Home            Contact us            FAQs
    
      Journal Home      |      Aim & Scope     |     Author(s) Information      |      Editorial Board      |      MSP Download Statistics

     Research Journal of Applied Sciences, Engineering and Technology

Research Article   |   OPEN ACCESS

Integrated Password-based Algorithms with Auditing Capability for Database Applications

Ayman Mohamed Mostafa and Faten Ayied Almutairi
Faculty of Computers and Informatics, Zagazig University, 44519, Egypt
Research Journal of Applied Sciences, Engineering and Technology  2017  5:203-208
http://dx.doi.org/10.19026/rjaset.14.4290  |  © The Author(s) 2017
Received: February 9, 2017  |  Accepted: March 23, 2017  |  Published: May 15, 2017
Back to issue  |  PDF   |   HTML

Abstract

The aim of this research is to maintain the confidentiality and integrity of database by building a security application used for protecting sensitive information stored in a database from disclosure. The first layer in security application is based on a password-based system. The password serves to authenticate the ID of the user logging on to the system. In order to prevent passwords from offline dictionary attacks and specific account attacks, an encryption process is executed using Message Digest 5 (MD5) hashing and salt hashing algorithms for concealing passwords stored in a database. The salt hashing prevents duplicate passwords from being visible in the password file and increases the difficulty of offline dictionary attacks. If an adversary tries to retrieve the password system data, a different password will be generated which is completely different from the original one. For maintaining the integrity of data, an auditing mechanism is embedded into the password-based system for monitoring all transactions and operations inside the database.

Keywords:

Auditing, database security, hashing, salt hashing cryptography,

References

  1. Althneibat, A.M.A., B.E.M. Hasan, A.E.F.A. Hegazy and N. Hamza, 2010. Secure outsourced database architecture. Int. J. Comput. Sci. Netw. Secur., 10(5): 246-255.
    Direct Link
  2. Chahar, A., S. Yadav, I. Nigam, R. Singh and M. Vatsa, 2015. A leap password based verification system. Proceeding of the IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp: 1-6.
    CrossRef    
  3. Dai, S., T. Wei, C. Zhang, T. Wang, Y. Ding, Z. Liang and W. Zou, 2012. A framework to eliminate backdoors from response-computable authentication. Proceeding of the IEEE Symposium on Security and Privacy Conference, pp: 3-17.
    CrossRef    
  4. Fabbri, D., R. Ramamurthy and R. Kaushik, 2013. SELECT triggers for data auditing. Proceeding of the IEEE 29th International Conference on Data Engineering (ICDE), pp: 1141-1152.
    CrossRef    
  5. Fonseca, J., N. Seixas, M. Vieira and H. Madeira, 2014. Analysis of field data on web security vulnerabilities. IEEE T. Depend. Secure., 11(2): 89-100.
    CrossRef    
  6. Howe, A.E., I. Ray, M. Roberts, M. Urbanska and Z. Byrne, 2012. The psychology of security for the home computer user. Proceeding of the IEEE Symposium on Security and Privacy (SP), pp: 209-223.
    CrossRef    
  7. Huang, Q. and L. Liu, 2009. A logging scheme for database audit. Proceeding of the 2nd International Workshop on Computer Science and Engineering (WCSE'09), pp: 390-393.
    CrossRef    
  8. Ito, A., Y. Kumazawa and M. Okamoto, 2016. Input password method for handicapped people. Proceeding of the IEEE SAI Computing Conference (SAI), pp: 1306-1308.
    CrossRef    
  9. Khanuja, H.K. and D. Adane, 2012. A framework for database forensic analysis. Comput. Sci. Eng. Int. J., 2(3): 27-41.
    CrossRef    
  10. Kumar, B. and M.H.S. Al Hasani, 2016. Database security - risks and control methods. Proceeding of the IEEE International Conference on Computer Communication and the Internet (ICCCI), pp: 334-340.
    CrossRef    
  11. Liu, L. and Q. Huang, 2009. A framework for database auditing. Proceeding of the IEEE 4th International Conference on Computer Science and Convergence Information Technology (ICCIT'09), pp: 982-986.
    CrossRef    
  12. Liu, L., C. Li and X. Li, 2012. System design of unified auditing and monitoring based on complex network. Proceeding of the IEEE 2nd International Conference on Intelligent System Design and Engineering Application (ISDEA), pp: 1144-1147.
    CrossRef    
  13. Lu, W. and G. Miklau, 2009. Auditing a database under retention restrictions. Proceeding of the IEEE Conference on Computer Science and Convergence Information Technology, pp: 1-12.
    CrossRef    
  14. Wu, K., L. Hua, X. Wang and X. Ding, 2014. The design and implementation of database audit system framework. Proceeding of the 5th IEEE International Conference on Software Engineering and Service Sciences (ICSESS), pp: 553-556.
    CrossRef    
  15. Yang, K. and X. Jia, 2012. An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE T. Parall. Distr., 24(9): 1717-1726.
    CrossRef    

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.
ISSN (Online):  2040-7467
ISSN (Print):   2040-7459
Submit Manuscript
   Information
   Sales & Services
Home   |  Contact us   |  About us   |  Privacy Policy
Copyright © 2024. MAXWELL Scientific Publication Corp., All rights reserved