IJSTE - International Journal of Science Technology & Engineering | Volume 2 | Issue 09 | March 2016

ISSN (online): 2349-784X

Improving Security in SAP-HANA Cloud by

Applying Multiple Encryption Policies
Suraj U Rasal
Assistant Professor
Department of Computer Engineering
Bharati Vidyapeeth Deemed Universitys
College of Engineering, Pune

Kratika Gupta
Department of Computer Engineering
Bharati Vidyapeeth Deemed Universitys
College of Engineering, Pune

Varsha Thanaji Mulik

Department of Computer Engineering
Nehru College of Engineering& Research center, Kerala

Shraddha T Shelar
Assistant Professor
Department of Information technology
D Y Patil College of Engineering Akurdi, Pune

Abstract
SAP HANA is current approach to manage enterprise working environment. Database is very important segment is this approach
which needs to be protected with high level security. This requirement can be achieved by applying multiple security policies in
the database access to increase its security level.
Keywords: Attribute Based Encryption (ABE), Cipher Text (CP), Security leve ( ), Encryption policies (Ep)
________________________________________________________________________________________________________
I.

INTRODUCTION

SAP is a multinational software company which is religiously working to manage business operation and customer association. It
originally focused on enterprise resource planning, its first product SAP R/98 offered common system to manage multifarious
task and centralized data storage [1]. SAP R/2, SAP R/3 succeeding it were some other version which were updated, revised for
increasing and updating older capabilities [7]. SAP HANA originally called SAP High Performance Analytic Appliance is an
application server based on Relational database management system was developed by SAP SE. The main feature include: in
memory database and column orientation [2]. This product offer Business intelligence with real time response. HANA is an
alternative of cloud storage with smaller memory available on IBM cloud. SAP HANA started supporting SAP NetWeaver
Business Warehouse in September 2011, a data warehouse based on RDBMS and in-memory DBMS [6]. It is useful for
reporting, analysis, and interpretation of business data that processes and enable enterprise to respond periodically to meet
market demand. It also bolsters sap enterprise resource planning, whose operations are: Sales & Distribution, Materials
Management, Production Planning, Logistics Execution, and Quality Management, Financials (Financial Accounting,
Management Accounting, and Financial Supply Chain Management) and Human Capital Management (Payroll, e-Recruiting).
II. CURRENT TRENDS
Current enterprise generation:
The architectures of current-generation business systems delineate the technological advances that have been evolved for
business development [2].
Database layer:
Database management system delineates the controlled performance on hardware with finite main memory constricted with slow
I/O disk. Limiting access to disk was the cornerstone. To minimize the number of disk pages to be read into main memory when
processing a query [2].
Business application layer:
Business software evolved through a sequential processing paradigm. Data was stored in conventional manner which could be
retrieved from database, processed row by row and operated it needed and could again be stored . As discussed by Plattner and
Zeier in their recent book on in-memory data management says if we dichotomize data processing we get two important factors
[2].

All rights reserved by www.ijste.org

196

Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies

(IJSTE/ Volume 2 / Issue 09 / 035)

Online transaction processing (OLTP) systems:

These are highly normalized to volume of data intake and to speed up inserts, updates, and deletes. This high degree of
normalization is a disadvantage while retrieving data, as multiple tables may have to be joined, which severely impacts
performance. OLAP (Online Analytical Processing) is the technology behind many Business Intelligence (BI) applications.
OLAP is a powerful technology for data discovery, including capabilities for limitless report viewing, complex analytical
calculations, and predictive what if scenario (budget, forecast) planning [2].

Fig. 1: OLAP in SAP HANA [5]

The figure depicts a typical enterprise software scenario: Large organizations need to deal with large number of data, and thus
need multiple enterprise resource planning (ERP) systems, each operate with its own data set and functioning. Analytical data to
be processed is combined in data warehouse and used business users via business intelligence (BI) solutions. Data marts and
local BI clients are used where large and most recent data reporting is needed [5].
III. MERGING CLOUD WITH SAP HANA
Cloud-Based Efficiency:
Companies are today inclined to increase business efficiency with the agility by exploiting in-memory analysis so that real time
and data-driven decision making gives maximum output to their firm. Second, engulfing cloud computing technologies is an
advance and initiated step to bring a change to how IT services are delivered. Intel Xeon processor E7 v2 family implements the
above two principals very productively and deliver better performance at lower total cost and with comparable levels of
reliability, availability and serviceability. Intel and SAP collaborated to bring these trends together in SAP HANA. SAP HANA
holds the responsibility to store myriad of information such as business data, customer data and transactions, which are
vulnerable and demands cloud security and compliance [3].

All rights reserved by www.ijste.org

197

Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies

(IJSTE/ Volume 2 / Issue 09 / 035)

Fig. 2: SAP HANA coud Architecture [2]

IV. RESEARCH METHODOLOGY

Bribery, extortion and other con games have found new life online. Today, botnets and new viruses now encrypt cloud data.
Cloud being the source of all important and confidential data increases its vulnerability to attacks thus needing high security in
terms of data protection, user identification and disaster and data breach. Database is accessed by different data mining
approaches [7].
Identified circumstances in the cloud:
1) Clouds are exceptionally an infinite repository to the businesses for working those working with data in every aspect like
shopping malls, libraries, car showrooms etc. Customers have no transparency to where and how their personal information is
getting stored into the data center environment, where the data may be shared with other customers also [2]. 2) The
administrators and employee who manage the customer data have access to the entire data and application. Dominating the
outside attack is the insider one, an advanced persistent threat (APT) is a network attack in which an unauthorized person gains
access to a network and stays there undetected for a long period of time [3]. Thus business should maintain security and integrity
of data which to maintain customer faith and relation.
Merging Security with SAP HANA:
Achieving Security and Compliance for SAP HANA in the cloud:
To ensure security and maintenance one needs to take measure at every level of storage. Security should not be claimed at cost of
performance and data processing. Few efficient technologies like Vormetric, Virtustream, and Intel based on SAP HANA
optimize a compliant technology.
Role-based access and authorization for SAP HANA users and administrators:
SAP ensures the security of data based on use friendly and interactive methodology like authentication based on passwords,
ticket based authentication protocol implementing Symmetric key encryption(Kerberos), SAP login and digital certificates
(X.509) and so on.[8]
Data encryption:
Encryption algorithm is practiced at both back hand and while communicating via network to ensure security
Transaction logs and reporting mechanisms:
SAP HANA stored secondary information needed by business firm to investigate on users authenticity with retrieval and
processing facility along with business data.

All rights reserved by www.ijste.org

198

Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies

(IJSTE/ Volume 2 / Issue 09 / 035)

Security Policies:
There are multiple policies which are applied to make internet secure. But its studied that less number of policies are applied.
SAP HANA architecture is based on networking domain and coud sub domain which is keen to network security. Database
access is important term to make data base communication securely. Security policies are like cipher text policies (Cp), Attribute
Based Encryption (Ab), Decentralized policy (Dc), Multiple Authority policy. Cipher text is the obtained by encrypting plain text
using an algorithm, called a cipher. This text is unreadable by user or computer until applied a special decryption policy. Modern
cipher includes Public and Private Key Cryptography.
Decentralized key policy where secret key is issued by each authority to user not depending on central authority. It means that
that there is no need to trust on to the central authority. Decentralized key-attribute based encryption both the user secret key and
the cipher text are acknowledged by set of different attribute [8]. Encryption of message is with view of certain set of attributes
hence to decrypt the cipher text the receiver revels the actual data only when secret key map to the attributes in cipher text. In an
identity based encryption scheme, each user is assigned a unique identity string. So any user can create his public key for
exchange of information securely. In multi authority ABE secret key of different users from different authorities must be tied to
his global identifier (GID).
Applying multiple security policies:
Encryption policies play a vital role to make communication secure and efficient. In this paper the concept is suggested that
multiple policies can be applied simultaneously which brings high security level approach. When SAP HANA appliance layer
contacts to SAP HANA database, security level is zero in the present system. It may result is weak database access. Multiple
policies can be applied in the communication medium between SAP-HANA database and Appliance layer. Cipher text policy
(CP) can change the data in encrypted form [10]. Attribute Based Encryption (ABE) can be applied to allocate an attribute for
individual tasks or functionalities which shows flexible secure environment [11]. Decentralized key approach can be applied for
Certificate authorities. Certificate authorities are user programs which gives security certificates for user & data validation or
authorization.

Fig. 3: Multiple policy based encryption in SAP HANA architecture

Its shown in above Fig.3, Ep is considered as encryption policies which is composed with,
Ep = Cp + Ab + Dc
Cp is Cipher text policy, Abis Attribute based policy &Dc is Decentralized key policy. As it can be said that Security level is
directly proportional to number of security policies applied over network [8].
Ep Sl
As Ep is considered as summation of multiple security policies and is security level. When the term database comes in the
computing part, data base access is very important parameter. As in SAP HANA data mining approach is used to exchange data.
By applying multiple security policies in database access between SAP HANA database and appliance layer, its communication
medium will be more secured.
V. CONCLUSION
Database is one of the important computing environments in SAP HANA. In SAP HANA cloud, database access keen to have
secure network to exchange data between database to database and database to client. Multiple security policy approach between
database and appliance increases security level which makes communication more secured.
REFERENCES
[1]

Sikka, V., Frber, F., Lehner, W., Cha, S. K., Peh, T., & Bornhvd, C. (2012). Efficient transaction processing in SAP HANA
database. SIGMOD Conference (p. 731).

All rights reserved by www.ijste.org

199

Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies

(IJSTE/ Volume 2 / Issue 09 / 035)
[2]
[3]

[4]
[5]

[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]

An
Oracle
White
Paper.
(2014). Analysis
of
SAP
HANA
High
Availability
Capabilities. Available:
http://www.oracle.com/technetwork/database/availability/sap-hana-ha-analysis-cwp-1959003.pdf. Last accessed 22nd March 2016.
Intel
Real-Time
Business
Intelligence
White
Paper.(2014). Security
in
the
Cloud
for
SAP
HANA*. Available:
http://www.intel.in/content/dam/www/public/us/en/documents/white-papers/cloud-security-xeon-e7-v2-sap-virtustream-paper.pdf. Last accessed 22nd
March 2016.
Frber, F., Cha, S. K., Primsch, J., Bornhvd, C., Sigg, S., & Lehner, W. (2011). SAP HANA Database - Data Management for Modern Business
Applications. SIGMOD Record, 40(4), 45-51.
SAP HANA-Explore and Analyze Vast Quantities of Data from Virtually Any Source at the Speed of Thought white paper. (2011). SAP HANA for
Next-Generation
Business
Applications
and
Real-Time
Analytics.Available:http://hana.sap.com/content/dam/website/saphana/en_us/S4%20HANA/Final_Launch_S4HANA_Plattner.pdf. Last accessed 19th
March 2016.
Weyerhaeuser, C., Mindnich, T., Faerber, F., & Lehner, W. (2008). Exploiting Graphic Card Processor Technology to Accelerate Data Mining Queries in
SAP NetWeaver BIA. 2008 IEEE International Conference on Data Mining Workshops (pp. 506-515).
Legler, T., Lehner, W., & Ross, A. (2006). Data mining with the SAP NetWeaver BI accelerator, 1059-1068.
Jinguang Han, Willy Susilo, Yi Mu, Jianying Zhou, and Man Ho Allen Au,(MARCH 2015). Improving Privacy and Security in Decentralized CiphertextPolicy Attribute-Based Encryption. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10 (3), 665-678.
P. Bichsel, J. Camenisch, T. Gro, and V. Shoup, Anonymous credentials on a standard Java Card, in Proc. ACM Conf. CCS, 2009, pp. 600610.
D. Boneh and M. K. Franklin. Identity-based encryption from the Weil pairing. In CRYPTO, pages213229, 2001
D. Boneh and X. Boyen. Efficient selective-id secure identity based encryption without random oracles. In EUROCRYPT, pages 223 - 238, 2004.
D. Boneh and X. Boyen. Secure identity based encryption without random oracles. In CRYPTO, pages 443-459, 2004
A. Sahai and B. Waters, Fuzzy identity-based encryption, in Advances in Cryptology (Lecture Notes in Computer Science), vol. 3494. Heidelberg,
Germany: Springer-Verlag, 2005, pp. 457473.

All rights reserved by www.ijste.org

200