International Journal of Advances in Electronics and Computer Science, ISSN (p): 2394-2835 Volume-9, Issue-2, Feb.

-2022
http://iraj.in
INCREASING SECURITY IN MONGO DB BY USING PERCONA
SERVER
1
NAZREE NADHIR, 2THEODORE JOSEPH SIAHAYA, 3RAKA KALBU IMAJI, 4JAMES PURNAMA,
5
CHRISTIAN JOSEPH DE SILVA TAN
1,2,3,5
Bachelor of Information Technology Swiss German University, Tangerang, Indonesia
4
Head of Information Technology, Swiss German University Tangerang, Indonesia
E-mail: 1nazree.nadhir@student.sgu.ac.id, 2theodore.siahaya@student.sgu.ac.id, 3raka.imaji@student.sgu.ac.id,
4
james.purnama@sgu.ac.id, 5christian.tan@student.sgu.ac.id

Abstract - MongoDB is a non-relational database that is usually used for many types of organizations such as business,
government, and many more. However, every system will always have flaws inside which is usually known as its weakness.
One of the weaknesses that existed inside MongoDB is related to the security inside the database such as the encryption.
MongoDB does not have any encryption which means that the database inside will not be secure. Every database should be
able to encrypt the data inside for the purpose of security. If not, attacks like data breach will reach the database and all data
will be leaked. With this research paper that aims to increase the security in MongoDB by using Percona Server, it is certain
that security inside the database could be implemented for further use inside the MongoDB database.

Keywords - Security, Network Security, MongoDB, NoSQL, Encryption, Database, Collections, Documents, Non-
Relational Database, Percona Server

I. INTRODUCTION
MongoDB is a document-oriented non-relational
database. It is one of the most popular NoSQL
databases used in a lot of countries, because it has
many interesting features such as it’s unique data
model, availability, and it’s scalability. It is different
from the usual SQL database which is a relational
database. MongoDB database has been implemented
on many applications such as E-commerce
applications, Social Media Applications, and many
other applications as well. MongoDB has many
advantages which are, Mongo-DB is an open source
document based tool and it can be used to store a
huge volume of data. MongoDB uses document-
oriented data and it also uses an unstructured query
language which makes it scalable and flexible for
users to learn and use the tool.
Security of a database is one of the most important
factors in setting up a database. Without a good
security system, a database will be vulnerable to
attacks, such as SQL injection attacks, and breached
databases. In a big company, database security is very
important to ensure that the data of employees,
customers, and everything in between is secured and
can only be accessed by authorized people. One of
the best ways to protect data in a database is by
encrypting it.
The importance of securing data is that the database
could avoid risks from third parties which could
damage or slow down the process of the organization
such as the company or even the government. With
the encrypted data it is sure that attacks such as data
modification or data theft will not happen when the
data are established.
II. LITERATURE REVIEW
A. MongoDB Security
MongoDB is a fairly new database management
system. It’s default security system allows everyone
to access the database. This means that the default
security requirements of MongoDB is pretty low, and
it needs an extra security system to make the database
more secure. There are multiple aspects of the
security of a database, there are confidentiality,
integrity, and availability. Confidentiality is when we
give authorization to which gives restricted access to
a file/information. Integrity is when we protect the
files from improper modification to ensure credible
information so that such attacks such as data
modification or even data theft will not happen.
Availability is when we ensure the access and to the
use of information. With all the securing data ways,
MongoDB usually lacks security , especially to
encryption which means that applying encryption for
the data inside the database is the best option in order
to protect the MongoDB database inside.
B. NoSQL Database
NoSQL Database is a non-tabular database and stores
data differently than relational tables. These data are
stored in documents. NoSQL databases are usually
used for modern applications like mobile apps, web
and gaming that need flexible, scalable, high
performance and highly functional databases to
provide great user experience. There are several types
of NoSQL databases which are document database,
key value database, wide column stores, and graph
database. Document databases usually store data in
documents which are similar to JSON objects. Key
value database is a database where each item contains

Increasing Security in Mongo DB by using Percona Server

9
International Journal of Advances in Electronics and Computer Science, ISSN (p): 2394-2835
http://iraj.in
keys and values. Wide column stores usually store
data in tables, rows and columns. Graph databases
usually store data in nodes and edges.
C. File Encryption
File encryption protects individual files or file
systems by encrypting them with a specific key. The
encrypted content is then decrypted using a key
provided by the sender of the message. By using the
specific key that is provided by the sender, the
authorized parties or the receiver will have access to
the encrypted content. This is so that the encrypted
content will remain confidential to unwanted parties.
Encryption uses an algorithm to scramble, randomize
or encrypt data, files, contents, etc. This process will
change messages, data, files, contents from human
readable text and convert them into incomprehensible
text which is called cipher text. The goal is to prevent
malicious or unauthorized parties from accessing files
that are stored on the disk. Support for file encryption
can be built into an operating system or file system.
Volume-9, Issue-2, Feb.-2022
who had the authority to access which means that
with the encrypted database will authenticate the
users in order to decrypt the data inside the
MongoDB database. Other than that, confidentiality
should also be achieved throughout the usage of
MongoDB database so that there will be secrecy of
the stored data inside the database.
IV. RESEARCH FINDINGS
Encryption is an important part of data security
because it is needed to protect other people’s privacy,
because if a company cannot protect their customer’s
privacy and the data got breached, it means that they
are not a credible company. The MongoDB Data at
Rest Encryption will give the encryption of the data
needed to protect classified data. It uses what is called
the envelope encryption model, which is where each
database is encrypted with different keys. The key
will be stored in the internal mongoDB key store
which is encrypted on the disk.

D. Data at Rest Encryption

There are two types of data, data in motion and data
at rest. Data in motion, or most commonly known as
active data, is data that everyone accessed on a daily
basis through application or programs. Data at Rest is
data that is stored and protected by firewalls or
antivirus software. Data at Rest Encryption is
basically encrypting data inside a database that
doesn’t move through networks, where the data is
translated into a different form of data in which only
an authorized user can decrypt. So data like tables,
will be encrypted inside the database. Encryption at
Rest can protect data even though anywhere it is (Diagram of Data at Rest Encryption)
stored even if it is stolen. For example, someone’s As shown in the diagram above, the way the
laptop is stolen and the thief is able to access their encryption works is that the databases will be
computer, but if the content of their hard disk is encrypted by using a key. Each of the databases have
encrypted, the thief still couldn’t retrieve any data their own key, and they are stored in a key store
because it will just look like random strings because internally, then all of the encryption keys will be
the data is encrypted, and without the key to decrypt encrypted using a master key which then will be
the data, the thief will not be able to know what the stored externally.
data is. To set up the environment of the MongoDB, 3 Virtual
Machines are needed, Primary, Secondary and the
III. HYPOTHESIS VaultNode machine. The way it works is that the
primary and secondary virtual machines will be the
Based on our research, adding Data Encryption adds database, while the VaultNode virtual machine will
security to the database by encrypting all the data in be the machine where the master key is located after
the database which will make it harder for hackers to all the keys from the databases are encrypted.
extract information from the database because the
information will not be in plaintext. Even if the
hacker is able to hack into the database, they will not
be able to take information from the database. With
this research, applying security is a must in order to
protect the data inside the database which is
MongoDB. Integrity could be achieved if the data
inside the database is encrypted so that users are able
to have more secure data inside the MongoDB
database itself. With authentication, the MongoDB
database should be able to know the access for those (What is added to the configuration file)

Increasing Security in Mongo DB by using Percona Server

10
 International Journal of Advances in Electronics and Computer Science, ISSN (p): 2394-2835
http://iraj.in
The picture above is what is added into the mongod
configuration file. This is to enable encryption for the
key encryption, we do this on the 2 VMs that hold the
databases.
(The data before encrypted)
(After)
After we added security to the database configuration,
we will then see that the tables in the database will
turn into a collection of encrypted data. At this point
the data is not in a form of plaintext anymore.
(Encrypted data)
If we then try to access the collection, it will look like
this, instead of the normal plaintext where it is in a
normal plaintext form.
Advantages
There are several advantages in the implementation
of Data at Rest Encryption. The first advantage is that
it provides inside threat protection. By that we mean
that when there are multiple users in the
MongoDbServer, as long as those users do not have

Increasing Security in Mongo DB by using Percona Server
11
Volume-9, Issue-2, Feb.-2022
the appropriate keys to decrypt the database then it is
safe. The second advantage is that all database
features are still retained. When we accessed an
encrypted database, all functionality still remains.
The third advantage is it has a low performance
overhead. Performance overhead is any combination
of excess or indirect computation time, memory,
bandwidth that are used to perform a specific task.
The usage of data at rest encryption is very low
around 5-10%.
Disadvantages
As there are an abundance of advantages, there are
also disadvantages. The first one being malicious root
user threat. Once a hacker gets access to the root user
then he can change all the permissions and get access
into the encrypted database. The hacker will be able
to gain access to the key vault and extract the primary
key’s used for encryption. The next disadvantage is if
a database user is misconfigured, it can cause a threat.
If someone who does not need the permission to
access the encrypted database accidentally gets
permission, it is a data risk as someone with no
permission can access the sensitive data and use it for
other purposes. The third disadvantage is the risk of
losing keys.
V. CONCLUSION
In conclusion, MongoDB Data at Rest Encryption is
beneficial for securing data in databases but with
some drawbacks. It is very useful to protect data in
databases so that even if a computer/system is
hacked, the attackers still couldn’t get the data that
they want because the data is in an encrypted form
which can only be accessed when it is decrypted by
the correct key. This can be a very good last line of
defense to protect important data from being read by
the attackers. By using the Data at Rest Encryption,
we can make sure that the important data is turned
into another form other than plain text, which anyone
except the person holding the key will be able to see
the data.
REFERENCE
[1] N. Gupta and R. Agrawal, “NoSQL Security,” Advances in
Computers, pp. 101–132, 2018, doi:
10.1016/bs.adcom.2018.01.003.
[2] “Data at Rest Encryption,” Percona.com, 2021.
https://www.percona.com/doc/percona-
server/5.7/security/data-at-rest-encryption.html.
[3] Kaspersky.com, 2020. https://www.kaspersky.com/resource-
center/definitions/encryption.
[4] “Why You Should Use File Encryption Software,”
www.goanywhere.com, Aug. 27, 2020.
https://www.goanywhere.com/blog/why-you-should-use-file-
encryption-
software#:~:text=File%20encryption%20works%20by%20us
ing.