200 likes | 308 Views
Judges Administration & Database encryption. Vu Dai Candidate for Bachelor in Computer Science. Definition of Term Use. CCSC Consortium for Computing Sciences in Colleges South Central Region PHP Hyper Text Preprocessing Scripting HTML Hyper Text Markup Language
E N D
Judges Administration & Database encryption Vu Dai Candidate for Bachelor in Computer Science St. Edward’s University
Definition of Term Use • CCSC Consortium for Computing Sciences in Colleges South Central Region • PHP Hyper Text Preprocessing Scripting • HTML Hyper Text Markup Language • MySQL Database Server • Mcrypt Encryption/Decryption Library • AES Advance Encryption Standard • 3DES Triple Data Encryption Standard • UI User Interface
Requirements • My client: CCSC • Dr. Laura Baker is paper chair • Automate process • Web Security and Database encryption
User Authenticate • Choice of methods • Cookies • Session Variables • SID (system identification)
Data Encryption\Decryption • Database stored the encrypted data • Encryption/Decryption happens at the web Apps Encryption UI Database Decryption MySQL Server Web Server
Why Do We Use Database Encryption? • Potential of losing data in database • Encryption provides addition layer of security • User account secured • Protect database from being compromised
Encryption Algorithms • The powerful Mcrypt library • Encryption / Decryption functions • Support AES, and TripleDES
How does 3DES, or AES work? • 3DES: Triple Data Encryption Standard • Data encrypts in three rounds • Three different keys, each key uses 56 bits • AES: Advance Encryption Standard • Symmetric key • Operate with keys that are 128, 192, and 256 bits • Which one is better? AES
Challenges • MySQL crashes when load data into tables • Encrypted ASCII Binary -> Hex -> Database • Hex -> ASCII Binary -> Decrypt data -> Browser • Index Vector caused decrypt functions failed to convert data back to original string • 1st Key is hard code in the program • 2nd key generate from the encryption function • Store the Index Vector in database
Input Characters Encryption 1101011011 Hex 9abf45bcd2 PHP DATABASE Browser Output Characters Decryption 1101011011 ASCII 11010110 Hex 9abf45bcd2
Results • All content of data is intact • The transmission of data between database server and web hosting server is secured Secured transmission 197c206edd10eac0f9e71e8fe79 PHP HTML Encryption Database Decryption MySQL Server Web Server
Database Administration • Authorized User • View one record • Update record • Administrator • Activate new user • View entire user list • Delete users
Processing of Sign up • User fill out the web form • System sent email to system admin • Administrator verify and activate new user • Update database • Email password to user
View one user’s Record View all user’s Record
Future Development • Implement file such as email into the encrypted database • Compress encrypted data prior place it into database
Judges Administration & Database encryption Vu Dai Candidate for Bachelor in Computer Science St. Edward’s University