Research Article
BibTex RIS Cite

Using Record Level Encryption for Securing Information in Classified Information Systems

Year 2018, , 207 - 224, 17.05.2018
https://doi.org/10.28978/nesciences.424677

Abstract

Information technology (IT) systems have great potential to improve the efficiency and methods
of operation in each government organization, providing added convenience and flexibility.
Currently, most of government law enforcement agencies have digitized their methods of work
by advancing their user services. With this new approach, have come new threats, therefore, it is
necessary to develop and implement standard policies to enhance information security and
privacy on all classified information systems. In this paper a novel solution is presented for
protection of information up to the record level encryption by applying the Advanced Encryption
Standard (AES) algorithm using derived symmetric master key. The master key is unique per
each record and is calculated in the client application. The uniqueness of the derived master key
is assured by applying the exclusive or operation of the key of each record and the unique key of
the client. Furthermore, this paper includes a critical approach on existing cryptographic methods
and proposes additional methods to protect information, such us authentication, access control,
and audit.

References

  • Arshad, N.H. , Shah, S.N.T , Mohamed, A. , Mamat, A.M. (2007) ‘The Design and Implementation of Database Encryption’, International Journal of Applied Mathematics and Informatics, Vol. 1 Iss. 3, pp. 115-122.
  • Aarthi, G. and Ramaraj, E. (2012) ‘A Novel Encryption approach in Database Securit’, International Journal of Computer& Organization Trends, Vol. 2 Iss. 1, pp. 16-20.
  • Albarqi, A., Alzaid, E., Al Ghamdi, F., Asiri, S. and Kar, J. (2015) ‘Public Key Infrastructure: A Survey’, Journal of Information Security, Vol.06 No. 01, pp. 31-37.
  • Bouganim, L. and Guo, Y. (2009) ‘Database encryption. Encyclopedia of cryptography and security’, pp. 1-9.
  • Department of Defense (2004) DoD Personnel Identity Protection (PIP) Program, Directive Number 1000.25.
  • European Commission (2015). Commission Decision (EU, Euratom) 2015/444 on the security rules for protecting EU classified information, Brussel.
  • European Commission (2016). EU eGovernment Action Plan 2016-2020: Accelerating the digital transformation of government, Brussel. http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=15268 (Accessed 11 January 2018).
  • Harris, S. (2010) Certified Information Systems Security Professional (CISSP) Exam Guide, 5th Edition.
  • Huey, P. (2017) Oracle Database Advanced Security Guide, 12c Release 1 (12.1), Oracle, E50333-16.
  • Josefsson, S. (2006). The Base16, Base32, and Base64 Data Encodings. RFC 4648 (Proposed Standard), http://www.ietf.org/rfc/rfc4648.txt (Accessed 2 December 2017).
  • Lowy, J. and Montgomery, M. (2015) Programming WCF Services: Design and Build Maintainable Service-Oriented Systems, 4th Edition.
  • Menezes, A. , Oorschot, P.V. and Vanstone, S. (1997) ‘Handbook of Applied Cryptography’, CRC Press, pp. 1-48.
  • Mattsson, Ulf T. (2005) ‘Database Encryption - How to Balance Security with Performance’ [online] at SSRN: https://ssrn.com/abstract=670561 or http://dx.doi.org/10.2139/ssrn.670561 (Accessed 11 December 2017)
  • Mahajan, A., Verma, A. and Pahuja, D. (2014) ‘Smart Card: Turning Point of Technology’, International Journal of Computer Science and Mobile Computing, Vol. 3 Iss. 10, pp. 982–987.
  • Microsoft. [Online] https://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes(v=vs.110).aspx (Accesed 25 December 2017).
  • Javamex. ‘Comparison of ciphers’, [Online] http://www.javamex.com/tutorials/cryptography/ciphers.shtml (Accessed on 12 December 2017).
  • National Security Agency, Central Security Service (2017) Information Assurance Capabilities - Data at Rest Capability Package, Version 3.8.
  • Oswal, S., Singh, A. and Kumari, K. (2016) ‘Deflate Compression Algorithm’, International Journal of Engineering Research and General Science, Vol.4 Issue 1. pp. 430-436.
  • Rexha, B., Lajqi, H. and Limani, M. (2010) ‘Implementing Data Security in Student Lifecycle Management System at the University of Prishtina’, Journal Transaction on Information Science and Application, Vol. 7 Iss. 7, pp. 965-974.
  • Rexha, B., Halili, A., Rrmoku, K. and Imeraj, D. (2015) ‘Impact of secure programming on web application vulnerabilities’, IEEE International Conference on Computer Graphics, Vision and Information Security, KIIT University, Bhubaneswar, Odisha, India.
  • Varga, S., Cherry, D., D'Antoni, J. (2016) Introducing Microsoft SQL Server 2016: Mission-Critical Applications, Deeper Insights, Hyperscale Cloud, Microsoft Press, Redmond, Washington.
Year 2018, , 207 - 224, 17.05.2018
https://doi.org/10.28978/nesciences.424677

Abstract

References

  • Arshad, N.H. , Shah, S.N.T , Mohamed, A. , Mamat, A.M. (2007) ‘The Design and Implementation of Database Encryption’, International Journal of Applied Mathematics and Informatics, Vol. 1 Iss. 3, pp. 115-122.
  • Aarthi, G. and Ramaraj, E. (2012) ‘A Novel Encryption approach in Database Securit’, International Journal of Computer& Organization Trends, Vol. 2 Iss. 1, pp. 16-20.
  • Albarqi, A., Alzaid, E., Al Ghamdi, F., Asiri, S. and Kar, J. (2015) ‘Public Key Infrastructure: A Survey’, Journal of Information Security, Vol.06 No. 01, pp. 31-37.
  • Bouganim, L. and Guo, Y. (2009) ‘Database encryption. Encyclopedia of cryptography and security’, pp. 1-9.
  • Department of Defense (2004) DoD Personnel Identity Protection (PIP) Program, Directive Number 1000.25.
  • European Commission (2015). Commission Decision (EU, Euratom) 2015/444 on the security rules for protecting EU classified information, Brussel.
  • European Commission (2016). EU eGovernment Action Plan 2016-2020: Accelerating the digital transformation of government, Brussel. http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=15268 (Accessed 11 January 2018).
  • Harris, S. (2010) Certified Information Systems Security Professional (CISSP) Exam Guide, 5th Edition.
  • Huey, P. (2017) Oracle Database Advanced Security Guide, 12c Release 1 (12.1), Oracle, E50333-16.
  • Josefsson, S. (2006). The Base16, Base32, and Base64 Data Encodings. RFC 4648 (Proposed Standard), http://www.ietf.org/rfc/rfc4648.txt (Accessed 2 December 2017).
  • Lowy, J. and Montgomery, M. (2015) Programming WCF Services: Design and Build Maintainable Service-Oriented Systems, 4th Edition.
  • Menezes, A. , Oorschot, P.V. and Vanstone, S. (1997) ‘Handbook of Applied Cryptography’, CRC Press, pp. 1-48.
  • Mattsson, Ulf T. (2005) ‘Database Encryption - How to Balance Security with Performance’ [online] at SSRN: https://ssrn.com/abstract=670561 or http://dx.doi.org/10.2139/ssrn.670561 (Accessed 11 December 2017)
  • Mahajan, A., Verma, A. and Pahuja, D. (2014) ‘Smart Card: Turning Point of Technology’, International Journal of Computer Science and Mobile Computing, Vol. 3 Iss. 10, pp. 982–987.
  • Microsoft. [Online] https://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes(v=vs.110).aspx (Accesed 25 December 2017).
  • Javamex. ‘Comparison of ciphers’, [Online] http://www.javamex.com/tutorials/cryptography/ciphers.shtml (Accessed on 12 December 2017).
  • National Security Agency, Central Security Service (2017) Information Assurance Capabilities - Data at Rest Capability Package, Version 3.8.
  • Oswal, S., Singh, A. and Kumari, K. (2016) ‘Deflate Compression Algorithm’, International Journal of Engineering Research and General Science, Vol.4 Issue 1. pp. 430-436.
  • Rexha, B., Lajqi, H. and Limani, M. (2010) ‘Implementing Data Security in Student Lifecycle Management System at the University of Prishtina’, Journal Transaction on Information Science and Application, Vol. 7 Iss. 7, pp. 965-974.
  • Rexha, B., Halili, A., Rrmoku, K. and Imeraj, D. (2015) ‘Impact of secure programming on web application vulnerabilities’, IEEE International Conference on Computer Graphics, Vision and Information Security, KIIT University, Bhubaneswar, Odisha, India.
  • Varga, S., Cherry, D., D'Antoni, J. (2016) Introducing Microsoft SQL Server 2016: Mission-Critical Applications, Deeper Insights, Hyperscale Cloud, Microsoft Press, Redmond, Washington.
There are 21 citations in total.

Details

Primary Language English
Subjects Computer Software
Journal Section 3
Authors

Blerim Rexha This is me

Halil Sadiku This is me

Bujar Krasniqi This is me

Publication Date May 17, 2018
Submission Date January 20, 2018
Published in Issue Year 2018

Cite

APA Rexha, B., Sadiku, H., & Krasniqi, B. (2018). Using Record Level Encryption for Securing Information in Classified Information Systems. Natural and Engineering Sciences, 3(2), 207-224. https://doi.org/10.28978/nesciences.424677

                                                                                               We welcome all your submissions

                                                                                                             Warm regards,
                                                                                                      


All published work is licensed under a Creative Commons Attribution 4.0 International License Link . Creative Commons License
                                                                                         NESciences.com © 2015