Professional Documents
Culture Documents
1 | Page
1.1 Introduction
In todays world most of the communication is done through digital media. Information
security plays a important role in such communications. Therefore, there is always a need to
protect data from unidentified or unauthorized attacks. The previous algorithm was Data
Encryption Standard (DES) which had several loopholes or issues such as small key size and
vulnerable to brute force attack and DES cant provide efficient and high level security. These
issues has been resolved or overcome by new algorithm known as Advanced Encryption
Standards, also known as Rijndael ciphers.
Advanced Encryption Standards (AES) also called as Rijndael is the specification for
encryption and decryption of digital data established by National Institute of Standards and
Technology (NIST) in the year 2001.Rindael cipher is implemented by two Belgian
cryptographers, Joan Diemen and Vincent Rijmen. Rijndael ciphers are the family of ciphers
with different key and varying sizes. NIST have selected three members of Rijndael family
each consists of a block size of 128 bits but consists of different key lengths 128 bits, 192
bits, 256 bits respectively.
The AES algorithm overcomes the issues of Data Encryption Standards (DES), which was
published in the year 1977.The AES algorithm is a symmetric key algorithm i.e. same key is
used for both encryption and decryption.
In this project work, plain text of 128 bit is given as input to the encryption block, which
encrypts the message and produces the cipher text of 128 bits as output. The key lengths of
128 bits, 192 bits, 256 bits respectively are used in the process of encryption.
1.2 Definitions
Cryptography
2 | Page
Cipher Text
In cryptography, cipher text is the output of the encryption performed on
the plain text through an algorithm. They are also called as encrypted or
encoded information as it contains original message that is unreadable by
the humans without proper cipher to decrypt it.
Encryption
Decryption
Decryption is the process of decoding encrypted data so that it can be
accessed by only authorised parties. Decryption is the reverse process of
encryption. It is the process of converting the encrypted data back into
the plain text. An authorised user can decrypt the data because
decryption requires secret key.
Symmetric-key Cryptography
Asymmetric-key Cryptography
Public key cryptography or asymmetric key cryptography is the
cryptographic system that uses a pair of keys: public and private keys
respectively. Public key that may be distributed widely paired with private
keys.
3 | Page
1.3 Purpose
1.4 Motivation
NoSql databases are the best solutions for cloud databases because all
the characteristics that define the NoSql databases are very desirable
for cloud databases. The cloud databases are not ACID compliant and it
provide improved availability, scalability, performance and flexibility.
Most of the NoSql databases do not provide authentication and
authorization. Data confidentiality is not achieved in NoSql databases
because data is usually store clear. Most of the NoSql databases do not
provide a mechanism of secure client communication.
We have implemented AES algorithm which provides data security
through the client/server communication. We have implemented AES
algorithm in java technology which provides data security while data is
in motion i.e. when data is transmitting from client to server.
Chapter-1 Introduction
Chapter-2 Literature Review
Chapter-3 NoSql Databases
Chapter-4 Advanced Encryption Standards
Chapter-5 Proposed Methodology
Chapter-6 Conclusion, Limitations and Future Work.
4 | Page
CHAPTER-2
Review of Literature
5 | Page
2.1 Literature Review
The goal of cryptographic algorithms is to provide strong security. From several years DES is
used as a cryptographic algorithm. Due to shortfalls of DES such as small key size, DES is
replaced by Rijndael algorithm which became standard in this domain.
Our system aims to reduce the attacks in NoSql databases by implementing AES algorithm at
the middleware i.e. at the application layer. We have built a client/server application which
provides security at the time of data sharing or inserting data from remote location to the
databases. All NoSql databases are cloud based, so implementing security at application layer
is very much beneficial to reduce the unauthorized attacks. Our application encrypts data
before transmitting it to the server. After encryption, the data is sent to the server end and the
encrypted data is stored on the server. The recipient requires the same key which is used at
the time of encryption to decrypt the data.
The NoSql databases emerge with different security issues. The main focus of NoSql
databases is handling new data set with less priority on security. The NoSql databases are
built to meet the requirements of big data and less importance is given on security during the
design phase. NoSql databases do not provide any feature of inserting security in the database
itself. Developers need to impose security in the middleware. NoSql database are exposed to
replay attacks, brute force attacks, cross side scripting, injection attacks etc. which results in
leakage of information. The main reason behind these attacks is that NoSql database
incorporates weak security mechanism. Some NoSql databases enforce authentication at local
node level but fails to provide authentication at across all servers. NoSql databases has poor
logging and log analysis methods, due to this an insider can gain access to critical data of
users. NoSql databases has very thin security layer, it becomes very difficult for users to
maintain control over the data. In this project we have overcome some of the issues of the
NoSql databases they are: Confidentiality, susceptible to injection attack and lack of
consistency.
6 | Page
CHAPTER-3
NoSQL DATABASES
7 | Page
8 | Page
3.1 Introduction to NoSql Database
The term NoSQL was used by Carlo Strozzi in 1998 to name his lightweight, Strozzi NoSQL
open-source relational database that did not expose the standard SQL interface, but was still
relational
Many NoSQL stores compromise consistency (in the sense of the CAP theorem) in favour of
availability, partition tolerance, and speed.
NoSql is an approach to database design and management that is useful to every large sets of
distributed data. NoSql is part of DBMS that do not follow all rules of relational DBMS and
does not use SQL query on the data.
9 | Page
RELATIONAL VARIABLE VARIABLE LOW MODERATE
DATABASE
Consistency
All the nodes in the system will have the same data, so if someone request for the data he/she
will get the same data regardless of the server which answers their request.
Availability
The node will always respond to the request.
Partition Tolerance
The System will work as a whole even if the any node in the system gets failed or cant be
reached at the time of call.
It is impossible to achieve all the three requirements at the same time, so the combination of
two properties must be chosen from the three and this would be the deciding factor for the
technology to be used. Therefore different NoSql database follows different combination of
C, A, P from the CAP Theorem. Brief discussion on CA, CP, AP
CA
All the nodes are always in contact because of single site cluster. If partition occurs, system
blocks.
CP
Some of the data is not accessible; rest of the data is available and is consistent and accurate.
AP
System is still available under partitioning; some of the data returned may be inaccurate.
10 | P a g e
Figure 1: CAP Theorem
NoSql databases are scalable and provide high performance as compared to relational
databases and NoSql databases are designed to resolve several issues which relational
database cannot resolve.
a. Dynamic Schemas.
b. Auto Sharding
c. Replication
d. Integrated Caching
11 | P a g e
3.5 NoSql V/S Sql
Sql NoSql
Developed in 1970 to deal with data Developed in late 2000 to deal with
storage applications limitations of Sql especially scalability
Consist of one type. Consists of different types including key-
value, document, wide-column, graph
database.
Examples are MySql, MS SQL, oracle Examples are MongoDB, HBase,
database etc. Cassandra, Riak etc.
Mix of open source(eg Postgres, MySql) Open source
and closed source(eg oracle database)
Data Manipulation Through specific Data Manipulation through object
language such as Insert, delete, update oriented API.
etc.
Strong Consistent Depends on product i.e. some provide
strong consistency (eg MongoDB) and
some provide eventual consistency (eg.
Cassandra).
Data Type and structure is fixed in Typically Dynamic.
advance
Table 2: Sql v/s NoSql
12 | P a g e
For example
firstName : Gaurav,
<FirstName>Gaurav</FirstName>
<Lname>Sen</Lname>
<address>
<Street>Palasia</Street>
<City>Indore</City>
<State>MP</State>
</address>
</details>
13 | P a g e
LIST OF DOCUMENT STORE DATABASES
NAME PUBLISHE LICENCE SUPPORTE REPRESENTATIONA
D BY D L STATE TRANSFER
LANGUAG API
E
SIMPLE AMAZON ONLINE SERVICES Erlang Yes
DB
MARK Marklogic Free C++,java, Yes
LOGIC corp. Developer/commerci node.js
al
MongoD MongoDB Apache Java, c/c++, Yes
B inc. perl, python
Table 3: List of Document Store Databases
Representational State Transfer API consists of components sets, connectors and data
elements through distributed system. Purpose of REST is to import simplicity, scalability,
performance, reliability etc. It is a architecture s/w design of WWW.
It is a prototype designed to sore, manage and retrieve associative array. It is a data structure
mostly known today as hash or dictionary. Dictionaries are defined as collection of
objects/records having different fields each consist of data items. Similarly, key value store
database can also be defined as map or associative array .
Void Add (k key, V value)= add given key value pair in the dictionary.
bool Remove (key)=removes the value associated with the key and returns true/false.
Key Value
A1 12345
A2 12,ABC,321
A3 XYZ
A4 PQR,789,1
A5 45,2,DES
Table 4: List of key value store
14 | P a g e
3.6.3 GRAPH DATABASE
In computer science, graph database uses graphical structures for systematic or well formed
queries consist of edges, nodes and properties to store and represent data. Graphs are used to
express computational flow, communication networks, data organization etc. Compared to
relational databases graph store are faster for associative data set and map directly to object
oriented applications. These can be scaled to large data sets and does not require extensive
join operations.
Graph databases are based on graph Theory. It consists of nodes, edges and properties. Graph
is an ordered pair consist of set of vertices V and set of edges E, G= (V, E).
Nodes
It represents entities.Entity is an object in the real world that can be distinguished from other
objects. For eg. People,car,account etc.Graph databases are equivalent to records or relation
in RDBMS and document in document databases.
Edges
Edges are the lines that connects one node to the another.They are called as relationships.
Properties
15 | P a g e
Properties are appropriate information that expresses to nodes.
16 | P a g e
itself. Developers need to impose security in the middleware. The main security issues of
NoSql database are:
17 | P a g e
CHAPTER-4
ADVANCED ENCRYPTION STANDARDS
18 | P a g e
4.1 STANDARDS OF ADVANCED ENCRYPTION
The Advanced Encryption Standard also known as Rijndael algorithm is a specification for
the encryption of electronic data established by the U.S. National Institute of Standards and
Technology (NIST) in 2001.
NIST have selected 3 members of the AES, each having a block size of 128 bits, but consist
of three different key lengths: 128,192 and 256 bits respectively.
AES performs on a 4 4 matrix known as the state, although some versions of Rijndael
cipher have large block sizes and can have additional columns in the state. Most of the AES
calculations are done in a special finite field called as Galois field.
For instance, if there are 16 bytes a0, a1, a2..................., a15 these bytes are represented as
this matrix:
19 | P a g e
4.2 Description of the algorithm
Key ExpansionWith the help of Rijndael key schedule round keys are derived from
the cipher keys. AES requires a separate 128-bit round key for each round and one more
key.
Initial Round
AddRoundKey OperationEach byte of the state is joined or combined with the
block of round key through bitwise XOR.
Final Round
SubBytes
ShiftRows
AddRoundKey.
20 | P a g e
encryption or decryption. After the final stage, State is copied to an output matrix. These
operations are depicted in Figure 5.2a. Similarly, the key is depicted as a square matrix of
bytes.This key is then expanded into an array of key schedule words. Figure 5.2b shows the
expansion for the 128-bit key. Each word is four bytes, and the total key schedule is 44 words
for the 128-bit key. Note that the ordering of bytes within a matrix is by column. So, for
example, the first four bytes of a 128-bit plaintext input to the encryption cipher occupy the
first column of the in matrix, the second four bytes occupy the second column, and so on.
Similarly, the first four bytes of the expanded key, which form a word, occupy the first
column of the w matrix. The cipher consists of rounds, where the number of rounds depends
on the key length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for
a 32-byte key. The first rounds consist of four distinct transformation functions: SubBytes,
ShiftRows, MixColumns, and AddRoundKey, which are described subsequently. The final
round contains only three transformations, and there is a initial single transformation
(AddRoundKey) before the first round which can be considered Round 0. Each
transformation takes one or more 4*4 matrices as input and produces a matrix as output.
Figure 5.1 shows that the output of each round is a matrix, with the output of the final round
being the cipher text. Also, the key expansion function generates round keys, each of which is
a distinct matrix. Each round key serve as one of the inputs to the AddRoundKey
transformation in each round.
21 | P a g e
Figure 4: AES Structure
Security
The main emphasis was on security because NIST demanded a 128 bit key, this focuses on
resistance to cryptanalysis attack other than brute force attack.
Cost
It covers the computational efficiency and storage requirement for implementation such as
hardware, software etc.
Implementation
22 | P a g e
4.6.1 SubByte Operation:
The forward substitute byte transformation, called SubBytes, is a simple table lookup. AES
defines a matrix of byte values, called an S-box, that contains a permutation of all possible
256 8-bit values. Each individual byte of State is mapped into a new byte in the following
way: The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used
as a column value. These row and column values serve as indexes into the S-box to select a
unique 8-bit output value.
23 | P a g e
Table 7: S-box
24 | P a g e
Table 8: Inverse S-box
For example, the hexadecimal value {75} references row 7, column 5 of the S-box, which
contains the value {9D}. Accordingly, the value is mapped. Here is an example of the
SubBytes transformation:
25 | P a g e
4.6.2 ADDROUND KEY:
In the forward add round key transformation, called AddRoundKey, the 128 bits of State are
bitwise XORed with the 128 bits of the round key. The following is an example of
AddRoundKey:
The first matrix is State, and the second matrix is the round key. The inverse add round key
transformation is identical to the forward add round key transformation, because the XOR
operation is its own inverse.
26 | P a g e
Here is an example of the ShiftRow transformation:
The inverse shift row transformation, called InvShiftRows, performs the circular shifts in
the opposite direction for each of the last three rows, with a 1-byte circular right shift for the
second row, and so on.
27 | P a g e
The MixColumns transformation on a single column of State can be expressed as:
Figure 11-
Mix Column
Matrix
The inverse mix column transformation, called InvMixColumns, is defined by the following
matrix multiplication:
28 | P a g e
CHAPTER-5
Proposed Methodology
29 | P a g e
5.1Goal of the Project
The main goal of our project is to provide strong security mechanism in NoSql databases
which relies on client/server for their process. We have implemented Advanced Encryption
Standard also known as Rijndael algorithm to provide security in NoSql databases.AES is a
symmetric key cryptographic algorithm i.e both the encryption and decryption keys are same.
NoSql databases are schema less unstructured databases, which are increasingly used in big
data and real time web application. The proposed system is the client/server based
application. To realize this system several step have been followed and described. It begins
with the flow chart of the proposed system.
30 | P a g e
31 | P a g e
5.1 Implementation Details
For Advanced Encryption standards algorithm, we have implemented a
client/server based application. The implementation details of this
application are:
The decrypt (byte[] in, byte[] key) method uses following function to
generate original message i.e. plain text.
Generate subBytes method is used for key expansion.
Decrypt block method are used to decrypt block of data.
Decrypt block method uses InSubByte(), InShiftRows(),
InMixColumns() and InAddRoundKey() methods. For last round
InvMixColumns() method is not used.
The output of the whole program is plain text.
32 | P a g e
Figure 14: Client Gui
33 | P a g e
Figure 16: Encryption key Gui
34 | P a g e
Figure 18: Server Encryption/Decryption Gui
35 | P a g e
CHAPTER-6
CONCLUSION, LIMITATIONS AND FUTURE WORK
36 | P a g e
6.1 CONCLUSION
To overcome the security issues in NoSql databases, programmers need to fix the security
mechanism at the application layer or the middleware along with strengthening the database
in comparison with the relational databases without compromising the scalability and
performance of the NoSql database.
The Advanced Encryption Standard was successfully implemented for NoSql databases using
Java Technology. The project was implemented using Net beans IDE. All data messages were
successfully encrypted using different keys and of varying sizes. The whole process takes
place over the server as this is the client/server application. Here whole processes have been
implemented on a local machine i.e. the client and the server are on the same machine
consisting of local host. The original data was successfully retrieved using decryption of the
cipher text. All the changes made in the system was tested and proved to be perfectly
encrypting and decrypting the messages with high security and protection against the
attackers or unauthorized persons.
6.2 LIMITATIONS
It requires more processing of large data sets as it is implemented on 128 bit encryption.
The only successful attacks against AES data encryption have been side-channel attacks,
which don't attack the actual AES cipher, rather its implementation.
REFERENCES
37 | P a g e
[1] Mohamed A. Mohamed, Obay G. Altrafi, Mohammed O. Ismail, Relational vs. NoSQL
Databases: A Survey, Department of Computer Science University of Khartoum Khartoum,
Sudan.
[2] Asadulla Khan Zaki, NoSQL DATABASES: NEW MILLENNIUM DATABASE FOR
BIG DATA, BIG USERS, CLOUD COMPUTING AND ITS SECURITY CHALLENGES,
Department of Computer Science and Engineering, BMS College of Engineering, Bangalore,
India.
[3] Omkar Gaurav, Swapnil Shirode, Anand Shende, Piyush Govekar, Secure Unique
Identification using Encrypted Storage in NoSQL Database, Computer, AISSMS IOIT, Pune,
Maharashtra, India.
[4] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm Submission,
September 3, 1999, available at [1].
[5] J. Daemen and V. Rijmen, The block cipher Rijndael, Smart Card research and
Applications, LNCS 1820, Springer-Verlag, pp. 288-296.
[6] Priya P. Sharma, Chandrakant P. Navdeti, Securing Big Data Hadoop: A Review of
Security
Issues, Threats and Solution, Information Technology Department SGGS IE&T, Nanded,
India.
[7] Bhawna Gupta and Dr. Kiran Jyoti, Big Data Analytics with Hadoop to analyze Targeted
Attacks on Enterprise Data, Deptt. Of Computer Science Baba Farid College Bathinda,
Punjab, Deptt. Of Computer Science Guru Nanak Engineering College Ludhiana, Punjab.
[8] National Institute of Standards and Technology Advanced Encryption Standard, FIPS 197
(2011).
[9] Karan Patel, Kirti Sharma and Mosin Hasan, Encrypting MongoDB Data using
Application Level
Interface, Department of Computer Engineering Birla Vishvakarma Mahavidyalaya Vallabh
Vidyanagar, India.
[10] Clarence J M Tauro, Aravindh S, Shreeharsha A.B, Comparative Study of the New
Generation, Agile, Scalable, High Performance NOSQL Databases, Centre for Research,
Christ University, Hosur Road, Bangalore, India.
[11] AES page available via http://www.nist.gov/CryptoToolkit.4
[12] James Nechvatal, Elaine Barker, Lawrence Bassham, William Burr, Morris Dworkin,
James Foti, Edward Roback, Report on the Development of the Advanced Encryption
Standard (AES) ,Computer Security Division Information Technology Laboratory National
Institute of Standards and Technology Technology Administration U.S. Department of
Commerce Publication Date: October 2, 2000
38 | P a g e
[13]https://en.wikipedia.org/wiki/Graph_database#/media/File:GraphDatabase_PropertyGrap
h.png
[14] https://en.wikipedia.org/wiki/CAP_theorem
[15] https://en.wikipedia.org/wiki/NoSQL
[16] Lokesh Kumar, Dr. Shalini Rajawat and Krati Joshi, Comparative analysis of NoSQL
(MongoDB) with MySQL Database, International Journal of Modern Trends in Engineering
and Research (IJMTER) Volume 02, Issue 05 [May 2015].
Books
Cryptography and Network Security Forouzan
Cryptography and Network Security - Prins and Pract. 5th ed - W. Stallings (Pearson,
2011) BBS
Database Management System - By Korth
39 | P a g e