SlideShare a Scribd company logo

Random4 and hirshberg algorithm

Download as PPTX, PDF
nishant kumar, profile picture
nishant kumar

This document summarizes techniques for preventing SQL injection attacks. It discusses the Random4 and Hirschberg algorithms. Random4 encrypts user input using a lookup table, preventing attacks. Hirschberg finds similarities in input data to the database using dynamic programming. While more computationally intensive, Hirschberg does not require encryption. The document also outlines different types of SQL injection attacks and compares the complexity of the Random4 and Hirschberg approaches.

Engineering
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
Authors : Chintan Panjwani,Shivkumar Mishra,Prof. Veena Kulkarni
Random4 and hirshberg algorithm
Introduction • SQLIA is a type of attack in which the attacker tries to enter the system by manipulating SQL queries i.e. by injecting malicious queries in input fields of a web application • Random4 algorithm is basically used to encrypt the data from the input fields of application by using a lookup table for encryption • Hirschberg algorithm uses dynamic programming approach for finding an optimal sequence alignment
Types of SQLI attacks • Tautology SELECT * FROM TABLE WHERE UNAME=”ABC” AND PWD=”ANYTHING” OR ‘1’=’1’; As 1=1 is always true, attacker gains access to the database. • Incorrect queries Error: SELECT USERNAME,PASSWORD FROM STUDENT WHERE USERNAME=ABC’ • Piggy backed queries SELECT * FROM USER WHWRE ID=123; DROP TABLE USER; • Blind Injection
Execution model • Random4 framework Random4 lookup table Encryption technique
Execution model • Hirschberg algorithm Hirschberg algorithm Using Hirschberg Algorithm to find similarities
Prevention strategies • For Tautology ‘1’=‘1’ gets encrypted so it returns false • For Piggy backed queries Eg. “User” becomes “UserA2;h” • For Incorrect queries Similar to piggy backed queries • For Blind Injection Eg. “123” becomes “g4a”
Complexity analysis • Hirschberg algorithm – Time Complexity O(nm) where n is string in the database and m is the input data – Space Complexity O(min(m , n)) • Random4 algorithm – Time Complexity Encryption requires to access the lookup table which increases the time complexity compared to Hirschberg algorithm – Space Complexity The lookup table also needs to be stored which increases the space complexity
Comparison Sr. no. Parameters Random4 Hirschberg 1. Encryption User input Not required 2. Computational overhead Less More 3. Time complexity Less More 4. Space complexity Less More
Random4 and hirshberg algorithm
Random4 and hirshberg algorithm
©2015 TCET. All rights reserved. The information herein is for informational purposes only and represents the current view of TCET IT Department as of the date of this presentation.

More Related Content

PPTX
NFD InterestDigest
Shi Junxiao
 
PDF
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
PPTX
Cyber Attacks Spatial Analysis
Shwetha Narayanan
 
PDF
201411203 goto night on graphs for fraud detection
Rik Van Bruggen
 
PDF
Research Plan 2014
Alejandro Llaves
 
PPSX
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
PPTX
Securing Text Messages Application Using MED
ZatulNadia
 
PDF
chapter 1-4.pdf
zerihunnana
 
NFD InterestDigest
Shi Junxiao
 
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Cyber Attacks Spatial Analysis
Shwetha Narayanan
 
201411203 goto night on graphs for fraud detection
Rik Van Bruggen
 
Research Plan 2014
Alejandro Llaves
 
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
Securing Text Messages Application Using MED
ZatulNadia
 
chapter 1-4.pdf
zerihunnana
 

Similar to Random4 and hirshberg algorithm (20)

PDF
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
PPTX
Crytography
Mostak Ahmed
 
PPTX
NS Classical Encryption Techniqnbbghghgues.pptx
HumaKashafKhan
 
PPTX
Introduction to cryptography part1-final
Taymoor Nazmy
 
PPTX
sourabh_sipPPT.pptx
SourabhRuhil4
 
PPTX
Encryption techniques
MohitManna
 
PPTX
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
PPTX
Ch9_Cryptokkkllllllllllllllllllllk6e.pptx
LaxmanBhandari22
 
PPTX
Session Slide
Muralidharan Radhakrishnan
 
PDF
H4CK1N6 - Web Application Security
Oliver Hader
 
PPTX
Detailed description about the concept of E Commerce UNIT IV.pptx
gstagra
 
PPTX
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
PPTX
1. Cryptography Symmetric Cryptography.pptx
naimafirdos05
 
PDF
Basics of Data Security and Cryptographic techniques
Jay Sahoo
 
PPT
NETWORK SECURITY
TouseeqHaider11
 
PPT
Lecture-01,02.ppt introduction to INFORMATION SECURITY, WEEK 1 , basics
kashafzia775
 
PPT
CRYPTOGRAPHY
SHUBHA CHATURVEDI
 
PPTX
Image Security
Satyendra Rajput
 
PPTX
Cryptography
Ravi Kumar Patel
 
PDF
Application Lecurity Lectures by professor
OmarKhattab41
 
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
Crytography
Mostak Ahmed
 
NS Classical Encryption Techniqnbbghghgues.pptx
HumaKashafKhan
 
Introduction to cryptography part1-final
Taymoor Nazmy
 
sourabh_sipPPT.pptx
SourabhRuhil4
 
Encryption techniques
MohitManna
 
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
Ch9_Cryptokkkllllllllllllllllllllk6e.pptx
LaxmanBhandari22
 
Session Slide
Muralidharan Radhakrishnan
 
H4CK1N6 - Web Application Security
Oliver Hader
 
Detailed description about the concept of E Commerce UNIT IV.pptx
gstagra
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
1. Cryptography Symmetric Cryptography.pptx
naimafirdos05
 
Basics of Data Security and Cryptographic techniques
Jay Sahoo
 
NETWORK SECURITY
TouseeqHaider11
 
Lecture-01,02.ppt introduction to INFORMATION SECURITY, WEEK 1 , basics
kashafzia775
 
CRYPTOGRAPHY
SHUBHA CHATURVEDI
 
Image Security
Satyendra Rajput
 
Cryptography
Ravi Kumar Patel
 
Application Lecurity Lectures by professor
OmarKhattab41
 
Ad

Recently uploaded (20)

PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPT
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PPTX
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Sustainable Sites - Green Building Construction
mhdumerali
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
web development for engineering and engineering
keshriji700
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Ad

Random4 and hirshberg algorithm

  • 1. Authors : Chintan Panjwani,Shivkumar Mishra,Prof. Veena Kulkarni
  • 3. Introduction • SQLIA is a type of attack in which the attacker tries to enter the system by manipulating SQL queries i.e. by injecting malicious queries in input fields of a web application • Random4 algorithm is basically used to encrypt the data from the input fields of application by using a lookup table for encryption • Hirschberg algorithm uses dynamic programming approach for finding an optimal sequence alignment
  • 4. Types of SQLI attacks • Tautology SELECT * FROM TABLE WHERE UNAME=”ABC” AND PWD=”ANYTHING” OR ‘1’=’1’; As 1=1 is always true, attacker gains access to the database. • Incorrect queries Error: SELECT USERNAME,PASSWORD FROM STUDENT WHERE USERNAME=ABC’ • Piggy backed queries SELECT * FROM USER WHWRE ID=123; DROP TABLE USER; • Blind Injection
  • 5. Execution model • Random4 framework Random4 lookup table Encryption technique
  • 6. Execution model • Hirschberg algorithm Hirschberg algorithm Using Hirschberg Algorithm to find similarities
  • 7. Prevention strategies • For Tautology ‘1’=‘1’ gets encrypted so it returns false • For Piggy backed queries Eg. “User” becomes “UserA2;h” • For Incorrect queries Similar to piggy backed queries • For Blind Injection Eg. “123” becomes “g4a”
  • 8. Complexity analysis • Hirschberg algorithm – Time Complexity O(nm) where n is string in the database and m is the input data – Space Complexity O(min(m , n)) • Random4 algorithm – Time Complexity Encryption requires to access the lookup table which increases the time complexity compared to Hirschberg algorithm – Space Complexity The lookup table also needs to be stored which increases the space complexity
  • 9. Comparison Sr. no. Parameters Random4 Hirschberg 1. Encryption User input Not required 2. Computational overhead Less More 3. Time complexity Less More 4. Space complexity Less More
  • 12. ©2015 TCET. All rights reserved. The information herein is for informational purposes only and represents the current view of TCET IT Department as of the date of this presentation.