Stateless Authentication with JSON Web Tokens using RSA-512 Algorithm
Main Article Content
Abstract
Today's technology needs are getting higher, one of the technologies that continues to grow now is Web Service (WS). WS can increase service flexibility on a system. However, security at WS is one of the things that needs attention. One effort to overcome this problem is JWT (JSON Web Token). JWT is one of the authentication mechanisms in WS, with a standard signature algorithm, HMAC SHA256, RSA-256 or ECDSA. In this research we will discuss the performance of JWT RSA-512 which is implemented on SOAP and RESTful. Because based on previous research the speed performance of the 512-bit algorithm is better, but it is not yet known if applied to JWT. The test results show that the speed of the JWT RSA-512 token on the RESTful process is superior to 24.69% compared to SOAP. Then the speed of the authentication of JWT RSA-512 tokens, RESTful is superior to 11.64% compared to SOAP. Whereas in testing the size of JWT RSA-512 generated tokens, RESTful is only 1.25% superior to SOAP.
Downloads
Download data is not yet available.
Article Details
How to Cite
[1]
A. Rahmatullo, A. P. Aldya, and M. N. Arifin, “Stateless Authentication with JSON Web Tokens using RSA-512 Algorithm”, INFOTEL, vol. 11, no. 2, pp. 36-42, Jun. 2019.
Section
Articles
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
References
[1] A. Rahmatulloh, R. Gunawan and I. Darmawan, "Web Services to Overcome Interoperability in Fingerprint-based Attendance System," in 2018 International Conference on Industrial Enterprise and System Engineering (IcoIESE 2018), Atlantis Press, 2019.
[2] H. Hamad, M. Saad and R. Abed, "Performance Evaluation of RESTful Web Services for Mobile Devices," International Arab Journal of e-Technology, Vols. Vol. 1,, no. No. 3, January 2010.
[3] R. Gunawan and A. Rahmatulloh, "Implementasi Web Service pada Sistem Host-To-Host Pembayaran Biaya Akademik," Setrum: Sistem Kendali-Tenaga-Elektronika-Telekomunikasi-Komputer, vol. 7, no. 2, pp. 320-329, 2019.
[4] OWASP, "OWASP Top 10 - 2017 The Ten Most Critical Web Application Security Risks," 2017. [Online]. Available: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf.
[5] M. I. Hussain and N. Dilber, "Restful web services security by using ASP.NET web API MVC based," Journal of Independent Studies and Research – Computing, vol. 12, no. 1, 2014.
[6] P. Sahoo, N. K. Janghel and D. Samanta, "Securing WEB API Based on Token Authentication," International Journal on Advanced Electrical and Computer Engineering (IJAECE), vol. 4, no. 2, 2017.
[7] X.-W. Huang, C.-Y. Hsieh, C. H. Wu and Y. C. Cheng, "A token-based user authentication mechanism for data exchange in RESTful API," International Conference on Network-Based Information Systems, pp. 601-606, 2015.
[8] A. Bhawiyuga, M. Data and A. Warda, "Architectural Design of Token-based Authentication of MQTT Protocol in Constrained IoT Device," 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA), 2017.
[9] L. Xinhua, "The Design of Digital Campus Unified Identity Authentication System Based on Web Services," Applied Mechanics and Materials, pp. 2301-2304, 2013.
[10] I. I, P. M. R. Anand and V. Bhaskar, "Encrypted Token-based Authentication with Adapted SAML Technology for Cloud Web Services," Journal of Network and Computer Applications 99, 2017.
[11] P. F. Tanaem, D. Manongga and A. Iriani, "RESTFul Web Service Untuk Sistem Pencatatan Transaksi Studi Kasus PT. XYZ," Jurnal Teknik Informatika dan Sistem Informasi, vol. 2, no. 1, 2016.
[12] A. Rahmatulloh, H. Sulastri and R. Nugroho, "Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512," Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI), vol. 7, no. 2, 2018.
[13] RCBJ-ADMIN, "JWT Use Cases," 7 2017. [Online]. Available: http://rcbj.net/blog01/2017/07/14/jwt-use-cases/.
[14] V. Kumari, "Web Services Protocol: SOAP vs REST," International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), vol. 4, no. 5, 2015.
[15] M. A. Arianto, "Analisis dan Perancangan Representational State Transfer (REST) Web Service Sistem Informasi Akademik STT Terpadu Nurul Fikri Menggunakan YII Framework," Jurnal Teknologi Terpadu, vol. 2, no. 2, 2016.
[16] D. Oku, M. Yanagisawa and N. Togawa, "Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures," IPSJ Transactions on System LSI Design Methodology, vol. 11, 2018.
[17] R. Gunawan and A. Rahmatulloh, "JSON Web Token (JWT) untuk Authentication pada Interoperabilitas Arsitektur berbasis RESTful Web Service," JEPIN (Jurnal Edukasi dan Penelitian Informatika), vol. 5, no. 1, pp. 74-79, 2019.
[2] H. Hamad, M. Saad and R. Abed, "Performance Evaluation of RESTful Web Services for Mobile Devices," International Arab Journal of e-Technology, Vols. Vol. 1,, no. No. 3, January 2010.
[3] R. Gunawan and A. Rahmatulloh, "Implementasi Web Service pada Sistem Host-To-Host Pembayaran Biaya Akademik," Setrum: Sistem Kendali-Tenaga-Elektronika-Telekomunikasi-Komputer, vol. 7, no. 2, pp. 320-329, 2019.
[4] OWASP, "OWASP Top 10 - 2017 The Ten Most Critical Web Application Security Risks," 2017. [Online]. Available: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf.
[5] M. I. Hussain and N. Dilber, "Restful web services security by using ASP.NET web API MVC based," Journal of Independent Studies and Research – Computing, vol. 12, no. 1, 2014.
[6] P. Sahoo, N. K. Janghel and D. Samanta, "Securing WEB API Based on Token Authentication," International Journal on Advanced Electrical and Computer Engineering (IJAECE), vol. 4, no. 2, 2017.
[7] X.-W. Huang, C.-Y. Hsieh, C. H. Wu and Y. C. Cheng, "A token-based user authentication mechanism for data exchange in RESTful API," International Conference on Network-Based Information Systems, pp. 601-606, 2015.
[8] A. Bhawiyuga, M. Data and A. Warda, "Architectural Design of Token-based Authentication of MQTT Protocol in Constrained IoT Device," 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA), 2017.
[9] L. Xinhua, "The Design of Digital Campus Unified Identity Authentication System Based on Web Services," Applied Mechanics and Materials, pp. 2301-2304, 2013.
[10] I. I, P. M. R. Anand and V. Bhaskar, "Encrypted Token-based Authentication with Adapted SAML Technology for Cloud Web Services," Journal of Network and Computer Applications 99, 2017.
[11] P. F. Tanaem, D. Manongga and A. Iriani, "RESTFul Web Service Untuk Sistem Pencatatan Transaksi Studi Kasus PT. XYZ," Jurnal Teknik Informatika dan Sistem Informasi, vol. 2, no. 1, 2016.
[12] A. Rahmatulloh, H. Sulastri and R. Nugroho, "Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512," Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI), vol. 7, no. 2, 2018.
[13] RCBJ-ADMIN, "JWT Use Cases," 7 2017. [Online]. Available: http://rcbj.net/blog01/2017/07/14/jwt-use-cases/.
[14] V. Kumari, "Web Services Protocol: SOAP vs REST," International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), vol. 4, no. 5, 2015.
[15] M. A. Arianto, "Analisis dan Perancangan Representational State Transfer (REST) Web Service Sistem Informasi Akademik STT Terpadu Nurul Fikri Menggunakan YII Framework," Jurnal Teknologi Terpadu, vol. 2, no. 2, 2016.
[16] D. Oku, M. Yanagisawa and N. Togawa, "Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures," IPSJ Transactions on System LSI Design Methodology, vol. 11, 2018.
[17] R. Gunawan and A. Rahmatulloh, "JSON Web Token (JWT) untuk Authentication pada Interoperabilitas Arsitektur berbasis RESTful Web Service," JEPIN (Jurnal Edukasi dan Penelitian Informatika), vol. 5, no. 1, pp. 74-79, 2019.