Using Record Level Encryption for Securing Information in Classified Information Systems
Using Record Level Encryption for Securing Information in Classified Information Systems
Information technology (IT) systems have great potential to improve the efficiency and methods
of operation in each government organization, providing added convenience and flexibility.
Currently, most of government law enforcement agencies have digitized their methods of work
by advancing their user services. With this new approach, have come new threats, therefore, it is
necessary to develop and implement standard policies to enhance information security and
privacy on all classified information systems. In this paper a novel solution is presented for
protection of information up to the record level encryption by applying the Advanced Encryption
Standard (AES) algorithm using derived symmetric master key. The master key is unique per
each record and is calculated in the client application. The uniqueness of the derived master key
is assured by applying the exclusive or operation of the key of each record and the unique key of
the client. Furthermore, this paper includes a critical approach on existing cryptographic methods
and proposes additional methods to protect information, such us authentication, access control,
and audit.
Keywords:
Information security, Privacy, Encryption Decryption, Access control, Audit,
___
- Arshad, N.H. , Shah, S.N.T , Mohamed, A. , Mamat, A.M. (2007) ‘The Design and Implementation of Database Encryption’, International Journal of Applied Mathematics and Informatics, Vol. 1 Iss. 3, pp. 115-122.
- Aarthi, G. and Ramaraj, E. (2012) ‘A Novel Encryption approach in Database Securit’, International Journal of Computer& Organization Trends, Vol. 2 Iss. 1, pp. 16-20.
- Albarqi, A., Alzaid, E., Al Ghamdi, F., Asiri, S. and Kar, J. (2015) ‘Public Key Infrastructure: A Survey’, Journal of Information Security, Vol.06 No. 01, pp. 31-37.
- Bouganim, L. and Guo, Y. (2009) ‘Database encryption. Encyclopedia of cryptography and security’, pp. 1-9.
- Department of Defense (2004) DoD Personnel Identity Protection (PIP) Program, Directive Number 1000.25.
- European Commission (2015). Commission Decision (EU, Euratom) 2015/444 on the security rules for protecting EU classified information, Brussel.
- European Commission (2016). EU eGovernment Action Plan 2016-2020: Accelerating the digital transformation of government, Brussel. http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=15268 (Accessed 11 January 2018).
- Harris, S. (2010) Certified Information Systems Security Professional (CISSP) Exam Guide, 5th Edition.
- Huey, P. (2017) Oracle Database Advanced Security Guide, 12c Release 1 (12.1), Oracle, E50333-16.
- Josefsson, S. (2006). The Base16, Base32, and Base64 Data Encodings. RFC 4648 (Proposed Standard), http://www.ietf.org/rfc/rfc4648.txt (Accessed 2 December 2017).
- Lowy, J. and Montgomery, M. (2015) Programming WCF Services: Design and Build Maintainable Service-Oriented Systems, 4th Edition.
- Menezes, A. , Oorschot, P.V. and Vanstone, S. (1997) ‘Handbook of Applied Cryptography’, CRC Press, pp. 1-48.
- Mattsson, Ulf T. (2005) ‘Database Encryption - How to Balance Security with Performance’ [online] at SSRN: https://ssrn.com/abstract=670561 or http://dx.doi.org/10.2139/ssrn.670561 (Accessed 11 December 2017)
- Mahajan, A., Verma, A. and Pahuja, D. (2014) ‘Smart Card: Turning Point of Technology’, International Journal of Computer Science and Mobile Computing, Vol. 3 Iss. 10, pp. 982–987.
- Microsoft. [Online] https://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes(v=vs.110).aspx (Accesed 25 December 2017).
- Javamex. ‘Comparison of ciphers’, [Online] http://www.javamex.com/tutorials/cryptography/ciphers.shtml (Accessed on 12 December 2017).
- National Security Agency, Central Security Service (2017) Information Assurance Capabilities - Data at Rest Capability Package, Version 3.8.
- Oswal, S., Singh, A. and Kumari, K. (2016) ‘Deflate Compression Algorithm’, International Journal of Engineering Research and General Science, Vol.4 Issue 1. pp. 430-436.
- Rexha, B., Lajqi, H. and Limani, M. (2010) ‘Implementing Data Security in Student Lifecycle Management System at the University of Prishtina’, Journal Transaction on Information Science and Application, Vol. 7 Iss. 7, pp. 965-974.
- Rexha, B., Halili, A., Rrmoku, K. and Imeraj, D. (2015) ‘Impact of secure programming on web application vulnerabilities’, IEEE International Conference on Computer Graphics, Vision and Information Security, KIIT University, Bhubaneswar, Odisha, India.
- Varga, S., Cherry, D., D'Antoni, J. (2016) Introducing Microsoft SQL Server 2016: Mission-Critical Applications, Deeper Insights, Hyperscale Cloud, Microsoft Press, Redmond, Washington.
- ISSN: 2458-8989
- Başlangıç: 2015
- Yayıncı: Cemal TURAN
Sayıdaki Diğer Makaleler
Tajudeen O. ADEEKO, Nordiana M. MUZTAZA, Taqiuddin M. ZAKARİA, Nurina ISMAİL
Analysing Sea Surface Temperature Change in Gulf of Iskenderun from 1982 to 2015
Mehmet Ugur GUCEL, Abdulla SAKALLI
The Potential Anti-Diabetic Effects of Some Plant Species
Celal GÜVEN, Eylem TAŞKİN, Salih Tunç KAYA, Yusuf SEVGİLER
An Intelligent Software for Measurements of Biological Materials: BioMorph
Deniz AYAS, Gulsemin SEN AGILKAYA, Ali Rıza KOSKER, Mustafa DURMUS, Yılmaz UCAR, Mısra BAKAN
First Record Marbled Shrimp Saron marmoratus (Olivier, 1811) from Turkish Marine Waters
Deniz ERGUDEN, Necdet UYGAR, Onur AYAN, Mevlüt GÜRLEK, Ali UYAN, Serpil KARAN, Servet DOĞDU, Cemal TURAN
Effects of Clinoptilolite on Copper Accumulation of Oreochromis niloticus
Nuray ÇİFTÇİ, Fahri KARAYAKAR, Bedii CİCİK
Cem ÇEVİK, Sedat GÜNDOĞDU, Sibel ALAGÖZ ERGÜDEN
Deniz ERGÜDEN, Mevlüt GÜRLEK, Sibel ALAGÖZ ERGÜDEN, Cemal TURAN