Implementasi Kriptografi AES-128 Untuk Mengamankan URL (Uniform Resource Locator) dari SQL Injection

  • Hamid Wijaya

Abstract

On a website there is a URL (Uniform Resource Locator) that contains the server address, protocol and file path used to provide information to users. At that URL, if no special handling is done in the form of encryption, it will be very vulnerable to hacking. One form of hacking that is done on a URL is to do a SQL injection attack. The form of SQL injection attacks is the act of entering a special code in the website URL so that it can make changes to the contents of the database. For that we need a way to prevent SQL injection attacks by applying cryptography. Cryptography used in this research is by applying AES-128 cryptography. To test the application of AES-128 cryptography the SQLmap application is used. The results of the application of AES-128 cryptography are URLs that have been encrypted so that they are safe from SQL injection attacks.

Keywords: URL, Cryptography, AES-128, SQL Injection

References

M. Yuhefizar and R. Hidayat, Cara Mudah Membangun Website Interaktif Menggunakan Content Management System Joomla Edisi Revisi. Jakarta: PT Elex Media Komputindo, 2009.

R. Ferreira and R. L. Aguiar, “Repositioning privacy concerns: Web servers controlling URL metadata,” J. Inf. Secur. Appl., vol. 46, pp. 121–137, 2019, doi: 10.1016/j.jisa.2019.03.010.

P. C. Xue, “SQL injection attack and guard technical research,” in Procedia Engineering, 2011, vol. 15, pp. 4131–4135, doi: 10.1016/j.proeng.2011.08.775.

A. P. Bhatt and S. Anand, “Quantum Cryptography for Internet of Things Security,” J. Electron. Scicence Technol., vol. 17, no. 3, pp. 213–220, 2019, doi: 10.11989/JEST.1674-862X.90523016.

N. B. F. Silva, D. F. Pigatto, P. S. Martins, and K. R. L. J. C. Branco, “Case studies of performance evaluation of cryptographic algorithms for an embedded system and a general purpose computer,” J. Netw. Comput. Appl., vol. 60, pp. 130–143, 2016, doi: 10.1016/j.jnca.2015.10.007.

R. Munir, Kriptografy. Bandung: Informatika, 2006.

D. Smekal, J. Frolka, and J. Hajny, “Acceleration of AES Encryption Algorithm Using Field Programmable Gate Arrays,” in IFAC-PapersOnLine, 2016, vol. 49, no. 25, pp. 384–389, doi: 10.1016/j.ifacol.2016.12.075.

P. Patil, P. Narayankar, D. G. Narayan, and S. M. Meena, “A Comprehensive Evaluation of Cryptographic Algorithms: DES, 3DES, AES, RSA and Blowfish,” in Procedia Computer Science, 2016, vol. 78, no. December 2015, pp. 617–624, doi: 10.1016/j.procs.2016.02.108.

D. S. Kundi, A. Aziz, and N. Ikram, “A high performance ST-Box based unified AES encryption/decryption architecture on FPGA,” Microprocess. Microsyst., vol. 41, pp. 37–46, 2016, doi: 10.1016/j.micpro.2015.11.015.

J. M. Granado, M. A. Vega-Rodríguez, J. M. Sánchez-Pérez, and J. A. Gómez-Pulido, “IDEA and AES, two cryptographic algorithms implemented using partial and dynamic reconfiguration,” Microelectronics J., vol. 40, no. 6, pp. 1032–1040, 2009, doi: 10.1016/j.mejo.2008.11.044.

Published
2020-01-31