Transcript Internship Flow Chart - St. Edward's University

Judges Administration & Database encryption
Vu Dai
Candidate for Bachelor
in Computer Science
St. Edward’s University
Definition of Term Use








CCSC
Consortium for Computing Sciences
in Colleges South Central Region
PHP
Hyper Text Preprocessing Scripting
HTML Hyper Text Markup Language
MySQL Database Server
Mcrypt Encryption/Decryption Library
AES
Advance Encryption Standard
3DES
Triple Data Encryption Standard
UI
User Interface
Requirements

My client: CCSC
 Dr.


Laura Baker is paper chair
Automate process
Web Security and Database encryption
User Authenticate

Choice of methods
 Cookies
 Session
Variables
 SID (system
identification)
Data Encryption\Decryption


Database stored the encrypted data
Encryption/Decryption happens at the web Apps
Encryption
UI
Database
Decryption
Web Server
MySQL Server
Why Do We Use Database Encryption?


Potential of losing data in database
Encryption provides addition layer of security
 User
account secured
 Protect database from being compromised
Encryption Algorithms

The powerful Mcrypt library
 Encryption
/ Decryption functions
 Support AES, and TripleDES
How does 3DES, or AES work?

3DES: Triple Data Encryption Standard
 Data
encrypts in three rounds
 Three different keys, each key uses 56 bits

AES: Advance Encryption Standard
 Symmetric
key
 Operate with keys that are 128, 192, and 256 bits

Which one is better?
AES
Challenges

MySQL crashes when load data into tables
 Encrypted ASCII
Binary -> Hex -> Database
 Hex -> ASCII Binary -> Decrypt data -> Browser

Index Vector caused decrypt functions failed to
convert data back to original string
 1st
Key is hard code in the program
 2nd key generate from the encryption function
 Store the Index Vector in database
Input
Characters
Encryption
1101011011
PHP
Browser
Output
Characters
Hex
9abf45bcd2
Decryption
1101011011
DATABASE
ASCII
11010110
Hex
9abf45bcd2
Results


All content of data is intact
The transmission of data between database
server and web hosting server is secured
Secured transmission
197c206edd10eac0f9e71e8fe79
Encryption
PHP
HTML
Web Server
Database
Decryption
MySQL Server
Encrypted Data in the Database
Decrypted Data from Database
Database Administration

Authorized User
 View
one record
 Update record

Administrator
 Activate
new user
 View entire user list
 Delete users
Processing of Sign up



User fill out the web form
System sent email to system admin
Administrator verify and activate new user
 Update
database
 Email password to user
Email Notification
View one user’s Record
View all user’s Record
Future Development


Implement file such as email into the encrypted
database
Compress encrypted data prior place it into
database
Judges Administration & Database encryption
Vu Dai
Candidate for Bachelor in Computer Science
St. Edward’s University