ENHANCED AUTHORIZATION FOR SECURE MANAGEMENT OF SENSITIVE DATA IN HYBRID APPLICATIONS
DOI:
https://doi.org/10.26906/SUNZ.2023.2.098Keywords:
Cryptography, Public-key cryptography, Authorization, NodejsAbstract
Sensitive data is often managed by cloud-based applications, which can be vulnerable to attackers who seek unauthorized access to this data. Traditional approaches to authorization may not be sufficient to protect sensitive data from such attacks. In this article, we propose an enhanced authorization approach that uses a combination of symmetric and asymmetric cryptography to secure sensitive data. Specifically, we propose generating a unique encryption key per file and a set of public and private keys per user, which are used to encrypt and decrypt the data. We demonstrate the feasibility of our approach with examples in Node.js, showing how to generate public and private keys, encrypt and decrypt files, and store encrypted data on a drive. Our approach provides an effective solution to the problem of managing sensitive data in hybrid applications, while preserving user and developer convenience.Downloads
References
Prototype Pollution. Snyk. https://learn.snyk.io/lessons/prototype-pollution/javascript/
Г. В. Головко. Конспект лекцій з дисципліни "Захист інформації в комп'ютерних системах і Кібербезпека" (2021). Національний університет «Полтавська політехніка імені Юрія Кондратюка». https://dist.nupp.edu.ua/mod/resource/view.php?id=122282
Harvest now, decrypt later. Wikipedia. https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later
Crypto package. Node.js. https://nodejs.org/api/crypto.html#crypto
crypto.generateKeyPair() Node.js. https://nodejs.org/api/crypto.html#cryptogeneratekeypairtype-options-callback
crypto.randomBytes(). Node.js. https://nodejs.org/api/crypto.html#cryptorandombytessize-callback
crypto.createCipheriv(). Node.js. Crypto package. Node.js. https://nodejs.org/api/crypto.html#cryptocreatecipherivalgorithmkey-iv-options
crypto.publicEncrypt(). Node.js. https://nodejs.org/api/crypto.html#cryptopublicencryptkey-buffer
crypto.privateDecrypt(). Node.js. https://nodejs.org/api/crypto.html#cryptoprivatedecryptprivatekey-buffer
crypto.createDecipheriv(). Node.js. https://nodejs.org/api/crypto.html#cryptocreatedecipherivalgorithm-key-iv-options
Encrypting File System. Wikipedia. https://en.wikipedia.org/wiki/Encrypting_File_System
AES instruction set. Wikipedia. https://en.wikipedia.org/wiki/AES_instruction_set
Advanced Encryption Standard. Wikipedia. https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
