Muneeswaran V Research Scholar

Objective

To prevent stealing of data from database by internal persons.

Application Program
Most of the application programs use database / a simple table to store a information. The database hold the values in the form of plain text. We can retrieve the information through a query when we know the user name and password of a particular user.

Database Values
When a person is some knowledge about the database he copy / extract the entire database / table which contains very very confidential / crucial information. The confidential information like credit card number, pin, cvc, net banking userid, password, bank a/c no etc.

Database Values

Database Vendors
Some database vendors were provide a strong security mechanism to access the database. i.e., With out a login and password no one can access the data / retrieve the data. But as a DBA / technician can easily access it. Because he know the admin password while the database is installed in the server.

Todays Need
Today, the confidentiality of the database storage is extremely important. We may protect the database from unauthorized users by having firewall. But quite often it is the people who are working in the system who can siphon off the data using gadgets like CD, USB drives etc. Hence it is imperative that their data while being copied on to various devices must be in encrypted form so that is cant be used by anybody.

Encryption

Encryption is the conversion of data into a form, called a cipher that cannot be easily understood by unauthorized people.
Public key Encryption (Asymmetric key Cipher)

Private Key Encryption (Symmetric key Cipher)

Public key Encryption

After Encryption database values

View Database Values

Conclusion
This paper attempts to explore the storage of confidential data in an encrypted form and will prevent any copies to decrypt the data except the authorized person who will have the key to decrypt. This will prevent stealing of data by internal persons. This scheme will be useful to protect medical data, design data etc which have more vulnerability for internal theft.

References
JOURNALS R.L.Rivest, A.Shamir, and L.Adelman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, 25th Anniversary Issue, Volume 26, Number 1, pp. 96-99, Jan 1983. Diffie W., and Hellman M., New directions in cryptography. IEEE Trans. Information Theory IT-22, (Nov. 1976), 644-654. A. Selby, C. Mitchell, Algorithms for Software Implementations of RSA, Proc. IEEE., Vol. 136, Pt. Ed. No. 3, pp. 166 170, May 1989 William Stallings, Cryptography and Network Security Principles and Practice, Third Edition, Pearson Education, Chapter 9, Public Key Cryptography and RSA. Bruce Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, Inc., Chapter 19, Public Key Algorithms. Ramez Elmasri, Shamkant B. Navathe, Fundamentals of Database Systems, Fifth Edition, Pearson Education, Chapter 1, Chapter -23, Database Security. WEBSITES : http://www.rsasecurity.com http://www.rsa.com http://cyberlaw.com/rsa.html http://pajhome.org.uk/crypt/rsa/index/html http://www.ssh.com/support/cryptography/algorithms/asymmetric.html http://williamstallings.com/Extras/Security-Notes/lectures/publickey.html

Any Queries..