A Framework for Efficient Storage Security in RDBMS

  • Bala Iyer
  • Sharad Mehrotra
  • Einar Mykletun
  • Gene Tsudik
  • Yonghua Wu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2992)

Abstract

With the widespread use of e-business coupled with the public’s awareness of data privacy issues and recent database security related legislations, incorporating security features into modern database products has become an increasingly important topic. Several database vendors already offer integrated solutions that provide data privacy within existing products. However, treating security and privacy issues as an afterthought often results in inefficient implementations. Some notable RDBMS storage models (such as the N-ary Storage Model) suffer from this problem. In this work, we analyze issues in storage security and discuss a number of trade-offs between security and efficiency. We then propose a new secure storage model and a key management architecture which enable efficient cryptographic operations while maintaining a very high level of security. We also assess the performance of our proposed model by experimenting with a prototype implementation based on the well-known TPC-H data set.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Copeland, G.P., Khoshafian, S.F.: A Decomposition Storage Model. In: ACM SIGMOD International Conference on Management of Data, pp. 268–269 (1985)Google Scholar
  2. 2.
    Oracle Corporation: Database Encryption in Oracle9i (2001), http://otn.oracle.com/deploy/security/oracle9i
  3. 3.
    Department of Health and Human Services (U.S.). Gramm-Leach-Bliley (GLB) Act. FIPS PUB 81 (1999), http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm
  4. 4.
    Federal Trade Commission (U.S.): Health Insurance Portability and Accountability Act (HIPAA) (1996), http://www.hhs.gov/ocr/hipaa/privacy.html
  5. 5.
    IBM Data Encryption for IMS and DB2 Databases, Version 1.1 (2003), http://www-306.ibm.com/software/data/db2imstools/html/ibmdataencryp.html
  6. 6.
    He, J., Wang, M.: Cryptography and Relational Database Management Systems. In: Proceedings of the 5th International Database Engineering and Applications Symposium, pp. 273–284 (2001)Google Scholar
  7. 7.
    Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over Encrypted Data in the Database Service Provider Model. In: ACM SIGMOD Conference on Management of Data (2002)Google Scholar
  8. 8.
    Bouganim, L., Pucheral, P.: Chip-Secured Data Access: Confidential Data on Untrusted Servers. In: VLDB Conference, Hong Kong, China (2002)Google Scholar
  9. 9.
    Hacigümüş, H., Iyer, B., Mehrotra, S.: Providing Database as a Service. In: ICDE (2002)Google Scholar
  10. 10.
    Karlsson, J.S.: Using Encryption for Secure Data Storage in Mobile Database Systems. Friedrich-Schiller-Universitat Jena (2002)Google Scholar
  11. 11.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21 (1978)Google Scholar
  12. 12.
    NIST. Advanced Encryption Standard. FIPS PUB 197 (2001)Google Scholar
  13. 13.
    TPC Transaction Processing Performance Council, http://www.tpc.org
  14. 14.
    OpenSSL Project, http://www.openssl.org
  15. 15.
    NIST. Data Encryption Standard (DES). FIPS 46-3 (1993)Google Scholar
  16. 16.
    Schneier, B.: Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish). In: Fast software Encryption, Cambridge Security Workshop Proceedings, pp. 191–204 (1993)Google Scholar
  17. 17.
    Ramakrishnan, R., Gehrke, J.: Database Management Systems, 2nd edn. WCB/McGraw-Hill (2000)Google Scholar
  18. 18.
    Ailamaki, A., DeWitt, D.J., Hill, M.D., Skounakis, M.: Weaving Relations for Cache Performance. The VLDB Journal, 169–180 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Bala Iyer
    • 1
  • Sharad Mehrotra
    • 2
  • Einar Mykletun
    • 2
  • Gene Tsudik
    • 2
  • Yonghua Wu
    • 2
  1. 1.IBM Silicon Valley Lab 
  2. 2.University of California, IrvineIrvineUSA

Personalised recommendations