scholarly journals Security Implications for Json web Token Used in MERN Stack for Developing E-Commerce Web Application

2020 ◽  
Vol 10 (1) ◽  
pp. 39-45
Keyword(s):  
Web Service ◽  
Web Application ◽  
Random Number ◽  
Vital Role ◽  
Security And Privacy ◽  
Secret Key ◽  
Sensitive Data ◽  
Authentication And Authorization ◽  
Role Based ◽  
More Trial

In almost every organization where user sensitive data is available, security and privacy of the data plays a vital role..As storage of these information is overhead in database, Tokens are generated which handles sessions and also self contains user details. One of such widely used stateless token is Json Web Token. This paper deals with the research that follows implementation of authentication and authorization technique using JSON web token which will make web service a role based one .In the project under taken, Json web token is generated in a more secured way by choosing the secret key for web token wisely. Usually key for the token was a mere string or the set of keys stored in a key ring in the database and used alternately for the users to create the token. Or one more trial model is created where captcha was used in short a random number was generated and used as secret key for token generation but the main issue was increased storage. Thus storage is tried to reduce also less predictive secret key is generated in this project.

scholarly journals Insights of JSON Web Token

2020 ◽  
Vol 8 (6) ◽  
pp. 1707-1710
Keyword(s):  
Computer Science ◽  
Vital Role ◽  
Security And Privacy ◽  
Security Measures ◽  
Sensitive Data

In almost every organization where user sensitive data is available, security and privacy of the data plays a vital role. As far as computer science is concerned, it is just a game of saving data in unrecognizable format and accessible to authorized person. User sensitive data mainly includes passwords which are required for the sessions but need to be handled and stored safely.As storage of these information is overhead in database, Tokens are generated which handles sessions and also self contains user details. One of such widely used stateless token is Json Web Token. This paper deals with the introduction, working and algorithms of Json web token. Also pros, cons, hacking possibilities, Proper usage and security measures of JWT are discussed.

Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage

2020 ◽  
Vol 2 (2) ◽  
Author(s):  
Suzanna Schmeelk ◽  
Lixin Tao
Keyword(s):  
Data Storage ◽  
Program Analysis ◽  
Web Application ◽  
Security Analysis ◽  
Knowledge Graph ◽  
Healthcare Applications ◽  
Sensitive Data ◽  
Knowledge Graphs ◽  
Mobile Malware Detection ◽  
Software Assurance

Many organizations, to save costs, are movinheg to t Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate.  Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention.  This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP).  OWASP maintains lists of the top ten security threats to web and mobile applications.  We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.  We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten moble threats, the threat of “Insecure Data Storage.”  We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.

Automatic Vulnerability Detection in Embedded Devices and Firmware

2021 ◽  
Vol 54 (2) ◽  
pp. 1-42
Author(s):  
Abdullah Qasem ◽  
Paria Shirani ◽  
Mourad Debbabi ◽  
Lingyu Wang ◽  
Bernard Lebel ◽  
...  
Keyword(s):  
Embedded Systems ◽  
Symbolic Execution ◽  
Vital Role ◽  
Security And Privacy ◽  
Embedded Devices ◽  
Security Vulnerabilities ◽  
Future Directions ◽  
Hybrid Approaches ◽  
Wide Range ◽  
The Internet Of Things

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

scholarly journals PredNTS: Improved and Robust Prediction of Nitrotyrosine Sites by Integrating Multiple Sequence Features

2021 ◽  
Vol 22 (5) ◽  
pp. 2704
Author(s):  
Andi Nur Nilamyani ◽  
Firda Nurul Auliah ◽  
Mohammad Ali Moni ◽  
Watshara Shoombuatong ◽  
Md Mehedi Hasan ◽  
...  
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Web Application ◽  
Computational Prediction ◽  
Vital Role ◽  
Machine Learning Algorithms ◽  
Recursive Feature Elimination ◽  
Post Translational Modification ◽  
Multiple Sequence ◽  
Sequence Features

Nitrotyrosine, which is generated by numerous reactive nitrogen species, is a type of protein post-translational modification. Identification of site-specific nitration modification on tyrosine is a prerequisite to understanding the molecular function of nitrated proteins. Thanks to the progress of machine learning, computational prediction can play a vital role before the biological experimentation. Herein, we developed a computational predictor PredNTS by integrating multiple sequence features including K-mer, composition of k-spaced amino acid pairs (CKSAAP), AAindex, and binary encoding schemes. The important features were selected by the recursive feature elimination approach using a random forest classifier. Finally, we linearly combined the successive random forest (RF) probability scores generated by the different, single encoding-employing RF models. The resultant PredNTS predictor achieved an area under a curve (AUC) of 0.910 using five-fold cross validation. It outperformed the existing predictors on a comprehensive and independent dataset. Furthermore, we investigated several machine learning algorithms to demonstrate the superiority of the employed RF algorithm. The PredNTS is a useful computational resource for the prediction of nitrotyrosine sites. The web-application with the curated datasets of the PredNTS is publicly available.

Computing Blindfolded on Data Homomorphically Encrypted under Multiple Keys: A Survey

2022 ◽  
Vol 54 (9) ◽  
pp. 1-37
Author(s):  
Asma Aloufi ◽  
Peizhao Hu ◽  
Yongsoo Song ◽  
Kristin Lauter
Keyword(s):  
Homomorphic Encryption ◽  
Lessons Learned ◽  
Secret Key ◽  
Sensitive Data ◽  
Encrypted Data ◽  
Outsourced Computation ◽  
Secret Keys ◽  
Comprehensive Survey ◽  
Multiple Keys ◽  
Cryptographic Techniques

With capability of performing computations on encrypted data without needing the secret key, homomorphic encryption (HE) is a promising cryptographic technique that makes outsourced computations secure and privacy-preserving. A decade after Gentry’s breakthrough discovery of how we might support arbitrary computations on encrypted data, many studies followed and improved various aspects of HE, such as faster bootstrapping and ciphertext packing. However, the topic of how to support secure computations on ciphertexts encrypted under multiple keys does not receive enough attention. This capability is crucial in many application scenarios where data owners want to engage in joint computations and are preferred to protect their sensitive data under their own secret keys. Enabling this capability is a non-trivial task. In this article, we present a comprehensive survey of the state-of-the-art multi-key techniques and schemes that target different systems and threat models. In particular, we review recent constructions based on Threshold Homomorphic Encryption (ThHE) and Multi-Key Homomorphic Encryption (MKHE). We analyze these cryptographic techniques and schemes based on a new secure outsourced computation model and examine their complexities. We share lessons learned and draw observations for designing better schemes with reduced overheads.

Evaluation of eavesdropping error-rates in higher-dimensional QKD system implemented using dynamic spatial modes

2021 ◽  
Author(s):  
Muhammad Kamran ◽  
Tahir Malik ◽  
Muhammad Mubashir Khan
Keyword(s):  
Error Rate ◽  
Photon Number ◽  
Error Rates ◽  
Security And Privacy ◽  
Practical Implementation ◽  
Secret Key ◽  
Decoy State ◽  
Rate Analysis ◽  
Higher Dimensional ◽  
Spatial Modes

Secure exchange of cryptographic keys is extremely important for any communication system where security and privacy of data is desirable. Although classical cryptographic algorithms provide computationally secure methods for secret key exchange, quantum key distribution (QKD) provides an extraordinary means to this end by guaranteeing unconditional security. Any malicious interception of communication by a man-in-the-middle on a QKD link immediately alerts sender and receiver by introducing an unavoidable error-rate. Higher-dimensional QKD protocols such as KMB09 exhibit higher eavesdropping error-rates with improved intrusion detection but their practical implementation is still awaited. In this paper, we present the design and implementation of KMB09 protocol using Laguerre–Gaussian orbital angular momentum to demonstrate and highlight the advantages of using dynamic spatial modes in QKD system. A complete error-rate analysis of KMB09 protocol implementation is presented with two different types of eavesdropping error-rates. Furthermore, we also demonstrate the decoy state method to show the robustness of the protocol against photon-number-splitting attack.

scholarly journals Privacy and Security Issues in Online Social Networks

2018 ◽  
Vol 10 (12) ◽  
pp. 114 ◽  
Author(s):  
Shaukat Ali ◽  
Naveed Islam ◽  
Azhar Rauf ◽  
Ikram Din ◽  
Mohsen Guizani ◽  
...  
Keyword(s):  
Social Networks ◽  
Online Social Networks ◽  
Virtual Communities ◽  
Service Providers ◽  
Security And Privacy ◽  
Security Issue ◽  
Sensitive Data ◽  
Privacy And Security ◽  
Security Issues ◽  
Social Sphere

The advent of online social networks (OSN) has transformed a common passive reader into a content contributor. It has allowed users to share information and exchange opinions, and also express themselves in online virtual communities to interact with other users of similar interests. However, OSN have turned the social sphere of users into the commercial sphere. This should create a privacy and security issue for OSN users. OSN service providers collect the private and sensitive data of their customers that can be misused by data collectors, third parties, or by unauthorized users. In this paper, common security and privacy issues are explained along with recommendations to OSN users to protect themselves from these issues whenever they use social media.

scholarly journals A Cloud Database based on AES 256 GCM Encryption Through Devolving Web application of Accounting Information System

2021 ◽  
Vol 9 (5) ◽  
pp. 216-221
Author(s):  
Alameen Abdalrahman
Keyword(s):  
Information System ◽  
Web Application ◽  
Accounting Information ◽  
Cloud Service ◽  
Cloud Environment ◽  
Sensitive Data ◽  
Privacy And Security ◽  
Accounting Information System ◽  
Accounting Data ◽  
Encryption And Decryption

The main objective of this research is to use AES 256 GCM encryption and decryption of a web application system database called Accounting Information System (AIS) for achieving more privacy and security in a cloud environment. A cloud environment provides many services such as software, platform, and infrastructure. AIS can use the cloud to store data to achieve accounting with more performance, efficiency, convenience, and cost reduction. On the other hand, cloud environment is not secure because data is kept away from the organization. This paper focuses on how we deal with secure sensitive data such as accounting data AIS web application at web level encryption by using AES 256 GCM encryption to store data as encrypted data at cloud in a secure manner? Accounting Information System (AIS) has very sensitive data and its need to be more secure and safe specially in cloud because it’s not saved at local servers but at another cloud service provider. The storage of encryption and decryption keys are stored in locations and devices different from those in which the database is stored in the cloud for ensuring more safety.

scholarly journals Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities

2017 ◽  
Vol 10 (2) ◽  
pp. 359-363
Author(s):  
Rupal Sharma ◽  
Ravi Sheth
Keyword(s):  
Web Service ◽  
Web Application ◽  
Web Applications ◽  
The Other ◽  
Web Application Security ◽  
Application Security ◽  
Security Vulnerability ◽  
Session Management ◽  
The Given ◽  
The Web

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can’t see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

Sign in / Sign up

Export Citation Format

Share Document