Prevention of SQL Injection Attacks Using Cryptography and Pattern Matching

Abstract

The internet is rapidly expanding that allow easy access to information, thus attackers develop different methodologies to access it and hence the security related to it becomes priority for all. SQL injection attack (SQLIA) has consistently posed serious threat since its existence. SQLIA is a web security vulnerability through which attackers can give specifically designed input to steal or manipulate sensitive information by interacting with the database. The objective of the research is to provide a defensive mechanism to protect a particular web application against such attacks. The paper acknowledged some existing models and give special attention to models based on encryption and pattern matching techniques. Encryption based models have proven themselves to be very effective against SQLIA by preventing attackers from authentication access. But such model will undermine the integrity of the tables if used in places other than the authentication form. Thus, we employ an additional layer of security based on pattern matching techniques. Our idea differs in a way that it compares a temporary structure generated from the user’s query with all defined benign structures created from the benign queries that are usually expected by the web application. The proposed model uses Blowfish algorithm in authentication form which upon simulation is preventing all kind of SQLIA from authentication access and upon the implementation of Knuth-Morris-Pratt pattern matching technique, the model will ensure the prevention of any new and existing kind of SQLIA. The model is under development and is believed to provide a robust environment in preventing all kind of SQLI attacks with overall reduced complexity. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.