SlideShare a Scribd company logo

Random4 and hirshberg algorithm

Download as PPTX, PDF
nishant kumar
nishant kumar

sql injection attack

Engineering
1 of 12
Authors : Chintan Panjwani,Shivkumar Mishra,Prof. Veena Kulkarni
Introduction • SQLIA is a type of attack in which the attacker tries to enter the system by manipulating SQL queries i.e. by injecting malicious queries in input fields of a web application • Random4 algorithm is basically used to encrypt the data from the input fields of application by using a lookup table for encryption • Hirschberg algorithm uses dynamic programming approach for finding an optimal sequence alignment
Types of SQLI attacks • Tautology SELECT * FROM TABLE WHERE UNAME=”ABC” AND PWD=”ANYTHING” OR ‘1’=’1’; As 1=1 is always true, attacker gains access to the database. • Incorrect queries Error: SELECT USERNAME,PASSWORD FROM STUDENT WHERE USERNAME=ABC’ • Piggy backed queries SELECT * FROM USER WHWRE ID=123; DROP TABLE USER; • Blind Injection
Execution model • Random4 framework Random4 lookup table Encryption technique
Execution model • Hirschberg algorithm Hirschberg algorithm Using Hirschberg Algorithm to find similarities
Prevention strategies • For Tautology ‘1’=‘1’ gets encrypted so it returns false • For Piggy backed queries Eg. “User” becomes “UserA2;h” • For Incorrect queries Similar to piggy backed queries • For Blind Injection Eg. “123” becomes “g4a”
Complexity analysis • Hirschberg algorithm – Time Complexity O(nm) where n is string in the database and m is the input data – Space Complexity O(min(m , n)) • Random4 algorithm – Time Complexity Encryption requires to access the lookup table which increases the time complexity compared to Hirschberg algorithm – Space Complexity The lookup table also needs to be stored which increases the space complexity
Comparison Sr. no. Parameters Random4 Hirschberg 1. Encryption User input Not required 2. Computational overhead Less More 3. Time complexity Less More 4. Space complexity Less More
©2015 TCET. All rights reserved. The information herein is for informational purposes only and represents the current view of TCET IT Department as of the date of this presentation.

Recommended

NFD InterestDigest
NFD InterestDigestNFD InterestDigest
NFD InterestDigestShi Junxiao
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
Cyber Attacks Spatial Analysis
Cyber Attacks Spatial AnalysisCyber Attacks Spatial Analysis
Cyber Attacks Spatial AnalysisShwetha Narayanan
 
201411203 goto night on graphs for fraud detection
201411203 goto night on graphs for fraud detection201411203 goto night on graphs for fraud detection
201411203 goto night on graphs for fraud detectionRik Van Bruggen
 
Research Plan 2014
Research Plan 2014Research Plan 2014
Research Plan 2014Alejandro Llaves
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Securing Text Messages Application Using MED
Securing Text Messages Application Using MEDSecuring Text Messages Application Using MED
Securing Text Messages Application Using MEDZatulNadia
 
chapter 1-4.pdf
chapter 1-4.pdfchapter 1-4.pdf
chapter 1-4.pdfzerihunnana
 

Recommended

NFD InterestDigest
NFD InterestDigestNFD InterestDigest
NFD InterestDigestShi Junxiao
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
Cyber Attacks Spatial Analysis
Cyber Attacks Spatial AnalysisCyber Attacks Spatial Analysis
Cyber Attacks Spatial AnalysisShwetha Narayanan
 
201411203 goto night on graphs for fraud detection
201411203 goto night on graphs for fraud detection201411203 goto night on graphs for fraud detection
201411203 goto night on graphs for fraud detectionRik Van Bruggen
 
Research Plan 2014
Research Plan 2014Research Plan 2014
Research Plan 2014Alejandro Llaves
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Securing Text Messages Application Using MED
Securing Text Messages Application Using MEDSecuring Text Messages Application Using MED
Securing Text Messages Application Using MEDZatulNadia
 
chapter 1-4.pdf
chapter 1-4.pdfchapter 1-4.pdf
chapter 1-4.pdfzerihunnana
 
information technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfinformation technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfwondimagegndesta
 
Crytography
CrytographyCrytography
CrytographyMostak Ahmed
 
Introduction to cryptography part1-final
Introduction to cryptography part1-finalIntroduction to cryptography part1-final
Introduction to cryptography part1-finalTaymoor Nazmy
 
sourabh_sipPPT.pptx
sourabh_sipPPT.pptxsourabh_sipPPT.pptx
sourabh_sipPPT.pptxSourabhRuhil4
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniquesMohitManna
 
Cryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxCryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxSamiDan3
 
Session Slide
Session SlideSession Slide
Session SlideMuralidharan Radhakrishnan
 
H4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityH4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityOliver Hader
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
NETWORK SECURITY
NETWORK SECURITY NETWORK SECURITY
NETWORK SECURITY TouseeqHaider11
 
CRYPTOGRAPHY
CRYPTOGRAPHYCRYPTOGRAPHY
CRYPTOGRAPHYSHUBHA CHATURVEDI
 
Image Security
Image SecurityImage Security
Image SecuritySatyendra Rajput
 
Cryptography
CryptographyCryptography
CryptographyRavi Kumar Patel
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMNeo4j
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themMuhammedYaseen39
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoVishnu Pendyala
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackMona Rajput
 
Network security
Network securityNetwork security
Network securityABHISHEK KUMAR
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoordharasingh5698
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 

More Related Content

Similar to Random4 and hirshberg algorithm

information technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfinformation technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfwondimagegndesta
 
Introduction to cryptography part1-final
Introduction to cryptography part1-finalIntroduction to cryptography part1-final
Introduction to cryptography part1-finalTaymoor Nazmy
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniquesMohitManna
 
Cryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxCryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxSamiDan3
 
H4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityH4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityOliver Hader
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMNeo4j
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themMuhammedYaseen39
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoVishnu Pendyala
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackMona Rajput
 

Similar to Random4 and hirshberg algorithm (20)

information technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfinformation technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdf
 
Crytography
CrytographyCrytography
Crytography
 
Introduction to cryptography part1-final
Introduction to cryptography part1-finalIntroduction to cryptography part1-final
Introduction to cryptography part1-final
 
sourabh_sipPPT.pptx
sourabh_sipPPT.pptxsourabh_sipPPT.pptx
sourabh_sipPPT.pptx
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniques
 
Cryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxCryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptx
 
Session Slide
Session SlideSession Slide
Session Slide
 
H4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityH4CK1N6 - Web Application Security
H4CK1N6 - Web Application Security
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
NETWORK SECURITY
NETWORK SECURITY NETWORK SECURITY
NETWORK SECURITY
 
CRYPTOGRAPHY
CRYPTOGRAPHYCRYPTOGRAPHY
CRYPTOGRAPHY
 
Image Security
Image SecurityImage Security
Image Security
 
Cryptography
CryptographyCryptography
Cryptography
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAM
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing them
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic Attack
 
Network security
Network securityNetwork security
Network security
 

Recently uploaded

Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoordharasingh5698
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projectssmsksolar
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...tanu pandey
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 

Recently uploaded (20)

Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 

Random4 and hirshberg algorithm

  • 1. Authors : Chintan Panjwani,Shivkumar Mishra,Prof. Veena Kulkarni
  • 2.
  • 3. Introduction • SQLIA is a type of attack in which the attacker tries to enter the system by manipulating SQL queries i.e. by injecting malicious queries in input fields of a web application • Random4 algorithm is basically used to encrypt the data from the input fields of application by using a lookup table for encryption • Hirschberg algorithm uses dynamic programming approach for finding an optimal sequence alignment
  • 4. Types of SQLI attacks • Tautology SELECT * FROM TABLE WHERE UNAME=”ABC” AND PWD=”ANYTHING” OR ‘1’=’1’; As 1=1 is always true, attacker gains access to the database. • Incorrect queries Error: SELECT USERNAME,PASSWORD FROM STUDENT WHERE USERNAME=ABC’ • Piggy backed queries SELECT * FROM USER WHWRE ID=123; DROP TABLE USER; • Blind Injection
  • 5. Execution model • Random4 framework Random4 lookup table Encryption technique
  • 6. Execution model • Hirschberg algorithm Hirschberg algorithm Using Hirschberg Algorithm to find similarities
  • 7. Prevention strategies • For Tautology ‘1’=‘1’ gets encrypted so it returns false • For Piggy backed queries Eg. “User” becomes “UserA2;h” • For Incorrect queries Similar to piggy backed queries • For Blind Injection Eg. “123” becomes “g4a”
  • 8. Complexity analysis • Hirschberg algorithm – Time Complexity O(nm) where n is string in the database and m is the input data – Space Complexity O(min(m , n)) • Random4 algorithm – Time Complexity Encryption requires to access the lookup table which increases the time complexity compared to Hirschberg algorithm – Space Complexity The lookup table also needs to be stored which increases the space complexity
  • 9. Comparison Sr. no. Parameters Random4 Hirschberg 1. Encryption User input Not required 2. Computational overhead Less More 3. Time complexity Less More 4. Space complexity Less More
  • 10.
  • 11.
  • 12. ©2015 TCET. All rights reserved. The information herein is for informational purposes only and represents the current view of TCET IT Department as of the date of this presentation.