Fundamentals of Cyber Security
Fundamentals of Cyber Security: Cryptography
Illinois Institute of Technology
August 30, 2018
Department of Information technology and Management
Contact: [email protected]
This paper gives a brief introduction to Cryptography and its different categories. It also briefly describes the effects of employing cryptographic methods in the database on data processing. This paper describes the prominent findings of tests conducted by Apolinarski (2010) on the influence of cryptography on data processing is discussed as well.
Keywords: database security, cryptography, symmetric algorithm, asymmetric algorithm, cryptographic hashing
Cryptography is the art of “extreme information security.” (Kenan, 2006). It includes Encryption which uses an algorithm and a key to convert a database field i.e. plaintext into encrypted output i.e. ciphertext. This can be considered as applying a lock to secure the information which can be unlocked only by a key. The process to convert the ciphertext into plaintext using the key is Decryption. Cryptography prevents the retrieval of the plaintext even if the adversary has full access to ciphertext hence it is extreme security. (Kenan 2006). Cryptographic algorithms are classified into below categories.
Symmetric. These algorithms share the same key for data encryption and decryption. These are fast and used for encryption of large data items. These however, require a secure distribution of the key with all the users and so the risk of the key being compromised is high. Examples are Data Encryption Standard and Advanced Encryption Standard. (OWASP).
Asymmetric. These use different keys for encryption and decryption. Also known as Public/Private key Cryptography as a key pair (Private and Public key) is generated. It can provide different functions based on its usage. Asymmetric is slower than Symmetric so can be used for encryption of smaller data sets. Examples are RSA and Diffie-Hellman. (OWASP).
Cryptographic Hashing. These convert the plaintext to a fixed length string or hash which makes retrieval of plaintext from hash nearly impossible. Example is Security Hash Algorithm family SHA-224, SHA-256, SHA-384, and SHA-512.
Evidence in the form of “top vulnerabilities” list confirm that security violations due to failure of a cryptographic algorithm is rare. Security is often compromised due to flawed system design or defects in the system implementation. (Burman 2008). Schneier et al (2003) have also summarized that cryptography fails are often due to incorrect implementation and hence cause more harm than good.
Cryptographic algorithms are complex and affect the performance of the system. To have a better performance or at least not to degrade the performance of a system cryptographic methods are not used to secure data. This causes data security to be at risk. (Crypto in RDBMS)
Tests were performed on Oracle 10g to verify the efficiency of the database when cryptographic methods were applied. The results showed that the execution time of data processing for the encrypted data increases with the complexity of the cryptographic algorithms used. However, it should be considered that the high-risk data in production is less than the overall data processed hence the performance loss relates to only that amount of data. (ResearchGate)
Cryptography ensures confidentiality and integrity of data stored in a database by encryption. However, when applying cryptographic methods to a database it is important to consider its impact on the system parameters. If the performance of the system takes preference to security of stored data, then appropriate action must be taken. To gain a complete understanding of the effects of encryption a study must be carried out in different environments.
Apolinarski, Micha?. (2010). Influence of using cryptography on data processing in RDBMS Oracle 10g. Pomiary Automatyka Kontrola 56: 1540-1543.
Burman, Sanjay. (2007). Cryptography and Security—Future Challenges and Issues. In | adcom, pp. 547-551. IEEE.
Kenan, Kevin (2006). Cryptography in the database: the last line of defense. Addison-Wesley.
OWASP, “Guide to Cryptography” Online. Available: https://www.owasp.org/index.php/Guide_to_Cryptography.
Schneier, Bruce and Ferguson, Niels (2003). Practical Cryptography. John Wiley & Sons, Inc.