A Novel Approach for Secure Identity Authentication in Legacy Database Systems

Juanita Blue, Eoghan Furey, Joan Condell

Research output: Contribution to conferencePaperpeer-review

6 Citations (Scopus)
254 Downloads (Pure)

Abstract

Information systems in the digital age have become increasingly dependent on databases to store a multitude of fundamental data. A key function of structured databases is to house authentication credentials that verify identity and allow users to access more salient personal data. Authentication databases are frequently a target of attack as they potentially provide an avenue to commit further, more lucrative crimes. Despite the provision of industry standard best practice recommendations from organisations such as Open Web Application Security Project (OWASP), Payment Card Industry Security Standards Council (PCI-SSC), Internet Engineering Task Force (IETF) and Institute of Electrical and Electronics Engineers (IEEE), often practical security implementations within industry flounder. Lacking or substandard implementations have cultivated an environment where authentication databases and the data stored therein are insecure. This was demonstrated in the 2016 exposure of a breach experienced by Yahoo where approximately one billion user credentials were stolen. The global technology company was found to be using obsolete security mechanisms to protect user passwords. Dated implementations such as these pose serious threat as they render authentication data highly vulnerable to theft and potential misuse. This paper offers a novel solution for securing authentication databases on non-compliant Apache servers. The method applies the recommended best practice mechanisms in the form of salt, one-way encryption (hashing) and iterations to both pre-existing and newly created passwords that are stored on insecure systems. The proposed solution can be implemented server-side, with little alteration to the existing infrastructure, unbeknownst to the user. It possesses the potential to improve system security, aid compliance, preserve privacy and protect users.
Original languageEnglish
Pages1-6
Number of pages6
Publication statusPublished (in print/issue) - 21 Jun 2017
Event28th Irish Signals and Systems Conference - Killarney, Co. Kerry, Ireland
Duration: 20 Jun 201721 Jun 2017

Conference

Conference28th Irish Signals and Systems Conference
Country/TerritoryIreland
Period20/06/1721/06/17

Keywords

  • passwords
  • salt
  • encryption
  • authentication
  • user credentials
  • IAMs

Fingerprint

Dive into the research topics of 'A Novel Approach for Secure Identity Authentication in Legacy Database Systems'. Together they form a unique fingerprint.

Cite this