1

Database security Unit-IV

Database security can be defined as a system or process by which the

"Confidentiality, Integrity, and Availability," or CIA, of the database can be
protected.
Unauthorized entry or access to a database server signifies a loss of
confidentiality; unauthorized alteration to the available data signifies loss of
integrity; and lack of access to database services signifies loss of availability.

CIA Triad

1) Confidentiality

In database security concepts, Confidentiality comes first. Confidentiality can be

enforced by encrypting the data stored in the database. Encryption is a technique or process by
which data is encoded in such a way only authorized users be able to read the data. In other
words, encryption means rendering sensitive data unreadable to unauthorized users. Encryption
can be done at two different levels: data-in-transit and data-at-rest.

1) Data-in-transit:

This refers to data that is moving within the network. Sensitive data, for example,
that is sent through network layers or through the Internet. A hacker can gain access to
this sensitive data by eavesdropping. When this happens, the confidentiality of the data is
compromised. Encrypting data-in-transit avoids such compromises.

2) Data-at-rest:

It is possible for a hacker to hack the data that is stored in the database.
Encrypting data-at-rest prevents such data leakages.

Different encryption algorithms are available, which includes Data Encryption

Standards (DES), Triple DES or 3DES, and Advanced Encryption Standards (AES).

2) Integrity

Integrity can be enforced by setting User Access Controls (UAC) that define which users have
to be given what permissions in the database. For example, data related to employee information
is stored in a database. An employee may have permission for viewing the records and altering
only part of information like his contact details, whereas a person in the human resources
department will have more privileges.

What are the steps that have to be taken to ensure integrity of the database?

1) Once the database is installed, the password has to be changed. Similarly, periodic
checks have to be conducted to ensure the password is not compromised.
2) User accounts that are not in use have to be locked. If one is sure that these user
accounts will never be used again, then the best step is to remove such user accounts.

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

 2

3) Policies to set strong passwords have to be enforced. A good idea is to have a

policy of changing the passwords once per a month.
4) There are two types of authentication when it comes to database security, namely,
domain authentication and database authentication. Choose which authentication
you are going to follow and ensure you stick to it. Having both types of authentication
will create greater confusion rather protecting the database.
5) Check for the roles each user has and set the rules accordingly. You must ensure
that users are given permissions to do what they are allowed to do. I know this is a
time consuming job when the database is huge, but once the permissions are set the
right way, it is easy to check unauthorized entry or access.
6) Does your company have multiple database administrators? If yes, segregate the
duties among these database administrators.

3) Availability

Databases must not have unplanned downtime. To ensure this, following steps have to be
taken:

1. Restrict the amount of storage space given to each user in the database.
2. Limit the number of concurrent sessions made available to each database user.
3. Backup the data at periodic intervals to ensure data recovery

in case of application issues.

4. Databases should be secured against security vulnerabilities.

5. To ensure high availability, usage of database clusters is recommended.

Threats to Database Security

1) Privilege abuse:

When database users are provided with privileges that exceeds their day-to-day job
requirement, these privileges may be abused intentionally or unintentionally.

Take, for instance, a database administrator in a financial institution. What will

happen if he turns off audit trails or create bogus accounts? He will be able to transfer
money from one account to another thereby abusing the excessive privilege intentionally.

Having seen how privilege can be abused intentionally, let us see how privilege can be
abused unintentionally. A company is providing a “work from home” option to its
employees and the employee takes a backup of sensitive data to work on from his home.
This not only violates the security policies of the organization, but also may result in data
security breach if the system at home is compromised.

2) Operating System vulnerabilities:

Vulnerabilities in underlying operating systems like Windows, UNIX, Linux, etc.,

and the services that are related to the databases could lead to unauthorized access. This
may lead to a Denial of Service (DoS) attack. This could be prevented by updating the
operating system related security patches as and when they become available.

3) Database rootkits:

A database rootkit is a program or a procedure that is hidden inside the database

and that provides administrator-level privileges to gain access to the data in the database.
These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS).
It is possible to install a rootkit only after compromising the underlying operating system.
This can be avoided by periodical audit trails, else the presence of the database rootkit
may go undetected.

4) Weak authentication:

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

 3

Weak authentication schemes allow attackers to assume the identity of legitimate

database users by stealing or otherwise obtaining login credentials. An attacker may
employ any number of strategies to obtain credentials.

1
0
1 1) Brute Force - The attacker repeatedly enters username/password
combinations until he finds one that works. The brute force process may involve
simple guesswork or systematic enumeration of all possible username/password
combinations. Often an attacker will use automated programs to accelerate the
brute force process.
2 2) Social Engineering – A scheme in which the attacker takes advantage the
natural human tendency to trust in order to convince others to provide their
login credentials. For example, an attacker may present himself via phone as an
IT manager and request login credentials for “system maintenance” purposes.
3 3) Direct Credential Theft – An attacker may steal login credentials by
copying post-it notes, password files, etc.

5) Weak audit trails:

A weak audit logging mechanism in a database server represents a critical risk to

an organization especially in retail, financial, healthcare, and other industries with
stringent regulatory compliance. Regulations such as PCI, SOX, and HIPAA demand
extensive logging of actions to reproduce an event at a later point of time in case of an
incident. Logging of sensitive or unusual transactions happening in a database must be
done in an automated manner for resolving incidents. Audit trails act as the last line of
database defense. Audit trails can detect the existence of a violation that could help trace
back the violation to a particular point of time and a particular user.

Weak database audit policy represents a serious organizational

risk on many levels.
0 1) Regulatory Risk - Organizations with weak (or sometimes
non-existent) database audit mechanisms will increasingly
find that they are at odds with government regulatory
requirements. Sarbanes-Oxley (SOX) in the financial services
sector and the Healthcare Information Portability and
Accountability Act (HIPAA) in the healthcare sector are just
two examples of government regulation with clear database
audit requirements.
1 2) Deterrence – Like video cameras recording the faces of
individuals entering a bank, database audit mechanisms
serves to deter attackers who know that database audit
tracking provide investigators with forensics link intruders to a
crime.
2 3) Detection and Recovery – Audit mechanisms represent the last line of
database defense. If an attacker manages to circumvent other defenses, audit
data can identify the existence of a violation after the fact. Audit data may
then be used to link a violation to a particular user and/or repair the system.
3
6) Privilege Elevation
Attackers may take advantage of database platform software vulnerabilities to
convert access privileges from those of an ordinary user to those of an administrator.
Vulnerabilities may be found in stored procedures, built-in functions, protocol
implementations, and even SQL statements. For example, a software developer at a
financial institution might take advantage of a vulnerable function to gain the database
administrative privilege. With administrative privilege, the rogue developer may turn off
audit mechanisms, create bogus accounts, transfer funds, etc.

7) SQL Injection:
In a SQL injection attack, a perpetrator typically inserts (or “injects”)
unauthorized database statements into a vulnerable SQL data channel. Typically targeted
data channels include stored procedures and Web application input parameters. These
Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV
 4

injected statements are then passed to the database where they are executed. Using SQL
injection, attackers may gain unrestricted access to an entire database.

8) Denial of Service:
Denial of Service (DOS) is a general attack category in which access to network
applications or data is denied to intended users. Denial of service (DOS) conditions may
be created via many techniques - many of which are related to previously mentioned
vulnerabilities. For example, DOS may be achieved by taking advantage of a database
platform vulnerability to crash a server. Other common DOS techniques include data
corruption, network flooding, and server resource overload (memory, CPU, etc.).
Resource overload is particularly common in database environments.

9) Database Communications Protocol Vulnerabilities:

A growing number of security vulnerabilities are being identified in the database
communication protocols of all database vendors. Four out of seven security fixes in the
two most recent IBM DB2 FixPacks address protocol vulnerabilities1. Similarly, 11 out
of 23 database vulnerabilities fixed in the most recent Oracle quarterly patch relate to
protocols. Fraudulent activity targeting these vulnerabilities can range from unauthorized
data access, to data corruption, to denial of service. The SQL Slammer2 worm, for
example, took advantage of a flaw in the Microsoft SQL Server protocol to force denial
of service. To make matters worse, no record of these fraud vectors will exist in the
native audit trail since protocol operations are not covered by native database audit
mechanisms.

9) Backup Data Exposure:

Backup database storage media is often completely unprotected from attack. As a
result, several high profile security breaches have involved theft of database backup tapes
and hard disks.

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

 5

Cryptography:

The conversion of data into a secret code for transmission over a public
network. The original text, or "plaintext," is converted into a coded equivalent called
"ciphertext" via an encryption algorithm. The ciphertext is decoded (decrypted) at the
receiving end and turned back into plaintext..

Cryptography (or cryptology) is the practice and study of hiding information.

Modern cryptography intersects the disciplines of mathematics, computer science, and
engineering. Applications of cryptography include ATM cards, computer passwords,
and electronic commerce.

Branches of cryptography

1. Cryptographic engineering
2. Multivariate cryptography
3. Quantum cryptography
4. Steganography
5. Visual cryptography

1) Asymmetric Cryptography

Asymmetric Cryptography can be used to securely transmit information over

hostile networks.

Asymmetric cryptography is cryptography in which a pair of keys is used to

encrypt and decrypt a message so that it arrives securely. Initially, a network user
requests a public and private key pair. A user who wants to send an encrypted message
can get the intended recipient's public key from a public administrator. When the
recipient gets the message, they decrypt it with their private key, which no one else
should have access to. This process is known as a public key infrastructure.

Witfield Diffie & Martin Hellman, then researchers at Stanford University,

first publicly proposed asymmetric encryption in their 1977 paper, New Directions In
Cryptography.
Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV
 6

Symmetric-key cryptography

Symmetric-key cryptography refers to encryption methods in which both the

sender and receiver share the same key

1) Block Ciphers
Block ciphers are cryptographic algorithms which operate on 64-bit blocks of
plaintext. The encryption procedure usually consists of multiple and complex rounds of
bit shifts, XORs, permutations and substitutions of plaintext and key bits. Decryption is
similar to encryption except that some operations may be performed in the reverse order.
Some algorithms use fix-length keys, for others the key length may vary.

1) DES

Data Encryption Standard (DES) is a block cipher invented over 20

years ago by IBM in response to a public request from the National Bureau of
Standards. It has been a worldwide cryptographic standard since 1976

2) RC2

RC2 was invented by Ron Rivest for RSA Data Security, Inc. Its details
have not been published. RC2 is a variable-key-length cipher. However, when
using the Microsoft Base Cryptographic Provider, the key length is hard-coded to
40 bits.

3) Triple DES

The idea behind Triple DES is to improve the security of DES by applying
DES encryption three times using three different keys. This way the effective key
length becomes 56 x 3 = 168 bits which makes brute-force attacks virtually
impossible.Triple DES is implemented by the Microsoft Enhanced Cryptographic
Provider.

4) Triple DES with 2 Keys

In this variation, DES encryption is still applied three times but using only
2 keys: first key 1 is applied, then key 2 and then key 1 again. The effective key
length is 56 x 2 = 112 bits.Triple DES with 2 keys is implemented by the
Microsoft Enhanced Cryptographic Provider.

5) Advanced Encryption Standard (AES) aka Rijndael

Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen

as a candidate algorithm for the AES. Rijndael became the AES after the FIPS
approval by the U.S. government in 2001. The cipher currently supports key
lengths of 128, 192, and 256 bits. AES is implemented by the "Microsoft
Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV
 7

Enhanced RSA and AES Cryptographic Provider (Prototype)" on Windows XP

and "Microsoft Enhanced RSA and AES Cryptographic Provider" on Windows
2003. Windows NT and 2000 do not support this cipher. AspEncrypt offers
support for AES starting with version 2.3.

2) Stream Ciphers
Stream ciphers encrypt plaintext one bit (or sometimes byte) at a time. The stream
of plaintext bits are XORed with the output of a keystream generator which produces a
stream of bits based on a seed value. This seed value is the key for a stream cipher.
The decryption process is identical: the ciphertext bits are XORed with the same
keystream (which is the function of the key).

1) RC4
RC4 was developed by Ron Rivest in 1987. It is a variable-key-size
stream cipher. The details of the algorithm have not been officially published.
However, the algorithm's internals have been posted on the Internet, and the book
Applied Cryptography contains its detailed description. The algorithm is
extremely easy to describe and program.
Just like RC2, 40-bit RC4 is supported by the Microsoft Base
Cryptographic provider, and the Enhanced provider allows keys in the range of 40
to 128 bits in 8-bit increments.

Digital Signature
A digital signature or digital signature scheme is a mathematical scheme for
demonstrating the authenticity of a digital message or document. A valid digital signature
gives a recipient reason to believe that the message was created by a known sender, and
that it was not altered in transit. Digital signatures are commonly used for software
distribution, financial transactions, and in other cases where it is important to detect
forgery and tampering.

A digital signature scheme typically consists of three algorithms:

1) A key generation algorithm that selects a private key uniformly at random from a set of
possible private keys. The algorithm outputs the private key and a corresponding public
key.
2) A signing algorithm which, given a message and a private key, produces a signature.
3) A signature verifying algorithm which given a message, public key and a signature,
either accepts or rejects the message's claim to authenticity.

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

 8

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

 9

Benefits of Digital Signature

1) accelerate workflows that are currently jammed by signature

delays
2) guarantee confidence in the validity of the signer and of the
signed document
3) close more deals faster by allowing customers to approve
deals online or your sales staff to capture signatures when
enthusiasm is at its peak
4) enhance collaboration across departments, vendor networks
and multiple offices by distributing and fulfilling signature
requests, fast
5) create customer and partner portals that facilitate sales and
project coordination electronically
6) comply with regulatory requirements for documented approvals that can be
obtained, stored and retrieved quickly and easily.
7) Manage paperless contracts and invoices to accelerate work
processes and make archiving easier
8) realize the full value of your document management technologies,
by eliminating dependence on “wet” signatures
9) reduce dependence on IT by using a standard technology that
does not require special downloads or proprietary software

Service Providers

1) CIC - The Communication Intelligence Corporation

2) Silanis
3) Lexign
4) ARX-Cosign
Uses:

1) Healthcare
2) Life Sciences
3) Government
4) Engineering
5) Human Resources
6) Insurance

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

 10

Privileges
A privilege is a right to execute an SQL statement or to access another user's
object. In Oracle, there are two types of privileges: system privileges and object
privileges. A privileges can be assigned to a user or a role

1) System privileges
There are quite a few system privileges: in Oracle 9.2, we count 157 of them, and
10g has even 173. Those can be displayed with select name from system_privilege_map
Executing this statement, we find privileges like create session, drop user, alter
database, see system privileges.
System privileges can be audited.
Arguably, the most important system privileges are:

1) create session (A user cannot login without this privilege. If he tries, he

gets an ORA-01045).
2) create table
3) create view
4) create procedure
5) sysdba
6) sysoper
7) Back up
8) Databank
9) Schema

2) Object privileges
privileges can be assigned to the following types of database objects:

1) Tables
select, insert, update, delete, alter, debug, flashback, on commit refresh,
query rewrite, references, all
2) Views
select, insert, update, delete, under, references, flashback, debug
3) Sequence
alter, select
4) Packeges, Procedures, Functions (Java classes, sources...)
execute, debug
5) Materialized Views
delete, flashback, insert, select, update
6) Directories
read, write
7) Libraries
execute
8) User defined types
execute, debug, under
9) Operators
execute
10) Indextypes
execute

For a user to be able to access an object in another user's schema, he needs the
according object privilege.
Object privileges can be displayed using all_tab_privs_made or user_tab_privs_made.

Assigning privileges to users

A privilege can be assigned to a user with the grant sql statment. On the
other hand, revoke allows to take away such privileges from users and roles.

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

 11

Oracle stores the granted privileges in its data dictionary.

1) Grant

The SQL command grant allows to assign system privileges and object
privileges to users and roles.

grant system_privilege to username;

grant system_privilege_1, system_privileges_2,
..,system_privileges_ n to username;
grant system_privilege_1 to username with admin option;
grant object_privilege to username;
grant object_privilege to username with grant option;
grant object_privilege to username with hierarchy option;

2) Revoke

The SQL command revoke allows to take away system privileges and
object privileges from users and roles.

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV