scispace - formally typeset
Search or ask a question

Showing papers on "Database encryption published in 2020"


Journal ArticleDOI
TL;DR: This work introduces a new ideally-secure OREnc scheme for small domains with shorter ciphertexts and presents an alternative message-block encoding technique.
Abstract: As data outsourcing services have been becoming common recently, developing skills to search over encrypted data has received a lot of attention. Order-revealing encryption (OREnc) enables performing a range of queries on encrypted data through a publicly computable function that outputs the ordering information of the underlying plaintexts. In 2016, Lewi et al. proposed an OREnc scheme that is more secure than the existing practical (stateless and non-interactive) schemes by constructing an ideally-secure OREnc scheme for small domains and a “domain-extension” scheme for obtaining the final OREnc scheme for large domains. They encoded a large message into small message blocks of equal size to apply them to their small-domain scheme, thus their resulting OREnc scheme reveals the index of the first differing message block. In this work, we introduce a new ideally-secure OREnc scheme for small domains with shorter ciphertexts. We also present an alternative message-block encoding technique. Combining the proposed constructions with the domain-extension scheme of Lewi et al., we can obtain a new large-domain OREnc scheme with shorter ciphertexts or with different leakage information, but longer ciphertexts.

3 citations


Journal ArticleDOI
TL;DR: This work will propose an original solution that protects encryption keys against internal attacks when implementing database encryption at the application level by using the protection functions stored within the database server.
Abstract: Encrypting databases at the application level (client level) is one of the most effective ways to secure data. This strategy of data security has the advantage of resisting attacks performed by the database administrators. Although the data and encryption keys will be necessarily stored in the clear on the client level, which implies a problem of trust viz-a-viz the client since it is not always a trusted site. The client can attack encryption keys at any time. In this work, we will propose an original solution that protects encryption keys against internal attacks when implementing database encryption at the application level. The principle of our solution is to transform the encryption keys defined in the application files into other keys considered as the real keys, for encryption and decryption of the database, by using the protection functions stored within the database server. Our proposed solution is considered as an effective way to secure keys, especially if the server is a trusted site. The solution implementation results displayed better protection of encryption keys and an efficient process of data encryption /decryption. In fact, any malicious attempt performed by the client to hold encryption keys from the application level cannot be succeeded since the real values of keys are not defined on it.

3 citations


Proceedings ArticleDOI
20 Oct 2020
TL;DR: A method for mobile database encryption forensics investigation in Android smartphones based on static analysis, which is not limited to a specific mobile application and features automated analytics and implements a system to automate the analysis of Android encrypted data.
Abstract: Forensic analysis of mobile applications plays a crucial part in gathering evidence against criminals. Because the evidence data obtained may often be stored in an encrypted local database or is itself encrypted, the forensic analysis of encrypted databases in smartphones is a critical process in digital crime forensics investigation. However, most of the forensic research on databases currently focuses on specific mobile applications. Moreover, it is difficult to automate dynamic analysis because an appropriate runtime environment must be set up to meet the needs of forensic investigation. This paper proposes a method for mobile database encryption forensics investigation in Android smartphones based on static analysis, which is not limited to a specific mobile application and features automated analytics. The method uses the installation package of the Android application to perform reverse analysis, constructs an inter-program control flow chart, and builds a data flow graph based on the control flow graph. Based on this graph, the database encryption method is searched and identified. We also implement a system to automate the analysis of Android encrypted data. Our method overcomes the challenges of static analysis by using a self-made probability model and proposes a specifically devised algorithm to search the database encryption method on the control flow chart and data flow chart. Finally, we select 100 Android applications to verify our method to analyze the encrypted data stored in the database. The analysis of all applications is completed in 39.6 h. Our experimental results show that the proposed method could find 705 encrypted databases in the 100 apps. In addition, our method successfully determines the encryption method of 584 databases with an accuracy of 82.9% and realizes the decryption of these databases.

3 citations


Journal ArticleDOI
01 May 2020
TL;DR: Wang et al. as mentioned in this paper proposed an improved additive order-revealing encryption (aORE) scheme by combining the Practical Order-Revealing Encryption (P-ORE) and mOPE.
Abstract: With the rapid development of cloud computing technology, cloud database, as an important part of cloud computing services, has gradually become necessary for daily work of enterprises or individuals However, entrusting data to third-party managing can lead to security issues such as data leakage, and users cannot guarantee data security To this end, this paper is based on the CryptDB, an open source database encryption proxy system designed by MIT, in this thesis we propose an improvement scheme for the shortcomings of the original CryptDB system Specific contents including: By studying the CryptDB system, we find that the system is lack of scalability for different databases and does not involve the management of system keys For the inefficiency of the mutable Order-Preserving Encryption (mOPE) in CryptDB system, we propose an improved additive Order-Revealing Encryption (aORE) scheme by combining the Practical Order-Revealing Encryption (P-ORE) and mOPE The scheme is based on pseudorandom function and double encryption Compared with mOPE, it can improve the execution efficiency of the Order-Preserving scheme at the expense of security

2 citations


Proceedings ArticleDOI
10 Jan 2020
TL;DR: Traditional ways of database encryption, modern concept of securing data and some possible concepts how to secure the data using encryption are described from high-level point of view to show their impact on security of entire system.
Abstract: Data is a most valuable part of most of nowadays system. A lot of hackers and criminals are trying to steal this data all the time. Due to that data should also be the best protected part of every company's systems. We would like our systems to be impenetrable, but that is not possible. If we want to protect the data, in case our system is compromised, we need to use encryption. This article describes traditional ways of database encryption, modern concept of securing data and some possible concepts how to secure the data using encryption. All of these approaches are discussed from high-level point of view to show their impact on security of entire system.

2 citations


Patent
07 Apr 2020
TL;DR: In this paper, an enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM).
Abstract: Methods and systems are described for enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM). A database encryption key management system is part of an HSM. A key manager circuit of the database encryption key management system generates a master key encryption key and stores it in the HSM. The key manager circuit generates an HMAC key and encrypts the HMAC key using the master key encryption key to generate a HMAC key cryptogram. The interface circuit of the database encryption key management system transmits the HMAC key cryptogram to a database server, which independently generates and stores a unique identifier. The HSM deletes the HMAC key from its storage media. The key manager circuit receives the HMAC key cryptogram and the unique identifier, decrypts the HMAC key cryptogram to obtain the HMAC key and, based at least on the HMAC key and the unique identifier, generates an HMAC. The interface circuit transmits the HMAC to the database server, which derives a database encryption key (DEK) using the HMAC as an input to a key derivation algorithm. The database encryption key resides in volatile memory of the database server. The master key encryption key resides within the HSM.

1 citations


Patent
07 May 2020
TL;DR: In this article, a chaincode transaction proposal is invoked by one or more endorser nodes of a blockchain network, and the chaincode is executed by an application programming interface between the chain code and a shared ledger.
Abstract: An example operation may include one or more of receiving, by one or more endorser nodes of a blockchain network, an invoke chaincode transaction proposal, executing chaincode, encrypting, by an application programming interface between the chaincode and a shared ledger, blockchain state to the shared ledger, decrypting blockchain state from the shared ledger, endorsing, by the one or more endorser nodes, one or more results from executing the chaincode, and creating a blockchain transaction from the one or more endorsed results.

1 citations


Book ChapterDOI
01 Aug 2020
TL;DR: This paper presents a review of Order Preserving Encryption schemes (OPES) a technique for database encryption which execute range queries in an efficient manner, the existing approaches of database encryption techniques using OPE, Principles, and Application of O PE, various types of Attack on OPE and overview of Mutable order PreservingEncoding mOPE.
Abstract: Cloud computing and Database as a service have gaining rapid interest by many organizations today because of its cost effectiveness but it faced a lot of security issued in protecting client business sensitive data, the traditional encryption techniques for database security cannot ensure that a database is safe for intrusion, unauthorized access and queries processes over encrypted data in the present technological evolution. This paper presents a review of Order Preserving Encryption schemes (OPES) a technique for database encryption which execute range queries in an efficient manner, the existing approaches of database encryption techniques using OPE, Principles, and Application of OPE, various types of Attack on OPE and overview of Mutable order Preserving Encoding mOPE.

1 citations


Proceedings ArticleDOI
19 Nov 2020
TL;DR: In the system test link comparing with the traditional database encryption and decryption system, it is verified that the designed system can effectively reduce the bit error rate and improve the database security.
Abstract: In view of the problem that the error rate is too high in the use of the original heterogeneous database encryption and decryption system, the original encryption and decryption system is optimized by data mining calculation, and the heterogeneous database encryption and decryption system based on data mining is designed. Through the data acquisition equipment, data storage equipment and system data transmission equipment to complete the hardware design of the system; according to the database user rights to design the database encryption dictionary, using data mining technology to complete the data preprocessing, using the form of homomorphic encryption to complete the encryption and decryption process of the database. At this point, the implementation of heterogeneous database encryption and decryption system design based on data mining. In the system test link comparing with the traditional database encryption and decryption system, by comparing the bit error rate, it is verified that the designed system can effectively reduce the bit error rate and improve the database security.

1 citations


Patent
21 Jan 2020
TL;DR: In this article, the authors proposed a database encryption method based on a quantum random number and a national cryptographic algorithm, which is applied to the technical field of data storage, and the method comprises the following steps: S1, enabling an encryption system to use QRNG to generate a random number as a master key; s2, performing key expansion on the master key by using a key expansion algorithm togenerate a symmetric key.
Abstract: The invention relates to a database encryption method based on a quantum random number and a national cryptographic algorithm, and is applied to the technical field of data storage. The method comprises the following steps: S1, enabling an encryption system to use QRNG to generate a random number as a master key; s2, performing key expansion on the master key by using a key expansion algorithm togenerate a symmetric key; s3, encrypting plaintext data by using the symmetric key to obtain ciphertext data; or decrypting the ciphertext by using the symmetric key to obtain the plaintext data. On the basis of randomness of the quantum random number generator to the encryption key and safety and controllability of the encryption algorithm, the two aspects are enhanced, higher-level safety can beobtained, and data safety of a user database is more effectively guaranteed.

1 citations


Patent
10 Dec 2020
TL;DR: In this paper, the authors provided an encryption method which comprises, by at least one server including a processing unit and memory, obtaining data, encrypting the data to obtain encrypted data, the encrypting comprising generating encryption keys using a plurality of seeds and a set of encrypting functions, processing the data using at least the encryption keys to generate the encrypted data.
Abstract: There is provided an encryption method which comprises, by at least one server including a processing unit and memory, obtaining data, encrypting the data to obtain encrypted data, the encrypting comprising generating encryption keys using a plurality of seeds and a set of encrypting functions, processing the data using at least the encryption keys to generate the encrypted data, generating encrypted data D S,Enc informative of at least some of the plurality of seeds and transmitting the encrypted data and D S,Enc to a host different from the server, thereby enabling decryption of the encrypted data by the host. Corresponding decryption method is provided.

Book ChapterDOI
18 Sep 2020
TL;DR: An encryption and security scheme is proposed for a lightweight database which is suitable for embedded systems with limited storage and computing resources and can prevent sensitive data leakage from untrusted applications, zero-day-vulnerability and malicious attacks for the lightweight database.
Abstract: Internet-of-Things (IoT) extends the power of Internet and bring tremendous opportunity to academia and industry. However the security and data privacy challenges become major obstacles for its adoption and deployment. To address these issues, an encryption and security scheme is proposed for a lightweight database which is suitable for embedded systems with limited storage and computing resources. The scheme encrypts data are in both storage and used memory. So it can prevent sensitive data leakage from untrusted applications, zero-day-vulnerability and malicious attacks for the lightweight database. The prototype of the proposed scheme was presented and the feasibility and effectiveness was evaluated. The experimental results demonstrate the scheme is practical and effective.

Patent
06 Aug 2020
TL;DR: In this paper, the first tenant data of a first tenant from at least second tenant data from a second tenant, based on a first-tenant identifier, is encrypted based on the retrieved encryption key and non-encrypted header information is generated for each of the encrypted fragments.
Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.