Exchanging Database Writes with Modern Cryptography
Andreas Happe (AIT Austrian Institute of Technology) and Thomas Lorünser (AIT Austrian Institute of Technology)
Modern cryptography provides for new ways of solving old problems. This paper details how Keyed-Hash Message Authentication Codes (HMACs) or Authenticated Encryption with Associated Data (AEAD) can be employed as an alternative to a traditional server-side temporal session store. This cryptography-based approach reduces the server-side need for state. When applied to database-based user-management systems it removes all database alteration statements needed for confirmed user sign-up and greatly removes database alteration statements for typical “forgot password” use-cases. As there is no temporary data stored within the server database system, there is no possibility of creating orphaned or abandoned data records. However, this new approach is not generic and can only be applied if implemented use-cases fulfill requirements. This requirements and implications are also detailed within this paper.
The First International Conference on Advances in Cyber-Technologies and Cyber-Systems (CYBER 2016)
Place and Date
Venice, Italy, October 9 - 13, 2016