Security and Privacy in Web Application: Efficient Encryption Using ECC and Attribute-Based Encryption
摘要
The evolution of IoT and cloud computing technologies presents opportunities for developing smart education systems. However, concerns persist regarding data security and user privacy, especially in applications with sensitive data. This paper proposes a holistic approach to mitigate these risks, addressing both phishing and insider threats. To protect web applications against common vulnerabilities, the paper recommends strong encryption methods to prevent them using Elliptic Curve Cryptography and Advanced Encryption Standard for encrypting and generating secure keys. Furthermore, certain weaknesses in applications like geolocation exploitation and email authentication have been outlined in this context with specific reference to University Management Systems which is associated to Telemedical Information System. Possible mitigation measures include use of encryption and strict access control methods, as well as user awareness training. In this paper, we have used Ciphertext-Policy Attribute-Based Encryption for TMIS and ECC with AES for UMS to ensure protection against possible threats, thus preserving user privacy and system integrity.