A Novel Approach for Protecting Legacy Authentication Databases in Consideration of GDPR

Juanita Blue, Eoghan Furey

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

The upcoming implementation of the European Union General Data Protection Regulation (GDPR) will require many organisations throughout the EU to comply with new requirements that are intended to better protect personal data. Large increases in responsibility, penalties and fines will place great pressure on organisations to ensure they are compliant and adequately protect user data that is associated with online accounts. Non-compliant legacy databases are those that store authentication credentials in plaintext or utilizing obsolete one-way encryption techniques that fail to adhere to best practice guidelines. Companies who remain reliant on these vulnerable systems will be forced to reconsider and improve their architecture, or risk the exposure of personal data and the debilitating penalties that will also be incurred. Authentication databases are frequently a target of attack as they potentially provide an avenue to commit further, more lucrative crimes. Lacking or substandard implementations have cultivated an environment where authentication databases and the data stored therein are insecure. This was demonstrated in the 2016 exposure of a breach experienced by Yahoo where approximately one billion user credentials were stolen. The global technology company was found to be using obsolete security mechanisms to protect user passwords. This paper offers a novel solution for improving the protection of currently non-compliant legacy authentication databases stored on Apache servers. The method applies best practice mechanisms in the form of salt, one-way encryption (hashing) and iterations to both pre-existing and newly created passwords held within the databases. The proposed solution can be implemented server-side, with little alteration to the existing infrastructure and unbeknownst to the user. It possesses the potential to improve system security, preserve privacy, and aid implementation of GDPR requirements.

Original languageEnglish
Title of host publication2018 International Symposium on Networks, Computers and Communications, ISNCC 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538637784
DOIs
Publication statusPublished - 9 Nov 2018
Event2018 International Symposium on Networks, Computers and Communications, ISNCC 2018 - Rome, Italy
Duration: 19 Jun 201821 Jun 2018

Publication series

Name2018 International Symposium on Networks, Computers and Communications, ISNCC 2018

Conference

Conference2018 International Symposium on Networks, Computers and Communications, ISNCC 2018
Country/TerritoryItaly
CityRome
Period19/06/1821/06/18

Keywords

  • authentication
  • encryption
  • passwords
  • salt
  • user-credentials

Fingerprint

Dive into the research topics of 'A Novel Approach for Protecting Legacy Authentication Databases in Consideration of GDPR'. Together they form a unique fingerprint.

Cite this