Survey on Restful Web Services Using Open Authorization (Oauth)

Kanmani, K. V.; Smitha, P. S.

doi:10.9790/0661-1545356

Cited by 4 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Namun, REST sangat rendah dalam segi keamanan [3]. Mengamankan RESTful WS mencakup mengamankan data serta seluruh komunikasi untuk melindungi kerahasiaan dan integrasi data [4]. Untuk mengatasi masalah tersebut, digunakan JSON Web Token (JWT).…”

unclassified

Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512

Rahmatulloh¹,

Sulastri²,

Nugroho³

2018

Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI)

View full text Add to dashboard Cite

Day to day information technology is constantly evolving, allowing a wide range of technologies, programming languages, and diverse architectures to keep popping up. It makes a new problem because at present all these differences must still be able to generate an interconnected information. It needs system integration. Currently, Web Service (WS) is a solution in system integration because it can be used without looking at the platform, architecture, or programming language used by different sources. But, on WS, the existing security is still considered less. Implementation of JSON Web Token (JWT) on WS is very influential in data security. JWT is an authentication mechanism on WS, but the application of standard JWT with HMAC SHA-256 algorithm is still not optimal. Therfore, this study discussed JWT security optimization with HMAC SHA-512 algorithm, which according to some researches, this algorithm will be better than SHA-256 if compiled on 64-bit architecture. The result of this research is that the use of SHA-512 produces a better time of 1% than SHA-256, but in SHA-512 token size is 2% larger than SHA-256. Intisari-Teknologi informasi dari hari ke hari terus berkembang, sehingga berbagai macam teknologi, bahasa pemrograman, dan arsitektur beragam terus bermunculan. Hal tersebut menjadikan permasalahan baru karena pada zaman sekarang semua perbedaan tersebut harus tetap bisa menghasilkan sebuah informasi yang saling terhubung. Maka, diperlukan integrasi sistem. Saat ini Web Service (WS) adalah solusi dalam integrasi sistem karena tanpa melihat platform, arsitektur maupun bahasa pemrograman yang digunakan oleh sumber berbeda. Namun, pada WS keamanan yang ada masih dirasa kurang. Penerapan JSON Web Token (JWT) pada WS sangat berpengaruh dalam hal keamanan data. JWT merupakan mekanisme autentikasi pada WS, tetapi penerapan JWT standar dengan algoritme HMAC SHA-256 masih belum optimal, sehingga pada makalah ini dibahas optimasi keamanan JWT dengan algoritme HMAC SHA-512, yang menurut beberapa penelitian algoritme ini akan lebih baik dibandingkan SHA-256 jika dikompilasi pada arsitektur 64-bit. Hasil menunjukkan, penggunaan SHA-512 menghasilkan waktu yang lebih baik 1% dibandingkan SHA-256. Namun pada segi ukuran token yang dihasilkan, SHA-512 lebih besar 2% dibandingkan SHA-256.

show abstract

unclassified

Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512

Rahmatulloh¹,

Sulastri²,

Nugroho³

2018

Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI)

View full text Add to dashboard Cite

show abstract

Performance comparison of signed algorithms on JSON Web Token

Rahmatulloh

Gunawan

Nursuwars

2019

IOP Conf. Ser.: Mater. Sci. Eng.

View full text Add to dashboard Cite

The system survive in this digital era is a system that can work on multiple platforms, the use of web services is one of the solution. Exchange data using JSON format and for the security of authentication using JSON Web Token (JWT). The importance of token-based authentication using JWT on web services can solve interoperability problems. JWT is stateless and can include information in the token authorization. JWT has several options for using algorithms namely HMAC, RSA, and ECDSA. Unfortunately, it is unknown which algorithm has better performance. Here, we directly tested the signing algorithm in the three algorithms seen from several parameters. The experimental results showed the use of HMAC algorithm produces an average value of token-generating time is 21.3 s, token size 109 bytes and data transfer token speed 91.2 s. It was considered that the HMAC had an excellent performance.

show abstract