• Journal of Korea Multimedia Society
• /
• v.11 no.1
• /
• pp.1-12
• /
• 2008

Database encryption is one of the important mechanisms for prohibiting internal malicious users and outside hackers from utilizing data. Frequent occurrences of encryption and decryption cause degradation of database performance so that many factors should be considered in implementing encryption system. In this paper, we propose an architecture of database encryption system and data encryption module. In addition we suggest extended SQL in order to manage data encryption and decryption. In implementing database encryption system, we adopt ARIA encryption algorithm which is proved to be the most fast one among Korea standardized encryption algorithm. We use an single key for each database in encrypting data rather than using several keys in order to improve performance. Research over performance evaluation of database encryption system is rare up to now. Based on our implemented system, we provide performance evaluation results over various H/W platforms and compare performance differences between plain text and encrypted data.

• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.140-150
• /
• 2024

Database-as-a-Service is one of the prime services provided by Cloud Computing. It provides data storage and management services to individuals, enterprises and organizations on pay and uses basis. In which any enterprise or organization can outsource its databases to the Cloud Service Provider (CSP) and query the data whenever and wherever required through any devices connected to the internet. The advantage of this service is that enterprises or organizations can reduce the cost of establishing and maintaining infrastructure locally. However, there exist some database security, privacychallenges and query performance issues to access data, to overcome these issues, in our recent research, developed a database security model using a deterministic encryption scheme, which improved query execution performance and database security level.As this model is implemented using a deterministic encryption scheme, it may suffer from chosen plain text attack, to overcome this issue. In this paper, we proposed a new model for cloud database security using nondeterministic encryption, order preserving encryption, homomorphic encryptionand database distribution schemes, andour proposed model supports execution of queries with equality check, range condition and aggregate operations on encrypted cloud database without decryption. This model is more secure with optimal query execution performance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.1
• /
• pp.210-216
• /
• 2005

In many real-time applications, security is another important requirement, since the secure real time database system maintains sensitive information to be shared by multiple users with different levels of security clearance or to be attacked by hackers with ill will. Encryption policies are necessary for the security of secure real-time database systems in addition to the existing security methods, too. However, there has not been much work for the encryption policies in secure real-time database systems, although sensitive information must be safeguarded in real-time systems as well. In this paper, we propose a encryption manager for the purpose of solving the encryption policies of the secure real-time database systems. What is important in the encryption policies of secure real-time database systems is security and timeliness. A significant feature of the proposed encryption manager is the ability to dynamically adapt a encryption algorithm that consider transaction deadline and security level.

• Journal of information and communication convergence engineering
• /
• v.7 no.1
• /
• pp.30-34
• /
• 2009

The encryption method is a well established technology for protecting sensitive data. However, once encrypted, the data can no longer be easily queried. The performance of the database depends on how to encrypt the sensitive data. In this paper we review the conventional encryption method which can be partially queried and propose the encryption method for numerical data which can be effectively queried. The proposed system includes the design of the service scenario, and metadata.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.4
• /
• pp.848-854
• /
• 2015

There are a lot of encryption methods to secure database proposed recently. Those encryption methods can protect the sensitive data of users effectively, but it deteriorates the search performance of database query. In this paper, we proposed the selective element encryption method in order to complement those drawbacks. In addition, we compared the performance of the proposed method with that of tuple level encryption method using the various queries. As a result, we found that the proposed method, which use the selective element encryption with bloom filter as a index, has better performance than the other encryption method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.369-378
• /
• 2020

Due to the widespread use of mobile devices, smartphone penetration and usage rate continue to increase and there is also an increasing amount of data that need to be stored and managed in applications. Therefore, recent applications use mobile databases to store and manage user data. Realm database, developed in 2014, is attracting more attention from developers because of advantages of continuous updating, high speed, low memory usage, simplicity and readability of the code. It also supports an encryption to provide confidentiality and integrity of personal information stored in the database. However, since the encryption can be used as an anti-forensic technique, it is necessary to analyze the encryption and decryption processes provided by Realm Database. In this paper, we analyze the structure of Realm Database and its encryption and decryption process in detail, and analyze an application that supports an encryption to propose the use cases of the Realm Database.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1328-1342
• /
• 2013

Searchable encryption is a cryptographic protocol for searching a document in encrypted databases. A simple searchable encryption protocol, which is capable of using only one keyword at one time, is very limited and cannot satisfy demands of various applications. Thus, designing a searchable encryption with useful additional functions, for example, conjunctive keyword search, is one of the most important goals. There have been many attempts to construct a searchable encryption with conjunctive keyword search. However, most of the previously proposed protocols are based on public-key cryptosystems which require a large amount of computational cost. Moreover, the amount of computation in search procedure depends on the number of documents stored in the database. These previously proposed protocols are not suitable for extremely large data sets. In this paper, we propose a new searchable encryption protocol with a conjunctive keyword search based on a linked tree structure instead of public-key based techniques. The protocol requires a remarkably small computational cost, particularly when applied to extremely large databases. Actually, the amount of computation in search procedure depends on the number of documents matched to the query, instead of the size of the entire database.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.209-216
• /
• 2002

This treatise deals with designing a database encryption model that interworks with Intranet within a system. Today attempts are being made to substitute legacy client/server computing environment with what interworks with web and database, and thus the question how the security for the database that interworks with Intranet can be secured is emerging as a matter of great importance. This treatise, therefore, offers an encryption model which offers how to create an encryption key using an ID and a password most widely used in Intranet access and by using this key, how to encipher information ill a DB table, providing a maintenance scheme for the Key as well.

• Journal of Information Processing Systems
• /
• v.15 no.5
• /
• pp.1211-1217
• /
• 2019

Developing methods to search over an encrypted database (EDB) have received a lot of attention in the last few years. Among them, order-revealing encryption (OREnc) and order-preserving encryption (OPEnc) are the core parts in the case of range queries. Recently, some ideally-secure OPEnc schemes whose ciphertexts reveal no additional information beyond the order of the underlying plaintexts have been proposed. However, these schemes either require a large round complexity or a large persistent client-side storage of size O(n) where n denotes the number of encrypted items stored in EDB. In this work, we propose a new construction of an efficient OPEnc scheme based on an OREnc scheme. Security of our construction inherits the security of the underlying OREnc scheme. Moreover, we also show that the construction of a non-interactive ideally-secure OPEnc scheme with a constant client-side storage is theoretically possible from our construction.

• Journal of KIISE
• /
• v.42 no.1
• /
• pp.97-106
• /
• 2015

Recently, research on database encryption for data protection and query result authentication methods has been performed more actively in the database outsourcing environment. Existing database encryption schemes are vulnerable to order matching and counting attack of intruders who have background knowledge of the original database domain. Existing query result integrity auditing methods suffer from the transmission overhead of verification object. To resolve these problems, we propose a group-order preserving encryption index and a query result authentication method based on the encryption index. Our group-order preserving encryption index groups the original data for data encryption and support query processing without data decryption. We generate group ids by using the Hilbert-curve so that we can protect the group information while processing a query. Finally, our periodic function based data grouping and query result authentication scheme can reduce the data size of the query result verification. Through performance evaluation, we show that our method achieves better performance than an existing bucket-based verification scheme, it is 1.6 times faster in terms of query processing time and produces verification data that is 20 times smaller.