A New Database Encryption Model Based on Encryption Classes
Total Page:16
File Type:pdf, Size:1020Kb
Journal of Computer Science Original Research Paper A New Database Encryption Model Based on Encryption Classes Karim El Bouchti, Soumia Ziti, Fouzia Omary and Nassim Kharmoum Department of Computer Science, Intelligent Processing Systems & Security Team, Faculty of Sciences, Mohammed V University in Rabat, Morocco Article history Abstract: Data encryption is one of the advanced measures used to Received: 30-03-2019 consolidate data security inside Databases. It is an essential technique to Revised: 17-05-2019 protect data against theft, disclosure or modification from different typologies Accepted: 25-06-2019 of attacks. In this work, we will propose a new database encryption model. It Karim El Bouchti is based on a novel concept called "Encryption Classes". The proposed model Department of Computer is full compared to the existing models; it integrates many security Science, Intelligent Processing mechanisms starting from the keys generation and their protection until the Systems and Security Team, data encryption. Furthermore, our proposed model performed a new feature Faculty of Sciences, which is the Database structure encryption. Mohammed V University in Rabat, Morocco Keywords: Database Security, Database Security Model, Data Security, E-mail: [email protected] Computer Security, Database Encryption Model, Database Encryption Introduction The DBs encryption is based on developing efficient encryption models. A relevant model must meet criteria Recently, the security of databases (DB) has been such as encryption granularity level, efficient encryption subject of multiple studies and researches conducted by keys management and high performance (Shmueli et al., the computer security worldwide community; it aims to 2014; Elovici et al., 2018). In the literature, several DB protect sensitive data stored in centralized or distributed encryption models have been proposed. The most relevant DB against attacks from malicious entities (Elbouchti et is the work developed by Elovici et al. (2018) and Shmueli al., 2018). The conventional solutions and mechanisms et al. (2014). They suggested a model that protects data to secure DB are based on the implementation of three confidentiality and integrity using the DB cell coordinates. security levels: 1/-Physical security level, 2/-Operating In order to improve the performance, they implemented this system security level, 3/- Database Management System model in the DBMS just above the DB cache. Their (DBMS) security level (Elovici et al., 2018). The access approach uses a single encryption key with a single control mechanism implemented inside the DBMS level algorithm. Also, Sesay et al. (2005) presented another is considered as a strong means that controls the access model that classifies data and users according to categories. of subjects (users) to DB objects; it includes The level of encryption and keys generation is determined identification, authentification and auditing. Although according to these categories. This approach uses a single this mechanism consolidates the DB security, it doesn't encryption algorithm and the encryption keys are generated protect against administrator attacks. Furthermore, it is from a master key which is stored in a tamper-proof ineffective against DBMS bugs and physical access controller. Another multi-level DB model with its prototype attacks as theft or destruction of data (Elbouchti et al., has been proposed by Sallam et al. (2012). It allows the 2018; Jacob, 2012). insertion of an encryption system at the top of the multi- DB encryption is one of the necessary security level DB. This solution will reduce the DB size and measures to implement beside the access control improve queries performance. mechanism. It can be implemented on several levels: Any DB encryption model is limited by the policy of application, DBMS and hard disk (Shmueli et al., 2010; generation and protection of the encryption keys. Getting Mattsson, 2005). For example, in a cloud, encryption is a the encryption keys is the ultimate goal of any attacker. crucial operation that ensures confidentiality and Besides the standard keys protection approaches presented integrity of data exported to external service providers. in (Bouganim and Guo, 2009; Jacob, 2012), we have Several architectures using encryption inside clouds have proposed in our previous published work, new models to been developed (Ma et al., 2018; Chen et al., 2018) protect encryption keys according to encryption © 2019 Karim El Bouchti, Soumia Ziti, Fouzia Omary and Nassim Kharmoum. This open access article is distributed under a Creative Commons Attribution (CC-BY) 3.0 license. Karim El Bouchti et al. / Journal of Computer Science 2019, 15 (6): 844.854 DOI: 10.3844/jcssp.2019.844.854 granularity level (El Bouchti et al., 2018). In another Internal attack: This attack is made by a person work, we have proposed another model to protect keys who belongs to the group of trusted users of the against internal attacks when the encryption is performed DB. He may try to obtain information beyond his at the application level (El Bouchti et al., 2019). access rights (El Bouchti et al., 2019) Despite the efforts made by researchers to improve DB External attack: This attack is done by a person encryption models, these latters still need to be developed to outside the DB's users group. In this case, this provide more security. Developing a model meeting the person has access to a computer system and three criteria that were raised at the beginning of this attempt to extract sensitive information introduction is not enough. It must be accompanied by other (Zabihimayvan and Doran, 2019) mechanisms and features which strengthens more data Administrator attack: This attack is performed security, such as the use of multiple algorithms to encrypt by the DB administrator. He has specific rights data, create a method to encrypt data with multiple key and super privileges on it. This allows him to values according to a level of encryption granularity (cell, extract or alter sensitive and valuable information column, ....) or according to data sensitivity level (public, (Priebe et al., 2018) secret, top secret, ....). In addition, it must include an approach of keys protection within DB server to avoid costs The strategies and means deployed by attackers are and risks associated with managing this protection outside multiple because they can be located at any level of the the server (Itamar et al., 2018; El Bouchti et al., 2018). three typologies level already discussed. In many cases, the attacker's strategies may exceed the forecasts of the Unfortunately, the combination of all these elements in a DB security administrators. Thus, we can also single encryption model was not addressed inside works distinguish between: that we presented previously as well as in other works not mentioned in this article. Direct Attacks: If the attacker has physical access In this context, our work aims to propose a new DB to the data, then the mechanisms of access controls encryption model called "Full Encryption Model". Our are useless and he can attack stored data. The theft model offers a complete set of security mechanisms to data or removal of DB support is just an example of this compared to models proposed in the literature. It is based attack type on the use of a novel concept called "Encryption Classes". Indirect attack: The attacker can access to the DB The "Full Encryption Model" is composed of four models: data dictionary and retrieve some information The data encryption model, the DB structure encryption relating to columns, tables and DB structure scheme, model, the encryption keys generation model and the in order to deduct statistics to estimate data Master Key generation model. Our model encrypts data distributions (Liu and Gai, 2008) according to a classification of the sensitive columns. This latter allows the encryption/decryption only of these Memory attack: It is the most sophisticated DB columns when queries execution. This concept will attack. The attacker can directly access the DB improve extremely the queries performance as well as server memory via advanced tools and steal some offers perfect optimization of the DB size. Comparing to data or encryption keys other existing models, the "Full Encryption Model" allows The Database Protection using Encryption encrypting data with multiple algorithms and encryption keys according to data sensitivity. In addition, the protection It is possible to implement four levels of security to of encryption keys is performed by their encryption using ensure the DB security (El Bouchti et al., 2018; Elovici multiple other keys called "Master Keys". et al., 2019): Our work will be organized as follows: section 2 consists of giving a general overview of DB attacks Physical security level models. We will also demonstrate the utility to encrypt Operating system security level DB structure. Section 3 describes the «Full Encryption Database Management System security level Model» and explains the role of each model that composes Data encryption level it. In section 4, we present and discuss the results of tests The interest of the first three security levels is made on all models described in previous sections. evident. The description of their utilities is not the subject of this work. The implementation of the fourth Database Encryption Preliminaries level (data encryption) offered by the DBMS is essential, Database Models Attacks especially in the case of internal or administrator