Next Article in Journal
Interactive Visual Analysis of Mass Spectrometry Imaging Data Using Linear and Non-Linear Embeddings
Next Article in Special Issue
The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study
Previous Article in Journal
Employer Branding Applied to SMEs: A Pioneering Model Proposal for Attracting and Retaining Talent
Previous Article in Special Issue
A Method of Ultra-Large-Scale Matrix Inversion Using Block Recursion
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 11
Issue 12
10.3390/info11120576
Review Report
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Hiding the Source Code of Stored Database Programs

Information 2020, 11(12), 576; https://doi.org/10.3390/info11120576
by Vitalii Yesin 1, Mikolaj Karpinski 2,*, Maryna Yesina 1, Vladyslav Vilihura 1 and Kornel Warwas 2
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Information 2020, 11(12), 576; https://doi.org/10.3390/info11120576
Submission received: 4 November 2020 / Revised: 30 November 2020 / Accepted: 7 December 2020 / Published: 9 December 2020
(This article belongs to the Special Issue Cyberspace Security, Privacy & Forensics)

Round 1

Reviewer 1 Report

The presented manuscript has several major issues that should be discussed, although approach itself has the further potential:

  • The declared strength of the method and method of proof is strongly debatable: it is said, that (lines 188-192) for the brute force attack number of permutations is l!, but permutation chiphers are not resistant to the statistical analysis, so in fact none would apply brute force. The case is even worse, since if it is known, that stored program code is permutated, it could be even easier for the attacker, since structure is saved and many assumptions on operator names can be made, that would be later used to optimize the statistical attack. So I would suggest performing additional evaluation of the method proposed against other cryptoanalytical attacks.
  • Literature review performed is rather outdated and narrow. It is provided in the Introduction section only and there is no typical section "Prior and related work". A lot of cited documents are from online whitepapers, while scientific articles on the field are rather old (majority of article cited are from 2010s, and the only new reference [17] belongs to the same authors).

Technical issues:

  • formatting mistakes (lines 48-49);
  • demonstration of the decoding (fig 1 and 2) can be removed, since they do not demonstrate the results by authors;
  • Sections 2 and 3 can be split into smaller parts to make text more structured.

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The paper reveals the essence of the approach to hiding the code of stored programs stored in a database system table with a distinctive feature of data shuffling. The paper shows a couple of practical examples of the method which looks promising.

The authors should address the following issue:

  • The contribution of the paper is vague. It can be added to the introduction in detail.
  • A table of abbreviations/notations can be added.
  • Some of the sentences are too big which can be rewritten into small sentences. One example is “ A distinctive feature of the proposed solution is the approach to the process of data shuffling when masking, namely, to the random permutation of code symbols related to a specific stored program and located on several rows of some attribute of the database system table with the possible replacement of each such symbol with another one randomly selected from the Unicode standard.”

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Authors have addressed the technical recommendations of my previous review (3-5), but there are still doubts about more important point 1 and 2, directly influencing the quality of research.

For Point 1 (evaluation of algorithm strength) it is answered, that lines 256-266 explain measures applied to make frequency analysis more difficult. Still this clarification is not sufficient and at least should be expanded. Even if so, statement on that the strength of algorithm can be calculated as n! is not proved. This manuscript part should be explained and proved in more detail.

For Point 2 (extension of literature analysis) some corrections were made, i.e. several new sources were added. Still their analysis is of a very low quality. Citing approach [13-20] does not allow linking the statements by authors to the exact reference. Analysis performed is also very basic.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 3

Reviewer 1 Report

Authors have addressed my comments and clarified the debatable points.

Back to TopTop