A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page

JSON Web Token Implementation for Dynamic Access Rights Authentication in Klinik Pratama UPN “Veteran” Yogyakarta Application Based on RESTful API

Tujuan: Penelitian ini dilakukan untuk mengimplementasikan autentikasi aplikasi klinik UPN Veteran Yogyakarta dengan hak akses yang dinamis menggunakan JSON Web TokenPerancangan/Metode/Pendekatan : Penelitian ini melalui beberapa tahap, dimulai dari pengumpulan data, analisis kebutuhan sistem, perancangan, implementasi, dan pengujian sistem.Hasil: JSON Web Token dengan klasifikasi hak akses yang dinamis.Keaslian / state of the art: Penelitian yang menerapkan pemecahan hak akses pada JSON Web Token (JWT) dan bukan hanya ditujukan pada pengguna yang memiliki kesamaan hak akses belum pernah dijelaskan sebelumnya

Implementasi Protokol OAuth 1.0 Sebagai Autentikasi pada Aplikasi SMS Blast Berbasis Android

Keamanan dalam pertukaran data pada aplikasi mobile berbasis Android merupakan sebuah hal penting yang perlu dilakukan. Pada penelitian ini telah dikembangkan sebuah aplikasi SMS Blast berbasis Android yang menggunakan protokol OAuth 1.0 sebagai sebuah model autentikasi client-server untuk mengamankan pengambilan data nomor telepon melalui web service berbasis RESTful. Data nomor telepon yang digunakan adalah  nomor  telepon  alumni  Unsyiah  yang  diperoleh dari  database  Exit  Survey  CDC  Unsyiah.  Untuk pengambilan data disiapkan sebuah Application Programming Interface (API) berbasis RESTful yang selanjutnya proses pertukaran data diamankan dengan menggunakan protokol OAuth 1.0. Dengan mengimplementasikan protokol autentikasi OAuth diharapkan dapat mengurangi kemungkinan serangan dan pencurian data

Stateless Authentication with JSON Web Tokens using RSA-512 Algorithm

Today's technology needs are getting higher, one of the technologies that continues to grow now is Web Service (WS). WS can increase service flexibility on a system. However, security at WS is one of the things that needs attention. One effort to overcome this problem is JWT (JSON Web Token). JWT is one of the authentication mechanisms in WS, with a standard signature algorithm, HMAC SHA256, RSA-256 or ECDSA. In this research we will discuss the performance of JWT RSA-512 which is implemented on SOAP and RESTful. Because based on previous research the speed performance of the 512-bit algorithm is better, but it is not yet known if applied to JWT. The test results show that the speed of the JWT RSA-512 token on the RESTful process is superior to 24.69% compared to SOAP. Then the speed of the authentication of JWT RSA-512 tokens, RESTful is superior to 11.64% compared to SOAP. Whereas in testing the size of JWT RSA-512 generated tokens, RESTful is only 1.25% superior to SOAP.Today's technology needs are getting higher, one of the technologies that continues to grow now is Web Service (WS). WS can increase service flexibility on a system. However, security at WS is one of the things that needs attention. One effort to overcome this problem is JWT (JSON Web Token). JWT is one of the authentication mechanisms in WS, with a standard signature algorithm, HMAC SHA256, RSA-256 or ECDSA. In this research we will discuss the performance of JWT RSA-512 which is implemented on SOAP and RESTful. Because based on previous research the speed performance of the 512-bit algorithm is better, but it is not yet known if applied to JWT. The test results show that the speed of the JWT RSA-512 token on the RESTful process is superior to 24.69% compared to SOAP. Then the speed of the authentication of JWT RSA-512 tokens, RESTful is superior to 11.64% compared to SOAP. Whereas in testing the size of JWT RSA-512 generated tokens, RESTful is only 1.25% superior to SOAP

JSON Web Token (JWT) untuk Authentication pada Interoperabilitas Arsitektur berbasis RESTful Web Service

Permasalahan donor darah merupakan masalah disetiap negara, termasuk di Indonesia. Walaupun sudah ada sistem di Palang Merah Indonesia (PMI) namun belum bisa mengatasi permasalahan pencarian maupun distribusi donor darah. Sesuai trend sekarang di jaman gadget yaitu maraknya penggunaan Android, maka untuk mengatasi masalah ini diperlukan aplikasi berbasis Android. Sementara untuk integrasi dengan sistem yang sudah ada diperlukan web service sebagai backend system sehingga layanan donor darah dapat diakses oleh berbagai platform. Arsitektur yang digunakan pada web service menggunakan REST, namun masih ada beberapa masalah pada REST yaitu mengenai keamanan pada proses otentikasi. Pada arsitektur REST diperlukan metode otentikasi yang tidak bernegara (stateless), salah satunya dapat menggunakan JSON Web Token. Hasil penelitian ini menunjukan bahwa penggunaan JSON Web Token Authentication pada Web Service and Backend System Blood Donors dapat membentuk sistem yang sangat skalabel, aman, mampu berinteraksi multi-platform serta dapat diandalkan

An Evaluation of Page Token in OpenID Single Sign on (SSO) to Thwart Phishing Attack

Single Sign-on (SSO) was introduced to overcome the issue of password memorability among users as researches have shown that users struggle to cope with too many sets of password as number of account increases. This is due to SSO relies on the usage of single authentication that allows users to access to multiple websites or services. As much as it has managed to solve the memorability issue to certain extend, users were found to have skeptical in its adoption due to security concerns. Among common issues of SSO is that it is prone to several attacks like spam, link manipulation, session hacking and particularly phishing. Despite of many efforts been placed to overcome phishing attack with regards to SSO, the effectiveness of the proposed solutions are yet to be proven by conducting extensive evaluation. Thus, this study intends to conduct an evaluation on a particular solution of phishing attack call page token. Page token was proposed recently which was claimed to be able to mitigate the issue of phishing attack with regards to SSO application. The evaluation involved a control laboratory experiment with participants being recruited to experience the usage of page token as a protection mechanism against phishing attack. The results showed are promising along with several suggestions given for further enhancement

An evaluation of page token in OpenID Single Sign on (SSO) to thwart phishing attack

Single Sign-on (SSO) was introduced to overcome the issue of password memorability among users as researches have shown that users struggle to cope with too many sets of password as number of account increases. This is due to SSO relies on the usage of single authentication that allows users to access to multiple websites or services. As much as it has managed to solve the memorability issue to certain extend, users were found to have skeptical in its adoption due to security concerns. Among common issues of SSO is that it is prone to several attacks like spam, link manipulation, session hacking and particularly phishing. Despite of many efforts been placed to overcome phishing attack with regards to SSO, the effectiveness of the proposed solutions are yet to be proven by conducting extensive evaluation. Thus, this study intends to conduct an evaluation on a particular solution of phishing attack call page token. Page token was proposed recently which was claimed to be able to mitigate the issue of phishing attack with regards to SSO application. The evaluation involved a control laboratory experiment with participants being recruited to experience the usage of page token as a protection mechanism against phishing attack. The results showed are promising along with several suggestions given for further enhancement

A page token prototype of OpenID single sign-on (SSO) to thwart phishing attack

Single Sign-on (SSO) authentication was introduced to overcome the problem of password memorability issue by enabling the users to login once using a set of username and password that allows an access into multiple websites.Among several SSO protocol, OpenID is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack due to lack of countermeasures to ensure authenticity of OpenID provider. In view of the proliferation of phishing attack that exposed users to fraud website, information theft and unauthorized disclosure, this study attempts to identify and propose a suitable countermeasure in order to thwart phishing attack in OpenID environment. Therefore, this study intends to develop a prototype that implements Page Token in order to mitigate phishing attack.The findings revealed that the Page Token is possible to minimize the potential risk of phishing attack