0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
54 Ansichten5 Seiten
By the advanced usage of web, numbers of data we are fetched from anywhere within a minute. So by that way it is very beneficial to us but with the beneficial some issues are there so now we are discussed about that issues. The issues are security of data from the hackers or unauthorized users who change, corrupt, delete or access the data from the web, for handle these issues the developers who develop the website, they used some algorithm by which the data change in encrypted form either from the safety of the hackers we also use the some algorithm at the time of inserting username and password due to that the username and password become encrypted and then they send through url, so the data will be safe. In this paper we discussed about the security of data from the hackers so for that we used the Random Encryption for encrypting the data or username and password and also we use this concept for the RTA process. In which the users request for the number plate number for the vehicle with his/her favorite digits.
Originaltitel
An Application to prevent SQL Injection Attacks using Randomized Encryption Algorithm
By the advanced usage of web, numbers of data we are fetched from anywhere within a minute. So by that way it is very beneficial to us but with the beneficial some issues are there so now we are discussed about that issues. The issues are security of data from the hackers or unauthorized users who change, corrupt, delete or access the data from the web, for handle these issues the developers who develop the website, they used some algorithm by which the data change in encrypted form either from the safety of the hackers we also use the some algorithm at the time of inserting username and password due to that the username and password become encrypted and then they send through url, so the data will be safe. In this paper we discussed about the security of data from the hackers so for that we used the Random Encryption for encrypting the data or username and password and also we use this concept for the RTA process. In which the users request for the number plate number for the vehicle with his/her favorite digits.
By the advanced usage of web, numbers of data we are fetched from anywhere within a minute. So by that way it is very beneficial to us but with the beneficial some issues are there so now we are discussed about that issues. The issues are security of data from the hackers or unauthorized users who change, corrupt, delete or access the data from the web, for handle these issues the developers who develop the website, they used some algorithm by which the data change in encrypted form either from the safety of the hackers we also use the some algorithm at the time of inserting username and password due to that the username and password become encrypted and then they send through url, so the data will be safe. In this paper we discussed about the security of data from the hackers so for that we used the Random Encryption for encrypting the data or username and password and also we use this concept for the RTA process. In which the users request for the number plate number for the vehicle with his/her favorite digits.
An Application to prevent SQL Injection Attacks using Randomized Encryption Algorithm Pravallika Thatavarthi #1 , BetamSuresh *2 1 pursuing M.Tech(CSE) from Vikas Group of Institutions (Mother Teresa Educational Society Group of Institutions), Nunna, Vijayawada, Affiliated to JNTU-Kakinada, A.P., India. 2 working as an HOD Department of Computer science Engineering at Vikas Group of Institutions (Mother Teresa Educational Society Group of Institutions), Nunna, Vijayawada, Affiliated to JNTU-Kakinada, A.P., India.
Abstract- By the advanced usage of web, numbers of data we are fetched from anywhere within a minute. So by that way it is very beneficial to us but with the beneficial some issues are there so now we are discussed about that issues. The issues are security of data from the hackers or unauthorized users who change, corrupt, delete or access the data from the web, for handle these issues the developers who develop the website, they used some algorithm by which the data change in encrypted form either from the safety of the hackers we also use the some algorithm at the time of inserting username and password due to that the username and password become encrypted and then they send through url, so the data will be safe. In this paper we discussed about the security of data from the hackers so for that we used the Random Encryption for encrypting the data or username and password and also we use this concept for the RTA process. In which the users request for the number plate number for the vehicle with his/her favorite digits.
I-INTRODUCTION
Numbers of reports told that the web application attack becomes increases day by day So for, it is very important to have awareness about the existing attacks, because attacks such as phishing, , denial of service attacks have become very common. The most basic attacks are Phishing and Email spamming. Phishing was a term originally used to describe email attacks that were designed to steal your online banking username and password. However, the termhas evolved and now refers to almost any email-based attack. Phishing uses social engineering, a technique where cyber attackers attempt to fool you into taking an action. These attacks often begin with a cyber criminal sending you an email pretending to be fromsomeone or something you know or trust, such as a friend, your bank or your favorite online store. These emails then entice you into taking an action, such as clicking on a link, opening an attachment or responding to a message. Cyber criminals craft these emails to look convincing, sending themout to literally millions of people around the world. The criminals do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know the more emails they send out, the more people they may be able to fool . Hence there is a need that everyone has basic awareness about web security. Most of the malicious or secure process is going on web at that point the attackers attack and take all the precious data which is required for us and this type of hacking is known as SQL Injection. SQL Injection is one of the many web attack mechanisms used by hackers to steal data fromorganizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login formto allow themto gain access to the data held within your database. SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs. In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly. SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all International Journal of Computer Trends and Technology (IJCTT) volume4Issue8August 2013 ISSN: 2231-2803http://www.ijcttjournal.org Page 2783
examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.
Fig1:SQL Injection
Let we take an example and explain the sql injection, a user insert his username and password to the website and submit them at that moment when the data sends through the url it hack that data and indirectly connected to that bank or website by which u are interacting and after that whatever u transit it just transfer to that hacker either after of that it takes all the money from the bank by your original name and password, by that way the SQL process is working. II-ARTITECTURE The SQL injection is mainly attack on 3-tier artitecture in which three labels of layers are there which are as follows:
Fig2: 3-Tier Architecture
Client Tier: The client tier means the presentation layer, this layer is the main layer for the transaction because the person who transact the process is interacted by that layer only.this layer is only the GUI by which the users interacted by another one. The user who interacted to the GUI doesnt have any knowledge about the coding part and it may be possible it does not known about the SQL injection. In this layer the user only gives input and view the output to his transaction, the user control the outer controlling by the GUI. Generally, the goal of human-machine interaction engineering is to produce a user interface which makes it easy, efficient, and enjoyable to operate a machine in the way which produces the desired result. This generally means that the operator needs to provide minimal input to achieve the desired output, and also that the machine minimizes undesired outputs to the human. Bussiness Tier: Business Tier means all the logical code which are used for the sending and accepting the data fromthe other user or transaction from any other where so this is called the business tier. It can be changeable or variable because different types of users are trasact the process from the different ways .The Bussiness tier is worked on MVC model, MVC model means model-view control ,model means the data access layer, view means presentation layer or Gui for presenting the data on that layer we use jsp or servlet, control means the the database connection code which control the data access fromthe database. A controller can send commands to its associated view to change the view's presentation of the model (e.g., by scrolling International Journal of Computer Trends and Technology (IJCTT) volume4Issue8August 2013 ISSN: 2231-2803http://www.ijcttjournal.org Page 2784
through a document). It can also send commands to the model to update the model's state (e.g., editing a document). A model notifies its associated views and controllers when there has been a change in its state. This notification allows the views to produce updated output, and the controllers to change the available set of commands. A passive implementation of MVC omits these notifications, because the application does not require themor the software platformdoes not support them. A view requests from the model the information that it needs to generate an output representation to the user.
Database Tier: The Database Tier access all the data from the database and sends to the controller and controller send that data to the required place, In database tier it creates one object and by that object it communicate with everyone data. The database tier stores and retrieves data. Its also responsible for managing updates, allowing simultaneous (concurrent) access fromweb servers, providing security, ensuring the integrity of data, and providing support services such as data backup. Importantly, a good database tier must allow quick and flexible access to millions upon millions of facts. Managing data in the database tier requires complex software. Fortunately, most database management systems (DBMSs) or servers are designed so that the software complexities are hidden. To effectively use a database server, skills are required to design a database and formulate queries using the SQL language. An understanding of the underlying architecture of the database server is unimportant to most users.
III- PROPOSED SYSTEM In the proposed systemwe use two additional concepts as on previous system the first is client side validation and the second one is randomized algorithms for encrypt the username and password of the users. Now we are explained both concepts one by one. 1) Client Side Validation: Client side validation means we use the different concept to validate the user from the database for that the unauthorized user do not handle the data and the data will be secure. we use the different type of schemes for validating the data.when the user insert his username and password then we compare this by the database if both are same then it access the data for the more secureness we encrypted the data when he/she gives the username and password to the fields then its passes through the url and after that when comparison is there at that moment firstly decrypt the username and password then compare both to each other if accepted then it is working otherwise it send one message that invalid userplease try again . Some times we use the capcha half part of captcha user have and half servevr when the user wants to access the data at that moment he/she send the half part of captcha to the server both are joined together and compare with the database username, password and captcha . If everything is fine only then he/she is able to access the data.
Fig3: client side validation 2) Random4 algorithm The Random4 algorithmis a algorithm which is mainly worked on cryptography. Crptography means the plain text is converted into cheaper text, plain text means the normal text which we are using for doing process and cheaper text means the data which are converted into some encrypted form, which is not readable if it is not decrypted. Random4 algorithm used the concept of encryption for encrypt the data by which we are secure fromthe hackers and unauthorized users. In random4 there is not a confirmation that every time the same encryption will come so for that it is called so. By the below table we explain that how the algorithm is worked. we are compare the data fromthe table if both are equal then we go through the that value and it is continue upto the last word of username and password. a permanent sequence is there by which we are randomly access the data from the table and on this concept the randomalgorithmis worked. The simple encryption is used to prevent the data fromthe hackers and decryption is used for decrypt the data to validate the user that the user who give the username and password is the valid user or not.
1 R1 R2 R3 R4 b
n 1 X W Z % K ( . International Journal of Computer Trends and Technology (IJCTT) volume4Issue8August 2013 ISSN: 2231-2803http://www.ijcttjournal.org Page 2785
D _ , u 0 K M 6 c q 0 x v g 7 j r I a O ( a 8 0
A framework to build the tool generating the encrypted text based on Random4 is shown in Fig. A normal text is given as input . Each input character is mapped to one of its four values as in the lookup table. The key values of each character are concatenated to formthe cipher text.
ALGORITHM:-
Input: input String ip[] Output: Encrypted String en[] N: length of ip[] R: Randomvalues of character For i=1 to N If(ip[i+1]=null || ip[i+1]=lowercase) Then en[i] =R[1] End {if} else if(ip[i+1]=uppercase) then en[i]=R[2] end{else if} else if(ip[i+1]=spl.char) then en[i]=R[4] end{else if} end{for} Return en[]
using Random4 algorithmand the encryption logic is also application specific, it is highly difficult and time consuming for decryption and deploy an attack. By the help of randomized algorithms we prevent 80% access or hack the data fromthe security it is very helpful application for the security of our data. mostly in web application these types of security is used where a large amount of users are kept our security or register yourself for store or access the data from the database. By using of randomized algorithm when we login into the website at that moment we encrypt the username and password and then pass the username and password through the URL by which no one can able to hack the original data or username and password and lastly we decrypt the data when we compare the username and password from the database for login the user into the database.
Lastly we also implement the RTA plans for our application in which we can generate the number plate for the vehicles.firstly for that we must choose the numeric number and our favorite alphabet and other on the depend of this we generate one number for the vehicle and also registration module is also there.
IV- CONCLUSION
In the world of web the hacking of data, theft of data, alter of data is the very basics things , the main problemis SQL Injection in which the hackers hacks your data indirectly means when you insert your username and password and submit the button then your data will be send through the url and at that moment it receives your data(username and password) and by the use of that it corrupt, modify, delete in case of data if money is there so he transact all the money fromyour account. So for prevent by this problem we used the Random4 algorithm to secure the data fromthe hackers.the SQL injection is of different type one is email snoofing,in which its insert into your mail and take all the necessary information fromyour mail. We also worked on RTA process in which the user registered ourself to take the number plate on its choice after login the user choose the favourite number for its number plate on two, three four digits after 3 days it generate the number to the user who requested for the number. this is the easy way to take the number for the vehicle on per our choice.
REFERENCES
J eom-Goo KimInjection Attack Detection using the Removal of SQL Query Attribute Values.
R.Ezumalai, G.Aghila Combinatorial Approach for preventing SQL Injection Attacks.
The open Web Application Security Project, OWASP TOP 10 project, http://www.owasp.org
International Journal of Computer Trends and Technology (IJCTT) volume4Issue8August 2013 ISSN: 2231-2803http://www.ijcttjournal.org Page 2786
NTAGWABIRA Lambert, KANG Song Lin Use of Query Tokenisation to detect and prevent SQL injection Attacks.
MeiJunjin An Approach for SQL injection vulnerability detection.
Diallo Abdoulaye Kindy, Al-sakib Khan pathan A Survey On SQL Injection: Vulnerabilities, Attacks and Prevention techniques. https://www.whitehatsec.com/resource/stats.ht
Seckin Anil Unlu, Kemal Bicakci NoTabNab: Protection against The Tabnabbing Attack
Tajpour, A., Massrum, M., Heydari, M.Z. Comparison of SQL injection detection and prevention Techniques.
AUTHORS PROFILE
pravallika thatavarthi Pursuing M.Tech(CSE) Vikas Group of Institutions (Mother Teresa Educational Society Group of Institutions), Nunna, Vijayawada, Affiliated to JNTU-Kakinada, A.P., India.
Betam Suresh, is working as an HOD, Department of Computer science Engineering at Vikas Group of Institutions (Mother Teresa Educational Society Group of Institutions), Nunna, Vijayawada, Affiliated to JNTU-Kakinada, A.P., India.