Abstract
Data Warehouses (DWs) are the core of enterprise sensitive data, which makes protecting confidentiality in DWs a critical task. Published research and best practice guides state that encryption is the best way to achieve this and maintain high performance. However, although encryption algorithms strongly fulfill their security purpose, we demonstrate that they introduce massive storage space and response time overheads, which mostly result in unacceptable security-performance tradeoffs, compromising their feasibility in DW environments. In this paper, we enumerate state-of-the-art data masking and encryption solutions and discuss the issues involving their use from a data warehousing perspective. Experimental evaluations using the TPC-H decision support benchmark and a real-world sales DW support our remarks, implemented in Oracle 11g and Microsoft SQL Server 2008. We conclude that the development of alternate solutions specifically tailored for DWs that are able to balance security with performance still remains a challenge and an open research issue.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
3DES. Triple DES. National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS), Pub. 800-67, ISO/IEC 18033-3 (2005)
AES. Advanced Encryption Standard. NIST, FIPS-197 (2001)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-Preserving Encryption for Numeric Data. In: ACM SIG Int. Conference on Management of Data, SIGMOD (2004)
Agrawal, R., Srikant, R., Thomas, D.: Privacy Preserving OLAP. In: ACM Int. Conference of the Special Interest Group on Management of Data, SIGMOD (2005)
Bertino, E., Sandhu, R.: Database Security – Concepts, Approaches, and Challenges. IEEE Transactions on Dependable and Secure Computing 2(1) (2005)
DES. Data Encryption Standard. National Inst. of Standards and Technology (NIST). FIPS Pub. 46 (1977)
Ge, T., Zdonik, S.: Fast, Secure Encryption for Indexing in a Column-Oriented DBMS. In: International Conference on Data Engineering, ICDE (2007)
Huey, P.: Oracle Database Security Guide 11g. Oracle Corporation (2008)
Kimball, R., Ross, M.: The Data Warehouse Toolkit, 2nd edn. Wiley & Sons, Inc. (2002)
Nadeem, A., Javed, M.Y.: A Performance Comparison of Data Encryption Algorithms. In: Int. Conf. on Information and Communication Technologies, ICICT (2005)
Natan, R.B.: Implementing Database Security and Auditing. Digital Press (2005)
Oracle Corporation. Data Masking Best Practices, Oracle White Paper (2010)
Oracle Corporation. Oracle Advanced Security Transparent Data Encryption Best Practices, Oracle White Paper (2010)
Procopiuc, C.M., Srivastava, D.: Efficient Table Anonymization for Aggregate Query Answering. In: Int. Conf. on Data Engineering, ICDE (2011)
Radha, V., Kumar, N.H.: EISA - An Enterprise Application Security Solution for Databases. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 164–176. Springer, Heidelberg (2005)
Ravikumar, G.K., Manjunath, T.N., Ravindra, S.H., Umesh, I.M.: A Survey on Recent Trends, Process and Development in Data Masking for Testing. International Journal of Computer Science Issues 8(2) (2011)
TPC-H. The TPC Decision Support Benchmark H, http://www.tpc.org/tpch/default.asp
Vimercati, S.C., Foresti, S., Jajodia, S., Paraboschi, Samarati, P.: Over-encryption: Management of Access Control Evolution and Outsourced Data. In: International Conference on Very Large DataBases, VLDB (2007)
Xiao, X., Bender, G., Hay, M., Gehrke, J.: iReduct: Differential Privacy with Reduced Relative Errors. In: ACM SIG Int. Conf. on Management of Data, SIGMOD (2009)
Yuhanna, N.: Your Enterprise Database Security Strategy. Forrester Research (2010)
Gartner Inc. Selection Criteria for Data-Masking Technologies. Research Report ID G00165388 (February 2009)
Bernstein, D.J.: The Salsa20 Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008)
Hacıgümüş, H., Iyer, B., Mehrotra, S.: Efficient Execution of Aggregation Queries over Encrypted Relational Databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, pp. 125–136. Springer, Heidelberg (2004)
Schneier, B.: The Blowfish Encryption Algorithm, http://www.schneier.com/blowfish.html
Elminaam, D., Kader, H., Hadhoud, M.: Evaluating the Performance of Symmetric Encryption Algorithms. Int. Journal of Network Security 10(3) (2010)
Bernstein, D.J., Schwabe, P.: New AES Software Speed Records. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 322–336. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Santos, R.J., Bernardino, J., Vieira, M. (2012). Evaluating the Feasibility Issues of Data Confidentiality Solutions from a Data Warehousing Perspective. In: Cuzzocrea, A., Dayal, U. (eds) Data Warehousing and Knowledge Discovery. DaWaK 2012. Lecture Notes in Computer Science, vol 7448. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32584-7_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-32584-7_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32583-0
Online ISBN: 978-3-642-32584-7
eBook Packages: Computer ScienceComputer Science (R0)