A Novel Approach for Secure Identity Authentication in Legacy Database Systems

Juanita Blue, Eoghan Furey, Joan Condell

Research output: Contribution to conferencePaper

1 Citation (Scopus)

Abstract

Information systems in the digital age have become increasingly dependent on databases to store a multitude of fundamental data. A key function of structured databases is to house authentication credentials that verify identity and allow users to access more salient personal data. Authentication databases are frequently a target of attack as they potentially provide an avenue to commit further, more lucrative crimes. Despite the provision of industry standard best practice recommendations from organisations such as Open Web Application Security Project (OWASP), Payment Card Industry Security Standards Council (PCI-SSC), Internet Engineering Task Force (IETF) and Institute of Electrical and Electronics Engineers (IEEE), often practical security implementations within industry flounder. Lacking or substandard implementations have cultivated an environment where authentication databases and the data stored therein are insecure. This was demonstrated in the 2016 exposure of a breach experienced by Yahoo where approximately one billion user credentials were stolen. The global technology company was found to be using obsolete security mechanisms to protect user passwords. Dated implementations such as these pose serious threat as they render authentication data highly vulnerable to theft and potential misuse. This paper offers a novel solution for securing authentication databases on non-compliant Apache servers. The method applies the recommended best practice mechanisms in the form of salt, one-way encryption (hashing) and iterations to both pre-existing and newly created passwords that are stored on insecure systems. The proposed solution can be implemented server-side, with little alteration to the existing infrastructure, unbeknownst to the user. It possesses the potential to improve system security, aid compliance, preserve privacy and protect users.
LanguageEnglish
Pages1-6
Number of pages6
Publication statusPublished - 21 Jun 2017
Event28th Irish Signals and Systems Conference - Killarney, Co. Kerry, Ireland
Duration: 20 Jun 201721 Jun 2017

Conference

Conference28th Irish Signals and Systems Conference
CountryIreland
Period20/06/1721/06/17

Fingerprint

Authentication
Industry
Servers
Data privacy
Crime
Security systems
Cryptography
Information systems
Electronic equipment
Internet
Salts
Engineers

Keywords

  • passwords
  • salt
  • encryption
  • authentication
  • user credentials
  • IAMs

Cite this

Blue, J., Furey, E., & Condell, J. (2017). A Novel Approach for Secure Identity Authentication in Legacy Database Systems. 1-6. Paper presented at 28th Irish Signals and Systems Conference, Ireland.
Blue, Juanita ; Furey, Eoghan ; Condell, Joan. / A Novel Approach for Secure Identity Authentication in Legacy Database Systems. Paper presented at 28th Irish Signals and Systems Conference, Ireland.6 p.
@conference{820bc8fc3fa641708002d26f7279066f,
title = "A Novel Approach for Secure Identity Authentication in Legacy Database Systems",
abstract = "Information systems in the digital age have become increasingly dependent on databases to store a multitude of fundamental data. A key function of structured databases is to house authentication credentials that verify identity and allow users to access more salient personal data. Authentication databases are frequently a target of attack as they potentially provide an avenue to commit further, more lucrative crimes. Despite the provision of industry standard best practice recommendations from organisations such as Open Web Application Security Project (OWASP), Payment Card Industry Security Standards Council (PCI-SSC), Internet Engineering Task Force (IETF) and Institute of Electrical and Electronics Engineers (IEEE), often practical security implementations within industry flounder. Lacking or substandard implementations have cultivated an environment where authentication databases and the data stored therein are insecure. This was demonstrated in the 2016 exposure of a breach experienced by Yahoo where approximately one billion user credentials were stolen. The global technology company was found to be using obsolete security mechanisms to protect user passwords. Dated implementations such as these pose serious threat as they render authentication data highly vulnerable to theft and potential misuse. This paper offers a novel solution for securing authentication databases on non-compliant Apache servers. The method applies the recommended best practice mechanisms in the form of salt, one-way encryption (hashing) and iterations to both pre-existing and newly created passwords that are stored on insecure systems. The proposed solution can be implemented server-side, with little alteration to the existing infrastructure, unbeknownst to the user. It possesses the potential to improve system security, aid compliance, preserve privacy and protect users.",
keywords = "passwords, salt, encryption, authentication, user credentials, IAMs",
author = "Juanita Blue and Eoghan Furey and Joan Condell",
year = "2017",
month = "6",
day = "21",
language = "English",
pages = "1--6",
note = "28th Irish Signals and Systems Conference ; Conference date: 20-06-2017 Through 21-06-2017",

}

Blue, J, Furey, E & Condell, J 2017, 'A Novel Approach for Secure Identity Authentication in Legacy Database Systems' Paper presented at 28th Irish Signals and Systems Conference, Ireland, 20/06/17 - 21/06/17, pp. 1-6.

A Novel Approach for Secure Identity Authentication in Legacy Database Systems. / Blue, Juanita; Furey, Eoghan; Condell, Joan.

2017. 1-6 Paper presented at 28th Irish Signals and Systems Conference, Ireland.

Research output: Contribution to conferencePaper

TY - CONF

T1 - A Novel Approach for Secure Identity Authentication in Legacy Database Systems

AU - Blue, Juanita

AU - Furey, Eoghan

AU - Condell, Joan

PY - 2017/6/21

Y1 - 2017/6/21

N2 - Information systems in the digital age have become increasingly dependent on databases to store a multitude of fundamental data. A key function of structured databases is to house authentication credentials that verify identity and allow users to access more salient personal data. Authentication databases are frequently a target of attack as they potentially provide an avenue to commit further, more lucrative crimes. Despite the provision of industry standard best practice recommendations from organisations such as Open Web Application Security Project (OWASP), Payment Card Industry Security Standards Council (PCI-SSC), Internet Engineering Task Force (IETF) and Institute of Electrical and Electronics Engineers (IEEE), often practical security implementations within industry flounder. Lacking or substandard implementations have cultivated an environment where authentication databases and the data stored therein are insecure. This was demonstrated in the 2016 exposure of a breach experienced by Yahoo where approximately one billion user credentials were stolen. The global technology company was found to be using obsolete security mechanisms to protect user passwords. Dated implementations such as these pose serious threat as they render authentication data highly vulnerable to theft and potential misuse. This paper offers a novel solution for securing authentication databases on non-compliant Apache servers. The method applies the recommended best practice mechanisms in the form of salt, one-way encryption (hashing) and iterations to both pre-existing and newly created passwords that are stored on insecure systems. The proposed solution can be implemented server-side, with little alteration to the existing infrastructure, unbeknownst to the user. It possesses the potential to improve system security, aid compliance, preserve privacy and protect users.

AB - Information systems in the digital age have become increasingly dependent on databases to store a multitude of fundamental data. A key function of structured databases is to house authentication credentials that verify identity and allow users to access more salient personal data. Authentication databases are frequently a target of attack as they potentially provide an avenue to commit further, more lucrative crimes. Despite the provision of industry standard best practice recommendations from organisations such as Open Web Application Security Project (OWASP), Payment Card Industry Security Standards Council (PCI-SSC), Internet Engineering Task Force (IETF) and Institute of Electrical and Electronics Engineers (IEEE), often practical security implementations within industry flounder. Lacking or substandard implementations have cultivated an environment where authentication databases and the data stored therein are insecure. This was demonstrated in the 2016 exposure of a breach experienced by Yahoo where approximately one billion user credentials were stolen. The global technology company was found to be using obsolete security mechanisms to protect user passwords. Dated implementations such as these pose serious threat as they render authentication data highly vulnerable to theft and potential misuse. This paper offers a novel solution for securing authentication databases on non-compliant Apache servers. The method applies the recommended best practice mechanisms in the form of salt, one-way encryption (hashing) and iterations to both pre-existing and newly created passwords that are stored on insecure systems. The proposed solution can be implemented server-side, with little alteration to the existing infrastructure, unbeknownst to the user. It possesses the potential to improve system security, aid compliance, preserve privacy and protect users.

KW - passwords

KW - salt

KW - encryption

KW - authentication

KW - user credentials

KW - IAMs

M3 - Paper

SP - 1

EP - 6

ER -

Blue J, Furey E, Condell J. A Novel Approach for Secure Identity Authentication in Legacy Database Systems. 2017. Paper presented at 28th Irish Signals and Systems Conference, Ireland.