International Journal of Computer Trends and Technology- volume3Issue6- 2012

A Modular and Extendable Approach to Database Encryption at Multi-granularity Level

Ramesh Pabboju1, S.Krishna Mohan Rao2,
CSE Department, JNTUH Hyderabad, Mahaveer Institute of Science and Technology, Bandlaguda, Hyderabad, A.P, INDIA-500 005 2 CSE Department, JNTUH Hyderabad, Siddhartha Institute of Engineering and Technology, Ibrahimpatnam, R.R.Dist, A.P, INDIA-501 006
1

Abstract In spite of security mechanisms built into RDBMS, the databases are traditionally having security vulnerabilities for many reasons as they process huge amount of valuable data of real world enterprises. Thus the need for encryption schemes for storing encrypted data to database and decrypting the same while retrieving came into existence. While these schemes are capable of providing complete database security, they actually exhibit tradeoff between true security and efficiency. Efficiency decreases when security increases. There are two problems with traditional database encryption schemes. They show tradeoff between efficiency and security and also cant solve the problem of storing multi-level encrypted elements into database besides having no ability for effective key management. This paper presents an efficient database encryption scheme that overcomes the problems mentioned above. Index Terms Cryptography, databases, database encryption and decryption, database security

I.

INTRODUCTION

Database is the repository of valuable business data. Such data is very important to the growth of any business. Database has become a valuable asset in the context of e-commerce, ebusiness, ERP of various businesses. The enterprises that depend on the data cant function well if the database is down. The applications used by such enterprises are essentially mission-critical in nature. This tells the need for database protection. There are many RDBMSs (Relational Database Management Systems) that come with built in security mechanisms. They generally provide authentication, authorization and access control mechanisms. The security requirements required by databases normally include prevention

of unauthorized access to information; prevention of unauthorized changes to the database; addressing denial of service attacks; prevention of penetration into database by unauthorized person; and prevention of abuse of privileges. As RDBMS processes huge amount of data regularly, achieving all security requirements is not an easy task. Though the databases are designed with built in security, certain loopholes or manual mistakes by humans can make the database vulnerable and cause for various security threats. In spite of security measures taken by designers of RDBMS, still the databases running in them are vulnerable as they only depend on roll based or user level security that allows access to database through credentials. When such credentials are compromised or hacked, the database is no more secure. This is the cause of concern. To overcome this problem lot of research went on the concept of encrypting databases. It does mean that the data is stored in database in an encrypted format and while retrieving the data, it gets decrypted for the valid users. The application of cryptography to databases can provide complete security. However, there is tradeoff between the security and efficiency. The efficiency decreases when security increases. Even if hackers manage to get access to data, they will not be able to decrypt it thus providing fool proof security. As encryption and decryption mechanisms employed on database can reduce the efficiency of database in terms of processing queries, it causes additional overhead. This overhead is not there with other cryptographic applications as it is capable of incurring a tradeoff between the efficiency and security. Many researchers spent lot of their time to solve this

ISSN: 2231-2803 http://www.internationaljournalssrg.org

Page 769

International Journal of Computer Trends and Technology- volume3Issue6- 2012

problem of tradeoff. There are mainly two index systems. According to [1] they are known as hash indices and ordered indices. Two improve the query efficiency also there are two ways. The first one is to use B+ tree while the second one is using bucket partitioning approach. Databases hold huge amount of data. This data entirely may not be sensitive and warrants encrypted security. However some part of data might be very sensitive and needs the application of database encryption and decryption phenomena. Provided this knowledge, it is possible to apply encryption at different granularities. Another problem with database encryption especially when element encryption is involved, there would be number of keys and managing those keys using access control mechanisms for each element. Traditional database encryption scheme cant address this potential problem. This paper presents a new cryptographic scheme for encrypting database besides reviewing the encryption schemes that existed in the real world already. II. RELATED WORK Initial research in the area of encrypting databases has been done in [2] and [3]. In [4] security problems are solved using field based data protection and discussed the possibility of encrypting data at various levels such as field, attribute and table. Database integrity can be spoiled when data is modified illegally or the database constraints are manipulated. Cryptographic checksum is used in [5] to solve database integrity problems. Downs, D. and Popek, G. in [6] proposed a security model that consists of two modules and the implementation is done through tags. In [7] Davida, G.I, Wells, D.L and Kam, L.B proposed a technique known as blend record and fields that are based on the remainder theorem. In [8] a security system was proposed by name SRS (Secure Retrieval System). It takes care of retrieval of encrypted data from database. The steps it follows include encrypted databases are set up with encrypted data and indexes were indexes are used for faster retrieval of data; searching for data with a keyword; matching data is found by an algorithm at server; user gets results of query finally. In the process it makes use of many technical programming constructs to perform decryption. Correctness and Integrity are the two security requirements as proposed in [9] and [10] respectively. SRS implemented them. The database encryption approaches are followed by many researchers. However, their focus is on different aspects such as efficiency, key management, bucket partition, B+ tree and so on. Bucket ID transformation concept was proposed by Dong Hyeok Lee which allows range queries sans showing the order of plaintext [11]. The main problem with bucket indexing is that dividing bucket. The author simply used arbitrary sB. However, it wont work with different sB correctly. Its results are not consistent. Order preserving encryption scheme proposed by Agarwal, R supports such range queries with more efficiency. However, it is found that this scheme led to disclosing order too for making it useful to certain specific occasions [12]. Zheng-Fei Wang [4] proposed a framework that can implement queries on encrypted data quickly. He developed the framework based on B+ tree. He also implemented a scheme that encrypts each node in the B+ tree for protecting data instead of encrypting the whole tree itself. It is easy to implement such method. However, it is also having the problem of information disclosure. Some other researches [13], [5] mainly focus on key management and database encryption without paying much attention to query and processing of query. In this paper a new database encryption scheme is proposed to solve the problems discussed above. When data is stored in database in encrypted format, we create B+ tree index for the data to be inserted just before encrypting it besides storing the encrypted data in to database. This concept of us was influenced by [4]. The indexes thus generated are kept in a special indexing server. The security scheme also uses session key and tickets concept proposed in Kerberos that ensures the index is also safe and secure. This scheme has many kinds of attribute levels and also security levels. To name them, the scheme has encryption with symmetric cryptography, encryption with dissymmetric cryptography, and encryption with element level cryptography. It also takes care of managing keys effectively besides having access control mechanisms over each and every element. III. PROPOSED DATABASE ENCRYPTION SCHEME AT MULTIGRANULARITY LEVEL The proposed database encryption scheme is meant for efficient intrusion response system. It has four components with specific functionalities. They are Key Center (KC), Encryption and Decryption, Access Control, and Control Engine. The first component is responsible for issues pertaining to key management and key generation. It stores record key in a secure server known as IS (Index Server) while attribute keys are stored in LDAB (Lightweight Directory Access Protocol) which resides in the server and its index is stored in index server. The KC also can view protecting index. The second module as the name indicates is meant for encryption and decryption of elements. Encryption is to convert each element into an ununderstandable format while the reverse process is

ISSN: 2231-2803 http://www.internationaljournalssrg.org

Page 770

International Journal of Computer Trends and Technology- volume3Issue6- 2012

known as decryption. The third component by name access control is responsible to control various users access to records and attributes. The fourth component by name Control Engine is responsible convert the commands issued in SQL into DBMS understandable format. It also determines the encryption level of each element. The encryption mechanism is carried out as described here. First of all a temporary table is constructed which is meant for recording secure level of each attribute; afterwards an access control procedure is set up which have two parts. The first part tells about the record accessed by end user. The second part tells the attributes being accessed by end user or both of them. It is totally based on the current access and potential access, Which uses Sea-View Mandatory Access Control Policy. However, this is an assumption in the paper; then a B+ tree is built and maintained which is stored in Index Server. After this, the generated key and record key are kept in B+ tree. Then the B+ tree is registered with LDAP server for easy access, encryption. From the attribute key and record key, another key known as working key is generated. For making is more secure, the top key pair. The private key is kept in flash memory while the public key is kept in LDAP. With corresponding key each and every element or attribute. The above story is one side of the coin. The other side of the coin is decryption which is the reverse process to encryption. The process of decryption is described here. First of all user gets authenticated; then he uses JDBC or ODBC to make a query to database. Afterwards, the parser analyses about the elements to be accessed and the level of each element. If the content is found unencrypted, the engine sends the results directly to user. If it is encrypted at attribute level, a redirect query is made to LDAP to obtain the stub of that attribute key and then corresponding B+ tree is returned. In case of element level encryption, it seeks B+ tree preceded by LDAP. Encryption key is derived by both record key and attribute key. Afterwards the B+ tree is consulted and finally the corresponding the decrypted element is sent to end user. In case of encrypted element which is at topsecret level, they system takes user input private key of that element and then returns the decrypted element after consulting B+ tree. The access control mechanism is based on different levels such as attribute level, element level and table level. Each attribute is associated with certain importance by end user at initial process. There are four secret levels maintained. They are top-secret, secret, public and classified. Based on the given important to each and every attribute of elements, the database elements are also classified into four levels. They are known as public elements, secret elements, classified element and top-secret element. The public elements are not encrypted as they can be accessed by all. For secret elements, attribute level encryption is applied using symmetric cryptography. For classified elements, we use encryption for all elements separately using symmetric cryptography. For top-secret elements all elements are encrypted using dissymmetric cryptography. To manage this issue of complexity of having different levels of elements and security levels, an access control list is prepared. To make this list effectively each record in table is considered to be an element. Practically an end user can access to the entire record only if he has access to attribute and record as well. Provided this assumption it is possible to manage with 110 elements for a table with 100 records and 10 attributes. Security cant be enhanced by using this assumption. However, it can greatly reduce the work load on the databases. The ACL is required as record and index keys are kept in IS. The ACL itself is maintained in a table and it gets updated when a new user is registered. In the proposed database encryption scheme, LDAP is used for good query performance. It stores elements and attribute keys. It has three layers where database information and table information and attribute key information are stored respectively. LDAP maintains its own ACL which comes in handy without having additional overhead. III.I. Constructing Index Indexing helps in making the execution of queries faster. If database has index, it can be used directly. However, at the position of index for a new query, a record key is inserted. If index is not found for the database, for each record a B+ Tree is constructed just before encryption takes place [11]. A multi-level index is also created in which each database is represented by out most level; each table is represented by the inner one, while the B+ tree is represented by third level. A tables index is stored in B+ tree which shows how tables are situated in a database.

Fig. 1 Multi-level Index Construction

ISSN: 2231-2803 http://www.internationaljournalssrg.org

Page 771

International Journal of Computer Trends and Technology- volume3Issue6- 2012

As can be seen in fig. 1, B+ tree is of multi-level in nature. The storage space occupied by a B+ tree is very less. It is always much lesser than a data file. Thus a B+ tree helps improving efficiency greatly. B+ tree represents ordered indices and the searching of data becomes easier and faster with B+ tree [1]. III.II. Key Management Encryption is of two types namely public key encryption and private key encryption. The private key encryption is simple but it has problem sharing key securely. The public key encryption is secure as there is no need to share secret keys among the participants of secure communication. As the public key encryption can provide security it can also throw a security problem when the private key is compromised or it is hacked. This is because the whole security is as good as the strength of private key maintained in public key encryption [13]. For making keys efficient, we generate keys for each and every record and attribute. From both record key and attribute key a working key is derived. The proposed scheme also uses a random number as key which makes use of time as seed to make the perfect random keys. This prevents attacks such as key-guessing. Moreover the random number is not directly used but use a hashed number. In case of attribute level encryption only attribute key is sufficient while for the case of record encryption a working key is required which is derived by combining both attribute and record keys. The procedure is as described below. Certain notions are used for modeling the proposed scheme. In this f indicates the random generation function; hash indicates a hash function; t, ti, tj indicate the time taken for calculating random number; ka indicates the attribute key while kr indicates record key. There is another notation known as kw which indicates the working key which is derived from the first and second keys. A key pair is used in dissymmetrical cryptography. For instance, RSA makes use of big prime number where a private key is kept in flash memory after encrypting with users password and the corresponding public key is kept in LDAP. For encryption purposes public key is used however, encrypted data cant be decrypted by public key. Public key can be used only for encryption. Both the public key and attribute key in the example shown above are stored in LDAP server whose access depends on the pre-set ACL which does not allow unauthorized access. In the B+ tree record key is kept. To modify such key and also attribute key, the security scheme has to decrypt the data prior to making changes. III.III. Processing Query When a query is made using SQL by the user, initially the control engine transfers the query to a parser to know the elements requested by end users. Afterwards, the parsers will see the level of encryption and whether it is attribute level. This does mean that the previous action refers to the LDAP for required attribute key and IS for corresponding index. Then the control is transferred to key generation component that generates both working key and index. In case of top-secret level encrypted element, at this stage end user required to insert flash memory his password in order to find out decrypted private key and the accesses index from IS. Under control engine more of the operations are done. The control engine is free from end user. The end user sees no changes and the scheme has no changes for given user.

Fig. 2 Illustrates index and key obtaining process when a query is issued by user.

As can be seen in fig. 2, it is evident that the key and index obtaining process involves many things namely IS, CE, KMS, KG and LDAP. IS stands for Index Server. KMS stands for Key Management System. LDAP stands for Light Weight Directory Access Protocol. The following steps are following while obtaining index and key. When a new query is made, the SQL command is transformed into database understandable language and the attribute and record needed by end user are known. The id of given element means public key. Afterwards, the KMS verifies and gives two session keys for the purpose of later usage. It also issues two keys for LDAP and IS access. Now client submits request to LDAP with id and ticket of the element. Given ticket is verified by LDAP and determined the issuance of attribute key.

ISSN: 2231-2803 http://www.internationaljournalssrg.org

Page 772

International Journal of Computer Trends and Technology- volume3Issue6- 2012

Then the client submits requirements to IS with id and ticket of the same element. IS verifies the ticket and provides the address of the element encrypted with client key and record key. The encryption takes place as per the description given in the beginning of the proposed database encryption scheme section of this paper. Note that in case of classified level encryption which is also known as element encryption, symmetric cryptography is used. In case of secret level encryption which is also known as attribute level encryption, no record key is required. Therefore that step is skipped in the given procedure. In case of top-secret level encryption, both record and attribute keys are not required. It only needs index and then decryption takes place using private key present in flash memory. IV. Discussion The proposed database encryption scheme is extendable and so as to enable the selection of encryption algorithm and access control mechanism. Even B+ tree can be replaced by other index. However, B+ tree is required in improving efficiency using which safety is guaranteed by KMS. As accessing information present in IS needs session key from the KMS, information disclosure problem does not exist. After doing work in the initial period, that is the period many prerequisite things happen, the query processing is made very easier. Multi-level is set and followed as query process requires multiple steps. The computing cost of the database encryption process is described here. In case of secret element, 1 random number generation, 1 hash and 1 symmetric encryption are required. In case of classified element, two random number generations, 1 symmetric encryption and 2 hash computing are required. In case of top-secret element, 1 big prime number partition, and only 1 dissymmetric encryption are required. In case of query operation, the main cost includes querying LDAP, IS, B+ Tree. Fast support of queries is given by LDAP. The cost in control system where big process of organizations takes place causes another big cost. In order to provide access to more users, control engine needs the support of parallel computing. Our database encryption scheme is compared with that of Dong Hyeok Lee. The computational cost of our approach is low and revealed the efficiency that makes it practical and useful in real world database encryption applications. A prototype application has been developed and tested to demonstrate the efficiency of proposed scheme. V. CONCLUSION This paper presents a new scheme for database encryption at multi-granularity level besides protecting index information as well. It provides multiple encryption algorithms and many encryption granularities to overcome the drawback of traditional database encryption schemes that exhibit tradeoff between security and efficiency. It makes use of a special index server and a session key to protect index information. The empirical results revealed that the proposed scheme is effective and can be used. REFERENCES
[1] Zhou Qin-Li, He Xian-Ming, The Study of an Compound Index Structure & Its Performance Comparison, Microelectronics & Computer, 2004. [2] D. E Denning, Field Encryption and Authentication. Proc. Of CRYPTO 8.9, Plenum Press. 1983. [3] D. E Denning, Cryptographic checksums for multilevel data security. Proc. of Symp.on Security and Privacy, IEEE Computer Society, 1984.pp. 52-61. [4] Zheng-Fei Wang , Ai-Guo Tang, Wei Wang , Fast Query Over Encrypted Data Based On B+ Tree, International Conference On Apperceiving Computing and Intelligence Analysis,2009. [5] Samba Sesay, Zongkai Yang, Jingwen Chen and Du Xu, A Secure Database Encryption Scheme, Consumer Communications and Networking Conference,2005. [6] D Downs,. and G. J Popek, A Kernel Design for a Secure Data Base Management System. Proc.3rd Conf. Very Large Data Bases, IEEE and ACM, New York, 1977 pp. 507-514. [7] G.I Davida, D.L Wells, and J.B Kam, A Database Encryption System with sub keys. ACM Trans. On Database Systems 1981 vol 6:2. [8] Hyan-Apark,Jin Wook Byun,Jae Hyun Park and Dong Hoon Lee., 2008. On a Security Model for a Retrieval System over Encrypted Database. Pp 76-82. [9] Camenisch J. and Lysyanskaya A., "A formal treatment of onion routing". Crypto 2005, LNCS 3621, 2005, pp. 169 187. [10] Menezes A. and Oorschot, P., Handbook of Applied Cryptography, CRC Press, 1996. [11] Dong Hyeok Lee, Seung Min Lee, Taek Yong Nam, You Jin Song, A Bucket ID Transformation Scheme for Efficient Database Encryption, International Conference On Information Networking, 2008. [12] Agrawal, R. et al., Order Preserving Encryption for Numeric Data, Proc. of the ACM Sigmoid International Conference On Management of Data, 2004, [13] Gang Chen, Ke Chen, Jinxiang Dong, A Database Encryption Scheme for Enhanced Security and Easy Sharing, Proceedings of the 10th International Conference on Computer Supported Cooperative Work in Symmetric cryptosystem, 2006.

ISSN: 2231-2803 http://www.internationaljournalssrg.org

Page 773