DDBMS - Database Security & Cryptography

DDBMS - Database Security & Cryptography

In this chapter, we will discuss the threats that a database system faces and the control measures. As a security function, we will also be studying cryptography.

Database Security and Threats

Data security is an integral feature of any database system. Because of the large number of users, fragmented and replicated data, multiple sites and distributed control, this is of particular significance in distributed systems.

Threats in a Database

• Loss of availability − Loss of availability applies to the lack of availability of legitimate users of database objects.
• Integrity loss - Integrity loss occurs either accidentally or maliciously when unacceptable operations are conducted on the database. While forming, inserting, modifying or deleting data, this may happen. This results in corrupted data resulting in incorrect decisions.
• Confidentiality loss − Confidentiality loss occurs due to unauthorized or unintentional disclosure of confidential information. It may result in illegal actions, security threats and loss in public confidence.

Measures of Control

Control measures can be classified generally into the following categories:

• Access Control -Access control provides security measures to protect against unauthorised access in a database management system. After clearing the login process with only valid user accounts, a user can gain access to the database. Each user account is protected by passwords.
• Flow Control −Distributed systems provide a lot of flow of data from one site to another and even within a site. Flow control. Flow control prohibits data from being transferred in such a way that unauthorized agents can access it. The channels through which data can flow are described in a flow policy. It also describes classes of security for both data and transactions.
• Data Encryption -Data encryption refers to coding data when it is required to communicate sensitive information through public channels. Even if an unauthorized agent gains access to the data, since it is in an incomprehensible format, he can not understand it.

What is Cryptography?

Cryptography is the technique of encoding information so that only an authorized receiver can decode and use it before sending it through unreliable communication paths. The coded message is called plain text, and plain text is called the initial message. The method by which the sender converts plain text into cypher text is called encoding or encryption. The receiver 's method of translating plain text to plain text is called decoding or decryption.

Conventional Encryption Methods

In conventional cryptography, the same secret key is used to encrypt and decrypt. Here, using a copy of the secret key, the sender encrypts the message with an encryption algorithm. The encrypted message is then distributed through the channels of public communication. The receiver decrypts it with a corresponding decryption algorithm using the same secret key upon obtaining the encrypted message.

Two factors depend on security in traditional cryptography:

• A sound algorithm that is known to everyone.
• A randomly generated secret key, ideally long, known only to the sender and the receiver.

The most common standard cryptography algorithm is the Data Encryption Standard or DES.

The benefit of this process is its simple applicability. However, sharing the secret key between the communicating parties is the greatest challenge in conventional cryptography. Cumbersome and highly susceptible to eavesdropping are the ways to send the key.

Public Key Cryptography

Public key cryptography uses two separate keys, known as the public key and the private key, as opposed to conventional cryptography. The public key pair and the private key are created by each user. Then the user places the public key in an accessible place. When a sender wishes a message to be sent, he uses the receiver's public key to encrypt it. The receiver decrypts it using his private key upon receiving the encrypted letter. Because nobody but the receiver is aware of the private key, no other person who receives the message can decrypt it.

The RSA algorithm and the Diffie-Hellman algorithm are the most common public key cryptography algorithms. It is very safe to send private messages using this method. The problem, however, is that it requires a lot of calculation and thus proves to be inefficient for long messages.

Using a combination of conventional and public key cryptography is the solution. The secret key is encrypted before being shared between the communicating parties using public key cryptography. Then, with the help of a mutual secret key, the message is sent using conventional cryptography.

Digital Signatures

A Digital Signature (DS) is a public key cryptography based authentication technique used in e-commerce applications. Within the body of its message, it identifies a specific mark with an individual. This lets others authenticate valid message senders.

Typically, to provide protection against counterfeiting, the digital signature of a user varies from message to message. The approach is as follows –

• The sender takes a message, measures the message digest, and signs a private key to the message digest.
• Then, along with the plaintext message, the sender appends the signed digest.
• The message is sent over a medium of communication.
• The receiver removes the appended signed digest and uses the corresponding public key to verify the digest.
• Then the receiver takes the plaintext message and runs it through the digest algorithm of the same message.
• If the results of step 4 and step 5 match, then the receiver recognizes that there is integrity and authenticity in the message.