Home // CYBER 2016, The First International Conference on Cyber-Technologies and Cyber-Systems // View article

Exchanging Database Writes with Modern Crypto

Authors:
Andreas Happe
Thomas Loruenser

Keywords: Internet, Network security, Web services

Abstract:
Modern cryptography provides for new ways of solving old problems. This paper details how Keyed-Hash Mes- sage Authentication Codes (HMACs) or Authenticated Encryp- tion with Associated Data (AEAD) can be employed as an alternative to a traditional server-side temporal session store. This cryptography-based approach reduces the server-side need for state. When applied to database-based user-management systems it removes all database alteration statements needed for confirmed user sign-up and greatly removes database alteration statements for typical “forgot password” use-cases. As there is no temporary data stored within the server database system, there is no possibility of creating orphaned or abandoned data records. However, this new approach is not generic and can only be applied if implemented use-cases fulfill requirements. This requirements and implications are also detailed within this paper.

Pages: 50 to 53

Copyright: Copyright (c) IARIA, 2016

Publication date: October 9, 2016

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-512-8

Location: Venice, Italy

Dates: from October 9, 2016 to October 13, 2016