Cybersecurity · Cryptography · Access Control

SECURE AUTH
SYSTEM

C-Based Authentication Simulator with XOR Encryption

C Confidentiality
I Integrity
A Availability
🔐 XOR Encryption
Symmetric cipher with key 0x5A. Every password encrypted before storage.
🚨 Intrusion Detection
Brute-force alert after 3 failed consecutive login attempts. Account locked automatically.
👮 Role-Based Access
Principle of least privilege. Admin and User roles with separate capability boundaries.
📋 Audit Logging
Every auth event timestamped and stored — mirrors C's security.log file.

Default credentials → admin / Admin@123  ·  alice / alice123

Access Terminal

Enter credentials to authenticate

ATTEMPTS

Default: admin / Admin@123  |  alice / alice123

User Dashboard /
Role: Standard User · Principle of Least Privilege Applied
Role
USER
Standard access level
Successful Logins
This account
Last Login
Timestamp

Profile

Username
Role USER
CIA Principle Confidentiality enforced via XOR encryption of stored credentials

XOR Encryption Demo

Plaintext
your username
XOR Encrypted (key = 0x5A)
click button above

XOR cipher: each character code is XOR'd with key 0x5A (90 decimal). This is the same algorithm used in the C program's xor_encrypt() function.

Admin Dashboard / System Control
Role: Administrator · Full System Access
Total Users
Registered accounts
Locked Accounts
Brute-force lockouts
IDS Alerts
Intrusion detections
Total Log Events
Audit trail entries

🔐 Live XOR Encryption Tool

Plaintext
⟶ encrypt
XOR Encrypted (hex)
⟶ decrypt
Decrypted

👥 User Management

Username Role Enc. Password (preview) Failed Attempts Status Actions
Loading…

📋 Security Event Log

No events logged yet.

CIA Triad – Security Principles Applied

CONFIDENTIALITY
Passwords stored as XOR-encrypted hex strings. Never in plaintext. Same XOR_KEY (0x5A) used by C program.
INTEGRITY
All auth events logged with timestamps. Admin-only password resets. Role-based access prevents privilege escalation.
AVAILABILITY
Lockouts prevent DoS via brute force. Admin can unlock accounts. System stays accessible to legitimate users.
🚨

⚠ INTRUSION DETECTION ALERT

Potential brute-force attack detected!

Account [ ] has been LOCKED

This incident has been logged to the security audit trail.

Contact the system administrator to unlock the account.

SIMULATING C FUNCTION:
trigger_intrusion_alert(username)