Security of Confidential Data in Database using Triple Layer Encryption

Security of Confidential Data in Database using Triple Layer Encryption

Manjusha S. Nair

Professor

Department of Computer Science and Engineering College of Engineering, Chengannur

Kerala, INDIA

Aswathy B. Lal

Student

Department of Computer Science and Engineering College of Engineering, Chengannur

Kerala, INDIA

Nithin Prasad

Student

Department of Computer Science and Engineering College of Engineering, Chengannur

Kerala, INDIA

Paul K. George

Student

Department of Computer Science and Engineering College of Engineering, Chengannur

Kerala, INDIA

R. Gopika Nair

Student

Department of Computer Science and Engineering College of Engineering, Chengannur

Kerala, INDIA

Renju Koshy

Student

Department of Computer Science and Engineering College of Engineering, Chengannur

Kerala, INDIA

Abstract An application which provides triple encryption is proposed. All data packets passed between the server and client format is in encrypted format, so nobody can access the actual data by attacks like man-in-the-middle or by bypassing the server security. The three encryptions include a client side encryption, SSL and server side encryption. Sending the data from the client to the server and then encrypting at the server has all the security risks. A reversible encryption algorithm is proposed to encrypt/decrypt the data and the key is stored along with the data itself. The key, after the encryption, is divided into parts and stored at prespecified locations inside the data. These locations are determined from the data itself. The key is read from the packet and then decrypted when the data needs to be fetched back. Also the key can act like a second password. The decrypted data is then passed to the client over a secured connection. Here client side decryption is performed to generate the actual text data. The system enables sharing of files among a group, in which the file is accessible only to members of that group. This is possible by providing the client side key to the group members. The proposed scheme that has been designed can be used for handling highly confidential data in military applications

KeywordsSecurity, encryption, algorithm, cryptography, database,

I.INTRODUCTION

In cryptography, data encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not prevent interception but denies the message content to the interceptor. To read an encrypted file you must have access to a secret key or password that enables you to decrypt it. In most data management system, the key used for encryption is also

stored in the database. This method is not secure since the key may be accessed if the database is cracked by some attackers. Also, the attacker can fetch the actual text since he can assume the key by observing patterns in several data transfers. To avoid this issue, in the system, the key is mixed along with the encrypted data. The advantage of this method is that the attacker cannot identify between the key and cipher text. The system uses triple DES algorithm for encryption at the client side. The key used at this stage is not stored anywhere. At the server side a modification of AES algorithm is used for encryption. After encrypting using AES algorithm we mix the key into the cipher. The system uses Symmetric key encryption. This prevents the attacker from identifying key and cipher. The whole method is implemented through a spreadsheet application. The cell values in the spreadsheet is encrypted by the system and stored in the database. Also the system permits sharing of spreadsheets on groups. The groups have a secret key which is used to encrypt the spreadsheet data at the client side.

1. RELATED WORK

   1. Oracle Transparent Database

      Oracle Advanced Security Transparent Data Encryption (TDE) [4] stops would-be attackers from bypassing the database and reading sensitive information from storage by enforcing Data-at-rest encryption in the database layer. Applications and users authenticated to the database continue to have access to application data transparently (no application code or configuration changes are required), while attacks from OS users attempting to read sensitive data from table space files and attacks from thieves attempting to read information from acquired disks or backups are denied

      access to the clear text data. Out of the box, TDE provides industry standard strong encryption for the database, full key life cycle management, and integrated support for Oracle Database tools and technologies. TDE enables encryption of database columns or entire application table spaces. Its high- speed cryptographic operations make performance overhead negligible in most applications.

      The two-tier encryption key architecture provides easy administration of keys, enforces clear separation of keys from encrypted data, and provides assisted key rotation without having to re-encrypt data. The key store can be managed using a convenient web console in Oracle Enterprise Manager or using a command-line. In addition, TDE integrates directly with frequently used Oracle Database tools and technologies including Oracle Advanced Compression, Automatic Storage Management (ASM), Recovery Manager (RMAN), Data Pump, Golden Gate, and more. In Oracle engineered systems, TDE gets a performance boost from hardware cryptographic acceleration provided by Intel AES-NI and Oracle SPARC T- series processors. TDE further benefits from Exadata Smart Scans, rapidly decrypting data in parallel on multiple storage cells, and from Exadata Hybrid Columnar Compression (EHCC), reducing the total number of encryption and decryption operations performed. Transparent Data Encryption fully supports Oracle Multitenant. When moving a pluggable database (PDB) that contains encrypted data, the TDE master keys for that PDB are transferred separately from the encrypted data to maintain proper security separation during transit. TDE encryption resumes its normal operation after the PDB has been plugged in and configured.

      The system has many disadvantages. Separate keys are used for encrypting each row and these keys are stored in a separate field in the database. Even though the system provides security, the size of the database is increased and thus complexity is increased.

      .

   2. Other Relevant Works

      • Order Preserving Encryption Scheme proposed by Rakesh Agrawal et al. [1] is used that allows comparison operations to be directly applied on encrypted data, without decrypting the operands. It provides security by preventing SQL injection.

      • From [2], the ideas of client side and server side encryptions were obtained. By incorporating both these concepts, a more secure system can be implemented in such a way that the original data cannot be traced by unauthorized

2. PROPOSED SYSTEM

The proposed system is the Security of Confidential Data Using Triple Layer Encryption. It provides security to the data in three layers i.e., Client side, Transmission channel and Server side (database). Provide 99% security for confidential data. Client side encryption is done by using Triple DES. Channel encryption is done by using SSL (Software Security Layer) encryption method. Server side encryption is done by a user defined algorithm.

Client-side encryption is the cryptographic technique of encrypting data before it is transmitted to a server in a computer network. Usually, encryption is performedwith a key that is not known to the server. Consequently, the service provider is unable to decrypt the hosted data. In order to access the data, it must always be decrypted by the client.

Client-side encryption allows for the creation of zero- knowledge applications whose providers cannot access the data its users have stored, thus offering a high level of privacy using Triple DES. Secure communication occurs in channel when two entities are communicating and do not want a third party to listen in. For that they need to communicate in a way not susceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what was said. Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the communication channel. Server-side encryption is about protecting data at rest.

1. Detailed Implementation

   Three levels of encryption include:

   1. Client Side Encryption

      Data is encrypted before it is transmitting it to a server. Encryption is performed with a key that is not known to the server. The key is known only to the user and is not stored anywhere. In order to access the data, it must always be decrypted by the client

   2. Channel Encryption

      128-bit SSL Encryption is used

   3. Server Side Encryption

      Encryption at server:

      • Obtain the public key of length 8 bytes from data by taking alternate characters of incoming data.

      • Generate a super key using one each character from private key and public key

      • Run the encryption algorithm on data using super key.

      • From the super key get the 3rd character

      • Find the positions to insert the super key to encrypted data.

      • Insert the number indicating the positions of super key to the 3rd position of encrypted data.

      • Insert the super key to the encrypted data according to positions obtained from pattern.

      • Save the now obtained data to the database. Decryption at server:

        • Obtain the encrypted data from the database.

        • Check the 3rd character from the encrypted data to find the positions of the super key and remove it.

        • Get the super key by removing characters from the positions indicated by the pattern.

        • Decrypt the data using decryption algorithm and super key.

        • Decrypt the data using decryption algorithm and super key

2. Implementation with Example

1. Encryption

   1. Client Side Encryption

      Let the data at client side be:

      Ship Name

      After client side encryption, it becomes: "U2FsdGVkX199xxTLkZYgY8VJx7SE/wKq9Xs5CHa/0h A=|

   2. This data is passed through a secure channel after encrypting using SSL

   3. Server Side:

      At the server side the cipher obtained after client side encryption is available.

      Server Receives: "U2FsdGVkX199xxTLkZYgY8VJx7SE/wKq9Xs5CHa/0h A=|

      Next, two keys are generated. Of these two keys one is extracted from the available cipher and the other key is predefined in the algorithm

      .

      Key 1:GFUdk2Vs (Obtained from random positions) Key 2:CrIpTaTo_PuBlI

      These two keys are combined to form a master key Master Key:Ts2oVkTGCUraIdFp

      3rd letter of current cipher is taken then to find an index. Here we get F

      (ASCII of F=96, 96%5=2,so position =2)

      Encryption is done using AES algorithm with the master key and cipher obtained after client side encryption as inputs.

      After Encryption the cipher is: U2FsdGVkX199xxTLkZYgY8VJx7SE/wKq9Xs5CHa/0h A=

      Next find the positions to insert the key

      For this we use the position value obtained in the previous step

      • If position =0, key position is {1, 4,7,10…}

      • If position =1, key position is {2, 4, 6,8,10,…}

      • If position =2, key position is {4, 8, 12, ..}

      • And so on…..{max. 5}

   Here position value is 1. So we use index positions {4, 8, 12..} to insert the master key.

   Value of variable position is stored in 3rd position So finally the cipher text stored in database will be Master Key + Data:

   oTs22oVkTGCUraIdFpfpO3TYT5GWU56CBmI0m4K Bvr6TQY1swiOoarvykg2e/u0fw0QnrgQTxW6g2p6g6 The key is mixed with the cipher instead of saving it separately.

2. Decryption

   In the decryption process, the reverse of encryption is performed.

   The text obtained from database includes key and the actual cipher.

   KEY+DATA=

   oTs22oVkTGCUraIdFpfpO3TYT5GWU56CBmI0m4KBvr6T QY1swiOoarvykg2e/u0fw0QnrgQTxW6g2p6g6

   Check the 3rd character to get the pattern in which keys are mixed in the actual cipher

   In the example it is 2. Get the pattern corresponding to 2 i.e. {2, 8, 12…}

   Get the key from these positions Key= Ts2oVkTGCUraIdFp Use this key to decrypt the cipher:

   OTs22oVkTGCUraIdFpfpO3TYT5GWU56CBmI0m4KBvr6

   TQY1swiOoarvykg2e/u0fw0QnrgQTxW6g2p6g6

   Data obtained after decryption is:

   U2FsdGVkX199xxTLkZYgY8VJx7SE/wKq9Xs5CHa/0hA=

   This text is sent to the client through a secure channel. At the client side this cipher is decrypted using the key used earlier at the client side. After decryption the actual text is obtained: Ship Name

   1. RESULTS AND CONCLUSION

      In the proposed system encryption and decryption process will be done at both server and client side to provide more security to the data. Since the key for encryption and decryption is stored in the data itself it is impossible to track the key from the data base thus system can provide more security than the existing system. Proposed system is implemented by providing three phases of encryption and decryption: server side, channel, and client side. In existing system direct data is handled. Here data size may be large but the security provided by this system is three times more than the existing system.

   2. CONCLUSION AND FUTURE SCOPE

   The common goal in data encryption is to ensure security of confidential data. We have proposed a system that enables users to create, and to share data among other users securely. Three levels of encryption are used so that even though

   someone got the data in the middle way, the actual data won't be disclosed. A spreadsheet application named CRIPTATO was developed using the proposed algorithm. This online to his wish. He can choose various tables of his choice and enter or remove data into or from it. All the data stored in the database are encrypted using the algorithm. The method can be extended to encrypt document and image files, and can be used to create highly secure cloud data storage services.

   The main advantages of the proposed system are:

   • Since encryption is done at three levels and final decryption is done at the client side just before the client access the data, at every time the data will be decrypted and the attacker cannot understand the actual data.

   • Since data is encrypted at multiple levels, even though an attacker cracked the data at server he cannot be sure whether the decryption process was correct because the decrypted data is not the actual data, but data encrypted at the client side.

   • User can create groups and add members to group using their mail id. This feature can be useful when doing a group project or survey. Every user can access the data shared in the group. If the data is not shared in the group only one user can access them.

   • User can customize the tables, i.e.; he can create tables of any format according to his wish.

   • Each user and group is provided with a separate database, this makes managing of database easy.

     The main concepts of the proposed system to be dealt in the future are:

   • The encryption system can be usedto implement a mail server, which encrypts the text, attachment and subject part of a mail.

   • The encryption system can be used as an online office tool just like spreadsheet to store spreadsheets online.

   • The encryption system can be used as an online office tool just like spreadsheet to store spreadsheets online.

   • In the future we can use the system to encrypt image and document files, which can be implemented in cloud data storage, thereby

     application enables creation and sharing of spreadsheets with high security. The user has options to create tables according

   • In the future we can use the system to encrypt image and document files, which can be implemented in cloud data storage, thereby increasing the data of cloud systems.

ACKNOWLEDGMENT

We extend our sincere gratitude to our project coordinator and guide Prof. Manjusha S Nair, College of Engineering, Chengannur, for motivating suggestions, insightful advice, valuable guidance, help and support in successful completion of this paper.

REFERENCES

1. Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu- Order Preserving Encryption for Numeric Data IBM Almaden Research Center 650 Harry Road, SanJose, CA 95120.

2. Nagarjuna.Settipalli, R Manjula Securing Watermarked-Relational Data by Using Encryption and Decryption VIT University, Vellore Tamil Nadu, India.

3. M.Susithra ,Vellore Institute of Technology, India An Implementation of Database Image Encryption Using TSFS Techniques Volume 3, Issue 7, July 2013 International Journal of Advanced Research in Computer Science and Software Engineering.

4. Oracle Corporation. Database Encryption in Oracle 8i, August 2000.

5. Nicolas Courtois, Josef Pieprzyk, Cryptanalysis of Block Ciphers With Over defined Systems of Equations, ASIACRYPT 2002.

6. Biham, Eli and Shamir, Adi,1991, Differential Cryptanalysis Of DES like Cryptosystems of Cryptology.

7. Delfs, Hans and Helmut (2007), Symmetric key encryption, Introduction to cryptography: Principles and Applications.