Database Security Framework Specially Design to avoid Internal and External Threats

(1)

ISSN 2395-1621

Database Security Framework Specially Design to avoid Internal and External Threats

Miss.Supriya A.Padwal [email protected]

Department of Computer Engineering

JSPM’S Imperial College Of Engineering and Reasearch,Pune,India

Prof.Nilesh P.Sable

Assistant Professor,

JSPM’S Imperial College Of Engineering and Reasearch,Pune,India

[email protected] m

,

ABSTRACT

ARTICLE INFO

As the information or data stored in databases are usually considered as accessible and also important corporate resource, security is of most important in any database management system, particularly those database that has sensitive information. There are lots of security models for commercial systems but information system security is often ignored.

Information security remains an impotent issue in the IT industry. As the client using the database wants more access to the data in this world connected by internet, the chances for security breaches are increas ing. Therefore in the current paper a security model specially designed for avoiding internal threats is given which already exist. But because of the performance issues of that model an upgrade security framework is proposed. This upgraded security framework has high performance i.e. without affecting to the security of overall model, response time of the system is reduced.

Keywor ds— Database Security; Encryption; Internal Threats; External Threats;

Optimization.

Article History Received: 10^thJuly 2017 Received in revised form : 12^th July 2017

Accepted: 13^th July 2017 Published online : 15^th July 2017

I. INTRO DUC TIO N

In todays world, all our work is being done by computer applications. From communicating on social networking websites, to making online payments everything is being done online through computer or mobile devices. Since these facilities are efficient and make our life easy we use them very frequently. This means we use these services, we are storing all our personal and sensitive data in database of these websites and applications. Which easily make this data level to various security threats. So to protect of such important user specific data is one of the major priority task in order to avoid any misuse of data.

Authentication and authorization is important and most commonly used method to protect data from front end i.e.

user accessible side, where authentication means identify user who being access and authorization means provide username/password. Another method to protect sensitive data is by encrypting data being saved in the database, however frequently encrypting and decrypting while inserting and retrieving data cause performance issue for an application. In this project I am developing a framework which protect data without affecting performance of an application.[2]

Following are some security threats that are suffered by the databases.

(2)

to database users, then these privileges can be intentionally exploited by database user.

(2)Legitimate Privilege Abuse: In this attack, the attacker, who tries to abuse the information stored in the database for the malicious purposes is the authorized user of database system.

(3)Privilege Promotion: In this, the attacker takes advantage of the software vulnerabilities i.e., weakness of software, and errors and then uses his privilege to access the sensitive information stored in the database.[4]

II.LITERATURE SURVEY

Singh Prabhsimran, and Kuljit Kaur,” Database Security Using Encryption” this paper discuss the importance of database encryption and make in an depth review of database encryption technique and co mpare the m on basis of their merits and demerits.[2]

Shatri, Aaditya A., and P. N. Chatur,” Effic ient and Effective Security Model for Database Specially Designed to Avoid Internal Threats”in this paper a security model specially designed for avoiding internal threats is given which a lready e xist. But because of the performance issues of that model an a mended security model is prop osed. This amended security model has high performance i.e . without affecting to the security of overall mode l, response time of the system is reduced. The performances of both the models are co mpared and which model is best is decided based on the performances.[3]

Harshavardhan Kayarkar,”Classiffcation of Various Security Techniques in Databases and their Comparative Analysis”, In this paper we will be presenting some of the common security techniques for the data that can be implemented in fortifying and strengthening the databases [4]

Erez Shmueli, Ronen Vaisenberg, Yuval Elovici, Chanan Glezer,” Database Encryption An Overview of

Contemporary Challenges and Design Considerations ” This article describes the major challenges and design considerations pertaining to database encryption. The article presents an attack model and the main

relevant challenges of data security, encryption

overhead, key management, and integration footprint.[5]

III.NEED OFENCRYPTION DATA The need of encrypting data before saving into database is that, by restring the access through authentication and authorization can help to a certain limit, but what if the intruder somehow gets into database and he has all the data of database and can misuse it, or another way if someone insider who has access to database can get all data and misuse it. But if the data in database is in encrypted format, then even with access to the database the intruder cannot misuse this data

.

An attacker can be categorized into three classes:

a) Outside Attacker: Attackers are unauthorized users who try to gain access of data.

b) Insider: An insider is one of the authorized users who access the data and misuses

his rights.

c) Administrator: An administrator try to access secret information by misusing his rights and tries to modify the data which directly affects on integrity of the data[5]

IV.DATABASEENCRYPTION

Database Encryption is a process of encrypting the data in the database [2]. It is a key strategy to protect the contents of data within the database. The main idea behind this is that incase the intruder somehow is able to get to the database of the system; due to encryption he should not be able to misuse the data in the database

Figure 2, shows basic working of the database encryption and decryption process. The plain text/data to be saved in the database is first converted into cipher text using an appropriate algorithm and a specific key. Then this cipher text is saved into the database. When the user wants to extract the data from the from the database, the cipher text is converted back to plain text using the decryption algorithm and the same key used in encryption. This will return the plain text to the user, when requested.

Fig. 2. Database Encryption and Decryption Process

Figure 3 and figure 4 database in normal and encrypted form. In figure 4, the contents in the database cannot be understood, so it becomes almost impossible for the intruder/hacker to misuse this data.

(3)

Username Email_ID Password

priya [email protected] Piya1189

Raj [email protected] Raj0483

Riya [email protected] Rvbeby90

Fig. 3. Database in Normal Form

Username Email_ID Password

@#&!@ @!#$%&^*()”><? )(^%#@!<>:”

%^%(* %^)(*!@^(*&)&)^%$@$# +}{&%@$#!*

!@#)(^%* %$*^*(*(<>”:}{}*(&@@# >)^&%#@$

Fig. 4. Database in Encrypted Form

V.PROPOSED SYSTEM

In database security, speed is the major concern because of its huge volume of data. Here we are proposing a technique to improve the speed of encryption of the database. The encryption module is placed above the cache. This will greatly affect on the speed of encryption and decryption.

1) Access database without cache

In a typical multiple-tier situation running Web applications, the client (typically a Web browser) shows HTML or XML directed by an application running in the middle tier (usually a Web or application server). The middle tier collects the information from the database server and converts the information into an HTML or XML.

Fig. 5. Access Database without Cache

2) Access database with cache

In this environment, Database Cache, consisting of a middle-tier cache for loading data and intelligent software to route queries, exist on every Web or application server on the middle tier. Frequently retrieved data are deposited in the middle-tier cache. When users demand the frequently accessed data, the requests are passed from the client, as a Web browser, to the Web or application server, which precedes the data.

Fig. 6. Access Database with Cache

VI.MATHEMATICAL MODEL

Cryptography: A cryptosystem is a five-tuple (P,C,K,E,D) , where the following conditions are satisfied:

1. P is a finite set of possible plaintexts.

2. C is a finite set of possible ciphertexts.

3. K, the keyspace is a finite set of possible keys.

4. For each k ε K, there is an encryption rule ekεE and a corresponding decryption rule dkεD.

Each ek : P → C and dk : C→P are functions such that dk(ek(x)) = x for every plaintext xεP

.

Fig. 7 Mathematical Model

Encryption: Sender A wants to send a message M[M < n] to B. To encrypt the message the following procedure is adopted.

M = Mᵉ

where e is the B’s public-key.

1. Compute the integer remainder when Mᵉ is divided by n [B’s modulus for encryption and decryption].

2. Represents the plaintext message as a positive integer M(< n).

3. Computes the ciphertext C ≡Mᵉ (modn).

4. Sends the ciphertext C to B.

Decryption: Recipient B does the following:

1. Uses his private key (n, d) to compute M ≡ C

(modn).

2. Extracts the plaintext from the message representative M.

VII .RELATED WORK

(4)

can be present in text. This private data is vulnerable to security attack as well as unauthorized access.. This private data is stored on database by encrypting it. For such purpose AES Algorithm is used.[8]

Advance d Encryption Standard ( AES)

AES is symmetric key cryptographic technique used to encrypt and decrypt the data of 128 bit block. AES uses keys of size 128 (10 cycles) bits, 192(12 cycles) bits or 256 (14 cycles) bits.

AES ALGORITHM:

1. Key Expansions: AES needs 128-bits round key block for every round plus one more.

2. Initial Round Add Round Key: Bitwise XOR is used to couple the byte of the state with block of the round key.

3. Rounds

a. Sub Bytes: In this step, swapping is done between bytes based on a lookup table.

b. Shift Rows: In this step, the last three rows of the state are moved cyclically.

c. Mix Columns: This is a mixing operation which works on the columns of the state which is trying to merge the four bytes in each column.

d. Add Round Key 4. Final Round a. Sub Bytes b. Shift Rows c. Add Round Key

Fig. 8. Flowchart of AES Algorithm [1]

LRU Cache Management

Typically LRU cache is imp le mented using a doubly linked

list and a hash map

.

Doubly Lin ked List is used to store list of pages with most

recently used page at the start of the list. So, as more pages are added to the list, least recently used pages are moved to the end of the list with page at tail being the least recently

Used page in the lis t

Hash Map (key: page number, value: page) is used for O(1)

access to pages in cache

When a page is accessed, there can be 2 cases:

1. Page is present in the cache - If the page is a lready present in the cache, we move the page to the start of the list.

2. Page is not present in the cache - If the page is not present in the cache, we add the page to the list.

How to add a page to the list:

a. If the cache is not full, add the new page to the start of

the list.

b. If the cache is fu ll, re move the last node of the lin ked list and move the new page to the start of the list.[7]

VII.SYSTEM REQUIREMENT

System should have atleast 2GB RAM and atleast 50 MB free space on hard disk. system should have installed on jdk1.7 or later versions..system should have installed web/application server like Apache ,tomcat, Glassfish, JBoss etc .system should installed on database server like MySql, Oracle ,postgre etc.

VIII. RESULT

The graph of result contain with cache time and without cache time requires to process number of records. The x- axis shows number of records and y-axis shows the retrieval time in sec.

Fig. 9. Result Of Implementation IX.ACKNOLEDGEMENT

I wish to express my profound thanks to all who helped us directly or indirectly in making this paper. Finally I wish to thank to all our friends and well-wishers who supported us in completing this paper successfully I am especially grateful to our guide Prof. Nilesh P. Sable Sir for him time to time, very much needed, valuable guidance. Without the full support and cheerful encouragement of my guide, the paper would not have been completed on time.

(5)

Nowadays, everything is being done with computer systems and applications so the security of the data in database system is an important issue. Many researchers are working on information security and proposing various techniques and algorithms. Each architecture has its own advantages and disadvantages, but none of them is fully secure and contains certain loopholes, however there is huge scope of improvement in information security area to find a perfect solution and find scheme that is fully secure from all possible threat.

XI. REFRENCES

[1] Miss. Shraddha Mahajan, Mrs. Jayashree Katti, Miss.

Ankita Walunj, Miss. Kirti Mahalunkar, Designing a Database Encryption Technique for Database Security Solution with Cache., 2015 IEEE International Advance Computing Conference (IACC)

[2] Singh Prabhsimran, and Kuljit Kaur, Database Security Using Encryption,2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management(ABLAZE),2015.

[3] Shatri, Aaditya A., and P. N. Chatur, Efficient and Effective Security Model for Database Specially Designed to Avoid Internal Threats,2015 International Conference on Smart Technology and Management for Computing Communication Controls and Energy and Materials (ICSTM),2015.

[4]Harshavardhan Kayarkar, Classi_cation of Various Security Techniques in Databases and their Comparative Analysis.

[5] Erez Shmueli, Ronen Vaisenberg, Yuval Elovici, Chanan Glezer, Database Encryption An Overview of Contemporary Challenges and Design Considerations, SIGMOD Record(Vol. 38, No. 3).

[6] Ah Kioon, Mary Cindy, Zhao Shun Wang, and Shubra Deb Das.Security Analysis of MD5 algorithm in Password Storage. Applied Mechanics and Materials 347, Pages:

2706-2711.

[7]http://www.ideserve.co.in/learn/lru-cache- implementation.

[8] Lecture 8: AES: The Advanced Encryption Standard Lecture Notes on “Computer and Network Security”

by Avi Kak ([email protected]) February 25, 2016 Avinash Kak, Purdue University