JournalsKart submission@journalskart.com 8882640642, 011-43101010
Register Login
Peer-Reviewed Open Access Journal

DIAS Technology Review

The Institute has a unique distinction of publishing a bi-annual International journal DIAS Technology Review – The International Journal for Business and IT. The Editorial Board comprises of...

ISSN: 2231-2498 Quarterly English Since 2011
Submit Manuscript Browse Archives
Current Issue

Vol. 12 No. 1 (2015)

Articles 23th Edition of DTR Apr 2015 – Sep 2015
DOI 10.65301/dias.2015.12.1.411

Prevention of SQL Injection Attacks Using Colour Passwords

Authors
DR
Dr. Barkha Bahl
MS
Ms. Harneet Kaur
MR
Mr. Gagandeep Singh
Indus Valley Partners, India Matharu, Knownymous, India
146 Views
65 Downloads
Published 2015-09-30
Pages 30-40
Abstract

The biggest challenge nowadays is to secure the website against  cyber-attacks. Structured Query Language Injection Attack(SQLIA)  is one of the most critical cyber-attack. As a result of SQLIA an  attacker can have the access control on the database of an  application and accordingly can make changes in the critical data  stored on the database server of the website. Authentication plays an  important role in securing critical data. Generally, alphanumeric  passwords are most commonly used for authenticating users in  computer systems but they are highly prone to cyber-attacks.  However, graphical authentication systems have been proposed as a  relevant and possible alternative solution to the traditionally used  text-based (alphanumeric) authentication and the idea is  motivated particularly by the fact that human brain has the ability  to remember images better than text. Graphical passwords are  mainly created by clicking or dragging activities on the pictures or  certain parts of a picture rather than conventional typing of textual  characters. The main objective of the paper is to highlight the  various SQL injection attacks and SQL injection vulnerabilities on  website databases, to study and analyse existing authentication  systems and to propose a secure mechanism of authentication  through color code graphical passwords.

Keywords
SQLIA - SQL Injection Attacks User Keywords: SQLIA - SQL Injection Attacks User Authentication Vulnerability Graphical Passwords Color code passwords Web Security Encryption Color Matrix Map Algorithm Website Databases
References
  1. Dhameja Rachna, Perrig Adrian, “Deja Vu: A User Study Using Images for Authentication” https://sparrow.ece.cmu.edu/group/pub/old_pubs/usenix.pdf
  2. Eljetlawi A. M., & Ithnin N., “Graphical Password: Comprehensive Study of the Usability Features of the Recognition Base Graphical Password Methods”, 2008, pp.1137–1143
  3. Eljetlawi A. M., Ithnin N., “Graphical Password: Prototype Usability Survey”, International Conference on Advanced Computer Theory and Engineering (ICACTE) 2008, pp. 351–355
  4. Fulkar Ashwini, Sawla Suchita, Khan Zubin and Solanki Sarang, “A study of graphical passwords and various graphical password authentication schemes”, World Research Journal of Human Computer Interaction Vol. 1, 2012, pp.04–08
  5. Gandhi Mihir Gandhi, Baria Jwalant, “SQL INJECTION Attacks in Web Application”, International Journal of Soft Computing and Engineering, Vol. 2, Issue 6, 2013, pp.189
  6. Haichang G., Xuewu G., Xiaoping C., Liming W. & Xiyang L., Yagpr., “Yet Another Graphical Password Strategy”, Annual Computer Security Applications Conference, 2008, pp. 988–999
  7. Jansen, Gavrila W., Korolev S., Ayers V., Swanstrom R., “Picture Password: A Visual Login Technique for Mobile Devices”, NIST NISTIR 7030, 2003, pp. 1–16
  8. Kimwele Michael Kimwele, Mwangi Waweru, Kimani Stephen, “Strengths of a Colored Graphical Password Scheme”, International Journal of Reviews in Computing, 2010 IJRIC&LLS, pp.66–67
  9. LIN P. L., WENG L. T., & HUANG P. W., “Graphical Passwords Using Images with Random Tracks of Geometric Shapes”, Congress on Image and Signal Processing (CISP), 2008, pp.27–31
  10. Mcdonald Stuart, “SQL Injection: Modes of Attack, Defence, and Why It Matters”, SANS Institute, Global Information Assurance Certification Paper Directory, 2002, pp. 1–32
  11. Morgan D., “Web application security - SQL injection attacks”, Network Security, vol. 2, April 2006, pp. 4–5
  12. Singh Nanhay, Singh Khushal, Raw Shringar Ram, “Analysis of Detection and Prevention of Various SQL Injection Attacks on Web Applications”, International Journal of Applied Information Systems 2(7):20–26, Foundation of Computer Science, New York, USA, May 2012, pp.22–25
  13. Sonkar S. K., Paikrao R. L., Kumar Awadesh, “Graphical Password Authentication Scheme Based on Color Image Gallery”, International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 4, October 2012, pp. 13–16
  14. Tajpour A., Masrom M., Heydari M. Z., Ibrahim S., “SQL injection detection and prevention tools assessment” Proc. of ICCSIT, vol.9, no., 2010, pp.518–522
  15. Tao Hai, “Pass-Go, a New Graphical Password Scheme”, Master Thesis, University of Ottawa Canada, June 2006, pp.3–38
  16. Thomas Stephen, Williams Laurie, Xie Tao, “On automated prepared statement generation to remove SQL Injection vulnerabilities”, Information and Software Technology 51, 2009, pp. 590
  17. Wei Ke, Muthuprasanna M., Kothari S., “Eliminating SQL Injection Attacks in Stored Procedures”, IEEE ASWEC, 2006, pp. 191–198
  18. William G.J., Halfond, Viegas Jeremy, Orso Alessandro, “A Classification of SQL Injection Attacks and Countermeasures”, Proceedings of International Symposium on Secure Software Engineering (ISSSE), 2006, pp.1–10
  19. YAMPOLSKIY, R. V., “User Authentication via Behaviour Based Passwords”, IEEE Long Island Systems, Applications and Technology Conference (LISAT), 2007, pp. 195–204
Download
pdf
How to Cite
Dr. Barkha Bahl, Ms. Harneet Kaur, Mr. Gagandeep Singh . (2015). Prevention of SQL Injection Attacks Using Colour Passwords. DIAS Technology Review, 12(1), 30-40.
About This Journal
DIA
DIAS Technology Review
Published by Journalskart
ISSN 0972-9658
✓ Citation copied to clipboard