Using security protocols to extend the FiLDB architecture

Gudlaugsson, Rúnar

January 2002

<p>With the escalating growth of e-commerce in today’s society, many e-commerce sites have emerged that offer products on the Internet. To be able to verify orders from customers, some sites require sensitive information from their customers such as credit card details that is stored in their databases. The security of these sites has become the concern of many and it is a common opinion among the public that such sites cannot be trusted.</p><p>The FiLDB architecture presents an interesting approach for increasing the security of Internet connected databases. This approach is, in short, based on firewall protection; one external firewall protecting an external network, which in turn is connected to an internal network, which was protected by a internal firewall. A database is kept on each network. There are however few issues that are unsolved in the FiLDB architecture. One of them and the problem that is covered in this report is how a user could securely insert, modify and fetch sensitive data into the internal database which stores the sensitive data.</p><p>In this work a few selected cryptographic protocols are studied by evaluating them with respect to five security criteria: confidentiality, authentication, integrity, key management and nonrepudiation. The initial selection of cryptographic protocols is mainly based on applicability in e-commerce systems. Based on the evaluation, one of the protocols is chosen to be implemented with the FiLDB architecture and then the extended architecture was evaluated.</p><p>This project shows that, by integrating a security protocol into architectures such as the FiLDB, the security of the system can be increased substantially.</p>

FiLDB architecture

Security

Cryptographic protocols

Informatics and systems science

Informatik och systemvetenskap

Using security protocols to extend the FiLDB architecture

Gudlaugsson, Rúnar

January 2002

With the escalating growth of e-commerce in today’s society, many e-commerce sites have emerged that offer products on the Internet. To be able to verify orders from customers, some sites require sensitive information from their customers such as credit card details that is stored in their databases. The security of these sites has become the concern of many and it is a common opinion among the public that such sites cannot be trusted. The FiLDB architecture presents an interesting approach for increasing the security of Internet connected databases. This approach is, in short, based on firewall protection; one external firewall protecting an external network, which in turn is connected to an internal network, which was protected by a internal firewall. A database is kept on each network. There are however few issues that are unsolved in the FiLDB architecture. One of them and the problem that is covered in this report is how a user could securely insert, modify and fetch sensitive data into the internal database which stores the sensitive data. In this work a few selected cryptographic protocols are studied by evaluating them with respect to five security criteria: confidentiality, authentication, integrity, key management and nonrepudiation. The initial selection of cryptographic protocols is mainly based on applicability in e-commerce systems. Based on the evaluation, one of the protocols is chosen to be implemented with the FiLDB architecture and then the extended architecture was evaluated. This project shows that, by integrating a security protocol into architectures such as the FiLDB, the security of the system can be increased substantially.

FiLDB architecture

Security

Cryptographic protocols

Information Systems