Article Details

Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

A New Solution to Protect Encryption Keys when Encrypting Database at the Application Level

Author 1: Karim El bouchti
Author 2: Soumia Ziti
Author 3: Fouzia Omary
Author 4: Nassim Kharmoum

Download PDF

Digital Object Identifier (DOI) : 10.14569/IJACSA.2020.0110138

Article Published in International Journal of Advanced Computer Science and Applications(IJACSA), Volume 11 Issue 1, 2020.

Abstract: Encrypting databases at the application level (client level) is one of the most effective ways to secure data. This strategy of data security has the advantage of resisting attacks performed by the database administrators. Although the data and encryption keys will be necessarily stored in the clear on the client level, which implies a problem of trust viz-a-viz the client since it is not always a trusted site. The client can attack encryption keys at any time. In this work, we will propose an original solution that protects encryption keys against internal attacks when implementing database encryption at the application level. The principle of our solution is to transform the encryption keys defined in the application files into other keys considered as the real keys, for encryption and decryption of the database, by using the protection functions stored within the database server. Our proposed solution is considered as an effective way to secure keys, especially if the server is a trusted site. The solution implementation results displayed better protection of encryption keys and an efficient process of data encryption /decryption. In fact, any malicious attempt performed by the client to hold encryption keys from the application level cannot be succeeded since the real values of keys are not defined on it.

Keywords: Database encryption; encryption key protection model; database encryption keys protection; data security

Karim El bouchti, Soumia Ziti, Fouzia Omary and Nassim Kharmoum, “A New Solution to Protect Encryption Keys when Encrypting Database at the Application Level” International Journal of Advanced Computer Science and Applications(IJACSA), 11(1), 2020. http://dx.doi.org/10.14569/IJACSA.2020.0110138

@article{bouchti2020,
title = {A New Solution to Protect Encryption Keys when Encrypting Database at the Application Level},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2020.0110138},
url = {http://dx.doi.org/10.14569/IJACSA.2020.0110138},
year = {2020},
publisher = {The Science and Information Organization},
volume = {11},
number = {1},
author = {Karim El bouchti and Soumia Ziti and Fouzia Omary and Nassim Kharmoum}
}

IJACSA

Upcoming Conferences

IntelliSys 2021

2-3 September 2021

Future Technologies Conference (FTC) 2021

28-29 October 2021

Future of Information and Communication Conference (FICC) 2022

3-4 March 2022

Computing Conference 2022

14-15 July 2022