The Transposition-Substitution-Folding-Shifting encryption algorithm (TSFS) is a symmetric database encryption algorithm that uses three keys with an expansion technique to provide high security: it improves the efficiency of query execution time by encrypting the sensitive data only. However, it applies merely for the alphanumeric characters. This paper extends the data set of the TSFS encryption algorithm to special characters as well, and corrects substitution and shifting processes by providing more than one modulo factor and four 16-arrays respectively in order to avoid the error that occurs in decryption steps. Experiment results show that enhanced TSFS encryption algorithm outperforms Data Encryption Standard algorithm (DES) and Advanced Encryption Standard algorithm (AES) in terms of query execution time and database added size.

Evaluating the Performance of Reverse Encryption Algorithm (REA) on the Databases

Abstract: Database encryption is a well established technology for protecting sensitive data. Unfortunately, the integration of existing encryption techniques with database systems causes undesirable performance degradation. It is a crucial technique in the security mechanisms of database. In this paper we propose a new encryption algorithm, which we call Reverse Encryption Algorithm (REA). Our new encryption algorithm REA is simple and yet leads to a cipher. It has achieved security requirements and is fast enough for most applications. REA algorithm is limiting the added time cost for encryption and decryption to don't degrade the performance of a database system. Also, we evaluate the performance of the proposed encryption algorithm REA and compare with the most common encryption algorithms. The performance measure of encryption schemes will be conducted in terms of encryption / decryption time. Experiment results show that our new algorithm outperforms other algorithms at encryption and decryption time.

Complex Queries in a Shared Multi User Relational Cloud Database

Abstract: While DaaS is becoming more and more popular enterprises start considering it as an option to reduce IT maintenance costs. But data privacy and security issues keep most of them from moving to the cloud. Existing schemes of encrypting the database usually either provide a very basic search only (e.g., SELECT * FROM t WHERE t.a = 5) and nothing more or give users more flexibility at a cost of data security. In this paper we try to introduce a highly secure and flexible database encryption scheme allowing multiple users to perform more complex queries, including cross-table joins and still achieve acceptable performance by utilizing database's built-in indexing capabilities. Several dedicated proxy servers in between the user and the database server help to achieve this and make it all transparent for the user. Developed solution shows acceptable performance level in most of the testing cases.

Lightweight Symmetric Encryption Algorithm for Secure Database

Abstract: Virtually all of today’s organizations store their data in huge databases to retrieve, manipulate and share them in an efficient way. Due to the popularity of databases for storing important and critical data, they are becoming subject to an overwhelming range of threats, such as unauthorized access. Such a threat can result in severe financial or privacy problems, as well as other corruptions. To tackle possible threats, numerous security mechanisms have emerged to protect data housed in databases. Among the most successful database security mechanisms is database encryption. This has the potential to secure the data at rest by converting the data into a form that cannot be easily understood by unauthorized persons. Many encryption algorithms have been proposed, such as Transposition-Substitution-Folding-Shifting encryption algorithm (TSFS), Data Encryption Standard (DES), and Advanced Encryption Standard (AES) algorithms. Each algorithm has advantages and disadvantages, leaving room for optimization in different ways. This paper proposes enhancing the TSFS algorithm by extending its data set to special characters, as well as correcting its substitution and shifting steps to avoid the errors occurring during the decryption process. Experimental results demonstrate the superiority of the proposed algorithm, as it has outperformed the well-established benchmark algorithms, DES and AES, in terms of query execution time and database added size.

A performance test of query operation on encrypted database

Abstract: Database security techniques are available widely. Among those techniques, the encryption method is a well-certified and established technology for protecting sensitive data. However, once encrypted, the data can no longer be easily queried. The performance of the database depends on how to encrypt the sensitive data, and an approach for searching and retrieval efficiencies that are implemented. In this paper we analyze the database queries and the data properties and propose a suitable mechanism to query the encrypted database. We proposed and analyzed the new database encryption algorithm using the Bloom Filter with the bucket index method. Finally, we demonstrated the superiority of the proposed algorithm through several experiments that should be useful for database encryption related research and application activities.

Images cryptosystem based on chaotic maps for databases security

Abstract: Chaos in cryptography is of huge interest in many areas such as databases, e-business, and security of communication channels, in order to preserve sensible data from attacks of unauthorized persons The chaotic maps are becoming increasingly popular in real-time image encryption/ decryption systems for its high security, speed, computational overheads In this paper we apply two processes: chaotic confusion and diffusion of the pixel values, which provide images cryptosystem of the databases based on chaotic maps It is implemented by development our database encryption simulation in a previous work done by the authors This developing conforms by adding chaotic standard and henon map in our simulation Examining its implementation for image encryption based on chaotic maps along with its detailed performance evaluation and security analysis Experimental results demonstrate that the image cryptosystem has satisfactory efficient and very secure, which makes it a possible candidate for images encryption in the databases

A User Privacy Protection Technique for Executing SQL over Encrypted Data in Database Outsourcing Service

Abstract: The fact that the data owners outsource their data to external service providers introduces many security and privacy issues. Among them, the most significant research questions relate to data confidentiality and user privacy. Encryption was regarded as a solution for data confidentiality. The privacy of a user is characterized by the query he poses to the server and its result. We explore the techniques to execute the SQL query over the encrypted data without revealing to the server any information about the query such as the query type or the query pattern, and its result. By implementing all the relational operators by using the unique selection operator on the server-side database with a constant number of elements in each time of selection, our proposal can defeat against the statistical attacks of the untrusted server compromising data confidentiality and user privacy. Experimental evaluation demonstrates that our proposal less affects the system’s performance and is applicable in the real world.

Encryption method of database of mobile communication device

Abstract: PURPOSE: A database encryption method of a mobile device is provided to protect recorded information even when a database file of the mobile device is leaked to the outside CONSTITUTION: A mobile device (10) extracts a session key on the basis of a first random value and a second random value (S350) The mobile device verifies terminal identification information by decoding a second encryption sentence by the session key (S360) The mobile device acquires security server identification information The mobile device transmits a third encryption sentence, which is made by encoding the second random value and the security server identification information with the session key, to a security server (20) (S370) The security server verifies the second random value and the security server identification information, by decoding the third encryption sentence with the session key (S380) [Reference numerals] (10) Mobile device; (20) Security server; (S310) Ckey extracting=HMAC(Mkey, Cinfo); (S320) Skey generating=Rc XOR Rs; (S340) Rc verification , Rs acquisition; (S350) Skey extracting =Rc XOR Rs; (S360) Cinfo verification , Sinfo acquisition; (S380) Rs,Sinfo verification

Database coding technology and research of its application

Abstract: Database coding technology is the effective way to guarantee the safety of the database information. This essay does some research about the key technology to basic approach and keys of the database coding technology and probe the way to achieving the data coding. Besides, it discusses how to design the data coding system. In addition, it brings about the a concrete model. In the end, it discusses the influence on the original functions of the DBMS after coding the database. Index Terms Database encryption technology, Encryption system, Key Management, Design model

Application of SQLite Database in Embedded System

Abstract: The characteristics and configuration of SQLite embedded database,replanting it into the arm-linux embedded system platform,and application of its dynamical interactions and database encryption between the user and embedded system were introduced.

Maintaining Database Anonymity in the Presence of Queries

Abstract: With the advent of cloud computing there is an increased interest in outsourcing an organization’s data to a remote provider in order to reduce the costs associated with self-hosting. If that database contains information about individuals (such as medical information), it is increasingly important to also protect the privacy of the individuals contained in the database. Existing work in this area has focused on preventing the hosting provider from ascertaining individually identifiable sensitive data from the database, through database encryption or manipulating the data to provide privacy guarantees based on privacy models such as k-anonymity. Little work has been done to ensure that information contained in queries on the data, in conjunction with the data, does not result in a privacy violation. In this work we present a hash based method which provably allows the privacy constraint of an unencrypted database to be extended to the queries performed on the database. In addition, we identify a privacy limitation of such an approach, describe how it could be exploited using a known-query attack, and propose a counter-measure based on oblivious storage.

Research on the implementation of a database encryption system based on R algorithm

Abstract: With the development of computer technology and database technology, more and more MIS are implemented. Database is a basic platform in MIS，it stores a plenty of information which is shared by many users. Therefore, database security technology has become the key technology in the development of MIS. According the security requirements of a MIS, this paper introduces R encryption algorithm which adapts to database, and discusses the architecture and characteristics of a database encryption system based on application layer. Also the paper gives a detailed description about the implementation methods of key technology.

An Implementation of Database Image Encryption Using TSFS Techniques

Abstract: Database security needs more attention in industrial, civilian and government domains. Organizations are storing huge amount of data in database for data mining and other types of analysis . In this proposed system we mainly focuses on providing enhanced security of images that are stored in databases, because any damage and misuse of sensitive data stored in database will affect the entire organization. For this purpose an efficient light weight database encryption technique using TSFS (Transposition, Substitution, Folding, and Shifting) algorithm is followed. TSFS algorithm is a symmetric key block encipherment algorithm that uses same key for both encryption and decryption. The security depends on the length of the key and also key expansion technique is used for providing more security for the database. In this algorithm only the images in the database are encrypted and thereby the speed of executing the queries is increased. Thus TSFS algorithm is very efficient and more secure when compared to other database security methods like physical security, operating system security, DBMS security.

Protecting Access Pattern Privacy in Database Outsourcing Service

Abstract: The fact that the data owners outsource their data to external service providers introduces many security and privacy issues. Among them, the most significant research questions relate to data confidentiality and user privacy. Encryption was regarded as a solution for data confidentiality. The privacy of a user is characterized by the query he poses to the server and its result. We explore the techniques to execute the SQL query over the encrypted data without revealing to the server any information about the query such as the query type or the query pattern, and its result. By implementing all the relational operators by using the unique selection operator on the server-side database with a constant number of elements in each time of selection, our proposal can defeat against the statistical attacks of the untrusted server compromising data confidentiality and user privacy.

A Database Privacy Information Query Protocol based on Secure Multiparty Computation

Abstract: With the continuous development of information technology, database as the core part of modern information system, it undertakes the task of storage and management of data information. In the process of database query, it is of great importance to protect the security of privacy information of both parties. However, the existing programs encrypt the entire database; the encryption cost is excessively high. In order to solve this problem, the article takes the advantage of security assumptions of exchange encryption and obvious transfer technology to propose a database privacy information query program based on secure multiparty computation as well as analyzes the correctness, security, and the complexity of the design. The results show that the computational complexity of the program mentioned in the article is significantly reduced.