Database security framework design using tokenization

Abstract

One of the challenging tasks in database management system today is protecting sensitive data that are complex in the database system. Most organization opt for implementation of data encryption which is one of the most effective security control mechanism, but data encryption only render information unreadable to those that do not have the secret decryption key. The core issue with data encryption techniques is that, it is reversibly. In these regards, sensitive data need to be tokenized first before encrypting for better security. Therefore, this work is introducing tokenization technique. Tokenization means replacement or substitution of sensitive data with a token, as an additional technique on database system for protecting sensitive data in all higher institutions and other firms that deal with sensitive data. A database security framework using tokenization was design, implemented using NetBeans 8.1 IDE, Java Platform SE binary (jdk-8u91-windows-x64) and xampp-windows-x64-7.3.7-0-VC15 (Apache and MySQL), an official IDE for Java 8 and then encrypt the tokenized data using AES before storing it in server 127.0.0.1 a localhost phpMyAdmin Database tools and evaluated with other security systems (encoding, hashing and encryption) on student database. Results shows that tokenization technique has 95% capacity to protect sensitive data compare to other security systems.