Issues of Digital Data Security in Library Environment

ISSN 2229-5984 (P)
2249-5576 (e)

Issues of Digital Data Security in Library Environment

Vikrant Gautam*, Prashanta Kumar Behera*
and Mukhtiar Singh*

*Sr. Technical Officer ABSTRACT
**Sr. Technical Assistant
Every organization is giving importance to its digital collections. The
*** Library Officer digital assets are becoming major source of information in a library and
the preferred mode of acquisition for collection development. The digital
CSIR- Institute of Himalyan materials are not secure by its nature. The risk of unauthorized use of
Bioresource Technology, these materials is more. In general, the maximum efforts are made to
Palampur (H.P.) create digital contents whereas the less attention is given to its security.
The security threats are in many forms. The paper reflects the importance
Corresponding Author of digital data security as well as the process of making the data secure
Vikrant Gautam with reference to library collections.

[email protected] Keywords: Data Security, Digital Libraries, Data Encryption, Data
Transmission, Network Security

Received on: 01.07.2011; Revised on: 09.12.2011; Accepted on: 28.12.2011

INTRODUCTION biggest need is to maintain, manage information resources in
digital format and made the resource sharable for multiple
A digital library is a library in which collections are stored in access. Every organization is building its resources either by
digital formats (as opposed to print, microform, or other digitizing documents or by entering new data in digital form.
media) and accessible through computers. The digital content The digital resources available are maintained and are being
can be stored locally, or accessed remotely via computer shared frequently over the network. One of the reasons behind
networks. A digital library is a type of information retrieval digitization is that today a single library or Information center
system. Digitization is a process of converting plain physical is not able to deal with the huge amount of information/data
document to organized electronic form (e.g. pdf, doc, image they are having under traditional library system due to
format etc). manpower, monetary and space constraints.

The digitized resources created can be managed and organised So, digitization is a method which helps in building digital
for public access and even for limited access. These resources resources under one roof and then these resources can be
are accessed and utilized by the users from worldwide and the shared with rest of the world with the minimum need of
challenge for resource manager is to secure this digital data manpower, money and space.
from unauthorized access, modification, and disruption
whether it is done accidently or intentionally. There is a need to ADVANTAGES OF DIGITALDATA
implement proper security policies to ensure data security and
integrity at physical and network level. rEasy to access: The data is easily and faster accessible by
user from anywhere over network. The only thing
An integrative strategic model should be prepared to secure required is internet connection. There is no need for the
data to prevent threats. Where in the data security management users to go to the library physically.
practices of prevention is better then cure. Organizations are
establishing institutional repositories by collecting, managing, rEasy to store: The data can be easily stored in physical
and preserving scholarly works created in digital form. These medium e.g. Hard Disk, CD Rom, Tape drives etc.
repositories plays key role in accessing relevant information
which can also be further disseminated on demand. The data rMultiple access: Multiple users can access the same
which are confidential in nature can be placed in secure place information simultaneously as compared to the restriction
not by physically but also electronically. of consulting the resource by single user at a time in
traditional library system.
NEED FOR DIGITIZATION
rHigh availability of data: The data is available round the
Today in the era of Communication & Telecommunication the clock and can be available at different locations for
disaster recovery.

244 International Journal of Information Dissemination and Technology | October-December 2011 | Vol.1 | Issue 4

rEasy Tracking: In digital library data can easily be security over network, like hacking of data, exchanging
indexed and tracked by a user. of data over unsecure transmission media, corruption of
data with viruses/ Trojans, stealing of data with spywares
rEasy to maintain: The huge amount of data can easily be etc., and alteration of data by some un-authorized access.
maintained in the form of data sets and databases. Vulnerability of systems hosting data, disk failures are
also threats to data accuracy, integrity and availability.
rEase of data retrieval: The user is able to use any search Accuracy, confidentiality, integrity and high availability
term (word, phrase, title, name, and subject) to search the of the digital data, necessitate perfect security.
entire collection in few seconds. Digital libraries can
provide very user-friendly interfaces, giving clickable STEPS TOWARDS DIGITAL DATA
access to its resources. SECURITY

rLess space requirement: As compared to traditional Data Security is a continuous process of exercising due care
library physical space requirements, digital library and due diligence to protect digital information and
requires very less physical space. Digital data can be information system from unauthorized access, use, disclosure,
hosted on a single server which requires very small destruction, modification, and disruption. It is endless process
physical space. for data security [4]. Data security and its management is an
integral part of information technology. Data security
NEED FOR DIGITALDATASECURITY embraces many aspects of a computing system; hardware and
software, operating system, user part, networking part and
Digital data in any form in an organization is an asset to server part. Libraries and information centers are playing the
that organization. As this data is available on World Wide role of intermediary between information developer and end
Web and can be accessed by number of users over user. The transaction of digital data requires protection of data,
network, where anyone can accidentally or intentionally security of contents, its authorized utilization and user privacy.
damage the data. The data could be confidential in nature Access to priced data is restricted to computers with specific IP
and only authorized person should get access to it so that identification and protected with passwords.
confidentiality and accuracy of the data can be
maintained. Some of the security issues related to digital The organizations are required to adopt good security policy
data, which are as classified into three categories: for its data security by considering the following points:

rEnvironmental Threats: There are always some Data Hosting
environmental threats to the data, it may be due to natural
disasters like floods, fire, cyclones, earthquakes etc. The top management should decide where the data should be
These type of threats can totally wipe out the data which hosted. As to cope up with natural disasters such as floods,
cannot be recovered if proper security steps are not earthquakes, fire etc., the data should be hosted at two different
deployed. sites so that high availability of data can be made at 24x7. If one
site goes down then data will remain available at other site
rPhysical Threats: User can be the main factor as it round the clock. The room where the servers are placed should
depends upon the intention of the user, if the intensions be properly monitored by biometric device sensors and
are wrong then there is always a threat to data to get cameras to restrict unauthorized entries.
damaged, corrupted, modified or may be stolen.
Possibility of physically damaging the media can also Network Security
exist. There are some threats which may arise due to
interrupted power supply and improper cooling of The Servers hosting data should be backed up by Unified
devices. Threat Management System (UTM) which refers to a
comprehensive security product that includes protection
rTechnical Threats: These are the threats related to data against multiple threats (Fig.1).

UTM/Firewall DMZ

Internet
(WAN)

Server

Fig. 1. Threats neutralized by the Firewall/UTM
deployed at the gateway level

245 International Journal of Information Dissemination and Technology | October-December 2011 | Vol.1 | Issue 4

A UTM product typically includes a firewall, antivirus triggers the algorithm mechanism to decrypt the data,
software, content filtering and a spam filter in a single transforming it to the original plaintext version. Even if this
integrated package. The UTM should be implemented with encrypted (ciphertext) message goes into the wrong hands then
certain policies: also the intruder will not be able to decrypt the ciphertext
message without knowing the secret key.
rThe server should be configured under DMZ
(Demilitarized Zone) as shown in figure 1. In computer The major drawback of these secret key algorithms was that
networks a DMZ network enables internet users to these algorithms makes use of symmetric key algorithms,
access a organizations public servers, including Web where there is a secure initial exchange of one or more secret
and File Transfer Protocol (FTP) servers, while keys to both sender and recipient. Once someone steals secret
maintaining security for the organizations private LAN. key, the system could easily be cracked. To avoid this, public
This can be achieved by creating virtual host and key encryption algorithms are used. Where there is a use of
mapping them to DMZ by port forwarding. By asymmetric key algorithms, and the key used to encrypt a
implementing this policy common threats from WAN message is not the same as the key used to decrypt it. Each user
(Wide Area Network) as well as from LAN (Local Area has a pair of cryptographic keys—a public encryption key and
Network) including some network delays can be a private decryption key. The publicly available encrypting-
averted. key is widely distributed, while the private decrypting-key is
known only to the recipient. Messages are encrypted with the
rThe incoming and outgoing traffic of data server should recipient's public key and can be decrypted with the
be scanned with antivirus of UTM at Gateway level and corresponding private key. The keys are related
then some good antivirus software should be installed at mathematically, but the private key cannot be derived from the
server to protect from local threats from LAN as well as public key making the encrypted data much secure.
from removable media like external hard disk, pen
drives etc. Securing Data Storage and Backups

rCertain services like http and ftp (if necessary) which rData on the disk can be stored in encrypted format
are necessary for data server should be allowed from using Disk Encryption, which refers to encryption
WAN zone to DMZ zone and rest of the services should technology that encrypts data on a hard disk drive.
be dropped at Gateway (UTM) level. Disk encryption typically takes form in either disk
encryption software or disk encryption hardware.
rIntrusion Prevention (IPS) and Intrusion detection
(IDS) policies should be implemented at UTM level to rData masking of data is another technique of
avoid Denial of Services (DoS) and spoofing attacks, obscuring (masking) specific data within a database
whereby the intruder sends messages to a computer field to ensure that data security is maintained and
with an IP address indicating that the request is coming sensitive information is not exposed to unauthorized
from a trusted host. To engage in IP spoofing, a hacker person.
first uses a variety of techniques to find an IP address of
a trusted host and then modify the packet headers in rRoutine backup policies assure high availability of
such a way that it appears that the packets are coming the data. Backups should be timely taken in external
from that trusted host which may otherwise result in tape drives, DVD etc or on network with the
system hacking or system failure with request time outs. implementation of NAS/SAN solution. Apart from
this mirror servers can be created containing the exact
TRANSMISSION OF DIGITALDATA copy of the original server at the same location or at
different geographic location.
Data is generally transmitted over the internet through various
protocols such as HTTP (Hyper Text Transfer Protocol) and rLast but not the least, while discarding any media like
FTP (File Transfer Protocol). These protocols can be exploited hard disk etc, user must erase data on that media to
easily and the confidentiality, Integrity and accuracy of the ensure that no sensitive data is leaked when an asset is
data can be lost. Therefore, without framing adequate retired or reused. Data erasure is a method of
protection policies, data transmitted over the internet does not software-based overwriting that completely destroys
possess any assurance that the remote user is getting actual all electronic data residing on a hard drive or other
data originated from the source, as the data might be digital media.
intercepted during transmission process.
CYBER LAW, COPYRIGHT AND IPR
This unauthorized data access can be denied by implementing RELATED ISSUES
proper data encryption methods while transmitting data over
internet. With the increasing use of information and communication
technologies and world wide web there is always threat of data
Data encryption refers to mathematical calculations and security in the form of cyber threats and to cope up with any
algorithmic schemes that transform plain text into ciphertext (a illegal activity committed on the internet such as Hacking,
form that is non-readable to unauthorized parties). The Spoofing, Virus/Worm attacks, DOS attack or unauthorized
recipient of an encrypted message uses a secret key which access etc, legal system in the form of laws came into
existence.

Cyber Law is a term which refers to all the legal and
regulatory aspects of internet and the world wide web.
Anything emanating from any legal aspects or issues

246 International Journal of Information Dissemination and Technology | October-December 2011 | Vol.1 | Issue 4

concerning any activity of users over internet and others, on Creative Commons network and exercising the agency and
Internet in cyber space comes within the ambit of cyber law. freedom it has made available.
So, cyber law is the law governing computers and the internet.
Creative Commons licenses have been "ported" over 50
Indian Information Technology Act-2000 provides legal different jurisdictions worldwide by the mid of 2011. Its 3.0
recognition for transactions carried out by means of electronic version is the latest one. Creative Commons has become a
data interchange and other means of electronic major player shaping the production and distribution of
communication, commonly referred to as "electronic creative works.
commerce", which involve the use of alternatives to paper-
based methods of communication and storage of information, Creative commons and the free culture mindset draw from the
to facilitate electronic filing of documents with the work of the free software movement. “Free software” means
Government agencies. It is the first Cyber Law of the country. free as in freedom (to access code) not price and has come to
the fore in an environment of proprietary software distribution
Copyright is a form of intellectual property protection under where source (human readable) software code is hidden from
Indian law to the creators of original works of authorship such public view. The free software model is to distribute software
as literary works including computer programs, tables and with the source code open and accessible so that the recipient
compilations including computer databases which may be can easily and better understand the software. This in turn
expressed in words, codes, schemes or in any other form, enhances further innovation, error detection and/or security
including a machine readable medium. By law, when testing.
something is written, drawn, photographed, etc., its copyright
is automatically owned by the author. In other words, a IPR (Intellectual Property Right) violation includes software
copyright exists at the moment, the work is created like in piracy, copyright infringement, trademarks violations, theft of
library database is an intellectual creation. Registering a computer source code, patent violations etc.
copyright with the US Copyright Office is voluntary.
Copyright protection exists without registration; however, a CONCLUSION
work must be registered before filing a copyright infringement
case in a US court. Today every organization is looking forward to share and use
resources with the emerging trends of World Wide Web. Soon
When the data is published on web portal, the owner may fall every library will be digitized to share its valuable resources
victim of copyright infringement as someone can copy your with the rest of the world. This resource sharing over network
work and pass it off to someone else as their own. So simply by carry some threats and the biggest threat to these digital data
marking your website material with "All Rights Reserved" or resources is cyber threat, by which there is always a possibility
using the copyright symbol can be enough for you to prevent of getting data in some unauthorized hands which would result
many potential offenders from stealing your work. You may in loss of data accuracy, confidentiality and Integrity. With the
display the copyright symbol or language claiming copyright proper implementation of security policies at gateway level
even if you choose not to register your work. And if someone (UTM) and at machine level one can avert these threats.
wishes to use copyright work then the safest course is always to
get permission from the copyright owner before using Users must have keen knowledge of Copyright, Intellectual
copyrighted material. Even copyright office cannot give this Property Rights with the sound knowledge of cyber laws to
permission. ensure digital data security.

Creative Commons (CC) is an alternative to traditional REFERENCES
copyright. It is developed by a nonprofit organization with the
name of Creative Commons, a U.S. non-profit corporation 1. Atreyi, K. & et.al. (2003). An integrative study of
founded in 2001. The aim of the CC is- to offer free licenses information systems security effectiveness. International
that creators of written, audio, and video content could use to Journal of Information Management, 23, 139–154.
facilitate large-scale sharing of their copyrighted works. In
other words, Creative Commons helps to share knowledge and 2. Amitava, D. & Rahul, R. (2008). Dynamics of
creativity with the world. It develops, supports, and stewards organizational information security. System Dynamic
legal and technical infrastructure that maximizes digital Review, 24, 349–375.
creativity, sharing, and innovation.
3. Security Rethink (2002) Computer Bulletin, Retrieved on
Most original works are protected by copyright automatically, May 13, 2010 from http://itnow.oxfordjournals.org.
which confer specific rights to use and distribution. Creative
Commons allows copyright owners to release some of those 4. Data security, retrieved on June 01, 2011 from http://en.
rights while retaining others, with the goal of increasing access wikipedia.org/ wiki/ Data_security.
to and sharing of intellectual property. Creative Commons
licenses are several copyright licenses that allow the 5. Information security, retrieved on June 01, 2011 from
distribution of copyrighted works. A growing number of http://en.wikipedia.org/wiki/Information_security.
intellectual and artistic workers are now enrolling in the
6. Andrew, S. T. (2000) Computer Networks, 3rd edition,
Prentence Hall of India Pvt Ltd.

7. Vakul, S. (2007). Information Technology Law and
Practice, 2nd edition, Universal Law Publishing Co.

247 International Journal of Information Dissemination and Technology | October-December 2011 | Vol.1 | Issue 4

8. Malwad, N.M. & Anjanappa,M. IPR In Digital retrieved on May 13, 2010 from
Enviornment: Issues of Concern To Library Community, http://itnow.oxfordjournals.org.
retrieved on Jan. 10, 2011 from
http://shodhganga.inflibnet.ac.in/dxml/handle/1944/130. 11. David, M. & Berry G. M. (2005). On the “Creative
Commons”: a critique of the commons without
9. Salek Chand. (2011). Safety & Security of Digital commonalty- Is the Creative Commons missing
Information, retrieved on Jan. 15, 2011 from something? Free Software Magazine, 5, 1-5.
http://eprints.ukm.my/139/1/Safety_%26_Security_On_
Digital_Information.pdf. 12. Fitzgerald, B. F. & Oi, I. (2004). Free Culture: Cultivating
the Creative Commons. Media & Arts Law Review, 9(2).
10. John, I. (2010). Don't Cloud: Data Security, ITNOW,

248 International Journal of Information Dissemination and Technology | October-December 2011 | Vol.1 | Issue 4

Copyright of International Journal of Information Dissemination & Technology is the property of International
Journal of Information Dissemination & Technology and its content may not be copied or emailed to multiple
sites or posted to a listserv without the copyright holder's express written permission. However, users may print,
download, or email articles for individual use.

Copyright of International Journal of Information Dissemination & Technology is the property of International
Journal of Information Dissemination & Technology and its content may not be copied or emailed to multiple
sites or posted to a listserv without the copyright holder's express written permission. However, users may print,
download, or email articles for individual use.