A novel redis security extension for NoSQL database using authentication and encryption

Redis is a new generation NoSQL database. Redis in its simplest form is a key value pair based data system. It supports all the data structures like variables, Linked list, arrays, strings, and queues. However unlike the conventional databases, Redis does not provide enough security for the data. Anyone can get the value if the key is known because the data is stored in the form of key value pair. Therefore such a database is unsuitable for enterprise and most practical application data. In this paper, the work is carried out to add immense security to a Redis system using following: a) Authentication Service b) Encryption Services c) Security to persistent data d) Security to blob data (multimedia data for images). The Encryption algorithm plays a very important role in the field of Database Management System. Here we make use of AES algorithm because the AES algorithm consumes least Encryption and Decryption time in comparison with RSA and DES [12]. The principle of the work is that a separate Key is created in the database whose value is an encrypted data, encrypted by symmetric key cryptography using AES. This data contains all other key values being concatenated and encrypted. Once a query is generated, first the extraction of independent data entities are made, followed by decryption of data using symmetric key. We also design a UI system to demonstrate the capabilities of the system with and without the security implementation. The result of our work shows that adding the security extension does not increase the overhead by much in terms of system resources and latency. We also extend the key-value based system to be able to store binary image data which is also stored in the encrypted pattern.