You are on page 1of 6

Network Security Project

Network Security Project Report
The user saves their confidential data on web application on the basis of secure server. The
server plays the trust maker in the case of web application. The unauthorized access to the
website can misplace the trust of user. By which means data can be leaked from the server and
actually there are lots of techniques in which theft can be performed on user data. As the with
the technology the related issues are also increased. The server software can be exploiting by
vulnerability. The database administrator manages the data in their best way. There has one
question is arrived that if there are so much risk then how website prototype application and
client-server architect is secure? So the answer is there is risk but that can be resolvable by
implement some technology and proper awareness. The first step towards the data security is to
store data only encryption whether it is related to user or other entity of the web application. It is
promissory approach in securing user data and it ensures nobody can read or see user
sensitive information from the server even after the server is hacked by the intruders or
attackers. Because decryption key couldnt be hacked by intruders if it accessing the server. In
the current scenario, most of the web applications use the encryption of user data. Our
application is privacy conscious. Any web application in client-server architecture generally
faces issues one is functionality, efficiency and security. Security elapsed if there is
compromised server which can affect indirectly client side code. The server needs to be not to
interfere too much with the application. If the website provides data sharing between users than
it must be develop with more security and awareness about the feature. It is crucial function,
because sharing is complex issue in the implementation of security. This issue can be resolved
using encryption of shared documents and document must be share via server.

Network Security Project represents the way of building secure web application, in which the
data will be stored in encrypted way on the server. It is the need of time that every application
has to be protecting data in its own way, without solely depends on the server. But part of server
requires to be fulfilling the minimum security criteria. The current influence in the web
application lies to send data in JavaScript. Previously it was done using HTML. The sensitive
data must be encrypted with the password and that password share with the other user. Another
thing to consider is sometimes the attacked server can be victim of cheating in key distribution
and management.

There are many techniques and functions that can be implemented to protect data
confidentiality. Now we will discuss about approached used for developing web applications,
securing websites with un trusted servers and working on data that is saved in encrypted form.
Security of web application
The first approach implements in website or web application security is to prevention from
vulnerabilities. The vulnerability can have the many cause like bugs or present flaws present in
the source code of the application. The last known vulnerability was found in the secure socket
layer, is known as Heart bleed. SSL provides the security in terms of digital security. in simple
words it ensures that user is connected to secure channel. These can be removing by the static
assessment of the code. There is one thing more that is necessary to know that is catching of
policy violations. It is done during the run time. The removal of these flaws is mandatory
because the server compromised these types of security issues. There are many techniques
which can be implemented to reduce the vulnerability for example the code written in JavaScript
challenges the vulnerability for corrupting the application else it cannot able to draw the error in
the application. If there is issue present in client side code, then there requires encryption. The
new generation browser also provides security for the user database information. The browser
encrypts the data when they send data to insecure server. Browser identified about the server
on their defined algorithm and website code. But browsers encryption is very simple; it only
saves data from the online threats. it cannot tackle active attacks.
Case study to understand encryption- decryption in web application
Let us consider example of Drop box. It is tool for storing files, media on the cloud and can be
accessible from anywhere. The data encryption end to end and local decryption has been done
in most application similar it. When a user connect once with the Drop box, it synchronies the all
data and transfer it over in the encrypted connection. The encrypted connection requires so,
user data will not be interfered by intruders. Drop box stores all the information in the encrypted

The encrypted data is secured and locked to provide the security. This data is visible for the
user, because use has the key to that virtual lock. Drop box also keeps the key to manage user
files on their server. They manage user data in encrypted form. Drop box keeps the key for any
surveillance or other law related issue, but technically it has private key to access the encrypted
information. When the user wants to download or view the file, Drop box uses the private key of
user to decrypt the data for user system. This methodology is local encryption and decryption. It
is also known as end to end decryption. In this methodology data is decrypted at the end user
screen. Take the same example for the email scenario in which the email is sent in encrypted
from the source and decrypted at the user system. The email service provider and the
transmission cannot decrypted or view this message.

This case study helps in the development of the secure system in which user data is saved in
database in encrypt form and when user access that data, it is visible to it in decrypted format.
(, 2015)
What is encryption?
Encryption is done with the various mathematical operations on the data. It results the
alternative form of data. The sequence in which operations applied on the data is called
algorithm. The general form of data is known as plain text and the operated form of data is
called cipher text. Encryption ensures the security of information. Even the intruders hack the
information cannot able to get its right mean. The vice versa process on cipher text is known as
the data decryption.

There are two types of encryption algorithms on the basis of key. One is public key and second
is symmetric key algorithm. Public key algorithm is also known as asymmetric key algorithm.

Algorithm design principles-The idea is block encryption algorithm that capable of works on
plain text of 64-bit with the length of 128 bit. The concept is mixing operations from different
algebraic groups.

Symmetric encryption- In this encryption methodology, single key is used for the encryption
and decryption. In other words, encryption key is analyzed from the decryption key. Generally
the both keys are identical for many cases. Symmetric key algorithm works in two ways. First is
known as stream algorithm which works on single bit at a time. The other is block algorithm
which works on group of bits. Identical key has one drawback that if the hackers get the key in
transmission then it can decrypt and modify the key

Asymmetric encryption-In this methodology, two keys is used. Public key used for encrypt the
data thats why it is known as public key encryption and private key used for the decrypt the
data. It is more secure compare to symmetric key. In the web application the user data has
been encrypted using public key and when user request for data, private key is sent to decrypt
the data at user end.

Transparent Data encryption For the encryption of database of web application, transparent
data encryption is used. For further security, log files of database are also encrypted. It is
methodology not technology. In this data encryption key (DEK) is used. DEK stored in the
master database of the web application. It helps in the data recovery. Transparent data
encryption is a perfect way of securing application database. In this methodology data is encrypt
before it save in disk and decrypt on the user end. The encryption and decryption process has
performed at the SQL layer of database. The SQL layer makes the database transparent for the
application and database.
Database-level encryption-
This type of encrypted is performed for the user privacy. It ensures that the data which is stored
will be saving in secure form thus no other can able to see the user credentials. This encryption
is the part of the database design. In the database level encryption, encryption can be
implemented to the selective fields only like particular table or particular row or column in
database. Encryption of database may process some changes in the application development. It
depends on the approach applied for the Database and encryption integration. It is always
better to use full encryption rather than selective encryption for this purpose. Selective
encryption doesnt impact at the table level but may impact at the row and column approach.

Basically the security of encrypted data relies on three things which are applied encryption
algorithm, encryption key size and its protection level.

The AES advance encryption standard is termed as strong algorithm of encryption. It can be
decrypted if the protection level chosen is inappropriate. For the database encryption, protection
level plays important role because there is repetitive pattern i.e. common attributes value and
identity. For the database context, database algorithm must be adequate. It matters because
volume of data, updates and mutual attributes are part of database.
Key Management
The term key management is way through which generated cryptographic keys are managed.
The key based cryptography protects the data as per the keys. The access restrictions and
locations of keys also matters. In the case of database the key management is easy because
the keys can be managed in restricted database table. The concept of master key lies here. All
the cryptography keys will be managed by a single master key. Key management allows
administrators to access the encrypt database. With this privileged accessibility, it can decrypt
any user data. Thus to manage user privacy and resolve this problem, hardware security
module is used. Hardware security module is cryptographic chipsets which are resist tamper.
HSM stored encryption keys. Practically the encryption keys are stored by master key and the
master key stored in the HSM. When local encryption or decryption performed, the keys are
transformed by HSM dynamically. After the transformation, HSM cleans the server memory.
The database management system also kept security module, by which user authentication and
privilege for encrypt and decryption has been performed. Suppose a case where database is
accessed by two authorities respectively DBA (Database administrator) and SA (system
administrator). If there is conspiracy between them, the HSM will not disclose the encrypted
keys to anybody. The database server memory is hardly exploited by the intruders.

Full document



Contact No: +61-410 355 834, +61-450 214 312