1 / 20

Enhancing Database Security: Implementation of Encryption in User Authentication Systems

This paper discusses the importance of database encryption, focusing on user authentication within web applications. It examines various encryption methods, including AES and 3DES, and their respective strengths in securing data. Utilizing the Mcrypt library for PHP applications, this study outlines the automation of processes to protect user accounts and prevent data loss. Key aspects include storing encrypted data in MySQL, managing user sessions through cookies, and ensuring secure data transmission between the database and server. The future development section suggests integrating email functionalities into encrypted databases.

hilde
Download Presentation

Enhancing Database Security: Implementation of Encryption in User Authentication Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Judges Administration & Database encryption Vu Dai Candidate for Bachelor in Computer Science St. Edward’s University

  2. Definition of Term Use • CCSC Consortium for Computing Sciences in Colleges South Central Region • PHP Hyper Text Preprocessing Scripting • HTML Hyper Text Markup Language • MySQL Database Server • Mcrypt Encryption/Decryption Library • AES Advance Encryption Standard • 3DES Triple Data Encryption Standard • UI User Interface

  3. Requirements • My client: CCSC • Dr. Laura Baker is paper chair • Automate process • Web Security and Database encryption

  4. User Authenticate • Choice of methods • Cookies • Session Variables • SID (system identification)

  5. Data Encryption\Decryption • Database stored the encrypted data • Encryption/Decryption happens at the web Apps Encryption UI Database Decryption MySQL Server Web Server

  6. Why Do We Use Database Encryption? • Potential of losing data in database • Encryption provides addition layer of security • User account secured • Protect database from being compromised

  7. Encryption Algorithms • The powerful Mcrypt library • Encryption / Decryption functions • Support AES, and TripleDES

  8. How does 3DES, or AES work? • 3DES: Triple Data Encryption Standard • Data encrypts in three rounds • Three different keys, each key uses 56 bits • AES: Advance Encryption Standard • Symmetric key • Operate with keys that are 128, 192, and 256 bits • Which one is better? AES

  9. Challenges • MySQL crashes when load data into tables • Encrypted ASCII Binary -> Hex -> Database • Hex -> ASCII Binary -> Decrypt data -> Browser • Index Vector caused decrypt functions failed to convert data back to original string • 1st Key is hard code in the program • 2nd key generate from the encryption function • Store the Index Vector in database

  10. Input Characters Encryption 1101011011 Hex 9abf45bcd2 PHP DATABASE Browser Output Characters Decryption 1101011011 ASCII 11010110 Hex 9abf45bcd2

  11. Results • All content of data is intact • The transmission of data between database server and web hosting server is secured Secured transmission 197c206edd10eac0f9e71e8fe79 PHP HTML Encryption Database Decryption MySQL Server Web Server

  12. Encrypted Data in the Database

  13. Decrypted Data from Database

  14. Database Administration • Authorized User • View one record • Update record • Administrator • Activate new user • View entire user list • Delete users

  15. Processing of Sign up • User fill out the web form • System sent email to system admin • Administrator verify and activate new user • Update database • Email password to user

  16. Email Notification

  17. View one user’s Record View all user’s Record

  18. Future Development • Implement file such as email into the encrypted database • Compress encrypted data prior place it into database

  19. Judges Administration & Database encryption Vu Dai Candidate for Bachelor in Computer Science St. Edward’s University

More Related