Topic
Database encryption
About: Database encryption is a research topic. Over the lifetime, 320 publications have been published within this topic receiving 10685 citations.
Papers published on a yearly basis
Papers
More filters
••
TL;DR: Analysis and comparison of five traditional architectures for database encryption show that existing architectures may provide a high level of security, but have a significant impact on performance and impose major changes to the application layer, and a sixth novel architecture is suggested that outperforms the others.
29 citations
••
01 Nov 2011TL;DR: Database-as-a-service has several major issues and concerns related to security, including data security, trust, expectations, regulations, and performance issues, while solutions include database encryption and authenticity techniques.
Abstract: Database-as-a-service is one of many services being marketed as part of cloud computing. It has several major issues and concerns related to security, including data security, trust, expectations, regulations, and performance issues. Proposed resolutions include risk management and better contractual agreements, while solutions include database encryption and authenticity techniques. Other cloud computing issues include hardware security concerns and the balance of trust and risk.
29 citations
••
21 Sep 2011TL;DR: This paper proposes a transparent data masking solution for numerical values in DWs based on the mathematical modulus operator, which can be used without changing user application and DBMS source code, and provides strong data security while introducing small overheads in both storage space and database performance.
Abstract: Data Warehouses (DWs) are the enterprise's most valuable asset in what concerns critical business information, making them an appealing target for attackers. Packaged database encryption solutions are considered the best solution to protect sensitive data. However, given the volume of data typically processed by DW queries, the existing encryption solutions heavily increase storage space and introduce very large overheads in query response time, due to decryption costs. In many cases, this performance degradation makes encryption unfeasible for use in DWs. In this paper we propose a transparent data masking solution for numerical values in DWs based on the mathematical modulus operator, which can be used without changing user application and DBMS source code. Our solution provides strong data security while introducing small overheads in both storage space and database performance. Several experimental evaluations using the TPC-H decision support benchmark and a real-world DW are included. The results show the overall efficiency of our proposal, demonstrating that it is a valid alternative to existing standard encryption routines for enforcing data confidentiality in DWs.
28 citations
••
22 Apr 1985TL;DR: A database encryption system based on ideas similar to that of Davida, Wells and Kam is presented, which makes possible the computation of averages and other statistics pertinent to unencrypted data, but it uses only encrypted data in the computation.
Abstract: Davida, Wells and Kam used the Chinese Remainder Theorem to construct an encryption system allowing access to individual data fields of a record in a relational database. Their system is public-key in the sense that the read and write keys of a given data field are different. In this paper we present a database encryption system based on ideas similar to theirs. It is not public key, but has some other useful features. It makes possible the computation of averages and other statistics pertinent to unencrypted data, but it uses only encrypted data in the computation.
28 citations
•
09 Nov 2011
TL;DR: In this paper, the authors proposed a data item level database encryption method, where a hash function is used for deriving an encryption key of each data item according to a derived key and unique positioning information of the data item, even the data items encryption keys for encryption of all integral databases can be derived by using one key to reduce the using amount of the keys and facilitate key management.
Abstract: The invention relates to a security data item level database encryption method. Confidential data is encrypted by a data item level particle size; a hash function is used for deriving an encryption key of each data item according to a derived key and unique positioning information of the data item, even the data item encryption keys for encryption of all integral databases can be derived by using one key to reduce the using amount of the keys and facilitate key management; and a stream cipher algorithm is used for encrypting the data items to avoid filling. A ciphertext index is also encrypted by the stream cipher algorithm; each field (column) is encrypted by using the same key; therefore, searching keywords can be encrypted and then ciphertexts of corresponding fields are matched in spite of precise complete or incomplete searching. The method also has complete security functions of key management, secret sharing, security backup, mandatory access control, security connection and the like.
28 citations