Upload
hoangkhanh
View
219
Download
0
Embed Size (px)
Citation preview
i
DATABASE ENCRYTPION/DECRYPTION USING AES AND DES
ABDULKADIR ABUKAR HAJI SUFI
UNIVERSITI TEKNOLOGI MALAYSIA
DATABASE ENCRYTPION/DECRYPTION USING AES AND DES
ABDULKADIR ABUKAR HAJI SUFI
A project report submitted in partial fulfillment of the
Requirements for the award of the degree of
Master of Computer Science (Information Security)
Faculty of Computing
Universiti Teknologi Malaysia
JUNE, 2014
iv
ACKNOWLEDGEMENT
First and foremost, I wish to express my sincere appreciation to my thesis
supervisor Dr. Ismail Fauzi Isnin. For his precious guidance, encouragement,
constructive criticisms, advice, knowledge, and motivation. Without his continual
support and interest, this thesis would not have been the same as presented here.
Besides that, I would also like to express my thank you to all my fellow
postgraduate course mates for their support. My sincere appreciation also extends to
all my colleagues, friends and others who have provided assistance at various
occasions. Their views and tips are useful indeed. Unfortunately, it is not possible to
list all of them in this limited space. A very special appreciation goes to all my
family members and my beloved parents for their continual supports (funding and
moral support), love and care.
v
ABSTRACT
The application of database on storing data of computer applications is
nowadays very common. Whether the system is a simple or a complex one, the
security of the data should be remain important if the systems do deal with private
and confidential data. Security countermeasures need to be taken in both whether
before and after the intrusion of the database system. This project focusing on post-
intrusion domain, which the attacker have been successfully access the database file
and the data became exposed to the attacker. Counter measuring this attack, it is
common that the system admin encrypts some columns, that containing private and
confidential data, of the database. Related to that domain, this project goal is to
investigate the computational time performance of two cryptography algorithms
known as AES and DES, on encrypting and decrypting the critical columns of the
databases. In this project, AES and DES algorithms are implemented in a prototype
database-equipped application. The prototype is developed using Microsoft VB.NET
2010 and Microsoft SQL Server. The DES uses 64-bit long plaintext and 56-bit
encryption key (8 bits of parity) and produce output of 64-bit block. The AES in the
other part uses three different key length such as 128, 198 and 256 bits. From the
comparison of results, it is found that the computational time of AES(128-bit) is
faster than the other schemes, followed by the DES(58-bit), AES(198-bit) and
AES(265-bit), subsequently.
vi
ABSTRAK
Penggunaan pangkalan data dalam menyimpan data aplikasi komputer adalah sangat
umum pada masa kini. Sama ada sistem adalah sistem yang mudah atau system yang
kompleks, keselamatan data, kekal penting jika sistem berurusan dengan data
peribadi dan sulit. Langkah-langkah keselamatan perlu diambil dalam kedua-dua kes,
sama ada sebelum dan selepas pencerobohan sesuatu sistem pangkalan data. Projek
ini memberi tumpuan kepada kes selepas pencerobohan, penyerang yang telah
berjaya mencapai fail pangkalan data akan menyebabkan data menjadi terdedah
kepada penyerang. Adalah perkara biasa pentadbir sistem menyulitkan beberapa lajur
jadual data, yang mengandungi data sulit dan persendirian. Berkaitan dengan domain
tersebut, matlamat projek ini adalah untuk menyiasat prestasi masa pengiraan dua
algoritma kriptografi yang dikenali sebagai AES dan DES, dalam menyulitkan dan
menyahsulitkan lajur kritikal dalam pangkalan data. Dalam projek ini, AES dan DES
algoritma dilaksanakan dalam sebuah prototaip system yang menggunakan
pangkalan data. Prototaip ini dibangunkan menggunakan Microsoft VB.NET 2010
dan Microsoft SQL Server. DES menggunakan teks data bersaiz 64-bit dan kunci
penyulitan 56-bit (8 bit pariti) dan menghasilkan output 64-bit blok. AES di pula
menggunakan tiga saiz kunci yang berbeza panjangnya iaitu 128, 198 dan 256 bit.
Dari perbandingan keputusan yang diperolehi, didapati bahawa masa pengiraan AES
(128-bit) adalah lebih singkat daripada skim yang lain. Secara turutannya, AES(128-
bit) diikuti dengan DES (58-bit), AES (198-bit) dan AES (265-bit).
vii
TABLE OF CONTENTS
CHAPTER TITLE PAGE
DECLARATION ii
DEDICATION iii
ACKNOWLEDGMENT iv
ABSTRACT v
ABSTRAK vi
TABLE OF CONTENTS vii
LIST OF FIGURES x
LIST OF TABLES xi
1 PROJECT OVERVIEW
1.1. Introduction 1
1.2. Background of Problem 3
1.3. Problem Statement 4
1.5. Project Objective 4
1.6. Scope of the study 5
1.7. Significance of the study 5
1.9. Thesis Organization 5
2 LITERATURE REVIEW
2.1. Introduction 72.1.1 Type of Database Management System (DBMS) 7
2.2. Electronic Health Private Encryption 8
2.2.1 Encryption Module 11
2.3 Database security 12
2.4 Encryption Level 13
viii
2.4.1 Storage Level Encryption 13
2.4.2 Encryption Database level 14
2.4.3 Application level Encryption 15
2.5 Cryptography Overview 17
2.5.1 Block cipher 18
2.7 Symmetric key cryptography 20
2.8 AES Rijandeal 21
2.10 DES Algorithms 27
2.23 Existing Database Solutions 32
2.24 Summary 35
3 RESEARCH METHODOLOGY
3.1 Introduction 36
3.2 Operational Framework 37
3.2.1 Phase 1: Literature Reviews 38
3.2.2 Phase 2: Study Design and Analysis 40
3.2.2.1 System Requirement 41
3.2.2.2 System Analysis and Design 41
3.2.3 Phase 3 : Database Structure Design 41
3.2.4 Phase 4 : Implementation and Testing 42
3.2.4.1 Test Application Program 43
3.2.4.2 Evaluate Time 43
3.3 Summary 44
4. ANALYSIS AND DESIGN
4.1 Introduction 45
4.2 Analysis and Design 46
4.3 System Design for Encryption 47
4.4 Implementation AES Algorithms
and DES Algorithms 50
4.5 Insert Data and Retrieving 51
4.5.1 AES Algorithms Code 51
4.5.2 DES Algorithms Code 52
4.9. Summary 54
ix
5 IMPLEMENTATION AND TEST
5.1. Introduction 55
5.2. DBMS Implementation Details 55
3.3 User Interface 56
3.4 Record Insertion 57
3.5 Data Encryption 58
3.5.1 Output of AES Encryption 59
3.5.2 Output of DES Encryption 59
5.6 Performance Comparison with existing Solutions 62
5.7 Summary 63
6 CONCLUSION
6.1 Introduction 64
6.2 Implementation 64
6.4 Study Contribution 65
6.5 Further Work 66
REFERENCE 68
APPENDIX 72
x
LIST OF FIGURES
FIGURE NO TITLE PAGE NO
2.1 Overview of the encryption infrastructure 12
2.2 Storage-level encryption 14
2.3 Encryption Database Level 15
2.4 Three options for database encryption level 16
2.5 Encryption and decryption processes to
transform into cipher-text and plain-text
18
2.6 A simple model of symmetric key
cryptography
21
2.7 SubByte 22
2.8 ShiftRow 23
2.9 MixColumn 23
2.10 AddRoundKey 24
2.11 AES encryption and decryption 25
2.12 AES S-box 26
2.13 Inverse S-box 27
2.14 The Conceptual Working With DES 28
2.15 Encryption process using two keys
K1 and K2
29
2.16 Decryption process using two keys
K1 and K2
29
2.17 Encryption process Triple DES
with three keys K1, K2 and K
30
2.18 Decryption process Triple DES
with two keys K1 and K2
30
xi
2.19 Encryption with Enhanced DES 31
2.20 Decryption with Enhanced AES 32
3.1 Operational Framework 37
3.2 Literature Review phases 1
Operational framework
38
3.3 Research Framework 39
3.4 Design and Analysis Phase II Framework 40
4.1 Flow Diagram of the Using AES/DES Encrypt 49
4.2 Encryption/Decryption AES Code 51
4.3 Encryption/Decryption DES Code 52
4.4 Insertion Record AES/DES 53
5.1 User Interface 58
5.2 Record Insertion 59
5.3 Result Decryption 61
xii
LIST OF TABLE
FIGURE NO TITLE PAGE NO
1.1 Effect of changing the exponent sizes from
256 (bits) to2048 (bits) on key generation, encryption
an decryption time in Original RSA algorithm
33
2.1 effect of changing the exponent sizes from
256 (bits) to 2048 (bits) on key generation,
encryption and decryption time inthe proposed
algorithm (HE-RSA)
33
2.3 Comparison of various packet sizes for
DES and AES algorithm
34
4.1 Patient A 46
4.2 Patient B 47
4.3 Users 47
5.1 Output of the AES Encryption 60
5.2 Output of the DES Encryption 60
5.3 Result Encryption and Decryption 62
5.4 The comparison between Existed
Result and My result
63
CHAPTER 1
INTRODUCTION
1.1 Introduction
Computers and technology have become a normal part of human life.
Computers have become basic tools of operation in almost every business sector.
With the information load arose the need for information or data processing and
storage which has given rise to powerful database systems for managing business
and other corporate information. The need for the protection of such sensitive data
has also increased the need for security measures including encryption of sensitive
data. This is one of the most current measures which involves conversion of plain
text to cipher text which can then be taken through the decrypting process to restore
the plain text when necessary (Xing-hui, W. and M. Xiu-jun, 2010).
The plan text is only obtainable from the encrypted cipher text with the use of
corresponding database encryption key obtained from selected encryption algorithms
with encryption / decryption engine, and key management (Xing-hui, W. and M.
Xiu-jun, 2010) and assigned to designated users. Hence, illegal possession or access
to the data without the key makes access to the plain text impossible, thereby
enhancing the database security.
2
The techniques and procedures involved in the establishment and
maintenance of keying relationship between authorized parties in an organization is
referred to as key management. According to (Vanastone ,S.A.,Van oorschort ,P.C.
& Menezes ,A 1996), this include initialization of users within a domain, generation,
installation and distribution of keying material, control, update as well as other
processes including storage, back-up and archival.
Symmetric key cryptography makes use of the same key for the twin
processes of encryption and decryption while for asymmetric key cryptography;
different keys are employed for these two purposes. With symmetric key
cryptography, all users use the same key and thus all have equal access to the data.
This reduces the level of security as any act of compromise on the part of any of the
key users compromises the entire data (Van Tilborg and Jojodia 2011).
In public/asymmetric key cryptography, pairs of keys are involved in the
performance of different/inverse operations for example, digital signature creation
and digital signature verification. These key pairs are designated private and public
key. As implied in the designation, the private key resides in the custody of a
designated user and is not accessible to the generality of users apart from situations
where a back-up is kept with another trusted party. The public key on the other hand
is available to all users without exception. Thought these keys are mathematically
related, the information obtainable through such means is insufficient for total
verification by an attacker. This characteristics lends strength to the concept of
asymmetric cryptography which though was introduced since the mid-1970s did not
get enough technological support for functioning until the mid-1990s (Van Tilborg
and Jojodia 2011)
Key management is a critical aspect of a cryptography security system
because each user must be in possession of secret or public key as required. The
system must make provision of the secure generation and distribution of these keys
as well as the capability for verification and management of the secret/private keys
and the ability to verify and manage the keys of other users in a public keys system.
3
These may be in the form of digital certificate. Figure 1.1 provides an overview of
the key management activities according to (Jaworrki, J., Perrone, p & chaganti, v. s
(2000).
1.2 Problem Background
Threats are sources of potential harm that are capable of damaging a system.
They are a major concern in database information systems. Threats could be physical
or logical in nature. Logical threats are software-supported unauthorized access to
information database. They are intentional malicious attacks from illegal users that
could result into the disclosure of sensitive information, loss of integrity as well as
loss of access to authorized users. Such access could result in the dangerous
alteration or disclosure of information in the system (Zailani, 2004)
Key generation
Key Management
Key Storage
Key distribution
/agreement
Key Verification
Update Cancelation
Figure: 1.1 Key Management (Jaworrki, J., Perrone, p & chaganti, v. s (2000)
4
Database technique in the key generation and database encryption during
implementation processor of database, some of difficult private key technology of
encrypt /decrypt (Xing-hui, W. and M. Xiu-jun (2010).
The encryption system in the IBE (identity based encryption) system is a
centralized private key management system. The PKG or Private Key Generator is
the users’ private keys. The key management is similar to the PKI system in CA. the
main challenges of such a system in practical application is that with increasing load
and resultant expansion to the system, updating of private key becomes more
complicated. In addition, based on the system master key, the system faces the risk of
a single point failure as all private keys can be calculated (Zheng, L. and H. Yi
“(2012). This can constitute a source of dangerous compromise.
1.3 Problem Statement
Security is still a great challenge in database management. The database
encryption/ decryption still face many problems. The user encryption/ decryption
especially when private data from source to destination within the network for the
sake of storing or retrieving them from main system involved is a difficult or
complex technology and still requirement a lot of attention
1.4 Objective
The main objective of this research is to investigate the performance of AES
and DES area and Database security. Specifically, the project attempts to achieve the
following objective:
1. To Study AES algorithm and DES Algorithm encrypt/ decrypt technique.
2. To Implement Database encryption/decryption using DES and AES.
5
3. To compare the performance of AES Algorithm and DES Algorithms and
measure time.
1.5 Scope of the study :
This research project focused on the following development:
1. Provide the confidentiality of data against attackers in the organization
2. Focused on database Encryption or Decryption a column level in (SQL
server)
3. User Interface for data manipulation should work on client/server manner.
1.6 Significance of the study :
1. Ensure confidentiality by protecting the data from unauthorized exposure.
2. To sustain access control mechanism through encryption scheme
3. Provide user-friendly environment.
1.7 Thesis organization
Chapter one provides an introduction to the whole study. It presents a brief
introduction to place the study in the context of current research in the field. The
background of the study was presented with a statement of the problem. Chapter
presents a review of related research. Chapter 3 covers the methodology applied in
the study; chapter 4 Presentation of system design and analysis while chapter 5
focuses on the implementation of the recommended and enhanced system.
69
References
XING-HUI, W. AND M. XIU-JUN 2010. Research of the Database Encryption
Technique Based on Hybrid Cryptography. Computational Intelligence and
Design (ISCID), 2010 International Symposium on, IEEE.
ZAILANI M.S.2004. Design and Implementation of a new multilevel scheme for
database management system .Thesis PhD University Technology Malaysia.
VAN TILEBORG,H.C.A.V.&JAJODIA ,S.2011 k-Anonymity. Encyclopedia of
cryptography and security.
VANASTONE ,S.A.,VANOORSCHORT ,P.C. &MENEZES ,A 1996 Handbook of
applied cryptography .XP -002250459.
JAWORRKI, J., PERRONE, P &CHAGANTI, V. S 2000 java security
handbook,mechillan press ltd.
ZHENG, L. AND H. YI " 2012 A Management Scheme of User Private Keys in an IBE
System."
ZHANG, X., C. XU, ET AL. 2013.Efficient Chosen Ciphertext Secure Threshold
Public-Key Encryption with Forward Security.Emerging Intelligent Data and
Web Technologies (EIDWT), 2013 Fourth International Conference on, IEEE.
69
KSHIRSAGAR, R. AND M. VYAWAHARE 2012.FPGA Implementation of High
Speed VLSI Architectures for AES Algorithm.Emerging Trends in Engineering
and Technology (ICETET), 2012 Fifth International Conference on, IEEE.
DING, Y. A ND K. KLEIN 2010. Model-driven application-level encryption for the
privacy of e-Health data.Availability, Reliability, and Security, 2010.ARES'10
International Conference on, IEEE.
SHMUELI, E., R. VAISENBERG, ET AL. 2010. "Database encryption: an overview of
contemporary challenges and design considerations." ACM SIGMOD Record
38(3): 29-34.
PASHA DESHMUKH, A. AND R. QURESHI 2013."Transparent Data Encryption
Solution for Security of Database Contents."
DENG-HONG, Z. 2010.Encryption design for the database under the VFP environment
based on Chaos algorithm.Advanced Computer Theory and Engineering
(ICACTE), 2010 3rd International Conference on, IEEE.
VERMA, H. K. AND R. K. SINGH 2013.Enhancement of RC6 block cipher algorithm
and comparison with RC5 & RC6. Advance Computing Conference (IACC),
2013 IEEE 3rd International, IEEE.
BURNETT,S&PAIN,S. 2001.The RSA security official Guide to cryptography
,McGraw-Hill,inc
VANSTILBORG,H.C.A&JAJODIA ,S. 2011 Encyclopedia cryptography and security,
Springer Burnett,S. & Paine ,S.2004 RSA Security’s official Guide
Cryptography , McGraw-Hill,Ince
BARKER ,E, BARKER ,W.,BURR,W.,POLK,W.& SMID,M.2011 Recommendation
for key management part1:General (revision3).NIST special Publication 800,57.
SHARMA, S., P. SHARMA, ET AL. 2011. RSA algorithm using modified subset sum
cryptosystem. Computer and Communication Technology (ICCCT), 2011 2nd
International Conference on, IEEE.
BOUGANIM, L. AND Y. GUO 2009."Database encryption." Encyclopedia of
Cryptography and Security: 1-9.
BATINI, C., CERI, S. & NAVATHE, S. B. 1992. Conceptual database design: an
70
Entity-relationship approach, Benjamin/Cummings Redwood City, CA.
SPOFFORD, G., HARINATH, S., WEBB, C. & CIVARDI, F. 2005. MDX Solutions:
With Microsoft SQL Server Analysis Services 2005 and Hyperion Essbase, JohnWiley & Sons, Inc.
EDDEMA, H. 2001. Microsoft Access version 2002 inside out, Microsoft
Press.GREENWALD, R., STACKOWIAK, R. & STERN, J. 2013. Oracle Essentials:
Oracle Database 12c, " O'Reilly Media, Inc.".
LEE, B. (2010). Unified Public Key Infrastructure Supporting Both Certificate-Based
and ID-Based Cryptography. Availability, Reliability, and Security, 2010.
ARES'10 International Conference on, IEEE.
MATTSSON, U. T. 2005. A practical implementation of transparent encryption and
separation of duties in enterprise databases: protection against external and
internal attacks on databases. E-Commerce Technology, 2005. CEC 2005.
Seventh IEEE International Conference on, IEEE.
THAKUR, J. AND N. KUMAR 2011. "DES, AES and Blowfish: Symmetric key
cryptography algorithms simulation based performance analysis." International
Journal of Emerging Technology and Advanced Engineering 1(2): 6-12.
PATTARANANTAKUL, M., A. JANTHONG, ET AL. 2012. Secure and efficient key
management technique in quantum cryptography network. Ubiquitous and Future
NETWORKS (ICUFN), 2012 Fourth International Conference on, IEEE.
CLARKE, A. AND R. STEELE 2012. Secure and reliable distributed health records:
Achieving query assurance across repositories of encrypted health data. System
SCIENCE (HICSS), 2012 45th Hawaii International Conference on, IEEE.
WEERASINGHE, T. 2013. An Effective RC4 Stream Cipher. 8th IEEE International
Conference on Industrial and Information Systems (ICIIS).
CHENG, H. AND Q. DING 2012. Overview of the block cipher. Instrumentation,
Measurement, Computer, Communication and Control (IMCCC), 2012 Second
International Conference on, IEEE.
71
CHENG, H. AND Q. DING 2012. Overview of the block cipher. Instrumentation,
Measurement, Computer, Communication and Control (IMCCC), 2012 Second
International Conference on, IEEE.
MOGHADDAM, F. F., M. T. ALRASHDAN, ET AL. 2013. "A Hybrid Encryption
Algorithm Based on RSA Small-e and Efficient-RSA for Cloud Computing
Environments."Journal of Advances in Computer Network 1(3).
MALLAIAH, K., S. RAMACHANDRAM, ET AL. 2013. Performance analysis of
Format Preserving Encryption (FIPS PUBS 74-8) over block ciphers for
numeric data. Computer and Communication Technology (ICCCT), 2013 4th
International Conference on, IEEE.
KAHATE, A. 2013. Cryptography and network security, Tata McGraw-Hill Education.
ROY, S., S. NAG, ET AL. 2013. "International Journal of Advanced Research in
Computer Science and Software Engineering."International Journal 3(6).
PADMAVATHI, B. AND S. R. KUMARI 2013."A Survey on Performance Analysis of
DES, AES and RSA Algorithm along with LSB Substitution
Technique."International Journal of Science and Research 2(4).