Multilevel Database Security for Android Using Fast Encryption Methods

Abstract


INTRODUCTION
Many organizations such as (institutions and companies) need to protect confidential information which is transmitted through networks or stored in a database because these organizations may be exposed to a financial, commercial and scientific loss or leakage of information.The loss rate varies based on the level of information or data that have been exposed to theft or intrusion.Thus, these organizations must protect their information which is stored in the databases.In fact, there are three classical methods to protect information in the databases [1]: physical protection, protection of the operating system and DBMS (Database Management System), These methods are not enough to protect information in the database for many reasons [2]: 1.
When the user has read permission only to access the data, he will access all data in the database.

2.
When the user has the permission to make a backup of the database, an intruder may access the data by getting a copy of the backup file thus, the system will lose the reliability.Many researchers used multiple classical methods to protect data, such as cryptography, data hiding and using passwords.These methods affect the efficiency of the system and require maintenance of the keys of encryption and passwords.Also, these methods waste time estimated by the complexity of encryption and decryption operations.These problems could

Al-Rafidain Journal of Computer Sciences and Mathematics (RJCM)
www.csmj.mosuljournals.combe solved by using Multi level Security (MLS).MLS regulates the users in security levels and each level has own level of security to handle the shared data among users.Today, most users deal with SQLite databases, through using smart mobile devices, this database may include confidential data, especially when using smartphone within smart cities environment.Smart cities include a set of data that is used to control the smart devices.This data must be stored in the databases and provided with protection.Due to the limited speed and small memory of the smart mobile devices, we need to build a simple and fast systems to protect data in database to enable these systems run on smart mobile devices efficiently.Ramzi and Natalie [3] introduced a new definition of a relational database model based on data confidential in the rows and temporary data which called Temporal Multilevel Secure Database (TMSDB).TMSDB integrates the characteristics of the temporal database model and the database security levels model.Abdulameer [4] introduced multilevel authentication method, which is considered necessary in sensitive system that contains a combination of security levels and data confidentiality.The proposed method divides the system into a set of security levels and checks the level of a user at each level to achieve reliability.Most levels include sub-security levels and define the security levels and data quality of each level by the Identity Manager (ID) that is responsible of user transferring between security levels in the system.Shmueli, Vaisenberg, Elovici and Glezer [5] described the main challenges in data encryption, key management, encryption overhead, and review related academic work on alternative encryption configuration pertaining to encryption locus; indexing encrypted data; and key management.They concluded their work with a benchmark using the following design criteria: encryption configuration, encryption granularity and key storage.Tzong-An and Hong-Ju [6] introduced a new mechanism of MLS based on Schema Level Classification.The security level in this mechanism depends on the tables and features in the databases that reduce the rules of inference and prevents the user from viewing the entire database.Kaur and Bhardwaj [7] proposed technique to improve the security in a cloud computing environment that increases the flexibility of security levels using encryption algorithms which are RSA, Random Number Generator and DES.BabuRaj and Babu [8] introduced a Schema that works to manipulate the database through the use of user levels and use of the master key to protect private key and private information.One of the disadvantages in master key scheme is that the authorized authorities cannot access database even with court search warrant.To overcome this disadvantage, key splitting method is introduced here.This scheme provides privileged access for designated authorities.Also, revocation list is maintained in the database to avoid unnecessary access when the user is revoked.Yanjun and Chin-Chen [2] provided a schema for encrypting the database by encrypting the rows based on the GART algorithm.After analysis, the presented schema proved to be more efficient than the one provided by Lin et al [9] with the same level of confidentiality.In this paper, fast and simple cryptography algorithms are suggested.These algorithms do not contain any explicit keys neither for encryption nor decryption process for both text and numbers.To investigate the performance of the proposed algorithms, the algorithms were applied to the stored data in SQLite databases that was loaded in a smart mobile based on multilevel database security principles.The rest of this paper includes: section 2 shows the Multilevel Security(MLS) that includes (definition of MLS, main goals of MLS, a comparison between traditional encryption methods with MLS).The proposed method has been offered in Section 3. Section 4 represents the conclusion.

Multilevel Security (MLS)
MLS was developed by US Military in 1970 [10], that is considered one of the computer applications that protects data in Operating Systems, Networks and Databases by classifying data and users to different security levels.Many organizations utilize MLS security during its operation, such that SELinux [11], Oracle Label Security (OLS)[12], MLChat[13] and cloud security [14].Actually, there are four levels of security: Top Secret (TS), Secret (S), Confidential (C), Unclassified (U).The user must be appointed to a propitiate level of security by the system administrator before processing and sharing the data.MLS was firstly used in military systems and later in reliable operating systems and databases, as well as in applications that operate on the network [15].MLS has two main goals 1) preventing unauthorized users from accessing data with high security levels 2) preventing users from changing security level of data [16].In implementation of MLS, traditional cryptographic methods have been used to protect important data, especially when the data is stored in the databases and shared by more than one user.Compared to conventional storage methods, all users can access data, non-repetition data as the number of users, also, provide data integrity and control access.Most encryption methods use keys in encryption and decryption processes.These methods need to manage keys and maintain their confidentiality and complexity.So, some researchers use another encryption method to protect these keys [8].The keys may need to be stored based on their size.Also, the algorithm should be used to distribute the keys safely such as the RSA algorithm.However, these methods are used to protect data in most systems, immediately.Using these methods in Android operating system, which runs on most mobile devices that have low-speed processor and a small memory, will be difficult when comes to processing large amounts of data and encryption every time, especially when dealing with database.Therefore, these systems need uncomplicated encryption methods that do not have keys.As a result, the management and distribution of keys will not be used.

Proposed System
In this research, new encryption methods are proposed, the main advantages of the proposed methods that they are easy and quick to implement.It contains an implicit key (extracted from plain text) so it is classified as substitution encryption algorithms because they replace the plain text characters by another's to produce the cipher text.

Encryption methods
The encryption process starts by converting the plain text to a set of characters.Then, encrypted each character by finding the encryption alphabetical from shifting the original alphabets base on the sequence of the character in the plain text.Later, taking the corresponding encryption character to the plain character.Encryption process applied according to the Eq. ( 1).Fig. 1 shows the flowchart of the encryption process.
Where C [] is an array holds Cipher text, and P [] is an array holds Plain text and I is character index in plain text or cipher text.
Fig. 2 shown an example for the text encryption.

Decryption methods
The decryption process starts in an opposite way to the encryption process by taking the cipher text then converting it to a set of characters.After that, decrypt the character by finding the decryption alphabetical from shifting the original alphabets base on the sequence of the character in the cipher text.The last step is taking the corresponding plain character to the cipher character.Decryption process is applied according to the Eq. ( 2).Fig. 3 shows the flowchart of decryption process.
Where C [] is an array holds Cipher text, and P [] is an array holds Plain text and I is character index in plain text or cipher text.Figure 4 shows an example for the text decryption.And to decrypt any number Eq. ( 4) is used.
Where C [] is an array holds Cipher number, and P [] is an array holds Plain number and I is a number index in plain number or cipher number.Figure 6 shows an example of number decryption.The proposed methods could be also deal with the real numbers.

Implementation Strategy of proposed System
The system is designed to control the access to the stored data in the SQLite database by using Multilevel security and this shown in Figure 7.
In order to deal with the encrypted stored data in the SQLite database by the user (system administrator / normal user), the user must pass through several levels of security, the first level represents login to the system, which includes inserting the user's name and password to verified user reliability.When the user login successfully, the system classifies the user either the system administrator (holds level 0) or the normal user (the level of 1 or 2).After that the user transfer to the next level of security.In the second level, the system administrator can manage the users, in addition to dealing with the system, while the normal user can be only able to access the stored data in the database that fall in its security level or the lower.Also, the user cannot delete or display the data that has higher security level than its security level.The last level includes displaying reports that include the query data from the database which appears in encrypted form to the user when the security level of data is higher than the security level of user, as outlined in Appendix A.

Conclusions
The proposed system provided high performance in multilevel database security with the following properties: Firstly, prevent users from switching between security levels.Secondly, prevent users from transferring data from one level to another, such as sending data from the upper level to the lower level and vice versa.Thirdly, Protect the data in the database from the access by unauthorized users even if they have a copy of the backup of database because of the ease and quick use of the proposed new encryption algorithms, in addition, it has an implicit key which make it a lightweight method, not need large storage space, robust and unbreakable by the cryptanalyst.a b which makes SQLite a useful tool for developers.SQLite is the smallest machine to manage databases and has the following characteristics [18]: 1-Serverless (the process that wants to access the database reads and writes directly from the database files on disk.There is no intermediary server process).
2-Self-Contained (it requires very little support from the operating system).
4-Transactional (all changes and queries are Atomic, Consistent, Isolated and Durable (ACID)).

A.3. Implementation
Initially, two tables are created in the database.The first one included information about the users of the system (system administrator or normal user) as shown in Table 1, which contains the following fields (User ID, User Name, Password, Privilege).The second table includes employee information as shown in Table 2, which contains the following fields (Employ ID, Employ name, Salary, Address, Row privilege).We noticed that the fields (Salary, Address) contain encrypted data and the field (Row privilege) is not visible to users and take the same level of security to the user who inserted it.when the Multilevel Database System is executed, the first interface of the system appears as shown in Fig.
A-1-a, which includes Login information to the system by using the username and password.

Figure 5 Fig. 5 .
Figure 5 shows an example to encrypt a number.

Table 1 .
Information of System's users

Table 2 .
Employee information