Rancang Bangun Library Web Token untuk Enkripsi HTTP Data Menggunakan Eksklusif-OR (XOR)

Bagus Dwi Kurniawan; Mochamad Alfan Rosid; Irwan Alnarus  Kautsar; Nikko Enggaliano Pratama

doi:10.47134/pslse.v1i1.164

Authors

Bagus Dwi Kurniawan Universitas Muhammadiyah Sidoarjo
Mochamad Alfan Rosid Universitas Muhammadiyah Sidoarjo
Irwan Alnarus Kautsar Universitas Muhammadiyah Sidoarjo
Nikko Enggaliano Pratama Universitas Muhammadiyah Sidoarjo

DOI:

https://doi.org/10.47134/pslse.v1i1.164

Keywords:

Web Token, XOR, Enkripsi, BLAKE2b, Library

Abstract

Meningkatnya peretasan data di Indonesia menjadi masalah yang mengkhawatirkan karena data yang sensitif. Untuk mengamankan pertukaran data, enkripsi data sangat penting, dan salah satu pilihan yang populer adalah algoritma XOR karena mudah diimplementasikan, sederhana, cepat, dan ringan. Selain itu, penggunaan algoritma hash BLAKE2b memberikan keamanan dan kecepatan yang lebih baik. Penelitian ini berfokus pada pengamanan pertukaran data pada HTTP dengan menggunakan XOR dan BLAKE2b. Namun, intercept data dapat terjadi tanpa mekanisme token tanda tangan digital. Penelitian ini mengusulkan perancangan library web token yang ringan dan mudah digunakan untuk mengatasi masalah ini. Sistem diuji menggunakan berbagai metode, termasuk pengujian waktu enkripsi untuk algoritma XOR dan BLAKE2b untuk menghasilkan token. Hasil yang diperoleh relatif cepat dibandingkan dengan JWT dengan algoritma HS256. Penelitian ini juga menguji proses otentikasi berbasis API.

References

Adam, S. I. (2020). RESTful Web Service Implementation on Unklab Information System Using JSON Web Token (JWT). 2020 2nd International Conference on Cybernetics and Intelligent System, ICORIS 2020. https://doi.org/10.1109/ICORIS50180.2020.9320801

Ahmed, S. (2019). An authentication based scheme for applications using JSON web token. Proceedings - 22nd International Multitopic Conference, INMIC 2019. https://doi.org/10.1109/INMIC48123.2019.9022766

Anwar, M. R., Apriani, D., & Adianita, I. R. (2021). Hash Algorithm In Verification Of Certificate Data Integrity And Security. Aptisi Trans. Technopreneursh., 3(2), 65–72. https://doi.org/10.34306/att.v3i2.212

Aumasson, J., Neves, S., Hearn, Z. W., & Winnerlein, C. (2013). BLAKE2 : Simpler, Smaller, Fast as MD5. 119–135.

C, F. W., Rahagiar, A. P., & Fretes, F. (2012). Penerapan Algoritma Gabungan Rc4 Dan Base64 Pada Sistem Keamanan E-Commerce. Semin. Nas. Apl. Teknol. Inf., 2012(Snati), 47–52.

Cava, L. La. (2023). SONAR: Web-based Tool for Multimodal Exploration of Non-Fungible Token Inspiration Networks. SIGIR 2023 - Proceedings of the 46th International ACM SIGIR Conference on Research and Development in Information Retrieval, 3200–3204. https://doi.org/10.1145/3539618.3591821

Dalimunthe, S. (2022). THE MODEL FOR STORING TOKENS IN LOCAL STORAGE (COOKIES) USING JSON WEB TOKEN (JWT) WITH HMAC (HASH-BASED MESSAGE AUTHENTICATION CODE) IN E-LEARNING SYSTEMS. Journal of Applied Engineering and Technological Science, 3(2), 149–155. https://doi.org/10.37385/jaets.v3i2.662

Darmawan, I. (2021). JSON Web Token Penetration Testing on Cookie Storage with CSRF Techniques. 2021 International Conference Advancement in Data Science, E-Learning and Information Systems, ICADEIS 2021. https://doi.org/10.1109/ICADEIS52521.2021.9701965

Deshpande, V. M., Nair, M. K., & Shah, D. (2017). Major Web Application Threats for Data Privacy & Security-Detection, Analysis and Mitigation Strategies. 7(10), 182–198. www.ijsrst.com

Friesen, J. (2019). Introducing JSON. Java XML and JSON.

Ganesh, V., & Sandilya, B. V. H. (2019). Implementation of SIMD Instruction Set Extension for BLAKE2. 2019 10th Int. Conf. Comput. Commun. Netw. Technol. ICCCNT 2019. https://doi.org/10.1109/ICCCNT45670.2019.8944835

Lee, J. Y., Lin, W. C., & Huang, Y. H. (2014). A lightweight authentication protocol for Internet of Things. 2014 Int. Symp. Next-Generation Electron. ISNE 2014, 1–2. https://doi.org/10.1109/ISNE.2014.6839375

Mainka, C., Mladenov, V., Guenther, T., & Schwenk, J. (2015). Automatic recognition, processing and attacking of single sign-on protocols with burp suite. Lect. Notes Informatics (LNI), Proc. - Ser. Gesellschaft Fur Inform., 251, 117–131.

Maryanto, B. (2008). Penggunaan Fungsi Hash Satu-Arah Untuk Enkripsi Data. Media Inform., 7(3), 138–146.

Muyón, C. (2020). Information security methods to protect rest web services communication and data in http requests using json web token and keycloak red hat single sign on. RISTI - Revista Iberica de Sistemas e Tecnologias de Informacao, 2020, 198–213.

Nugraha, A. F. (2023). Performance and Security Comparison of Json Web Tokens (JWT) and Platform Agnostic Security Tokens (PASETO) on RESTful APIs. Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity: Cryptography and Cybersecurity: Roles, Prospects, and Challenges, ICoCICs 2023, 15–22. https://doi.org/10.1109/ICoCICs58778.2023.10277377

Nugroho, F. P., Abdullah, R. W., Wulandari, S., & Hanafi. (2019). Keamanan Big Data di Era Digital di Indonesia. J. Inf., 5(1), 28–34.

Prasad, C. (2023). Developing a Non-Fungible Token-Based Trade Marketplace Platform Using Web 3.0. Proceedings of the 5th International Conference on Inventive Research in Computing Applications, ICIRCA 2023, 312–316. https://doi.org/10.1109/ICIRCA57980.2023.10220823

Pratama, A. R., Ichsan, M. H. H., & Kusyanti, A. (2019). Implementasi Algoritme AES Pada Pengiriman Data Sensor DHT11 Menggunakan Protokol Komunikasi HTTP. J. Pengemb. Teknol. Inf. Dan Ilmu Komput., 3(4), 3781–3789.

Putri, M. C. I. (2020). Two factor authentication framework based on ethereum blockchain with dapp as token generation system instead of third-party on web application. Register: Jurnal Ilmiah Teknologi Sistem Informasi, 6(2), 74–85. https://doi.org/10.26594/register.v6i2.1932

Rahmatulloh, A. (2019). Performance comparison of signed algorithms on JSON Web Token. IOP Conference Series: Materials Science and Engineering, 550(1). https://doi.org/10.1088/1757-899X/550/1/012023

Rasyada, N. (2022). SHA-512 Algorithm on Json Web Token for Restful Web Service-Based Authentication. Journal of Applied Data Sciences, 3(1), 33–43. https://doi.org/10.47738/jads.v3i1.51

Rosdiana, R. (2018). Sekuritas Sistem Dengan Kriptografi. Al-Khwarizmi J. Pendidik. Mat. Dan Ilmu Pengetah. Alam, 3(1). https://doi.org/10.24256/jpmipa.v3i1.216

Rushdy, E. (2021). Framework to secure the OAuth 2.0 and JSON web token for rest API. Journal of Theoretical and Applied Information Technology, 99(9), 2144–2161.

Rutskiy, V. (2023). DAO Tokens: The Role for the Web 3.0 Industry and Pricing Factors. Lecture Notes in Networks and Systems, 723, 595–604. https://doi.org/10.1007/978-3-031-35317-8_54

Sitorus, N. F., Kusyanti, A., & Bhawiyuga, A. (2020). Implementasi Autentikasi Berbasis Token Menggunakan Platform Agnostic Security Tokens (PASETO) Sebagai Mekanisme Autentikansi RESTful API. J. Pengemb. Teknol. Inf. Dan Ilmu Komput., 4(11), 3947–3955. http://j-ptiik.ub.ac.id

Suparyanto, & Rosad. (2020). IMPLEMENTASI ALGORITMA AES DAN ALGORITMA XOR PADA APLIKASI ENKRIPSI DAN DEKRIPSI TEKS BERBASIS ANDROID. 5(3), 248–253.

Sutikno, T. (2023). Non-fungible tokens, decentralized autonomous organizations, Web 3.0, and the metaverse in education: From university to metaversity. Journal of Education and Learning, 17(1), 1–15. https://doi.org/10.11591/edulearn.v17i1.20657

Varalakshmi, P. (2022). Improvising JSON Web Token Authentication in SDN. 2022 International Conference on Communication, Computing and Internet of Things, IC3IoT 2022 - Proceedings. https://doi.org/10.1109/IC3IOT53935.2022.9767873

Yel, M. B., & Nasution, M. K. M. (2022). Keamanan Informasi Data Pribadi Pada Media Sosial. J. Inform. Kaputama, 6(1), 92–101. http://jurnal.kaputama.ac.id/index.php/JIK/article/view/768