Kombinasi Waktu Sinkronisasi dan Nilai Salt untuk Peningkatan Keamanan pada Single Sign-On

  • Rizal Munadi Universitas Syiah Kuala
  • Zuhar Musliyana Universitas Ubudiyah Indonesia
  • Teuku Yuliar Arif Universitas Syiah Kuala
  • Afdhal Universitas Syiah Kuala
  • Syahrial Universitas Syiah Kuala
Keywords: Single Sign-On, One-Time Password, Autentikasi, Keamanan Jaringan, Man-In-The-Middle Attack

Abstract

Single sign-on (SSO) is a session authentication process that allows a user to login by using user registered identity and password in order to access appropriate applications. The authentication process takes the user in to login for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. Its implementation will provide a reduction of password burden to access many applications for every login process. Ease of access through a single account needs to be addressed carefully to ensure the authentication credentials that are not scattered and known by others. Currently, there are several open source SSO authentication methods available. However, the use of existing authentication methods is still vulnerable to attack, such as Man-In-The-Middle. In this study, SSO authentication algorithm using One-Time Password (OTP) is proposed using a combination of time synchronization and salt value. These combinations are used to verify user session while accessing any application with SSO mechanism. The results show that the proposed OTP algorithm can handle SSO authentication process in good fashion and also protect from Man-In-The-Middle Attack.

References

K.D. Lewis, "Web Single Sign-On Authentication using SAML," International Journal of Computer Science Issues (IJCSI), Vol. 2, Aug. 2009.

S. Lawton. (2015, Jan.). Secure Authentication With Single Sign-On (SSO) Solutions. Tom's IT Pro, California, USA. [Online]. Available : http://www.tomsitpro.com/articles/single-sign-on-solutions,2-853.html

P. Telnoni, R.Munir, Y. Rosmansyah, "Pengembangan Protokol Single Sign-On SAML Dengan Kombinasi Speech dan Speaker Recognition," Jurnal Cybermatika ITB, Vol. 2, Dec. 2014

G. Ramadhan, "Analisis teknologi Single Sign On (SSO) dengan penerapan Central Authentication Service (CAS) pada Universitas Bina Darma," Skripsi, Lab. Komputer, UBD, Palembang, Indonesia, 2012.

J. Kirk (2007, Mei.). Researcher: RSA 1024-bit Encryption Not Enough. IDG Consumer & SMB, San Francisco, USA. [Online]. Available: http://www.pcworld.com/article/132184/article.html

Hyun-Chul Kim; Lee, H.-W.; Young-Gu Lee; Moon-Seog Jun, "A Design of One-Time Password Mechanism Using Public Key Infrastructure," Fourth International of Networked Computing and Advanced Information Management, Sep. 2008

D. M'Raihi, S. Machani, M. Pei, J. Rydell. (2011, Mei.). TOTP: Time-Based One-Time Password Algorithm. The Internet Engineering Task Force (IETF), California, USA. [Online]. Available: https://tools.ietf.org/html/rfc6238

Gauravaram, P., "Security Analysis of salt || password Hashes," International Conference Advanced Computer Science Applications and Technologies (ACSAT), 26-28 Nov. 2012.

P. Ducklin. (2013, Nov.). Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder. Sophos Ltd, Boston, USA. [Online]. Available:nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

Roscoe, J.T, Fundamental Research Statistics for the Behavioural Sciences 2nd edition, New York, USA: Holt Rinehart & Winston, 1975.

How to Cite
Rizal Munadi, Zuhar Musliyana, Teuku Yuliar Arif, Afdhal, & Syahrial. (1). Kombinasi Waktu Sinkronisasi dan Nilai Salt untuk Peningkatan Keamanan pada Single Sign-On. Jurnal Nasional Teknik Elektro Dan Teknologi Informasi, 5(3), 201-206. Retrieved from https://dev.journal.ugm.ac.id/v3/JNTETI/article/view/2935
Section
Articles