Chapter 3

Database Integrity and Security

Integrity
• The term data integrity used to maintain accuracy and
consistency availability, and completeness of data in database.
• A good database will enforce data integrity whenever possible.
• For example, a user could accidentally try to enter a phone
number into a date field.
• If the system enforces data integrity, it will prevent the user
from making these mistakes.
• Maintaining data integrity means making sure the data
remains intact and unchanged throughout its entire life cycle.

DATA INTEGRITY 2
Risks to Data Integrity
• A user tries to enter a date outside an acceptable range.
• A user tries to enter a phone number in the wrong format.
• While transferring data between two database means tries to
insert the data into the wrong table.
• A user tries to delete a record in a table.
• A user tries to update a primary key value when there’s
already a foreign key in a related table pointing to that value.
• A hacker manages to steal all user passwords from the
database.
• A hacker hacks into the network and drops the database (i.e.
deletes it and all its data)
DATA INTEGRITY 3
Types of Data Integrity
In the database world Data integrity is often placed into the following types:
• Entity integrity
• Referential integrity
• Domain integrity
• User-defined integrity
Entity Integrity
• Entity integrity defines each row to be unique within its table.
• No two rows can be the same.
• To achieve this, a primary key can be defined. The primary key field contains
a unique identifier – no two rows can contain the same unique identifier

DATA INTEGRITY 4
Referential Integrity

• Referential integrity is concerned with relationships.

• When two or more tables have a relationship, we have to ensure that the
foreign key value matches the primary key value at all times.
• We don’t want to have a situation where a foreign key value has no matching
primary key value in the primary table.
So referential integrity will prevent users from:
• Adding records to a related table if there is no associated record in the
primary table.
• Changing values in a primary table that result in orphaned records in a
related table.
• Deleting records from a primary table if there are matching related records.

DATA INTEGRITY 5
 Domain Integrity
• Domain integrity concerns the validity of entries for a given column.
• Selecting the appropriate data type for a column is the first step in
maintaining domain integrity.
• Other steps could include, setting up appropriate constraints and rules
to define the data format and/or restricting the range of possible
values.
User-Defined Integrity
• User-defined integrity allows the user to apply business rules to the
database that aren’t covered by any of the other three data integrity
types.

DATA INTEGRITY 6
 Integrity Constraints
• Integrity constraints are a set of rules. It is used to maintain
the quality of information in database.
• Integrity constraints ensure that the data insertion, updating,
and other processes have to be performed in a way that data
integrity is not affected.
• Thus, integrity constraint is used to guard against accidental
damage to the database.

DATA INTEGRITY 7
Types of Constraints

TYPE OF INTEGRITY CONSTRAINTS 8

1. Domain constraints
• Domain constraints can be defined as the definition of a valid set of
values for an attribute.
• The data type of domain includes string, character, integer, time, and
date
• The value of the attribute must be available in the corresponding
domain.
Example:

DATA INTEGRITY 9
2. Entity integrity constraints

• The entity integrity constraint states that primary key value can't be
null.
• This is because the primary key value is used to identify individual rows
in relation and if the primary key has a null value, then we can't identify
those rows.
• Example:

DATA INTEGRITY 10
3. Referential Integrity Constraints
• A referential integrity constraint is specified between two tables.
• In the Referential integrity constraints, if a foreign key in Table 1 refers
to the Primary Key of Table 2, then every value of the Foreign Key in
Table 1 must be null or be available in Table 2.
Example:

DATA INTEGRITY 11
4. Key constraints
• Keys are the entity set that is used to identify an entity within its entity
set uniquely.
• An entity set can have multiple keys, but out of which one key will be
the primary key.
• A primary key can contain a unique value in the relational table.
Example:

DATA INTEGRITY 12
Security
• Database security refers to the range of tools, controls, and
measures designed to establish and preserve database
confidentiality, integrity, and availability(CIA).
• Database security must address and protect the following:
• The data in the database
• The database management system (DBMS).
• Any associated applications.
• The physical database server and/or the virtual database
server and the underlying hardware.
• The computing and/or network infrastructure used to access
the database.
Database threats 13
Threats in a Database
• Availability loss − Availability loss refers to non-availability of
database objects by legitimate users.
• Integrity loss − Integrity loss occurs when unacceptable operations
are performed upon the database either accidentally or maliciously.
This may happen while creating, inserting, updating or deleting
data. It results in corrupted data leading to incorrect decisions.
• Confidentiality loss − Confidentiality loss occurs due to unauthorized
or unintentional disclosure of confidential information. It may result
in illegal actions, security threats and loss in public confidence.
• Secrecy: Data should not be disclosed to unauthorized users.
For example, a student should not be allowed to see and change
other student grades.
DATABASE THREATS 14
Cont.
• Sniff attack: To accommodate the e-commerce and advantage of
distributed systems, database is designed in a client-server mode.
Attackers can use sniffer software to monitor data streams, and acquire
some confidential information. For example, the credit card number of a
customer.
• Spoofing attack: Attackers forge a legal web application to access the
database, and then retrieve data from the database and use it for bad
transactions.
• Trojan Horse: It is a malicious program that embeds into the system. It
can modify the database and reside in operating system.
• Denial of service attack: This attack makes a database server greatly
slower or even not available to user at all. DoS attack does not result in
the disclosure or loss of the database information; it can cost the victims
much time and money.
DATA BASE THREAT 15
Measures of Control
The measures of control can be broadly divided into the following categories
• Access Control − Access control includes security mechanisms in a database
management system to protect against unauthorized access. A user can gain
access to the database after clearing the login process through only valid user
accounts. Each user account is password protected.
• Flow Control − Distributed systems encompass a lot of data flow from one
site to another and also within a site. Flow control prevents data from being
transferred in such a way that it can be accessed by unauthorized agents.
• Data Encryption − Data encryption refers to coding data when sensitive data
is to be communicated over public channels.
• RAID: Redundant Array of Independent Disks which protect against data loss
due to disk failure.
• Authentication: Access to the database is a matter of authentication. It
provides the guidelines how the database is accessed. Every access should be
monitored.
• Backup: At every instant, backup DATAshould
INTEGRITY be done. In case of any disaster,16
Categories of Control
• Database control refers to the task of enforcing regulations to provide
correct data to authentic users and applications of a database.
• In order that correct data is available to users, all data should
conform to the integrity constraints defined in the database.
• Data should be screened away from unauthorized users so as to
maintain security and privacy of the database.
• Database control is one of the primary tasks of the database
administrator (DBA).
• The three dimensions of database control are −
• Authentication
• Access rights
• Semantic integrity control
DATA INTEGRITY 17
Authentication
• In a distributed database system, authentication is the process through
which only legitimate users can gain access to the data resources.
Authentication can be enforced in two levels −
• Controlling Access to Client Computer − At this level, user access is
restricted while login to the client computer that provides user-
interface to the database server. The most common method is a
username/password combination.
• Controlling Access to the Database Software − At this level, the
database software/administrator assigns some credentials to the user.
The user gains access to the database using these credentials. One of
the methods is to create a login account within the database server.

DATA INTEGRITY 18
Access Rights
• A user’s access rights refers to the right that the user is given
regarding DBMS operations.
• such as the rights to create a table, drop a table, add/delete/update
tuples in a table or query upon the table.

DATA INTEGRITY 19
Semantic Integrity Control
• Semantic integrity control defines and enforces the integrity constraints of
the database system.
The integrity constraints are as follows −
• Data type integrity constraint
• Entity integrity constraint
• Referential integrity constraint
• Data Type Integrity Constraint:- A data type constraint restricts the range of
values and the type of operations that can be applied to the field with the
specified data type.
• Entity integrity control:- enforces the rules so that each tuple can be uniquely
identified from other tuples. For this a primary key is defined. A primary key is
a set of minimal fields that can uniquely identify a tuple.
• Referential integrity constraint:- lays down the rules of foreign keys. A foreign
key is a field in a data table that is the primary key of a related table.
DATA INTEGRITY 20
Data Encryption
• Encryption helps us to secure data that we send, receive, and store.
How does it work?
• It is the procedure of taking ordinary text, such as a text or email, and climbing it
into an unreadable type of format known as "cipher text.

DATA INTEGRITY 21
Encryption
• Encryption key: is sequence of numbers used to encrypt and decrypt data.
• Algorithms:
• Are used to construct encryption keys.
• An encryption algorithm is the method used to transform data into ciphertext.
• An algorithm will use the encryption key in order to alter the data in a predictable
way, so that even though the encrypted data will appear random, it can be turned
back into plaintext by using the decryption key.
Types of Encryption
• Symmetric encryption encrypts and decrypts information using a single
password(single key)For encryption and decryption.
• Asymmetric encryption uses two keys. A public key, which is interchanged
between more than one user. Data is decrypted by a private key, which is
not exchanged.

DATA INTEGRITY 22
• Commonly used symmetric encryption algorithms include
• DES
• Is an outdated symmetric key method of data encryption.
• It was adopted in 1977 and retired in 2005.
• Uses the same key to encrypt and decrypt the a message.
• Sender and receiver must know and use the same private key.
• 3DES
• Triple DES (3DES) was created as a replacement for DES.
• It essentially applies DES three times with three different keys.
• The text was first encrypted with key A. The cipher text from that operation was
then encrypted with key B. Then the cipher text from that operation was encrypted,
this time reusing key A.
• AES
• Advanced Encryption Standard (AES) was the algorithm eventually chosen to replace DES.
• It is a block cipher that works on 128-bit blocks. Means the size of plaint text and cipher text
must be the same.
• It is now the most widely used symmetric key algorithm.
DATA INTEGRITY 23
Commonly used asymmetric encryption algorithms include:

RSA
• Full form of RSA is Rivest Shamir Adleman these are the inventors of the
algorithm
• Is an asymmetric cryptography algorithm means that it works on two different
keys.
Public key
Private key
• Steps in RSA algorithm
Generating keys
Encryption
Decryption

DATA INTEGRITY 24
Why is encryption important?

• Privacy: Encryption ensures that no one can read communications or

data at rest except the intended recipient or the rightful data owner.
• Protecting user privacy: This prevents attackers, ad networks, Internet service
providers, and in some cases governments from intercepting and reading
sensitive data
• Security: Encryption helps prevent data breaches, If a corporate
device is lost or stolen and its hard drive is properly encrypted, the
data on that device will still be secure..
• Data integrity: Encryption also helps prevent malicious behavior such
as on-path attacks. When data is transmitted across the Internet,
encryption ensures that what the recipient receives has not been
viewed or tampered with on the way.
• Regulations: For all these reasons, many industry and government
regulations require companies that handle user data to keep that data 25
DATA INTEGRITY