Professional Documents
Culture Documents
Database Security and Encryption
Database Security and Encryption
Privilege Elevation
– Leads to discovery of flaws which is taken advantage of by attackers and may
result in the change of privileges
SQL Injection
– Attacker’s SQL statement is followed by a string identifier as an input. That is
validated by the server. If it does not get validated it might get executed.
Database Security Considerations
Access Control
– Ensures all communications with the databases and other system objects are
according to the policies and controls defined.
– Helps in minimizing the risks that may directly impact the security of the
database on the main servers.
Inference Policy
– Required to protect the data at a certain level.
– Occurs when the interpretations from certain data in the form of analysis or facts
are required to be protected at a certain higher security level.
– Determines how to protect the information from being disclosed.
CONTD.
User Identification/Authentication
– To ensure security, the identity should be authenticated and to keep the sensitive
data safe and from being modified by any ordinary user
Encryption
– Now-a-days, database is being protected by performing encryption
– Working keys are used by the user to encrypt the data
– Private key is decrypted in order to see the encrypted data.
COMPARATIVE ANALYSIS
Encryption in databases
Paper Methods/Techniques Algorithm Encryption Performed at
Novel Framework for Database Security Mixed Cryptography Any symmetric Done at, client side,
Technique based on data Encryption algorithm untrusted data, server
based on Mixed Cryptography
classification methods can be used side
State of art algorithm Encryption can be at,
Database Encryption Hash Security Module and mode of operation storage level, database
Encryption Strategy
should used. level, application level
Combination of the
conventional and public
Database Encryption Scheme for key encryption, utilizing
the speed of N/A N/A
Enhanced Security and Easy Sharing conventional encryption
and convenience of
public key encryption.
Percentage Criticality
10 - 20% Medium
21 - 50% Moderate
51 - 80% High
81 - 100% Very High
Conclusion
Organization data is a most valuable property.
Security of sensitive data is always a big challenge at any level.
In today’s technological world, database is vulnerable to hosts of attacks.
Issues faced by database security are identified and some encryption methods are
discussed that can help to reduce the attacks risks and protect the sensitive data.
Encryption provides confidentiality but gives no assurance of integrity unless some
digital signature or Hash function is used.
Using strong encryption algorithms reduces the performance.
The future work could be carried out make encryption more effective and efficient.