04756906

8/13/2019 04756906

http://slidepdf.com/reader/full/04756906 1/4

Study on Security of Web-based Database

Qing Zhao1，Shihong Qin

1,2

1Electrical and information Engineer Department of Wuhan Polytechnic University,

Wuhan, 430023 P.R.China2Electrical and information Engineer Department of Wuhan Institute of technology,

Wuhan, 430205 P.R.China E-Mail:[email protected],[email protected]

Abstract

Web database is a combined production withdatabase technology and Web technology, it stores and

manages a great deal of data, if they are embezzled

or juggled, which maybe bring enormous

political and economic losses to the society. So it isimperative to properly establish security for Web

database against illegitimate intrusion. The Host Identity

Protocol (HIP) is designed by the Internet Engineering

Task Force(IETF) , it introduces a separationbetween the host identity and location identity,

and is used to authenticate the Host Identity of an

end system and to set up a limited relationship of trust

between two hosts on the Internet . One Web securitymodel is established using the Host Identity Protocol. Its

architecture is given. The security of the model is also

analyzed and discussed in the paper.

1. Introduction

With the increasingly development of Internet

technology, people are more and more depending on

network to realize data communication and resource

sharing, all kinds of Web-based information systemsemerge as the times require. Web database is a combined

production with database technology and Web technology[1-2]

. In the Database System, it stores and manages a great

deal of data, if they are embezzled or juggled, which

maybe bring enormous political and economic losses tothe society. In particular in E-commerce, the dealing was

transacted between manufacturers (or agents) and

customers, which must access sharing data. But the dataare stored in the database and the database is on WebServer. While the use of traditional network security

mechanisms—firewalls, Intrusion Detection Systems and

Https over Security Socket Layer (SSL) haven’t avoidedthe increasingly furious illegitimate intrusion on network,

which is to say that the Web databases cannot simply be

hidden behind a firewall. In spite of the large amounts of

money spent each year on IT security, the data stealing isvery universal all the time. So it is imperative to establish

properly secure Web database against illegitimate

intrusion. One security model using HIP is given. The

architecture and the security are analyzed in the paper.

2. Host Identity Protocol (HIP)

The Internet Protocol (IP) address is charged withaddressing function and it takes on the role of indicating

the location information node. The dual functions of t he

IP address causes problems when the IP address changes,

not only the route changes, but also the locationinformation changes. The IPv4 itself doesn’t comprise any

security property, consequently leads on the inadequacy of

the TCP/IP conversion on solving mobility, multi-homing, NAT/NAPT and IPv4/IPv6. Therefore the Internet

Engineering Task Force (IETF) designs the Host Identity

Protocol to support these problems as mobility,

multi-homing and so forth.

HIP introduces a separation between the host identityand location identity. The IP address remains as the locator,

while a new namespace is introduced for host identifiers.The HIP is used to authenticate the Host Identity of an end

system and to set up a limited relationship of trust betweentwo hosts on the Internet .The core of HIP is a new

namespace HI (Host Identity). The HI is independent ofthe location (IP address) of the host.

HIP introduces a new layer in the TCP/IP stack: Host

Identity Layer (HIL). The new layer is located between

the Networking Layer and the Transport Layer, which

signs the location of the host. The HIP packets architecture

as shown in Figure.1:In the HIP packets architecture, the using sign is

entitled Host Identifier (HI), which is the public key of a

public/private key pair, is a static globally unique name,and is stored in the DNS or the catalog of the Lightweight

Directory Access Protocol (LDAP).The length of HI is

different because of different public key systemalgorithms, we usually use Host Identity Tag (HIT) with

fixed length in the practical protocol. HIT is obtained by

taking the output of a secure hash function applied to HI,

truncated to the IPv6 address size. It is 128 bits long and is

used in the HIP payloads and to index the corresponding

state in the end host[3-5]

.

2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application

978-0-7695-3490-9/08 $25.00 © 2008 IEEE

DOI 10.1109/PACIIA.2008.390

902


978-0-7695-3490-9/08 $25.00 © 2008 IEEE

DOI 10.1109/PACIIA.2008.390

902


978-0-7695-3490-9/08 $25.00 © 2008 IEEE

DOI 10.1109/PACIIA.2008.390

902

8/13/2019 04756906


Figure.1 HIP Packets Architecture

3. The Establishment and Architecture of the

Model

A Web-based interface is generally open to the public.

It is little control over the client who can access the

interface. So strong security measures are taken for thedatabase itself and for the part of the network owned by

the database provider

A common architecture for offering a relatively open

access to a database is to provide a web server that accepts

requests in an easy-to-use format, and passes them to the

database, but this architecture leaves the database open to be attacked based on invalid requests or invalidrequestors. In addition, the exchanged data must be

encrypted as part of the application requirements, so a

secure connection must be ultimately established between

the database and the requesting user. If a method can bedeveloped to validate user identities in the web server, and

the user is required to register for both his identity and thehost that he or she is tied to, then while these steps can be

achieved independently, it is also true that to validate the

identity of the host or the end user, it is essential to

establish a secure connection between them. This secure

connection can be used for the data exchange. The use of

the HIP can satisfy this demand[6-8]

.

The topology of the HIP-based Web database security

model to implement above functions is shown in Figure.2.

Figure.2 shows how to access the Web database with

m hosts and n users in the model, which is based on the

extended HIP with Rendezvous Server (RVS). The HIPResponder lies in the Web server logically in front of it.

The clients (hosts and users) accessing the Web databaseact as the HIP Initiators. They constitute a complete

extended HIP authentication system with the Rendezvous

Server (RVS) and DNSsec Server.

903903903

8/13/2019 04756906


Figure.2 Architecture of the model (Dashed lines are processes of accessing DB)

In the model, the processes of a client accessing the

Web database include two phases: the first is the clientgets the extended HIP authentication of the Web server (S1,

2, 3); the second is the Web server starts actually accessing

the database (S4). Where HI(R) represents the HI of R(Responder), HI(I) represents the HI of I (Initiator), IP(R)

represents the IP address of R, “→”represents the

corresponding relation, (HI,UI) represents the binding

relation, when the client wants to access the Webdatabase, the Responder must register its Host Identity

and created HI(R)→IP(R) records in the RVS, and

registers its domain namespace and creates

FQDN→IP(RVS) and FQDN→HI(R) records in theDNSsec Server in advance. The Initiator must register itstwo Identities (HI,UI) and creates HI(I)→IP(I) and

binding--UI(I)→HI(I) records in the RVS, and

registers its domain namespace and createdFQDN→HI(I) and FQDN→IP(I) records in the DNSsec

Server in advance. If the IP address of the host is changed

for various reasons that include mobility of user or host,

the host (I or R) must re-register the above records. Firstly,the client (Initiator) sends packet I1 to the RVS starting the

extended HIP authentication. After validating it, the RVS

forwards I1 to the Responder (in the Web server). Later on,

the extended HIP with UI operating directly between the

Initiator (the client) and the Responder (in the Web server).Finally, the authentication finishes and begins to access the

real database.In the model, we combine the HIP Responder with the

Web Server. This allows the Web server to work under the

control of the HIP Responder. If the client wants to access

the Web server and database, the HIP Responder must

authenticate it. However, the HIP Responder can also beseparated from the Web server and be located in front of it.

Given that the function of database server may not be a

good match to the likely applications of the clients, theapplication server may be used to provide additional

information processing or application-specific responses.

The Encryption server is for encrypting the sensitive datain the database and is responsible for security of the

database source itself. Neither one participates in the HIP

authentication. The DNSsec Server and RVS serve the HIP

authentication, and they can be located anywhere on theInternet. In general, the DNSsec Server and RVS should

belong to the owner of the database. Besides, they may

also belong to an authentication organization of the

network or an ISP.

4. Analysis of Security of the Model

The Web database security depends on limiting actual

access to the Web server and database itself. In the abovemodel, we have limited the access to the Web server and

database to the greatest extent. Its database server onlyexchanges information with the Web server, and only

allows connections from the Web server. Anyone

accessing the database via the Web server must be

authenticated by the extended HIP with UI. Anyone who is permitted to access the Web server is a real and legitimate

client. If an attacker attempts to directly connect tothe Web server and access the database bypassing the

HIP Responder, then his request will be dropped

silently by the Web server, because he or she is not in theHUT and does not have the HIPA. If an attacker wants

to connect to the Web server via the HIP Responder, he or

she will not be authenticated. Because he or she has notregistered the HI, UI in the RVS, and does not have a

UI→HI binding flag in the packet I1, and he or she

904904904

8/13/2019 04756906


also cannot answer the correct solution to the puzzle

challenge. In general, the RVS will drop all messages

except I1, the Responder will drop all request messages

except I1 coming from its RVS. The application server is

optional for applying functions and is not involved insecurity authentication. The encryption server is for

guaranteeing that sensitive data in the database will not be

exposed on the Internet and for the security of the databaseitself.

5. Conclusions

Through above analysis, we can know the security of

the Web database is quite potent due to authentication of

extended HIP with UI. It also has good feasibility, andhigh availability for most demanding environments.

References

[1] Wu Chunming, Zheng Zhiqiang. Study on Encryption ofWeb-based Database. Journal of Southwest Agricultural

University (Natural Science), Vol 26, No.2, pp220-222, April2004.

[2] Zhu Lianjun, Cui Qinghua. On the Running Tactics and theRelative Technology about the Web Database. Journal ofHenan Institute of Education (Natural Science),Vol 15, No.1,

pp64-65, March 2006.

[3] Yu Shuyao, Zhang Youkun. A Study on Host Identity Protocol

(HIP).Computer Application and Study, pp219-221, 2005.[4] Fayez Al-Shraideh. Host Identity Protocol. Proceeding of theInternational Conference on Networking, International

Conference on Systems and International Conference onMobile Communications and Learning Technologies(ICNICONSMCL’06), pp1628448, April 23-29, 2006.

[5] R. Moskowitz, P. Nikander, P. Jokela, T. Henderson. Host

Identity Protocol (draft-09), October 2007.[6] Hu Xueyong, J. William Atwood. A Web Database Security

Model Using the Host Identity Protocol. 11 th International

Database Engineering and ApplicationsSymposium(IDEAS’07),2007.

[7] J. Laganier, L. Eggert. Host Identity Protocol (HIP)

Rendezvous Extension. (draft-05), November 2006.[8] T. Henderson. End-Host Mobility and Multihoming with the

Host Identity Protocol. (draft-05), March 2007.

905905905

04756906

Documents

Transcript of 04756906