Encrypted Text Storage with Admin Decryption and Multi-Layer Authentication
Keywords:
2FA, HTTPS, blockchain technologyAbstract
In today’s digital age, securing sensitive data during transmission and storage is of paramount importance. While encryption protocols such as HTTPS have been widely adopted to protect data during transit, many systems still fail to ensure the same level of protection once the data reaches the server or database. Data at rest, often stored in plaintext or with weak encryption, remains vulnerable to various threats, including SQL injection, insider attacks, and data leaks. Additionally, admin panels, frequently protected by single-layer authentication, are susceptible to unauthorized access. This project introduces the BackendEncrypted Secure Web Text Storage System with Admin-Only Decryption and 2FA, designed to bridge the gap between transmission security and secure data storage. Unlike traditional security models that primarily focus on encrypting data during transit, this system encrypts the user’s text input only after it reaches the backend, before it is stored in the database. The encryption is performed using AES-based cryptography with multiple rounds of key rotation, enhancing the security of the data against brute-force and reverse engineering attacks. Furthermore, the system enforces a strict access policy where only an authenticated admin can view the decrypted data. After the admin logs in using a username and password, access is further protected by a Two-Factor Authentication (2FA) mechanism, which requires an OTP sent to the admin’s registered email address. This additional layer of security ensures that even if the admin’s credentials are compromised, unauthorized access is prevented. The system not only ensures robust security for data in transit and at rest but also provides a scalable framework for future enhancements, including realtime monitoring, file encryption, and potential integration with blockchain technology. This project serves as a comprehensive solution for developers looking to securely manage and store sensitive data in web applications.
Downloads
References
1. Wagner, D., & Schneier, B. (2006). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley. This book provides foundational knowledge on the principles of building secure systems, including encryption and access control methods relevant to this project.
2. Stallings, W. (2017). Cryptography and Network Security: Principles and Practice (7th ed.). Pearson. Offers comprehensive insights into modern cryptography techniques, including AES encryption, and best practices for securing data transmission and storage.
3. Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (2018). Handbook of Applied Cryptography. CRC Press. A crucial reference for understanding cryptographic algorithms and how they are applied in real-world systems, particularly for data encryption.
4. Google Authenticator. (n.d.). Retrieved from https://support.google.com/accounts/answer/1066447?hl=en o Provides insights on the implementation of Two-Factor Authentication (2FA), a key component in securing admin access.
5. Hershkop, S., & Jajodia, S. (2009). Database Security: Concepts, Approaches, and Challenges. Springer. Discusses database security practices such as encryption, access control, and defense mechanisms against SQL injection and other attacks.
6. Harris, S., & Maymi, D. (2021). CISSP All-in-One Exam Guide (9th ed.). McGraw-Hill Education.
A comprehensive resource on security practices, including encryption techniques and the use of multi-layer security approaches like 2FA.
7. Chien, H., & Jeng, S. (2010). "A Study on the Use of SQL Injection Prevention Mechanisms." International Journal of Computer Applications, 10(9), 35-42. This paper provides a detailed analysis of SQL injection attacks and discusses prevention methods that were used to secure the system in this project.
8. Sookhak, M., & Selamat, A. (2016). "The Prevention of SQL Injection Attacks Using Code and Database Modification." Journal of Information Security, 7(3), 143-152. Explores various SQL injection prevention techniques that were applied to enhance security in this system.
9. Shen, L., & Wang, L. (2012). "Research on the Security Model of Web Database Applications." International Journal of Network Security, 14(5), 364-371. Discusses security models for web applications, including the need for encryption and access control to protect sensitive data.
10. Burt, C., & Austin, M. (2018). "Implementation of Blockchain Technology in Data Management Systems." Journal of Cloud Computing and Big Data, 6(1), 24-32. Examines how blockchain can be integrated with data management systems for enhancing security and transparency, a potential future direction for this system.
