DBCrypto: A Database Encryption System using Query Level Approach

Abstract

Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data and because curious or malicious administrators may capture and leak data. DBCrypto provides practical and provable confidentiality to the database by using queries. The proposed system is a middleware between user application and DBMS. The encrypted data is stored in tables by preserving its format and decrypted data can accessible to the user through regular queries. The various encryption and decryption algorithms are implemented at Query Level to secure the data from malicious administrator or from information leak.

References

• . Korth Henry F. , Silberschatz Avi, Sudarshan S. , Database System Concepts 5th Edition
• . Stallings William Cryptography and Network Security
• . Cryptographic Checksum for Multilevel Database Security. US Army of Airforce 1987.
• . Popa Raluca, Catherine M. S. , Zeldovich Nickolai, Balakrishnan Hari 2011. CryptDB: A practical encrypted relational DBMS.
• . Popa Raluca, Catherine M. S. , Zeldovich Nickolai, Balakrishnan Hari 2011. CryptDB: Protecting Confidentiality with Encrypted Query Processing . In Proceeding of 23rd ACM Symposium on Operating Systems Principles(SOSP 2011),cascais,Portugal,October 2011
• . Curino Caralo, Jones Evan P. C. , Popa Ada Raluca Malviya Nimesh, Wu Eugene, Madden Sam, Balkrishnan Hari & Zeldovich Nickolai. January 2011 Relational Cloud: A Database-as-a-service for the cloud. In proceedings of 5th biennial conference on innovative data systems data research (CIDR 2011).
• . V. Narmada, B. Narasimha Swamy, D. Lokesh Sai Kumar, 2011 An enhanced security algorithm for distributed databases in privacy preserving databases. International Journal of Advanced eng. Sciences and Technologies Vol No. 8 Issue No2. 2 page no 219-225
• . TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks, 2011 Kai-Xiang Zhang,Chia-Jun Lin, Shih-Jen Chen, Yanling Hwang, Hao-Lun Huang, Fu-Hau HsuFirst International Conference on Robot, Vision and Signal Processing
• . Kim Geom-Go, May 23 2011, Injection Attack Detection using the Removal of SQL Query Attribute Values. IEEE International Conference on Information Science And applications(ICISA 2011) Page 1-7
• . Desai Anand 2011 New Paradigms for Constructing Symmetric Encryption Schemes Secure Against Chosen-Cipher text Attack, Crypto 00' Proceeding of 20th annual cryptology Conference on Advanced Cryptography Springer Varlang London 2000
• . Marten van Dijk, Gentry Craig, Halevi Shai, VaikuntanathanVinod December 11, 2009 Fully Homomorphic Encryption over the Integers
• . Zheli Liu, ChunfuJia, Jingwei Li, Xiaochun Cheng 2010 Format-Preserving Encryption For Date Time IEEE International Conference on Intelligent computing and intelligent Systems(ICIS) Pages 201-205
• . XuRuzhi, Guojian, Deng Liwu A Database Security Gateway to the Detection of SQL Attacks, 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE)
• . Bellare Mihir, Ristenpart Thomas, Rogaway Phillip, Stegers Till . Format-Preserving Encryption Dept. of Computer Science & Engineering, UC San Diego, La Jolla, CA 92093, USA Dept. of Computer Science, UC Davis, Davis, CA 95616, USA 2009
• . Mattsson Ulf T. Format-Controlling Encryption using Data type-Preserving Encryption. 2009 IACR Cryptography e-Print Archive
• . MySQL Reference Manual 5. 5

Index Terms

Keywords