Faster Base64 Encoding and Decoding Using AVX2 Instructions

Web developers use base64 formats to include images, fonts, sounds and other resources directly inside HTML, JavaScript, JSON and XML files. We estimate that billions of base64 messages are decoded every day. We are motivated to improve the efficiency of base64 encoding and decoding. Compared to state-of-the-art implementations, we multiply the speeds of both the encoding (~10x) and the decoding (~7x). We achieve these good results by using the single-instruction-multiple-data (SIMD) instructions available on recent Intel processors (AVX2). Our accelerated software abides by the specification and reports errors when encountering characters outside of the base64 set. It is available online as free software under a liberal license.Comment: software at https://github.com/lemire/fastbase6

Bookmarklet Builder for Offline Data Retrieval

Bookmarklet Builder for Offline Data Retrieval is a computer application which will allow users to view websites even when they are offline. It can be stored as a URL of a bookmark in the browser. Bookmarklets exist for storing single web pages in hand-held devices and these web pages are stored as PDF files. In this project we have developed a tool that can save entire web page applications as bookmarklets. This will enable users to use these applications even when they are not connected to the Internet. The main technology beyond Javascript used to achieve this is the data: URI scheme. With the data: URI scheme we can embed images, Flash, applets, PDFs, etc. as base64 encoded text within a web page. This URI scheme is supported by all major browsers and in Internet Explorer from version 8 onwards. The application could be made available online, to users who are typically website owners and would like to allow their users to be able to view their websites offline.

A Hash-Cash Based Music Streaming Payment System

This project develops a hash-cash based, streaming music payment system. In our system, musicians are paid based on how long their works are listened to. Artists can upload their works to our proof-of-concept service so that people can discover and listen to them. While their works are being listened to, a mining process is run in parallel. The mining process discovers a “listening coin” based on the hash-cash algorithm. Users of our service would pay a monthly fee to access the music library. The monthly fees are then distributed to all artists proportionate to the number of virtual coins they received from users who have listened to the songs they have contributed to the library. The virtual coins are available for public inspection so that the artists can be assured that they are getting a fair share of the subscription fees

Implementation of Obfuscation Technique on PHP Source Code

Source code on web based applications can be altered easily. This occurred because the source code is not compiled into an executable file. Hence, it can be read and copied easily, or be changed without permission from the author. Obfuscation is a technique that commonly used to secure the source code in any websites based application. Obfuscation is a technique to randomize the source code that make the code harder to read but still runnable, but this make the running time increased and the application will run slower then it supposed to. This increased time caused by reverse obfuscation proses to bring back the source code into originally form before interpreted by web server. This studi intended to create an obfuscation technique that keeping the application run time performance as not obfuscated called Wanna Crypt. The methods to create this applications are (1) system design using UML, (2) implementation of the system, which is done by coding or writing scripts using PHP, HTML, JavaScript, CSS to build Wanna Crypt based website, (3) Blackbox and Whitebox testing to compare the execution time. From the tests, it can be concluded that web applications using Wanna Crypt provide a longer response time than web applications without using obfuscation

Base64 Malleability in Practice

Base64 encoding has been a popular method to encode binary data into printable ASCII characters. It is commonly used in several serialization protocols, web, and logging applications, while it is oftentimes the preferred method for human-readable database fields. However, while convenient and with a better compression rate than hex-encoding, the large number of base64 variants in related standards and proposed padding-mode optionality have been proven problematic in terms of security and cross-platform compatibility. This paper addresses a potential attack vector in the base64 decoding phase, where multiple different encodings can successfully decode into the same data, effectively breaking string uniqueness guarantees. The latter might result to log mismatches, denial of service attacks and duplicated database entries, among the others. Apart from documenting why canonicity can be broken by a malleable encoder, we also present an unexpected result, where most of today\u27s base64 decoder libraries are not 100% compatible in their default settings. Some surprising results include the non-compatible behavior of major Rust base64 crates and between popular Javascript and NodeJS base64 implementations. Finally, we propose ways and test vectors for mitigating these issues until a more permanent solution is widely adopted

IMPLEMENTATION OF DATA ENCRYPTION STANDARD (DES) ALGORITHM FOR DATA SECURITY ON PDF DOCUMENTS

Misuse and theft of confidential PDF documents because documents can still be recognized and read by humans means, of course, these problems can harm those who have access to PDF document data. The act of tapping and stealing PDF documents can be minimized by the application of cryptographic encryption techniques. Cryptography is a science that studies mathematical techniques related to information security aspects such as confidentiality, data integrity and authentication. Cryptography requires an algorithm to perform the encryption process, one of the cryptographic algorithms that can be used is the Standard Data Encryption (DES) algorithm. The DES algorithm is a symmetric algorithm that works on the principle of a block cipher. The DES algorithm uses a 64-bit key to encrypt a 64-bit block. This thesis discusses the design of web-based cryptography using the Data Encryption Standard (DES) method.The application of this system is hiding pdf files using an 8-bit key without any errors or file damage and cannot be decrypted without the appropriate key. By using a data security application system using the DES method, it is useful to help hide the contents of important pdf files with a key so as to minimize digital theft by irresponsible parties

Connecting ERP to e-commerce: Npontu as a case study

Applied project submitted to the Department of Computer Science and Information Systems, Ashesi University, in partial fulfillment of Bachelor of Science degree in Management Information Systems, May 2021Enterprise Resource Planning (ERP) is a business process that enables companies to manage and integrate their essential business processes. ERP applications are available for companies to use for integrating all their business functions into one single system. It allows companies to manage their daily activities, including accounting, procurement, and inventory management. E-commerce, also referred to as electronic commerce, is the buying and selling (trading) of goods and services on the internet. E-commerce platforms give sellers the needed tools to provide 24/7 services to their customers unrestricted by distance. They allow sellers to accept and track orders from their customers, which helps fulfil their value proposition in ways that were not possible with previous brick-and-mortar stores. Studies show that ERP users in Ghana hardly use E-commerce and the internet as tools to expand their market. This project is aimed at integrating e-commerce systems into ERPs such that business owners can use their ERP and e-commerce system in one software suite to give business owners access to the online market.Ashesi Universit

Structural Learning of Attack Vectors for Generating Mutated XSS Attacks

Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1) automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2) mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3) be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330