Documente Academic
Documente Profesional
Documente Cultură
Table of Contents
1.ACKNOWLEDGEMENT1
2.ABSTRACT
3.PROBLEM STATEMENT
4.EXISTING SYSTEM
5.PROPOSED SYSTEM
6.TECHNOLOGIES USED 6
6.1.VB.NET 6
6.2.MS ACCESS
6.3.VISUAL STUDIO
6.4.ASP.NET 9
6.5.DYNAMIC LINK LIBRARY 10
7.DIAGRAM 11
8.ENCRYPTION
13
15
11.API DOCUMENTATION
12.SCREENSHOTS 78
13.LIMITATIONS
82
14.CONCLUSION 83
15.REFERENCES
84
76
14
Acknowledgement
Wed like to take this opportunity and thank Shri Bhagubhai Mafatlal Polytechnics dean Prof. Y.I Shah
and Head of department (H.O.D) of Information Technology Mrs. Neeta Kadukar for their constant
support and guidance in making this project a reality.
Wed also like to thank our project guide Ms. Preeti Bokariya for being there with us at every milestone
of the project and our technician Ms. Smita Rajai for helping us out with technical issues.
And last, but not the least, wed like to thank our friends and family for their constant moral support.
Without all the people mentioned above, this project wouldve never seen the light of day.
Abstract
Applications are vulnerable to theft of sensitive information. Hackers all around the world are repeatedly
trying to gain unauthorized access to data. We tried to solve that problem.
We created a technology for encryption which provides practical and provable confidentiality in the face
of these attacks for applications based by MS Access databases. Were calling this technology Lock &
Key.
Lock & Key works by executing SQL queries over encrypted data using AES encryption scheme.
Even if the application is compromised, the attacker wont be able get access to any users data. As a
result, nobody can get access to the original data without authorization.
Problem Statement
Theft of private information is a significant problem, particularly for online applications. An adversary can
exploit software vulnerabilities to gain unauthorized access to servers; curious or malicious administrators
at a hosting or application provider can snoop on private data; and attackers with physical access to servers
can access all data on disk and in memory.
One approach to reduce the damage caused by server compromises is to encrypt sensitive data and run all
computations (application logic) on clients. Unfortunately, several important applications do not lend
themselves to this approach, including database-backed web sites that process queries to generate data for
the user, and applications that compute over large amounts of data.
Even when this approach is tenable, converting an existing server-side application to this form can be
difficult. Another approach would be to consider theoretical solutions such as fully homomorphic
encryption, which allows servers to compute arbitrary functions over encrypted data, while only clients see
decrypted data. However, fully homomorphic encryption schemes are still prohibitively expensive by
orders of magnitude.
We need a technology that can encrypt all the data in a database such that even the database admin wont
have access to the original data.
Existing System
CryptDB
Proposed System
We present Lock & Key, an encryption technology that can be used to encrypt databases. It is an
encryption technique which will encrypt all the data in a database.
It uses a widely acknowledged technique of encryption called AES (Advanced Encryption Standard).
It is a specification for the encryption of electronic data. It has been established by the US national
Institute of Standards and Technology (NIST). AES is based on the Rijndael cipher.
This approach works on MS Access databases. To demonstrate Lock & Key, we have made an ASP.NET
website firing SQL queries to an Access database. We have also created a Windows software with the help
of which the user can create Databases and perform various queries on it.
We have also developed an API of this technology so that other people using Access databases can use it to
encrypt their own data as well.
Technologies used
VB.NET
Visual Basic .NET (VB.NET) is a multi-paradigm, high level programming language, implemented on
the .NET Framework. Microsoft launched VB.NET in 2002 as the successor to its original Visual Basic
language. Although ".NET" portion dropped in 2005, this article uses "Visual Basic .NET" to refer to all
Visual Basic languages releases since 2002, in order to distinguish between them and the classic Visual
Basic. Along with Visual C#, it is one of the two main languages targeting the .NET framework.
Microsoft's integrated development environment (IDE) for developing in Visual Basic .NET language is
Visual Studio. Most of Visual Studio editions are commercial; the only exceptions are Visual Studio
Express and Visual Studio Community which are freeware. In addition, .NET Framework SDK includes a
freeware command-line compiler called vbc.exe. Mono also includes a command-line VB.NET compiler.
A .dll file can be created by VB.NET. Hence, this technology can be used in any ASP.NET, VB.NET or
C#.NET projects.
MS Access
Microsoft Access, also known as Microsoft Office Access, is a database management system from
Microsoft that combines the relational Microsoft Jet Database Engine with a graphical user interface and
software-development tools. It is a member of the Microsoft Office suite of applications, included in the
Professional and higher editions or sold separately.
Microsoft Access stores data in its own format based on the Access Jet Database Engine. It can also import
or link directly to data stored in other applications and databases.
Software developers and data architects can use Microsoft Access to develop application software, and
"power users" can use it to build software applications. Like other Office applications, Access is supported
by Visual Basic for Applications (VBA), an object-oriented programming language that can reference a
variety of objects including DAO (Data Access Objects), ActiveX Data Objects, and many other ActiveX
components. Visual objects used in forms and reports expose their methods and properties in the VBA
programming environment, and VBA code modules may declare and call Windows operating-system
functions.
Visual Studio includes a code editor supporting IntelliSense (the code completion component) as well as
code refactoring. The integrated debugger works both as a source-level debugger and a machine-level
debugger. Other built-in tools include a forms designer for building GUI applications, web designer, class
designer, and database schema designer. It accepts plug-ins that enhance the functionality at almost every
levelincluding adding support for source-control systems (like Subversion) and adding new toolsets like
editors and visual designers for domain-specific languages or toolsets for other aspects of the software
development lifecycle (like the Team Foundation Server client: Team Explorer).
Visual Studio supports different programming languages and allows the code editor and debugger to
support (to varying degrees) nearly any programming language, provided a language-specific service
exists. Built-in languages include C, C++ and C++/CLI (via Visual C++), VB.NET (via Visual Basic
.NET), C# (via Visual C#), and F# (as of Visual Studio 2010). Support for other languages such as M,
Python, and Ruby among others is available via language services installed separately. It also supports
XML/XSLT, HTML/XHTML, JavaScript and CSS. Java (and J#) were supported in the past.
Microsoft provides "Express" editions of its Visual Studio at no cost. Commercial versions of Visual
Studio along with select past versions are available for free to students via Microsoft's DreamSpark
program.
ASP.NET
ASP.NET is an open source server-side Web application framework designed for Web development to
produce dynamic Web pages. It was developed by Microsoft to allow programmers to build dynamic web
sites, web applications and web services.
It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to
Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime
(CLR), allowing programmers to write ASP.NET code using any supported .NET language. The ASP.NET
SOAP extension framework allows ASP.NET components to process SOAP messages.
ASP.NET is in the process of being re-implemented as a modern and modular web framework, together
with other frameworks like Entity Framework. The new framework will make use of the new opensource .NET Compiler Platform (code-name "Roslyn") and be cross platform. ASP.NET MVC, ASP.NET
Web API, and ASP.NET Web Pages (a platform using only Razor pages) will merge into a unified MVC 6.
[3] The project is called "ASP.NET vNext".
Dynamic-link Library
Dynamic-link library (also written unhyphenated), or DLL, is Microsoft's implementation of the shared
library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the
file extension DLL, OCX (for libraries containing ActiveX controls), or DRV (for legacy system drivers).
The file formats for DLLs are the same as for Windows EXE files that is, Portable Executable (PE) for
32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can
contain code, data, and resources, in any combination.
Data files with the same file format as a DLL, but with different file extensions and possibly containing
only resource sections, can be called resource DLLs. Examples of such DLLs include icon libraries,
sometimes having the extension ICL, and font files, having the extensions FON and FOT.
Since DLLs are essentially the same as EXEs, the choice of which to produce as part of the linking process
is for clarity, since it is possible to export functions and data from either.
It is not possible to directly execute a DLL, since it requires an EXE for the operating system to load it
through an entry point, hence the existence of utilities like RUNDLL.EXE or RUNDLL32.EXE which
provide the entry point and minimal framework for DLLs that contain enough functionality to execute
without much support.
DLLs provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade
functionality without requiring applications to be re-linked or re-compiled. From the application
development point of view Windows and OS/2 can be thought of as a collection of DLLs that are
upgraded, allowing applications for one version of the OS to work in a later one, provided that the OS
vendor has ensured that the interfaces and functionality are compatible.
DLLs execute in the memory space of the calling process and with the same access permissions which
means there is little overhead in their use but also that there is no protection for the calling EXE if the DLL
has any sort of bug.
Flow chart
Start
Login input
Login
Yes
Open or
create?
Valid?
Creat
No
Create
parameter
Ope
n
Browse Database
Create Database
Input password
B
Password valid?
No
Yes
Delete
Decryp
t
Confir
m
Confir
m
Delete
Decryp
t
DB
operation
Messag
e
Messag
e
Save
Stop
Edit
Edit screen
Encryption
The Advanced Encryption Standard (AES), also referenced as Rijndael (its original name), is a
specification for the encryption of electronic data established by the U.S. National Institute of Standards
and Technology (NIST) in 2001.
AES is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent
Rijmen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of
ciphers with different key and block sizes.
For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three
different key lengths: 128, 192 and 256 bits.
AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data
Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a
symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November
26, 2001. This announcement followed a five-year standardization process in which fifteen competing
designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable (see
Advanced Encryption Standard process for more details).
AES operates on a 44 column-major order matrix of bytes, termed the state, although some versions of
Rijndael have a larger block size and have additional columns in the state. Most AES calculations are done
in a special finite field.
The key size used for an AES cipher specifies the number of repetitions of transformation rounds that
convert the input, called the plaintext, into the final output, called the ciphertext. The number of cycles of
repetition are as follows:
Each round consists of several processing steps, each containing four similar but different stages, including
one that depends on the encryption key itself. A set of reverse rounds are applied to transform ciphertext
back into the original plaintext using the same encryption key.
In addition to accessing databases or computer hardware, such as hard disk drives or video cards, an API
can ease the work of programming GUI components. For example, an API can facilitate integration of new
features into existing applications (a so-called "plug-in API"). An API can also assist otherwise distinct
applications with sharing data, which can help to integrate and enhance the functionalities of the
applications.
APIs often come in the form of a library that includes specifications for routines, data structures, object
classes, and variables. In other cases, notably SOAP and REST services, an API is simply a specification
of remote calls exposed to the API consumers.
An API specification can take many forms, including an International Standard, such as POSIX, vendor
documentation, such as the Microsoft Windows API, or the libraries of a programming language, e.g., the
Standard Template Library in C++ or the Java APIs.
An API differs from an application binary interface (ABI) in that an API is source code-based while an
ABI is a binary interface. For instance POSIX is an API, while the Linux Standard Base provides an ABI.
Code
MainForm.Designer.vb
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Partial Class MainForm
Inherits System.Windows.Forms.Form
End Class
MainForm.vb
Imports System.Data
Imports System.Data.OleDb
Login.Designer.vb
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Partial Class Login
Inherits System.Windows.Forms.UserControl
CType(resources.GetObject("PictureBox1.Image"),
System.Drawing.Image)
Me.PictureBox1.Location = New System.Drawing.Point(115, 2)
Me.PictureBox1.MaximumSize = New System.Drawing.Size(135, 131)
Me.PictureBox1.Name = "PictureBox1"
Me.PictureBox1.Size = New System.Drawing.Size(135, 131)
Me.PictureBox1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.StretchImage
Me.PictureBox1.TabIndex = 12
Me.PictureBox1.TabStop = False
'
'btnLogin
'
Me.btnLogin.Anchor = System.Windows.Forms.AnchorStyles.None
Me.btnLogin.Location = New System.Drawing.Point(142, 200)
Me.btnLogin.Name = "btnLogin"
Me.btnLogin.Size = New System.Drawing.Size(75, 23)
Me.btnLogin.TabIndex = 11
Me.btnLogin.Text = "Login"
Me.btnLogin.UseVisualStyleBackColor = True
'
'textPass
'
Me.textPass.Anchor = System.Windows.Forms.AnchorStyles.None
Me.textPass.Location = New System.Drawing.Point(115, 166)
Me.textPass.MaximumSize = New System.Drawing.Size(135, 20)
Me.textPass.Name = "textPass"
Me.textPass.PasswordChar = Global.Microsoft.VisualBasic.ChrW(42)
Me.textPass.Size = New System.Drawing.Size(135, 20)
Me.textPass.TabIndex = 10
'
'Label2
'
Me.Label2.Anchor = System.Windows.Forms.AnchorStyles.None
Me.Label2.AutoSize = True
Me.Label2.Location = New System.Drawing.Point(58, 169)
Me.Label2.Name = "Label2"
Me.Label2.Size = New System.Drawing.Size(53, 13)
Me.Label2.TabIndex = 9
Me.Label2.Text = "Password"
'
'textUser
'
Me.textUser.Anchor = System.Windows.Forms.AnchorStyles.None
End Sub
Friend WithEvents PictureBox1 As System.Windows.Forms.PictureBox
Friend WithEvents btnLogin As System.Windows.Forms.Button
Friend WithEvents textPass As System.Windows.Forms.TextBox
Friend WithEvents Label2 As System.Windows.Forms.Label
Friend WithEvents textUser As System.Windows.Forms.TextBox
Friend WithEvents Label1 As System.Windows.Forms.Label
Friend WithEvents Panel1 As System.Windows.Forms.Panel
End Class
Login.vb
Imports System.Data.OleDb
DBOpti.Designer.vb
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Me.EditDB.UseVisualStyleBackColor = True
Me.EditDB.Visible = False
'
'DecrDB
'
Me.DecrDB.Anchor = System.Windows.Forms.AnchorStyles.None
Me.DecrDB.Location = New System.Drawing.Point(167, 133)
Me.DecrDB.Name = "DecrDB"
Me.DecrDB.Size = New System.Drawing.Size(75, 23)
Me.DecrDB.TabIndex = 4
Me.DecrDB.Text = "Decrypt"
Me.DecrDB.UseVisualStyleBackColor = True
Me.DecrDB.Visible = False
'
'Panel1
'
Me.Panel1.AutoSize = True
Me.Panel1.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink
Me.Panel1.Controls.Add(Me.Panel2)
Me.Panel1.Dock = System.Windows.Forms.DockStyle.Fill
Me.Panel1.Location = New System.Drawing.Point(0, 0)
Me.Panel1.Name = "Panel1"
Me.Panel1.Size = New System.Drawing.Size(922, 690)
Me.Panel1.TabIndex = 5
'
'Panel2
'
Me.Panel2.Anchor = System.Windows.Forms.AnchorStyles.None
Me.Panel2.Controls.Add(Me.openDB)
Me.Panel2.Controls.Add(Me.creaDB)
Me.Panel2.Controls.Add(Me.EditDB)
Me.Panel2.Controls.Add(Me.DeleDB)
Me.Panel2.Controls.Add(Me.DecrDB)
Me.Panel2.Location = New System.Drawing.Point(265, 256)
Me.Panel2.Name = "Panel2"
Me.Panel2.Size = New System.Drawing.Size(392, 178)
Me.Panel2.TabIndex = 5
'
'DBOpti
'
Me.AutoScaleDimensions = New System.Drawing.SizeF(6.0!, 13.0!)
Me.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font
Me.AutoSize = True
Me.Controls.Add(Me.Panel1)
Me.Name = "DBOpti"
Me.Size = New System.Drawing.Size(922, 690)
Me.Panel1.ResumeLayout(False)
Me.Panel2.ResumeLayout(False)
Me.ResumeLayout(False)
Me.PerformLayout()
End Sub
DBOpti.vb
Imports System.Data.OleDb
Public Class DBOpti
Dim textpass As String
Dim strConnectionString As String
Private Sub openDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles
openDB.Click
openDBDial.ShowDialog()
End Sub
Private Sub DeleDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles
DeleDB.Click
Try
Dim var = MsgBox("Are you sure?", MsgBoxStyle.YesNo, "Delete Database")
If var = vbYes Then
System.IO.File.Delete(openDBDial.FileName)
End If
Catch ex As Exception
Console.Write(ex.Message)
End Try
End Sub
Private
Sub
openDBDial_FileOk(ByVal
sender
As
Object,
ByVal
As
CreateDB.Designer.vb
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Partial Class CreateDB
Inherits System.Windows.Forms.UserControl
<System.Diagnostics.DebuggerNonUserCode()> _
Protected Overrides Sub Dispose(ByVal disposing As Boolean)
Try
If disposing AndAlso components IsNot Nothing Then
components.Dispose()
End If
Finally
MyBase.Dispose(disposing)
End Try
End Sub
Me.textDBPass.Name = "textDBPass"
Me.textDBPass.PasswordChar = Global.Microsoft.VisualBasic.ChrW(42)
Me.textDBPass.Size = New System.Drawing.Size(170, 20)
Me.textDBPass.TabIndex = 3
'
'Label3
'
Me.Label3.AutoSize = True
Me.Label3.Location = New System.Drawing.Point(19, 134)
Me.Label3.Name = "Label3"
Me.Label3.Size = New System.Drawing.Size(102, 13)
Me.Label3.TabIndex = 6
Me.Label3.Text = "Database Password"
'
'textConfPass
'
Me.textConfPass.AccessibleRole = System.Windows.Forms.AccessibleRole.Pane
Me.textConfPass.Location = New System.Drawing.Point(127, 174)
Me.textConfPass.Name = "textConfPass"
Me.textConfPass.PasswordChar = Global.Microsoft.VisualBasic.ChrW(42)
Me.textConfPass.Size = New System.Drawing.Size(170, 20)
Me.textConfPass.TabIndex = 4
'
'Label4
'
Me.Label4.AutoSize = True
CreateDB.vb
Imports System.Runtime.InteropServices
Imports System.Data.OleDb
Public Class CreateDB
Dim connString As String
Private Sub PathSelector_LinkClicked(ByVal sender As System.Object, ByVal e As
System.Windows.Forms.LinkLabelLinkClickedEventArgs) Handles PathSelector.LinkClicked
Dim result = SelectPathDial.ShowDialog()
If result = DialogResult.OK Then
If Not SelectPathDial.SelectedPath.EndsWith("\") Then
SelectPathDial.SelectedPath = SelectPathDial.SelectedPath + "\"
End If
PathSelector.Text = SelectPathDial.SelectedPath + textDBName.Text + ".mdb"
End If
End Sub
Try
Dim sCreateString As String
sCreateString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & DatabaseFullPath & ";Jet
OLEDB:Database Password=" + textDBPass.Text
connString = sCreateString
cat.Create(sCreateString)
bAns = True
Dim conn As New ADODB.Connection()
conn = cat.ActiveConnection
conn.Close()
cat = Nothing
Catch Excep As System.Runtime.InteropServices.COMException
MsgBox(Excep.Message)
bAns = False
Finally
cat = Nothing
End Try
Return bAns
End Function
End Class
EditDB.Designer.vb
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Partial Class EditDB
Inherits System.Windows.Forms.UserControl
<System.Diagnostics.DebuggerNonUserCode()> _
Protected Overrides Sub Dispose(ByVal disposing As Boolean)
Try
If disposing AndAlso components IsNot Nothing Then
components.Dispose()
End If
Finally
MyBase.Dispose(disposing)
End Try
End Sub
Me.TabPage1.Controls.Add(Me.txtColName)
Me.TabPage1.Controls.Add(Me.Label2)
Me.TabPage1.Location = New System.Drawing.Point(4, 22)
Me.TabPage1.Name = "TabPage1"
Me.TabPage1.Padding = New System.Windows.Forms.Padding(3)
Me.TabPage1.Size = New System.Drawing.Size(671, 316)
Me.TabPage1.TabIndex = 0
Me.TabPage1.Text = "Schema"
Me.TabPage1.UseVisualStyleBackColor = True
'
'ListColumns
'
Me.ListColumns.FormattingEnabled = True
Me.ListColumns.Location = New System.Drawing.Point(521, 9)
Me.ListColumns.Name = "ListColumns"
Me.ListColumns.Size = New System.Drawing.Size(127, 264)
Me.ListColumns.TabIndex = 10
'
'DeleColumn
'
Me.DeleColumn.Location = New System.Drawing.Point(35, 147)
Me.DeleColumn.Name = "DeleColumn"
Me.DeleColumn.Size = New System.Drawing.Size(91, 23)
Me.DeleColumn.TabIndex = 9
Me.DeleColumn.Text = "Delete Column"
Me.DeleColumn.UseVisualStyleBackColor = True
Me.DeleColumn.Visible = False
'
'EditColumn
'
Me.EditColumn.Location = New System.Drawing.Point(224, 147)
Me.EditColumn.Name = "EditColumn"
Me.EditColumn.Size = New System.Drawing.Size(75, 23)
Me.EditColumn.TabIndex = 8
Me.EditColumn.Text = "Edit Column"
Me.EditColumn.UseVisualStyleBackColor = True
Me.EditColumn.Visible = False
'
'AddColumn
'
Me.AddColumn.Location = New System.Drawing.Point(138, 147)
Me.AddColumn.Name = "AddColumn"
Me.AddColumn.Size = New System.Drawing.Size(75, 23)
Me.AddColumn.TabIndex = 6
Me.AddColumn.Text = "Add Column"
Me.AddColumn.UseVisualStyleBackColor = True
'
'ComboSize
'
Me.ComboSize.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList
Me.ComboSize.FormattingEnabled = True
Me.ComboSize.Items.AddRange(New Object() {"16", "32", "48", "64", "80", "96", "112", "128"})
Me.Label3.AutoSize = True
Me.Label3.Location = New System.Drawing.Point(6, 52)
Me.Label3.Name = "Label3"
Me.Label3.Size = New System.Drawing.Size(57, 13)
Me.Label3.TabIndex = 2
Me.Label3.Text = "Data Type"
'
'txtColName
'
Me.txtColName.Location = New System.Drawing.Point(97, 9)
Me.txtColName.Name = "txtColName"
Me.txtColName.Size = New System.Drawing.Size(119, 20)
Me.txtColName.TabIndex = 1
'
'Label2
'
Me.Label2.AutoSize = True
Me.Label2.Location = New System.Drawing.Point(6, 13)
Me.Label2.Name = "Label2"
Me.Label2.Size = New System.Drawing.Size(73, 13)
Me.Label2.TabIndex = 0
Me.Label2.Text = "Column Name"
'
'TabPage2
'
Me.TabPage2.Controls.Add(Me.DisplayData)
Me.queryText.TabIndex = 2
'
'Label1
'
Me.Label1.Anchor = System.Windows.Forms.AnchorStyles.None
Me.Label1.AutoSize = True
Me.Label1.Location = New System.Drawing.Point(39, 365)
Me.Label1.Name = "Label1"
Me.Label1.Size = New System.Drawing.Size(66, 13)
Me.Label1.TabIndex = 3
Me.Label1.Text = "Enter Query:"
'
'runQueryButton
'
Me.runQueryButton.Anchor = System.Windows.Forms.AnchorStyles.None
Me.runQueryButton.Location = New System.Drawing.Point(767, 365)
Me.runQueryButton.Name = "runQueryButton"
Me.runQueryButton.Size = New System.Drawing.Size(75, 23)
Me.runQueryButton.TabIndex = 4
Me.runQueryButton.Text = "Fire"
Me.runQueryButton.UseVisualStyleBackColor = True
'
'AddTabl
'
Me.AddTabl.Anchor = System.Windows.Forms.AnchorStyles.None
Me.AddTabl.Location = New System.Drawing.Point(9, 319)
Me.AddTabl.Name = "AddTabl"
Me.AddTabl.Size = New System.Drawing.Size(27, 23)
Me.AddTabl.TabIndex = 5
Me.AddTabl.Text = "+"
Me.AddTabl.UseVisualStyleBackColor = True
'
'DeleTabl
'
Me.DeleTabl.Anchor = System.Windows.Forms.AnchorStyles.None
Me.DeleTabl.Location = New System.Drawing.Point(42, 319)
Me.DeleTabl.Name = "DeleTabl"
Me.DeleTabl.Size = New System.Drawing.Size(27, 23)
Me.DeleTabl.TabIndex = 6
Me.DeleTabl.Text = "-"
Me.DeleTabl.UseVisualStyleBackColor = True
'
'editTabl
'
Me.editTabl.Anchor = System.Windows.Forms.AnchorStyles.None
Me.editTabl.Location = New System.Drawing.Point(75, 319)
Me.editTabl.Name = "editTabl"
Me.editTabl.Size = New System.Drawing.Size(32, 23)
Me.editTabl.TabIndex = 7
Me.editTabl.Text = "C"
Me.editTabl.UseVisualStyleBackColor = True
Me.editTabl.Visible = False
'
'Panel1
'
Me.Panel1.Anchor = System.Windows.Forms.AnchorStyles.None
Me.Panel1.Controls.Add(Me.TabControl1)
Me.Panel1.Controls.Add(Me.editTabl)
Me.Panel1.Controls.Add(Me.DeleTabl)
Me.Panel1.Controls.Add(Me.queryText)
Me.Panel1.Controls.Add(Me.AddTabl)
Me.Panel1.Controls.Add(Me.Label1)
Me.Panel1.Controls.Add(Me.runQueryButton)
Me.Panel1.Controls.Add(Me.TableName)
Me.Panel1.Location = New System.Drawing.Point(137, 96)
Me.Panel1.Name = "Panel1"
Me.Panel1.Size = New System.Drawing.Size(911, 440)
Me.Panel1.TabIndex = 11
'
'EditDB
'
Me.AutoScaleDimensions = New System.Drawing.SizeF(6.0!, 13.0!)
Me.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font
Me.Controls.Add(Me.Panel1)
Me.Name = "EditDB"
Me.Size = New System.Drawing.Size(1184, 632)
Me.TabControl1.ResumeLayout(False)
Me.TabPage1.ResumeLayout(False)
Me.TabPage1.PerformLayout()
Me.TabPage2.ResumeLayout(False)
CType(Me.DisplayData, System.ComponentModel.ISupportInitialize).EndInit()
Me.Panel1.ResumeLayout(False)
Me.Panel1.PerformLayout()
Me.ResumeLayout(False)
End Sub
Friend WithEvents TableName As System.Windows.Forms.ListBox
Friend WithEvents TabControl1 As System.Windows.Forms.TabControl
Friend WithEvents TabPage1 As System.Windows.Forms.TabPage
Friend WithEvents TabPage2 As System.Windows.Forms.TabPage
Friend WithEvents DisplayData As System.Windows.Forms.DataGridView
Friend WithEvents queryText As System.Windows.Forms.TextBox
Friend WithEvents Label1 As System.Windows.Forms.Label
Friend WithEvents runQueryButton As System.Windows.Forms.Button
Friend WithEvents AddTabl As System.Windows.Forms.Button
Friend WithEvents DeleTabl As System.Windows.Forms.Button
Friend WithEvents editTabl As System.Windows.Forms.Button
Friend WithEvents txtColName As System.Windows.Forms.TextBox
Friend WithEvents Label2 As System.Windows.Forms.Label
Friend WithEvents Label3 As System.Windows.Forms.Label
Friend WithEvents ComboDataType As System.Windows.Forms.ComboBox
Friend WithEvents ComboSize As System.Windows.Forms.ComboBox
Friend WithEvents Label4 As System.Windows.Forms.Label
Friend WithEvents AddColumn As System.Windows.Forms.Button
EditDB.vb
Imports System.Data.OleDb
Public Class EditDB
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
Private Sub loadData()
Dim class1 As New RAYDB.RAYEncryption
class1.strConnString = strConnString
Dim cnnOLEDB As New OleDbConnection
cnnOLEDB.ConnectionString = strConnString
Try
class1.ExecuteSelect("SELECT * FROM " + TableName.SelectedItem.ToString())
cnnOLEDB.Open()
Dim dataAdapter = New OleDbDataAdapter("SELECT * FROM " +
TableName.SelectedItem.ToString(), cnnOLEDB)
Dim ds = New DataSet()
dataAdapter.Fill(ds)
DisplayData.DataSource = ds.Tables(0)
cnnOLEDB.Close()
class1.EndQuery("SELECT * FROM " + TableName.SelectedItem.ToString())
Catch ex As OleDbException
MsgBox(ex.Message())
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
Private Sub TableName_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles TableName.SelectedIndexChanged
loadData()
LoadCols()
End Sub
Private Sub LoadData(ByVal query As String)
Dim cnnOLEDB As New OleDbConnection
cnnOLEDB.ConnectionString = strConnString
Try
cnnOLEDB.Open()
Dim dataAdapter = New OleDbDataAdapter(query, cnnOLEDB)
Dim ds = New DataSet()
dataAdapter.Fill(ds)
DisplayData.Columns.Clear()
DisplayData.AutoGenerateColumns = True
DisplayData.DataSource = ds.Tables(0)
cnnOLEDB.Close()
Catch ex As OleDbException
MsgBox(ex.Message())
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
Private Sub runQueryButton_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
Handles runQueryButton.Click
Dim class1 As New RAYDB.RAYEncryption
class1.strConnString = strConnString
Dim cnnOLEDB As New OleDbConnection
cnnOLEDB.ConnectionString = strConnString
Try
cnnOLEDB.Open()
If queryText.Text.Contains("SELECT") Then
class1.ExecuteSelect(queryText.Text)
loadData(queryText.Text)
class1.EndQuery(queryText.Text)
Else
class1.ExecuteInsertUpdate(queryText.Text)
Dim cmdOLEDB As New OleDbCommand
cmdOLEDB.Connection = cnnOLEDB
cmdOLEDB.CommandText = queryText.Text
cmdOLEDB.ExecuteNonQuery()
cnnOLEDB.Close()
class1.EndQuery(queryText.Text)
DisplayTableNames()
End If
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Try
If Not String.IsNullOrWhiteSpace(Text) Then
cnnOLEDB.Open()
cmdOLEDB.Connection = cnnOLEDB
cmdOLEDB.CommandText = "CREATE TABLE " + Text
cmdOLEDB.ExecuteNonQuery()
cmdOLEDB.CommandText = "INSERT INTO TableList(TableName) VALUES('" + Text + "')"
cmdOLEDB.ExecuteNonQuery()
cnnOLEDB.Close()
DisplayTableNames()
End If
Catch ex As OleDbException
MsgBox(ex.Message())
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
Private Sub DeleTabl_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles
DeleTabl.Click
Dim cnnOLEDB As New OleDbConnection
Dim cmdOLEDB As New OleDbCommand
cnnOLEDB.ConnectionString = strConnString
Try
Dim var = MsgBox("Are you sure you want to delete the table?", MsgBoxStyle.YesNo)
If var = 6 Then
cnnOLEDB.Open()
cmdOLEDB.Connection = cnnOLEDB
Console.WriteLine(ex.Message)
End Try
End Sub
Private Sub TabControl1_SelectedIndexChanged(ByVal sender As Object, ByVal e As System.EventArgs)
Handles TabControl1.SelectedIndexChanged
If TabControl1.SelectedIndex = 0 Then
LoadCols()
Else
loadData()
End If
End Sub
Private Sub AddColumn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles
AddColumn.Click
Try
Dim SelectTableID As String
SelectTableID = "Select TablID From TableList where TableName = '" +
TableName.SelectedItem.ToString + "'"
Dim Query = "ALTER TABLE " + TableName.SelectedItem.ToString + " ADD " +
txtColName.Text + " " + "TEXT"
If ComboSize.Enabled Then
Query = Query + "(" + (Integer.Parse(ComboSize.SelectedItem.ToString) + 16).ToString + ")"
End If
Dim cnnOLEDB As New OleDbConnection
Dim cmdOLEDB As New OleDbCommand
cnnOLEDB.ConnectionString = strConnString
cnnOLEDB.Open()
cmdOLEDB.Connection = cnnOLEDB
cmdOLEDB.CommandText = SelectTableID
Dim result = cmdOLEDB.ExecuteReader()
result.Read()
Dim id = result.GetInt32(0)
result.Close()
Dim InsertCol = "Insert into ColuList(TablID, ColuName, ColuDataType, ColuSize) Values (" +
id.ToString + ",'" + txtColName.Text + "', '" + ComboDataType.SelectedItem + "','" +
ComboSize.SelectedItem + "')"
cmdOLEDB.CommandText = InsertCol
cmdOLEDB.ExecuteNonQuery()
cmdOLEDB.CommandText = Query
cmdOLEDB.ExecuteNonQuery()
cnnOLEDB.Close()
LoadCols()
Catch ex As OleDbException
MsgBox(ex.Message())
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
Private Sub ComboDataType_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles ComboDataType.SelectedIndexChanged
If ComboDataType.SelectedItem <> "Text" Then
ComboSize.Enabled = False
Else
ComboSize.Enabled = True
End If
End Sub
Private Sub editTabl_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
Handles editTabl.Click
Dim Text = InputBox("Enter TableName", "Database", , , )
Dim cnnOLEDB As New OleDbConnection
Dim cmdOLEDB As New OleDbCommand
cnnOLEDB.ConnectionString = strConnString
Try
If Not String.IsNullOrWhiteSpace(Text) Then
cnnOLEDB.Open()
cmdOLEDB.Connection = cnnOLEDB
cmdOLEDB.CommandText = "ALTER TABLE " + TableName.SelectedItem.ToString +
"RENAME TO " + Text
cmdOLEDB.ExecuteNonQuery()
cmdOLEDB.CommandText = "UPDATE TableList set TableName = '" + Text + "' WHERE
TableName = '" + TableName.SelectedItem.ToString + "'"
cmdOLEDB.ExecuteNonQuery()
cnnOLEDB.Close()
DisplayTableNames()
End If
Catch ex As OleDbException
MsgBox(ex.Message())
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
ComboDataType.SelectedIndex = ComboDataType.FindStringExact(coluType)
If coluType = "Text" Then
ComboSize.SelectedIndex = ComboSize.FindStringExact(coluSize)
Else
ComboSize.Enabled = False
End If
EditColumn.Visible = True
DeleColumn.Visible = True
result.Close()
Catch ex As OleDbException
MsgBox(ex.Message())
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End If
End Sub
Private Sub DeleColumn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles
DeleColumn.Click
Try
Dim SelectTableID As String
SelectTableID = "Select TablID From TableList where TableName = '" +
TableName.SelectedItem.ToString + "'"
Dim Query = "ALTER TABLE " + TableName.SelectedItem.ToString + " DROP " +
txtColName.Text
Dim cnnOLEDB As New OleDbConnection
Dim cmdOLEDB As New OleDbCommand
cnnOLEDB.ConnectionString = strConnString
cnnOLEDB.Open()
cmdOLEDB.Connection = cnnOLEDB
cmdOLEDB.CommandText = SelectTableID
Dim result = cmdOLEDB.ExecuteReader()
result.Read()
Dim id = result.GetInt32(0)
result.Close()
Dim InsertCol = "DELETE FROM ColuList WHERE ColuName = '" +
ListColumns.SelectedItem.ToString + "' AND TablID = " + id.ToString
cmdOLEDB.CommandText = InsertCol
cmdOLEDB.ExecuteNonQuery()
cmdOLEDB.CommandText = Query
cmdOLEDB.ExecuteNonQuery()
cnnOLEDB.Close()
LoadCols()
Catch ex As OleDbException
MsgBox(ex.Message())
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
End Class
RAYEncryption.vb
Imports System.Data.OleDb
Imports System.IO
Imports System.Security.Cryptography
Imports System.Text
Public Class RAYEncryption
Public strConnString As String
Public Sub EncryptDB()
Dim rst As New ADODB.Recordset
Try
rst.Open("SELECT * FROM TableList", strConnString)
rst.MoveFirst()
While Not rst.EOF
Dim tableName As ADODB.Field
tableName = rst.Fields.Item("TableName")
Dim ColList As New ADODB.Recordset
ColList.LockType = ADODB.LockTypeEnum.adLockPessimistic
ColList.Open("Select * From " + tableName.Value, strConnString)
ColList.MoveFirst()
Dim i = 0
While Not ColList.EOF
Dim fld As ADODB.Field
For Each fld In ColList.Fields
fld.Value = Encrypt(fld.Value.ToString, "LOCKEY")
Next
ColList.MoveNext()
End While
rst.MoveNext()
End While
rst.Close()
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
Public Sub DecryptDB()
Dim rst As New ADODB.Recordset
Try
rst.Open("SELECT * FROM TableList", strConnString)
rst.MoveFirst()
While Not rst.EOF
Dim tableName As ADODB.Field
tableName = rst.Fields.Item("TableName")
Dim ColList As New ADODB.Recordset
ColList.LockType = ADODB.LockTypeEnum.adLockPessimistic
ColList.Open("Select * From " + tableName.Value, strConnString)
ColList.MoveFirst()
Dim i = 0
While Not ColList.EOF
Dim fld As ADODB.Field
For Each fld In ColList.Fields
fld.Value = Decrypt(fld.Value.ToString, "LOCKEY")
Next
ColList.MoveNext()
End While
rst.MoveNext()
End While
rst.Close()
Catch ex As Exception
Console.WriteLine(ex.Message)
Finally
rst.Close()
End Try
End Sub
Private Function Encrypt(ByVal plainText As String, ByVal secretKey As String) As String
Dim encryptedPassword As String = Nothing
Using outputStream As MemoryStream = New MemoryStream()
Dim algorithm As RijndaelManaged = getAlgorithm(secretKey)
Using cryptoStream As CryptoStream = New CryptoStream(outputStream,
algorithm.CreateEncryptor(), CryptoStreamMode.Write)
Dim inputBuffer() As Byte = Encoding.Unicode.GetBytes(plainText)
cryptoStream.Write(inputBuffer, 0, inputBuffer.Length)
cryptoStream.FlushFinalBlock()
encryptedPassword = Convert.ToBase64String(outputStream.ToArray())
End Using
End Using
Return encryptedPassword
End Function
Private Function Decrypt(ByVal encryptedBytes As String, ByVal secretKey As String) As String
Dim plainText As String = Nothing
Using
inputStream
As
MemoryStream(Convert.FromBase64String(encryptedBytes))
Dim algorithm As RijndaelManaged = getAlgorithm(secretKey)
MemoryStream
New
End Class
API Documentation
Class name: RAYEncryption
Method name: ExecuteSelect(string query)
This method should be called before executing any SELECT query on the database. Pass the query that
you want to execute as this methods parameter.
Method name: ExecuteInsertUpdate(string query)
This method should be called before executing any INSERT or UPDATE query on the database. Pass the
query that you want to execute as this methods parameter.
Method name: EndQuery(string query)
This method should be called after executing all the queries.
Screenshots
Limitations
Conclusion
We presented Lock & Key, a system that provides a practical and strong level of confidentiality in the face
of two significant threats confronting database-backed applications: curious DBAs and arbitrary
compromises of the application server and the DBMS.
This technology will benefit administrators dealing with sensitive information secure their data.
References
Advanced Encryption Standard (AES) Instructions Set
https://www.intel.in/content/dam/www/public/us/en/documents/white-papers/aes-instructions-set-whitepaper.pdf
VB.Net documentation
http://msdn.microsoft.com/en-us/library/2x7h1hfk.aspx
ASP.Net documentation
https://aspnet.codeplex.com/documentation