Kombinasi Waktu Sinkronisasi dan Nilai Salt untuk Peningkatan Keamanan pada Single Sign-On
Abstract
Single sign-on (SSO) is a session authentication process that allows a user to login by using user registered identity and password in order to access appropriate applications. The authentication process takes the user in to login for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. Its implementation will provide a reduction of password burden to access many applications for every login process. Ease of access through a single account needs to be addressed carefully to ensure the authentication credentials that are not scattered and known by others. Currently, there are several open source SSO authentication methods available. However, the use of existing authentication methods is still vulnerable to attack, such as Man-In-The-Middle. In this study, SSO authentication algorithm using One-Time Password (OTP) is proposed using a combination of time synchronization and salt value. These combinations are used to verify user session while accessing any application with SSO mechanism. The results show that the proposed OTP algorithm can handle SSO authentication process in good fashion and also protect from Man-In-The-Middle Attack.
References
K.D. Lewis, "Web Single Sign-On Authentication using SAML," International Journal of Computer Science Issues (IJCSI), Vol. 2, Aug. 2009.
S. Lawton. (2015, Jan.). Secure Authentication With Single Sign-On (SSO) Solutions. Tom's IT Pro, California, USA. [Online]. Available : http://www.tomsitpro.com/articles/single-sign-on-solutions,2-853.html
P. Telnoni, R.Munir, Y. Rosmansyah, "Pengembangan Protokol Single Sign-On SAML Dengan Kombinasi Speech dan Speaker Recognition," Jurnal Cybermatika ITB, Vol. 2, Dec. 2014
G. Ramadhan, "Analisis teknologi Single Sign On (SSO) dengan penerapan Central Authentication Service (CAS) pada Universitas Bina Darma," Skripsi, Lab. Komputer, UBD, Palembang, Indonesia, 2012.
J. Kirk (2007, Mei.). Researcher: RSA 1024-bit Encryption Not Enough. IDG Consumer & SMB, San Francisco, USA. [Online]. Available: http://www.pcworld.com/article/132184/article.html
Hyun-Chul Kim; Lee, H.-W.; Young-Gu Lee; Moon-Seog Jun, "A Design of One-Time Password Mechanism Using Public Key Infrastructure," Fourth International of Networked Computing and Advanced Information Management, Sep. 2008
D. M'Raihi, S. Machani, M. Pei, J. Rydell. (2011, Mei.). TOTP: Time-Based One-Time Password Algorithm. The Internet Engineering Task Force (IETF), California, USA. [Online]. Available: https://tools.ietf.org/html/rfc6238
Gauravaram, P., "Security Analysis of salt || password Hashes," International Conference Advanced Computer Science Applications and Technologies (ACSAT), 26-28 Nov. 2012.
P. Ducklin. (2013, Nov.). Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder. Sophos Ltd, Boston, USA. [Online]. Available:nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
Roscoe, J.T, Fundamental Research Statistics for the Behavioural Sciences 2nd edition, New York, USA: Holt Rinehart & Winston, 1975.
© Jurnal Nasional Teknik Elektro dan Teknologi Informasi, under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.
1.png)
