Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512
Abstract
Day to day information technology is constantly evolving, allowing a wide range of technologies, programming languages, and diverse architectures to keep popping up. It makes a new problem because at present all these differences must still be able to generate an interconnected information. It needs system integration. Currently, Web Service (WS) is a solution in system integration because it can be used without looking at the platform, architecture, or programming language used by different sources. But, on WS, the existing security is still considered less. Implementation of JSON Web Token (JWT) on WS is very influential in data security. JWT is an authentication mechanism on WS, but the application of standard JWT with HMAC SHA-256 algorithm is still not optimal. Therfore, this study discussed JWT security optimization with HMAC SHA-512 algorithm, which according to some researches, this algorithm will be better than SHA-256 if compiled on 64-bit architecture. The result of this research is that the use of SHA-512 produces a better time of 1% than SHA-256, but in SHA-512 token size is 2% larger than SHA-256.
References
(2017) “OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks,” [Online], https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf, tanggal akses: 12-Des-2017.
S. Mumbaikar dan P. Padiya, “Web Services Based on SOAP and REST Principles,” Int. J. Sci. Res. Publ., Vol. 3, No. 5, hal. 3–6, 2013.
V. Kumari, “Web Services Protocol : SOAP vs REST,” IJARCET, Vol. 4, No. 5, hal. 2467–2469, 2015.
K. V. Kanmani dan P. S. Smitha, “Survey on Restful Web Services Using Open Authorization (Oauth),” IOSR J. Comput. Eng., Vol. 15, No. 4, hal. 53–56, 2013.
P. F. Tanaem, D. Manongga, dan A. Iriani, “RESTFul Web Service untuk Sistem Pencatatan Transaksi Studi Kasus PT. XYZ,” Jurnal Teknik Informatika dan Sistem Informasi, Vol. 2, No. 1, hal. 1–10, 2016.
S. Gueron, S. Johnson, dan J. Walker, “Sha-512/256,” Proc. 2011 Eighth Int. Conf. Inf. Technol. New Gener. (ITNG ’11), 2011, hal. 354–358.
A. Sebastian, “Implementasi dan Perbandingan Performa Algoritma Hash SHA-1, SHA-256, dan SHA-512,” Skripsi, Institut Teknologi Bandung, Bandung, Indonesia, 2007.
A. Gustavo, F. Casati, H. Kuno, dan M. Vijay, WEB SERVICES, New York, USA: Springer-Verlag, 2004.
K. D. Gottschalk, S. Graham, H. Kreger, dan J. Snell, “Introduction to Web Services Architecture,” IBM Syst. J., Vol. 41, No. 2, hal. 170–177, 2002.
R. T. Fielding, “Architectural Styles and the Design of Network-based Software Architectures,” Building, Vol. 54, hal. 162, 2000.
L. Richardson dan S. Ruby, RESTful Web Services, O'Reilly Media, 2007.
C. J. Su dan C. Y. Chiang, “Enabling Successful Collaboration 2.0: A REST-based Web Service and Web 2.0 Technology Oriented Information Platform for Collaborative Product Development,” Comput. Ind., Vol. 63, No. 9, hal. 948–959, 2012.
(2017) “JSON Web Tokens - jwt.io,” [Online], https://jwt.io/, tanggal akses: 12-Dec-2017.
M. Jones, J. Bradley, dan N. Sakimura, (2017), “Internet Engineering Task Force,” [Online], https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html, tanggal akses: 20-Jan-2018.
“FIPS PUB 198-1. The Keyed-Hash Message Authentication Code (HMAC),” Federal Information Processing Standards Publication, hal. 13, 2008.
T. Ramadhany, (2006), “Keyed-Hash Message Authentication Code (HMAC),” [Online], https://anzdoc.com/keyed-hash-message-authentication-codehmac.html, tanggal akses: 20-Jan-2018.
K. I. Santoso, “Dua Faktor Pengamanan Login Web Menggunakan Otentikasi One Time Password Dengan Hash SHA,” Semin. Nas. Teknol. Inf. Komun. Terap. 2013, 2013, hal. 204–210.
B. Maryanto, “Penggunaan Fungsi Hash Satu-Arah Untuk Enkripsi Data,” Media Informatika, Vol. 7, No. 3, hal. 1–10, 2008.
© Jurnal Nasional Teknik Elektro dan Teknologi Informasi, under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.