A Novel Framework For Database Security Based On Mixed Cryptography
A Novel Framework For Database Security Based On Mixed Cryptography
Security Based on
Mixed Cryptography
Team Guide:
Viswanath Shenoi. V
Team Members:
Mohamed Haneef. B
Mohammed Rizwan. M
Mohd Thahaseen. H
ABSTRACT
Database security has become a vital issue in
modern web applications. Critical business data in
databases is an evident target for attack. Therefore,
ensuring the confidentiality, privacy and integrity of data
is a major issue for the security of database systems.
Recent high profile data thefts have shown that
perimeter defenses are insufficient to secure sensitive
data.
We propose Mixed Cryptography Database
(MCDB), a novel framework to encrypt database over
untrusted networks in a mixed form using many keys
owned by different parties. The encryption process is
based on a new data classification according to the data
owner. The proposed framework is very useful in
strengthening the protection of sensitive data even if
the database server is attacked at multiple points from
inside or outside.
CHAPTER 1
INTRODUCTION
PROJECT OVERVIEW
The World Wide Web has experienced massive
growth in recent years. Individuals, business and
governments have intensively used web applications
that can provide effective, efficient and reliable
solutions to the challenges of communicating,
managing and directing commerce in the current
century.
However, these web-based applications have numerous
entry points that can put databases at risk. Recently,
the number of reported data breaches involving
sensitive private information at governmental,
organizational and company levels has grown at an
alarming rate. In some extreme cases, sensitive
information belonging to millions of individuals has
been revealed.
Ensuring a suitable level of protection to
database content affects the overall security model.
Traditional techniques rely on access control, user
authentication, intrusion detection and policies on how
data is used to prevent such thefts and intrusion.
Unfortunately, existing techniques cannot ensure that a
database is fully immune to intrusion and unauthorized
access and these mechanisms are ineffective against
most inside attacks.
ENCRYPTION
Encryption is a well-studied technique to protect
sensitive data so that when a database is compromised
by an intruder, data remains protected even when a
database is successfully attacked or stolen. Even though
encrypting the data provides important protection,
there are implementation decisions that affect the
encryption process as who will encrypt data, where will
the data encryption be done, how the data transferred,
how the encryption keys managed and protected.
There are three approaches to database servers
where encryption takes place: first, the trusted
database server where the creator, or owner, of the
data operates a database server, which processes
queries and signs the results; second, the untrusted
server where the owner’s database is stored at the
service provider. The third and final model we call the
semi-trusted server where the database is shared
between many parties. Here, part of the data is stored
as trusted while other parts are considered untrusted.
Recognizing the importance of encryption
techniques, several database vendors offer an
integrated solution that provides encryption
functionality in their product. Those functions are used
mostly in trusted servers. The weakness of this
approach is that a user who has access to both the key
table and the data table, and who can derive the key
transformation algorithm, can break the encryption
scheme.
PROJECT GOAL