The document discusses a framework for securing data in business intelligence and cloud computing environments. It proposes using tokenization techniques to replace sensitive data with surrogate tokens. The framework includes a tokenization server that generates tokens and stores the token-data mappings in a centralized vault. When data is queried, the tokens are substituted for the actual values. The document outlines the architecture of the framework and algorithms for token generation and substitution to provide data security while enabling analytics.

1. Conducted by:
Eng.Hossam El-Din Hassanien
Supervised by:
Prof. Dr. Ahmed Elragal

2.  Introduction
 Business Intelligence
◦ Technological Approaches
◦ Issues & Challenges
 Cloud Computing
◦ Technological Approaches
◦ Issues & Challenges
 Tokenization Security
◦ Technological Approaches
◦ Benefits & Contribution
 The framework
◦ Architecture & Components
◦ Cryptography
◦ Results
 Conclusion & Future work
By: Hossam El-Din Hassanien December, 27th 2011 2

3.  Introduction
 Business Intelligence
◦ Technological Approaches
◦ Issues & Challenges
 Cloud Computing
◦ Technological Approaches
◦ Issues & Challenges
 Tokenization Security
◦ Technological Approaches
◦ Benefits & Contribution
 The framework
◦ Architecture & Components
◦ Cryptography
◦ Results
 Conclusion & Future work
By: Hossam El-Din Hassanien December, 27th 2011 3

4. Business-Intelligence Solution
•Advanced Multi-Dimensional Analytics
•Efficient and Accurate Enterprise Performance
Decision Support Management
Cap-Ex to Op-Ex •Leveraging sophisticated Business Computing
solutions for SMEs
Transformation •TCO (Total Cost of Ownership)
reduction/management expanding
organizational ROI (Return on Investment)
•Advanced Cryptography mechanisms
Secure Data •Untraceable ciphers omitting reverse
engineering to plain texts
Perimeters
By: Hossam El-Din Hassanien December, 27th 2011 4

5.  Introduction
 Business Intelligence
◦ Technological Approaches
◦ Issues & Challenges
 Cloud Computing
◦ Technological Approaches
◦ Issues & Challenges
 Tokenization Security
◦ Technological Approaches
◦ Benefits & Contribution
 The framework
◦ Architecture & Components
◦ Cryptography
◦ Results
 Conclusion & Future work
By: Hossam El-Din Hassanien December, 27th 2011 5

6.  Term Formulated by Howard
Dressner, Vice President and
Research Fellow in Gartner Decision Making
research during the1980’s.
Transactions
and Planning
 Initially known as DSS (Decision
Support System).
Plan Act
 Refers to Computer based Reporting and Extract, Transform
methodologies and techniques Analysis and Load
used to identify, extract and Analyze Measure
analyze crucial historical, current
and predictive business data
through employing advanced
technological tools serving
enhanced decision making. Business Modeling Data Warehouse
By: Hossam El-Din Hassanien December, 27th 2011 6

7.  “Getting data in, Getting
information out.”
◦ Data Warehousing:
 Schema structures
 Star
 Snowflake
 OLAP data stores
 Transforming transactional data processing
to analytical data processing.
◦ Tactical and Strategic Analytics
 Dashboards and Scorecards
 Multi-dimension analysis
Data Warehousing Architectures
 Cross functional
comparisons
 Trend analysis
Dashboards and
OLAP cubes Scorecards
By: Hossam El-Din Hassanien December, 27th 2011 7

8.  Requires massive amounts resources.
◦ Network
◦ Storage
◦ Processing Power
◦ Advanced technological tools
 Requires extreme secure perimeter
◦ Protecting the tactical and strategic
confidential data
Photo taken during World War II.
 Financial “If you talk too much, this man may
 Inter-departmental die.”
 Etc.
 Limitations in a nutshell
◦ Elevated Security requirements
◦ Increasing TCO and ROI reduction
By: Hossam El-Din Hassanien December, 27th 2011 8

9.  Introduction
 Business Intelligence
◦ Technological Approaches
◦ Issues & Challenges
 Cloud Computing
◦ Technological Approaches
◦ Issues & Challenges
 Tokenization Security
◦ Technological Approaches
◦ Benefits & Contribution
 The framework
◦ Architecture & Components
◦ Cryptography
◦ Results
 Conclusion & Future work
By: Hossam El-Din Hassanien December, 27th 2011 9

10.  “Among the top 3
technology trends to
impact IT
Infrastructure, top 10 to
impact Business
Development”. Gartner Inc.
 Is the new utility model of
IT services delivery on a
“Pay-per-Use”
schemes, through
deploying scalable
virtualized resources that
are allocated on a user
choice of combinations of
types and models.
By: Hossam El-Din Hassanien December, 27th 2011 10

11.  Cloud Computing Types:
◦ SaaS (Software-as-a-Service)
 Defines the utility services and user
control provided by the SP (Service
Provider) over the application level.
◦ PaaS (Platform-as-a-Service)
 Defines the utility services and user
control provided by the SP over the
application as well as the platform
level.
◦ IaaS (Infrastructure-as-as-Service)
 Defines the utility services and user
control provided by the SP over the
application ,the platform level. and
Infrastructure level.
By: Hossam El-Din Hassanien December, 27th 2011 11

12.  Cloud Computing
Models: ◦ Community Cloud
◦ Public Cloud  Virtualized to be shared and
 Virtualized to be shared and used used by the public with access
by the public with no segregations to several communityy
done by SPs over user groups.
classifications.  Adopted by community
 Widely adopted groups.
 Least Expensive  Security constrained only by
adversarial frequencies within
 Usually poses security constraints
the community.
◦ Private Cloud ◦ Hybrid Cloud
 Virtual remote privately dedicated
 Combines outsourcing virtual
and leased to the users.
resources with on-premise
 Adopted by enterprises interested resource hosting.
in full resource outsourcing and
 Usually adopted by
highest security measures.
stakeholders seeking
 Comparatively expensive. expanding present
 Security constrained by SP defense infrastructures,
mechanisms.  Security constraints
complemented by merging SP
enforced rules and
stakeholders measures.
By: Hossam El-Din Hassanien December, 27th 2011 12

13.  Security , privacy and trust.
◦ Third party control over production resources.
◦ Hosting confidential data, posing leakage threats.
 Currently based on Open-Standards
◦ Ad-hoc standards as the only real standards.
 Customized SLAs between customers and SPs.
 Data lock-in
◦ Probable inabilities towards completely relinquishing outsized restricted
organizational data.
 Random instance placement
◦ Multi-tenancy over the different types and models of CC.
By: Hossam El-Din Hassanien December, 27th 2011 13

14.  Introduction
 Business Intelligence
◦ Technological Approaches
◦ Issues & Challenges
 Cloud Computing
◦ Technological Approaches
◦ Issues & Challenges
 Tokenization Security
◦ Technological Approaches
◦ Benefits & Contribution
 The framework
◦ Architecture & Components
◦ Cryptography
◦ Results
 Conclusion & Future work
By: Hossam El-Din Hassanien December, 27th 2011 14

15.  Payment Card Industry-Data
Security Standard(PCI-DSS).
 Emerged through research and
developments done by Payment
Card Industry- Security Standards
Council (PCI-SSC).
 Originally adopted to elevate
security measures in PCI.
 Token Servers originates
surrogate values called
tokens, replacing sensitive data
in applications and databases.
These tokens are stored in
Central Data Vaults that is
unlocked only by proper
authorization credentials.
By: Hossam El-Din Hassanien December, 27th 2011 15

16.  Easier to manage and more secure.
◦ Reducing points of crucial data is stored to
only CDVs, hence less exposure.
◦ Consolidating and centralizing security
systems to be audited.
 Eliminates impedance introduced by
inconsistencies aroused from
random encryption.
◦ Records created only once in CDV (Reducing
storage space).
◦ DW sensitive encrypted data values used in
referential integral analytics queries are
consistent.
Absolutely Simpler to
Reverse-Engineering Omission:
Secure Implement

◦ Eliminates mathematical relations between
Simpler to Simpler to
plain-texts and cipher-texts. Manage Audit
By: Hossam El-Din Hassanien December, 27th 2011 16

17.  Introduction
 Business Intelligence
◦ Technological Approaches
◦ Issues & Challenges
 Cloud Computing
◦ Technological Approaches
◦ Issues & Challenges
 Tokenization Security
◦ Technological Approaches
◦ Benefits & Contribution
 The framework
◦ Architecture & Components
◦ Cryptography
◦ Results
 Conclusion & Future work
By: Hossam El-Din Hassanien December, 27th 2011 17

18. Business-Intelligence Solution
Business •Advanced Multi-Dimensional
Analytics
Intelligence/ Decision •Efficient and Accurate
Enterprise Performance
Data Support Management
Warehouse
•Leveraging sophisticated
Cap-Ex to Op-
Hybrid Cloud Business Computing solutions
Ex for SMEs
Computing Transformation
•Cost reduction/management
expanding organizational ROI
Model
•Advanced Cryptography
mechanisms
Tokenization Secure Data •Untraceable ciphers omitting
reverse engineering to plain
Perimeters
Data Security texts
By: Hossam El-Din Hassanien December, 27th 2011 18

19.  Virtual CC resources:
◦ BI/Reporting Server.
◦ Data Warehouse back-end (Tokenized).
BI/Reporting
Server
◦ Extraction, Transform and Load Server.
 On-premise/Private-Cloud resources:
◦ Virtual Private Cloud (VPC) interlink.
◦ Tokenization Server
ETL Server and Data-Warehouse
 Tokenization Data Vault.
 Algorithmic packages and functions orchestrating/maintaining tokens:
 Fine Grained Audit conditional policies (DBMS_FGA) over DB DML operations.
 maintain_Tokenization_lookup_algorithm.
 substitute_values_Actual_to_Token.
 Supervisory global_Algorithm.
Tokenization
Server
By: Hossam El-Din Hassanien December, 27th 2011 19

20. Disparate source systems Present inside or outside Cloud
networks
Tokenization Sever present on-
premise or inside a Private Cloud
Network
Tokenization Server
ETL Server and Data-Warehouse
BI/Reporting
Server
Legen
d:
BI/DWH components hosted inside a Cloud Actual Sensitive
(Public, Private Etc.) Data Flow:
Logical Sensitive
Data Flow:
By: Hossam El-Din Hassanien December, 27th 2011 20

21.  Customized Token generation.
1. maintain_Tokenization_lookup_algorithm
2. substitute_values_Actual_to_Token
 Global algorithm:
•Algorithm
maintain_Tokenization_lookup_algorithm:
ELSE
maintain_Tokenization_lookup_algorithm
SELECT <sensitive_Data_Column_Name>_Token
(
FROM tokenization_lookup_table
SET unique_Token = 0;
WHERE ROWID=(SELECT MAX(ROWID) FROM
tokenization_lookup_table);
GET <sensitive_Data_column_name>;
GET <sensitive_Data_table_name>;
IF sensitive_Data_Cursor.current_Actual_Data exists in
tokenization lookup table;
THEN
CURSOR sensitive_Data_Cursor
END;
IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>;
ELSE
INSERT INTO tokenization_lookup_table
(token,
FOR I = 0 TO sensitive_Data_Cursor.length
corresponding_Sensitive_Data)
(
VALUES
IF SELECT COUNT(token) FROM
(unique_Token,
tokenization_lookup_table
sensitive_Data_Cursor.current_Actual_Data);
=0;
unique_Token ++;
THEN
ENDIF;
INSERT INTO tokenization_lookup_table
I ++;
(token,
corresponding_Sensitive_Data)
) End LOOP;
VALUES
) End maintain_Tokenization_lookup_algorithm;;
(unique_Token,
sensitive_Data_Cursor.current_Actual_Data);
unique_Token ++;
By: Hossam El-Din Hassanien December, 27th 2011 21

22.  Customized Token generation.
1. maintain_Tokenization_lookup_algorithm
2. substitute_values_Actual_to_Token
 Global algorithm:
•Algorithm substitute_values_Actual_to_Token:
substitute_values_Actual_to_Token
(
GET <sensitive_Data_column_name>;
GET <sensitive_Data_table_name>;
CURSOR sensitive_Data_Cursor
IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>;
FOR I = 0 TO sensitive_Data_Cursor.length
(
Token_Value = SELECT token
FROM tokenization_lookup_table
WHERE sensitive_Data_Cursor.
current_sensitive_Data
=
tokenization_lookup_table.
current_Corresponding_Sensitive_Data;
INSERT INTO <actual_table_name>
(<actual_column_name>_token)
VALUES
(Token_Value);
DELETE <actual_table_name>.<actual_column_name>
WHERE <actual_table_name>.<actual_column_name>_token
=
tokenization_lookup_table.token;
) End LOOP;
) End substitute_values_Actual_to_Token;
By: Hossam El-Din Hassanien December, 27th 2011 22

23.  Customized Token generation.
◦ maintain_Tokenization_lookup_algorithm
◦ substitute_values_Actual_to_Token
 Global algorithm:
By: Hossam El-Din Hassanien December, 27th 2011 23

24. Business •Advanced Multi-Dimensional
Analytics
Intelligence/ Decision •Efficient and Accurate
Enterprise Performance
Data Support Management
Warehouse
•Leveraging sophisticated
Cap-Ex to Op-
Hybrid Cloud Business Computing solutions
Ex for SMEs
Computing Transformation
•Cost reduction/management
expanding organizational ROI
Model
•Advanced Cryptography
mechanisms
Tokenization Secure Data •Untraceable ciphers omitting
reverse engineering to plain
Perimeters
Data Security texts
By: Hossam El-Din Hassanien December, 27th 2011 24

25.  Introduction
 Business Intelligence
◦ Technological Approaches
◦ Issues & Challenges
 Cloud Computing
◦ Technological Approaches
◦ Issues & Challenges
 Tokenization Security
◦ Technological Approaches
◦ Benefits & Contribution
 The framework
◦ Architecture & Components
◦ Cryptography
◦ Results
 Conclusion & Future work
By: Hossam El-Din Hassanien December, 27th 2011 25

26.  Conclusion
◦ BI is important for organizations.
 Performance analysis.
 Fact based decision making.
◦ Cloud Computing extensively addresses expense issues with large scale
implementations.
 CapEx to OpEx.
 Undermined resources.
◦ Non-convenitional data security approaches imperative combining BI with CC.
 Simplified Infrastructure management, Data audit, Implementations.
 Elevated levels of data security.
◦ Almost all the current applications does not support Tokenization Data Security.
 Future work
◦ Driving motivations for vendors to support out-of-the-box Tokenization Data
Security.
◦ Sophisticated Tokenization algorithms.
◦ Propagation and Replication of current approaches to different frameworks in
organizations, forming complete center points of truth for data security.
By: Hossam El-Din Hassanien December, 27th 2011 26

27. By: Hossam El-Din Hassanien December, 27th 2011 27