3 Levels of Successful Triple Layer Data Protection

Praveen Raj May 26 - 3 min read

Audio : Listen to This Blog.

The growth of high speed computer networks and internet, in particular, has hiked the ease of data communication. But, on the other hand, this growth is also responsible for the snooping of data. The ease, by which digital information can be duplicated and distributed, has led to the need for effective protection tools. Various encryption techniques like cryptography, digital watermarking, steganography etc. have already been introduced in an attempt to address these growing concerns.
In this paper, an algorithmic approach is proposed in which, along with the combination of cryptography and compression technique (taken as security layers), an extra layer of security has been imposed in between them to obtain a completely secured data transmission scheme.

Problem Statement:

Triple Layer Security Protection for vCenter WebClient Plugin’s Admin-User Credential

Proposed vCenter Web Client Plugin:

Single glass-pane of Storage Management

  • Integrating storage server functionality into vCenter Web Client Framework
  • Customizing/configuring the vCenter Web Client to expose the Storage Server vendor specific functionalities
  • Integrating Alarms, Events and Tasks of vendor specific storage management into vCenter Web Client Alarms, Events and Task console.

Need for Triple Layer Security Protection:

  • Storage Server Admin User Credentials configured during the vCenter Web Client Plugin deployment, must be easily reconfigurable at later point of time.
  • Users are expected to make modifications of their Storage Server Admin User Credentials, based on the corporate password change policy.
  • Every time the password changes, it should never insist on redeploying the vCenter Web Client Plugin.

Approach for protecting the vCenter Web Client Plugin Admin User Credentials:

Triple Layer Security Protection approached is based on 3 levels-

Level – 1. vCenter Admin credentials encryption

vCenter Admin credentials encryption follows password based encryption(PBE) including Message Digest Algorithm(MD5) and Data Encryption Standard(DES).

  • Use PBEWithMD5AndDes to derive a DES key based on the password.
  • Encrypt the user’s password with that DES key.
  • Hash the salt and ciphertext with MD5, giving 128 bits of hash output.
  • Base64-encode the hash to give you the oRu… value.

Develop a Java program that takes a password and outputs a DES encryption key (i.e. implements PBEWithMD5AndDes)with the openssl command, which will do MD5 hashing, DES encryption and Base64 (encoding/decoding).

Level – 2. SQlite Database is preferred over other DB. The reason is that, SQlite DB does not require the separate installation procedure and is simple to use.

SQlite database creation and inserting credentials

  • Creating an SQLite database.
    – Use the create or openOrCreate methods in the DatabaseFactory class.
  • Inserting encrypted data:
    – Insert encrypted data into a table by executing an INSERT statement.

– Execute INSERT statements with the Statement.execute method or the Statement.executeInsert method.

Level – 3. Compressing the database with password protection.

SQlite database is user readable and easy to edit. In order to restrict them we just compress and do password protection for the DB file using 7zip Software Compression Tool.

Conclusion:

A growing number of users are aware of data being available freely over the internet, thus leading to numerous cases of data theft and security breaches. This elucidates the increasing popularity of data security and encryption. Lack of security mechanism can easily lead to data theft or tampering. Critical data is at a higher risk in such scenarios; this is when we approach using the techniques like above, where we can tighten data security and secure information across the web.

Leave a Reply

Get an understanding of a virtualized, automated data center. Read our Whitepaper “An Outlook on Automation in Virtualized Data Centers.”