EN
An Encryption Key Management Approach for Configuration Files
Abstract
One of the major points of interest in software engineering nowadays is how to ensure applic- ations configuration files’ security. In fact, they very often contain confidential information as database connection credentials, thereby providing a vulnerability point to these applications, for those files having their information clearly written. Some studies upon 2200 applications revealed that 96% of them where vulnerable, and that 80% of those vulnerable applications contained vulnerabilities exposed by incorrect configuration information management. Encryp- tion is then used to secure these delicate files. The difficulty then resides in the usage and backup of the encryption key so as to guarantee data security. To do this, current approaches are either to hide the encryption key in the application source code or somewhere on disk, it’s safety then being compromised; or to protect the key by bounding it to a specific user account, the application can then operate only within this account, obligating that user to be physically present for the key to be available, which is an unacceptable constraint for large systems. In this paper, we propose an encryption key management model solving limitations mentioned above. The key lies only in main memory, which is great for its protection; it is subjected on a secure and flexible way (directly, through https or SMS) to the files security module when starting.
Keywords
Details
Primary Language
English
Subjects
-
Journal Section
-
Publication Date
March 31, 2015
Submission Date
January 30, 2016
Acceptance Date
-
Published in Issue
Year 2015 Volume: 4 Number: 1
APA
Emmanuel, M., Ibrahim, M., & Roger, A. (2015). An Encryption Key Management Approach for Configuration Files. International Journal of Information Security Science, 4(1), 1-12. https://izlik.org/JA48GG84ZE
AMA
1.Emmanuel M, Ibrahim M, Roger A. An Encryption Key Management Approach for Configuration Files. IJISS. 2015;4(1):1-12. https://izlik.org/JA48GG84ZE
Chicago
Emmanuel, Moupojou, Moukouop Ibrahim, and Atsa Roger. 2015. “An Encryption Key Management Approach for Configuration Files”. International Journal of Information Security Science 4 (1): 1-12. https://izlik.org/JA48GG84ZE.
EndNote
Emmanuel M, Ibrahim M, Roger A (March 1, 2015) An Encryption Key Management Approach for Configuration Files. International Journal of Information Security Science 4 1 1–12.
IEEE
[1]M. Emmanuel, M. Ibrahim, and A. Roger, “An Encryption Key Management Approach for Configuration Files”, IJISS, vol. 4, no. 1, pp. 1–12, Mar. 2015, [Online]. Available: https://izlik.org/JA48GG84ZE
ISNAD
Emmanuel, Moupojou - Ibrahim, Moukouop - Roger, Atsa. “An Encryption Key Management Approach for Configuration Files”. International Journal of Information Security Science 4/1 (March 1, 2015): 1-12. https://izlik.org/JA48GG84ZE.
JAMA
1.Emmanuel M, Ibrahim M, Roger A. An Encryption Key Management Approach for Configuration Files. IJISS. 2015;4:1–12.
MLA
Emmanuel, Moupojou, et al. “An Encryption Key Management Approach for Configuration Files”. International Journal of Information Security Science, vol. 4, no. 1, Mar. 2015, pp. 1-12, https://izlik.org/JA48GG84ZE.
Vancouver
1.Moupojou Emmanuel, Moukouop Ibrahim, Atsa Roger. An Encryption Key Management Approach for Configuration Files. IJISS [Internet]. 2015 Mar. 1;4(1):1-12. Available from: https://izlik.org/JA48GG84ZE