improving security in sap-hana cloud by applying multiple encryption policies

8/18/2019 Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies

http://slidepdf.com/reader/full/improving-security-in-sap-hana-cloud-by-applying-multiple-encryption-policies 1/5

IJSTE - International Journal of Science Technology & Engineering | Volume 2 | Issue 09 | March 2016

ISSN (online): 2349-784X

All rights reserved by www.ijste.org 196

Improving Security in SAP-HANA Cloud by

Applying Multiple Encryption Policies

Suraj U Rasal Kratika Gupta

Assistant Professor Department of Computer Engineering

Department of Computer Engineering Bharati Vidyapeeth Deemed University’s

Bharati Vidyapeeth Deemed University’s College of Engineering, Pune

College of Engineering, Pune

Varsha Thanaji Mulik Shraddha T Shelar Department of Computer Engineering Assistant Professor

Nehru College of Engineering& Research center, Kerala Department of Information technology

D Y Patil College of Engineering Akurdi, Pune

Abstract

SAP HANA is current approach to manage enterprise working environment. Database is very important segment is this approach

which needs to be protected with high level security. This requirement can be achieved by applying multiple security policies in

the database access to increase its security level.

Keywords: Attribute Based Encryption (ABE), Cipher Text (CP), Security leve (), Encryption policies (E p)

________________________________________________________________________________________________________

I.

INTRODUCTION

SAP is a multinational software company which is religiously working to manage business operation and customer association. It

originally focused on enterprise resource planning, its first product SAP R/98 offered common system to manage multifarious

task and centralized data storage [1]. SAP R/2, SAP R/3 succeeding it were some other version which were updated, revised for

increasing and updating older capabilities [7]. SAP HANA originally called SAP High Performance Analytic Appliance is an

application server based on Relational database management system was developed by SAP SE. The main feature include: in

memory database and column orientation [2]. This product offer Business intelligence with real time response. HANA is an

alternative of cloud storage with smaller memory available on IBM cloud. SAP HANA started supporting SAP NetWeaver

Business Warehouse in September 2011, a data warehouse based on RDBMS and in-memory DBMS [6]. It is useful for

reporting, analysis, and interpretation of business data that processes and enable enterprise to respond periodically to meetmarket demand. It also bolsters sap enterprise resource planning, whose operations are: Sales & Distribution, Materials

Management, Production Planning, Logistics Execution, and Quality Management, Financials (Financial Accounting,

Management Accounting, and Financial Supply Chain Management) and Human Capital Management (Payroll, e-Recruiting).

II.

CURRENT TRENDS

Current enterpr ise generation:

The architectures of current-generation business systems delineate the technological advances that have been evolved for

business development [2].

Database layer:

Database management system delineates the controlled performance on hardware with finite main memory constricted with slowI/O disk. Limiting access to disk was the cornerstone. To minimize the number of disk pages to be read into main memory when

processing a query [2].

Business appli cation layer:

Business software evolved through a sequential processing paradigm. Data was stored in conventional manner which could be

retrieved from database, processed row by row and operated it needed and could again be stored . As discussed by Plattner and

Zeier in their recent book on in-memory data management says if we dichotomize data processing we get two important factors

[2].



Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies (IJSTE/ Volume 2 / Issue 09 / 035)


Onl ine transaction processing (OLTP) systems:

These are highly normalized to volume of data intake and to speed up inserts, updates, and deletes. This high degree of

normalization is a disadvantage while retrieving data, as multiple tables may have to be joined, which severely impacts

performance. OLAP (Online Analytical Processing) is the technology behind many Business Intelligence (BI) applications.

OLAP is a powerful technology for data discovery, including capabilities for limitless report viewing, complex analytical

calculations, and predictive “what if” scenario (budget, forecast) planning [2].

Fig. 1: OLAP in SAP HANA [5]

The figure depicts a typical enterprise software scenario: Large organizations need to deal with large number of data, and thus

need multiple enterprise resource planning (ERP) systems, each operate with its own data set and functioning. Analytical data to

be processed is combined in data warehouse and used business users via business intelligence (BI) solutions. Data marts and

local BI clients are used where large and most recent data reporting is needed [5].

III. MERGING CLOUD WITH SAP HANA

Cloud-Based Ef fi ciency:

Companies are today inclined to increase business efficiency with the agility by exploiting in-memory analysis so that real time

and data-driven decision making gives maximum output to their firm. Second, engulfing cloud computing technologies is anadvance and initiated step to bring a change to how IT services are delivered. Intel Xeon processor E7 v2 family implements the

above two principals very productively and deliver better performance at lower total cost and with comparable levels of

reliability, availability and serviceability. Intel and SAP collaborated to bring these trends together in SAP HANA. SAP HANA

holds the responsibility to store myriad of information such as business data, customer data and transactions, which are

vulnerable and demands cloud security and compliance [3].





Fig. 2: SAP HANA coud Architecture [2]

IV.

R ESEARCH METHODOLOGY

Bribery, extortion and other con games have found new life online. Today, botnets and new viruses now encrypt cloud data.

Cloud being the source of all important and confidential data increases its vulnerability to attacks thus needing high security in

terms of data protection, user identification and disaster and data breach. Database is accessed by different data mining

approaches [7].

I denti fi ed circumstances in the cloud:

1) Clouds are exceptionally an infinite repository to the businesses for working those working with data in every aspect like

shopping malls, libraries, car showrooms etc. Customers have no transparency to where and how their personal information is

getting stored into the data center environment, where the data may be shared with other customers also [2]. 2) The

administrators and employee who manage the customer data have access to the entire data and application. Dominating the

outside attack is the insider one, an advanced persistent threat (APT) is a network attack in which an unauthorized person gains

access to a network and stays there undetected for a long period of time [3]. Thus business should maintain security and integrity

of data which to maintain customer faith and relation.

Merging Security with SAP HANA:

Achieving Security and Compliance for SAP HANA in the cloud:

To ensure security and maintenance one needs to take measure at every level of storage. Security should not be claimed at cost of

performance and data processing. Few efficient technologies like Vormetric, Virtustream, and Intel based on SAP HANAoptimize a compliant technology.

Role-based access and authorization for SAP HANA users and administrators:

SAP ensures the security of data based on use friendly and interactive methodology like authentication based on passwords,

ticket based authentication protocol implementing Symmetric key encryption(Kerberos), SAP login and digital certificates

(X.509) and so on.[8]

Data encryption:

Encryption algorithm is practiced at both back hand and while communicating via network to ensure security

Transaction logs and reporting mechanisms:

SAP HANA stored secondary information needed by business firm to investigate on user’s authenticity with retrieval and

processing facility along with business data.





Security Policies:

There are multiple policies which are applied to make internet secure. But its studied that less number of policies are applied.

SAP HANA architecture is based on networking domain and coud sub domain which is keen to network security. Database

access is important term to make data base communication securely. Security policies are like cipher text policies (C p), Attribute

Based Encryption (A b), Decentralized policy (Dc), Multiple Authority policy. Cipher text is the obtained by encrypting plain text

using an algorithm, called a cipher. This text is unreadable by user or computer until applied a special decryption policy. Modern

cipher includes Public and Private Key Cryptography.

Decentralized key policy where secret key is issued by each authority to user not depending on central authority. It means that

that there is no need to trust on to the central authority. Decentralized key-attribute based encryption both the user secret key andthe cipher text are acknowledged by set of different attribute [8]. Encryption of message is with view of certain set of attributes

hence to decrypt the cipher text the receiver revels the actual data only when secret key map to the attributes in cipher text. In an

identity based encryption scheme, each user is assigned a unique identity string. So any user can create his public key for

exchange of information securely. In multi authority ABE secret key of different users from different authorities must be tied to

his global identifier (GID).

Applying multi ple securi ty policies:

Encryption policies play a vital role to make communication secure and efficient. In this paper the concept is suggested that

multiple policies can be applied simultaneously which brings high security level approach. When SAP HANA appliance layer

contacts to SAP HANA database, security level is zero in the present system. It may result is weak database access. Multiple

policies can be applied in the communication medium between SAP-HANA database and Appliance layer. Cipher text policy

(CP) can change the data in encrypted form [10]. Attribute Based Encryption (ABE) can be applied to allocate an attribute for

individual tasks or functionalities which shows flexible secure environment [11]. Decentralized key approach can be applied forCertificate authorities. Certificate authorities are user programs which gives security certificates for user & data validation or

authorization.

Fig. 3: Multiple policy based encryption in SAP HANA architecture

It’s shown in above Fig.3, E p is considered as encryption policies which is composed with,

E p = C p + A b + Dc

C p is Cipher text policy, A bis Attribute based policy &Dc is Decentralized key policy. As it can be said that Security level is

directly proportional to number of security policies applied over network [8].

Ep α Sl

As E p is considered as summation of multiple security policies and is security level. When the term database comes in the

computing part, data base access is very important parameter. As in SAP HANA data mining approach is used to exchange data.

By applying multiple security policies in database access between SAP HANA database and appliance layer, its communication

medium will be more secured.

V.

CONCLUSION

Database is one of the important computing environments in SAP HANA. In SAP HANA cloud, database access keen to have

secure network to exchange data between database to database and database to client. Multiple security policy approach between

database and appliance increases security level which makes communication more secured.

R EFERENCES

[1]

Sikka, V., Färber, F., Lehner, W., Cha, S. K., Peh, T., & Bornhövd, C. (2012). Efficient transaction processing in SAP HANA

database. SIGMOD Conference (p. 731).





[2]

An Oracle White Paper. (2014). Analysis of SAP HANA High Availability Capabilities. Available:

http://www.oracle.com/technetwork/database/availability/sap-hana-ha-analysis-cwp-1959003.pdf. Last accessed 22nd March 2016.[3]

Intel Real-Time Business Intelligence White Paper.(2014). Security in the Cloud for SAP HANA*. Available:

http://www.intel.in/content/dam/www/public/us/en/documents/white-papers/cloud-security-xeon-e7-v2-sap-virtustream-paper.pdf. Last accessed 22nd

March 2016.

[4]

Färber, F., Cha, S. K., Primsch, J., Bornhövd, C., Sigg, S., & Lehner, W. (2011). SAP HANA Database - Data Management for Modern Business

Applications. SIGMOD Record, 40(4), 45-51.

[5]

SAP HANA-Explore and Analyze Vast Quantities of Data from Virtually Any Source at the Speed of Thought white paper. (2011). SAP HANA™ for Next-Generation Business Applications and Real-Time

Analytics.Available:http://hana.sap.com/content/dam/website/saphana/en_us/S4%20HANA/Final_Launch_S4HANA_Plattner.pdf. Last accessed 19th

March 2016.[6]

Weyerhaeuser, C., Mindnich, T., Faerber, F., & Lehner, W. (2008). Exploiting Graphic Card Processor Technology to Accelerate Data Mining Queries in

SAP NetWeaver BIA. 2008 IEEE International Conference on Data Mining Workshops (pp. 506-515).

[7] Legler, T., Lehner, W., & Ross, A. (2006). Data mining with the SAP NetWeaver BI accelerator, 1059-1068.[8]

Jinguang Han, Willy Susilo, Yi Mu, Jianying Zhou, and Man Ho Allen Au,(MARCH 2015). Improving Privacy and Security in Decentralized Ciphertext-

Policy Attribute-Based Encryption. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10 (3), 665-678.

[9]

P. Bichsel, J. Camenisch, T. Groß, and V. Shoup, “Anonymous credentials on a standard Java Card,” in Proc. ACM Conf. CCS, 2009, pp. 600 – 610.[10]

D. Boneh and M. K. Franklin. Identity-based encryption from the Weil pairing. In CRYPTO, pages213 – 229, 2001

[11]

D. Boneh and X. Boyen. “Efficient selective-id secure identity based encryption without random oracles”. In EUROCRYPT, pages 223 - 238, 2004.

[12]

D. Boneh and X. Boyen. “Secure identity based encryption without random oracles”. In CRYPTO, pages 443-459, 2004

[13] A. Sahai and B. Waters, “Fuzzy identity- based encryption,” in Advances in Cryptology (Lecture Notes in Computer Science), vol. 3494. Heidelberg,

Germany: Springer-Verlag, 2005, pp. 457 – 473.

improving security in sap-hana cloud by applying multiple encryption policies

Documents