Implementing cryptography in database

With the increasing dependency of database for data storage, many sensitive data such as personal information data and credit card information data are being stored inside a database. These data is so valuable that it attracts unauthorized personnel to gain access for obtaining the data for furth...

Full description

Bibliographic Details
Main Author: Kwan, Shong Hann
Format: Undergraduates Project Papers
Language:English
Published: 2010
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/2615/
http://umpir.ump.edu.my/id/eprint/2615/1/KWAN_SHONG_HANN.PDF
Description
Summary:With the increasing dependency of database for data storage, many sensitive data such as personal information data and credit card information data are being stored inside a database. These data is so valuable that it attracts unauthorized personnel to gain access for obtaining the data for further usage. Even though the network infrastructure nowadays is protected with different kind of security measures, there is none of them is able to block all the threats perfectly. Therefore, the data needs to be able to protect its confidentiality even though all measures have been failed. This is where the importance of cryptography in protecting the data confidentiality even the data is in the hands of the attacker. Cryptography can be implemented in different kind of methods to secure the database. The purpose of this study is to develop a cryptosystem that is able to implement cryptography to the data before storing them into the database. This implementation has been strengthened by introducing two approaches which are the classification of types of data using Key Family and the classification of data encryption key status according to the activation time. Key Family separates types of data such as personal information data and credit card information data. Both families use different data encryption key to encrypt and decrypt to limit the access of the attacker if one of the key is obtained. The state of data encryption key is determined by the activation date which the key which has the latest time will be activated and the old ones will be expired. This will prevent the key remains too long for encryption and decryption which poses risks for threats to break the key. This system is developed using Java programming language with the use of Java Cryptography Extension for the cryptography process. MySQL database is used as the protected database where all the data in the database is encrypted for protection. Finally, it is hope that this system can provide better security for data confidentiality and also become the last line defense of data towards the attacks