Implementing Client-Side Encryption for Enforcing Data Privacy on the Web Using Symmetric Cryptography: A Research Paper

Abstract

The Internet provides remote access to resources such as storage and computation available worldwide. The virtual interaction of people on the Internet makes it difficult to recognize the identity of a person. In addition, the open-network structure of the Internet might allow third parties to read and change data in a communication over the network. Hence, every organization must maintain the integrity of data by preventing unauthorized modification. To secure confidential information on the Internet, one must put into practice necessary security measures. Cryptography is a technique that helps to reduce security risks to the confidentiality and integrity of the data on the Internet. Moreover, the encryption of confidential data can be done either at the client machine (Web client) or on the server (Web server). The side (client/server) at which the encryption has to take place is decided based on the confidentiality of data to be protected. The critical data that need highest security in an organization is considered as in Level 1. In Level 2, we have information that is important but not critical as in Level 1. Level 3 comprises of data that are not important in the daily operations of an organization. Among the three levels of confidentiality, data exist at Level 1 and Level 2 need encryption so that they can be kept confidential on the Web. As the data in Level 1 is both confidential and important, it must be encrypted at the client-side itself before their migration onto the Web. Whereas, data in Level 2 can be encrypted after their migration since the criticality of data in Level 2 is less compared to that of Level 1. In this paper, the authors have identified some of the symmetric cryptographic algorithms with the help of which client-side encryption of data can be achieved for enforcing data privacy on the Web. They have also proposed an extended symmetric algorithm using which searchable encryption is possible on the encrypted data stored in a remote server.