Encrypting Databases to Mitigate Server Breaches

Slides:



Advertisements
Similar presentations
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
© Affiliated Computer Services, Inc. (ACS) 2010 ACS Encryption.
TOPPHONEBELGIUM.BE THE PIN CODE DATABASE. TOPPHONEBELGIUM.BE INTRODUCTION TO THE COMPANY TOP PHONE Active in telecom since 1996 Based in Antwerpen but.
School and LEA Users
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
Ashley Hawley. Project Description Business Need User Profiles Development Technology Testing Plan Deliverables Demonstration Conclusion.
Dale Smith COSC 4010 Computer Security Authentication & Security in the.NET environment.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
1. ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Example security systems n Kerberos n Secure shell.
1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Chapter 6 Introduction to Digital Security
Chapter 40 Internet Security.
Computer & Network Security
Searchable Encryption in Cloud
Tonga Institute of Higher Education IT 141: Information Systems
Port Knocking Benjamin DiYanni.
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Chapter 6 Application Hardening
Version B.00 H7076S Module 3 Slides
Cloud Computing By: Vanika Jennings.
Encryption 1-way String Encryption Rainbows (a.k.a. Spectrums)
Grid Security.
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Module 4 Remote Login.
Chapter 6 Introduction to Digital Security
Radius, LDAP, Radius used in Authenticating Users
Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.
Advanced Security Architecture System Engineer Cisco: practice-questions.html.
Kerberos: An Authentication Service for Open Network Systems
practice-questions.html If you Are Thinking about your dumps? Introduction:
Advanced Security Architecture for System Engineers Cisco Dumps Get Full Exam Info From: /cisco-question-answers.html.
CS691 M2009 Semester Project PHILIP HUYNH
Using SSL – Secure Socket Layer
The University of Adelaide, School of Computer Science
Uses Of Encryption Algorithms
CS691 M2009 Semester Project PHILIP HUYNH
Tonga Institute of Higher Education IT 141: Information Systems
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Assignment #4 – Solutions
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
RKL Remote key loading.
The Secure Sockets Layer (SSL) Protocol
Tonga Institute of Higher Education IT 141: Information Systems
Kerberos Part of project Athena (MIT).
One EPIC Place Website Scheduler
Key Distribution Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, /18/2019 Ref: Pfleeger96, Ch.4.
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Electronic Payment Security Technologies
WJEC GCSE Computer Science
Fast-Track UiPath Developer Module 10: Sensitive Data Handling
Presentation transcript:

Encrypting Databases to Mitigate Server Breaches Abhiram Kothapalli, Rajgopal, Roshan Rajan, Samuel Lou Mentor: Vincent Bindschaedler Abstract Implementation Our group created a novel protocol that allowed users and system admins to access encrypted data on a server using a dual key system. Server data encryption is done with a key that is partially split between a client and the server. Using this schematic, data can only be viewed and modified when the client is logged in and chooses to provide the key. Our protocol was implemented upon the open source Wordpress server side codebase. All code modifications were written in PHP and were tested on a server provided by the Siebel Center Security Lab. Designed to encrypt the user email, password, activation key, and login information. Capable of key generation, and symmetric encryption using Defuse Security’s PHP encryption library. Onion layered encryption using combination of full server key and full client key. Motivation Services like Google, Netflix, and Wordpress store a variety of sensitive client information such as emails, age, phone numbers, and passwords. Less secure databases are prone to hackers and malicious system administrators. Simply encrypting the database is not secure if the key is stored locally on the server or an adjacent database because it is easily accessible through a compromised server. Our group sought to create an improved encryption scheme that mitigates this risk. Results Gained a working familiarity with Wordpress codebase and PHP Gained a working understanding of security protocols used on networks Learned how to use cryptographic tools like onion encryption and symmetric/asymmetric keys Solution Our encryption protocol consists of splitting the decryption key partially between the server and the client. Under this scheme, even if the database is breached, the adversary cannot decrypt information without the client half of the key. We have also designed a four tier encryption scheme to appropriately encrypt information with varying levels of security. For example user information such as age may require both the client and server key whereas user email may only require server side encryption. This allows certain data to be modified when the client is not connected. Figure 1: Protocol outlining a client data request. Client sends Key 1 which is merged with Key 2 and sent to the Database which returns the unencrypted data

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.