Data Warehouses are the most vital asset of an organization which contains sensitive information and data of an organization which is extracted from heterogeneous sources which is used in decision making process. A data warehouse by its nature, creates a security conflict on the other hand, the goal of every data warehouse is to make data accessible. Unfortunately, this also makes them an appearing target for malicious inside and outside attackers. Therefore, security is an important concern which should be defined in order to protect this sensitive information from unauthorized users to ensure integrity and confidentiality. Security should be considered from early stages of designing the data warehouse and hence should be deployed. Encryption is one security technique applied on data to cut out any unauthorized access for maintaining its integrity and delivery performance. In order, to meet these rigorous security challenges posed by protecting different types of information, a new encryption technique is defined known as Format Preserving Encryption mechanism wherein, the encrypted data fits into the existing schema and hence, changes to the database schema and underlying applications would not be required. In this paper, we introduce Format Preserving Encryption (FPE) technique with Advanced Encryption Standard (AES) to encrypt the data before keeping in data warehouse for improving the implementation of security of data warehouse.

 

Published In : IJCSN Journal Volume 3, Issue 4

Date of Publication : 01 August 2014

Pages : 171 - 175

Figures : 03

Tables : --

Publication Link : Format Preserving Encryption Technique to Strengthen Data Warehouse Security

 

 

 

Shikha Gupta : Department of Information Technology ,University School of Communication and Technology, Guru Gobind Singh Indraprastha University, Sector 16 C, New Delhi-110078, India

Priyanka Bhutani : Department of Information Technology ,University School of Communication and Technology, Guru Gobind Singh Indraprastha University, Sector 16 C, New Delhi-110078, India

Ridhi Nim : Department of Information Technology ,University School of Communication and Technology, Guru Gobind Singh Indraprastha University, Sector 16 C, New Delhi-110078, India

 

 

 

 

 

 

 

Data security

Data warehousing

Format preserving encryption

Advanced Encryption standard (AES)

In this paper a better encryption technique is defined in order to achieve strong data encryption during data at rest as well as in transit. This implies that we can preserve the format of the data by combining it with a strong encryption algorithm and make it as secure as, an AES algorithm. An individual technique alone is not secured therefore, for better security we use combination of more than one techniques and also increase the number of permutations at the time of encryption. This combination of advance encryption algorithm (AES) and format preservation will increase the attacker’s burden. The basic idea is to use a strong block cipher such as AES.

 

 

 

 

 

 

 

 

 

[1] N. Yuhanna, “Your Enterprise Database Security Strategy 2010”, Forrester Research, September 2009.

[2] Paulraj pooniah, “Data Warehousing Fundamentals-A comprehensive guide for IT professionals”, John Wiley and sons, 2001.

[3] Terence Spies "Format Preserving Encryption", Voltage Security, Inc.

[4] H. E. Smith and M. Brightwell, "Using Data type- Preserving Encryption to Enhance Data Warehouse Security", NIST 20th National Information Systems Security Conference, pp.141, 1997.

[5] V. Hoang and P. Rogaway, "On generalized Feistel networks", Conference version of this paper, CRYPTO 2010, Springer, 2010.

[6] Kurra Mallaiah, S. Ramachandram, ”Performance analysis of Format preserving encryption over block ciphers for numeric data”, 2013 4th International conference on computer and communication technology.

[7] M. Bellare, T. Ristenpart, P. Rogaway, and T. Stegers, "Format-preserving encryption", SAC 2009. LNCS 5867, Springer, 2009.

[8] M. Bellare, P. Rogaway, and T. Spies, "The FFX mode of operation for format-preserving encryption" (Draft1.1).February, 2010, Manuscript (standards proposal) submitted to NIST.

[9] J. Black and P. Rogaway, "Ciphers with Arbitrary Finite Domains". RSA Data Security Conference, Cryptographer's Track (RSA CT '02), Lecture Notes in Computer Science, vol. 2271, pp. 114-130, Springer, 2002.

[10] AES, “Advanced Encryption Standard”, National Inst. of Standards and Technology (NIST), FIPS-197, 2001.

[11] Jia, Z Liu, J Li, Z Dong “A new integer FPE scheme based on Feistel Network”, Advances in Electric and Electronic, 2012, Springer.

[12] www.verifone.com/sites/verishield-protect.aspx

[13] National Institute of Standards and Technology. NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation—Methods and Techniques, December, 2001.