Adoption of Internet Voting Platform Containing Data Injection Threats with Structured LINQ
Authors: Nwankwo W, Njoku CC
Web-based and other electronic voting platforms are growing as some countries have considered them viable in ensuring transparency and accountability during elections. One of the most cited challenges that hinders widespread adoption borders on cybersecurity. In modern times, attackers and cyber criminals have developed automated tools that could exploit seemingly secured data intensive applications within few minutes resulting to data breaches and losses. Data injection attacks (DIA) are prevalent on web applications and software engineers are combatting the trend using techniques such as parameterized queries (PQ), stored procedures (SP), and language integrated query (LINQ). This paper is aimed at evaluating the effectiveness of LINQ in circumventing DIA directed to internet voting application (IVP). This paper employed a hybrid approach comprising object-oriented techniques (OOT), exploitation, and vulnerability analysis respectively. OOT was used to develop two streams of IVP with C# as the base language. The two software streams were: Fully LINQ-based, and embedded SQL-based with LINQ. Vulnerability analysis were conducted on both application streams using the SQLMAP installed on kali Linux. The results showed that a LINQ-only platform offered good resistance to data injection, whereas the application stream with traditional embedded SQL was susceptible to exploitation with SQLMAP. It is concluded that the use of carefully structured LINQ could effectively circumvent web-based injection attacks in IVPs.
Affiliations: Department of Computer Science, Edo University Iyamho, Edo State, Nigeria.
Keywords: Internet Voting, LINQ, Stored Procedures, Parameterized Queries, Data Injection, Vulnerability
Published date: 2019/12/30