Database Reference
In-Depth Information
record, the balances may have been swapped with balances in another customer's
record.
Introduce noise.
Deliberately introduce slight noise or inaccuracies. Randomly add
records to the result set. This is likely to show erroneous individual records, but statis-
tical samples produce approximate responses quite adequate for statistical analysis.
Log queries.
Maintain a log of all queries. Maintain a history of query results and
reject queries that use a high number of records identical to those used in previous
queries.
ENCRYPTION
We have discussed the standard security control mechanisms in detail. You studied
the discretionary access control method whereby unauthorized persons are kept
away from the database and authorized users are guaranteed access through access
privileges. You have also understood the mandatory access control method, which
addresses some of the weaknesses of the discretionary access control scheme. Now
you are confident that these two standard schemes provide adequate protection and
that potential intruders cannot invade the database.
However, the assumption is that an infiltrator or intruder tries to break into the
system through normal channels by procuring user-ids and passwords through
illegal means. What if the intruder bypasses the system to get access to the infor-
mation content of the database? What if the infiltrator steals the database by phy-
sically removing the disks or backup tapes? What if the intruder taps into the
communication lines carrying data to genuine users? What if a clever infiltrator runs
a program to retrieve the data by breaking the defenses of the operating system?
The normal security system breaks down in such cases. Standard security tech-
niques fall short of expectations to protect data from assaults bypassing the system.
If your database contains sensitive financial data about your customers, then you
need to augment your security system with additional safeguards. In today's envi-
ronment of electronic commerce on the Internet, the need for dependable security
techniques is all the more essential. Encryption techniques offer added protection.
What is Encryption?
Simply stated, encryption is a method of coding data to make them unintelligible
to an intruder and then decoding the data back to their original format for use by
an authorized user. Some commercial DBMSs include encryption modules; a few
others provide program exits for users to code their own encryption routines. Cur-
rently, encryption techniques are widely used in applications such as electronic fund
transfers (EFT) and electronic commerce.
An encryption scheme needs a cryptosystem containing the following compo-
nents and concepts:
•
An encryption key to code data (called plaintext)
•
An encryption algorithm to change plaintext into coded text (called ciphertext)
Search WWH ::
Custom Search