Architecting a Secure Enterprise Data Sharing
Environment to the Edge
ABSTRACT:
This paper analyzes secure data sharing outside the security domain. There is a high demand for accessing multiple levels of sensitive data at the edge; however the threat at that location is higher compared to the core enterprise environment. This paper investigates the requirements, technologies and risk mitigation techniques for securely sharing information with the tactical user while protecting the data and the information systems from intruders and malware. The new Enterprise Architecture needs to eliminate the stovepipe architectures and open the doors to share information across traditional and non-traditional domain boundaries.
Existing System:
In case of the existing system each and every system are considered as a trusted computer. And so the attacker finds it easy to attack the system with fake signals. And also in the emerging network where many are used for some good purpose. And in those there a lot of chance for the attacker to send unwanted information. In case of the fire alarm, if all the system are considered as trusted they could send false alarm where it lead to a heavy loss. And so we need a system to protect it. Hence we develop a new system.
Proposed System:
The proposed system we introduce a new technology to protect the network. This is achieved by the following way. Realizing widespread adoption of such applications
Mandates sufficiently trustworthy computers that can be realized at low cost. Apart from facilitating deployment of futuristic applications, the ability to realize trustworthy computers at low cost can also addresses many of the security issues that plague our existing network infrastructure. Although, at first sight, “inexpensive” and “trustworthy”
May seem mutually exclusive, a possible strategy is to reduce the complexity of the components inside the trusted boundary. The often heard statement that “complexity is the enemy of security” is far from dogmatic. For one, lower complexity implies better verifiability of compliance. Furthermore, keeping the complexity inside the trust boundary at low levels can obviate the need for proactive measures for heat dissipation. Strategies constrained to simultaneously facilitate shielding and heat dissipation tend to be expensive. On the other hand, unconstrained shielding strategies can be reliable and inexpensive to facilitate.
Hardware and Software Requirements:
SOFTWARE REQUIREMENTS
- VS .NET 2005,C#
- SQL SERVER 2000
- Windows XP.
HARDWARE REQUIREMENTS
Hard disk : 40 GB
RAM : 512mb
Processor : Pentium IV
Monitor : 17’’Color Monitor
Modules :
LOGIN MODULE
TRUSTED SYSTEM MODULE
CRYPTOGRAPHY
Encryption
Decryption
SENDING MODULE
RECEIVING MODULE
Module Description :
LOGIN MODULE :
User gives the required username and password and then logins. If the login name and password in correct then he goes to the next form else he is asked to give the correct username and password.
TRUSTED SYSTEM MODULE :
Any trusted computer defines a clear trust boundary. For example, for a single chip ScP all components inside the chip may fall under such a trust boundary. Enforcing the trust boundary is by proactive measures for protection of components within the boundary. However, the regions inside a trust boundary that are physically protected can change dynamically, depending on the state of the ScP. when the CPU is off, there is no need to extend protection to all regions. However, when the CPU is on, the scope of protection will need to be wider.
CRYPTOGRAPHY :
Encryption :
In this module, we investigate the suitability of DOWN for identity-based encryption (IBE) and signature (IBS) schemes. We then motivate the need for low complexity ID-based authentication schemes for ScPs for evolving application scenarios. This includes an overview of some existing low-complexity ID-based KPS
Decryption :
In this module a private exponent d is used for decryption and signing. More specifically, the private exponent needs to be stored in RAM for performing computations like decryption and signing.Modular exponentiation is often performed using the square-and-multiply algorithm.
SENDING MODULE :
In this module, the encrypted file is sent to the non-trusted system with the key, normal file is sent to the trusted system and also read only files are sent while sending the files details about the file and the path of the file is stored in data base. Before sending the file to the trusted and non-trusted systems we have to make sure that the server is made to run so that it can receive files from the client.
RECEIVING MODULE :
In this module the files are received. If it’s a trusted system then the files receives without decryption else it receives in encryption mode with a secret key to decrypt the encrypt file and view the file. The file are usually stored in the path “c:\receive”. If it’s a read only file the user cannot edit or modify the file.
INPUT/OUTPUT :
The input will be choosing trusted system and selecting IP address of both the trusted and non-trusted systems if there is no stored IP then new IP address will be entered and the output will be IP address gets stored in database and direct us to the main form.
REFERENCE:
Bassam S. Farroha and Deborah L.Farroha, “Architecting a Secure Enterprise Data Sharing Environment to the Edge”, IEEE International Conference on Systems Conference (SysCon), 2011.
