Synergistic Information Security Design Implementation based on Role-Based Access Control, Information Classification, and AES Cryptographic Encryption

  • Marjay C. Bumalod Isabela State University, Philippines
  • Rose Mary A. Velasco Isabela State University, Philippines
DOI: https://doi.org/10.32664/ijitgeb.v6i1.136
Keywords: Advanced Encryption Standard (AES), Access Control, Cryptographic Algorithm, Document Management System, Information Classification

Abstract

Security technology has undergone significant development and research in response to increasing cyber threats. The Intranet Document Management System (IDMS) was created to centralize documents within organizations, ensuring efficiency and streamlining processes. Given the critical nature of document management in organizational workflows, secure and safe management is paramount. This study aims to develop a secure IDMS using Advanced Encryption Standard (AES) encryption, Role-Based Access Control (RBAC), and an Information Classification Model. We also provide a comprehensive overview of the key characteristics and performance metrics of each access control model and cryptographic algorithm, facilitating decision-making for system design and implementation. The system offers high granularity, ease of administration through role assignments with document classification, high flexibility with customized permissions, and scalability with roles and classification. AES is chosen for its high security and fast performance, making it a widely used encryption standard.

Received Date: April 2, 2024
Revised Date: May 10, 2024
Accepted Date: May 14, 2024

Click to Access and Download the Article:

          download-button-expanded1.png

References


  • Abang, K. R., Gatmaitan, D. V., Manalo, F. R., Torcelino, M. R., Rodriguez, R. L., & Serrano, E. A. (2022). CCT Online Request of Students Credentials, A Document Management System for Private HIEs in the Philippines. In 2nd International Conference in Information and Computing Research (iCORE). https://doi.org/10.1109/iCORE58172.2022.00024

  • Al-hazaimeh, O. M., Al-Shannaq, M. A., Bawaneh, M. J., & Nahar, K. M. (2023). Analytical Approach for Data Encryption Standard Algorithm. International Journal of Interactive Mobile Technologies (IJIM), 17(14), 126–143. https://doi.org/10.3991/ijim.v17i14.38641

  • Bergstrom, E., Karlsson, F., & Åhlfeldt, R. (2021). Developing an information classification method. Information and Computer Security, 29(2), 209-239. https://doi.org/10.1108/ICS-07-2020-0110

  • Bosch, J., & Jansen, A. (2005). Software architecture as a set of architectural design decisions. In 5th Working IEEE/IFIP Conference on Software Architecture (WICSA'05). https://doi.org/10.1109/WICSA.2005.61

  • Cao, J., Ren, L., Shi, W., & Yu, Z. (2014). A framework for component selection in collaborative sensing application development. In 2014 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). https://doi.org/10.4108/icst.collaboratecom.2014.257552

  • Chen, S., Hu, W., & Li, Z. (2019). High performance data encryption with AES implementation on FPGA. In 2019 IEEE 5th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC) and IEEE International Conference on Intelligent Data and Security. https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2019.00036

  • Fang, J., Li, L., Jiang, J., Gan, L., Zheng, W., Fu, H., & Yang, G. (2017). SW-AES: Accelerating AES algorithm on the Sunway TaihuLight. In 2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Computing and Communications (ISPA/IUCC). https://doi.org/10.1109/ISPA/IUCC.2017.00181

  • Fugini, M., & Finocchi, J. (2018). Innovative big data analytics: A system for document management. In 2018 IEEE 27th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). https://doi.org/10.1109/WETICE.2018.00058

  • Gangadari, B. R., & Rafi Ahamed, S. (2016). Design of cryptographically secure AES like S-Box using second-order reversible cellular automata for wireless body area network applications. Healthcare Technology Letters, 3(3), 177–183. https://doi.org/10.1049/htl.2016.0033

  • Garcia, D. (2015). Performance evaluation of Advanced Encryption Standard algorithm. In 2015 Second International Conference on Mathematics and Computers in Sciences and in Industry (MCSI). https://doi.org/10.1109/MCSI.2015.61

  • Gaur, S. S., Kalsi, H. S., & Gautamm, S. (2019). A Comparative Study and Analysis of Cryptographic Algorithms: RSA, DES, AES, BLOWFISH, 3-DES, and TWOFISH. International Journal of Research in Electronics and Computer Engineering, 7(1), 996-999.

  • Golightly, L., Modesti, P., Garcia, R., & Chang, V. (2023). Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDN. Cyber Security and Applications, 1, 100015. https://doi.org/10.1016/j.csa.2023.100015

  • Gurpreet, S., & Supriya. (2023). A Study of Encryption Algorithms (RSA, DES, 3DES and AES) for Information Security. International Journal of Computer Applications, 67(19), 33-38. https://doi.org/10.5120/11507-7224

  • Hao, T. (2015). The information security analysis of digital library. In 2015 8th International Conference on Intelligent Computation Technology and Automation (ICICTA). https://doi.org/10.1109/ICICTA.2015.250

  • Imen, A., & Belhassen, Z. (2018). A semantic model for document management in business processes. In 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA). https://doi.org/10.1109/WAINA.2018.00107

  • Irwin, L. (2022, August 30). What is ISO 27001 information classification. IT Governance. https://www.itgovernance.co.uk/blog/what-is-information-classification-and-how-is-it-relevant-to-iso27001

  • Jindal, P., & Singh, B. (2015). RC4 encryption-a literature survey. In International Conference on Information and Communication Technologies (ICICT 2014). https://doi.org/10.1016/j.procs.2015.02.129

  • Joseph, R. (2018). Data breaches: Public sector perspectives. IT Professional, 20(4), 57-64. https://doi.org/10.1109/MITP.2017.265105441

  • Juxiang, R., & Zhihong, N. (2012). Taking database design as trunk line of database courses. In 2012 Fourth International Conference on Computational and Information Sciences. https://doi.org/10.1109/ICCIS.2012.310

  • Karataş, G., & Akbulut, A. (2018). Survey on access control mechanisms in cloud computing. Journal of Cyber Security and Mobility, 7(1), 1-36. https://doi.org/10.13052/2245-1439.731

  • Kuai, J., & Li, L. (2020). File encryption system based on the hybrid LPC coefficient and AES algorithm. In 2020 International Conference on Wireless Communications and Smart Grid (ICWCSG). https://doi.org/10.1109/ICWCSG50807.2020.00008

  • Lee, T., & Iio, J. (2015). Document management system based on ISAD(G). In 2015 18th International Conference on Network-Based Information Systems (NBiS). https://doi.org/10.1109/NBiS.2015.103

  • Lin, Y., Xia, X., & Yang, J. (2021). Document encryption method with mechanism of Enigma machine. In 2021 International Conference on Artificial Intelligence, Big Data and Algorithms (CAIBDA). https://doi.org/10.1109/CAIBDA53561.2021.00061

  • Liu, F. (2021). Analysis on the information management of university electronic document in the big data era. In 2021 International Conference on Internet, Education and Information Technology (IEIT). https://doi.org/10.1109/IEIT53597.2021.00037

  • Malika, A. (2020). Comparative study of Blowfish. International Journal of Innovative Science and Research Technology, 5(2), 235-238. https://www.ijisrt.com/assets/upload/files/IJISRT20FEB013.pdf

  • Nyame, G., & Qin, Z. (2020). Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework. Information, 11(6), 334. https://doi.org/10.3390/info11060334

  • Osman, M., & Zaharin, M. (2018). Ambiguous Software Requirement Specification Detection: An Automated Approach. In 2018 IEEE/ACM 5th International Workshop on Requirements Engineering and Testing (RET). https://www.computer.org/csdl/proceedings-article/ret/2018/574901a033/13bd1sx4ZsU

  • Parkinson, S., & Khan, S. (2023). A survey on empirical security analysis of access control systems: A real-world perspective. ACM Computing Surveys, 55(6), 123. https://doi.org/10.1145/3533703

  • Patil, P., Narayankar, P., D.G., N., & S.M., M. (2016). A comprehensive evaluation of cryptographic algorithms: DES, 3DES, AES, RSA and Blowfish. In Proceedings of the International Conference on Computer Science. https://doi.org/10.1016/j.procs.2016.02.108

  • Raigoza, J., & Jituri, K. (2016). Evaluating performance of symmetric encryption algorithms. In 2016 International Conference on Computational Science and Computational Intelligence (CSCI). https://doi.org/10.1109/CSCI.2016.0258

  • Reddy, R., & Gopu, S. (2017). Enterprise digital rights management for document protection. In 2017 31st International Conference on Advanced Information Networking and Applications: Workshops (WAINA). https://doi.org/10.1109/WAINA.2017.48

  • Sharma, V., & Tiwari, A. K. (2021). Study on User Interface and User Experience Designs and Its Tools. World Journal of Research and Review, 12(6), 41-43. https://www.wjrr.org/download_data/WJRR1206016.pdf

  • Smid, M. E. (2021). Development of the Advanced Encryption Standard. Journal of Research of the National Institute of Standards and Technology, 126, 126024. https://nvlpubs.nist.gov/nistpubs/jres/126/jres.126.024.pdf

IJITGEB, Vol. 6, No. 1, 2024, ISSN 2686-0694, e-ISSN 2721-0030
Published
2024-05-17
Issue
Vol 6 No 1 (2024): INTERNATIONAL JOURNAL IN INFORMATION TECHNOLOGY IN GOVERNANCE, EDUCATION AND BUSINESS
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.