e-ISSN: 2582-5208

International Research Journal of Modernization in Engineering Technology and Science

( Peer-Reviewed, Open Access, Fully Refereed International Journal )
Volume:04/Issue:09/September-2022 Impact Factor- 6.752 www.irjmets.com

ANALYSIS OF SECURITY ISSUES IN NOSQL

Hariom Singh*1
*1Department Of Information Technology, B. K. Birla College Of Arts, Science & Commerce
(Autonomous) Kalyan, Mumbai, Maharashtra, India.
DOI : https://www.doi.org/10.56726/IRJMETS29728
ABSTRACT
The field of databases has expanded considerably in recent decades. People and businesses have generated this
data using social media, mobile apps, web apps and new technologies. This data can be structured, semi-
structured or unstructured. The increased demand for Big Data and Cloud Computing Technologies has forced
organizations to move from relational databases to non-relational databases such as NoSQL. Every person
nowadays tries to secure their data from others. Due to the large volume and variety of big data, security and
privacy issues are increasing in such streaming data infrastructures with different data formats. Traditional
security models struggle to deal with such vast data. In this survey, we discuss security and privacy issues in
NoSQL database.
Keywords: Security, NoSQL Database.
I. INTRODUCTION
NoSQL
In today's modern era, there are various types of data collected. Relational database management system
(RDBMS) was adopted from 70. Oracle database, MySQL and Microsoft SQL Server and almost all databases had
the same basic architecture. Not Only Structured Query Language (NoSQL) is a term used to describe non-
relational databases. Thus, NoSQL includes most data stores that are not based on conventional RDBMS
principles {NoSQL databases use the CAP (Consistency, Availability and Partition Tolerance) and BASE (Basic
Availability, Soft State, Eventual Consistency) theorems in their design unlike RDBMS, which are based on ACID
(Availability, Consistency, Isolation, Durability)} and are used to process large data files on an Internet scale.
Big data poses challenges to traditional ways of storing and processing data, such as RDBMS systems. As a
result, we are seeing the rise of NoSQL databases that are designed to handle this vast amount and variety of
data within time and cost constraints. NoSQL databases evolved from the need to process big data; traditional
RDBMS technologies could not provide an adequate solution.
NoSQL is used for modern scalable databases. Scaling is the ability of a system to increase throughput as data
processing demands increase. To support big data processing, platforms include scaling in two forms of
scalability: horizontal scaling and vertical scaling.[1]
1.1 Horizontal Scaling: In horizontal scaling, the workload is distributed across many servers.
1.2 Vertical Scaling: In vertical scaling more faster hardware, processors and memory are installed within a
single server.
Figure 1 shows the rise of un/semi-structured data over the years as compared to structured data.

Fig 1.1: Rise of un/semi-structured data

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science
[384]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and Science
( Peer-Reviewed, Open Access, Fully Refereed International Journal )
Volume:04/Issue:09/September-2022 Impact Factor- 6.752 www.irjmets.com
II. CATEGORIES OF NOSQL DATABASES
We will explore the NoSQL landscape, here. We will look at the emerging categories of NoSQL databases.[2] [3]
2.1 Key Value Store Databases: It stores data as key-value pairs.
Example - Cassandra, Redis, memcached etc...
2.2 Document-based Data: It is stored in form of documents. For instance, {Name=“Test User”,
Address=“Address1”, Age:8}
Example – MongoDB etc…

Fig 2.1: Categories of NoSQL Databases

2.3 XML Database (Column Oriented Databases): XML is used for storing data, where data is stored in tables
consisting of rows and columns
Example – MarkLogic, Cassandra, Hyper table etc…
2.4 Graph Database: Data is stored as node collections. The nodes are connected via edges. A node is
comparable to an object in a programming language.
Example – Graph DB etc…
NoSQL databases are categorized based on how the data is stored. NoSQL mostly follows a horizontal structure
because of the need to provide curated information from large volumes, usually in near real-time.
Here we will see a comparison of features between different categories of NoSQL databases:

Fig 2.2: Feature of the various categories of NoSQL databases

III. SECURITY CHALLENGES IN NOSQL DATABASES
NoSQL Database security challenges are growing wiled day by day because of the increased demand of the data,
Nelson L. Santos and Giovanni L. Masala [4] [5] give a research on enhancing the security of the data in cloud
using random pattern fragmentation linking with NoSQL database. The fragmentation is providing better
security with less resources and making it ideal in the term of usage for mobile phones, Internet of Things or
big data, where the devices with limited resources giving huge performance [4] . MongoDB and Cassandra, both

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[385]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and Science
( Peer-Reviewed, Open Access, Fully Refereed International Journal )
Volume:04/Issue:09/September-2022 Impact Factor- 6.752 www.irjmets.com
are not able to encrypt our precious data in many terms [6] .NoSQL databases providing us less security than
relational databases. Some major security issues of NoSQL databases are given below [3] [7] :
3.1 Sheltering Rectitude:
In the Uniform environment, NoSQL databases behave like a scrambled situation. In this environment, data
security is much more difficult. In this environment, data security is also a failure.
3.2 Authentication and Encryption :
There is very weak data protection security in NoSQL database. When used in a NoSQL database, authentication
and encryption are very weak.
3.3 Data at Rest : The data at rest is unencrypted Primarily, it is essential to know the importance of database
security. For a database to store information in a secure manner, confidentiality, integrity and availability,
collectively known as CIA, are required.
Confidentiality means that only authorized users or systems have access to the data, Integrity is the accuracy
and consistency of the data over its lifetime, and Availability means that the data should be available whenever
is required.
3.4 Scalability and Availability:
These applications (social Networking Websites) have 2 main needs i.e. measurability and handiness. NoSQL
databases meet this demand. However, the protection of NoSQL databases isn't as strong because the security
of relative databases. NoSQL doesn't strictly follow ACID properties. This in NoSQL is understood as BASE
(basically obtainable, soft state, or consistent) properties.
Instead of being consistent when each dealings, it's okay here for the info to be in an exceedingly consistent
state eventually. It does not need to be the case that you just can perpetually see up-to-date knowledge in
NoSQL databases. you'll be seeing knowledge supported the last photograph taken and also the current
dealings are also interacting with one another.
This inherent rivalry could be a risk that's obligatory on NoSQL databases.
Unlike SQL databases, NoSQL information bases have only a few intrinsically safety features to permit quicker
data access. They lack the attributes of confidentiality and integrity.
Also, since they do not have a set and well-defined schema, you cannot separate permissions. as a result of
NoSQL databases don't give robust security measures on their finish, you may need to admit the safety options
of the applying accessing the information. Compared to relative databases, NoSQL databases are a better target
for security attacks. NoSQL conjointly lacks the power to perform dynamic operations. Cannot guarantee acidic
properties. we should always conjointly detain mind that NoSQL databases don't support a structured
command language. The command language might disagree from information to information. generally, and
particularly for NoSQL databases, knowledge is distributed across multiple servers (sharding).
IV. REQUIRED SECURITY
4.1 Awareness for Threat:
The threats are constant for SQL and NoSQL databases, therefore the solely factor must bear in mind is that
open supply NoSQL contains a very little less in-built security.
While the protection climate for NoSQL Databases is completely different, the threats are primarily an
equivalent as any thought RDBMS knowledge storage resolution. therefore, all the simplest practices that apply
to a standard info additionally apply to NoSQL. No have to be compelled to reinvent the wheel. info directors
are securing relative databases since human beings initial set foot on the moon, therefore this can be not new
territory. bear in mind of the threats that exist, likewise because the simplest techniques for eliminating
vulnerabilities and thwarting attacks.
4.2 Encode the Conscious Catalogue:
While it's going to not be necessary to code each very little factor, it's essential to code info keep inside
additional sensitive information fields and fields subject to any compliance rules. Of course, a similar backup
associated disaster recovery requirements that exist for an RDBMS information storage solution conjointly
apply to NoSQL information or application.

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[386]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and Science
( Peer-Reviewed, Open Access, Fully Refereed International Journal )
Volume:04/Issue:09/September-2022 Impact Factor- 6.752 www.irjmets.com
V. CONCLUSION
Cloud database security and privacy is becoming everyone's top concern. In this survey, we identified the main
security issues such as Sheltering Rectitude, Authentication and Encryption, Data at Rest, Scalability and
Availability, Consistency, and then we see the security requirements (Awareness for Threat, Encode the
Conscious Catalogue). However, there is a need for security, which is exactly what a database requires.
MongoDB and Cassandra do not handle database security very well. Open source databases are built with less
built-in security. The only thing we should be aware of are the threats that exist.
VI. REFERENCES
[1] Ebrahim Sahafizadeh and Mohammad Ali Nematbakhsh, “A Survey on Security Issues in Big Data and
NoSQL”, ACSIJ Advances in Computer Science: an International Journal, Vol. 4, Issue 4, No.16, July 2015
ISSN : 2322-5157, www.ACSIJ.org
[2] Jing Han, Haihong E, Guan Le and Jian Du, “Survey on NoSQL Database”, 978-1-4577-0208-2/11/$26.00
©2011 IEEE
[3] Asadulla Khan Zaki, “NoSQL DATABASES: NEW MILLENNIUM DATABASE FOR BIG DATA, BIG USERS,
CLOUD COMPUTING AND ITS SECURITY CHALLENGES”, eISSN: 2319-1163 | pISSN: 2321-7308,
Volume: 03 Special Issue: 03 | May-2014 | NCRIET-2014, Available @ http://www.ijret.org
[4] Nelson L. Santos, Bogdan Ghita and Giovanni L. Masala, “Enhancing Data Security in Cloud using
Random Pattern Fragmentation and a Distributed NoSQL Database”, 978-1-7281-4569-3/19/$31.00
©2019 IEEE, 2019 IEEE International Conference on Systems, Man and Cybernetics (SMC) Bari, Italy.
October 6-9, 2019.
[5] Nelson Santos and Giovanni L. Masala, “GL (2019) Big data security on cloud servers using data
fragmentation technique and NoSQL database. In: International Conference on Intelligent Interactive
Multimedia Systems and Services, 20 June 2018 - 22 June 2018, Cold Coast, Australia.”
[6] Harpreet Kaur, “Analysis of Nosql Database State-of-The-Art Techniques and their Security Issues”,
Vol.12 No.2 (2021), 467- 471, Turkish Journal of Computer and Mathematics Education.
[7] Prudence Kadebu and Innocent Mapanga, “A Security Requirements Perspective towards a Secured
NOSQL Database Environment”, ISBN 978-93-5156-328-0, International Conference of Advance
Research and Innovation (ICARI-2014).

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[387]