Database Security and Encryption

Database Security Management | A Survey Study

What is Database?
 Organized collection of structured data
 Data is easily accessible, manageable and updateable
 Evolved dramatically since the inception in the early 1960s
 Database management system (DBMS) is used define, manipulate,
retrieve and manage data in a database.
 Languages used are, Data Definition Language, Data Manipulation
Language, Data Control Language, Transaction Control Language
 Most famous databases are, Oracle 12c, MySQL, MS SQL, DB2, MongoDB
Database Security and Encryption
 Information or data is a valuable asset in any organization

 Data Security is the protection of data

from unauthorized access, use, change,
disclosure and destruction
 Data encryption is a security method
where information is encoded and can
only be accessed or decrypted by a user
with the correct encryption key.
Types of controls
 Access controls ensures that all direct accesses to the system are
authorized.
 Information flow control tracks how information travels through the
program during execution to make sure that the program handles
the information securely.
 Cryptographic control, controls (secures) the data by encrypting it.
 INFERENCE CONTROL,  prevents users to infer classified information
from rightfully accessible chunks of information with lower
classification.
Security Risks to Databases
 Excessive Privilege Abuse
– Users with specified access rights that allow them to perform other tasks not included
in their job harmful intent can be discovered through such tasks thus leading to misuse
of such privileges

 Database Communication Protocol Vulnerabilities

– Renders the databases more vulnerable to attackers
– Attackers stole database users or the login credentials through some source to modify
or obtain sensitive information

 Backup Data Exposure

– It is an important threat that needs to be taken care of.
– Backup on tapes, DVD’s or any external media are exposed to high risks and need to be
protected from attack such as theft or destruction.
CONTD.
 Legitimate Privilege Abuse
– Can be in form of misuse by database users, administrators or a system manager
doing any unlawful or unethical activity.

 Privilege Elevation
– Leads to discovery of flaws which is taken advantage of by attackers and may
result in the change of privileges

 SQL Injection
– Attacker’s SQL statement is followed by a string identifier as an input. That is
validated by the server. If it does not get validated it might get executed.
Database Security Considerations
 Access Control
– Ensures all communications with the databases and other system objects are
according to the policies and controls defined.
– Helps in minimizing the risks that may directly impact the security of the
database on the main servers.

 Inference Policy
– Required to protect the data at a certain level.
– Occurs when the interpretations from certain data in the form of analysis or facts
are required to be protected at a certain higher security level.
– Determines how to protect the information from being disclosed.
CONTD.
 User Identification/Authentication
– To ensure security, the identity should be authenticated and to keep the sensitive
data safe and from being modified by any ordinary user

 Accountability and auditing

– Checks are performed to ensure physical integrity of the data
– It requires defined access to the databases and that is managed through auditing and
record keeping.

 Encryption
– Now-a-days, database is being protected by performing encryption
– Working keys are used by the user to encrypt the data
– Private key is decrypted in order to see the encrypted data.
COMPARATIVE ANALYSIS
 Encryption in databases
Paper Methods/Techniques Algorithm Encryption Performed at

Novel Framework for Database Security
based on Mixed Cryptography
Database Encryption
Mixed Cryptography Any symmetric Done at, client side,
Technique based on data Encryption algorithm untrusted data, server
classification methods can be used side
State of art algorithm Encryption can be at,
Hash Security Module and mode of operation storage level, database
Encryption Strategy
should used. level, application level

Combination of the
conventional and public
Database Encryption Scheme for key encryption, utilizing
the speed of N/A N/A
Enhanced Security and Easy Sharing conventional encryption
and convenience of
public key encryption.

Transparent Data Encryption- Solution Transparent Data

for Security of Database Contents Encryption used by N/A Page level
Master database key
CONTD.
 Comparison of Encryption Methods/ Techniques
Methods/Techniques Advantages Disadvantages/ limitations

Mixed Cryptography • Sensitive data is protected from attacks

Technique based on
even at multiple levels • Performance of queries and security analysis
data classification • Secure data storage and data is affected due to encryption algorithms
methods
transmission is performed to ensure the • Access control methods are not defined.
maximum protection of sensitive data.
Hash Security
Module Encryption • Security server is not tampered
Complex
Strategy • Encryption keys are never exposed.

• Encryption across communication channels is

• Provides protection to sensitive data on
Transparent Data disk drives and backup media from illegal
Encryption used by access.
Master database key • Cost of user management is reduced.
• Provide privacy management
not provided.
• Database could not be opened if the certificate
is not available and the backup of certificate
and private key is not maintained.
• Database becomes inaccessible after altering
the certificates to be password protected.
CONTD.
 Empirical Analysis
– Frequency
 Number of occurrences of a repeating commonness
 Frequency is calculated in such a way that the paper which has an issue not common in
some other paper is evaluated as having frequency “1”
 Papers which have the common issues have been given frequency equal to the number
of papers having that issue.

Security Benchmarks Paper 1 Paper 2 Paper 3 Paper 4

Confidentiality Check Check Check Check
Integrity Check -- -- Check
Access control -- Check Check --
Efficiency -- -- Check --
Privacy Check Check Check --
CONTD.
– Criticality
 Criticality factor measures the frequency of occurrences of an issue
 Divided into 4 parts, Medium, Moderate, High and Very High
 Percentage range are as follows:

Percentage Criticality
10 - 20% Medium
21 - 50% Moderate
51 - 80% High
81 - 100% Very High
Conclusion
 Organization data is a most valuable property.
 Security of sensitive data is always a big challenge at any level.
 In today’s technological world, database is vulnerable to hosts of attacks.
 Issues faced by database security are identified and some encryption methods are
discussed that can help to reduce the attacks risks and protect the sensitive data.
 Encryption provides confidentiality but gives no assurance of integrity unless some
digital signature or Hash function is used.
 Using strong encryption algorithms reduces the performance.
 The future work could be carried out make encryption more effective and efficient.