Empress
Technical News -  April 2013
  
 
 Empress SDK
for Android - Now with Encryption 
 Data Security for Android
Application Developers
  
 
 
 Introduction
 Google’s Android is a Linux platform that empowers the development
of embedded devices targeted to mobile devices. Android, which is
based on a Linux Kernel, is an operating system and software stack
for mobile devices that includes middleware and key applications.
It enables developers to write Java code controlling the embedded
device via Google-developed Java libraries through a Dalvik Java
Virtual Machine.
 
 Empress SDK with Encryption for Android, allows Android
application developers to create embedded database driven
applications that require security, high performance and
reliability. 
 
 Empress supports the JDBC open database access API. Empress with
encryption includes the use of AES encryption calls, callable
admin functions and setting of Empress System variables in the
Android environment.
 
 A Typical Empress Android application is shown in Figure
1. This figure shows a running application containing the
Empress JDBC Local Access Driver which uses the Empress Database
engine to execute database tasks against Empress databases.
   
 
                                             Figure
1: Typical Empress Android application
 
 
 
 
 Using Encrypted Database
 
 Newer versions of Android come with AES encryption API support for
data stored on Android devices. Empress has extended data security
for its embedded database so that application developers have more
selective control on which data to secure or not secure.
 
 Figure 2 shows  Empress Application Using
Encryption. It shows the concept of adding a Security
Library, which contains a cipher, to the Empress Database engine.
The Empress database engine is effectively integrated with the
Open SSL libcrypto library which performs data encryption
and decryption. A cipher key may be held in a protected place in
the file system, in an application or process environment or with
a user. 
   
  
                                     Figure 2: Android Empress
Application Using Encryption
 
 
 How It Works
 
 The encryption is done on a column level. Users have the
capability to define which columns are to be encrypted.
 
 Let’s assume a scenario where the database table customer has four
columns cust_no, name, ssn and address, where
customer number  and social security number ssn
need to be encrypted. Use the following SQL CREATE TABLE command
to create such a table in an Empress database:
 
                   CREATE TABLE customer ( 
                                 cust_no INTEGER NOT NULL ENCRYPTED, 
                                 name CHAR(20), 
                                 ssn CHAR(9) ENCRYPTED, 
                                 address VARCHAR(64) 
 
 Since the column cust_no is used for searching, an index
is created as follows:
 
           CREATE UNIQUE INDEX
customer_index ON customer(cust_no) 
 
 Empress RDBMS will encrypt data for the columns 
and ssn that need encryption and decrypt data from those
columns when the application needs it. 
 
 User applications that access the table  
need NO changing. The same scenario works for all the interfaces
that Empress offers including C, C++, ODBC, JDBC, SQL and also for
Empress utilities.
 
 Furthermore, users are given the ability to change between an
encrypted and an unencrypted form by altering the database schema
thus changing the column or columns that need to be encrypted. For
example:
 
                   ALTER TABLE customer CHANGE ssn
NOT ENCRYPTED 
 
 Or to define the encryption on the column again:
 
                   ALTER TABLE customer CHANGE ssn ENCRYPTED 
 
 One ALTER command can be issued in order to define encryption on
multiple columns at once.
 
 Users do NOT have to change the data type or the size of the
encrypted column.
 
 
 Main Benefits for Using Empress Encryption
 
 The following are the main benefits of using encryption with
Empress on Android: 
 
 
 
 - Selectively secures database data.
This protects selected user data in a database including logs
and backup files.
- An efficient security solution.
Low performance overhead on encryption & decryption with
minimal database size increases.
- No need for application code
changes. No change is needed to existing Android
applications that use data in an unencrypted Empress database.
- No need for adding external
provisions in the database Empress accommodates
encryption with stored procedures, triggers, views, etc. 
 The Empress solution is painless for users who choose to convert
their non-secure Empress database solution to a secure one.
 
 
 Instead of Summary
 Empress SDK with Encryption for Android addresses the growing need
for more secure, complex, reliable and efficient database driven
Android applications. In addition to the standard JDBC API,
Empress on Android supports many extended functionalities. 
 
 To mention a few: selective encryption feature across all
interfaces, usage of callable administration functions and ability
to set Empress system variables in the Android environment.
 
 
 Empress Software Inc.
www.empress.com