Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encrypting Databases to Mitigate Server Breaches

Published byLaureen Gibson Modified over 6 years ago

Similar presentations

Presentation on theme: "Encrypting Databases to Mitigate Server Breaches"— Presentation transcript:

1 Encrypting Databases to Mitigate Server Breaches
Abhiram Kothapalli, Rajgopal, Roshan Rajan, Samuel Lou Mentor: Vincent Bindschaedler Abstract Implementation Our group created a novel protocol that allowed users and system admins to access encrypted data on a server using a dual key system. Server data encryption is done with a key that is partially split between a client and the server. Using this schematic, data can only be viewed and modified when the client is logged in and chooses to provide the key. Our protocol was implemented upon the open source Wordpress server side codebase. All code modifications were written in PHP and were tested on a server provided by the Siebel Center Security Lab. Designed to encrypt the user , password, activation key, and login information. Capable of key generation, and symmetric encryption using Defuse Security’s PHP encryption library. Onion layered encryption using combination of full server key and full client key. Motivation Services like Google, Netflix, and Wordpress store a variety of sensitive client information such as s, age, phone numbers, and passwords. Less secure databases are prone to hackers and malicious system administrators. Simply encrypting the database is not secure if the key is stored locally on the server or an adjacent database because it is easily accessible through a compromised server. Our group sought to create an improved encryption scheme that mitigates this risk. Results Gained a working familiarity with Wordpress codebase and PHP Gained a working understanding of security protocols used on networks Learned how to use cryptographic tools like onion encryption and symmetric/asymmetric keys Solution Our encryption protocol consists of splitting the decryption key partially between the server and the client. Under this scheme, even if the database is breached, the adversary cannot decrypt information without the client half of the key. We have also designed a four tier encryption scheme to appropriately encrypt information with varying levels of security. For example user information such as age may require both the client and server key whereas user may only require server side encryption. This allows certain data to be modified when the client is not connected. Figure 1: Protocol outlining a client data request. Client sends Key 1 which is merged with Key 2 and sent to the Database which returns the unencrypted data

Download ppt "Encrypting Databases to Mitigate Server Breaches"

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.

KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
© Affiliated Computer Services, Inc. (ACS) 2010 ACS Email Encryption.

© Affiliated Computer Services, Inc. (ACS) 2010 ACS Encryption.
TOPPHONEBELGIUM.BE THE PIN CODE DATABASE. TOPPHONEBELGIUM.BE INTRODUCTION TO THE COMPANY TOP PHONE Active in telecom since 1996 Based in Antwerpen but.

TOPPHONEBELGIUM.BE THE PIN CODE DATABASE. TOPPHONEBELGIUM.BE INTRODUCTION TO THE COMPANY TOP PHONE Active in telecom since 1996 Based in Antwerpen but.
School and LEA Users https://schools.nc.gov/pbis.

School and LEA Users
Key Management with the Voltage Data Protection Server Luther Martin IEEE P1619.3 May 7, 2007.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)

Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
Ashley Hawley. Project Description Business Need User Profiles Development Technology Testing Plan Deliverables Demonstration Conclusion.

Ashley Hawley. Project Description Business Need User Profiles Development Technology Testing Plan Deliverables Demonstration Conclusion.
Dale Smith COSC 4010 Computer Security Authentication & Security in the.NET environment.

Dale Smith COSC 4010 Computer Security Authentication & Security in the.NET environment.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.

SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
1 Information Security Practice I Lab 5. 2 Cryptography and email security Cryptography is the science of using mathematics to encrypt and decrypt data.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
1. 2 3 GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.

PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
1. ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2.

1. ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2.

Similar presentations

Ads by Google