(IJCNS) International Journal of Computer and Network Security, 103

Vol. 2, No. 1, January 2010

NUMERIC TO NUMERIC ENCRYPTION OF

DATABASES: Comparison of Standard Encryption
and the Proposed 3Kdec Algorithms
Dr. Himanshu Aggarwal1, Kamaljit Kaur2, Kanwalvir Singh Dhindsa3 and Ghanaya Singh4
Department of Computer Engineering, Punjabi University, Patiala
himanshu@pbi.ac.in
2
Department of Computer Science, Punjab Technical University, RBCEBTW
Kharar, Punjab, India
kamal.aalam@gmail.com
3
Department of Computer Science & Information Technology, Punjab Technical University,, BBSBEC
Fatehgarh Sahib, Punjab, India
kdhindsa@gmail.com
4
Project Manager (Research & Development), Miri InfoTech,
Chandigarh, India
ghanaya@gmail.com

Abstract: Information is a vital asset for any organization or a
business and is crucial to their profitability. Important records
detailing company user’s history, products and supplier
information or any confidential information is stored in and
retrieved from a database which makes it a foundation of
business systems. Protecting database is increasingly important
and difficult. The sensitive data in the database is the target to
attackers. To properly maintain the integrity and confidentiality
of data, database security becomes one of the most urgent
challenges in database research. One of the requirements for
database security is Database Encryption with which data is
encrypted as it moves across networks and as it sits at rest, in
storage on database systems.
The proposed research is to secure the numeric data in the
databases. It presents a practical solution to the problem in the
existing standard algorithms where numeric data is converted to
binary or alphanumeric type and hence encrypted data is not
possible to be stored in the existing numeric column. The 3Kdec
algorithm allows record level encryption that encrypts numeric
data and gives numeric encrypted value, hence eliminating the
need to change the data type of column.
Keywords: Block Cipher, Encryption, Decryption, Symmetric
Encryption, Substitution Box.
1. Introduction
Database is an important part of any management and
information system. It allows the information to be sorted,
searched, viewed, and manipulated according to the
business needs and goals [15]. Efficient database
management capabilities are crucial for the existence of
many businesses. So the information in the databases needs
to be secured. The sensitive data of database has to be
secured from the vulnerabilities of the outside world along
with the internal breaches. Database security methods can
be divided into four layers [18]: Physical security where
using security alarms, locks and human guarding can be
employed; Operating system security where database can be
protected using system passwords and kernel protection.
DBMS (Database Management System) security [2]
provides protection to secured information by means of
access rights and granting of privileges to required
authorized account. Data encryption is beneficial against all
the above approaches as in above techniques the data resides
in the database in its original form and anyone who gets to
the data can read the contents; but incase we use the
encryption approach the information is stored in disguised
way.
2. Numeric Data Encryption with Standard
Encryption Algorithms
Nowadays all the database systems supports the standard
encryption algorithms like AES, DES, TRIPLE DES, RC2,
RC4 and others.
Besides many benefits, these have some limitations when
used to encrypt numeric columns in database. These
algorithms need to change the data type of the column in
order to save the encrypted result.
So, we propose a simple yet secure and efficient algorithm
which preserves the schema of our database by not changing
the data type of the encrypted data.
3. Numeric Data Encryption with 3Kdec
Algorithm
3Kdec is a Symmetric key Block encipherment algorithm.
3Kdec [8] aims to provide a simple and efficient method for
database encryption, overcoming the shortcomings of the
prior database encryption methods with an objective to
suggest how to encrypt the entire contents of the database
without changing its structure. It provides a method of
decrypting only the data of interest, wherein queries are not
104
changed because of the encryption, ensuring that existing
applications can use the encrypted database without the need
for any changes in the application software.
Key Components of 3Kdec Algorithm:

Numeric data to be encrypted.

Three keys

Substitution Box (commonly referred as S-Box) and an
inverse S-box
3.1 Algorithm Operations
3KDec works in the following steps in sequence for set
number of rounds as illustrated in Figure 1.
1) Key Expansion
The single key of the three keys are expanded to as many as
three keys summing up the total of nine keys to be used in
the maximum nine rounds.
2) Find and Substitute
In this step, the digit to be encrypted is found and
substituted independently to provide the confusion effect.
There is no fixed mechanism or any mathematical
correlation in the formation of S-box. The entries of S-box
can be different in different encryption processes.
So the simple structure and variable entries of Substitution
Box makes the algorithm eligible to be used as a Personal
Encryption Algorithm where different S-Box variants can be
used in encryption process depending on the party we are
dealing with and the varying complexity levels can be set
according to our needs.
Output after encryption
Figure 1: Illustration of 3Kdec Algorithm Working
3) Row Shift
This transformation step shifts towards the left. The number
of shifts depends on the row number of the matrix. This
means that the first row of matrix is shifted zero times,
second row of matrix is shifted one time and the third row is
shifted two times towards the left.
During the decryption process, the Inverse Row Shift
process is carried out and the shifting is done towards the
right. The number of shifts is same as the row number.
4) Add Set Key
With each round the matrix is added using XOR operation
with the above expanded keys. This means during first
round of encryption Key 10 is used. In the next round Key 11
and then Key 12 and so on.
3.2 Strengths of 3Kdec Algorithm
1) As the encryption is from numeric to numeric; one
cannot know that the information is encrypted. It
(IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010
appears as if the encrypted data is itself the original
content.
2) As the number of keys are more and hence the key
combination increases to 10 27 which makes guessing of
keys harder.
3) As S-Box has simple structure and variable entries so
the 3Kdec algorithm can be used as Personal
Encryption Algorithm where different encryption
processes can be carried out with varying degree of
complexity depending on the user requirements.
4) Since 3Kdec Algorithm encrypts numeric to numeric
data, encrypted data is possible to be stored in the
existing numeric field thereby algorithm does not
change the data field type and set fixed data length.
4. Comparison of Existing Standard
Encryption Algorithms with 3Kdec
Algorithm
SQL Server is used to compare the existing standard
encryption algorithms with 3Kdec algorithm.
4.1 Existing Standard Encryption Algrithms
When numeric data is encrypted using the standard
encryption algorithms, it gets converted to the binary or
alphanumeric data because of the various linear and non
linear components of the algorithm. Hence, encrypted data
is not possible to be stored in the existing numeric column.
EXAMPLE: Table TestTable:
Figure 2: TestTable Schema
The below query encrypts the numeric column IntCol and
stores the result in another numeric column EncryptIntCol.
UPDATE TestTable
SET EncryptIntCol =
ENCRYPTBYKEY(KEY_GUID('TestTableAESKey'),
CONVERT(nvarchar(100),IntCol))
On selecting the values from the TestTable using the query
below it is found that the encrypted value can not be
decrypted to its original value due to the fact that encrypted
value was converted to numeric when it was saved to a
numeric column which resulted in data loss.
SELECT IntCol, EncryptIntCol,
CONVERT(int,CONVERT(nvarchar(max),
DECRYPTBYKEY(CONVERT(varbinary(max),
EncryptIntCol)))) DecryptIntCol FROM TestTable
 (IJCNS) International Journal of Computer and Network Security, 105
Vol. 2, No. 1, January 2010

3KDec is designed to solve such problems. As shown in

Figure 3: Result of above Select query
example below the encrypted value is numeric which can be
stored in numeric column and decrypted back to original
value.
UPDATE TestTable
SET EncryptIntCol =
Encr3KeyDec.dbo.Encrypt3KDec(IntCol)

To solve this problem it is required to save the encrypted SELECT IntCol, EncryptIntCol,
Encr3KeyDec.dbo.Decrypt3KDec(EncryptIntCol)
data in a binary column. The query below updates the
DecryptCol
numeric column IntCol and saves data in the Binary column
FROM TestTable
EncryptBinaryCol.

UPDATE TestTable
SET EncryptBinaryCol =
ENCRYPTBYKEY(KEY_GUID('TestTableAESKey'),
CONVERT(nvarchar(100),IntCol))

On selecting values from the TestTable it is found that the

decrypted value matched the original values. Figure 5:Result of above Select query

SELECT IntCol, EncryptBinaryCol, So the numeric column can be directly encrypted and
CONVERT(nvarchar(max), updated. It can be again directly decrypted without any
DECRYPTBYKEY(EncryptBinaryCol)) DecryptCol FROM change in the schema of the table.
TestTable
Query below shows the operation of encryption and
decryption using 3KDec:

UPDATE TestTable
SET IntCol = Encr3KeyDec.dbo.Encrypt3KDec(IntCol)

SELECT IntCol FROM TestTable

Figure 4: Result of above Select query

This also shows that encrypted values of numeric column

can not directly stored in it, its data type must be changed so
that value can be decrypted back to its original value.
So a numeric column can be encrypted using following
steps:
1) Alter table, and add a binary column
2) Update the table and save the encrypted values in the
Figure 6:Result of above Select query
binary column
3) Drop the original column
UPDATE TestTable
4) Rename the binary column to original column name
SET IntCol = Encr3KeyDec.dbo.Decrypt3KDec(IntCol)

4.2 Problems with the Change of Datatype: SELECT IntCol FROM TestTable
1) Database can not be used with its original application
because many of the queries using the encrypted column
will fail.
2) Queries using numeric functions on the encrypted
column will fail
3) Queries using numeric aggregate functions on the
encrypted column will fail
4) Numeric validations applied by application on the data
will fail resulting failure of application Figure 7: Result of above Select query

4.3 Solution with 3kdec Algorithm As the encrypted data is numeric and the data type of the
column encrypted remains unchanged so it can be still used
106 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010

with the original application for which the database was corporate secrets – is present in form of data. For computers
designed. and networks which store and transfer this data, it is just
3Kdec algorithm allows the numeric functions, aggregate numbers. It is for us to realize the damage this data can do if
functions, range queries to be directly applicable on the it falls into the hands of an unscrupulous person. Whether
encrypted data without decrypting the operands. the data is on your laptop, desktop, or on an organizations
storage network, it must be secured and should not come in
the hand of an unauthorized entity. Proper access control
5. Results and Discussions mechanism should be enforced for securing the data. While
in motion, data should be well protected. It is advisable to
Table 1: Comparison of Standard Encryption Algorithms
encrypt the data before putting it on a network even if it
with 3Kdec Algorithm
passes through a secure channel. The proposed algorithm
S. No Standard Encryption
can be implemented for securing any corporate related
Algorithms like 3Kdec Algorithm
accounting information to data of personal use. This
AES, DES, Triple
DES, etc algorithm currently works on maximum of 9 digits and
Symmetric Block Symmetric Block Cipher output can also go up to 9 digits which limit its use which
I. Cipher needs to be extended. It does not take into consideration the
concept of various numeric data types available and decimal
Granularity: Record Granularity: Record point numeric data which opens up another area of research
6. Oriented Oriented
and improvements.
Each cell and column Each cell and column
7. can be encrypted can be encrypted under References
under different key. different key.
Numeric data is Numeric data is [1] Davida, G.I., Wells, D.L., and Kam, J.B., “A Database
8. converted to Binary converted to Numeric Encryption System with Sub keys.” ACM Trans.
or alphanumeric data data Database System 6, 1981, pp. 312–328.
Operates on Bytes Operates on Decimal [2] Min-Shiang, H.and Wei-Pang, Y., “Multilevel Secure
9. Digits database encryption with sub keys” Data and
Knowledge Engineering 22, 1997, pp. 117–131.
Block Size: Block size: [3] Fernandez, E.B., Summers, R.C. and Wood C.
10. DES:64-bit 9 digits Database Security and Integrity. Massachusetts:
AES:128-bit Addison Wesley, 1980, ch. 2.
Key size: Key Size: [4] Elovici Y, Waisenberg R, Shmueli E, Gudes E, “A
11. DES:56-bit key 9 digits Structure Preserving Database Encryption Scheme.”
Triple DES:168 bits Secure Data Management 2004, Workshop on Secure
AES: 128, 192 or Data Management, Toronto, Canada, August 2004,
256 bits pp.28-40
Variable number of Fixed Nine Rounds [5] Buehrer D, Chang C, “A Cryptographic mechanism for
12. Rounds sharing databases.” The International Conference on
DES:16 rounds Information & Systems.Hangzhou, China,
AES: 9/11/13 rounds 1991,pp.1039-1045
Existence of No Updating Anomalies [6] Kuhn U, “Analysis of a Database and Index Encryption
13. Updating Anomalies Scheme-Problems and Fixes.” Secure Data
Lack of Fulfillment Fulfillment of Management 2006,pp.146-159
14. of validations in validations in [7] Chang C, Chan CW, “A Database Record Encryption
applications. applications as data type Scheme Using RSA Public Key Cryptosystem and Its
is preserved. Master Keys.” The International Conference on
Query Failure ( in No such Query Failure Computer networks and Mobile Computing(ICCNMC),
15. case of query with 2003 ,pp.312-315
numeric functions, [8] Kaur K, Dhindsa K.S, Singh G, “Numeric to Numeric
aggregate functions) Encryption of Databases: Using 3Kdec Algorithm.”
IEEE International Conference IACC 2009, 2009,
pp.1501-1505
From the above comparison, it is clear that the problems
[9] Furmanyuk A, Karpinskyy M, Borowik B, “Modern
faced with the standard encryption algorithms can be
Approaches to the Database Protection.” IEEE
overcome with the use of 3Kdec algorithm. Table1 compares
International Workshop on Intelligent Data Acquisition
their features. and Advanced Computing Systems: Technology and
Applications, 2007,pp.590-593
6. Conclusion and Future Scope [10] Islam N, Mia H.M., Chowdhury I.F.M, Martin M.A.,
Understanding the need to secure your data is the first step “Effect of Security Increment to Symmetric Data
towards securing it. In today’s age every detail – personal to Encryption through AES Methodology.” Ninth ACIS
International Conference on Software Engineering,
 (IJCNS) International Journal of Computer and Network Security, 107
Artificial Intelligence, Networking and
Parallel/Distributed Computing, 2008, pp.291-294
[11] Arshad H.N., Shah T.N.S., Mohamed A., Mamat M.A.,
“The Design and Implementation of Database
Encryption.” International Journal Of Applied
Mathematics And Informatics, Issue 3, Volume 1,
2007,pp. 115-122
[12] Wang F..Z.., Wang W, Shi L.B., “Storage and Query
over Encrypted Character and Numerical Data in
Database.” The Fifth International Conference on
Computer and Information Technology, 2005, pp.210-
214
[13] Agrawal R., Kiernan J., Srikant R., Xu Y., “Order
Preserving Encryption for Numeric Data” The ACM
SIGMOD Paris, France, 2004, pp.777-788
[14] Securing Data at Rest; Developing a Database
Encryption Strategy, RSA Security, Inc., White Paper,
2002
[15] Date C.J., An Introduction to Database Systems, 7th
edition, Addison Wesley, USA, 2000
[16] Schneier B., Applied Cryptography, 2nd edition, Wiley
& Sons, USA, 1996
[17] Database Encryption: File Level vs. Column Level
approaches, Vormetric Solution Brief, White Paper,
2007.
[18] William Stallings, Cryptography and Network Security:
Principles and Practice, 2nd edition, Prentice-Hill Inc
1999
[19] Chen G., Chen K., Dong J., “ A Database Encryption
Scheme for Enhanced Security and Easy Sharing”
CSCWD ’06, IEEE Proceedings, IEEE Computer
Society, Los Alamitos.C.A, pp.1-6
[20] He J., Wang M., “ Cryptography and Relational
Database Management Systems, Proceedings of IEEE
Symposium on the International Database Engineering
& Applications, Washington, DC, USA
[21] Database Encryption in Oracle 9i TM , An Oracle
Technical White Paper, 2001
[22] Conway, R.W., Maxwell, W.L. and Morgan, H.L., “On
the implementation of security measures in information
systems.” Communications of the ACM 15(4), 1972,
pp. 211-220
[23] National Bureau of Standards. Data Encryption
Standard. FIPS, NBS (1977)
[24] Damiani, E., De Capitani diVimercati, S., Jajodia, S.,
Paraboschi, S. and Samarati, P.: “Balancing
Confidentiality and Efficiency in Untrusted Relational
DBMSs.”, CCS’03, Washington 2003, pp. 27–31
[25] Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G. and
Wu, Y. , “ A Framework for Efficient Storage Security
in RDBMS.”, E. Bertino et al. (Eds.): EDBT 2004,
LNCS 2992 (2004) pp.147–164
Vol. 2, No. 1, January 2010
Authors Profile
Dr. Himanshu Aggarwal, is Associate
Professor in Computer Engineering at
University College of Engineering,
Punjabi University, Patiala. He had
completed his Bachelor’s degree in
Computer Science from Punjabi
University Patiala in 1993. He has more
than 16 years of teaching experience. He
is an active researcher who has
supervised 15 M.Tech. Dissertations and
guiding Ph.D. to 6 scholars and has contributed more than 40
articles in International and National Conferences and 22 papers in
research Journals. His areas of interest are Information Systems,
ERP and Parallel Computing. He is on the review board and
editorial board of several refereed Research Journals.
Kamaljit Kaur is currently working as
Senior Lecturer in RBCEBTW,
Sahauran. She has received her
B.Tech(Hons) degree in CSE from
LLRIET, Moga in 2003. Her area of
interest includes Network security and
Database Management Systems.
Kanwalvir Singh Dhindsa is currently
an Assistant Professor at CSE & IT
department of B.B.S.B.Engg.College,
Fatehgarh Sahib (Punjab), India. He is
M.Tech. from Punjabi University,
Patiala (Punjab) in 2003 and currently
pursuing PhD degree in Computer
Engineering from the same university.
His research interests are Information
Systems, Relational Database Systems and Modelling Languages.
Member of CSI,IEI, ISTE & ACEEE.
Ghanaya Singh is working as Project
Manager (R&D) in Miri Infotech,
Chandigarh. Currently he is leading
Data Masking projects of Dataguise,
U.S.A.