8/18/2019 Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies
http://slidepdf.com/reader/full/improving-security-in-sap-hana-cloud-by-applying-multiple-encryption-policies 1/5
IJSTE - International Journal of Science Technology & Engineering | Volume 2 | Issue 09 | March 2016
ISSN (online): 2349-784X
All rights reserved by www.ijste.org 196
Improving Security in SAP-HANA Cloud by
Applying Multiple Encryption Policies
Suraj U Rasal Kratika Gupta
Assistant Professor Department of Computer Engineering
Department of Computer Engineering Bharati Vidyapeeth Deemed University’s
Bharati Vidyapeeth Deemed University’s College of Engineering, Pune
College of Engineering, Pune
Varsha Thanaji Mulik Shraddha T Shelar Department of Computer Engineering Assistant Professor
Nehru College of Engineering& Research center, Kerala Department of Information technology
D Y Patil College of Engineering Akurdi, Pune
Abstract
SAP HANA is current approach to manage enterprise working environment. Database is very important segment is this approach
which needs to be protected with high level security. This requirement can be achieved by applying multiple security policies in
the database access to increase its security level.
Keywords: Attribute Based Encryption (ABE), Cipher Text (CP), Security leve (), Encryption policies (E p)
________________________________________________________________________________________________________
I.
INTRODUCTION
SAP is a multinational software company which is religiously working to manage business operation and customer association. It
originally focused on enterprise resource planning, its first product SAP R/98 offered common system to manage multifarious
task and centralized data storage [1]. SAP R/2, SAP R/3 succeeding it were some other version which were updated, revised for
increasing and updating older capabilities [7]. SAP HANA originally called SAP High Performance Analytic Appliance is an
application server based on Relational database management system was developed by SAP SE. The main feature include: in
memory database and column orientation [2]. This product offer Business intelligence with real time response. HANA is an
alternative of cloud storage with smaller memory available on IBM cloud. SAP HANA started supporting SAP NetWeaver
Business Warehouse in September 2011, a data warehouse based on RDBMS and in-memory DBMS [6]. It is useful for
reporting, analysis, and interpretation of business data that processes and enable enterprise to respond periodically to meetmarket demand. It also bolsters sap enterprise resource planning, whose operations are: Sales & Distribution, Materials
Management, Production Planning, Logistics Execution, and Quality Management, Financials (Financial Accounting,
Management Accounting, and Financial Supply Chain Management) and Human Capital Management (Payroll, e-Recruiting).
II.
CURRENT TRENDS
Current enterpr ise generation:
The architectures of current-generation business systems delineate the technological advances that have been evolved for
business development [2].
Database layer:
Database management system delineates the controlled performance on hardware with finite main memory constricted with slowI/O disk. Limiting access to disk was the cornerstone. To minimize the number of disk pages to be read into main memory when
processing a query [2].
Business appli cation layer:
Business software evolved through a sequential processing paradigm. Data was stored in conventional manner which could be
retrieved from database, processed row by row and operated it needed and could again be stored . As discussed by Plattner and
Zeier in their recent book on in-memory data management says if we dichotomize data processing we get two important factors
[2].
8/18/2019 Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies
http://slidepdf.com/reader/full/improving-security-in-sap-hana-cloud-by-applying-multiple-encryption-policies 2/5
Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies (IJSTE/ Volume 2 / Issue 09 / 035)
All rights reserved by www.ijste.org 197
Onl ine transaction processing (OLTP) systems:
These are highly normalized to volume of data intake and to speed up inserts, updates, and deletes. This high degree of
normalization is a disadvantage while retrieving data, as multiple tables may have to be joined, which severely impacts
performance. OLAP (Online Analytical Processing) is the technology behind many Business Intelligence (BI) applications.
OLAP is a powerful technology for data discovery, including capabilities for limitless report viewing, complex analytical
calculations, and predictive “what if” scenario (budget, forecast) planning [2].
Fig. 1: OLAP in SAP HANA [5]
The figure depicts a typical enterprise software scenario: Large organizations need to deal with large number of data, and thus
need multiple enterprise resource planning (ERP) systems, each operate with its own data set and functioning. Analytical data to
be processed is combined in data warehouse and used business users via business intelligence (BI) solutions. Data marts and
local BI clients are used where large and most recent data reporting is needed [5].
III. MERGING CLOUD WITH SAP HANA
Cloud-Based Ef fi ciency:
Companies are today inclined to increase business efficiency with the agility by exploiting in-memory analysis so that real time
and data-driven decision making gives maximum output to their firm. Second, engulfing cloud computing technologies is anadvance and initiated step to bring a change to how IT services are delivered. Intel Xeon processor E7 v2 family implements the
above two principals very productively and deliver better performance at lower total cost and with comparable levels of
reliability, availability and serviceability. Intel and SAP collaborated to bring these trends together in SAP HANA. SAP HANA
holds the responsibility to store myriad of information such as business data, customer data and transactions, which are
vulnerable and demands cloud security and compliance [3].
8/18/2019 Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies
http://slidepdf.com/reader/full/improving-security-in-sap-hana-cloud-by-applying-multiple-encryption-policies 3/5
Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies (IJSTE/ Volume 2 / Issue 09 / 035)
All rights reserved by www.ijste.org 198
Fig. 2: SAP HANA coud Architecture [2]
IV.
R ESEARCH METHODOLOGY
Bribery, extortion and other con games have found new life online. Today, botnets and new viruses now encrypt cloud data.
Cloud being the source of all important and confidential data increases its vulnerability to attacks thus needing high security in
terms of data protection, user identification and disaster and data breach. Database is accessed by different data mining
approaches [7].
I denti fi ed circumstances in the cloud:
1) Clouds are exceptionally an infinite repository to the businesses for working those working with data in every aspect like
shopping malls, libraries, car showrooms etc. Customers have no transparency to where and how their personal information is
getting stored into the data center environment, where the data may be shared with other customers also [2]. 2) The
administrators and employee who manage the customer data have access to the entire data and application. Dominating the
outside attack is the insider one, an advanced persistent threat (APT) is a network attack in which an unauthorized person gains
access to a network and stays there undetected for a long period of time [3]. Thus business should maintain security and integrity
of data which to maintain customer faith and relation.
Merging Security with SAP HANA:
Achieving Security and Compliance for SAP HANA in the cloud:
To ensure security and maintenance one needs to take measure at every level of storage. Security should not be claimed at cost of
performance and data processing. Few efficient technologies like Vormetric, Virtustream, and Intel based on SAP HANAoptimize a compliant technology.
Role-based access and authorization for SAP HANA users and administrators:
SAP ensures the security of data based on use friendly and interactive methodology like authentication based on passwords,
ticket based authentication protocol implementing Symmetric key encryption(Kerberos), SAP login and digital certificates
(X.509) and so on.[8]
Data encryption:
Encryption algorithm is practiced at both back hand and while communicating via network to ensure security
Transaction logs and reporting mechanisms:
SAP HANA stored secondary information needed by business firm to investigate on user’s authenticity with retrieval and
processing facility along with business data.
8/18/2019 Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies
http://slidepdf.com/reader/full/improving-security-in-sap-hana-cloud-by-applying-multiple-encryption-policies 4/5
Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies (IJSTE/ Volume 2 / Issue 09 / 035)
All rights reserved by www.ijste.org 199
Security Policies:
There are multiple policies which are applied to make internet secure. But its studied that less number of policies are applied.
SAP HANA architecture is based on networking domain and coud sub domain which is keen to network security. Database
access is important term to make data base communication securely. Security policies are like cipher text policies (C p), Attribute
Based Encryption (A b), Decentralized policy (Dc), Multiple Authority policy. Cipher text is the obtained by encrypting plain text
using an algorithm, called a cipher. This text is unreadable by user or computer until applied a special decryption policy. Modern
cipher includes Public and Private Key Cryptography.
Decentralized key policy where secret key is issued by each authority to user not depending on central authority. It means that
that there is no need to trust on to the central authority. Decentralized key-attribute based encryption both the user secret key andthe cipher text are acknowledged by set of different attribute [8]. Encryption of message is with view of certain set of attributes
hence to decrypt the cipher text the receiver revels the actual data only when secret key map to the attributes in cipher text. In an
identity based encryption scheme, each user is assigned a unique identity string. So any user can create his public key for
exchange of information securely. In multi authority ABE secret key of different users from different authorities must be tied to
his global identifier (GID).
Applying multi ple securi ty policies:
Encryption policies play a vital role to make communication secure and efficient. In this paper the concept is suggested that
multiple policies can be applied simultaneously which brings high security level approach. When SAP HANA appliance layer
contacts to SAP HANA database, security level is zero in the present system. It may result is weak database access. Multiple
policies can be applied in the communication medium between SAP-HANA database and Appliance layer. Cipher text policy
(CP) can change the data in encrypted form [10]. Attribute Based Encryption (ABE) can be applied to allocate an attribute for
individual tasks or functionalities which shows flexible secure environment [11]. Decentralized key approach can be applied forCertificate authorities. Certificate authorities are user programs which gives security certificates for user & data validation or
authorization.
Fig. 3: Multiple policy based encryption in SAP HANA architecture
It’s shown in above Fig.3, E p is considered as encryption policies which is composed with,
E p = C p + A b + Dc
C p is Cipher text policy, A bis Attribute based policy &Dc is Decentralized key policy. As it can be said that Security level is
directly proportional to number of security policies applied over network [8].
Ep α Sl
As E p is considered as summation of multiple security policies and is security level. When the term database comes in the
computing part, data base access is very important parameter. As in SAP HANA data mining approach is used to exchange data.
By applying multiple security policies in database access between SAP HANA database and appliance layer, its communication
medium will be more secured.
V.
CONCLUSION
Database is one of the important computing environments in SAP HANA. In SAP HANA cloud, database access keen to have
secure network to exchange data between database to database and database to client. Multiple security policy approach between
database and appliance increases security level which makes communication more secured.
R EFERENCES
[1]
Sikka, V., Färber, F., Lehner, W., Cha, S. K., Peh, T., & Bornhövd, C. (2012). Efficient transaction processing in SAP HANA
database. SIGMOD Conference (p. 731).
8/18/2019 Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies
http://slidepdf.com/reader/full/improving-security-in-sap-hana-cloud-by-applying-multiple-encryption-policies 5/5
Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies (IJSTE/ Volume 2 / Issue 09 / 035)
All rights reserved by www.ijste.org 200
[2]
An Oracle White Paper. (2014). Analysis of SAP HANA High Availability Capabilities. Available:
http://www.oracle.com/technetwork/database/availability/sap-hana-ha-analysis-cwp-1959003.pdf. Last accessed 22nd March 2016.[3]
Intel Real-Time Business Intelligence White Paper.(2014). Security in the Cloud for SAP HANA*. Available:
http://www.intel.in/content/dam/www/public/us/en/documents/white-papers/cloud-security-xeon-e7-v2-sap-virtustream-paper.pdf. Last accessed 22nd
March 2016.
[4]
Färber, F., Cha, S. K., Primsch, J., Bornhövd, C., Sigg, S., & Lehner, W. (2011). SAP HANA Database - Data Management for Modern Business
Applications. SIGMOD Record, 40(4), 45-51.
[5]
SAP HANA-Explore and Analyze Vast Quantities of Data from Virtually Any Source at the Speed of Thought white paper. (2011). SAP HANA™ for Next-Generation Business Applications and Real-Time
Analytics.Available:http://hana.sap.com/content/dam/website/saphana/en_us/S4%20HANA/Final_Launch_S4HANA_Plattner.pdf. Last accessed 19th
March 2016.[6]
Weyerhaeuser, C., Mindnich, T., Faerber, F., & Lehner, W. (2008). Exploiting Graphic Card Processor Technology to Accelerate Data Mining Queries in
SAP NetWeaver BIA. 2008 IEEE International Conference on Data Mining Workshops (pp. 506-515).
[7] Legler, T., Lehner, W., & Ross, A. (2006). Data mining with the SAP NetWeaver BI accelerator, 1059-1068.[8]
Jinguang Han, Willy Susilo, Yi Mu, Jianying Zhou, and Man Ho Allen Au,(MARCH 2015). Improving Privacy and Security in Decentralized Ciphertext-
Policy Attribute-Based Encryption. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10 (3), 665-678.
[9]
P. Bichsel, J. Camenisch, T. Groß, and V. Shoup, “Anonymous credentials on a standard Java Card,” in Proc. ACM Conf. CCS, 2009, pp. 600 – 610.[10]
D. Boneh and M. K. Franklin. Identity-based encryption from the Weil pairing. In CRYPTO, pages213 – 229, 2001
[11]
D. Boneh and X. Boyen. “Efficient selective-id secure identity based encryption without random oracles”. In EUROCRYPT, pages 223 - 238, 2004.
[12]
D. Boneh and X. Boyen. “Secure identity based encryption without random oracles”. In CRYPTO, pages 443-459, 2004
[13] A. Sahai and B. Waters, “Fuzzy identity- based encryption,” in Advances in Cryptology (Lecture Notes in Computer Science), vol. 3494. Heidelberg,
Germany: Springer-Verlag, 2005, pp. 457 – 473.