APPROACHES TO SECURE DATA STORAGE AND PROCESSING BASED ON UUID IDENTIFIERS: THE GRAPHICAL CONVERSION METHOD
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1010Keywords:
identifier encoding, graphical hash representation, data security, data integrity, protection of key identifiers, UUID, cyber security; informational security; IS; information technology; IT; information protection; vulnerabilities; learning process; educational standard.Abstract
The article analyzes current trends in the use of unique identifiers of the UUID (Universal Unique Identifier) type in databases for creating key records. It highlights areas of application of such identifiers in software systems across various domains and identifies relevant challenges related to their use in the context of modern data security requirements. The advantages of ULID (Universally Unique Lexicographically Sortable Identifier)—next-generation identifiers distinguished by higher performance and the ability to support lexicographical sorting through a monotonic generation principle—are examined. Based on an analysis of modern data protection needs, it is concluded that UUID-based identifiers require a high level of security, particularly against SQL (Structured Query Language), XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), and Insecure Direct Object Reference (IDOR) attacks. It is emphasized that protection methods must consider the specifics of the data types on which key identifiers are built.
As an extension of security tools, a method for converting UUIDs into a graphical form visually resembling a unique chart is proposed. An algorithm and a diagram for determining the coordinates of UUID and ULID are developed, with an example of transformation and visual representation provided. The forms and areas of application of the proposed method are discussed, including the possibility of reverse conversion for integrity verification, masking in client–server interactions, data reconciliation, and recovery after attacks or failures. The use of both the graphical image itself and the coordinate array that forms it is described. Approaches to encoding and encrypting coordinate data at the stage of chart generation and rendering are proposed.
The method enables concealing an identifier in graphical form, which complicates its identification during unauthorized access (for example, in the case of cookie theft) and can also serve as a graphical hash. A combined method of application in web systems is proposed: encrypted coordinates generated by this method are stored in a hidden field of the client form and verified on the server based on session data. This approach ensures identifier authenticity verification (protection against IDOR) while simultaneously functioning as an anti-CSRF token. In the field of data storage, approaches are proposed for applying the method to integrity verification and data recovery after security incidents without the immediate need to restore backup copies.
The proposed conversion method can be implemented either as a graphical hash or as a protected copy. It allows operations with both the graphical image and the coordinate array in a format that is more secure compared to symbolic representation. The method has several advantages over QR codes: unlike the latter, the structure of the graphical hash is not standardized and therefore can only be decoded by a server possessing the generation parameters and decoding algorithm, while also providing the possibility of visual output. The proposed UUID-to-graph conversion method can help address several applied problems and enhance tools for ensuring data security and confidentiality across all areas where such identifiers are used.
Downloads
References
Kostiuk, Yu. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Yu. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2023). Enterprise information and cyber security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Ronaldo, O. (n.d.). GUID vs UUID vs ULID: Understanding unique identifiers. Medium. https://medium.com/@ronaldo.oliver7/guid-vs-uuid-vs-ulid-understanding-unique-identifiers-565c88cdca13
Kaur, G., Mehta, S., & Singh, P. (2022). Comparative analysis of GUID, UUID and ULID for scalable data architectures. International Journal of Computer Science and Network Security, 22(5), 112–120.
Penar, M. (2020). Performance analysis of write operations in identity and UUID ordered tables. Scientific Journal of Rzeszów University of Technology, 81–96. https://doi.org/10.7862/re.2020.6
Momryk, Y., & Sabodashko, D. (2023). Numeric fields in database development: From optimal design to secure coding—SQL attacks protection method. CEUR Workshop Proceedings, 3456, 201–212.
Agarwal, V., Singh, R., & Patel, M. (2023). Performance optimization in UUID-based large-scale database systems using multi-criteria decision methods (MPE). International Journal of Computer Applications, 184(2), 45–52.
Chen, L., & Li, X. (2021). Synchronization mechanisms for distributed SQLite databases using UUIDs. Open Automation and Control Systems Journal, 9(4), 2201–2208.
Thurman, T. R., et al. (2024). Research results and recommendations for universally unique identifiers in product data standards. U.S. Department of Commerce, National Institute of Standards and Technology.
Google AdSense. (2025). How to prevent misuse of user identifiers. https://support.google.com/adsense/answer/6156630?hl=uk
Jadhav, V., Chouhan, K. I., & Maskar, V. B. (2019). Smart voting through UID verification by using face recognition. International Journal of Engineering Trends and Technology, 6(1), 45–51.
Liangong, S. (2015). Research on the construction and realization of synchronization system for wireless spatial database based on UUID. Open Automation and Control Systems Journal, 7, 2201–2206.
Triebel, D., Reichert, W., Bosert, S., Feulner, M., Okach, D. O., Slimani, A., & Rambold, G. (2018). A generic workflow for effective sampling of environmental vouchers with UUID assignment and image processing. Database. Article ID bax096. https://doi.org/10.1093/database/bax096
Ullah, F., Edwards, M., Ramdhany, R., Chitchyan, R., Babar, M. A., & Rashid, A. (2018). Data exfiltration: A review of external attack vectors and countermeasures. Journal of Network and Computer Applications, 101, 18–54. https://doi.org/10.1016/j.jnca.2017.10.016
Pratama, H., & Rhusuli, M. (2022). IDOR vulnerability and its mitigation techniques in modern web systems. International Journal of Information Security and Privacy, 10(2), 77–85.
Khurana, P., & Bindal, P. (2014). CSRF vulnerabilities and defensive techniques. International Journal of Computer Trends and Technology, 13(3), 135–138. https://doi.org/10.14445/22312803/IJCTT-V13P135
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Ярослава Момрик
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
