Database Encryption
Database environment would not be completely secured without consideration of encryption technology. The term database encryption refers to the practice of obscuring the meaning of a piece of data by means of encoding before storing it in tables. The database encryption is implemented in such a way that it can only be decoded, read and understood by people for whom the data is intended. It is the process of encoding data to prevent unauthorized parties from viewing or modifying it.

Data Protection in Daffodil DB
Probably the most widely used application of encryption is in the area of data protection. The information that a business owns is invaluable to its productive operation; consequently, the protection of this information is paramount.

Encryption of files protects the data that is written to the column of a table. This information protection is vital in the event of theft of the computer itself or if an attacker successfully breaks into the system.
To ensure a tight-leashed security, Daffodil DB supports various encryption algorithms like idea, DES, two fish etc. The users can encrypt objects and data before storing them in a table with the help of these proven encryption algorithms.

How can we use Encryption capabilities of Daffodil DB?

Process of encrypting data in Daffodil DB is efficient and simple. While creating a new database users can specify the value for key and the algorithm, which will be used for encrypting the objects and data contained in tables. The following things should be considered before applying encryption techniques.

1. Managing security with encryption becomes more difficult if the office has multiple employees, which know or share the user information.

2. The super user information shall be changed, as the super user is in charge of the Daffodil DB database. Someone logged in as a super user can make use of the data stored in your table.

Uses of Data Encryption

Authentication

Authentication is the process of verifying that the user is in fact the legitimate, authorized user of the data. This is most commonly seen in encrypted passwords. Another example of authentication is digital signatures.

Integrity

This refers to system integrity and data integrity. For example, encryption allows users to confirm that an unauthorized user has not breached the system and the system retains its expected consistency and integrity.

Confidentiality

Confidentiality, or the protection of data from unauthorized viewing, is the most basic form of data security. By obscuring the message as cipher text, encryption allows database users to encode the original data so that the confidentiality of the data is assured. For example: encrypting raw data like one’s entire hard drive can be done simply to ensure that if the network has been hacked, the data on the disk is still secure from unauthorized viewing by someone from outside. Encryption can also be used to ensure the confidentiality of e-mail messages being sent over the Internet.

Encryption algorithms supported by Daffodil DB

As time has progressed, data encryption algorithms have become more complex and secure. Encryption algorithms can be used to provide high levels of security to files stored in the database. Daffodil DB encryption techniques are based on following proven algorithms.

1. Blowfish

Blowfish is a symmetric block cipher for encrypting text with a variable key length. The variable-length key, ranges from 32 bits to 448 bits, making it ideal for both domestic and exportable use

2. DES

Data Encryption Standard (DES) is the name of the Federal Information Processing Standard, which describes the data encryption algorithm (DEA). DES has a 64-bit block size and uses a 56-bit key during execution (8 parity bits are stripped off from the full 64-bit key). DES is a symmetric cryptosystem, specifically a 16-round Feistel cipher.

3. Idea

IDEA is a block cipher that uses a 128-bit length key to encrypt successive 64-bit blocks of plaintext. The procedure is quite complicated using sub keys generated from the key to carry out a series of modular arithmetic and XOR operations on segments of the 64-bit plaintext block. The encryption scheme uses fifty-two 16-bit sub keys. These are generated from the 128-bit sub key.

4. AES

The Advanced Encryption Standard (AES) is a computer security standard for cryptography and encryption. AES uses a symmetric block cipher that encrypts and decrypts 128-bit blocks of data. AES supports key lengths of 128, and 256-bits.

5. TEA

Tiny Encryption Algorithm (TEA) is one of the fastest and most efficient cryptographic algorithms in existence. It encrypts 64 data bits at a time using a 128-bit key. It seems highly resistant to differential cryptanalysis, and achieves complete diffusion (where a one-bit difference in the plaintext will cause approximately 32-bit differences in the cipher text) after only six iterations.


6. DES3

Triple DES or DES-3 is an enhancement over the existing DES standard. DES-3 encrypts each block three times with the DES. The algorithm uses either two or three different 56-bit algorithm, using either two or three different 56-bit keys. This approach yields effective key lengths of 112 or 168 bits

7. Twofish

Twofish is a 128-bit block cipher, meaning that data is encrypted and decrypted in 128-bit chunks. Its conservative design allows the ability to trade off key setup time for encryption speed, as well as sacrificing smaller memory requirements to obtain greater encryption speed.

How to create encrypted databases with Daffodil DB

Users can create an encrypted database with Daffodil DB in two ways

1. Database creation by get connection method of JDBC 3.0.

User can encrypt a database to prevent any unauthorized access to data stored on a disk. Daffodil DB allows user to make use of above mentioned encryption algorithms. Encryption algorithms use a block of bytes as the secret key. The key length is algorithm-specific; popular algorithms use keys of 64,128, or 256 bits in length.

Important: Users need to set ENCRYPTIONSUPPORT property as true at time of creation of a
Daffodil DB database.

Example:
String url = "jdbc:daffodilDB_embeddedTUDENTDB;create=true";
String driver = "in.co.daffodil.db.jdbc.DaffodilDBDriver";
Properties prop = new Properties();
prop.setProperty("user","daisy");
prop.setProperty("password","daisy");
prop.setProperty("create","true");
prop.setProperty("ENCRYPTIONSUPPORT","true");
prop.setProperty("ENCRYPTIONALGO","tea");
prop.setProperty("ENCRYPTIONKEY","daisy");
Class.forName(driver);
java.sql.Connection con = DriverManager.getConnection(url,prop);

In the above stated example, a database named STUDENTDB is created which will be stored in
encrypted form using TEA encryption algorithm & encryption key is daisy.


2.[b] Using Daffodil DB Browser to create a database/b]


Open Daffodil DB browser


Choose create Database


Check the Encryption check box


Choose the encryption algorithm


Provide the encryption key




Modern Day businesses rely heavily on strategic information and they need to store and secure it. Daffodil DB encryption mechanism serves as an effective framework to maintain the consistency and safety of data.

For more information on Database encryption, you can contact us at support@daffodildb.com

Join Daffodil DB Online community at Daffodil DB Forums.


Disclaimer: Daffodil DB is a registered trademark of Daffodil Software Ltd. All other registered trademarks are a property of their respective organizations.