Kombinasi Waktu Sinkronisasi dan Nilai Salt untuk Peningkatan Keamanan pada Single Sign-On

Rizal Munadi, Zuhar Musliyana, Teuku Yuliar Arif, Afdhal Afdhal, Syahrial Syahrial

Abstract


Single sign-on (SSO) is a session authentication process that allows a user to login by using user registered identity and password in order to access appropriate applications. The authentication process takes the user in to login for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. Its implementation will provide a reduction of password burden to access many applications for every login process. Ease of access through a single account needs to be addressed carefully to ensure the authentication credentials that are not scattered and known by others. Currently, there are several open source SSO authentication methods available. However, the use of existing authentication methods is still vulnerable to attack, such as Man-In-The-Middle. In this study, SSO authentication algorithm using One-Time Password (OTP) is proposed using a combination of time synchronization and salt value. These combinations are used to verify user session while accessing any application with SSO mechanism. The results show that the proposed OTP algorithm can handle SSO authentication process in good fashion and also protect from Man-In-The-Middle Attack.

Full Text:

PDF

References


K.D. Lewis, "Web Single Sign-On Authentication using SAML," International Journal of Computer Science Issues (IJCSI), Vol. 2, Aug. 2009.

S. Lawton. (2015, Jan.). Secure Authentication With Single Sign-On (SSO) Solutions. Tom's IT Pro, California, USA. [Online]. Available : http://www.tomsitpro.com/articles/single-sign-on-solutions,2-853.html

P. Telnoni, R.Munir, Y. Rosmansyah, "Pengembangan Protokol Single Sign-On SAML Dengan Kombinasi Speech dan Speaker Recognition," Jurnal Cybermatika ITB, Vol. 2, Dec. 2014

G. Ramadhan, "Analisis teknologi Single Sign On (SSO) dengan penerapan Central Authentication Service (CAS) pada Universitas Bina Darma," Skripsi, Lab. Komputer, UBD, Palembang, Indonesia, 2012.

J. Kirk (2007, Mei.). Researcher: RSA 1024-bit Encryption Not Enough. IDG Consumer & SMB, San Francisco, USA. [Online]. Available: http://www.pcworld.com/article/132184/article.html

Hyun-Chul Kim; Lee, H.-W.; Young-Gu Lee; Moon-Seog Jun, "A Design of One-Time Password Mechanism Using Public Key Infrastructure," Fourth International of Networked Computing and Advanced Information Management, Sep. 2008

D. M'Raihi, S. Machani, M. Pei, J. Rydell. (2011, Mei.). TOTP: Time-Based One-Time Password Algorithm. The Internet Engineering Task Force (IETF), California, USA. [Online]. Available: https://tools.ietf.org/html/rfc6238

Gauravaram, P., "Security Analysis of salt || password Hashes," International Conference Advanced Computer Science Applications and Technologies (ACSAT), 26-28 Nov. 2012.

P. Ducklin. (2013, Nov.). Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder. Sophos Ltd, Boston, USA. [Online]. Available:nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

Roscoe, J.T, Fundamental Research Statistics for the Behavioural Sciences 2nd edition, New York, USA: Holt Rinehart & Winston, 1975.




DOI: http://dx.doi.org/10.22146/jnteti.v5i3.257

Refbacks

  • There are currently no refbacks.


Copyright (c) 2016 Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI)

JNTETI (Jurnal Nasional Teknik Elektro dan Teknologi Informasi)

Departemen Teknik Elektro dan Teknologi Informasi, Fakultas Teknik Universitas Gadjah Mada
Jl. Grafika No 2. Kampus UGM Yogyakarta 55281
+62 274 552305
jnteti@ugm.ac.id