Вы находитесь на странице: 1из 4

2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application

Study on Security of Web-based Database

Qing Zhao1Shihong Qin1,2 1Electrical and information Engineer Department of Wuhan Polytechnic University, Wuhan, 430023 P.R.China 2Electrical and information Engineer Department of Wuhan Institute of technology, Wuhan, 430205 P.R.China E-Mail:zq729@163.com,Qinsh@whpu.edu.cn Abstract
Web database is a combined production with database technology and Web technology, it stores and manages a great deal of data, if they are embezzled or juggled, which maybe bring enormous political and economic losses to the society. So it is imperative to properly establish security for Web database against illegitimate intrusion. The Host Identity Protocol (HIP) is designed by the Internet Engineering Task Force(IETF) , it introduces a separation between the host identity and location identity, and is used to authenticate the Host Identity of an end system and to set up a limited relationship of trust between two hosts on the Internet . One Web security model is established using the Host Identity Protocol. Its architecture is given. The security of the model is also analyzed and discussed in the paper. properly secure Web database against illegitimate intrusion. One security model using HIP is given. The architecture and the security are analyzed in the paper.

2. Host Identity Protocol (HIP)

The Internet Protocol (IP) address is charged with addressing function and it takes on the role of indicating the location information node. The dual functions of t he IP address causes problems when the IP address changes, not only the route changes, but also the location information changes. The IPv4 itself doesnt comprise any security property, consequently leads on the inadequacy of the TCP/IP conversion on solving mobility, multi-homing, NAT/NAPT and IPv4/IPv6. Therefore the Internet Engineering Task Force (IETF) designs the Host Identity Protocol to support these problems as mobility, multi-homing and so forth. HIP introduces a separation between the host identity and location identity. The IP address remains as the locator, while a new namespace is introduced for host identifiers. The HIP is used to authenticate the Host Identity of an end system and to set up a limited relationship of trust between two hosts on the Internet .The core of HIP is a new namespace HI (Host Identity). The HI is independent of the location (IP address) of the host. HIP introduces a new layer in the TCP/IP stack: Host Identity Layer (HIL). The new layer is located between the Networking Layer and the Transport Layer, which signs the location of the host. The HIP packets architecture as shown in Figure.1: In the HIP packets architecture, the using sign is entitled Host Identifier (HI), which is the public key of a public/private key pair, is a static globally unique name, and is stored in the DNS or the catalog of the Lightweight Directory Access Protocol (LDAP).The length of HI is different because of different public key system algorithms, we usually use Host Identity Tag (HIT) with fixed length in the practical protocol. HIT is obtained by taking the output of a secure hash function applied to HI, truncated to the IPv6 address size. It is 128 bits long and is used in the HIP payloads and to index the corresponding state in the end host [3-5].

1. Introduction
With the increasingly development of Internet technology, people are more and more depending on network to realize data communication and resource sharing, all kinds of Web-based information systems emerge as the times require. Web database is a combined production with database technology and Web technology [1-2] . In the Database System, it stores and manages a great deal of data, if they are embezzled or juggled, which maybe bring enormous political and economic losses to the society. In particular in E-commerce, the dealing was transacted between manufacturers (or agents) and customers, which must access sharing data. But the data are stored in the database and the database is on Web Server. While the use of traditional network security mechanismsfirewalls, Intrusion Detection Systems and Https over Security Socket Layer (SSL) havent avoided the increasingly furious illegitimate intrusion on network, which is to say that the Web databases cannot simply be hidden behind a firewall. In spite of the large amounts of money spent each year on IT security, the data stealing is very universal all the time. So it is imperative to establish
978-0-7695-3490-9/08 $25.00 2008 IEEE DOI 10.1109/PACIIA.2008.390

Figure.1 HIP Packets Architecture

3. The Establishment and Architecture of the Model

A Web-based interface is generally open to the public. It is little control over the client who can access the interface. So strong security measures are taken for the database itself and for the part of the network owned by the database provider A common architecture for offering a relatively open access to a database is to provide a web server that accepts requests in an easy-to-use format, and passes them to the database, but this architecture leaves the database open to be attacked based on invalid requests or invalid requestors. In addition, the exchanged data must be encrypted as part of the application requirements, so a secure connection must be ultimately established between the database and the requesting user. If a method can be developed to validate user identities in the web server, and

the user is required to register for both his identity and the host that he or she is tied to, then while these steps can be achieved independently, it is also true that to validate the identity of the host or the end user, it is essential to establish a secure connection between them. This secure connection can be used for the data exchange. The use of the HIP can satisfy this demand [6-8]. The topology of the HIP-based Web database security model to implement above functions is shown in Figure.2. Figure.2 shows how to access the Web database with m hosts and n users in the model, which is based on the extended HIP with Rendezvous Server (RVS). The HIP Responder lies in the Web server logically in front of it. The clients (hosts and users) accessing the Web database act as the HIP Initiators. They constitute a complete extended HIP authentication system with the Rendezvous Server (RVS) and DNSsec Server.


Figure.2 Architecture of the model (Dashed lines are processes of accessing DB)

In the model, the processes of a client accessing the Web database include two phases: the first is the client gets the extended HIP authentication of the Web server (S1, 2, 3); the second is the Web server starts actually accessing the database (S4). Where HI(R) represents the HI of R (Responder), HI(I) represents the HI of I (Initiator), IP(R) represents the IP address of R, represents the corresponding relation, (HI,UI) represents the binding relation, when the client wants to access the Web database, the Responder must register its Host Identity and created HI(R)IP(R) records in the RVS, and registers its domain namespace and creates FQDNIP(RVS) and FQDNHI(R) records in the DNSsec Server in advance. The Initiator must register its two Identities (HI,UI) and creates HI(I)IP(I) and binding--UI(I)HI(I) records in the RVS, and registers its domain namespace and created FQDNHI(I) and FQDNIP(I) records in the DNSsec Server in advance. If the IP address of the host is changed for various reasons that include mobility of user or host, the host (I or R) must re-register the above records. Firstly, the client (Initiator) sends packet I1 to the RVS starting the extended HIP authentication. After validating it, the RVS forwards I1 to the Responder (in the Web server). Later on, the extended HIP with UI operating directly between the Initiator (the client) and the Responder (in the Web server). Finally, the authentication finishes and begins to access the real database. In the model, we combine the HIP Responder with the Web Server. This allows the Web server to work under the control of the HIP Responder. If the client wants to access the Web server and database, the HIP Responder must authenticate it. However, the HIP Responder can also be separated from the Web server and be located in front of it.

Given that the function of database server may not be a good match to the likely applications of the clients, the application server may be used to provide additional information processing or application-specific responses. The Encryption server is for encrypting the sensitive data in the database and is responsible for security of the database source itself. Neither one participates in the HIP authentication. The DNSsec Server and RVS serve the HIP authentication, and they can be located anywhere on the Internet. In general, the DNSsec Server and RVS should belong to the owner of the database. Besides, they may also belong to an authentication organization of the network or an ISP.

4. Analysis of Security of the Model

The Web database security depends on limiting actual access to the Web server and database itself. In the above model, we have limited the access to the Web server and database to the greatest extent. Its database server only exchanges information with the Web server, and only allows connections from the Web server. Anyone accessing the database via the Web server must be authenticated by the extended HIP with UI. Anyone who is permitted to access the Web server is a real and legitimate client. If an attacker attempts to directly connect to the Web server and access the database bypassing the HIP Responder, then his request will be dropped silently by the Web server, because he or she is not in the HUT and does not have the HIPA. If an attacker wants to connect to the Web server via the HIP Responder, he or she will not be authenticated. Because he or she has not registered the HI, UI in the RVS, and does not have a UIHI binding flag in the packet I1, and he or she


also cannot answer the correct solution to the puzzle challenge. In general, the RVS will drop all messages except I1, the Responder will drop all request messages except I1 coming from its RVS. The application server is optional for applying functions and is not involved in security authentication. The encryption server is for guaranteeing that sensitive data in the database will not be exposed on the Internet and for the security of the database itself.



Through above analysis, we can know the security of the Web database is quite potent due to authentication of extended HIP with UI. It also has good feasibility, and high availability for most demanding environments.

[1] Wu Chunming, Zheng Zhiqiang. Study on Encryption of Web-based Database. Journal of Southwest Agricultural

University (Natural Science), Vol 26, No.2, pp220-222, April 2004. [2] Zhu Lianjun, Cui Qinghua. On the Running Tactics and the Relative Technology about the Web Database. Journal of Henan Institute of Education (Natural Science),Vol 15, No.1, pp64-65, March 2006. [3] Yu Shuyao, Zhang Youkun. A Study on Host Identity Protocol (HIP).Computer Application and Study, pp219-221, 2005. [4] Fayez Al-Shraideh. Host Identity Protocol. Proceeding of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL06), pp1628448, April 23-29, 2006. [5] R. Moskowitz, P. Nikander, P. Jokela, T. Henderson. Host Identity Protocol (draft-09), October 2007. [6] Hu Xueyong, J. William Atwood. A Web Database Security Model Using the Host Identity Protocol. 11th International Database Engineering and Applications Symposium(IDEAS07),2007. [7] J. Laganier, L. Eggert. Host Identity Protocol (HIP) Rendezvous Extension. (draft-05), November 2006. [8] T. Henderson. End-Host Mobility and Multihoming with the Host Identity Protocol. (draft-05), March 2007.