loading page

Security Risks in the Encryption of Database Connection Strings
  • Ross Rannells,
  • James Hill
Ross Rannells
Indiana University Bloomington Luddy School of Informatics Computing and Engineering
Author Profile
James Hill
Indiana University Bloomington Luddy School of Informatics Computing and Engineering

Corresponding Author:hilljh@iupui.edu

Author Profile

Abstract

This article presents a novel approach to obfuscating database connection strings using Keyword Cipher, which is based on the Roman Caesar Cipher and Greek Scytale Cipher. This is an important and open problem because database connection strings typically have long substrings of identical and well-known character substrings. These known substrings in related database connection strings greatly increase the risk of their encryption key’s being broken, in addition to having identical initial substrings in their encrypted versions. Our experience applying these two obfuscation techniques to database connection strings show that the simple and easily implemented string obfuscation functions effectively solve the problem of common initial substrings. It also greatly reduces risk of breaking the connections strings encryption keys by hiding the known substrings and making the number of possible string needed to search for grow geometrically. Lastly, the use of obfuscation functions completely eliminates all the commonality between related database connection strings.
Submitted to Software: Practice and Experience
12 Mar 2024Review(s) Completed, Editorial Evaluation Pending
12 Mar 2024Editorial Decision: Revise Major
13 Jun 20241st Revision Received
08 Jul 2024Reviewer(s) Assigned
08 Aug 2024Review(s) Completed, Editorial Evaluation Pending
08 Aug 2024Editorial Decision: Revise Minor
18 Sep 20242nd Revision Received
24 Sep 2024Submission Checks Completed
24 Sep 2024Assigned to Editor
24 Sep 2024Review(s) Completed, Editorial Evaluation Pending
30 Sep 2024Reviewer(s) Assigned
23 Oct 2024Editorial Decision: Accept