Migration Model for un secure Database driven Software System to Secure System using Cryptography

Abstract

Most of the software systems are having role based operation model where each user, based on their job role having some functionality to perform. Role based access privileges are basic security implementation in most of the database driven software system. Users or Operators of the system enters the records into the software system using graphical user interface (GUI), which is stored into the database after data validation. Generally administrators are having all privileges and can perform all system and functional operations. Administrator can be divided into following categories:- 1. Software System Administrators 2. Network Administrators 3. Server Administrators 4. Database Administrators Network, Server & Database administrators are more powerful than software system administrator as they are having full privileges and can able to do changes in the systems which is almost untraceable unless complete system audit is performed to trace the mismatch of manual record and software system record. Data in the databases are unsecure as confidential organization record is stored on servers in unencrypted form, which is not secure from insider and outsider attack. This research work shows how to protect data confidentiality even when attackers get access to all the data stored on servers. Also authors are proposing a migration model which can be used to secure existing unsecure database driven software system. As a case study authors have taken an existing software system and applying AES based encryption and decryption with the key initialization vector (IV) and Code Block Chaining (CBC) mode with PKCS 5 padding because it has a very high security performance.