Professional Documents
Culture Documents
1. Introduction
With the increasingly development of Internet technology, people are more and more depending on network to realize data communication and resource sharing, all kinds of Web-based information systems emerge as the times require. Web database is a combined production with database technology and Web technology [1-2] . In the Database System, it stores and manages a great deal of data, if they are embezzled or juggled, which maybe bring enormous political and economic losses to the society. In particular in E-commerce, the dealing was transacted between manufacturers (or agents) and customers, which must access sharing data. But the data are stored in the database and the database is on Web Server. While the use of traditional network security mechanismsfirewalls, Intrusion Detection Systems and Https over Security Socket Layer (SSL) havent avoided the increasingly furious illegitimate intrusion on network, which is to say that the Web databases cannot simply be hidden behind a firewall. In spite of the large amounts of money spent each year on IT security, the data stealing is very universal all the time. So it is imperative to establish
978-0-7695-3490-9/08 $25.00 2008 IEEE DOI 10.1109/PACIIA.2008.390
the user is required to register for both his identity and the host that he or she is tied to, then while these steps can be achieved independently, it is also true that to validate the identity of the host or the end user, it is essential to establish a secure connection between them. This secure connection can be used for the data exchange. The use of the HIP can satisfy this demand [6-8]. The topology of the HIP-based Web database security model to implement above functions is shown in Figure.2. Figure.2 shows how to access the Web database with m hosts and n users in the model, which is based on the extended HIP with Rendezvous Server (RVS). The HIP Responder lies in the Web server logically in front of it. The clients (hosts and users) accessing the Web database act as the HIP Initiators. They constitute a complete extended HIP authentication system with the Rendezvous Server (RVS) and DNSsec Server.
903
Figure.2 Architecture of the model (Dashed lines are processes of accessing DB)
In the model, the processes of a client accessing the Web database include two phases: the first is the client gets the extended HIP authentication of the Web server (S1, 2, 3); the second is the Web server starts actually accessing the database (S4). Where HI(R) represents the HI of R (Responder), HI(I) represents the HI of I (Initiator), IP(R) represents the IP address of R, represents the corresponding relation, (HI,UI) represents the binding relation, when the client wants to access the Web database, the Responder must register its Host Identity and created HI(R)IP(R) records in the RVS, and registers its domain namespace and creates FQDNIP(RVS) and FQDNHI(R) records in the DNSsec Server in advance. The Initiator must register its two Identities (HI,UI) and creates HI(I)IP(I) and binding--UI(I)HI(I) records in the RVS, and registers its domain namespace and created FQDNHI(I) and FQDNIP(I) records in the DNSsec Server in advance. If the IP address of the host is changed for various reasons that include mobility of user or host, the host (I or R) must re-register the above records. Firstly, the client (Initiator) sends packet I1 to the RVS starting the extended HIP authentication. After validating it, the RVS forwards I1 to the Responder (in the Web server). Later on, the extended HIP with UI operating directly between the Initiator (the client) and the Responder (in the Web server). Finally, the authentication finishes and begins to access the real database. In the model, we combine the HIP Responder with the Web Server. This allows the Web server to work under the control of the HIP Responder. If the client wants to access the Web server and database, the HIP Responder must authenticate it. However, the HIP Responder can also be separated from the Web server and be located in front of it.
Given that the function of database server may not be a good match to the likely applications of the clients, the application server may be used to provide additional information processing or application-specific responses. The Encryption server is for encrypting the sensitive data in the database and is responsible for security of the database source itself. Neither one participates in the HIP authentication. The DNSsec Server and RVS serve the HIP authentication, and they can be located anywhere on the Internet. In general, the DNSsec Server and RVS should belong to the owner of the database. Besides, they may also belong to an authentication organization of the network or an ISP.
904
also cannot answer the correct solution to the puzzle challenge. In general, the RVS will drop all messages except I1, the Responder will drop all request messages except I1 coming from its RVS. The application server is optional for applying functions and is not involved in security authentication. The encryption server is for guaranteeing that sensitive data in the database will not be exposed on the Internet and for the security of the database itself.
5.
Conclusions
Through above analysis, we can know the security of the Web database is quite potent due to authentication of extended HIP with UI. It also has good feasibility, and high availability for most demanding environments.
References
[1] Wu Chunming, Zheng Zhiqiang. Study on Encryption of Web-based Database. Journal of Southwest Agricultural
University (Natural Science), Vol 26, No.2, pp220-222, April 2004. [2] Zhu Lianjun, Cui Qinghua. On the Running Tactics and the Relative Technology about the Web Database. Journal of Henan Institute of Education (Natural Science),Vol 15, No.1, pp64-65, March 2006. [3] Yu Shuyao, Zhang Youkun. A Study on Host Identity Protocol (HIP).Computer Application and Study, pp219-221, 2005. [4] Fayez Al-Shraideh. Host Identity Protocol. Proceeding of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL06), pp1628448, April 23-29, 2006. [5] R. Moskowitz, P. Nikander, P. Jokela, T. Henderson. Host Identity Protocol (draft-09), October 2007. [6] Hu Xueyong, J. William Atwood. A Web Database Security Model Using the Host Identity Protocol. 11th International Database Engineering and Applications Symposium(IDEAS07),2007. [7] J. Laganier, L. Eggert. Host Identity Protocol (HIP) Rendezvous Extension. (draft-05), November 2006. [8] T. Henderson. End-Host Mobility and Multihoming with the Host Identity Protocol. (draft-05), March 2007.
905