CTU student – Abstract
The use of the cloud computing environment to cater to the demands of users in the internet has made database security a critical issue. Security is a critical issue in cloud computing due to the variety of IT services that can be provided through a cloud environment. This paper highlights that database security should ensure data confidentiality, integrity and availability on any system. Included in the discussion are the latest security methods and current trends to protect the system against potential threats. Cryptography, secret key methods, digital signatures and certificates are introduced as means to protect databases.
The paper cites the work of authorities on the three fundamental approaches to monitoring database activity. IT professionals are encouraged to acquaint himself also of the limitations of database monitoring. The Mandatory Access Control (MAC), Lattice-Based Access Control (LBAC), and Role-Based Access Control (RBAC) are considerations in the planning and implementation of access control mechanisms. In addressing securities, one needs to tackle network security, physical security, data security, and applications and host security. This paper offers insight to security challenges, discusses techniques and methods used in securing a database as well as security features and products, and the different types of security measures.
In moving a database to a cloud computing environment, there is a need to identify security requirements. In a cloud computing environment where dynamically scalable and virtualized resources are available for use over the Internet (Gartner, 2008), database security is a challenge due to virtual set up and use. Security is critical due to the varied IT services that can be provided through a cloud. Said Gartner:
The types of IT services that can be provided through a cloud are wide-reaching. Compute facilities provide computational services so that users can use central processing unit (CPU) cycles without buying computers. Storage services provide a way to store data and documents without having to continually grow farms of storage networks and servers. SaaS companies offer CRM services through their multitenant shared facilities so clients can manage their customers without buying software. These represent only the beginning of options for delivering all kinds of complex capabilities to both businesses and individuals (Gartner, 2008).
Consumer and corporate trust in public or private institutions often depend on the security of the information held in their databases. Database security assures data confidentiality, integrity, access, and availability on any system, which is based on a comprehensive security policy.
It is important to recognize the latest security methods and current trends to block the system against potential threats. Existing methods and approaches are then applied to the current cloud technology setting. In this paper, we first survey the database security techniques and approaches used and summarize some of the known techniques and approaches as well as security models. A discussion on private cloud databases versus public cloud databases will offer insight to security challenges. A detailed analysis of database security challenges on a cloud computing environment offers information on how to validate, quantify and manage security services.
There are techniques and approaches currently used for database security. Monitoring, electronic signatures, vulnerability assessment, data masking, encryption, are all currently available to protect data when transmitted across sites and enforcing access control based on policies set for database inquiries.
Hackers attack databases to gain access to personal data, perhaps to use it for personal gain or for some illegal practice. A company can adopt database monitoring as one of its security controls. Concern over the protection of database from hacker attacks may have been reinforced by the report of Privacy Rights Clearinghouse, a web site devoted to maintaining a record of all data security breaches in the US. Nair cited the report in her article:
The Privacy Rights Clearinghouse reported that laptops are the number one source of data breach incidents (47 percent), databases are next (40 percent), then tapes (11 percent) and e-mail (2 percent). Looking at the same data based on the amount of data lost, databases are the number one source (64 percent), laptops are next (25 percent), then tapes (10 percent) and finally e-mail (1 percent) (Privacy Rights Clearinghouse, as cited in Nair, 2008, 1).
Nair provided an overview on the three fundamental approaches to address the issue of monitoring database activity. In the overview, Nair described the three approaches:
A software-only approach typically requires turning on some level of native database auditing from which the software agent gathers data. (…) A relatively new approach to database monitoring is to use a network appliance to monitor database traffic. These appliances either run as passive devices connected to a mirroring or Switched Port Analyzer (SPAN) on a switch, or act as in-line devices, i.e., essentially database firewalls. (…) A combination of network appliance and local software auditing is an ideal way to address data activity monitoring in an enterprise. This maximizes the overall coverage of the auditing solution (Nair, 2008, 2-3).
While database monitoring may protect a company’s database, the IT professional should also evaluate the shortcomings of this method as it applies to the organization. He should particularly pay attention to such limitations as stored procedures and triggers, encrypted network traffic, connection-pooled environments and Support for MSM or security incident and event management (SIEM) systems (Nair, 2008, 3).
Sometimes IT practitioners miss the opportunity to provide adequate protection for the organization’s database. This is of particular concern since hackers are out to access information that has monetary value. Database security assessment includes regularly auditing the database servers to help security staff identify configuration issues and policy and compliance violations (Rapid 7). An organization’s database may be designed differently from other databases in order to meet business requirements. Databases can be protected through period assessment to prevent malicious attacks. The first step to take is to set up an inventory of databases in the organization. Assessment takes the form of evaluating the database in relation to the identified threats. The results of the assessment can be used to strengthen the database.
Cryptography is one of the methods used in securing a database in a cloud computing environment. It presents a range of methods for taking comprehensible, readable data, and converting it into unreadable data for the point of secure transmission, and then using a key to change it back into readable data when it reaches its destination (Nicholas Galbreath & Nick Galbreath, 2002). The goal of cryptography reaches beyond on not only making data unreadable, it also extends into user authentication which provides the user with guarantees that the encrypted message originated from a reliable source.
Some methods of cryptography use a secret key to allow the user to decrypt the message. Secret key ciphers carry out encryption and decryption using the same key, and cryptographic hashes must be computed and confirmed using the same key (Nicholas Galbreath & Nick Galbreath, 2002). Basically, a cipher is a function that locates a message, identified as plaintext, into an unreadable form, branded as ciphertext, by use of a key. This is known as encryption. A user cannot do the inverse transformation, the decryption, or turning the cipher text back into its original plaintext form without a key. To be effective, a cipher must be protected and must be functional. Most users opt for longer keys since it is more secure. But keys of more than a few bytes are easily forgettable. Cryptographic hashes protect against malicious modification of a message.
A hash or message digest is a function that takes an arbitrary-sized message and returns a number based on the message’s contents. Hash functions are sometimes used in combination with private key or public key cryptography. This is a type of one-way encryption, which applies an algorithm to a message, such that the message itself cannot be recovered (Nicholas Galbreath & Nick Galbreath, 2002). Unlike key-based cryptography, the goal of the hash function is not to encrypt data for later decryption, but to generate a somewhat digital fingerprint of a message. The value resulting from applying the hash function can be re-calculated at the receiving end, to make certain that the message has not been tampered with during transmission. Then, key-based cryptography is applied to decode the message.
One of the common secret key methods is to use a password or passphrase that is used to create a key. The most common secret key cryptosystem is the Data Encryption Standard (DES), or the more secure Triple-DES which encrypts the data three times. An evident technique is to hash the password bytes in order to generate new bytes to use a key. While this works, the problem is that the amount of possible passwords is much smaller than the possible number of keys. If the password is nine characters made from the set of upper- and lowercase letters, numbers, and symbols for a total of 72 symbols, it means a user only have a 55-bit key (Nicholas Galbreath & Nick Galbreath, 2002). Instead of trying to strengthen the key, a database attacker would find it easier to try every password instead in a cloud computing system. A user can solve this problem by making the password longer.
Also common are systems that make use of a public key cryptography system, such as the Diffie-Hellman key agreement protocol. This system uses two keys that work together. First is a public one, which anyone can access, and second, is a private one, which is kept confidential by the party receiving the data. When a user wants to transmit a secure message to someone, all a user has to do is encrypt that message using the recipient's public key. But once encrypted, the recipient must use his or her private key to decrypt it (Martin E. Hellman, 2002).
Digital signatures and certificates are also techniques to protect data. Electronic signatures can be defined as any electronic process signifying an approval to terms, and/or a document, presented in electronic format (Security Matters).
A digital certificate is an electronic attachment applied to a program, database, or other electronic document (Patricia Cardoza, Teresa Hennig, Graham Seach & Armen Stein, 2004). The digital certificate classifies the person or entity that published it and the date and times that it was published. The certificate can also spot the reason of the certificate and the purpose of the program, database, or electronic document to which it applies. Therefore, a digital signature is a means to “apply a digital certificate to programs, databases, or other electronic documents so that a user of that program, database, or document can confirm that the document came from the signer and that it has not been altered since it was signed” (Cardoza, Hennig, Seach & Stein, 2004). If the program, database, or document is changed after it has been digitally signed, the signature is immediately removed. This aspect means that a user is ensured that nobody can launch viruses after the signature is applied. A user will have to acquire a digital certificate in order to give his or her database a digital signature.
There are actually two types of digital certificates. They are commercial and internal digital certificates. Commercial certificates are attained through a commercial certification authority such as Verisign, Inc. (Cardoza, Hennig, Seach & Stein, 2004). Internal certificates are deliberately for use on a single computer or within a single organization and can be accessed from an organization’s security administrator or produced using the Selfcert.exe program (Cardoza, Hennig, Seach & Stein, 2004). The Selfcert.exe program is a stand alone program for creating one’s own digital certificates.
To snag a commercial certificate, a user must request and buy one from an authorized commercial certificate authority vendor. When the vendor sends one of these certificates, the recipient will receive instructions about how to set up the certificate on the computer and how to use it with a Microsoft Access application. The certificate a user will need for Access databases is called a coding signing certificate. Also, there are certificates that are suitable for “Microsoft Authenticode” technology (Cardoza, Hennig, Seach & Stein, 2004). The commercial certificate offers full protection of one’s database for legitimacy. Since the digital certificate is removed if the file is modified, a user can guarantee that the database will not be authenticated if anyone tinkers with it. Likewise, commercial certificates present protection for users. If someone obtains a certificate and then uses that certificate for malicious purposes, the commercial authority will cancel the certificate. Then, anyone who uses software that is signed with that certificate will be informed of its cancellation.