DEVELOPMENT OF A CRYPTOGRAPHICALLY SECURE AUDIT

TRAIL SYSTEM LEVERAGING ON ADVANCED ENCRYPTION

STANDARD (AES) AND RIVEST–SHAMIR–ADLEMAN (RSA)
ALGORITHMS

BY

OKOH CHRISTIAN CHIDIEBERE

CSC/MSC/22005

A RESEARCH PROJECT SUBMITTED TO THE DEPARTMENT OF

COMPUTER SCIENCE,
SCHOOL OF POST-GRADUATE, TANSIAN UNIVERSITY UMUNYA
ANAMBRA STATE

IN PARTIAL FULFILMENT OF THE REQUIRMENT FOR THE

AWARD OF MASTERS DEGREE IN COMPUTER SCIENCE

SUPERVISOR: ENGR. DR. OKORIE EMEKA

SEPTEMBER, 2024

I
 CERTIFICATION

The researcher Okoh Christian Chidiebere hereby certify that, I am responsible

for the work submitted in this project and that this is an original work which has
not been submitted to this University or any other institution for the award of
Masters of Science.

……………………………………….. --------------------
Signature of Candidate Date

Ii
 APPROVAL PAGE

This thesis was done by Okoh Christian Chidiebere and has been examined and
approved for the award of Masters of Science in the department of Computer
Science, Imo State University, Owerri.

………………………….. ………………………
Engr. Dr. Okorie Emeka Date
Supervisor

………………………….. ………………………
Prof. Osuagwu Oliver .E. Date
Head, Department of Computer Science

………………………….. ………………………
Prof. Dimejesi S.A. Date
Dean, Faculty of Natural and Applied Science

………………………….. ……………………..
External Examiner Date

iii
 DEDICATION

I dedicate this thesis to God Almighty for his immeasurable mercy and divine
favor granted to me.

Iv
 ACKNOWLEDGEMENTS

Firstly, let me express and return all thanks to our Almighty God, for his
mercies and endurance, I humbly extend a warmth appreciation to my
Supervisor Engr. Dr. Okorie Emeka, I want to also acknowledge the support of
my HOD Prof. Osuagwu Oliver .E., Our Departmental PG Coordinator Prof.
Iloka B.C., and my fellow M.Sc students in the department of Computer
Science, Tansian University Umunya, Anambra State. I extend appreciation to
my darling parents though deceased and wonderful siblings for their prayers and
support seeing me through.

V
 TABLE OF CONTENT

Title Page i
Certification ii
Approval Page iii
Dedication iv
Acknowledgements v
Abstract vi-ix
CHAPTER ONE - INTRODUCTION
1.1 Background of Study 1-4
1.2 Statement of the Problem 4-5

1.3 Aim and Objectives of the Study 5

1.4 Significance of the Study 5-7

1.5 Scope of the Study 7-8

1.6 Definition Technical of Terms 8-9

CHAPTER TWO - LITERATURE REVIEW
2.1 Theoretical Review 10
2.1.1 Automated Manufacturing System (AMS) 11
2.1.2 Types of Automated Manufacturing System 12-13
2.1.3 Computer Integrated Manufacturing (CIM) 13-15
2.1.4 Machine Learning Techniques 15-19
2.1.4.1 Application of Machine Learning (ML) 19
2.1.5 Reconfiguration of Systems 20
2.2 Review of Related Works 20-31
2.3 Summary of Literature Review and Knowledge Gap 31-32
CHAPTER THREE - METHODOLOGY AND SYSTEM ANALYSIS
3.1 Methodology Adopted 33
Vii

3.2 System Analysis 34

3.2.1 Analysis of the Existing System 34-36
3.2.1.1 Weaknesses of Existing System 36
3.2.2 Analysis of the Proposed system 37-38
3.2.2.1 High Level Model of the Proposed System 39
CHAPTER FOUR - SYSTEM DESIGN AND IMPLEMENTATION
4.1 Objectives of the New System 40
4.2 System Design 40
4.3 Program Design 41
4.3.1 System Start-Up 42
4.3.2 Program Menu 43
4.3.3 Program Module Specification 44
4.4 Database Design 44-47
4.5 Input / Output Design 48-54
4.6 Choice Of Programming Language 54-55
4.7 Program Module Flowchart 56-61
4.8 Program Implementation 61
4.9 Program Requirement 62
4.9.2 Software Requirement 62-63
4.9.3 Material Requirement 63
4.9.4 System Test Run 63-64
4.10 System Maintenance 64-65
4.11 Change over Procedure 65
4.11.1 Loading the Software 65
4.11.2 Running the Software 66
4.11.3 Exiting the Software 66
4.11.4 Training 66
4.12 System Implementation 66-67
CHAPTER FIVE - SUMMARY, CONCLUSIONS AND RECOMMENDATIONS
5.1 Summary 68
5.2 Conclusion 69
5.3 Recommendations for Further Studies 69-70
References 71-75
viii
 ABSTRACT

Internal and external forces are actively compromising companies’ data (accidentally and
deliberately) and some of the most serious threat comes from current employees with
authorized access where some are opportunistically looking for extra money selling private
information or doing illegal activities. Special care should be taken to verify the integrity and
to ensure that sensitive data is adequately protected and one of the key activities for data loss
prevention is an audit. In order to be able to audit a system, it is important to have reliable
records of its activities. Several researchers have addressed the problem of audit trail security
using Genetic Algorithm, Statistical, Rule based approaches, neural networks, Immune
systems and Genetic programming and examined new paradigms in computer security, such
as applying evolutionary methods to security. With each passing day, the avoidance and
detection of threats to Computer Technology is becoming more and more difficult and with
the increasing dependence of critical data security systems, data integrity has been a serious
problem over the years in securing audit trail data. In this thesis, we present major studies in
security audit trail (audit log), reviewed the best symmetric and asymmetric encryption
algorithms and adapted the AES (symmetric) and RSA(Asymmetric) algorithms for the
proposed system. The system result showed that the proposed AES and RSA algorithm
guaranteed better data integrity of the audit trail data and to prevent employees from
compromising companies’ data.
 CHAPTER ONE

1.0. INTRODUCTION

1.1. Background of study

In the past few decades, the Computer Technology has evolved at a very fast pace. This fast
growth has resulted in the transfer of more and more services to Computer based systems.
The dependency of more services on Computer Technology has resulted in the increase of
computer related threats (Parry and Santosh, 2014).

Today’s Computer systems are vulnerable to both abuse by insiders and penetration by
outsiders, as evidence by the growing number of incidents reported in the press (Teresa,
2015), as closing all security loopholes from today’s system is infeasible, and since no
combination of technologies can prevent legitimate users from abusing their authority in a
system, auditing is viewed as the last line of defense. To manage information securely, a
system must be able to detect information misuse. In secure systems, malicious
administrators, users or developers may be able to launch attacks that tamper with or leak
important information. Determining what information was compromised and who was
responsible not only enables administrators to stop further abuses, but in many instances,
have legal ramifications (Aaron, 2011). Moreover, a computer risk is the probability of an
event resulting in a loss. Risks and losses may include financial and personal losses, loss of
reputation and customer base, inability to function in a timely and effective manner, the
inability to grow, and the violation of the laws and government regulations. In systems where
the device owner is not the person who owns the secrets in the device, an audit mechanism is
essential to determine if there was any attempted fraud (Kundan and Kaul, 2013).

Audit Trails(AT) are fundamental to information security in order to guarantee access

traceability but can also be used to improve information system’s quality namely to assess
how they are used or misused (Ricardo, Isabel, and Alberto, 2012). It is a chronological
sequence of audit records, each of which contains evidence directly pertaining to and
resulting from the execution of a system function (Harleman, 2011).
1.2. Motivation and statement of problem
There are challenges in terms of audit trail security. As we know, audit trails help with root
cause analysis, intrusion detection and data integrity issues.

Several researchers have addressed the problem of audit trail security using Genetic
Algorithm, Statistical, Rule based approaches, neural networks, Immune systems and Genetic
programming (Pedro and Diaz, 2015). Some researchers examined new paradigms in
computer security, such as applying evolutionary methods to security (Ludovic, 1998;
Beghdad, 2015; Diaz and Hougen, 2015). With each passing day, the avoidance and
detection of threats to Computer Technology is becoming more and more difficult
(Harleman, 2011). Moreover, attacks are more sophisticated and Information Technology
security response is being stretched beyond current capabilities (Dave, 2012).

Every year, internal and external forces are actively compromising companies’ data
(accidentally and deliberately). According to DataInsider, 2017, some of the most serious
threat comes from current employees with authorized access. Some want to settle a score
while others are opportunistically looking for extra money selling private information or
doing illegal activities.

Moreover, the key challenge to building a successful, secure audit logging system is to
simultaneously protect the integrity of the audit log and control access to contents.

These challenges have led to a research trend aimed to a simplified representation of the
problem of security and data integrity of an audit trail system. However, how can we
guarantee better data integrityfor the safety of the audit trail from being misused?

1.3. Aim and objectives

Based on the aforementioned problem, we aim to design audit trail system that provides
security and information integrity and expose the need of the appropriate
encryption/decryption algorithms for data security of an audit trail and we achieved these
with the following objectives.

1. Review existing literatures of audit trail security systems.

2. Review encrypting/decrypting algorithms for data security and integrity.
3. Using AES and RSA algorithm to ensure information data integrityof an audit trail
system.
1.4. Scope of study
The scope of this study is limited to audit trail data integrity and we exposed the need of the
best encryption/decryption algorithms for data integrity of an audit trail system.

1.5. Significance of study

Audit trails help promote data integrity by enabling the detection of security breaches, also
referred to as intrusion detection. An audited system can serve as a deterrent against users
tampering with data because it helps to identify infiltrators.

Audit trails can provide a means to help accomplish several security-related objectives,
including individual accountability, reconstruction of events (actions that happen on a
computer system), intrusion detection, and problem analysis.
 CHAPTER TWO

2.0 LITERATURE REVIEW

2.1. Audit Trail system

An audit trail, which can also be called audit log, is used to ensure an accurate flow of
transactions in a system. An audit seeks to identify and prevent suspicious and fraudulent
activities by the user, collecting data about them in the database. The information collected is
analyzed in order to find security problems and their origin (Simon et al., 2016). The main
functionality of an audit is to provide secure and permanent storage of log records, so that
they can be detected when a security breach has occurred (Xu et al., 2016).

The need to identify such activities and to determine suspicious patterns are important
requirements for system security. In addition, an audit should be performed independently
and transparently, so that all relevant information is classified (Hawthorn, 2016). Every detail
of a source and entry of a document or transaction should be made based on a report or file.

Moreover, Audit trails should be developed as a normal part of the internal control systems.
Some systems can be acquired with the use of an automated audit log.
A lot of research has been carried out in developing and implementing new techniques
ranging from basic statistical methods to highly complex evolutionary methods for audit trail
data security. However, we limit our research to data integrity of an audit trail system and we
present some of the related works on security of an audit trail system.

2.2.1. Related works of Audit trail data security

Mourad, 2013 proposed the use of Harmony Search metaheuristic as intrusion detection
engine for the security of audit trail data to solve the combinatorial optimization problem NP-
Hard. Metaheuristics offered an alternative for solving this type of problem when the size of
the database events and attacks grow. Experimental results of simulated intrusions detection
were given. The effectiveness of the approach was evaluated by its ability to make correct
predictions. It proved to be effective and capable of producing a reliable method for intrusion
detection. The results indeed showed the good performance of the proposed approach. An
important result was the consistency of results, independently of the number of attacks
actually presented in the analyzed audit file. This means that the performance of the detection
system was not deteriorated in the case of multiple attacks. The execution time was
satisfying. The Author considered that the proposed approach constitutes an efficient and
reliable intrusion detection system. Comparisons with a biogeography inspired approach was
made. He observed clearly that the intrusion detection duration of all attacks was significantly
lower when using their new HS-based approach. However, these systems were usually
developed for predefined environments and do not offered a solution to some network
characteristics such as changes in behavior of users and services, the increasing complexity
and evolution of the types of attacks that they may be subject, the speed of attacks that can
occur simultaneously on several machines.

Shubhangi, Shital, and Runali, 2015 identified different techniques and detection of different
contents in Database.They used the cryptographic hash algorithm to detect the tampering of a
Database. Consequently the Tiled Bitmap Forensic analysis algorithm helped to find at what
time and possibly finally why and who had tampered the Database. They used separate audit
log validator to observe and inspect the database along with the extra information and state of
the data.Forensic analysis detects in what time a crime has been identify and in this case the
tampering of a database.Such analysis activities determine when the tampering occurred, and
what data were altered. Their study was concerned of only detecting the database tampering
not about preventing tampering.
Kundan and Mishra, 2013 proposed a process mining based technique to evaluate audit trails
for security measures, which they recognized a particular user who logged in on a given
system. This was done by mining log files created by the system. This log contains
information related to the user access pattern. Their work was based on alpha algorithm to
support security efforts at various levels ranging from low-level intrusion detection to high-
level fraud prevention. Using data mining approach. They mined the log file and extracted the
user. To mine the log file will improve α algorithm to get better accuracy. However there was
lack of protecton of the audit trail information in the database for intruder to get access to the
audit trail data.

Pedro, Diaz, and Dean, 2016 proposedafitness function for doing misuse detection and
finding pseudo intrusions for audit trail log. They conjectured that every validation of the
vector I withtheAttack-Eventmatrix(AE∗I)fuzzysubsetof the observed vector OV is an
intrusion vector. They introduced the concept of the union operator and showed
experimentally how it improved the convergence of the algorithm in terms of number of
generations. They introduced the concept of the intrusion set and exclusive intrusions so the
algorithm disaggregates possible subsets of misuse of the system. However, a cryptographic
techniques is essential for the inegrity of the audit trail data.

Bhanu and Nalini, 2014 evaluated risks associated with security and privacy of audit logs
produced by reverse proxy server. They provided a two-phase approach for sharing the audit-
logs with users allowing finegrained access. They evaluated certain Identity-Based and
Attribute-Based Encryption schemes and provided detailed analysis on performance.
However, there is lack of oblivious search on encrypted audit logs along with computation on
data like analytics with monotonic and non-monotonic access structures and along with
predicate encryption.

Brent, Dirk, and Glenn, 2016described an approach for constructing searchable encrypted
audit logs which can be combined with any number of existing approaches for creating
tamper-resistant logs. In particular, they implemented an audit log for database queries that
uses hash chains for integrity protection and identitybased encryption with extracted
keywords to enable searching on the encrypted log. They presented a scheme in which they
used identity-based encryption to protect symmetric keys that are used to encrypt audit log
entries. Privileged audit escrow agents can create search capabilities that allow their bearer to
search the audit log for records matching certain keywords. They implemented their scheme
as a secure audit log for MySQL database queries. It turned out that the identitybased
encryption scheme they used introduced considerable overhead (although small enough to be
negligible in an interactive system), but it buys them security and convenience over
symmetric key based schemes. While the focus of their work so far have been to investigate
the searchability of the audit log, the implementation of advanced integrity protection
mechanisms to improve the overall security of the system is needed.

Bellare and Bennet, 1997 introduced a new security property which they called "forward
integrity" (FI) based on the generation of message authentication codes (MACs) model. The
goal is to prevent FI alteration or entering of information by the attacker, even when the log
records become available to the attacker who gained control of the entire system.In the MAC
system, if an attacker obtains the MAC key, he/she can forge all the registry entries. In the FI
system, the possession of the key at a particular point in time does not allow the attacker to
forge log entries from a previous to the current date. Thus, the attacker cannot change the
contents of the log. He/she can even delete entries, but spaces will be visible in the registry
and also the occasional transmission of the log to a remote system mitigates the effect of the
deletion of records.

Typically, MACs are used in a context of communication, where the sender and receiver
share a secret MAC key. The sender uses the MAC key to generate a message and attaches it
to the message; the receiver, who knows the MAC key, can restore Mac and accept as true
only those messages for which the regenerated MAC matches the transmitted MAC. The
MAC security model is the fact that it is computationally infeasible for an adversary-based
network that does not know the key to modify the MAC messages and MACs for the receiver
to accept them as true.Once the audit logs are simply messages that are read and checked
later on by a recipient and not (necessarily) over a network, it might simply attach MACs to
the audit log entries to protect them.

However, the MAC model fails when it does not send continuous logs to a remote device,
either by lack of or delay in transfers. Another vulnerability is in the fact that if an attacker
enters the system and obtains the MAC key, they will get control of the logs.

Pandey and Mustafa, 2012 proposed a checklist for the implementation of the ‘Event Log and
Audit Trials’ requirements. According to the authors, the system will be stronger if it satisfies
all or most of the checklist items given in the checklist. A detailed discussion of ‘Event Log
and Audit Trials’ was given for the security assurance of the software. Being prescriptive in
nature, the checklist can be easily implemented and it may reassure the integration of the
security in the software from inception itself. However, a strong validation and
standardization of checklist on a large sample size and the weight of each attribute given in
the checklist to produce more accurate result wasn’t considered.

2.2.2. Related works on Data Integrity on audit trail system

The question regarding data security becomes crucial when it comes to confidential data. The
integrity of the data has to be looked upon seriously in order to gain company trust and
satisfaction. However, these challenges have led to a research trend aimed to a simplified
representation of the problem ofdata integrity of an audit trail system.

Internal and external forces are actively compromising companies’ data (accidentally and
deliberately). According to DataInsider, 2017, some of the most serious threat comes from
current employees with authorized access.

There exist many systems that have tried to solve the problem of data integrity. The auditing
can be performed in two ways viz. Private and Public (Chen and Chen, 2012). In Private
Auditability, the client is responsible to verify the data. No one else except the client can
question the server regarding the data integrity, whereas, Public Auditability is more
convenient and preferred over Private Auditability because it allows a third party to perform
integrity verification on behalf of client. The client is not solely responsible for it and so it
largely reduces client’s burden.

Recently, much work has been done in the area of data integrity. Majority of them focus on
the integrity verification of data stored in the cloud.

Deswarte, Quisquater, and Saidane, 2016 used RSA based hash function for verification of
the file stored at the remote server. Using this scheme, it is possible for the client to perform
multiple challenges using the same metadata. Disadvantage: The limitation of this scheme
lies in the computational complexity at the server which must exponentiate all the blocks in
the file.

Schwarz and Miller, 2016proposed a technique using which the data stored remotely across
multiple sites can be ensured. The scheme made use of algebraic signature. In this, a function
is used to fingerprint the file block and then verifies if the signature of the parity block is
same as the signature of block. The main disadvantage of this scheme is that the computation
complexity at client side and server side takes place at the cost of linear combination of file
blocks and also the security of this scheme remains unclear.

Ateniese, 2007were the first in considering the concept of Public Auditing for ensuring
possession of files at untrusted servers. For auditing of outsourced data, the scheme utilizes
RSA based homomorphic tags, thus achieving public auditing. In this protocol, the client
need to verify if the server has retained file data without actually retrieving the data from
server and without having the server access the entire file. By sampling random sets of blocks
from the server, the model generates probabilistic proofs of possession by sampling random
sets of blocks. This reduces I/O cost drastically. The Provable Data Possession (PDP) model
for remote data checking supports large data sets in widelydistributed storage systems. It is
provably-secure scheme for remote data checking. The drawback is an overhead of
generating metadata is imposed on client. No support provided for dynamic auditing and it
requires more than 1kilo-byte of data for a single verification.

A scheme called, “Proofs of Retrievability” (POR), proposed by Juel and Pors, 2007 focused
on static archival of large files. In order to ensure data possession and retrievability, it makes
use of spot checking and error correcting codes. Some special blocks called as “sentinels” are
randomly embedded into the file F for detection. Further, the file is encrypted out in order to
protect the position of these sentinel blocks. POR scheme cannot be used for public
databases; it is suitable only for confidential data. The drawbacks are that the dynamic
updation is prevented due to the introduction of sentinel nodes, number of queries clients
used is fixed priori, preprocessing of each file is needed prior to storage at the server, the
scheme cannot be used for public databases and can only be used for confidential data and
does not support Public Auditability, i.e., it supports only two-party auditing, which is not
efficient because neither the client nor the cloud service provider can give assurance to
provide balance auditing.

Poonam and Bharat, 2014 proposed a secure and efficient AES based system for auditing
user data stored at untrusted server. The system guarantees data the achievement of data
integrity and availability. The system supports Public Auditing by making use of TPA and
Privacy Preserving by not leaking the data to TPA during integrity verification process. By
frequent integrity checking, the system assures data possession at remote server. However,
the integrity of the data in terms of eaves dropping and storing of symmetric key securely
over an untrusted server wasn’tconsidered.
 CHAPTER THREE

METHODOLODY AND SYSTEM ANALYSIS

In this section, we will expose the need of the appropriate encryption algorithms that are
suitable for the audit trail based on the aforementioned problem of data integrity. As we
know, Cryptography is the technique of scrambling plain text. This secures data and
information from any internal or external attacks. Thus, it provides integrity, confidentiality,
non-repudiation and authenticity to the secret data. The texts involved in cryptography are
plain and cipher texts. Plain texts are human readable texts and the information (Uma,
Karthik, and Vishnu, 2017). Moreover, we exposed some of the popular symmetric and
asymmetric algorithms used today for data integrity and we reviewed the appropriate
encryption/decryption algorithm suitable for the audit trail system.

3.1. Review of Existing Encryption/Decryption Algorithm

Based on the encryption methodology used, it is differentiated as symmetric and asymmetric
cryptography.

3.1.1. Symmetric Cryptography

Symmetric key cryptography is also called secret-key or shared key cryptography. In the
symmetric key encryption, same key is used for both encryption and decryption process. The
sender and receiver must share the algorithm and the key. The key must be kept secret. We
review some of the popular symmetric encryption algorithms.

3.1.1.1. Advanced Encryption Standard (AES):

AES is a symmetric block cipher that can Block size 128 bit, three different Cipher keys 128,
192 and 256 bits. Basically, AES is based on a design principle encryption algorithmknown
as transposition, substitution, and transposition-substitution technique. Most AES calculation
uses a round function in special finite field that is compared of four different byte-oriented
transformations such as Sub byte, shift row, mixcolumn, Add round key. Number of rounds
to be used depend on the length of key e.g. 10 round for 128 bit key, 12 rounds for 192-bit
key and 14 rounds for 256 bit keys. At present the most common key size likely to be used is
the 128-bit key(Harsh and Zahid, 2015). AES was designed to have the following
characteristics:

a. Resistance to protect from all known attacks.

 b. Speed and code compactness depends on a wide range of platforms.
c. Design simpler.

3.1.1.2. Blowfish
Blowfish is a symmetric fast cipher key, designed in 1993 for different length key from32
bits to 448 bits used in general. It uses 64-bit block size and slow key changes occur. The
algorithm exists into two parts: a keyexpansion part for conversion of key and a data-
encryption part for existing rounds. Key expansion converts a key of at most 448 bits into
several sub key arrays totaling 4168 bytes. Data encryption occurs via a 16-round Fiestel
network. Each round consists of a key dependent permutation, a key and data-dependent
substitution. All operations are XORs and additions on 32-bit words. The only additional
operations are four indexed array data lookups per round.

3.1.1.3. TwoFish
Twofish is also a symmetric key block cipher having fiestel structure and it uses different key
sizes of 128, 192 and 256 bits with block size of 128 bits and there are 16 rounds of
encryption algorithm. It is also developed and explained by bruceschneier in 2019. Twofish
also uses block ciphering like Blowfish. It is efficient for software that runs in smaller
processor (smart cards) and embedding in hardware. It allows implementers to customize
encryption speed, key setup time, and code size to balance performance. Twofish has not
been patented and the reference implementation due to that it is license-free and freely
available for use. Twofish encryption algorithm also provides good level of security but it
lacks in encryption speed as compared to blowfish.

3.1.1.4. Data Encryption Standard (DES)

DES is a symmetric key algorithm which was developed by IBM inJanuary 2019. It is
insecure for many applicationsmainly due to used block size 64 bit being too small, key
length usable 56 bits. The key is usually expressed as a 64-bit number, but every eight bit 64
bit is used for parity bit checking and otherwise ignored. These parity bits are the least-
Significant bits (LSB) of the key bytes. DES always operates on blocks of equal size and it
uses both permutations and substitutions in the algorithm. DES used 16 rounds of
transposition and substitution to encrypt each group of 8(64 bit) plaintext letters and output
from each round is one by one. The number of rounds is exponentially proportional to the
amount of time and fined a key using a brute-force attack. Therefore, the security of the
algorithm increases exponentially due to increasing the number of rounds(Bibhudendra,
Sambit, Saroj, Sarat, and Ganapati, 2016)

3.1.2. Asymmetric Cryptography

Asymmetric key encryption is the technique, in which one algorithm is used for encryption
and decryption with a pair of keys, one for encryption and one for decryption. One key is
public (published) and second is kept private. They are also called as the public key
encryption. It must be impossible or at least impractical to decipher a message if no other
information is available. We review some of the popular Asymmetric encryption algorithms
used.

3.1.2.1. RSA Algorithm

It is the most widely accepted and implemented general purpose approach to public key
encryption developed byRivest, Shamir and Adleman of MIT in 1977. It is block cipher in
which the plaintext and cipher text are integers between 0 and n-1 for same n and typical size
of n is 1024 bits or more for a high level of security. It can be used for both encryption and
digital signatures. The security of RSA is generally considered to factoring. RSA
computation occurs with integers modulo n = a * b, for select two random secret primes a, b.
To encrypt a message m, public key use a public key exponent e. so cipher text c = me (mod
n) computes the multiplicative reverse d = e-1 (mod (a-1) *(b-1)) (we require that e is
selected suitably for it to exist) and obtains cd = m e * d = m (mod n). The problem for the
attacker isthat computing the reverse d of e is assumed to benoeasier than factorizing n. Keys
of size, say, 2048 bits that provides(Uma, Karthik, and Vishnu, 2017).

3.1.2.2. Diffie-Hellman Algorithm

Diffie-Hellman Algorithm was discovered by Whitfield Diffie and Martin Hellman for key
exchange management in public key encryption algorithm. The protocol enables two users to
establish a secret key over an insecure medium requires no prior secrets using a public key
process based on discrete logarithms. The protocol is secure only if the authenticity of the
two participants can be established. Therefore, in many cryptographically protocols, two
parties wish to start communicating. Diffie-Hellman protocols are exchange keys and allow
the construction of common secret key over an unconfident contact channel. This problem is
based on related to discrete logarithms; its name is Diffie-Hellman problem. This problem is
hard, as compare to the discrete logarithm problem(Gaurav and Aparna, 2017).
3.2. Performance Analysis
There are various performance factors which are used to analyze the different encryption
algorithms.

1. Throughput performance: It is the higher rate of production or maximum rate at which data
can be processed which belong to may be delivered over a physical or logical link. It may be
affected by various factors such as medium, available processing power of the system,
components and end-user behavior.

2. Key Length Size: In most cryptographic function, the key length is important security
parameters andkey management is the important factor to show how the data is encrypted.
The symmetric algorithm uses a different key length which is longer than asymmetric
logarithm. So, the key management is a huge aspect in encryption processing for control
operation of the cipher.

3. Encryption and Decryption Speed: In many real-time applications, the encryption and
decryption algorithms are fast sufficient which depends on the register size of the CPU to
meet real time requirements.

4. Encryption Ratio: The encryption ratio is the measurement of the total number of data that
is to throughput of the encryption algorithms is calculated by dividing the total plaintext in
Megabytes encrypted on total encryption time for each algorithm. Thus, if throughput
increased the power consumption is decrease and gives more long life of the system
component.

5. Encryption and Decryption Time: The time given by algorithms totally depends on the
speed of the processor and algorithm complexity. Less time algorithm improves the entire
operation of the processor. For better encryption and decryption, computation of time factor
is essential by the algorithm.

6. Level of security Issues: Cryptographic security defines whether encryption process is

secure from all known attacks such astime attackand variable plaintext-cipher text attack. For
highly important multimedia application to the encryption process should satisfy
cryptography security.
 Table 3.1: Comparison of Encryption Algorithms (Gaurav and Aparna, 2017).

DES AES BLOWFISH TWOFISH RSA DIFFI-

Parameters HELLMAN
Application Smart card Password IDS server SQL Server Online Protocol like
Manager 2000 credit SSL, SSH, IP
card Sec.
security
system
Security against Brute force Chosen Dictionary Differential Timing Eaves
attack plain, Known attacks attack, related attacks dropping
plain Text key attack
Complexity More Less Less than AES Moderate More Less
Level of security Adequate Excellent Highly secure Secure Good Secure
security level of
security
Power Higher than Higher than Very low low High Lower than
consumption AES Blowfish RSA
Through put Lower than lower than Very high high high low
AES Blowfish
Encryption Very slow Faster Very fast fast fast Slow
Speed
Key length(bits) 64(56 128/192/256 Variable key 128/192/256 >1024 Key exchange
useable bits length i.e. 33- bits management
bits) 448 bits

Encryption algorithm plays a very important role in communication security to overcome

security related issues. Each algorithm has been comparatively reviewed on different set of
parameters. From the results, it has been found that among the symmetric encryption
algorithm, AES and Blowfish are the most secure and efficient algorithms. The speed and
power consumption of these algorithms are better compared to the others. In case of
asymmetric encryption algorithm, RSA is more secure and has good speed in terms of
efficiency, less time and security.
3.3. Proposed Encryption Algorithm for Audit Trail
As explained above, for symmetric key algorithm, the same cryptography key is used for both
encryption and decryption. In comparison to asymmetric key algorithm, symmetric key
algorithm like AES is usually high speed and low RAM requirements, but because it is the
same key for both encryption and decryption, it is a big problem of key transport from
encryption side (sender) to decryption side (receiver).

For asymmetric key algorithm, it requires two separate keys, one of which is secret (or
private) and one of which is public. Although different, the two parts of this key pair are
mathematically linked. The public key is used to encrypt plaintext or to verify a digital
signature, whereas the private key is used to decrypt cipher text or to create a digital
signature, comparing to symmetric key algorithm, asymmetric key algorithm does not have
the problem of key transport, but it is computationally costly compared with symmetric key
algorithm. Moreover, the asymmetric key encryptions algorithms are mathematically
complex, which introduces high CPU overhead and is therefore extremely slow when
encrypting data. This algorithm is therefore only intended to encrypt small amounts of data.

In this project, we have reviewed both well-known symmetric and asymmetric algorithm and
exposed their drawbacks. We combined both AES and RSA encryption algorithms to get the
best of the data integrity and efficiency of the audit trail, which are the speed of AES and the
security of RSA encryption algorithm.

3.3.1. The proposed System Architecture

Figure 3.1: System Architecture

As shown in figure 3.1, the AES and RSA algorithms are combined to perform the encryption
and decryption. The employees have a shared key, which is the AES key used to encrypt the
actual data inputted to the database and use the same AES key to decrypt the output data from
the database server. This process is very fast and can be used to encrypt and decrypt large
amounts of data. The employees have access to the administrator’s public key, which is the
RSA public key. This is used to encrypt the AES key.

The symmetrically encrypted data and the asymmetrically encrypted symmetric key are both
sent to the administrator. The administrator asymmetrically decrypts the symmetric key using
his or her private key (RSA private key). The symmetric key is the used to decrypt the actual
data and the information from the database is then readable to the administrator to check all
audit trailactivities.
 CHAPTER FOUR

SYSTEM DESIGN AND IMPLEMENTATION

This chapter shows the system result and testing of the AES and RSA Algorithm based audit
trail system. The web application is developed using Visual studio 2015 IDE. The program is
written in C-sharp to store and retrieve encrypt data from the database server. The user
interface is developed using the ASP.Net, JavaScript and CSS. Every screen or layout is
based upon a common and consistent theme uniformly sized letters and buttons.

4.1. Unified Modeling Language (UML) Models of the audit trail system
The Unified Modeling Language (UML) is a standardized general-purpose modeling
language in the field of object-oriented software engineering. The standard is managed, and
was created by the Object Management Group (OMG). It was first added to the list of OMG
adopted technologies in 1997, and has since become the industry standard for modeling
software-intensive systems (Moor and Deek, 2016).UML represents a collection of
engineering practices that has proven successful in the modeling of large and complex
software systems. It uses mostly the communication of project designs, the exploration of
potential designs and in the validation of the resulting design. In this project, we used the use
case, class diagram, object diagram and sequence diagram to show the functional
specification of our audit trail system.

4.1.1. Use Case Diagram

Use case diagrams are done in the early phase of a software development project and they
recommend how it should be possible to use the final system. Use cases are a good way to
express the functional requirements of a software system as they are intuitive and easy to
understand and can be used in negotiations with non-programmers. Furthermore, the use case
diagram is designed to graphically capture and depict the interactions and functionality
between the system and its users. We will explain each actor together with the associated use
cases. The employees carry out registration, login, log out and making reports. The data is
encrypted before it is stored in the database to ensure data security. The administrator is
responsible for checking all activities done by all employees, which he/she has a private RSA
key to decrypt the information retrieved from the database.
 Figure 4.1: Use case Diagram

4.1.2. Class Diagram

The Class Diagram describes the structure of the system by showing its classes, their
attributes and methods of each class involved in the application. Again, Unified Modeling
Language is used to represent the class diagram. Figure 4.2 shows the list of classes and their
interactions of our system.

Figure 4.2: Class Diagram

Employee Data Activity: The employee data class contains the employee ID, employee
name, age, sex, email address and password attributes. Each attribute carries data to be
encrypted and stored in the database server. Here the user can login, make reports and
register new employees

Audit class Activity: The audit class contains the employee ID, registration time, logged in
time, logged out time and activities attributes of the audit trail system. Here, the administrator
can view all audit logs and check for legal and illegal activities.

4.1.3. Object Diagram

The UML object diagram is derived from class diagrams. So, objects are dependent upon
class diagrams. Object diagrams represent an instance of a class diagram. Figure 4.3 shows
the UML object diagram of our audit trail system.

Figure 4.3: Object Diagram

4.1.4. Sequence Diagram

Sequence diagram shows the relationship between classes arranged in a time sequence.
Within a sequence diagram, an object is shown in a box at the top. The sequence diagram
shows the functional system of how the data inputted by the employee is encrypted and
stored to the database server. It shows how data is encrypted and decrypted using the shared
key and the private key by the administrator.
Figure 4.4: Sequence Diagram

4.2. Database Model

Database diagram represents the final version of the database and it visualizes all entities that
are persisted in the database. Figure 4.5 shows the MSSQL Database Model of the audit trail
system.

Figure 4.5: MSSQL Database Model

4.3. Service Database

The service relies on a SQL relational database. The service database is generated using
Entity Framework, and we designed the Entity Framework entities directly mapped to the
tables, and providing the same properties as columns in the relational database. Figure 4.6
shows the audit info tables with five attributes which are employee ID, time registered, time
logged in, time logged out and activity. Figure 4.7 shows the employee data table with seven
attributes which are id, employee ID, employee name, employee age, employee sex, email
address and password.

Figure 4.6: Audit info Table

Figure 4.7: Employee Data Table

4.4. Overview of the audit trail system

In this section, we present some of the important interface of the system and how it works.
Figure 4.8 shows the employee registration form. All the required fields shown is inputted
and the data is encrypted using the AES and RSA encryption algorithm. Figure 4.9 shows the
employee login form. Here the correct employee ID and password is inputted for
authentication. The inputted data is encrypted using the AES and RSA algorithm and then
send to the database to match the current encrypted data in the database for authentication.
Figure 4.10 show the audit trail information that was decrypted using the private RSA key
and the shared AES key. The administrator can be able to see all legal and illegal activities.
Figure 4.11 and figure 4.12 show the employee data and the audit trail data in the database
that was encrypted in order not to be misuse by an intruder.

Figure 4.8: Employee Registration

Figure 4.9: Employee Login

 Figure 4.10: Audit trail activities

Figure 4.11: employees’ information

 Figure 4.12: audit trail ‘data

4.5. System Testing

Testing of the web application has been performed using different browsers on personal
computers and we ensure that the system works appropriately normal to show how the data
can be secure using the AES and RSA encryption algorithm.

4.5.1. Unit Testing

In Unit testing, each module of the application is tested separately and individually without
the interference of the other modules. Unit testing is done manually to find bugs and to test
the functionality of the application. The manual unit testing was done using the internet
explorer browser. The testing was done manually with the help of the test cases. Table 4.1
shows the system unit testing.
Table 4.1: System Unit Testing

S. No Screen Test Case Expected Result Result

1 Employee Data Check the button “Register”. If all the require fields in the Pass
employee form are inputted
successfully, the “register” button
is then click to send the encrypted
data to the database. And then the
button text changes automatically
to “cancel” in order to proceed to
next registration of new employee
2 Log in Check the “Login” button Here the user enters the Pass
employee id and the password
for authentication. Once the
login button is clicked, the data
is encrypted and then use to
 verify and match existing
encrypted data in the database.
3 Audit trail Check the “legal” and “illegal” Here the information retrieved Success
information buttons from the database is decrypted
using the RSA private key and
the AES shared key in order to
guarantee efficiency and speed
of the audit log information
shown to the users. The “Legal”
and “illegal” buttons check for
audit trail activities.

4.5.2. Integration Testing

After testing of the individual modules, all the modules are made to communicate in
collaboration and tested if they work successfully on integration or not. This testing is
important to make sure the navigation among the modules works per the expected behavior.
The integration testing was done with the help of the following test cases. Table 4.2 shows
the integration testing.

Table 4.2: Integration Testing

S. No Test Case Expected Result Result

1 Employee Data After registration, it is automatically Pass
linked to the employee Login form
2 Employee Login After the authentication, it navigates Pass
to the audit log form

We have shown how the system test was conducted and we ensure that we have met our aim
in providing to the solution of data integrity and efficiency of an audit trail system.
 CHAPTER FIVE

SUMMARY AND CONCLUSION

We introduced the benefit of audit trail of how it aids identify and prevent suspicious and
fraudulent activities by the user, collecting data about them in the database. We reviewed
some of the related works done on data integrity and audit trail security and we identified that
better protection needs to be applied to the data integrity of the audit trail. To solve the
problem of data integrity of the audit trail, encryption algorithms was reviewed and from the
result, we adapted the AES and RSA encryption algorithm for the proposed system. We
applied the concept to an organization firm and showed how the encryption algorithm can
help protect the data from being compromise by employee(s).

In conclusion, AES, which is a symmetric algorithm is usually high speed and low RAM
requirements, but because it is the same key for both encryption and decryption, it is a big
problem of key transport from encryption side (sender) to decryption side (receiver).
Moreover, for RSA, it does not have the problem of key transport but it is computationally
costly compared to AES and also slow when encrypting large amount of data. We designed
the audit trail system using C-sharp, ASP.Net, CSS and JavaScript and in the system design,
we combined both AES and RSA encryption algorithm to get the best of the data integrity
and efficiency of the audit trail system, which are the speed and large data encryption using
AES algorithm and the better security of the AES key using RSA encryption algorithm. We
showed that the system produced better result for ensuring security of the audit trail data.

References
Aaron, B. (2011). Analyzing Audit Trails in the Aeolus security Platform. Massachusetts Institute of
Technology.

Ateniese, G. (2007). Provable Data Possession at Untrusted Stores. Proc. 14th ACM Conf. computer
and comm. security.

Beghdad, R. (2004). Modelling and solving the intrusion detection problem in computer networks.
Computers and Security. Retrieved June 21, 2017, from Sciencedirect.com:
http://www.sciencedirect.com/science/article/pii/S0167404804001725

Bellare, M., & S., B. (1997). Forward secure audit integrity for logs. Dept. of computer science and
engineering, university of carlifornia at san Deigo.

Bhanu, P. G., & Nalini, N. (2014). Improved Security of Audit Trail Logs in Multi-Tenant Cloud Using
ABE Schemes. International Journal of Advanced Computer Science and Applications, Volume
5(issue 11), page 115-120.

Bibhudendra, A., Sambit, K. S., Saroj, K. P., Sarat, K. P., & Ganapati, P. (2009). Cryptosystem and its
application to image encryption. International conference on advances in computing,
control, and teleommunication technologies., page 720-724.

Bosworth, S. K. (2002). Pg 28-846.

Brent, R. W., Dirk, B., Glenn, D., & D., K. S. (2006). Building an Encrypted and Searchable Audit Log.
princeton: Palo Alto Research center.

Chen, L., & Chen, H. (2012). Ensuring dynamic data integrity and public auditing for cloud storage.
International onference on computer science and service system.

Dave, S. (2012). Wheb breaches Happen: Top five questions to prepare for. Sans White Paper.

Deswarte, Y., Quisquater, J., & Saidane, A. (2003). Remote integrity checking. In Proc. of conference
on integrity and internal Control in information systems.

Diaz, G. P., Hougen, D., & F. (2005). Analysis and mathematical justification of a fitness function used
in an intrusion detection system. in the proceedings of the 2005 conference on Genetic and
evolutionary computation.

Elmasri, R., & Shamkant, B. N. (2004). FUNDAMENTALS OF DATABASE SYSTEMS 4th ed. Copyright ©
2004 Pearson Education, Inc. ISBN 0-321-12226-7.Pg 735.

Gaurav, Y., & Aparna, M. (2017). A Comparative Study of Performance Analysis of Various Encryption
Algorithms. International Conference On Emanations in Modern Technology and Engineering
(ICEMTE-2017), Volume 5(Issue 3), page 70-73.

Harleman, T. (2011). Towards a generic model for audit trails. Topicus.

Harsh, M., & Zahid, A. (2015). Analysis In Symmetric And Asymmetric Cryptology Algorithm.
International Journal of Emerging Trends & Technology in Computer Science (IJETTCS),
Volume 4(Issue 1), page 44-46.

Hawthorn, P. B. (2006). Statewide databases of registered voters: a study of accuracy, privacy,

usability, security, and reliability.
Juel, A., & Pors. (2007). Proofs of retrievability for large files. Proc. 14th ACM conf. computer and
comm. security.

Kundan, K. M., & Kaul, R. (2013, Oct 1). Audit Trail Based on Process Mining and Log. International
Journal of Recent Development in Engineering and Technology, Volume 1, Issue, Website:
www.ijrdet.com (Online),.

Kundan, K., & Mishra, R. K. (2013). Audit Trail Based on Process Mining and Log. International
Journal of Recent Development in Engineering and Technology, Volume 1(Issue 1), pages 12-
15.

Ludovic, M. (1998). A Genetic algorithm as an alternative tool for security audit trails analysis.
Louvain-la-Neuve, Belgium: in the proceedings of the first international workshop on Recent
Advances in intrusion Detection.

Mourad, D. (2013). Security Audit Trail Analysis Using Harmony Search Algorithm . Faculty of
Electronics and Computer Science, Laboratory LSI, USTHB BP 32 16111 El Alia, Bab-Ezzouar,
Algiers, Algeria.

Pandey, S. K., & Mustafa, K. (2012). SECURITY ASSURANCE THROUGH EFFICIENT EVENT LOG AND
AUDIT TRIALS. Journal of Global Research in Computer Science, Volume 3(issue 1), page 27-
30.

Parry, G. M., & Santosh, K. (2014). Genetic Algorithms in Intrusion Detection Systems: A Survey.
International Journal of Innovation and Applied Studies, Volume 5, page 233-240.

Pedro, A., Diaz, G., & Dean, F. H. (2006). A Genetic Algorithm Approach for Doing Misuse Detection in
Audit Trail Files. Robotics, Evolution, Adaptation, and Learning Laboratory (REAL Lab) School
of Computer Science, University of Oklahoma Norman, OK, USA.

Peterson, N. J., Burns, R., Ateniese, G., & Stephen., B. (2007). Design and Implementation of Veri
able fi Audit Trails for a Versioning File System. Proceeding FAST '07 Proceedings of the 5th
USENIX conference on File and Storage Technologies in.

Poonam, M. P., & Bharat, T. (2014). Improving Data Integrity for Data Storage Security in Cloud
Computing. Poonam M. Pardeshi et al, / (IJCSIT) International Journal of Computer Science
and Information Technologies, Volume 5(issue 5), page 6680-6685.

Ricardo, C. C., Isabel, B., & Alberto, F. (2012). Analysis of the quality of Hospital information systems
audit trails. BioMed Central.

Schwarz, T., & Miller, E. L. (2006). Using algebraic signatures to check remotely administered
storage. In proceedings of ICDCS. IEEE computer society.

Shubhangi, K., Shital, G., Runali, J., & V., N. (2015). Forensic Analysis of Database using Secure Audit
Log. IJLTEMAS, Volume 4(issue 2), pages 89-91.

Simon et al. (2008, Apri). An Auditing System based on analysis of log records. Informatics
Department Universidade Federal do Paraná (UFPR). Regional School Database (ERBD'2008),
Florianopolis-SC,.

Teresa, F. L. (2015). Automated Audit Trail Analysis and Intrusion Detection: A survey. Menlo Park:
SRI International, Computer Science Laboratory.
Uma, K., Karthik, G., & Vishnu, P. (2017). A comparative analysis of symmetric and asymmetric key
cryptography. Journal of chemical and Pharaceutical Sciences, Volume 10(1), pages 324-326.

Uma, K., Karthik, G., & Vishnu, P. K. (2017). A comparative analysis of Symmetric and Asymmetric key
cryptography. Journal of Chemical and Pharmaceutical Sciences, Volume 10(issue 1), page
324-326.

Xu et al. (2005, November ). A PKI Based Secure Audit Web In IASTED Communications, Network and
Information and CNIS, Phoenix, USA,.
APPENDIX 1
APPENDIX 2