Databases and Security Aspects
Computer Science Department
Virtual University, Pakistan
database is a particular set of distributed systems. The vast use of mobile
devices there are security challenges due to the distributed nature of the
mobile database application and the hardware constraints of cellular gadgets.
Now a day’s mobile computing is developing very fast and due to the fast
development of Information technology has offered many opportunities for
incorporated business operations. In mobile
databases new risks
are caused by the mobility of user’s portability of computers and the wireless
links which include dynamics resource dependencies and extra information to
make sure the communication. There are
different mobile database security threats which occur for mobile database in
the real world and gives possible solution to eliminate these security threats.
database security, security vulnerabilities, distributed database, Transaction
A mobile database is a
database that can be connected to by a mobile computing device over a wireless
mobile network. Mobile databases are
physically separate from the central database server and resided on mobile
devices. They are capable of communicating with a central database server or
other mobile clients from remote sites. Mobile databases handle local queries
Now a day’s the mobile devices are
increasingly becoming usual so the networking and computational power of mobile
devices is regularly growing and the new technologies are included into them to
support new services and functionalities of mobile devices. In mobile transmission
or communication the wireless medium is available to all and the attackers can
easily access the network and the database becomes more vulnerable (weak) for
the user and the fundamental computer that located distributed database on it. The
sorting database security is a critical operation that a company should enhance
in order to run its activities easily 1 2. It is a purposeful attempt to defend
an organization data against threats such as unintentional or intended loss damage.
Threats create a challenge to the organization in the way of reliability of the
data and access to the data. Threat can also result from indefinable loss such
as hardware theft or subtle loss such as the loss of assurance in the
A mobile database is a
database that can be connected to by a mobile computing device. Over a mobile
network the client and server have wireless connections so the cache is
maintained to grasp regular data and transactions. They are not lost due to
connection failure in the process. The database is a planned way to arrange
information. Mobiles, laptops and PDAs are used vastly and will increase in the
future having more applications in the mobile devices.
purpose of this document is to
produce data to
users and organizations on the
safety capabilities of worldwide ability for mobile info system and
supply recommendations on securing mobile info technologies effectively to users and
organizations using them.
Security support is necessary for
any info system. of these activities are rampant because of electronic commerce
as critical convectional
trade involving physical merchandise.
Mobile Devices Security
The analysis field for secure
mobile database is new growing and is disorganized. What’s occurring is that analysis tired secure information access models, and separate analysis tired optimum mobile database design square measure bit by bit coming back along into rising analysis on secure mobile database design.
is a crucial topic for
Mobile Application Developers. On the safety pattern of explicit devices,
applications would possibly have to be compelled to be signed
with either a confidential or unprivileged credential. The language applications, it’s additionally vital to grasp the impact of applications
on 1-tier and 2-tier secure devices 3. Particularly on a 2-tier security pattern, unprivileged
and unsigned applications
have limited access to device resources etc.
Mobile devices Security
model summarized as follow:
Remote Access Security:
The Remote API (RAPI)
control through Active Synchronization and controls what desktop applications
can do on the device.
Application Execution Security:
security is applies to code execution. This controls the applications that can
run on the device and controls what applications can do.
Device Configuration Security:
configuration security can applies to device management security. This controls
can access to specific device settings and controls the level of access to
For the mobile devices person
verification is the primary line of protection for cellular and handheld
devices inclusive of personal digital assistants and other handheld devices.
The verification determines and verifies the identity of a person inside the
system, i.e., offering an answer to the query: “who is the user?” the traditional
verification mechanisms depend on retaining a centralized database of person
identities, making it hard to validate customers in a specific administrative
area as known 4. The mechanism for imparting safety in mobile tool is a
trouble for each system supplying secure get right of entry to treasured,
non-public facts, or personalized services and difficulty right here is the validation
method need to be allotted, and the diverse components of the authenticator
want to speak with one another to validate a user so In centralized situation
the process of verifier needs to have information about the persons who uses
the system. Hence there are three basic authentication means through which an
individual person may verify his uniqueness.
An individual data
An individual POSSESSES
An individual Intermediate System
The mobile device user want solely verify him to the primary device he logs
into which device
passes the verification information to every of the opposite devices then the
user will to access
the devices. Devices theme needs that every one of the devices on
the network square measure capable
of faithfully managing
this verification information.
Consistency efforts like Open
System environment (OSE), Portable Operating Interface
(POSIX) and Government Open Systems Interconnection Profile (GOSIP) will give to the present goal of clear verification across
networks and other resources.
The rising affiliation of traveling users to company information bases to
create personal information offered to mobile users introduce
new threats on data privacy and privacy. One resolution is taken
into account that referred
to as C-SDA that permits querying encrypted information whereas dominant personal privileges. C-SDA could be client-based security element acting as associate incorrupt intercessor between
a clients associated an
encrypted information so element is embedded into a sensible card to stop any change of state to occur on
the shopper facet it’s higher to infix the user’s
confidential information into
her own mobile device.
for their restriction in
terms of storage capability
and even these devices can’t be
totally sure as a result of they will be taken, lost or destroyed 5. In our own way to supply confidentiality is thru coding, either exploitation the general public key of the
receiving principal or employing a combined isosceles key and public
key technique as an example of the agent are often encrypted employing key and therefore the symmetric key
protected exploitation the general public key of the
receiving principal. The coding typically accustomed defends information on insecure networks
or storage devices.
To protect data different access controls are
used. The access controls manipulate and protects information and data
reliability via limiting that the data is modified by whom. In access controls
get entry to manipulate regulations enforced in distributed systems and may be
disbursed, centralized or simulated. The policies are centralized, then the
imperative server desires to check all accesses to the database and so if the
policies are distributed, then appropriate policies need to be positioned and
enforced for a particular get admission to frequently the regulations
associated with a specific database may also be saved at the equal web page. The
regulations are replicated, then each node can perform the get right of entry
to manipulate assessments for the statistics that it manages 6. The
relational database systems put in force access manage within the structured
query language and the use of the REVOKE and GRANT commands. In the SQL the
privileges are given to the customers by using GRANT commands.
There are different types of access controls
are used in mobiles database security these are as follows.
Role Based Access Control (RBAC):
These are that types of roles in which privileges
are encapsulated into roles of the users. The users are assigned to roles and
access the privileges.
Access Control (DAC):
These types of access control are based on
assigning and canceling the privileges. When a user logs on,
the interface obtains the specific privileges for the user.
Mandatory Access Control (MAC):
This type of access controls are based on the
sensitivity level of the data. According to the level of the access control the
user can read or modify the data.
In mobile network security the cell
operator’s 3g networks are not handiest exposed to all of the digital pathogens
already in move but additionally to cell specific viruses and Trojans and to
direct attacks which include denial of service on their networks from hackers
and crook businesses? These forms of attacks rent strategies which wired ISPs
have been handling for miles longer time period and there are also versions on
these assaults which take advantage of weaknesses inside the structure and a
number of the protocols used in 3g cellular data network systems.
· To implementing
security take an architecture approach solutions in their network point
solutions are not sufficient for it.
intrusion detection and prevention and VPNs can be deployed in a variety of
products in their networks
· anti-virus and
firewall can be used in client-side software which are gladly available to their
subscribers who use data devices
· Also be attentive
that networks are only as safe as the weakest link in a device. The mobile
operators need to work with each other and the ISP society and other telecom
providers to make sure that even the minimum amount of security is quite strong
for the device.
operators can take some steps to reduce the risk to their customers and
networks. Mobile data networks are in danger for several reasons:
a) The mobile operators are making high speed
wireless networks that are based on the Internet Protocol. These IP permit
users to do more while connected to the network.
b) The mobile
operators have opened up their networks to the public Internet and to other
data networks and building their 3G networks more susceptible to attacks in
c) The mobile
operators are developing their networks to IMS and enabling consistent networks
all running on internet protocol.
database the security suggestion is that with more users of mixed data capable
devices who are accessing content and communicating with one another across
multiple networks and there will be more traffic on the mobile networks and that
implies a higher likelihood of attacks occurring from any number of sources.
For example, many sophisticated attacks disguise themselves in data flows
across sessions and ports – the more traffic there is, the harder it is to
identify the threats to devices.
In Data base
management system the distributed database security is essential to the design
and function of a distributed database systems. Distributed database security
has three main parts which are Physical, User, and Network in database. Work
pieces in combination with policies, standards, and procedures etc. rules or policies
are guidelines that support a goal in the security. The solutions described
above must be applied on a goal to distributed database and also the human feature
and character should not be unnoticed that a user as who one uses this system would
be considered as an efficient issue for security of the databases. We could
emphasis that only attention on reviewed items could not be sufficient and for more
security so during implementation would be considering an appropriate
architecture for the systems.
1 A.Priya and
R.Dhanapal. 2013. “Evaluating the Query for a Mobile Database System through
Dongle Transaction Model”, International Journal of Advanced Research in
Computer Science and Software Engineering, Volume 3,Issue 10,October 2013, pp.
2 A.Priya and
R.Dhanapal. 2012. “A Method of Implementing Dongle Transaction Model in Mobile
Transaction Systems using Mobile Agents”,European Journal of Scientific
Research,Vol. 90 No 4 November 2012, pp. no. 536-549.
P. Pucheral, “Chip-Secured Data Access: Confidential Data on Untrusted
Servers”, Int. Conf. on Very Large Data Bases (VLDB), 2002.
Model for Windows Mobile 5.0 and Windows Mobile 6, February 2007
5 S. Miltchev
and J. M. Smith, V. Prevelakis, A. Keromytis, S. Ioannidis, Decentralized
Access Control in Distributed File Systems, 2003
Köse, Distributed Database Security, Data and Network Security – Spring 2002