Professional Documents
Culture Documents
Abstract: Information is a vital asset for any organization or a employed; Operating system security where database can be
business and is crucial to their profitability. Important records protected using system passwords and kernel protection.
detailing company user’s history, products and supplier DBMS (Database Management System) security [2]
information or any confidential information is stored in and provides protection to secured information by means of
retrieved from a database which makes it a foundation of
access rights and granting of privileges to required
business systems. Protecting database is increasingly important
and difficult. The sensitive data in the database is the target to authorized account. Data encryption is beneficial against all
attackers. To properly maintain the integrity and confidentiality the above approaches as in above techniques the data resides
of data, database security becomes one of the most urgent in the database in its original form and anyone who gets to
challenges in database research. One of the requirements for the data can read the contents; but incase we use the
database security is Database Encryption with which data is encryption approach the information is stored in disguised
encrypted as it moves across networks and as it sits at rest, in way.
storage on database systems.
The proposed research is to secure the numeric data in the
databases. It presents a practical solution to the problem in the 2. Numeric Data Encryption with Standard
existing standard algorithms where numeric data is converted to Encryption Algorithms
binary or alphanumeric type and hence encrypted data is not
possible to be stored in the existing numeric column. The 3Kdec Nowadays all the database systems supports the standard
algorithm allows record level encryption that encrypts numeric encryption algorithms like AES, DES, TRIPLE DES, RC2,
data and gives numeric encrypted value, hence eliminating the RC4 and others.
need to change the data type of column. Besides many benefits, these have some limitations when
used to encrypt numeric columns in database. These
Keywords: Block Cipher, Encryption, Decryption, Symmetric algorithms need to change the data type of the column in
Encryption, Substitution Box.
order to save the encrypted result.
So, we propose a simple yet secure and efficient algorithm
which preserves the schema of our database by not changing
1. Introduction
the data type of the encrypted data.
Database is an important part of any management and
information system. It allows the information to be sorted, 3. Numeric Data Encryption with 3Kdec
searched, viewed, and manipulated according to the Algorithm
business needs and goals [15]. Efficient database
management capabilities are crucial for the existence of 3Kdec is a Symmetric key Block encipherment algorithm.
many businesses. So the information in the databases needs 3Kdec [8] aims to provide a simple and efficient method for
to be secured. The sensitive data of database has to be database encryption, overcoming the shortcomings of the
secured from the vulnerabilities of the outside world along prior database encryption methods with an objective to
with the internal breaches. Database security methods can suggest how to encrypt the entire contents of the database
be divided into four layers [18]: Physical security where without changing its structure. It provides a method of
using security alarms, locks and human guarding can be decrypting only the data of interest, wherein queries are not
104 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010
changed because of the encryption, ensuring that existing appears as if the encrypted data is itself the original
applications can use the encrypted database without the need content.
for any changes in the application software. 2) As the number of keys are more and hence the key
Key Components of 3Kdec Algorithm: combination increases to 10 27 which makes guessing of
Numeric data to be encrypted. keys harder.
Three keys 3) As S-Box has simple structure and variable entries so
Substitution Box (commonly referred as S-Box) and an the 3Kdec algorithm can be used as Personal
inverse S-box Encryption Algorithm where different encryption
processes can be carried out with varying degree of
3.1 Algorithm Operations complexity depending on the user requirements.
3KDec works in the following steps in sequence for set 4) Since 3Kdec Algorithm encrypts numeric to numeric
number of rounds as illustrated in Figure 1. data, encrypted data is possible to be stored in the
1) Key Expansion existing numeric field thereby algorithm does not
The single key of the three keys are expanded to as many as change the data field type and set fixed data length.
three keys summing up the total of nine keys to be used in
the maximum nine rounds. 4. Comparison of Existing Standard
2) Find and Substitute Encryption Algorithms with 3Kdec
In this step, the digit to be encrypted is found and Algorithm
substituted independently to provide the confusion effect.
There is no fixed mechanism or any mathematical
correlation in the formation of S-box. The entries of S-box SQL Server is used to compare the existing standard
can be different in different encryption processes. encryption algorithms with 3Kdec algorithm.
So the simple structure and variable entries of Substitution 4.1 Existing Standard Encryption Algrithms
Box makes the algorithm eligible to be used as a Personal
When numeric data is encrypted using the standard
Encryption Algorithm where different S-Box variants can be
encryption algorithms, it gets converted to the binary or
used in encryption process depending on the party we are
alphanumeric data because of the various linear and non
dealing with and the varying complexity levels can be set
linear components of the algorithm. Hence, encrypted data
according to our needs.
is not possible to be stored in the existing numeric column.
Output after encryption The below query encrypts the numeric column IntCol and
stores the result in another numeric column EncryptIntCol.
Figure 1: Illustration of 3Kdec Algorithm Working UPDATE TestTable
SET EncryptIntCol =
3) Row Shift ENCRYPTBYKEY(KEY_GUID('TestTableAESKey'),
This transformation step shifts towards the left. The number CONVERT(nvarchar(100),IntCol))
of shifts depends on the row number of the matrix. This
means that the first row of matrix is shifted zero times, On selecting the values from the TestTable using the query
second row of matrix is shifted one time and the third row is below it is found that the encrypted value can not be
shifted two times towards the left. decrypted to its original value due to the fact that encrypted
During the decryption process, the Inverse Row Shift value was converted to numeric when it was saved to a
process is carried out and the shifting is done towards the numeric column which resulted in data loss.
right. The number of shifts is same as the row number.
4) Add Set Key SELECT IntCol, EncryptIntCol,
With each round the matrix is added using XOR operation CONVERT(int,CONVERT(nvarchar(max),
with the above expanded keys. This means during first DECRYPTBYKEY(CONVERT(varbinary(max),
round of encryption Key 10 is used. In the next round Key 11 EncryptIntCol)))) DecryptIntCol FROM TestTable
and then Key 12 and so on.
3.2 Strengths of 3Kdec Algorithm
1) As the encryption is from numeric to numeric; one
cannot know that the information is encrypted. It
(IJCNS) International Journal of Computer and Network Security, 105
Vol. 2, No. 1, January 2010
To solve this problem it is required to save the encrypted SELECT IntCol, EncryptIntCol,
Encr3KeyDec.dbo.Decrypt3KDec(EncryptIntCol)
data in a binary column. The query below updates the
DecryptCol
numeric column IntCol and saves data in the Binary column
FROM TestTable
EncryptBinaryCol.
UPDATE TestTable
SET EncryptBinaryCol =
ENCRYPTBYKEY(KEY_GUID('TestTableAESKey'),
CONVERT(nvarchar(100),IntCol))
SELECT IntCol, EncryptBinaryCol, So the numeric column can be directly encrypted and
CONVERT(nvarchar(max), updated. It can be again directly decrypted without any
DECRYPTBYKEY(EncryptBinaryCol)) DecryptCol FROM change in the schema of the table.
TestTable
Query below shows the operation of encryption and
decryption using 3KDec:
UPDATE TestTable
SET IntCol = Encr3KeyDec.dbo.Encrypt3KDec(IntCol)
4.2 Problems with the Change of Datatype: SELECT IntCol FROM TestTable
1) Database can not be used with its original application
because many of the queries using the encrypted column
will fail.
2) Queries using numeric functions on the encrypted
column will fail
3) Queries using numeric aggregate functions on the
encrypted column will fail
4) Numeric validations applied by application on the data
will fail resulting failure of application Figure 7: Result of above Select query
4.3 Solution with 3kdec Algorithm As the encrypted data is numeric and the data type of the
column encrypted remains unchanged so it can be still used
106 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010
with the original application for which the database was corporate secrets – is present in form of data. For computers
designed. and networks which store and transfer this data, it is just
3Kdec algorithm allows the numeric functions, aggregate numbers. It is for us to realize the damage this data can do if
functions, range queries to be directly applicable on the it falls into the hands of an unscrupulous person. Whether
encrypted data without decrypting the operands. the data is on your laptop, desktop, or on an organizations
storage network, it must be secured and should not come in
the hand of an unauthorized entity. Proper access control
5. Results and Discussions mechanism should be enforced for securing the data. While
in motion, data should be well protected. It is advisable to
Table 1: Comparison of Standard Encryption Algorithms
encrypt the data before putting it on a network even if it
with 3Kdec Algorithm
passes through a secure channel. The proposed algorithm
S. No Standard Encryption
can be implemented for securing any corporate related
Algorithms like 3Kdec Algorithm
accounting information to data of personal use. This
AES, DES, Triple
DES, etc algorithm currently works on maximum of 9 digits and
Symmetric Block Symmetric Block Cipher output can also go up to 9 digits which limit its use which
I. Cipher needs to be extended. It does not take into consideration the
concept of various numeric data types available and decimal
Granularity: Record Granularity: Record point numeric data which opens up another area of research
6. Oriented Oriented
and improvements.
Each cell and column Each cell and column
7. can be encrypted can be encrypted under References
under different key. different key.
Numeric data is Numeric data is [1] Davida, G.I., Wells, D.L., and Kam, J.B., “A Database
8. converted to Binary converted to Numeric Encryption System with Sub keys.” ACM Trans.
or alphanumeric data data Database System 6, 1981, pp. 312–328.
Operates on Bytes Operates on Decimal [2] Min-Shiang, H.and Wei-Pang, Y., “Multilevel Secure
9. Digits database encryption with sub keys” Data and
Knowledge Engineering 22, 1997, pp. 117–131.
Block Size: Block size: [3] Fernandez, E.B., Summers, R.C. and Wood C.
10. DES:64-bit 9 digits Database Security and Integrity. Massachusetts:
AES:128-bit Addison Wesley, 1980, ch. 2.
Key size: Key Size: [4] Elovici Y, Waisenberg R, Shmueli E, Gudes E, “A
11. DES:56-bit key 9 digits Structure Preserving Database Encryption Scheme.”
Triple DES:168 bits Secure Data Management 2004, Workshop on Secure
AES: 128, 192 or Data Management, Toronto, Canada, August 2004,
256 bits pp.28-40
Variable number of Fixed Nine Rounds [5] Buehrer D, Chang C, “A Cryptographic mechanism for
12. Rounds sharing databases.” The International Conference on
DES:16 rounds Information & Systems.Hangzhou, China,
AES: 9/11/13 rounds 1991,pp.1039-1045
Existence of No Updating Anomalies [6] Kuhn U, “Analysis of a Database and Index Encryption
13. Updating Anomalies Scheme-Problems and Fixes.” Secure Data
Lack of Fulfillment Fulfillment of Management 2006,pp.146-159
14. of validations in validations in [7] Chang C, Chan CW, “A Database Record Encryption
applications. applications as data type Scheme Using RSA Public Key Cryptosystem and Its
is preserved. Master Keys.” The International Conference on
Query Failure ( in No such Query Failure Computer networks and Mobile Computing(ICCNMC),
15. case of query with 2003 ,pp.312-315
numeric functions, [8] Kaur K, Dhindsa K.S, Singh G, “Numeric to Numeric
aggregate functions) Encryption of Databases: Using 3Kdec Algorithm.”
IEEE International Conference IACC 2009, 2009,
pp.1501-1505
From the above comparison, it is clear that the problems
[9] Furmanyuk A, Karpinskyy M, Borowik B, “Modern
faced with the standard encryption algorithms can be
Approaches to the Database Protection.” IEEE
overcome with the use of 3Kdec algorithm. Table1 compares
International Workshop on Intelligent Data Acquisition
their features. and Advanced Computing Systems: Technology and
Applications, 2007,pp.590-593
6. Conclusion and Future Scope [10] Islam N, Mia H.M., Chowdhury I.F.M, Martin M.A.,
Understanding the need to secure your data is the first step “Effect of Security Increment to Symmetric Data
towards securing it. In today’s age every detail – personal to Encryption through AES Methodology.” Ninth ACIS
International Conference on Software Engineering,
(IJCNS) International Journal of Computer and Network Security, 107
Vol. 2, No. 1, January 2010