International Core Journal of Engineering 2020-26 | Page 75

4) The SQL operations on the encrypted data are
performed in the database.
set rows. When the result us different from null, it gets a data
set D nm .
5) The DBMS server sends the encrypted response to the
proxy server.
§ a 11 ... a 1 m ·
¨
¸
¨ ... ... ... ¸ .
¨ a ... a ¸
nm ¹
© n 1
6) The proxy server decrypts the response received from
the database.
7) The proxy server sends the decrypted response to the
user’s application server.
(3)
When the operations are delete, insert or update, the
database only returns the number of rows affected or null.
Table 1 shows the algorithms adopted 3DES and FPE with
their percentages of improvements, obtained from the
references; for to estimate the improvement of the abstract
algorithm, standard deviation was applied, a 26.5% increase
in its performance was obtained.
TABLE I. A LGORITHM IMPROVEMENT .
Algorithm
Time compared Amount of data Improvement
3DES
8 rounds in 1
2.99 Gbps
13%
FPE
7 rounds
1 million records
66%
Abstract algorithm
26.5%
Possible limitations of the proposed scheme:
x It would not support new SQL operations.
x It would not support direct operations on the database.
x The request and response must be passed through a
proxy server.
Fig. 2. Proposal of abstract algorithm.
Prototype algorithm using Flow diagram techniques of a
database with distributed environment
x The encryption and decryption time increases
according to the volume of data.
In the step 4 of the algorithm in Fig. 2, the tasks of SQL
operations are expressed as in the following mathematical
based:
x The data selection process takes more time on
encrypted data.
IV. D ISCUSSION
Delete Insert Select Update
A i v i A i t j A i v i
p ,t
update, i is independent of j . This document presented the descriptive analysis of 18
security works for databases in distributed environments.
With the researches reviewed it turned out an alternative of
security of a database: a basic scheme and generalized abstract
algorithm, the technique of flowcharts was used to present it.
In the basic scheme, a 3-level architecture was adopted, which
a database encryption model is obtained from the researches.
At the proxy server level, the 3DES algorithm was adopted for
the requests and responses to the database; at the DBMS
server level, SQL and FPE-based encryption algorithms were
adopted; these algorithms are related to the researches.
In step 6 of the algorithm in Fig. 2, only when the
requested operation was a SELECT was a data set obtained;
each returned record must be deciphered in the following
mathematical based: As future work is planned: the definition of adequate
parameters to increase the security of a distributed database.
M – i
n
1
–
m
j 1
t
p
p , t
.
(1)
Where: M is the number of sites distributes, n is the
number of attributes to insert or update, m is the number of
tables to be selected, A i is an attribute of a table, t j is one of
the tables to be selected, P is a predicate or condition, t is a
table to delete, insert or update, v i is a value to insert or
n
– i
v  D
V. F UTURE W ORKS AND C ONCLUSIONS
It was concluded that the basic scheme and abstract
algorithm presented as an alternative to control access to
resources, it gives reasonable security to a database in a
distributed environment. The proposed scheme and algorithm
are independent of the relative security offered by the DDB.
The access control that is intended is independent of the rights
relative to the user. The proposal is not an absolute security
alternative, with its inherent limitations we think of
V v i V 1 v 1 , V 2 v 2 , V n v n
1
i
(2)
Where: V is the decryption operation, v is a row or
vector, D is the data set or vectors, n is the number of data
53