Random4: An Application Specific Randomized Encryption Algorithm to Prevent SQL Injection

Web Applications form an integral part of our day to day life. The number of attacks on websites and the compromise of many individuals´ secure data are increasing at an alarming rate. With the advent of social networking and e-commerce, Web security attacks such as phishing and spamming have become quite common. The consequences of these attacks are ruthless. Hence, providing increased amount of security for the users and their data becomes essential. Most important vulnerability as described in top 10 web security issues by Open Web Application Security Project is SQL Injection Attack (SQLIA) [3]. This paper focuses on how the advantages of randomization can be employed to prevent SQL injection attacks in web based applications. SQL injection can be used for unauthorized access to a database to penetrate the application illegally, modify the database or even remove it. For a hacker to modify a database, details such as field and table names are required. So we try to propose a solution to the above problem by preventing it using an encryption algorithm based on randomization. It has better performance and provides increased security in comparison to the existing solutions. Also the time to crack the database takes more time when techniques such as dictionary and brute force attack are deployed. Our main aim is to provide increased security by developing a tool which prevents illegal access to the database.