IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 60, NO. 5, MAY 2012
Random4: An Application Specific Randomized
Encryption Algorithm to prevent SQL injection
Avireddy, S.
Dept. of Inf. Technol., Anna Univ., Chennai, India
Perumal, V. ; Gowraj, N. ; Kannan, R.S. ; Thinakaran, P. ; Ganapthi, S. ; Gunasekaran, J.R. ;
Prabhu, S.
Abstract—Web Applications form an integral part of our day to day life. The number of attacks on websites and the compromise of many individuals secure data are increasing at an alarming rate. With the advent of social networking and e-commerce, web security attacks such as phishing and spamming have become quite common. The consequences of these attacks are ruthless. Hence, providing increased amount of security for the users and their data becomes essential. Most important vulnerability as described in top 10 web security issues by Open Web Application Security Project is SQL
Injection Attack(SQLIA) [3]. This paper focuses on how the advantages of randomization can be employed to prevent SQL injection attacks in web based applications. SQL injection can be used for unauthorized access to a database to penetrate the application illegally, modify the database or even remove it. For a hacker to modify a database, details such as field and table names are required. So we try to propose a solution to the above problem by preventing it using an encryption algorithm based on randomization. It has better performance and provides increased security in comparison to the existing solutions. Also the time to crack the database takes more time when techniques such as dictionary and brute force attack are deployed. Our main aim is to provide increased security by developing a tool which prevents illegal access to the database.
Keywords-randomization; SQL injection; Vulnerability; web security. I. I NTRODUCTION
According to the report by the White Hat on web security vulnerabilities 2011, it shows that nearly 14-15