Системи управління, навігації та зв'язку, 2020, випуск 3(61) ISSN 2073-7394

УДК 004.75 doi: 10.26906/SUNZ.2020.3.104

Ye. Shcherbinina, B. Martseniuk, A. Filonenko

National Technical University "Kharkiv Polytechnic Institute", Kharkiv, Ukraine

DATABASE SECURITY AND STUDY

OF DATA ENCRYPTION METHODS IN CLOUD STORAGE
Ab s t r a c t. Purpose of the article is discusses the importance of database encryption and makes an in depth review of
various encryption techniques. Security of Data is the most important task in today’s world. Governments, companies and
other organizations have lost a lot of money and many others have closed down due to the activities of dubious hackers and
attackers. Over the years various encryption schemes have been developed in order to protect the database from various
attacks by the intruders. As data is the life wire of every organization, there is the need to remotely and securely store the
data generated daily by these organizations in order to enable them recover quickly in the event of attach and hack. Cloud
storage is needed here for the remote data storage. For many establishments, data security is one of their major concern
when sending their files into the cloud. They worry about their files being seen or even compromised by malicious and
dubious people because that’s what happened in the past. Data encryption techniques are required to protect the integrity of
the stored data. In the past, many businesses felt comfortable allowing the cloud providers to manage all their data,
believing that security risks could be managed through contracts, controls and audits. Over time it has become apparent,
however, that cloud providers cannot honor such commitments when responding to government requests for information.
This paper discuses, the importance of database encryption and makes an in depth review of various encryption techniques.
K e ywor d s : Encryption, Cryptography, Hashing, Database, Cloud Storage, Cipher text.

get to the database of the system; due to encryption he

Introduction should not be able to misuse the data in the database.
In this age of technology, all our work is being Fig. 1, shows basic working of the database
done by the computers. From chatting with friends on encryption and decryption process. The plain text/data
social networking websites, to making online payments to be saved in the database is first converted into cipher
through Net Banking, everything is being done online text using an appropriate algorithm and a specific key.
through computers. Since these facilities are efficient Then this cipher text is saved into the database. When
and make our work easy we use them in one way or the the user wants to extract the data from the database, the
other. This means to use these online services we are cipher text is converted back to plain text using the
storing all our personal and sensitive data in the decryption algorithm and the same key used in
databases of these websites and applications, which encryption. This will return the plain text to the user,
indeed make this data prone to various security threats. when requested. Database Encryption can be done in
So protection of this important user data is one of the two possible ways.
major priority, in order to avoid any misuse of data [1]. Encryption: It is a process in which plain text is
Cloud Storage is a system whereby data is converted to cipher text with help of key, and then using
remotely stored, maintained, managed, and backed up. the same key we can decrypt the cipher text back to plain
The service is available to users over a network, which text [3]. Encryption is performed using various algorithms,
is usually the internet. Important way of protecting this with each algorithm having his own advantages and
data is by encrypting the data being saved in the disadvantages. Most commonly used encryption
databases of these websites. algorithms are DES, RC2, AES128, AES 256 etc. Fig. 2, a
What is the need of encrypting the data. The shows working of simple encryption process.
need of encrypting the data before saving it in a Hashing: It is a one way process, in which plain
database is that by restricting the access through text is convened into hashed value(encrypted form).
authorization and authentication of data can help to a Once the data is hashed using a Hash Function it cannot
certain limit, but what if the intruder somehow gets to be changed back to plain Text [3]. Generally this
the database. He has all the data of database and can approach is used for password encryption, whenever we
misuse it as he likes, here encryption of data before need to login the password entered is encrypted using
saving it in database comes into play. If the data is hash function and then matched with the password
encrypted before saving it in the database, even with stored in the database which is already in encrypted
access to the database the intruder cannot misuse this form, if both matches the user get access else it gets the
data. So the purpose of the article is, discusses the message of invalid username/password. Most
importance of database encryption and makes an in commonly used Hash Functions are MD4, MD5, SHA,
depth review of various encryption techniques. SHA-1 etc. Fig. 2, b shows working of hashing.
Database encryption Cloud data encryption
Database Encryption is a process of encrypting the Cloud encryption is a service offered by cloud
data in the database [2]. It is a key strategy to protect the storage providers whereby data, or text, is transformed
contents of data within the database. The main idea using encryption algorithms and is then placed on a
behind this is that incase the intruder somehow is able to storage cloud.

104 © Shcherbinina Ye., Martseniuk B., Filonenko A., 2020

 Інформаційні технології

Plain Text that is to be Cloud data encryption methods

saved in the Database
Block Ciphers and Stream Ciphers. One of the
main categorization methods for encryption techniques
Encryption Algorithm with
commonly used is based on the form of the input data
Key they operate on. The two types are Block Cipher and
Stream Cipher. This section discusses the main features
in the two types, operation mode, and compares
Data in Encrypted form between them in terms of security and performance.
Block Cipher. In this method ciphering, data is
encrypted and decrypted if data is in from of blocks. In its
Data in simplest mode, you divide the plain text into blocks which
Data in Encrypted form Encrypted form saved
in Database
arc then fed into the cipher system to produce blocks of
cipher text. ECB(Electronic Codebook Mode) is the basic
form of block cipher where data blocks arc encrypted
directly to generate its correspondent ciphered blocks.
Stream Ciphers. Stream cipher functions on a
stream of data by operating on it bit by bit. Stream
cipher consists of two major components: a key stream
Decryption Algorithm with generator, and a mixing function. Mixing function is
Same Key
usually just an XOR function, while key stream
generator is the main unit in stream cipher encryption
technique. For example, if the key stream generator
Plain Text to be used by
User
produces a series of zeros, the outputted ciphered stream
will be identical to the original plain text.
Fig. 1. Database Encryption and Decryption Process Symmetric and Asymmetric encryptions. Data
encryption procedures are mainly categorized into two
categories depending on the type of security keys used to
encrypt/decrypt the secured data. These two categories are:
Asymmetric and Symmetric encryption techniques.
Symmetric Encryption. In this type of encryption,
the sender and the receiver agree on a secret (shared)
key. Then they use this secret key to encrypt and
decrypt their sent messages. Fig. 3, a shows the process
of symmetric cryptography. Node A and B first agree on
the encryption technique to be used in encryption and
decryption of communicated data. Then they agree on
the secret key that both of them will use in this
a b connection. After the encryption setup finishes, node A
Fig. 2. Working of Encryption (a)  Hashing (b) Process starts sending its data encrypted with the shared key, on
the other side node B uses the same key to decrypt the
It is the transformation of a cloud service customer's encrypted messages.
data into cipher text. Cloud encryption is almost identical The main concern behind symmetric encryption is
to in-house encryption with one important difference -- how to share the secret key securely between the two
the cloud customer must take time to learn about the peers. If the key gets known for any reason, the whole
provider's policies and procedures for encryption and system collapses. The key management for this type of
encryption key management. The cloud encryption encryption is troublesome, especially if a unique secret
capabilities of the service provider need to match the key is used for each peer-to-peer connection, then the
level of sensitivity of the data being hosted. Because total number of secret keys to be saved and managed for
encryption consumes more processor overhead, many n-nodes will be n(n-1)/2.
cloud providers will only offer basic encryption on a few
database fields, such as passwords and account numbers
[4]. At this point in time, having the provider encrypt a
customer's entire database can become so expensive that
it may make more sense to store the data in-house or
encrypt the data before sending it to the cloud. To keep
costs low, some cloud providers have been offering
alternatives to encryption that don’t require as much a b
processing power. These techniques include redacting or Fig. 4. Symmetric (a) & Asymmetric (b) Encryption
obfuscating data that needs to remain confidential or the
use of proprietary encryption algorithms created by the Asymmetric Encryption. It is also known as Public
vendor [5]. Key Cryptography (PKC), because users tend to use two

105
Системи управління, навігації та зв'язку, 2020, випуск 3(61) ISSN 2073-7394
keys: public key, which is known to the public, and ciphertexts in the different attack models. Once again
private key which is known only to the user. Fig. 3, b we see that there is no Semantic Security without
below illustrates the use of the two keys between node A probabilistic encryption. This is especially true in the
and node B. After agreeing on the type of encryption to public-key setting, since every principal has access to an
be used in the connection, node B sends its public key to encryption function for every other principal, by
node A. Node A uses the received public key to encrypt definition. Especially when the space of possible
its messages. Then when the encrypted messages arrive, messages is small, it is easy to simply check all
node B uses its private key to decrypt them. messages under the encryption function to figure out
This capability surmounts the symmetric encryption what has been encrypted.
problem of managing secret keys. But on the other hand,
this unique feature of public key encryption makes it Conclusions
mathematically more prone to attacks. Moreover, With advancement in Technology, nowadays
asymmetric encryption techniques are almost 1000 times everything is being done with computers, so security of
slower than symmetric techniques, because they require these data in the database becomes an important issue.
more computational processing power. To get the Many researchers have worked on this thing and
benefits of both methods, a hybrid technique is usually proposed various algorithms and architectures. Each
used. In this technique, asymmetric encryption is used to scheme has its own advantages and disadvantages. But
exchange the secret key, symmetric encryption is then none of them is fully secure, and contain certain
used to transfer data between sender and receiver [6]. loopholes or demerits with can be used by the attackers
For example, in an open system, given any two and the intruders to get access of the database. So there
principals X and Y, X should be able to encrypt a is a scope of improvement in this area.
message that can only be decrypted by Y. If there is Many research problems are yet to be identified.
some binding established between principal identities Cryptographic techniques are used to provide secure
and public keys, then these operations can easily be communication between the user and the cloud.
performed. A naive scheme might function as follows: Symmetric encryption has the speed and computational
principal X looks up public key Ky for principal Y and efficiency to handle encryption of large volumes of data
uses it to compute an encryption for Y using some in cloud storage. This paper proposed a symmetric
trapdoor function c  f KY (m) ; then Y, on receipt of encryption algorithm for secure storage of cloud user
data in cloud storage. The proposed encryption
this message computes f 1k y (c)  m . algorithm is described in detail and the decryption
But there's a significant problem with this scheme process is reverse of the encryption. This algorithm is
given our definitions of security for shared-key used in order to encrypt the data of the user in the cloud.
encryption: it doesn't satisfy Semantic Security, since Since the user has no control over the data once their
it's trivial for an adversary to compute session is logged out, the encryption key acts as the
fK y (m) and fK y (m) and compare them against given primary authentication for the user.
REFERENCES
1. Baraani-Dastjerdi, Ahmad, Josef Pieprzyk, and Reihaneh Safavi-Naini. "Security in databases: A survey study." Department
of Computer Science, The University of Wollongong (1996).
2. Denny Cherry and Thomas Larock, “2 - Database Encryption, In Securing SQL Server”, edited by Denny Cherry, Thomas
Larock, Syngress, Boston, 2011, Pages 27-71, ISBN : 9781597496254.
3. Kessler, Gary C. "An overview of Cryptography." (2003).
http://www.sciencedirect.com/science/article/pii/B97815974962541000 22).
4. Vamsee Krishna, Yarlagadda And Sriram Ramanujam, ―Data Security in Cloud Computing‖, Journal of Computer and
Mathematical Sciences, Vol.2 (1), pp 15-23, 2011.
5. Peter Mell, Tim Grance, ―Effectively and Securely Using the Cloud Computing Paradigm‖, NIST, Information Technology
Laboratory, http://www.csrc.nist.gov/groups/SNS/cloud-comput ing/cloudcomputingv26.ppt. 2009.
6. Eman M.Mohamed, Hatem S.Abdelkader and Sherif El-Etriby, ―Data Security Model for Cloud Computing‖, The Twelfth
International Conference on Networks, ISBN: 978-1-61208-245-5, pp 66-74, 2013.
Received (Надійшла) 30.07.2020
Accepted for publication (Прийнята до друку) 09.09.2020

Безпека бази даних і вивчення методів шифрування даних в хмарному сховищі

Є. М. Щербініна, Б. В. Марценюк, А. М. Філоненко
Ан от а ц і я . Мета статті – об проаналізувати питання щодо важливості шифрування бази даних та зробити глибокий
огляд різних методів шифрування. Безпека даних - найважливіше завдання в сучасному світі. Влада, компанії та інші
організації втратили багато грошей, а багато інших закрилися, через діяльність хакерів і зловмисників. За минулі роки були
розроблені різні схеми шифрування для захисту бази даних від атак зловмисників. Оскільки дані - це життєвий канал
кожної організації, існує потреба в безпечному зберіганні даних, щодня генерованих цими організаціями. Хмарне сховище
необхідно для віддаленого зберігання даних. Для багатьох підприємств безпека даних є однією з основних проблем при
відправці файлів в хмару. Вони турбуються про те, що їх файли будуть переглянуті або навіть скомпрометовані. Для
захисту цілісності даних, що зберігаються, необхідні методи шифрування даних. У минулому багато компаній відчували
себе комфортно, дозволяючи постачальникам хмарних послуг управляти всіма своїми даними, вважаючи, що ризиками
безпеки можна керувати за допомогою контрактів, засобів контролю і аудиту. Однак з часом стало очевидно, що
постачальники хмарних послуг не можуть виконувати такі зобов'язання. У цьому документі обговорюється важливість
шифрування бази даних і дається детальний огляд різних методів шифрування.
К лю чов і с лов а : шифрування, криптографія, хешування, база даних, хмарне сховище, зашифрований текст.

106