Integrated Password-based Algorithms with Auditing Capability for Database Applications

The aim of this research is to maintain the confidentiality and integrity of database by building a security application used for protecting sensitive information stored in a database from disclosure. The first layer in security application is based on a password-based system. The password serves to authenticate the ID of the user logging on to the system. In order to prevent passwords from offline dictionary attacks and specific account attacks, an encryption process is executed using Message Digest 5 (MD5) hashing and salt hashing algorithms for concealing passwords stored in a database. The salt hashing prevents duplicate passwords from being visible in the password file and increases the difficulty of offline dictionary attacks. If an adversary tries to retrieve the password system data, a different password will be generated which is completely different from the original one. For maintaining the integrity of data, an auditing mechanism is embedded into the password-based system for monitoring all transactions and operations inside the database.

[1]  Gerome Miklau,et al.  Auditing a Database under Retention Restrictions , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[2]  Kehe Wu,et al.  The design and implementation of database audit system framework , 2014, 2014 IEEE 5th International Conference on Software Engineering and Service Science.

[3]  Basant Kumar,et al.  Database security — Risks and control methods , 2016, 2016 First IEEE International Conference on Computer Communication and the Internet (ICCCI).

[4]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[5]  Chunfang Li,et al.  System Design of Unified Auditing and Monitoring Based on Complex Network , 2012 .

[6]  Daniel Fabbri,et al.  SELECT triggers for data auditing , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[7]  Manabu Okamoto,et al.  Input password method for handicapped people , 2016, 2016 SAI Computing Conference (SAI).

[8]  Zinta S. Byrne,et al.  The Psychology of Security for the Home Computer User , 2012, 2012 IEEE Symposium on Security and Privacy.

[9]  Harmeet Kaur Khanuja,et al.  AFRAMEWORK FOR DATABASE FORENSIC AN ALYSIS , 2012 .

[10]  Qiang Huang,et al.  A Logging Scheme for Database Audit , 2009, 2009 Second International Workshop on Computer Science and Engineering.

[11]  Qiang Huang,et al.  A Framework for Database Auditing , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[12]  Chao Zhang,et al.  A Framework to Eliminate Backdoors from Response-Computable Authentication , 2012, 2012 IEEE Symposium on Security and Privacy.

[13]  Marco Vieira,et al.  Analysis of Field Data on Web Security Vulnerabilities , 2014, IEEE Transactions on Dependable and Secure Computing.

[14]  Bahaa Eldin,et al.  Secure Outsourced Database Architecture , 2010 .

[15]  Richa Singh,et al.  A Leap Password based verification system , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).