A New IV-Based Database Encryption Scheme Using TS Block Cipher
Authors
Zailani Mohamed Sidek
Fakulti Sains Komputer dan Sistem Maklumat
c/o Center for Advanced Software Engineering (CASE)
Universiti Teknologi Malaysia
Norbik Bashah Idris
Fakulti Sains Komputer dan Sistem Maklumat
c/o Center for Advanced Software Engineering (CASE)
Universiti Teknologi Malaysia
Harihodin Selamat
Fakulti Sains Komputer dan Sistem Maklumat
c/o Center for Advanced Software Engineering (CASE)
Universiti Teknologi Malaysia
Abstract
Current database security research classify four types of controls for the protection of data in databases: access controls, information flow controls, inference controls, and cryptographic controls. This paper covers the fourth type of controls, cryptographic controls in database security that provides security of data stored in commercial RDBMS like Oracle. The proposed database encryption scheme is based on TS Block and Stream Ciphers, and is capable of protecting data at the data element, row, and column levels using both block and stream encryptions. The design of the scheme's key generation and management system allows the controls of users' access to encrypted data in a multilevel fashion thus provide multilevel security. The scheme solves the problem of mandatory and discretionary access controls in a given organization. The security of the scheme is based on the fact that no cryptographic keys are stored in the database system. All encryption and decryption keys are stored securely in smartcards thus providing minimum cryptographic information to users. The design of the encryption scheme is based on the provably strong ciphers with 128-bit keys which is currently infeasible to be broken even by exhaustive key search. Implementation of the scheme has been conducted sudcessfully in Oracle RDBMS and complements the Oracle encryption security available.
