Preventing MS SQL Injection in Web Application

A security threat on the Internet is one of the biggest challenges in this time with the great advances in techniques used for attacks. One of the easiest and most serious of these attacks is the MS SQL injection attacks that have come to represent a serious threat to any site or application that contains a database. These attacks could allow an attacker to obtain sensitive information and the value of databases. A method of this attack is easy to learn and the damage caused ranging from reasonable to the detriment of the whole system. Regardless of the damage there are a lot of applications on the Internet vulnerable to this attack. Using some ways can prevent such attacks completely. In this research I will focus on the coding to protect the website from the MS SQL injection attacks by design system to give some information about how to attack using SQL injection and also given the solution for this attack by giving a secure login codes

Securing clouds using cryptography and traffic classification

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Over the last decade, cloud computing has gained popularity and wide acceptance, especially within the health sector where it offers several advantages such as low costs, flexible processes, and access from anywhere. Although cloud computing is widely used in the health sector, numerous issues remain unresolved. Several studies have attempted to review the state of the art in eHealth cloud privacy and security however, some of these studies are outdated or do not cover certain vital features of cloud security and privacy such as access control, revocation and data recovery plans. This study targets some of these problems and proposes protocols, algorithms and approaches to enhance the security and privacy of cloud computing with particular reference to eHealth clouds. Chapter 2 presents an overview and evaluation of the state of the art in eHealth security and privacy. Chapter 3 introduces different research methods and describes the research design methodology and processes used to carry out the research objectives. Of particular importance are authenticated key exchange and block cipher modes. In Chapter 4, a three-party password-based authenticated key exchange (TPAKE) protocol is presented and its security analysed. The proposed TPAKE protocol shares no plaintext data; all data shared between the parties are either hashed or encrypted. Using the random oracle model (ROM), the security of the proposed TPAKE protocol is formally proven based on the computational Diffie-Hellman (CDH) assumption. Furthermore, the analysis included in this chapter shows that the proposed protocol can ensure perfect forward secrecy and resist many kinds of common attacks such as man-in-the-middle attacks, online and offline dictionary attacks, replay attacks and known key attacks. Chapter 5 proposes a parallel block cipher (PBC) mode in which blocks of cipher are processed in parallel. The results of speed performance tests for this PBC mode in various settings are presented and compared with the standard CBC mode. Compared to the CBC mode, the PBC mode is shown to give execution time savings of 60%. Furthermore, in addition to encryption based on AES 128, the hash value of the data file can be utilised to provide an integrity check. As a result, the PBC mode has a better speed performance while retaining the confidentiality and security provided by the CBC mode. Chapter 6 applies TPAKE and PBC to eHealth clouds. Related work on security, privacy preservation and disaster recovery are reviewed. Next, two approaches focusing on security preservation and privacy preservation, and a disaster recovery plan are proposed. The security preservation approach is a robust means of ensuring the security and integrity of electronic health records and is based on the PBC mode, while the privacy preservation approach is an efficient authentication method which protects the privacy of personal health records and is based on the TPAKE protocol. A discussion about how these integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects follows. Distributed denial of service (DDoS) attacks are the second most common cybercrime attacks after information theft. The timely detection and prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. Chapter 7 presents a new classification system for detecting and preventing DDoS TCP flood attacks (CS_DDoS) for public clouds, particularly in an eHealth cloud environment. The proposed CS_DDoS system offers a solution for securing stored records by classifying incoming packets and making a decision based on these classification results. During the detection phase, CS_DDOS identifies and determines whether a packet is normal or from an attacker. During the prevention phase, packets classified as malicious are denied access to the cloud service, and the source IP is blacklisted. The performance of the CS_DDoS system is compared using four different classifiers: a least-squares support vector machine (LS-SVM), naïve Bayes, K-nearest-neighbour, and multilayer perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classifier is used. This combination can detect DDoS TCP flood attacks with an accuracy of approximately 97% and a Kappa coefficient of 0.89 when under attack from a single source, and 94% accuracy and a Kappa coefficient of 0.9 when under attack from multiple attackers. These results are then discussed in terms of the accuracy and time complexity, and are validated using a k-fold cross-validation model. Finally, a method to mitigate DoS attacks in the cloud and reduce excessive energy consumption through managing and limiting certain flows of packets is proposed. Instead of a system shutdown, the proposed method ensures the availability of service. The proposed method manages the incoming packets more effectively by dropping packets from the most frequent requesting sources. This method can process 98.4% of the accepted packets during an attack. Practicality and effectiveness are essential requirements of methods for preserving the privacy and security of data in clouds. The proposed methods successfully secure cloud projects and ensure the availability of services in an efficient way

A review of the state of the art in privacy and security in the eHealth cloud

The proliferation and usefulness of cloud computing in eHealth demands high levels of security and privacy for health records. However, eHealth clouds pose serious security and privacy concerns for sensitive health data. Therefore, practical and effective methods for security and privacy management are essential to preserve the privacy and security of the data. To review the current research directions in security and privacy in eHealth clouds, this study has analysed and summarized the state of the art technologies and approaches reported in security and privacy in the eHealth cloud. An extensive review covering 132 studies from several peer-reviewed databases such as IEEE Xplore was conducted. The relevant studies were reviewed and summarized in terms of their benefits and risks. This study also compares several research works in the domain of data security requirements. This paper will provide eHealth stakeholders and researchers with extensive knowledge and information on current research trends in the areas of privacy and security

TEMPERATURE PREDICT OF AERATION TANK WALLS FOR BIOLOGICAL WASTEWATER TREATMENT SUBSYSTEM OF HAMDAN STATION

A heat transfer modeled for predicting the wall temperature of aeration tank in a biological wastewater treatment subsystem of Hamden station is presented. The method to treatment employed depending upon the pollutants in wastewater and extent to which it is desired to eliminate them in order to congregate required standards of water quality. Several heat gain and loss mechanisms concerned to develop of the model of temperature computer includes heat gains through conduction and radiation. While the heat losses referred to convection and radiation. It classified radiation heat transfer and biological reaction as a gained heat, while classifying the rate of evaporation, aerator, and wind velocity as lost heat. This study relied on a previous study, and based on the assumptions that have been identified so that a model development can be obtained to calculate the surface temperature of the wall of the aeration tank in a biological treatment system. The operational, weather and temperature data were to be registered from Iraqi weather forecast- Basra Airport. To obtain reliable results, the model was simulated using the STELLA software v.9.02, which gave accurate results in determining the parameters that affect the tank wall temperature changes. The STELLA software is Model calibration and considers as a dynamics language because of STELLA is software for graphic and dynamic simulation for the wall temperature of aeration tank. The results have shown a good accuracy and increment between the production walls temperatures with average ranged about (0.2 %) of present work. The model shows the sensitivity through set of precious five parameters like organic removal rate, ambient air temperature, wind velocity, air relative humidity, and the wall effective area of the aeration tan

Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol

The acceleration in developments in communication technology has led to a consequent increase in the vulnerability of data due to penetration attacks. These attacks often came from outside where non-qualified companies develop IT projects. Cryptography can offer high levels of security but has recently shown vulnerabilities such as the man-in-the-middle (MITM) attack in areas of key exchange protocols, especially in the Diffie-Hellman (DH) protocol. Firstly, this paper presents an overview of MITM attacks targeted at the DH protocol then discusses some of the shortcomings of current defenses. A proposed method to secure DH, which helps secure systems against MITM attacks, is then presented. This method involves the use of Geffe generation of binary sequences. The use of Geffe generator offers high levels of randomness. Data hashed and encrypted using this proposed method will be so difficult to intercept and decrypt without the appropriate keys. This offers high levels of security and helps prevent MITM attacks

An energy efficient TCP DoS attacks mitigation method in cloud computing

Cloud computing is a model which provides an easy, cheap, and flexible technological services. However, it poses some security problems. One of the most common security problems is the TCP DoS attack. This attack threatens any cloud in terms of energy consumption and resources exhaustion. In this paper, we propose a method to mitigate the DoS attacks in a cloud by reducing excessive energy consumption via limiting the number of packets. Instead of system shutdown, the proposed method ensures the availability of service. The proposed method can better manage the incoming packets by dropping packets from the most frequent requesting sources. This method shows that it can process 98.4% of the accepted packets during an attack. Furthermore, it is proved that dropping the most frequent requesting sources will always save more energy than not dropping when under attacks

Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan

Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects

Parallel encryption mode for probabilistic scheme to secure data in the cloud

Cloud computing is a model for using computer resources and technologies to provide services such as storage and applications. Users can access and use the cloud computing services without the need to acquire knowledge, expertise or even administration of infrastructures that support these services. Cloud computing can be a general concept which includes software services and other modern technological functionality in the information technology world. Since cloud computing shares distributed resources through the Internet and intranet in the exposed environment, security is therefore an important issue. Cryptography is one of the common practical choices for cloud computing developers. It can offer a high level of security. However, cryptanalysis shows some weaknesses in block cipher modes, such as parallelization for Cipher Block Chaining (CBC) mode. This paper will explore the security issues of the standard block cipher modes of operation as well as in cloud computing. In addition, a new mode of encryption called the parallel encryption mode will be presented. In this mode each cipher block makes use of the characteristics of the entire file instead of just the previous cipher block. Therefore, if any single plaintext block is changed, all the cipher blocks will be changed. This mode offers high levels of security, integrity and enhances the performance of the block cipher in terms of speed as compared to standard CBC mode

Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption

The three-party password-based authenticated key exchange protocol gives two clients the ability to negotiate a session key through a trusted server over a public channel. Most of the proposed 3PAKE protocols use public keys to guarantee identities; however, the sharing of public keys may lead to various types of attacks, such as a man-in-the-middle attack, which allows an attacker to simply intercept and insert traffic traversing a network. In this paper, we briefly describe an updated three-party password-based authenticated key exchange protocol and analyse its security. The proposed TPAKE protocol does not share plain-text data. Data shared between the parties are either hashed or encrypted. Using the random oracle model, the security of the proposed TPAKE protocol is formally proven under the computational Diffie-Hillman assumption. Furthermore, the analyses included in this paper show that our protocol can ensure perfect forward secrecy and can also resist many types of common attacks

An efficient hash based parallel block cipher mode of operation

Block cipher encryption works on fixed length blocks, usually 128bits. The blocks of data are transformed into encrypted data blocks of identical size using a shared session key. A common feature of some modes of block cipher, such as Cipher Block Chaining mode (CBC), Cipher Feedback mode (CFB), Output Feedback mode (OFB), is the sequential processing. The ciphering process of a block cannot begin until the processing of the preceding block is completed. This feature does not make full use of the processing power in multiple processor systems. In this paper, we proposed a Parallel Block Cipher (PBC) mode, in which blocks of cipher can be processed in parallel. Results of speed performance tests of the PBC mode using various settings are presented and compared with the standard CBC mode. The PBC mode was shown to save 60% of execution time when compared with the CBC mode. Furthermore, the hash value of the data file might be utilized to provide integrity check in addition to encryption using AES128. As a result, the PBC mode has a better speed performance on top of the confidentiality and security provided by the CBC mode