Prevention of SQL Injection Attack Using Blockchain Key pair based on Stellar
Currently, SQL injection is the most common attack on web applications where malicious codes are injected into the database by unauthorized users using user input fields and this could lead to data loss or in a worst case, to database hijacking; a situation no database administrator or web developer ever wants to experience. Two of the most recent types of these attacks are first-level and second-order attacks. A lot of researches have been done in this area, some of which are outstanding and capable of preventing first level attack but not second order attack. In order to improve the quality of protections, a new method is proposed in this paper to minimize the level of attack on databases by using stellar blockchain keypair. Using string manipulation on user inputs, the client application randomized the SQL query and sends it to the proxy server, the proxy server, in turn de-randomizes it with the help of the private key and sends the de-randomized query to the database server for processing and the overhead time is estimated and analyzed. This method proved to be more than 50% effective compared to previous methods using the same model. It also shows strengths in terms of processing and computational time. Experimental implementation and simulation using the stellar keypair demonstrates that the model presented is capable of detecting and preventing SQLIA all forms of SQL injection attacks including the secondorder injections.
Copyright (c) 2020 Jeremiah O. Abimbola, Chen Zhangfang
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.