In this chapter, we will discuss the threats that a database system faces and the control measures. As a security function, we will also be studying cryptography.
Data security is an integral feature of any database system. Because of the large number of users, fragmented and replicated data, multiple sites and distributed control, this is of particular significance in distributed systems.
Threats in a Database
Control measures can be classified generally into the following categories:
Cryptography is the technique of encoding information so that only an authorized receiver can decode and use it before sending it through unreliable communication paths. The coded message is called plain text, and plain text is called the initial message. The method by which the sender converts plain text into cypher text is called encoding or encryption. The receiver 's method of translating plain text to plain text is called decoding or decryption.
In conventional cryptography, the same secret key is used to encrypt and decrypt. Here, using a copy of the secret key, the sender encrypts the message with an encryption algorithm. The encrypted message is then distributed through the channels of public communication. The receiver decrypts it with a corresponding decryption algorithm using the same secret key upon obtaining the encrypted message.
Two factors depend on security in traditional cryptography:
The most common standard cryptography algorithm is the Data Encryption Standard or DES.
The benefit of this process is its simple applicability. However, sharing the secret key between the communicating parties is the greatest challenge in conventional cryptography. Cumbersome and highly susceptible to eavesdropping are the ways to send the key.
Public key cryptography uses two separate keys, known as the public key and the private key, as opposed to conventional cryptography. The public key pair and the private key are created by each user. Then the user places the public key in an accessible place. When a sender wishes a message to be sent, he uses the receiver's public key to encrypt it. The receiver decrypts it using his private key upon receiving the encrypted letter. Because nobody but the receiver is aware of the private key, no other person who receives the message can decrypt it.
The RSA algorithm and the Diffie-Hellman algorithm are the most common public key cryptography algorithms. It is very safe to send private messages using this method. The problem, however, is that it requires a lot of calculation and thus proves to be inefficient for long messages.
Using a combination of conventional and public key cryptography is the solution. The secret key is encrypted before being shared between the communicating parties using public key cryptography. Then, with the help of a mutual secret key, the message is sent using conventional cryptography.
A Digital Signature (DS) is a public key cryptography based authentication technique used in e-commerce applications. Within the body of its message, it identifies a specific mark with an individual. This lets others authenticate valid message senders.
Typically, to provide protection against counterfeiting, the digital signature of a user varies from message to message. The approach is as follows –