Chapter 19 Security

1
Chapter 19Security

• Integrity
• Security
• Control
• computer-based
• non-computer-based
• PC security
• DBMS and Web security
• Risk Analysis
• Data protection and privacy laws

2
Integrity

• Definition
• Consistent with constraints
• Types
• Entity
• Referential or existence
• Domain
• Enterprise

3
Security

• Threats
• Theft fraud
• Loss of confidentiality
• Loss of privacy
• Loss of integrity
• Loss of availability

4
Countermeasures

• Computer-based controls
• Non-computer-based controls

5
Computer-based Controls - 1

• Authorization authentication
• Password
• Account number
• Relations, users right (CRUD) table
• Subschema
• Create views

6
Computer-based Controls - 2

• Logs
• Transaction logs
• Violation logs (time, terminal, violation)
• Check points
• Backup (redundant array of independent disks -
  RAID) recovery
• Audit

7
Computer-based Controls - 3

• Encryption or cryptosystem
• Encryption key
• Encryption algorithm
• Decryption key
• Decryption algorithm
• Symmetric encryption (Data Encryption Standard
  (DES)
• Asymmetric encryption (RSA)

8
Example of Encryption - I

• Divide text into groups of 8 characters. Pad
  with blank at end as necessary
• Select an 8-characters key
• Rearrange text by interchanging adjacent
  characters
• Translate each character into an ordinal number
  with blank as 0, A as 1, B as 2
• Add the ordinal number of the key to the results
• Divide the total by 27 and retain the remainder
• Translate the remainder back into a character to
  yield the cipher text

9
Example of Encryption - II

• Message DATA COM
• Key PROTOCOL
• A D A T C M O
• 01 04 01 20 03 00 13 15 (adatc mo)
• 01 04 01 20 03 00 13 15
• 16 18 15 20 15 03 15 12 (protocol)
• 17 22 16 40 18 03 28 27 (sum)
• 17 22 16 13 18 03 01 00 remainder
• Q V P M R C A SPACE

10
Example of Decryption - I

• Divide cipher text into groups of eight
  characters. Pad with blanks at end as necessary
• Translate each cipher text alphabetic character
  and the encryption key into an ordinal number
• For each group, subtract the ordinal number of
  the key value from the ordinal number of the
  cipher text
• Add 27 to any negative number
• Translate the number back to alphabetic
  equivalents
• Rearrange the text by interchanging adjacent
  characters

11
Example of Decryption - II

• Q V P M R C A SPACE
• 17 22 16 13 18 03 01 00 (qvpmrca )
• 17 22 16 13 18 03 01 00
• 16 18 15 20 15 03 15 12 (protocol)
• 01 04 01 -7 03 00 -14 -12 (substract)
• plus 27 27 27 27
• 01 04 01 20 03 00 13 15
• A D A T C M O
• D A T A C O M

12
Non-Computer-based Controls

• Security policy
• Contingency plan
• Person, phone no., procedures
• Site (cold, warm, or hot)
• Personnel control
• Reference
• Termination
• Training
• Balance of duty
• Escrow maintenance agreements
• Physical

13
PC Security

• Policy procedure
• Physical
• Logical
• Virus

14
DBMS and Web Security

• Proxy server performance filtering
• Firewall packet filter, application gateway,
  circuit level gateway, proxy server
• Digital signatures Certificate Authority (CA)
• Message digest algorithms and digital signature
• Kerberos centralized security server
  (certificate server
• Secure Sockets Layer (SSL) for data Secure HTTP
  for individual message
• Secure Electronic Transaction (SET) for credit
  card Secure Transaction Technology (STT) for
  bank payment

15
Risk Analysis

• Assets
• Threats and risks
• Countermeasures
• Cost/benefit analysis
• Testing

16
Data Protection Privacy Law
17
Assignment

• Review chapters 5-6, 11-13, and 18
• Read chapter 19
• Exam 3
• Date 12/9/04
• Project
• Normalization and Corrected EER diagram due date
  12/2/04
• SQL, corrected normalization, and EER diagram due
  date 12/15/04 (MIS Department Office)