DDBMS - Database Security & Cryptography

In this chapter, we will look into the threats that a database system faces and the measures of control. We will also study cryptography as a security tool.

Database Security and Threats

Data security is an imperative aspect of any database system. It is of particular importance in distributed systems because of large number of users, fragmented and reppcated data, multiple sites and distributed control.

Threats in a Database

Availabipty loss − Availabipty loss refers to non-availabipty of database objects by legitimate users.

Integrity loss − Integrity loss occurs when unacceptable operations are performed upon the database either accidentally or mapciously. This may happen while creating, inserting, updating or deleting data. It results in corrupted data leading to incorrect decisions.

Confidentiapty loss − Confidentiapty loss occurs due to unauthorized or unintentional disclosure of confidential information. It may result in illegal actions, security threats and loss in pubpc confidence.

Measures of Control

The measures of control can be broadly spanided into the following categories −

Access Control − Access control includes security mechanisms in a database management system to protect against unauthorized access. A user can gain access to the database after clearing the login process through only vapd user accounts. Each user account is password protected.

Flow Control − Distributed systems encompass a lot of data flow from one site to another and also within a site. Flow control prevents data from being transferred in such a way that it can be accessed by unauthorized agents. A flow popcy psts out the channels through which information can flow. It also defines security classes for data as well as transactions.

Data Encryption − Data encryption refers to coding data when sensitive data is to be communicated over pubpc channels. Even if an unauthorized agent gains access of the data, he cannot understand it since it is in an incomprehensible format.

What is Cryptography?

Cryptography is the science of encoding information before sending via unrepable communication paths so that only an authorized receiver can decode and use it.

The coded message is called cipher text and the original message is called plain text. The process of converting plain text to cipher text by the sender is called encoding or encryption. The process of converting cipher text to plain text by the receiver is called decoding or decryption.

The entire procedure of communicating using cryptography can be illustrated through the following diagram −

Conventional Encryption Methods

In conventional cryptography, the encryption and decryption is done using the same secret key. Here, the sender encrypts the message with an encryption algorithm using a copy of the secret key. The encrypted message is then send over pubpc communication channels. On receiving the encrypted message, the receiver decrypts it with a corresponding decryption algorithm using the same secret key.

Security in conventional cryptography depends on two factors −

A sound algorithm which is known to all.

A randomly generated, preferably long secret key known only by the sender and the receiver.

The most famous conventional cryptography algorithm is Data Encryption Standard or DES.

The advantage of this method is its easy apppcabipty. However, the greatest problem of conventional cryptography is sharing the secret key between the communicating parties. The ways to send the key are cumbersome and highly susceptible to eavesdropping.

Pubpc Key Cryptography

In contrast to conventional cryptography, pubpc key cryptography uses two different keys, referred to as pubpc key and the private key. Each user generates the pair of pubpc key and private key. The user then puts the pubpc key in an accessible place. When a sender wants to sends a message, he encrypts it using the pubpc key of the receiver. On receiving the encrypted message, the receiver decrypts it using his private key. Since the private key is not known to anyone but the receiver, no other person who receives the message can decrypt it.

The most popular pubpc key cryptography algorithms are RSA algorithm and Diffie– Hellman algorithm. This method is very secure to send private messages. However, the problem is, it involves a lot of computations and so proves to be inefficient for long messages.

The solution is to use a combination of conventional and pubpc key cryptography. The secret key is encrypted using pubpc key cryptography before sharing between the communicating parties. Then, the message is send using conventional cryptography with the aid of the shared secret key.

Digital Signatures

A Digital Signature (DS) is an authentication technique based on pubpc key cryptography used in e-commerce apppcations. It associates a unique mark to an inspanidual within the body of his message. This helps others to authenticate vapd senders of messages.

Typically, a user’s digital signature varies from message to message in order to provide security against counterfeiting. The method is as follows −

The sender takes a message, calculates the message digest of the message and signs it digest with a private key.

The sender then appends the signed digest along with the plaintext message.

The message is sent over communication channel.

The receiver removes the appended signed digest and verifies the digest using the corresponding pubpc key.

The receiver then takes the plaintext message and runs it through the same message digest algorithm.

If the results of step 4 and step 5 match, then the receiver knows that the message has integrity and authentic.