Abstract

Abstract—Database security has become a vital issue in modern Web applications. Critical business data in databases is an evident target for attack. Therefore, ensuring the confidentiality, privacy and integrity of data is a major issue for the security of database systems. Recent high profile data thefts have shown that perimeter defenses are insufficient to secure sensitive data. Encryption is a well established technology for protecting sensitive data, but developing a database encryption strategy must take many factors into consideration. In the case of semitrusted databases where the database contents are shared between many parties, using server-based encryption (server encrypts all data) or client-based encryption (client encrypts all data) is not sufficient to protect semi-trusted databases. This paper presents a practical implementation of field level encryption in the semi-trusted database system by encrypting database content in a mixed form. Our solution is called Mixed Cryptography Database (MCDB), which is based on a columnbased data classification. In this paper, we evaluate the validity and effectiveness of the mixed encryption architecture over the semi trusted database. Also, we make a comparison for query processing performance between our proposed framework, clientbased, server-based encryption approaches and plaintext database. The proposed framework is very useful in strengthening the protection of sensitive data even if the database server is attacked at multiple points from the inside or outside with additional performance cost in the query processing. Index Terms — Database cryptography, server-based encryption, client-based encryption, semi-trusted database, mixed

Citations