Data Encryption Impact on Performance in Oracle and Database Storage
49 Pages14654 Words478 Views
Added on 2022-12-05
About This Document
This research compares and shows the performance of an oracle database with TDE and that without TDE. The goal of this paper is to build a theoretical framework that will be used for benchmarking Transparent Data Encryption (TDE) systems. The current chapter discusses the idea of TDE and how this technology is of critical significance today.
Data Encryption Impact on Performance in Oracle and Database Storage
Added on 2022-12-05
ShareRelated Documents
DATA ENCRYPTION IMPACT ON PERFORMANCE IN ORACLE AND DATABASE
STORAGE
STORAGE
Abstract
As the volume of data and information received and sent electronically grows in
different small and medium-sized businesses, corporations, and organizations, the use of the
Cloud Database as a service is becoming increasingly common in the global business world.
The operating responsibility faced by Transactional Database Systems (TDS) users, such as
deployment, provisioning, performance tuning, scalability, safety and protection, backup, and
access control, is passed to the service provider/operator by the Database as a service
provider. Which provides lower hardware and technological costs, remote internet
connections to databases, and stable applications. Today, data security is a necessity with
more security standards and regulations in ensuring data safety and ensuring privacy. With
enhanced unauthorized access to sensitive data in the cloud, this paper introduces encryption
strategies that offer strong protection against threats using Straightforward Data Encryption
(TDE). To secure the integrity of the cloud servers, TDE is used to transparently encrypt and
protect data on rest, hard disk, transit, and backup media. TDE is reliable, fast, and offers a
high degree of security for columns, tables, and tables for data that need protection. This
research compares and shows the performance of an oracle database with TDE and that
without TDE.
Keywords: Database encryption, Administrative Key Management, Performance Overhead,
Transparent Data Encryption (TDE), TDE Tablespace
As the volume of data and information received and sent electronically grows in
different small and medium-sized businesses, corporations, and organizations, the use of the
Cloud Database as a service is becoming increasingly common in the global business world.
The operating responsibility faced by Transactional Database Systems (TDS) users, such as
deployment, provisioning, performance tuning, scalability, safety and protection, backup, and
access control, is passed to the service provider/operator by the Database as a service
provider. Which provides lower hardware and technological costs, remote internet
connections to databases, and stable applications. Today, data security is a necessity with
more security standards and regulations in ensuring data safety and ensuring privacy. With
enhanced unauthorized access to sensitive data in the cloud, this paper introduces encryption
strategies that offer strong protection against threats using Straightforward Data Encryption
(TDE). To secure the integrity of the cloud servers, TDE is used to transparently encrypt and
protect data on rest, hard disk, transit, and backup media. TDE is reliable, fast, and offers a
high degree of security for columns, tables, and tables for data that need protection. This
research compares and shows the performance of an oracle database with TDE and that
without TDE.
Keywords: Database encryption, Administrative Key Management, Performance Overhead,
Transparent Data Encryption (TDE), TDE Tablespace
Table of Contents
Chapter 1 – Introduction..........................................................................................................................4
1.1 Introduction...............................................................................................................................4
1.2 Problem Statement....................................................................................................................6
1.3 Research Gaps and Related Work............................................................................................6
Chapter 2 – Literature Review.................................................................................................................8
2.1 Introduction.....................................................................................................................................8
2.2 Oracle Database Encryption.........................................................................................................10
2.3 Chapter Summary.........................................................................................................................15
Chapter 3 – Methodology........................................................................................................................17
3.1 Introduction...................................................................................................................................17
3.2 Methods..........................................................................................................................................17
3.3 Encrypting the Oracle Database Engine................................................................................17
3.4 Results.......................................................................................................................................19
3.5 Discussion.................................................................................................................................24
Reference List...........................................................................................................................................29
Chapter 1 – Introduction..........................................................................................................................4
1.1 Introduction...............................................................................................................................4
1.2 Problem Statement....................................................................................................................6
1.3 Research Gaps and Related Work............................................................................................6
Chapter 2 – Literature Review.................................................................................................................8
2.1 Introduction.....................................................................................................................................8
2.2 Oracle Database Encryption.........................................................................................................10
2.3 Chapter Summary.........................................................................................................................15
Chapter 3 – Methodology........................................................................................................................17
3.1 Introduction...................................................................................................................................17
3.2 Methods..........................................................................................................................................17
3.3 Encrypting the Oracle Database Engine................................................................................17
3.4 Results.......................................................................................................................................19
3.5 Discussion.................................................................................................................................24
Reference List...........................................................................................................................................29
Data Encryption Impact on Performance in Oracle and Database Storage
Chapter 1 – Introduction
• Introduction
The goal of this paper is to build a theoretical framework that will be used for
benchmarking Transparent Data Encryption (TDE) systems. The current chapter discusses
the idea of TDE and how this technology is of critical significance today. This is done by
briefly introducing the relevant literature, which contributes to the recognition of the research
void that the current research effort aims to solve. Finally, the contribution of the present
analysis, along with the constraints imposed, is briefly addressed. Data encryption is the
translation of data into another form or code so that the user that has access to a secret key or
a password can read the data. In most cases, the encrypted data is often referred to as
ciphertext while the unencrypted data are known as plain text. At present, encryption is
considered one of the most popular and effective data security methods that are used by
various organizations.
At current, there is a rapid increase in available information and data. This increment
of data has given rise to the need for data storage. Storing the data is one of the primary
concerns which every user must be aware of. The users can privately store their data on local
storage or can use various online cloud providers to store their data. However, there is risk or
threat while storing the data as hackers and third parties can easily hack or steal this data. As
mentioned by Zhang et al., 2019, the data may contain personal and secret information
related to the users like their name, home address, bank details, medication status, and some
other vital information that should be kept secret. One of the basic methods of attack upon
the encryption is a brute force or trying random keys till the main one is found.
The length of the key often determines the available keys and mostly affects the
plausibility of the attacks. The encryption strength is directly related or proportional to the
key size. With the increment of key size, the resource requirement also increases that are to
be used for computation. An alternate method for breaking down the cipher is side-channel
attacks and certain cryptanalysis. It is to be noted that these attacks mostly succeed if an error
is present or available in the system design during the execution. To prevent or reduce this
data theft, the user needs to make use of certain encryption techniques that can be used in
enhancing data security. With the data encryption, the user should be able to translate their
data in some form of code. These codes can be deciphered or retranslated back to their
Chapter 1 – Introduction
• Introduction
The goal of this paper is to build a theoretical framework that will be used for
benchmarking Transparent Data Encryption (TDE) systems. The current chapter discusses
the idea of TDE and how this technology is of critical significance today. This is done by
briefly introducing the relevant literature, which contributes to the recognition of the research
void that the current research effort aims to solve. Finally, the contribution of the present
analysis, along with the constraints imposed, is briefly addressed. Data encryption is the
translation of data into another form or code so that the user that has access to a secret key or
a password can read the data. In most cases, the encrypted data is often referred to as
ciphertext while the unencrypted data are known as plain text. At present, encryption is
considered one of the most popular and effective data security methods that are used by
various organizations.
At current, there is a rapid increase in available information and data. This increment
of data has given rise to the need for data storage. Storing the data is one of the primary
concerns which every user must be aware of. The users can privately store their data on local
storage or can use various online cloud providers to store their data. However, there is risk or
threat while storing the data as hackers and third parties can easily hack or steal this data. As
mentioned by Zhang et al., 2019, the data may contain personal and secret information
related to the users like their name, home address, bank details, medication status, and some
other vital information that should be kept secret. One of the basic methods of attack upon
the encryption is a brute force or trying random keys till the main one is found.
The length of the key often determines the available keys and mostly affects the
plausibility of the attacks. The encryption strength is directly related or proportional to the
key size. With the increment of key size, the resource requirement also increases that are to
be used for computation. An alternate method for breaking down the cipher is side-channel
attacks and certain cryptanalysis. It is to be noted that these attacks mostly succeed if an error
is present or available in the system design during the execution. To prevent or reduce this
data theft, the user needs to make use of certain encryption techniques that can be used in
enhancing data security. With the data encryption, the user should be able to translate their
data in some form of code. These codes can be deciphered or retranslated back to their
original form only through the usage of a secret key or a password to which only the user has
access. From its nomenclature, the secret key is the only “key” that translates the encoded
cipher text into plain text. Any user without the secret key cannot be able to decode the
encrypted data files. The stored information can only be revealed to users with the secret key.
The user can share this password and the private key with the ones they trust. In this
way, unauthorized persons or third parties will be unable to get access to the personal
information and the data security of the original user will enhance dramatically (Wiese et al.
2020).
Database users such as DB Admins, Parametric End Users like Data Clerks should be
informed of the idea of encrypting data to enhance data security. Uninformed database users
can be a form of vulnerability to an organization's database since they can be lured to expose
passwords and secret keys. This can give chance to attackers to compromise with the
organization's data. It is to be noted that organizations or companies are not fully immune to
security breaches.
The proper implementation of the data encryption techniques is possibly the safest
way for protecting the confidential and secret information related to the organizations and
their client base (Rafique et al. 2017). This is one of the main or primary reasons why all the
documents which the users send or receive over the internet must be encrypted. The sensitive
data must be protected at all costs. It can be achieved if a proper data implementation
technique is implemented which can be used in protecting the sensitive data that is utilized
over the internet. In this project, I am going to analyze the data encryption technique and
display this encryption in oracle.
• Problem Statement
Security has been a top priority for organizations today. Encryption at rest is a part of
the solution, but not a large part of it. Network encryption is another piece, but this is just a
little piece. These and other components do not work well together; they need to unencrypt
and encrypt data while passing across layers, leaving transparent copies that cause
complicated technical problems to track and identify an intrusion. The state-of-the-art best-
practice technology paradigm is end-to-end encryption architecture. The program deploys the
application-driven encryption services in the main memory. These services allow end-to-end
encryption, from the database to middleware, locally and across networks, and private and
hybrid clouds. Oracle and others are proposing such options. This research is focused on
benchmarks developed and run by Oracle.
• Research Gaps and Related Work
access. From its nomenclature, the secret key is the only “key” that translates the encoded
cipher text into plain text. Any user without the secret key cannot be able to decode the
encrypted data files. The stored information can only be revealed to users with the secret key.
The user can share this password and the private key with the ones they trust. In this
way, unauthorized persons or third parties will be unable to get access to the personal
information and the data security of the original user will enhance dramatically (Wiese et al.
2020).
Database users such as DB Admins, Parametric End Users like Data Clerks should be
informed of the idea of encrypting data to enhance data security. Uninformed database users
can be a form of vulnerability to an organization's database since they can be lured to expose
passwords and secret keys. This can give chance to attackers to compromise with the
organization's data. It is to be noted that organizations or companies are not fully immune to
security breaches.
The proper implementation of the data encryption techniques is possibly the safest
way for protecting the confidential and secret information related to the organizations and
their client base (Rafique et al. 2017). This is one of the main or primary reasons why all the
documents which the users send or receive over the internet must be encrypted. The sensitive
data must be protected at all costs. It can be achieved if a proper data implementation
technique is implemented which can be used in protecting the sensitive data that is utilized
over the internet. In this project, I am going to analyze the data encryption technique and
display this encryption in oracle.
• Problem Statement
Security has been a top priority for organizations today. Encryption at rest is a part of
the solution, but not a large part of it. Network encryption is another piece, but this is just a
little piece. These and other components do not work well together; they need to unencrypt
and encrypt data while passing across layers, leaving transparent copies that cause
complicated technical problems to track and identify an intrusion. The state-of-the-art best-
practice technology paradigm is end-to-end encryption architecture. The program deploys the
application-driven encryption services in the main memory. These services allow end-to-end
encryption, from the database to middleware, locally and across networks, and private and
hybrid clouds. Oracle and others are proposing such options. This research is focused on
benchmarks developed and run by Oracle.
• Research Gaps and Related Work
As discussed above, we are living in the information age. Data is distributed and
processed in different means that expand the surface of the attack for future hackers. The
security of information records is thus of vital significance. The relevance of the field has
gained the interest of both academia and business. Several field research papers are briefly
listed in this section. TDE is a technology with a range of modifications and implementations.
Owing to the restricted time available to the current research study, a range of restrictions
need to be implemented. The most important of this is that the methodology developed
focuses only on the efficiency of TDE systems and the additional computational pressure
added. However, protection is a key feature of such systems, and its power, along with the
possible weaknesses of TDE implementations, is a significant concern that requires further
study. Despite this, the security strength of the TDE systems is not beyond the scope of the
current project and is left to future work.
Chapter 2 – Literature Review
2.1
Although there exists ample literature, scholarly articles, and varied information
sources corresponding to technologies on cloud databases security and data encryption few
focus on making a deep aesthetic examination of the performance of such technologies. Many
researchers are inclined towards analysis of cryptographic algorithms, cloud systems
architecture, and overview of emerging cloud security technologies. There are therefore
limited literature sources that study the performance of such cryptographic security
technologies in a practical setting. Few scholarly works detail the performance of such
enterprise technologies as Oracle's Transparent Data Encryption. Apparently, this paper takes
advantage of the void and goes explicit at assessing from the richness of works associated
with DBMSs, cloud systems security, cloud data encryption, Oracle cloud systems, and
Oracle TDE to converge the information towards establishing and finally accomplishing its
study of the impact of encryption on the performance of Oracle Database.
In establishing the appropriate material for this literature review, the author of this
paper applied the snowball approach. Initially, the sampling began with more than 40
sources. These sources a collection of course books, scholarly articles, tech summit
publications (i.e IEEE, ACM, ISI, Scopus), and Oracle Documents. The next level of
snowballing eliminated some of the sources to remain with those that would be relevant to
the topic in research. This was done through selection and filtering to determine the most
processed in different means that expand the surface of the attack for future hackers. The
security of information records is thus of vital significance. The relevance of the field has
gained the interest of both academia and business. Several field research papers are briefly
listed in this section. TDE is a technology with a range of modifications and implementations.
Owing to the restricted time available to the current research study, a range of restrictions
need to be implemented. The most important of this is that the methodology developed
focuses only on the efficiency of TDE systems and the additional computational pressure
added. However, protection is a key feature of such systems, and its power, along with the
possible weaknesses of TDE implementations, is a significant concern that requires further
study. Despite this, the security strength of the TDE systems is not beyond the scope of the
current project and is left to future work.
Chapter 2 – Literature Review
2.1
Although there exists ample literature, scholarly articles, and varied information
sources corresponding to technologies on cloud databases security and data encryption few
focus on making a deep aesthetic examination of the performance of such technologies. Many
researchers are inclined towards analysis of cryptographic algorithms, cloud systems
architecture, and overview of emerging cloud security technologies. There are therefore
limited literature sources that study the performance of such cryptographic security
technologies in a practical setting. Few scholarly works detail the performance of such
enterprise technologies as Oracle's Transparent Data Encryption. Apparently, this paper takes
advantage of the void and goes explicit at assessing from the richness of works associated
with DBMSs, cloud systems security, cloud data encryption, Oracle cloud systems, and
Oracle TDE to converge the information towards establishing and finally accomplishing its
study of the impact of encryption on the performance of Oracle Database.
In establishing the appropriate material for this literature review, the author of this
paper applied the snowball approach. Initially, the sampling began with more than 40
sources. These sources a collection of course books, scholarly articles, tech summit
publications (i.e IEEE, ACM, ISI, Scopus), and Oracle Documents. The next level of
snowballing eliminated some of the sources to remain with those that would be relevant to
the topic in research. This was done through selection and filtering to determine the most
informative sources. At this point, this presentation finds it fitting to applaud and recommend
snowballing as an ideal method of resources selections.
This review begins from a broadened revelation and narrows to the main discussion as
the flow processes.
2.2 Introduction
Organizations rely on distributed information systems to enhance their efficiency and
productivity. However, due to the ever-growing technology, organizations become more
prone to security threats. Database systems are the distributed information system’s integral
component, which allows the whole system to function. Many organizations implement
database systems as a powerful technology for managing data for daily operation and
decision making. Since the data in the database get shared among multiple users, it is vital to
ensure the safety of the stored data despite unauthorized access or system crushes. The data
stored might be sensitive and confidential, thus the need for these organizations to improve
their security. Encryption is one of the most effective techniques for securing the database.
Since the upsurge of networks and especially cloud technology, various
cryptographic solutions have been built for the security of cloud systems. Transparent Data
Encryption is one of the most notable encryption technology built especially for cloud data
systems. TDE is a technology born to secure data maintained in databases. The concept
behind it, which also describes the keyword "Transparent," is to protect data stored without
the user being aware of the security processes involved (Mattsson, 2017). Therefore, to gain
data security, they need to be encrypted while they remain in the archive. Also, the
encryption keys must be handled by the TDE framework to make the whole operation visible
to the data user. Last but not least, the TDE device has to execute real-time I/O data
encryption, as well as database log files, otherwise, the operation will be detectable by the
user. TDE transparently encrypts the rest data in Oracle Databases. Stops unwanted attempts
by the operating system to access database data contained in archives, without changing how
programs access SQL data.
TDE is capable of encrypting whole program tablespaces or unique critical
columns. Tablespace encryption is helpful when you want to encrypt all data, regardless of
the column. With tablespace encryption, you do not need to remember the features of
columns, such as indexes and limitations. Column encryption is helpful in situations when
only several critical columns have to be encrypted (Mattsson, 2017). The next section of this
report implements database encryption using TDE in Oracle 12c Database and evaluates its
performance as well as some database encryption trade-offs. TDE is completely implemented
snowballing as an ideal method of resources selections.
This review begins from a broadened revelation and narrows to the main discussion as
the flow processes.
2.2 Introduction
Organizations rely on distributed information systems to enhance their efficiency and
productivity. However, due to the ever-growing technology, organizations become more
prone to security threats. Database systems are the distributed information system’s integral
component, which allows the whole system to function. Many organizations implement
database systems as a powerful technology for managing data for daily operation and
decision making. Since the data in the database get shared among multiple users, it is vital to
ensure the safety of the stored data despite unauthorized access or system crushes. The data
stored might be sensitive and confidential, thus the need for these organizations to improve
their security. Encryption is one of the most effective techniques for securing the database.
Since the upsurge of networks and especially cloud technology, various
cryptographic solutions have been built for the security of cloud systems. Transparent Data
Encryption is one of the most notable encryption technology built especially for cloud data
systems. TDE is a technology born to secure data maintained in databases. The concept
behind it, which also describes the keyword "Transparent," is to protect data stored without
the user being aware of the security processes involved (Mattsson, 2017). Therefore, to gain
data security, they need to be encrypted while they remain in the archive. Also, the
encryption keys must be handled by the TDE framework to make the whole operation visible
to the data user. Last but not least, the TDE device has to execute real-time I/O data
encryption, as well as database log files, otherwise, the operation will be detectable by the
user. TDE transparently encrypts the rest data in Oracle Databases. Stops unwanted attempts
by the operating system to access database data contained in archives, without changing how
programs access SQL data.
TDE is capable of encrypting whole program tablespaces or unique critical
columns. Tablespace encryption is helpful when you want to encrypt all data, regardless of
the column. With tablespace encryption, you do not need to remember the features of
columns, such as indexes and limitations. Column encryption is helpful in situations when
only several critical columns have to be encrypted (Mattsson, 2017). The next section of this
report implements database encryption using TDE in Oracle 12c Database and evaluates its
performance as well as some database encryption trade-offs. TDE is completely implemented
in the Oracle database. Encrypted data stays encrypted in the database, whether it's in
tablespace storage archives, temporary tablespaces, tablespaces, or other files that Oracle
Database 12c depends on, for example, re-encrypted logs. TDE can also encrypt complete
archive copies and export storage pumps. Oracle Recovery Manager (RMAN) and Data
Pump Export/Import both combine TDE encryption to move through previously encrypted
data (Oracle Database, 2016).
TDE is a cryptographic method in the Oracle database used to encrypt data
contained in a table column or table field. It preserves data contained in database files (DBF)
by encrypting it in case the file is compromised or hacked. Transparent Data Encryption
Tablespace Encryption has no overhead associated efficiency. The real effect of performance
on applications can differ. TDE column encryption only impacts efficiency when data is
extracted from or placed into an encrypted column. There is no drop in efficiency for
operations involving unencrypted columns, except though these columns are in a table
containing encrypted columns. Accessing data in encrypted columns requires no overhead
efficiency, and the exact overhead you observe can differ. Total overhead efficiency depends
on the number of encrypted columns and their frequency of entry (Oracle Database, 2016).
For Oracle Database 12c systems with modern hardware, the overhead efficiency of TDE is
usually very low and not visible to end-users.
Oracle databases are exposed to significant cybersecurity risks, which pose threats to
unauthorized disclosure, modification, or loss of data. Transparent data encryption in Oracle
databases creates a 2 – 4% performance overhead (Moulianitakis and Asimakopoulos, 2019).
Although the performance impact of encryption appears negligible, it is more significant on
other system operations relative to the acquired level of protection. Transparent data
encryption in Oracle databases protects only the stored data hence leaving the data held in
memory exposed to loss and damage threats. SQL servers are designed to automatically
reference data that is accessed regularly in the buffer pool hence provisioning an Oracle
database with adequate buffer memory minimizes the need to access the disk hence
minimizing the performance impacts of encryption (Moulianitakis and Asimakopoulos,
2019).
However, queries that have not been accessed for a while would require data retrieval
from the database hence increasing performance overhead from encryption. Performance
overheads due to encryption are also experienced in the transactions recorded in the logfile,
index rebuild operations, and backup processes depending on the interactions between the
tablespace storage archives, temporary tablespaces, tablespaces, or other files that Oracle
Database 12c depends on, for example, re-encrypted logs. TDE can also encrypt complete
archive copies and export storage pumps. Oracle Recovery Manager (RMAN) and Data
Pump Export/Import both combine TDE encryption to move through previously encrypted
data (Oracle Database, 2016).
TDE is a cryptographic method in the Oracle database used to encrypt data
contained in a table column or table field. It preserves data contained in database files (DBF)
by encrypting it in case the file is compromised or hacked. Transparent Data Encryption
Tablespace Encryption has no overhead associated efficiency. The real effect of performance
on applications can differ. TDE column encryption only impacts efficiency when data is
extracted from or placed into an encrypted column. There is no drop in efficiency for
operations involving unencrypted columns, except though these columns are in a table
containing encrypted columns. Accessing data in encrypted columns requires no overhead
efficiency, and the exact overhead you observe can differ. Total overhead efficiency depends
on the number of encrypted columns and their frequency of entry (Oracle Database, 2016).
For Oracle Database 12c systems with modern hardware, the overhead efficiency of TDE is
usually very low and not visible to end-users.
Oracle databases are exposed to significant cybersecurity risks, which pose threats to
unauthorized disclosure, modification, or loss of data. Transparent data encryption in Oracle
databases creates a 2 – 4% performance overhead (Moulianitakis and Asimakopoulos, 2019).
Although the performance impact of encryption appears negligible, it is more significant on
other system operations relative to the acquired level of protection. Transparent data
encryption in Oracle databases protects only the stored data hence leaving the data held in
memory exposed to loss and damage threats. SQL servers are designed to automatically
reference data that is accessed regularly in the buffer pool hence provisioning an Oracle
database with adequate buffer memory minimizes the need to access the disk hence
minimizing the performance impacts of encryption (Moulianitakis and Asimakopoulos,
2019).
However, queries that have not been accessed for a while would require data retrieval
from the database hence increasing performance overhead from encryption. Performance
overheads due to encryption are also experienced in the transactions recorded in the logfile,
index rebuild operations, and backup processes depending on the interactions between the
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Assignment On SPOCK Databaselg...
|11
|2811
|269
Database Securitylg...
|4
|824
|76
Network Security: Remote Access, Interconnecting Devices, and WAN Technologieslg...
|9
|1459
|154
Assignment on Cloud Computing and Webb Storelg...
|13
|2958
|265
Encryption and Security in Cloud Computinglg...
|6
|2894
|168
(Solved) Assignment on Cloud Computinglg...
|13
|2925
|208