Adit > Case Studies > Chemicals Mixing Database

Chemicals Mixing Database

Background

• The customer owns a considerable number of proprietary formulations for products relating to their business area of thermosetting plastics and silicones



• Each formulation is a recipe for the production of a plastic product enjoying specific physical and/or chemical characteristics



• This intellectual property is a key business asset

Major Objectives

The aim of the project was to establish a database capable of ensuring the ongoing confidentiality of the data overall while allowing the organisation's research chemists improved access to this valuable resource.

Critical Areas

• Table of suppliers with addresses and contact names



• Table of materials with current price, specific gravity and a link to the supplier table



• Table of Products with attribute data



• Table of Product formulations with links to relevant entries in the materials table



• Facilities for printing individual formulations, materials lists and product listings



• Facilities will be provided to allow the searching of the product database for products possessing attributes within specified ranges or those including specified materials in their formulation



• Search results will be presented in a list format with "drill down" into individual product specifications and formulations

Special Considerations

Security was a major issue for this project, and the following areas were considered:

Software security

Password access to the program, thus limiting the facilities offered to individual users

Password protected database

Physical Security

The company had already identified the advantages of implementing the proposed database on a PC that included physical adaptations to preclude data copying or printing

Advantages:
Simple to implement
Precludes screen copying and printing
Ensures the physical security of the database

Disadvantages:
Data is only available on a single machine
Data security back-up procedures may be time consuming and there would be a need to secure the back-up media

Light Encryption

The simplest encryption option is to use a straightforward rule based algorithm to encrypt the data being stored in the database

Advantages:
The data encryption would quickly discourage any casual attack that managed to break through the password protection of the database. Any continued attack would require access to suitable computer based tools.
The customer could (should necessity arise) pass details of the rule based encryption procedure to any trusted third party allowing them to access the stored data from a suitable program.

Disadvantages:
Unlikely to protect the data from a determined attack by a knowledgeable cryptanalyst

Key Cipher Encryption

Key cipher encryption could be applied to all or selected sections of the data (such as the formulation) being stored in the database. We can apply ciphers based upon a key with a length ranging from 32 bits to 488 bits. A wisely selected key would make the data unreadable to even the most effective cryptanalysis

Advantages:
Capable of providing unbreakable security for the encrypted data in the database

Disadvantages:
Decryption is impossible without the key and some knowledge of the encryption algorithm used
Losing the key would mean that the stored data could never be recovered