A New Database Encryption Model Based on Encryption Classes

Bouchti, Karim El; Ziti, S.; Omary, Fouzia; Kharmoum, Nassim

doi:10.3844/jcssp.2019.844.854

Cited by 8 publications

(6 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A digital signature [8] (also known as a public key digital signature) is a digital string that can only be forged by the sender of the information. This digital string is also valid proof of the authenticity of the information sent to the sender of the information.…”

Section: Activation and Bindingmentioning

confidence: 99%

A Blockchain-Based Trusted Upload Scheme for the Internet of Things Nodes

Jiao

Wang

2022

Int. J. Crowd Sci.

View full text Add to dashboard Cite

In recent years, the theory and method of swarm intelligence based on the Internet have become the core research field of the new generation of Internet of Things (IoT). Both play a basic and supporting role in other research fields of IoT. With the popularization and development of crowd network systems, massive swarm intelligence data have brought unprecedented challenges to traditional centralized data management. The most prominent is the aspect of privacy and security. In view of the fact that source data are easy to be tampered with and stolen, and there is a lack of credit guarantee mechanism in information sharing, a blockchain-based trusted uploading scheme of IoT nodes is proposed. It carries out trusted design from three dimensions of node hardware, transmission link, and platform and provides relevant references for similar designs.

show abstract

Section: Activation and Bindingmentioning

confidence: 99%

A Blockchain-Based Trusted Upload Scheme for the Internet of Things Nodes

Jiao

Wang

2022

Int. J. Crowd Sci.

View full text Add to dashboard Cite

show abstract

“…Data encryption at the DBMS level is based fundamentally on its specific encryption model. The management of encryption keys within this model is a crucial point, it defines the ways how keys are generated, stored, and protected [9,10]. Actually, keys values, how users access them, and where they are stored are the ultimate goal of any attacker.…”

Section: Introductionmentioning

confidence: 99%

“…Notwithstanding several DB security studies for improving the concept of encryption keys protection within DBMS, more investigations are required to develop, improve, and provide more security and flexibility to keys protection. Then, as discussed in our previous work presented in [7,10,15], most of the proposed solutions have their advantages and disadvantages. However, to our knowledge, a trusted and simple solution concretized by a real implementation, and adapted to more than one DB encryption model has not yet been proposed.…”

Section: Introductionmentioning

confidence: 99%

New Solution Implementation to Protect Encryption Keys Inside the Database Management System

Bouchti¹,

Ziti²,

Omary³

et al. 2020

Adv. sci. technol. eng. syst. j.

Self Cite

View full text Add to dashboard Cite

Due to the attacks' growth on sensitive databases by deploying advanced tools, beyond access control and authentication mechanisms, the database encryption remains a useful and effective way to ensure robust security of data stored within it. Any database encryption solution is based on a specific encryption model that determines how data is encrypted inside it. A relevant database encryption model must necessarily adopt a strong security policy of data encryption keys. It determines how these keys are generated, stored, and protected. In this work, we will implement an original solution that protects the encryption keys when encrypting data occurred at the Database Management System level. Our solution suggests protecting the keys by their encryption with other ones named Master Keys, which are generated according to the encryption granularity defined by the database encryption model. The proposed solution protects the keys of two database encryption models: at the level of the columns and the level of tables.

show abstract

“…Currently, a penetration to a DB using SQL injection techniques becomes fast and quite simple thanks to specialized tools [10]. Different threats may come from various sources, some from trusted DB users, others from external ones, and some attacks are performed by the DB administrators [1], [2], [3]. Data theft is a dangerous attack.…”

Section: Introductionmentioning

confidence: 99%

“…Despite the efforts made by researchers to improve the protection of encryption keys at the application level, they still need to be developed and improved. The solutions proposed in the literature are not sufficient as well as each solution has its limits, as we have mentioned in our previous works [3], [5], [8]. In addition, the solutions mostly presented are specific in the case when encryption is done at DBMS.…”

Section: Introductionmentioning

confidence: 99%

A New Solution to Protect Encryption Keys when Encrypting Database at the Application Level

Bouchti¹,

Ziti²,

Omary³

et al. 2020

IJACSA

Self Cite

View full text Add to dashboard Cite

Encrypting databases at the application level (client level) is one of the most effective ways to secure data. This strategy of data security has the advantage of resisting attacks performed by the database administrators. Although the data and encryption keys will be necessarily stored in the clear on the client level, which implies a problem of trust viz-a-viz the client since it is not always a trusted site. The client can attack encryption keys at any time. In this work, we will propose an original solution that protects encryption keys against internal attacks when implementing database encryption at the application level. The principle of our solution is to transform the encryption keys defined in the application files into other keys considered as the real keys, for encryption and decryption of the database, by using the protection functions stored within the database server. Our proposed solution is considered as an effective way to secure keys, especially if the server is a trusted site. The solution implementation results displayed better protection of encryption keys and an efficient process of data encryption /decryption. In fact, any malicious attempt performed by the client to hold encryption keys from the application level cannot be succeeded since the real values of keys are not defined on it.

show abstract

A New Database Encryption Model Based on Encryption Classes

Cited by 8 publications

References 11 publications

A Blockchain-Based Trusted Upload Scheme for the Internet of Things Nodes

A Blockchain-Based Trusted Upload Scheme for the Internet of Things Nodes

New Solution Implementation to Protect Encryption Keys Inside the Database Management System

A New Solution to Protect Encryption Keys when Encrypting Database at the Application Level

Contact Info

Product

Resources

About