Research Article | OPEN ACCESS
Integrated Password-based Algorithms with Auditing Capability for Database Applications
Ayman Mohamed Mostafa and Faten Ayied Almutairi
Faculty of Computers and Informatics, Zagazig University, 44519, Egypt
Research Journal of Applied Sciences, Engineering and Technology 2017 5:203-208
Received: February 9, 2017 | Accepted: March 23, 2017 | Published: May 15, 2017
Abstract
The aim of this research is to maintain the confidentiality and integrity of database by building a security application used for protecting sensitive information stored in a database from disclosure. The first layer in security application is based on a password-based system. The password serves to authenticate the ID of the user logging on to the system. In order to prevent passwords from offline dictionary attacks and specific account attacks, an encryption process is executed using Message Digest 5 (MD5) hashing and salt hashing algorithms for concealing passwords stored in a database. The salt hashing prevents duplicate passwords from being visible in the password file and increases the difficulty of offline dictionary attacks. If an adversary tries to retrieve the password system data, a different password will be generated which is completely different from the original one. For maintaining the integrity of data, an auditing mechanism is embedded into the password-based system for monitoring all transactions and operations inside the database.
Keywords:
Auditing, database security, hashing, salt hashing cryptography,
References
- Althneibat, A.M.A., B.E.M. Hasan, A.E.F.A. Hegazy and N. Hamza, 2010. Secure outsourced database architecture. Int. J. Comput. Sci. Netw. Secur., 10(5): 246-255.
Direct Link
-
Chahar, A., S. Yadav, I. Nigam, R. Singh and M. Vatsa, 2015. A leap password based verification system. Proceeding of the IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp: 1-6.
CrossRef
- Dai, S., T. Wei, C. Zhang, T. Wang, Y. Ding, Z. Liang and W. Zou, 2012. A framework to eliminate backdoors from response-computable authentication. Proceeding of the IEEE Symposium on Security and Privacy Conference, pp: 3-17.
CrossRef
- Fabbri, D., R. Ramamurthy and R. Kaushik, 2013. SELECT triggers for data auditing. Proceeding of the IEEE 29th International Conference on Data Engineering (ICDE), pp: 1141-1152.
CrossRef
-
Fonseca, J., N. Seixas, M. Vieira and H. Madeira, 2014. Analysis of field data on web security vulnerabilities. IEEE T. Depend. Secure., 11(2): 89-100.
CrossRef
- Howe, A.E., I. Ray, M. Roberts, M. Urbanska and Z. Byrne, 2012. The psychology of security for the home computer user. Proceeding of the IEEE Symposium on Security and Privacy (SP), pp: 209-223.
CrossRef
- Huang, Q. and L. Liu, 2009. A logging scheme for database audit. Proceeding of the 2nd International Workshop on Computer Science and Engineering (WCSE'09), pp: 390-393.
CrossRef
- Ito, A., Y. Kumazawa and M. Okamoto, 2016. Input password method for handicapped people. Proceeding of the IEEE SAI Computing Conference (SAI), pp: 1306-1308.
CrossRef
- Khanuja, H.K. and D. Adane, 2012. A framework for database forensic analysis. Comput. Sci. Eng. Int. J., 2(3): 27-41.
CrossRef
- Kumar, B. and M.H.S. Al Hasani, 2016. Database security - risks and control methods. Proceeding of the IEEE International Conference on Computer Communication and the Internet (ICCCI), pp: 334-340.
CrossRef
- Liu, L. and Q. Huang, 2009. A framework for database auditing. Proceeding of the IEEE 4th International Conference on Computer Science and Convergence Information Technology (ICCIT'09), pp: 982-986.
CrossRef
- Liu, L., C. Li and X. Li, 2012. System design of unified auditing and monitoring based on complex network. Proceeding of the IEEE 2nd International Conference on Intelligent System Design and Engineering Application (ISDEA), pp: 1144-1147.
CrossRef
-
Lu, W. and G. Miklau, 2009. Auditing a database under retention restrictions. Proceeding of the IEEE Conference on Computer Science and Convergence Information Technology, pp: 1-12.
CrossRef
-
Wu, K., L. Hua, X. Wang and X. Ding, 2014. The design and implementation of database audit system framework. Proceeding of the 5th IEEE International Conference on Software Engineering and Service Sciences (ICSESS), pp: 553-556.
CrossRef
- Yang, K. and X. Jia, 2012. An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE T. Parall. Distr., 24(9): 1717-1726.
CrossRef
Competing interests
The authors have no competing interests.
Open Access Policy
This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
Copyright
The authors have no competing interests.
|
|
|
ISSN (Online): 2040-7467
ISSN (Print): 2040-7459 |
|
Information |
|
|
|
Sales & Services |
|
|
|