1.0. Introduction

1.1. Current Problem

Currently, the use of technology and the security concerns surrounding it are increasing drastically. In today’s competitive market, information or data has become more valuable leading to a rapid increase in online and offline attacks to accrue information for their benefits.  Moreover, the information security technology market is increasing steadily with years, i.e. in the year 2016 the market value was 75.5 billion US dollars, and in the year 2017, it was 81.7 billion US dollars (Statista, 2018). 

Figure 1: The forecast for the information security technology market until the year 2020

It is also important to note that people desire to access their files easily from anywhere in the world. Therefore, this project suggests an online portal which is highly secured to store files or information.   

1.2. Aim and Objectives

This project aims to develop a secured online portal for users to store their files and information and access them anytime and anywhere. The objectives that are involved in achieving the aim is listed below:

• Objective 1: Perform secondary and primary research to identify what are the security attacks currently exist and how to overcome them.

• Objective 2: Perform primary research to identify the type of login methods the users are expecting.

• Objective 3: Perform secondary research identify which algorithm is strong enough to encrypt and decrypt the information and files.

• Objective 4: Develop the online portal using HTML5, CSS3, JavaScript, PHP and MySQL.

• Objective 5: Test the online portal to ensure that it is secured and serve the purpose of its creation.

1.3. Project Scope

The project scope does not include developing any mobile application for the portal because officials of the organisation are expected to use their office laptops rather than their mobile devices. However, this project focus on developing a responsive and fluid design for the website that can scale up and down according to the device or browser size.

2.0. Background Study

There are several areas where some background study needs to be conducted which are: the encryption and decryption algorithms, types of online and offline attacks, types of web design, user experience, currently available online platforms to store files online and so on.

2.1. Encryption and Decryption Algorithms

Various encryption and decryption exist; some of which are DES, Triple DES, RSA, Blowfish, and AES.

• DES and Triple DES: The DES stands for Data Encryption Standard algorithm. DES is one of the oldest encryption algorithms that attackers have learnt to defeat with ease. Therefore, to strengthen the security of the DES, the Triple DES was introduced which uses three 56-bits individual keys which provide additional security (Pasham, and Trimberger, 2001). The Triple DES used in hardware encryption solutions for the industries. 

• RSA: The RSA stands for the Rivest-Shamir-Adleman algorithm. The RSA is one of the public-key encryption algorithms which used for encryption of data that sent over the internet. Moreover, the RSA algorithm is considered as an asymmetric algorithm because of its use of key pairs (Jonsson et al., 2018).

• Blowfish: The Blowfish is an encryption algorithm that was designed to replace the DES algorithm. The algorithm splits the message into 64 bits and encrypts them separately; this is mainly used in e-commerce site to secure passwords and payments management tools (Vasantha, and Prasad, 2017). 

• AES: The AES stands for Advanced Encryption Standard algorithm. The algorithm is standardly used by the US government as well as other large organisations. This algorithm is extremely effective for the base 128 bits form. However, this algorithm uses the AES 192 bits and 256 bits to enhance its security (Saraswathi and Bhuvaneswari, 2017). 

This project intends to use the AES algorithm for encryption and decryption in other to provide a high security level for the files stored online because of its wide range of use.

2.2. Types of online and offline attacks

There are several types of attacks such as Password attack, Malware, Phishing, SQL injection attack, Cross-Site Scripting (XSS), man-in-the-middle attack and Denial-of-Service (DoS). 

• Password attack: This attack is used to find the password an individual is using in accessing a system. There are several ways to perform a password attack some of which are: passive online attack, active online attack, offline attack and non-technical attack (Wang and Wang, 2015).

• Malware: It is a harmful software that can be stored in the system to get information continuously. However, most anti-virus can be used to detect it (Faruki et al., 2015). 

• Phishing: Sending some random emails and messages with a link to get a website’s credential information (Alsharnouby et al., 2015)
• SQL injection attack: The SQL stands for Structured Query Language. The attacker tries to run malicious code on a specific server to reveal information that generally the server will not disclose (Alwan, and Younis, 2017). 

• XSS: This attack mainly focuses on users’ credentials stored on the database of the website. This attack can spoil the reputation of the website (Gupta and Gupta, 2017). 

• DoS: In the DoS attack, the attacker floods the website with a significant amount of traffic to crash the site, so the website will not be available for any users; this is mostly done to spoil the reputation of the website (Zhang et al., 2016).

• Man-in-the-middle attack: This attack occurs when establishing a session between a client’s computer and a remote server. The attacker pretends as a middleman and will show the illusion of a server for the client and client for the server in other to get all the information communicated between the server and client until the current session is closed (Tung et al., 2016).

In other to mitigate against these attacks, the proposed online portal will have a two-level authentication. Also, all the credentials about the user will be stored in the database in a hashed format using an MD5 algorithm (Gupta et al., 2014).  

2.3. Types of web design

There are three types of user interface (UI) design used in building a website, and they include fixed design, fluid design, and adaptive or responsive design. 

• The fixed or static UI design will not change the alignments and designs of the website components according to the size of the browser or the device type. This design was the first to be introduced in web development, and pixels (px) are used to provide the design attribute of the web components, so it will not change (Mohorovicic, 2013). 

• On the other hand, the fluid design will scale up and down the components of the website according to the size of the website; this involves styling the components using percentage (%) and Ems (em) (Estes, 2016). However, if the browser size is small, then the website design will still not be appropriately aligned. 

• The adaptive or responsive design changes the entire website look according to the device size; this is done using meta tag and media queries. Also, CSS frameworks such as Bootstrap provides an easy way to make a website responsive (Firdaus et al., 2016).

The online portal suggested will use the fluid and responsive UI design, so that it will be displayed correctly on all devices regardless of their sizes and type.

2.4. User experience

The portal should be: 

• Easy to use
• Accessible
• Available
• Reliable

2.5. Currently available online platforms to store files online 

There are several online portals available to store files and information some of which are Dropbox, Google Drive and so on. The major drawback of those applications is that the authentication is single level and the portal creators advised that secured or confidential information should not be stored with them because they are not implemented with various layers of securities. However, the proposed online portal will provide a secured online environment that users can use to store information and files and retrieve them whenever and wherever they like. 

3.0. Methodology or Approach

The approach adopted in developing the online portal is the Software Development Life Cycle (SDLC). The SDLC has five significant stages which are requirement gathering and analysis, design, implementation, testing, and documentation (See figure 2).

Figure 2: Software Development Cycle

3.1. Stage 1: Requirement Gathering and Analysis

Perform secondary research and primary research to gather information that will be used to decide the functional and non-functional requirements of the system. The primary research mainly uses quantitative and qualitative research to gather information. Quantitative research is mainly focused on receiving information that is quantifiable, and it uses the online survey method to gather the information (Hussein, 2015). On the other hand, qualitative research is mainly focused on receiving information that is descriptive which includes opinions, expressions and so on and it uses the interview method to gather the information (Hussein, 2015).

3.2.  Stage 2: Design

In this stage, the pictorial representation of the system was done to confirm and identify the complete view and the functional flow of the system. The low-fidelity and high-fidelity design of the portal will be designed. Then the use case diagram, use case specifications, activity diagram, sequence diagram, architecture diagram, and deployment diagram will also be designed.

3.3.  Stage 3: Implementation

In this stage, the actual development of the system will be done using HTML 5, CSS 3, JavaScript, PHP, and MySQL.

3.4.  Stage 4: Testing

In this stage, different testing will be conducted to ensure that the online portal developed serves the purpose. Some of the testings that will be done at this stage include unit testing, integration testing, system testing, acceptance testing, and security testing.

3.5.  Stage 5: Documentation

In this stage, the tested portal will be hosted, and the system documentation will be completed to perform maintenance of the site.

4.0. Legal and Ethical Issues

The legal and ethical issues that need to be considered for this system is provided below:

Primary Research

• The survey and interview will need acceptance from the participants before they can participate.
• The participants will be provided with the complete information regarding the project.
• The participants' personal information will not be gathered or stored.
• The participants' responses will be stored anonymously.
• The responses received will only be used for this project.
• The responses received will only be accessed by the researcher and the project supervisor.
• The responses received will be destroyed after completing this project

Secondary Research

• All the information used from journals and books will be referenced appropriately

Development

• The development portal will comply with the W3C standards.
• The hosted website will indicate that this is for an academic project and not for real-world usage.

5.0. Project Work Plan

Sample Gantt chart added for illustration purpose only.

References

Alsharnouby, M., Alaca, F. and Chiasson, S., 2015. Why phishing still works: User strategies for combating phishing attacks. International Journal of Human-Computer Studies, 82, pp.69-82. Accessed at: http://chorus.scs.carleton.ca/wp/wp-content/papercite-data/pdf/alsharnouby2015phishing-ijhcs.pdf (Available by: 02 March 2018)

Alwan, Z.S. and Younis, M.F., 2017. Detection and Prevention of SQL Injection Attack: A Survey. Accessed at: https://pdfs.semanticscholar.org/c6cb/08ba2a25339c171de117037ce8aff848b1e0.pdf (Available by: 02 March 2018)

Estes, M., 2016. Time for a Response: Responsive Design, Accessibility, and University Websites. Accessed at: http://etd.auburn.edu/bitstream/handle/10415/5214/Thesis-Final.pdf?sequence=2&isAllowed=y (Available by: 02 March 2018)

Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M. and Rajarajan, M., 2015. Android security: a survey of issues, malware penetration, and defenses. IEEE communications surveys & tutorials, 17(2), pp.998-1022. Accessed at: http://openaccess.city.ac.uk/12200/1/comsec-review(Raj).pdf (Available by: 02 March 2018)

Gupta, S. and Gupta, B.B., 2017. Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. International Journal of System Assurance Engineering and Management, 8(1), pp.512-530. Accessed by: https://www.researchgate.net/profile/B_B_Gupta/publication/281823720_Cross-Site_Scripting_XSS_attacks_and_defense_mechanisms_classification_and_state-of-the-art/links/5604288608ae5e8e3f2fd025.pdf (Available by: 02 March 2018)

Gupta, S., Goyal, N. and Aggarwal, K., 2014. A review of comparative study of md5 and ssh security algorithm. International Journal of Computer Applications, 104(14). Accessed at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.736.1789&rep=rep1&type=pdf (Available by: 02 March 2018)

Hussein, A., 2015. The use of Triangulation in Social Sciences Research: Can qualitative and quantitative methods be combined?. Journal of comparative social work, 4(1). Accessed at: http://journal.uia.no/index.php/JCSW/article/viewFile/212/147 (Available by: 02 March 2018)

Jonsson, J., Moriarty, K., Kaliski, B. and Rusch, A., 2016. PKCS# 1: RSA Cryptography Specifications Version 2.2. Accessed at: http://buildbot.tools.ietf.org/html/rfc8017 (Available by: 02 March 2018)

Karim, N.S.A., Saba, T. and Albuolayan, A., 2017. Analysis of software security model in scenario of Software Development Life Cycle (SDLC). Journal of Engineering Technology (ISSN: 0747-9964), 6(2), pp.304-316. Accessed at: http://www.academia.edu/download/36637147/SDLC.pdf (Available by: 02 March 2018)

Pasham, V. and Trimberger, S., 2001. High-speed DES and triple DES encryptor/decryptor. Xilinx Application Notes. Accessed at: http://ebook.pldworld.com/_Semiconductors/Xilinx/DataSource%20CD-ROM/Rev.6%20(Q1-2002)/appnotes/xapp270.pdf (Available by: 02 March 2018)

Saraswathi, M. and Bhuvaneswari, T., 2017. A Secured Storage using AES Algorithm and Role Based Access in Cloud. Accessed at: http://ijsrset.com/paper/2856.pdf (Available by: 02 March 2018)

Statista. (2018). Global information security technology market 2016-2020 | Statistic. [online] Available at: https://www.statista.com/statistics/640141/worldwide-information-security-market-size/  [Accessed by: 02 March 2018].

Tung, Y.C., Shin, K.G. and Kim, K.H., 2016, July. Analog man-in-the-middle attack against link-based packet source identification. In Proceedings of the 17th ACM International Symposium on Mobile Ad Hoc Networking and Computing (pp. 331-340). ACM. Accessed at: https://www.semanticscholar.org/paper/Analog-man-in-the-middle-attack-against-link-based-Tung-Shin/2e2c443063c9d2743b097778e423af2d067c1a6f (Available by: 02 March 2018)

Vasantha, R. and Prasad, R.S., 2017. An Advanced Security Analysis by Using Blowfish Algorithm.  Accessed at: http://ijsrcseit.com/paper/CSEIT11726298.pdf (Available by: 02 March 2018)

Wang, D. and Wang, P., 2015. Offline dictionary attack on password authentication schemes using smart cards. In Information Security (pp. 221-237). Springer, Cham. Accessed at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.431.2923&rep=rep1&type=pdf (Available by: 02 March 2018)

Zhang, H., Cheng, P., Shi, L. and Chen, J., 2016. Optimal DoS attack scheduling in wireless networked control system. IEEE Transactions on Control Systems Technology, 24(3), pp.843-852. Accessed at: http://www.ece.ust.hk/~eesling/papers/j/j36.pdf (Available by: 02 March 2018)

Last updated: Mar 23, 2020 05:38 PM