OJS Security Analysis Issues, Reasons, and Possible Solutions

Open Journal Systems (OJS), a modern era Publishing tool for authors, reviewers and editors have gained a lot of popularity in the recent times as this software is available free for use on web and publishes journal online. While this tool empowers its user to validate, support, control, track publications, etc, at the same time its wide user base has raised few concerns about data security. This article deals with security issues that may arise from the use of this web-based journal management and publishing software by the author and also suggests measures/precautions on how to minimise the possible risk related to data security based on author experience in certain situations. For this, the author has adopted a methodology that synchronises reviewed research papers with thoughts gained by reading various blogs and documentation and doing analysis of same. With this contribution from the author, the user is expected to benefit from the implementation of suggestive guidance/approach as prescribed in this article to overcome similar issues, which may be faced by some users. The author has endeavored to express the associated security issues, recommend solutions and security steps to be followed while using the OJS in certain situations.

Download Full-text

Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2022010106 ◽

2022 ◽

Vol 16 (1) ◽

pp. 0-0

Keyword(s):

Data Security ◽

Security Analysis ◽

Data Communication ◽

Computation Time ◽

Computational Time ◽

Security Issues ◽

Authentication Mechanism ◽

Cloud Server ◽

Secure Authentication ◽

Provably Secure

Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.

Download Full-text

PERANCANGAN SISTEM KEAMANAN DATA INVENTORY BARANG DI TOKO NANDA BERBASIS WEB MENGGUNAKAN METODE KRIPTOGRAFI VIGENERE CIPHER

Jurnal Teknologi Informasi MURA ◽

10.32767/jti.v11i1.451 ◽

2019 ◽

Vol 11 (1) ◽

pp. 29-36

Author(s):

Joni Karman ◽

Ahmad Nurhasan

Keyword(s):

Data Collection ◽

Programming Language ◽

Direct Observation ◽

Data Security ◽

Data Loss ◽

Inventory Data ◽

Web Based ◽

Modern Era ◽

Collection Methods ◽

Security Application

Abstrak Masalah yang ada pada penelitian ini adalah sistem pencatatan stok barang bangunan pada Toko Nanda masih rentan terhadap kehilangan data, karena sistem pencatatan stok barang pada toko ini masih manual, yaitu dengan cara mengumpulkan nota-nota setiap pembelian nya. Di era modern seperti sekarang ini sudah seharusnya Toko Nanda menggunakan teknologi yang ada sebagai media pengamanan data tersebut. Penelitian ini menggunakan metode pengumpulan data, dengan cara pengamatan langsung pada objek yang diteliti (Observasi), melakukan tanya jawab langsung pada sumber (Interview), dokumentasi dan perpustakaan. Hasil penelitian ini menghasilkan sebuah aplikasi keamanan data inventory barang berbasis web, dengan menggunakan bahasa pemrograman PHP, dan database menggunakan MySQL, sedangkan untuk keamanan data nya menggunakan metode kriptografi vigenere cipher, dan dapat disimpulkan bahawa aplikasi ini dapat membantu Toko Nanda dalam mengamankan data serta dapat mengetahui jumlah stok barang yang tersedia. Kata Kunci : Keamanan Data, Inventory, Kriptografi, Vigenere Cipher, Abstract The problem that exists in this study is the system of recording the stock of building goods in Toko Nanda is still vulnerable to data loss, because the system of recording the stock of goods in this store is still manual, namely by collecting the notes for each purchase. In the modern era, as now, Nanda Store is supposed to use existing technology as a means of securing the data. This study uses data collection methods, by direct observation of the object under study (Observation), conducting question and answer directly to the source (Interview), documentation and library. The results of this study resulted in a web-based inventory data security application, using the PHP programming language, and a database using MySQL, while for data security it uses the vigenere cipher cryptographic method, and it can be concluded that this application can help the Nanda Store in securing data and can find out the amount of available stock. Keywords: Data Security, Inventory, Kriptografi, Vigenere Cipher,

Download Full-text

Implementation of Regular Expressions for CLI and WEB-based Backdoor Scanners

Procedia of Engineering and Life Science ◽

10.21070/pels.v1i1.834 ◽

2021 ◽

Vol 1 (1) ◽

Author(s):

Nikko Enggaliano Pratama ◽

Arif Fitrani

Keyword(s):

Information System ◽

Information Systems ◽

Private Sector ◽

Data Security ◽

False Positive ◽

Regular Expressions ◽

Command Line ◽

Command Line Interface ◽

Web Based ◽

Security Issues

The author realizes that in this era, information systems are increasingly developing, there are so many system developers who can develop great and useful applications. But not many of these developers care about data security issues or information systems. The more an application that is running and is also being developed will have an impact along with the increasing number of cybercrime or hacktivists attacking the application or a server. The actors not only carried out attacks and then ignored the servers, many of them left a backdoor, to facilitate future actions. Many of the information system developers do not understand what a backdoor is and what a backdoor looks like, because many of the backdoor is developed with complicated techniques or with common syntax that the developer considers reasonable. Here the author developed a backdoor scanner application that can run on any OS, Windows or Unix with the same results, and can run in CLI (Command Line Interface) or in Web mode. Testing of the backdoor scanner application has been carried out by various elements ranging from government, private sector and the Open Source community who can still detect all tested backdoors with 100% accuracy even though the results issued are still False Positive. The backdoor tested is a backdoor that has been developed and has been in circulation before or is called a well-know backdoor.

Download Full-text

Experiential Learning of Networking Technologies: Understanding Web Security

10.34048/2018.2.f4 ◽

2018 ◽

Author(s):

Ram P. Rustagi ◽

Viraj Kumar

Keyword(s):

Experiential Learning ◽

Web Security ◽

Web Based ◽

Security Issues ◽

Hands On ◽

Networking Technologies

With the rapid increase in the volume of e-commerce, the security of web-based transactions is of increasing concern. A widespread but dangerously incorrect belief among web users is that all security issues are taken care of when a website uses HTTPS (secure HTTP). While HTTPS does provide security, websites are often developed and deployed in ways that make them and their users vulnerable to hackers. In this article we explore some of these vulnerabilities. We first introduce the key ideas and then provide several experiential learning exercises so that readers can understand the challenges and possible solutions to them in a hands-on manner.

Download Full-text

A Novel Solution to Cloud Data Security Issues

2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN) ◽

10.1109/icacccn51052.2020.9362743 ◽

2020 ◽

Author(s):

Soumalya Ghosh ◽

Anubhav Raj Singh ◽

Garima Pandey ◽

Anupam Lakhanpal

Keyword(s):

Data Security ◽

Cloud Data ◽

Security Issues

Download Full-text

A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud Storage

Security and Communication Networks ◽

10.1155/2018/7254305 ◽

2018 ◽

Vol 2018 ◽

pp. 1-7 ◽

Cited By ~ 11

Author(s):

Run Xie ◽

Chanlian He ◽

Dongqing Xie ◽

Chongzhi Gao ◽

Xiaojun Zhang

Keyword(s):

Cloud Computing ◽

Mobile Devices ◽

Data Privacy ◽

Security Analysis ◽

Data Retrieval ◽

Sensitive Data ◽

Encrypted Data ◽

Security Issues ◽

Efficiency Comparison ◽

Cloud Servers

With the advent of cloud computing, data privacy has become one of critical security issues and attracted much attention as more and more mobile devices are relying on the services in cloud. To protect data privacy, users usually encrypt their sensitive data before uploading to cloud servers, which renders the data utilization to be difficult. The ciphertext retrieval is able to realize utilization over encrypted data and searchable public key encryption is an effective way in the construction of encrypted data retrieval. However, the previous related works have not paid much attention to the design of ciphertext retrieval schemes that are secure against inside keyword-guessing attacks (KGAs). In this paper, we first construct a new architecture to resist inside KGAs. Moreover we present an efficient ciphertext retrieval instance with a designated tester (dCRKS) based on the architecture. This instance is secure under the inside KGAs. Finally, security analysis and efficiency comparison show that the proposal is effective for the retrieval of encrypted data in cloud computing.

Download Full-text

Big Data Security in the Web-Based Cloud Storage System Using 3D-AES Block Cipher Cryptography Algorithm

Communications in Computer and Information Science - Soft Computing in Data Science ◽

10.1007/978-981-13-3441-2_24 ◽

2018 ◽

pp. 309-321 ◽

Cited By ~ 2

Author(s):

Nur Afifah Nadzirah Adnan ◽

Suriyani Ariffin

Keyword(s):

Big Data ◽

Data Security ◽

Cloud Storage ◽

Block Cipher ◽

Storage System ◽

Web Based ◽

The Web

Download Full-text

Research trends and solutions for secure traffic management of SDN

APTIKOM Journal on Computer Science and Information Technologies ◽

10.34306/csit.v2i3.70 ◽

2020 ◽

Vol 2 (3) ◽

pp. 97-105

Author(s):

Ravi Shankar Pandey ◽

Vivek Srivastava ◽

Lal Babu Yadav

Keyword(s):

Traffic Management ◽

Single Point ◽

Research Trends ◽

Security Requirements ◽

New Paradigm ◽

Research Papers ◽

Malicious Attack ◽

Security Issues ◽

Free Environment ◽

New Research

Software Defined Network (SDN) decouples the responsibilities of route management and datatransmission of network devices present in network infrastructure. It integrates the control responsibility at thecentralized software component which is known as controller. This centralized aggregation of responsibilities mayresult the single point of failure in the case malicious attack at the controller side. These attacks may also affect thetraffic flow and network devices. The security issues due to such malicious attacks in SDN are dominating challengesin the implementation and utilization of opportunities provided by this new paradigm. In this paper we haveinvestigated the several research papers related to proposal of new research trends for security and suggestionswhich fulfil the security requirements like confidentiality, integrity, availability, authenticity, authorization,nonrepudiation, consistency, fast responsiveness and adaptation. We have also investigated the new future researchfor creating the attack free environment for implementing the SDN.

Download Full-text

Big Data Security Analysis in Network Intrusion Detection System

International Journal of Computer Applications ◽

10.5120/ijca2020919759 ◽

2020 ◽

Vol 177 (30) ◽

pp. 12-18

Author(s):

Muhammad Umer ◽

Hao Xiaoli ◽

Saad Abdul

Keyword(s):

Big Data ◽

Intrusion Detection ◽

Data Security ◽

Intrusion Detection System ◽

Detection System ◽

Security Analysis ◽

Network Intrusion Detection ◽

Network Intrusion ◽

Network Intrusion Detection System

Download Full-text

Perancangan Sistem Informasi Penjualan Motor Bekas Berbasis Web pada Zidan Jaya Motor

Horizon ◽

10.22202/horizon.v1i4.5310 ◽

2021 ◽

Vol 1 (4) ◽

pp. 676-687

Author(s):

Rila Kurniawan ◽

Heri Mulyono ◽

Irsyadunas Irsyadunas

Keyword(s):

Data Security ◽

System Development ◽

Markup Language ◽

System Planning ◽

Web Based ◽

Development Method ◽

Development Life Cycle ◽

Life Cycle Development ◽

Hypertext Markup Language ◽

A Company

Zidan Jaya Motor is a company that serves the sale and purchase of used motorcycles, from various brands and types of motorcycles. The problem that is often encountered is the ineffectiveness of sales services in terms of time and effort because they still use manual data collection in the company's parent book. The purpose of this research is to design a web-based used motorcycle sales application. This sales information system planning uses the SDLC (system development life cycle) development method with the PHP (hypertext markup language) programming language. This sales application makes it easy for Zidan Jaya Motor to manage goods data, sales reports, optimize services and maintain company data security. With the support of human resources and computerized information systems.

Download Full-text