Some approach to data masking as means to counteract the inference threat
DOI:
https://doi.org/10.30837/rt.2019.3.198.09Keywords:
Data Security, Database, Data Masking, Sensitive DataAbstract
The goal of the article is to reveal the essence of some approach to data masking stored in the database as a means to counteract the inference threat. This approach is based on the principles of random permutation of the elements of a data field of the row column of the production database table data and dynamic masking. A distinctive feature of the proposed solution is the approach to the process of data shuffling, namely, shuffling data value elements within the demanded row field. It is possible to mask both an entire value of the field of the table row column and its part using this solution. The proposed approach differs from most of the typical commercial tools for masking sensitive data in that a preliminary physical change of sensitive data is made in the production database, and a user who has the appropriate rights can cancel these changes if it is necessary. The legitimate user in the proposed approach gets access to sensitive data due to the ability to transform (rewrite) the query “on the fly”, and the attacker can only read the previously modified data that is stored in the database. The proposed approach to data masking can be used in both production and non-production databases, expanding the possibilities of so-called static data masking.References
Sandhu R. S., Jajodia S. (1993) Data and database security and controls // Handbook of information security management. Auerbach Publishers, pp. 481-499.
Kulkarni S., Urolagin S. (2012) Review of attacks on databases and database security techniques // International Journal of Emerging Technology and Advanced Engineering, 2(11), pp. 2250-2459.
Top ten database security threats. The most significant risks of 2015 and how to mitigate them, Imperva Whitepaper, 2015 [Electronic resource]. Access mode : https://informationsecurity.report/Resources/Whitepapers/e763d022-6ee4-4215-9efd-1896b0d9c381_wp_topten_database_threats%20imperva.pdf, last accessed 2019/09/01.
Rohilla S., Mittal P. K. (2013) Database Security: Threads and Challenges // International Journal of Ad-vanced Research in Computer Science and Software Engineering, 3(5), pp. 810–813.
Top 5 Database Security Threats, Imperva Whitepaper, 2016 [Electronic resource]. Access mode: https://www.imperva.com/docs/gated/WP_Top_5_Database_Security_Threats.pdf, last accessed 2019/09/01.
Infowatch. Analytics. Digests and Reviews. Over 12 years, more than 30 billion personal data records have leaked [Electronic resource]. Access mode : https://www.infowatch.ru/analytics/digest/15281, last accessed 2019/09/01. (in Russian)
Global research on confidential information leaks in 2018, Analytical center InfoWatch, 2019 [Electronic resource]. Access mode: https://www.infowatch.ru/sites/default/files/report/analytics/russ/InfoWatch_Global_Report_2018_year.pdf?rel=1, last accessed 2019/09/01. (in Russian)
Pfleeger C. P., Pfleeger S. L., Margulies J. (2015) Security in Computing (Fifth Edition). Prentice Hall, 944 p.
Wang L., Jajodia S. (2008) Security in Data Warehouses and OLAP systems // Handbook of Database Security, Springer, Boston, MA, pp. 191-212.
Zavgorodniy V. I. (2001) Complex information protection in computer systems. M. : Logos, PBOYUL N.A. Egorov, 264 p. (in Russian).
Mayer-Schonberger V., Cukier K. (2013) Big Data: A Revolution That Will Transform How We Live, Work and Think. Canada, Eamon Dolan/Houghton Mifflin Harcourt, 242 p.
Gartner IT Glossary [Electronic resource]. Access mode : https://www.gartner.com/it-glossary/dynamic-data-masking-ddm, last accessed 2019/09/01.
A Net 2000 Ltd. White Paper. Data masking: What You Need to Know Before You Begin [Electronic resource]. Access mode : http://www.datamasker.com/DataMasking_WhatYouNeedToKnow.pdf, last accessed 2019/09/01.
Data Masking and Subsetting Guide [Electronic resource]. Access mode : https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dmksb/introduction-to-oracle-data-maksing-and-subsetting.html#GUID-24B241AF-F77F-46ED-BEAE-3919BF1BBD80, last accessed 2019/09/01.
Santos R. J., Bernardino J., Vieira M. A. (2011) Data masking technique for data warehouses // Proceedings of the 15th Symposium on International Database Engineering & Applications, ACM, pp. 61-69.
Yesin V. I. (2018) Invariant to subject domains database schema and its distinctive features // Radiotekhnika : 193, pp. 133-142 (in Russian)
Yesin V. I., Yesina M. V., Rassomakhin S. G., Karpinski M. (2018) Ensuring Database Security with the Universal Basis of Relations // Saeed K., Homenda W. (eds) Computer Information Systems and Industrial Management. CISIM 2018. Lecture Notes in Computer Science, 11127, Springer, Cham, Chapter 42, pp. 510-522.
Tirosh A., Meunier M. (2015) Magic Quadrant for Data Masking Technology, Worldwide Published: 22 December 2015 ID: G00273093 [Electronic resource]. Access mode : https://docplayer.net/12460751-Magic-quadrant-for-data-masking-technology-worldwide.html, last accessed 2019/09/01.
Dworkin M. (2019) Recommendation for block cipher modes of operation. Methods for format-preserving encryption // Draft NIST Special Publication, № 800-38G Revision 1 [Electronic resource]. Access mode : https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38Gr1-draft.pdf, last accessed 2019/09/01.
Schneier B. (1996) Applied cryptography: protocols, algorithms, and source code in C (2nd edition), John Wiley & Sons, Inc., 758 p.
Mao W. (2003) Modern Cryptography: Theory and Practice. Prentice Hall PTR, 707 p.
Shannon C. (1949) Communication Theory of Secrecy Systems // Bell System Technical Journal, 28(4), pp. 656-715.
Ferguson N., Schneier B. (2003) Practical cryptography. New York, Wiley, 432 p.
Knuth, D. E., (1997) The Art of Computer Programming, Volume 1: Fundamental Algorithms (3rd ed.), Addison-Wesley Professional, 650 p.
Fisher R. A, Yates F. (1948) Statistical Tables for Biological, Agricultural and Medical Research (3rd Edition). Edinburgh and London, 13(3), pp.26-27.
Durstenfeld R. (1964) Algorithm 235: Random permutation // Communications of the ACM, 7(7), pp. 420.
Bacher A., Bodini O., Hollender,A., Lumbroso J., (2018) Merge Shuffle: a very fast, parallel random permutation algorithm // Proceedings of the 11th International Conference on Random and Exhaustive Generation of Combinatorial Structures Athens, Greece, June 18-20, CEUR-WS.org/Vol-2113, pp. 43-52.
Knuth D. E. (1997) The Art of Computer Programming, Volume 2: Seminumerical Algorithms (3rd ed.). Addison-Wesley, Reading, MA, 762 p.
Press W. H., Flannery B. P., Teukolsky S. A., Vetterling W. T. (1992) Numerical Recipes in C: The Art of Scientific Computing (Second Edition). Cambridge University Press, 994 p.
Marsaglia G. (2003) Xorshift rngs // Journal of Statistical Software, 8(14), pp. 1-6.
Press W. H., Teukolsky S. A., Vetterling W. T. (2007) Flannery B. P. Numerical Recipes: The Art of Scientific Computing (3rd ed.). New York, Cambridge University Press, 1235 p.
Patent No. 2,950,048, United States, Computer for Verifying Numbers / H. P. Luhn, Armonk, N.Y., assignor to International Business Machines Corporation, New York, N.Y., a corporation of New York. Ser. No. 402,491; Aug. 23, 1960.
Bacher A., Bodini O., Hwang H. K., Tsai T. H. (2017) Generating random permutations by coin tossing: Classical algorithms, new analysis, and modern implementation, ACM Transactions on Algorithms, 13(2), 43 p.
Ravikumar G. K., Justus R., Ravindra S. H., Manjunath T. N., Archana R. A. (2011) Experimental study of various data masking techniques with random replacement using data volume // International Journal of Computer Science and Information Security, 9(8), pp.154-158.
Downloads
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).