Abstract In spite of security mechanisms built into RDBMS, the databases are traditionally having security vulnerabilities for many reasons as they process huge amount of valuable data of real world enterprises. Thus the need for encryption schemes for storing encrypted data to database and decrypting the same while retrieving came into existence. While these schemes are capable of providing complete database security, they actually exhibit tradeoff between true security and efficiency. Efficiency decreases when security increases. There are two problems with traditional database encryption schemes. They show tradeoff between efficiency and security and also cant solve the problem of storing multi-level encrypted elements into database besides having no ability for effective key management. This paper presents an efficient database encryption scheme that overcomes the problems mentioned above. Index Terms Cryptography, databases, database encryption and decryption, database security
I.
INTRODUCTION
Database is the repository of valuable business data. Such data is very important to the growth of any business. Database has become a valuable asset in the context of e-commerce, ebusiness, ERP of various businesses. The enterprises that depend on the data cant function well if the database is down. The applications used by such enterprises are essentially mission-critical in nature. This tells the need for database protection. There are many RDBMSs (Relational Database Management Systems) that come with built in security mechanisms. They generally provide authentication, authorization and access control mechanisms. The security requirements required by databases normally include prevention
of unauthorized access to information; prevention of unauthorized changes to the database; addressing denial of service attacks; prevention of penetration into database by unauthorized person; and prevention of abuse of privileges. As RDBMS processes huge amount of data regularly, achieving all security requirements is not an easy task. Though the databases are designed with built in security, certain loopholes or manual mistakes by humans can make the database vulnerable and cause for various security threats. In spite of security measures taken by designers of RDBMS, still the databases running in them are vulnerable as they only depend on roll based or user level security that allows access to database through credentials. When such credentials are compromised or hacked, the database is no more secure. This is the cause of concern. To overcome this problem lot of research went on the concept of encrypting databases. It does mean that the data is stored in database in an encrypted format and while retrieving the data, it gets decrypted for the valid users. The application of cryptography to databases can provide complete security. However, there is tradeoff between the security and efficiency. The efficiency decreases when security increases. Even if hackers manage to get access to data, they will not be able to decrypt it thus providing fool proof security. As encryption and decryption mechanisms employed on database can reduce the efficiency of database in terms of processing queries, it causes additional overhead. This overhead is not there with other cryptographic applications as it is capable of incurring a tradeoff between the efficiency and security. Many researchers spent lot of their time to solve this
Page 769
Page 770
Page 771
Fig. 2 Illustrates index and key obtaining process when a query is issued by user.
As can be seen in fig. 2, it is evident that the key and index obtaining process involves many things namely IS, CE, KMS, KG and LDAP. IS stands for Index Server. KMS stands for Key Management System. LDAP stands for Light Weight Directory Access Protocol. The following steps are following while obtaining index and key. When a new query is made, the SQL command is transformed into database understandable language and the attribute and record needed by end user are known. The id of given element means public key. Afterwards, the KMS verifies and gives two session keys for the purpose of later usage. It also issues two keys for LDAP and IS access. Now client submits request to LDAP with id and ticket of the element. Given ticket is verified by LDAP and determined the issuance of attribute key.
Page 772
Page 773