Stateless Authentication with JSON Web Tokens using RSA-512 Algorithm

Main Article Content

Aldy Putra Aldya Alam Rahmatulloh Muhammad Nur Arifin

Abstract

Today's technology needs are getting higher, one of the technologies that continues to grow now is Web Service (WS). WS can increase service flexibility on a system. However, security at WS is one of the things that needs attention. One effort to overcome this problem is JWT (JSON Web Token). JWT is one of the authentication mechanisms in WS, with a standard signature algorithm, HMAC SHA256, RSA-256 or ECDSA. In this research we will discuss the performance of JWT RSA-512 which is implemented on SOAP and RESTful. Because based on previous research the speed performance of the 512-bit algorithm is better, but it is not yet known if applied to JWT. The test results show that the speed of the JWT RSA-512 token on the RESTful process is superior to 24.69% compared to SOAP. Then the speed of the authentication of JWT RSA-512 tokens, RESTful is superior to 11.64% compared to SOAP. Whereas in testing the size of JWT RSA-512 generated tokens, RESTful is only 1.25% superior to SOAP.

Downloads

Download data is not yet available.

Article Details

How to Cite
ALDYA, Aldy Putra; RAHMATULLOH, Alam; ARIFIN, Muhammad Nur. Stateless Authentication with JSON Web Tokens using RSA-512 Algorithm. JURNAL INFOTEL, [S.l.], v. 11, n. 2, june 2019. ISSN 2460-0997. Available at: <http://ejournal.st3telkom.ac.id/index.php/infotel/article/view/427>. Date accessed: 19 sep. 2019. doi: https://doi.org/10.20895/infotel.v11i2.427.
Section
Articles

References

[1] A. Rahmatulloh, R. Gunawan and I. Darmawan, "Web Services to Overcome Interoperability in Fingerprint-based Attendance System," in 2018 International Conference on Industrial Enterprise and System Engineering (IcoIESE 2018), Atlantis Press, 2019.
[2] H. Hamad, M. Saad and R. Abed, "Performance Evaluation of RESTful Web Services for Mobile Devices," International Arab Journal of e-Technology, Vols. Vol. 1,, no. No. 3, January 2010.
[3] R. Gunawan and A. Rahmatulloh, "Implementasi Web Service pada Sistem Host-To-Host Pembayaran Biaya Akademik," Setrum: Sistem Kendali-Tenaga-Elektronika-Telekomunikasi-Komputer, vol. 7, no. 2, pp. 320-329, 2019.
[4] OWASP, "OWASP Top 10 - 2017 The Ten Most Critical Web Application Security Risks," 2017. [Online]. Available: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf.
[5] M. I. Hussain and N. Dilber, "Restful web services security by using ASP.NET web API MVC based," Journal of Independent Studies and Research – Computing, vol. 12, no. 1, 2014.
[6] P. Sahoo, N. K. Janghel and D. Samanta, "Securing WEB API Based on Token Authentication," International Journal on Advanced Electrical and Computer Engineering (IJAECE), vol. 4, no. 2, 2017.
[7] X.-W. Huang, C.-Y. Hsieh, C. H. Wu and Y. C. Cheng, "A token-based user authentication mechanism for data exchange in RESTful API," International Conference on Network-Based Information Systems, pp. 601-606, 2015.
[8] A. Bhawiyuga, M. Data and A. Warda, "Architectural Design of Token based Authentication of MQTT Protocol in Constrained IoT Device," 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA), 2017.
[9] L. Xinhua, "The Design of Digital Campus Unified Identity Authentication System Based on Web Services," Applied Mechanics and Materials, pp. 2301-2304, 2013.
[10] I. I, P. M. R. Anand and V. Bhaskar, "Encrypted Token based Authentication with Adapted SAML Technology for Cloud Web Services," Journal of Network and Computer Applications 99, 2017.
[11] P. F. Tanaem, D. Manongga and A. Iriani, "RESTFul Web Service Untuk Sistem Pencatatan Transaksi Studi Kasus PT. XYZ," Jurnal Teknik Informatika dan Sistem Informasi, vol. 2, no. 1, 2016.
[12] A. Rahmatulloh, H. Sulastri and R. Nugroho, "Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512," Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI), vol. 7, no. 2, 2018.
[13] RCBJ-ADMIN, "JWT Use Cases," 7 2017. [Online]. Available: http://rcbj.net/blog01/2017/07/14/jwt-use-cases/.
[14] V. Kumari, "Web Services Protocol: SOAP vs REST," International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), vol. 4, no. 5, 2015.
[15] M. A. Arianto, "Analisis dan Perancangan Representational State Transfer (REST) Web Service Sistem Informasi Akademik STT Terpadu Nurul Fikri Menggunakan YII Framework," Jurnal Teknologi Terpadu, vol. 2, no. 2, 2016.
[16] D. Oku, M. Yanagisawa and N. Togawa, "Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures," IPSJ Transactions on System LSI Design Methodology, vol. 11, 2018.
[17] R. Gunawan and A. Rahmatulloh, "JSON Web Token (JWT) untuk Authentication pada Interoperabilitas Arsitektur berbasis RESTful Web Service," JEPIN (Jurnal Edukasi dan Penelitian Informatika), vol. 5, no. 1, pp. 74-79, 2019.