Web Content Delivery Optimization

Milliseconds matters, when they’re counted. If we consider the life of the universe into one single year, then on 31 December at 11:59:59.5 PM, “speed” was transportation’s concern, and now after 500 milliseconds it is web’s, and no one knows whose concern it would be in coming milliseconds, but at this very moment; this thesis proposes an optimization method, mainly for content delivery on slow connections. The method utilizes a proxy as a middle box to fetch the content; requested by a client, from a single or multiple web servers, and bundles all of the fetched image content types that fits into the bundling policy; inside a JavaScript file in Base64 format. This optimization method reduces the number of HTTP requests between the client and multiple web servers as a result of its proposed bundling solution, and at the same time optimizes the HTTP compression efficiency as a result of its proposed method of aggregative textual content compression. Page loading time results of the test web pages; which were specially designed and developed to capture the optimum benefits of the proposed method; proved up to 81% faster page loading time for all connection types. However, other tests in non-optimal situations such as webpages which use “Lazy Loading” techniques, showed just 35% to 50% benefits, that is only achievable on 2G and 3G connections (0.2 Mbps – 15 Mbps downlink) and not faster connections

Protection of the texts using Base64 and MD5

The encryption process combines mathematics and computer science. Cryptography consists of a set of algorithms and techniques to convert the data into another form so that the contents are unreadable and unexplainable to anyone who does not have the authority to read or write on these data. The main objective of the use of encryption algorithms is to protect data and information in order to achieve privacy. This paper discusses an encryption method using base64, which is a set of encoding schemes that convert the same binary data to the form of a series of ASCII code. Also, The MD5 hash function is used to hash the encrypted file performed by Base64. As an example for the two protection mechanisms, Arabic letters are used to represent the texts. So using the two protection methods together will increase the security level for protecting the data

APLIKASI PELINDUNG SOURCE CODE PHP DARI PELANGGARAN HAK CIPTA MENGGUNAKAN ALGORITMA RC4 DAN BASE64 SERTA PERLINDUNGAN SATU ARAH ENKRIPSI TANPA DEKRIPSI

Kriptografi adalah suatu ilmu yang mempelajari teknik maupun cara untuk melindungi suatu data agar tetap aman saat digunakan dan tidak dapat dibaca oleh orang yang tidak berkepentingan. Bahasa PHP merupakan bahasa pemrograman berbasis web yang sangat populer saat ini. Namun bahasa tersebut rentan untuk dilakukan pembajakan source code maupun ide dari pembuat asli suatu program tersebut dikarenakan tidak tersedianya software packaging. Keamanan source code masih mengalami banyak masalah dengan banyak penyalahguna’an yang dilakukan terhadap source code asli dari pembuat program. Penelitian ini dimaksudkan untuk membuat suatu sistem keamanan dengan menggunakan algoritma RC4 dan Base64. Algoritma tersebut berfungsi sebagai pengubah data plaintext menjadi chipertext. Aplikasi dari penggunaan algoritma enkripsi tersebut dapat digunakan sebagai pelindung source code untuk para pembuat program yang takut kodenya dicuri atau disalahgunakan. Penerapan dari algoritma ini diharapkan dapat menjaga hak cipta dan privasi kode program dari penyalahgunaan dan pelanggaan hak cipta

Towards the Detection of Malicious Java Packages

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect such attacks is ongoing research. Despite its popularity, the Java ecosystem is the less explored one in the context of supply chain attacks. In this paper we present indicators of malicious behavior that can be observed statically through the analysis of Java bytecode. Then we evaluate how such indicators and their combinations perform when detecting malicious code injections. We do so by injecting three malicious payloads taken from real-world examples into the Top-10 most popular Java libraries from libraries.io. We found that the analysis of strings in the constant pool and of sensitive APIs in the bytecode instructions aid in the task of detecting malicious Java packages by significantly reducing the information, thus, making also manual triage possible

The Hush Cryptosystem

In this paper we describe a new cryptosystem we call "The Hush Cryptosystem" for hiding encrypted data in innocent Arabic sentences. The main purpose of this cryptosystem is to fool observer-supporting software into thinking that the encrypted data is not encrypted at all. We employ a modified Word Substitution Method known as the Grammatical Substitution Method in our cryptosystem. We also make use of Hidden Markov Models. We test our cryptosystem using a computer program written in the Java Programming Language. Finally, we test the output of our cryptosystem using statistical tests.Comment: 7 pages. 5 figures. Appeared in the 2nd International Conference on Security of Information and Networks (SIN 2009), North Cyprus, Turkey; Proceedings of the 2nd International Conference on Security of Information and Networks (SIN 2009), North Cyprus, Turke

A Security-aware Approach to JXTA-Overlay Primitives

The JXTA-Overlay project is an effort to use JXTA technology to provide a generic set of functionalities that can be used by developers to deploy P2P applications. Since its design mainly focuses on issues such as scalability or overall performance, it does not take security into account. However, as P2P applications have evolved to fulfill more complex scenarios, security has become a very important aspect to take into account when evaluating a P2P framework. This work proposes a security extension specifically suited to JXTA-Overlay¿s idiosyncrasies, providing an acceptable solution to some of its current shortcomings.El proyecto JXTA-Overlay es un esfuerzo por utilizar la tecnología JXTA para proporcionar un conjunto genérico de funciones que pueden ser utilizadas por los desarrolladores para desplegar aplicaciones P2P. Aunque su diseño se centra principalmente en cuestiones como la escalabilidad y el rendimiento general, no tiene en cuenta la seguridad. Sin embargo, como las aplicaciones P2P se han desarrollado para cumplir con escenarios más complejos, la seguridad se ha convertido en un aspecto muy importante a tener en cuenta a la hora de evaluar un marco P2P. Este artículo propone una extensión de seguridad específicamente adaptada a la idiosincrasia de JXTA-Overlay, proporcionando una solución aceptable para algunas de sus deficiencias actuales.El projecte JXTA-Overlay és un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genèric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. Tot i que el seu disseny se centra principalment en qüestions com ara la escalabilitat i el rendiment general, no té en compte la seguretat. No obstant això, com que les aplicacions P2P s'han desenvolupat per complir amb escenaris més complexos, la seguretat s'ha convertit en un aspecte molt important a tenir en compte a l'hora d'avaluar un marc P2P. Aquest article proposa una extensió de seguretat específicament adaptada a la idiosincràsia de JXTA-Overlay, proporcionant una solució acceptable per a algunes de les seves deficiències actuals