Design Patterns to Enhance Security by Storing Passwords Encryption using Multiple Hashing Functions

Main Article Content

Naruapon Suwanwijit
Somkiat Chormuan
Worachet Uttha

Abstract

The protection of personal information stored in the database of a web application is critical. Currently, securing personal information, especially passwords, has been introduced with the hash function. The hash function is a mathematical algorithm used to encrypt data in a single way that cannot be easily decrypted into original data. However, comparisons are used to verify the correctness of the data. In general, when encrypting a user's password, each web application will select a unique hash function or algorithm. The software has not been designed to provide the ability to easily modify the algorithm. The researchers found that the design pattern was used in good software design, with the "Strategy Pattern" being one of the key patterns of design patterns that can be applied in software design with a wide range of algorithms to choose from and support the freely modified algorithm to suit each situation. In this research, the researchers were interested in applying design patterns, both "Strategy Pattern" and "Factory Method Pattern," in the design and development of software in the section of hash functions, providing a wide range of encryption and instance selection of the hash function. The research results indicated that the system was flexible in changing and adding new hash functions to handle user password storage with multiple hash functions and also made passwords much more secure by adding complexity to system penetration compared to a single hash function.

Article Details

How to Cite
Suwanwijit, N. ., Chormuan, S., & Uttha, W. (2024). Design Patterns to Enhance Security by Storing Passwords Encryption using Multiple Hashing Functions. KKU Science Journal, 52(2), 157–169. https://doi.org/10.14456/kkuscij.2024.14
Section
Research Articles

References

Al-Hawari, F. (2022). Software design patterns for data management features in web-based information systems. Journal of King Saud University - Computer and Information Sciences 34(10): 10028 – 10043. doi: 10.1016/j.jksuci.2022.10.003.

Bijlsma, L.A., Kok, A.J.F., Passier, H.J.M., Pootjes, H.J. and Stuurman, S. (2022). Evaluation of design pattern alternatives in Java. Software: Practice and Experience 52(5): 1305 – 1315. doi: 10.1002/spe.3061.

Jha, P.C., Bali, V., Narula, S. and Kalra, M. (2014). Optimal component selection based on cohesion & coupling for component based software system under build-or-buy scheme. Journal of Computational Science 5(2): 233 – 242. doi: 10.1016/j.jocs.2013.07.003.

Khosravi, K. and Guéhéneuc, Y-G. (2017). A Quality Model for Design Patterns. Source: https://www.researchgate.net/publication/249885094_A_Quality_Model_for_Design_Patterns. Retrieved from 28 October 2023.

Ntantogian, C., Malliaros, S. and Xenakis, C. (2019). Evaluation of password hashing schemes in open source web platforms. Computers & Security 84(2): 206 – 224. doi: 10.1016/j.cose.2019.03.011.

Osman, T. and Ömer, T. (2018). An Experimental Evaluation of The Effect of SOLID Principles to Microsoft vs Code Metrics. AJIT-e: Online Academic Journal of Information Technology 9(34): 7 - 24. doi: 10.58 24/1309-1581.2018.4.001.x.

Patel, H. (2023). An insight on software development lifecycle (SDLC) process models. Advance doi: 10.31124/advance.22354453.v1.

Ramasamy, S., Jekese, G. and Hwata, C. (2015). Impact of Object Oriented Design Patterns on Software Development. International Journal of Scientific and Engineering Research 3(2): 6.

Rashidi, H. (2012). Using the Strategy Pattern to select encryption algorithms dynamically in application softwares. Source: https://www.semanticscholar.org/paper/890587e99f753ba42e510071e50e24bd6ddce654. Retrieved from 28 October 2023.

Roman, A.L. (2019). Ameliorating Password Security Authentication Using BCRYPT Algorithm with Dynamic Salt Generation. Journal of Advanced Research in Dynamical and Control Systems 11. 1240 - 1245. doi: 10.5373/JARDCS/V11SP12/20193331.

Shri, R.N. and Ravikumar, B. (2018). Enhancement of public cloud, application security, using Bcrypt algorithm.International Journal of Scientific Research in Computer Science, Engineering and Information Technology 3(3): 1029 – 1032. doi: 10.32628/CSEIT1833362.

Temaj, G. (2020). Factory Design Pattern. Source: https://www.researchgate.net/publication/350611051_ Factory_Design_Pattern. Retrieved from 28 October 2023.

Vaghela, R.K. and Pithva, K.A. (2016). Software design pattern approach to develop login framework. In: Proceedings of the 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India. 1013 – 1017.

Verma, C. and Liu, L. (2003). Re-engineering legacy code with design patterns : A case study in mesh generation software. Source: https://www.semanticscholar.org/paper/1aa8ba2e3cd596f3c501e0966530ab24c6bb190e. Retrieved from 28 October 2023.

Watts, S. (2023). The importance of SOLID design principles. BMC Blogs. Source: https://www.bmc.com/blogs/solid-design-principles/. Retrieved from 27 October 2023.

Zotos, K. (2007). Object-oriented design principles in mathematics. Applied Mathematics and Computation 188(2): 1430 – 1436. doi: 10.1016/j.amc.2006.11.009.