https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/3162 2026-04-30T13:52:21Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/3306 Title: Secure OTP Distribution Scheme for Authentication Authors: Kumuthini, V. Abstract: Today security concerns are on the rise in all areas industries such as banks, governmental applications, healthcare industries, military organizations, educational institutions etc, with one common weak link being “passwords”. Passwords dominate our lives these days; they are part and parcel of spending time online. From the user’s perspective, managing number of credentials for different electronic services is problematic and can lead to insecure practices like sharing a common password. Protocols like Kerberos, Radius and Single Sign On (SSO) methods are some of the existing attempts to implement central authentication mechanism for user authentication. Something user knows (passwords, personal identification number, etc.) and something the user has (smart cards, tokens, etc.) are the main authentication factors available for the said protocols. Something user is (finger print, iris, etc.) considered as the most fail-safe among the factors of authentication. An improved user-friendly Secure One Time Password Distribution Scheme for Authentication using Quick Response (QR) code is proposed in this project which is needless for users to input authentication information at the user terminal. A system is built that allows users to log in to a web service in their browser by scanning a QR code embedded on the page from their smartphone. The proposed scheme uses a known smart phone (Android) as a second factor to decode an encrypted message transferred as a QR code and read via a camera on the mobile device with the mobile application developed for this purpose. A one-time passcode is produced from this for authentication. The proposed scheme improves the security and usability of multi-factor authentication and transaction verification without requiring increased investment in hardware or user training. In this paper, I present the method of the user authentication, and evaluate the usability and the security. This objective of this study is whether general users can use more secure authentication easily without high cost and effort while they avoid troubles with eavesdropping of authentication information unlike fix password methods. 2015-12-03T00:00:00Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/3305 Title: Implementation and Evaluation of an Alternate Method of Confidentiality without Conventional Cryptographic Algorithms Authors: Lokuhetty, D.K. Abstract: Confidentiality is one of the major requirements in current world of communication. Due to national security reasons more and more governments and adversaries are trying hard to achieve ultimate confidentiality over their data communications and at the same time ability to monitor all other communications. While there are various methods available for achieving confidentiality, due to legal requirements and supercomputing powers, these methods are being challenged day by day. Therefore as a start, dissertation aims to research on the area of alternative methods to achieving confidentiality over an insecure channel for a specified data transmission and to have a working prototype of it. It will go through various already available but non-commercial methods, and try to implement a selected combination of protocol by considering advantages and disadvantages reside with them. While selecting a method proposed by John Rivest in 1998, after a successful implementation, it evaluates the protocol with already available cryptographic methods placing it in the security and performance stacks. The results shows that, while the implemented method has the potential to be a viable alternative in the data transmission field, it also has some major disadvantages compared to existing cryptographic methods. This concludes the implementation to a successful but limited solution to a given problem only viable in a selected niche area. 2015-12-03T00:00:00Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/3304 Title: Data Protection Add-On for Google Docs Authors: Silva, E.H.P. Abstract: Google Docs is an online document handling platform which gives users to view, share, and edit documents online. Like all cloud-based systems, this cloud security has limitations, and comes with some inherent risks. The proposed method to encrypt or decrypt a specific cell for a Google Sheet is available in the cloud environment. Once a user clicks on an Encrypt cell range program will identify cell addresses of selected cell ranges and encrypt cells appropriately. The key is useful to handle the encryption and decryption of particular cells. This will help users to protect selected data from a published document. In this method, the owner of the document can decide who can see the protected data by sharing the public key of the encrypted data. Therefore this is very useful when handling accounting data or storing passwords in published documents. Still it has drawbacks like slowing down the processing speed when it deals with a large number of encrypted data and the free version of google docs has limitations of encrypting cells since this consumes a lot of processing power. 2015-12-03T00:00:00Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/3303 Title: Real Time SQL Injection Detection Add-on for Mozilla Firefox Authors: Warnakulasooriya, W.M.I.G.B.D. Abstract: With the advancements in web technologies, web applications are commonly targeted by cyber criminals. Poor coding styles, improper testing and less understanding of application security concepts help cyber criminals’ to attack their targets. SQL injections are the most dangerous and highly effective vulnerability in web applications. Even though we are suffering from SQL injection, still there is no proper mechanism to test and identify those vulnerabilities at the earlier stages of software development. Most common and leading injection detection tools are based on very traditional methods like getting database error codes or HTTP response status. But the problem is some vulnerable web applications are not generated any database errors and HTTP response status cannot guarantee of being vulnerable for SQL injections. This project introduced two ways of application vulnerability testing. One is detection of SQL injection through the web browser and identifying application security vulnerabilities based on web application technologies. Outcome of this project is a Mozilla Firefox plugin which available for latest Firefox browser versions up to 16.0. On SQL injection detection modules, add-on will automatically identify the web application entry points and submit malicious SQL commands to the backend server. All the server responses view in separate tabs in Firefox browser. User can view the result and identify if there any SQL injection vulnerabilities in current web page. Technology based vulnerability detection is a new concept in this domain. By running this add-on, used web application technologies are identified and direct user to common vulnerabilities and exposures database. By looking at the latest vulnerability details which are relevant to his web application user can measure the current security posture of the web application. This Firefox add-on named as Pen Tester, a web application security framework specially designed for software testers and information security professionals. Pen Tester is designed to be lightweight and easy to use. This add-on does not attempt to compromise the security of the given web application. 2015-12-02T00:00:00Z