JSON Web Token Implementation for Dynamic Access Rights Authentication in Klinik Pratama UPN “Veteran” Yogyakarta Application Based on RESTful API

Tujuan: Penelitian ini dilakukan untuk mengimplementasikan autentikasi aplikasi klinik UPN Veteran Yogyakarta dengan hak akses yang dinamis menggunakan JSON Web TokenPerancangan/Metode/Pendekatan : Penelitian ini melalui beberapa tahap, dimulai dari pengumpulan data, analisis kebutuhan sistem, perancangan, implementasi, dan pengujian sistem.Hasil: JSON Web Token dengan klasifikasi hak akses yang dinamis.Keaslian / state of the art: Penelitian yang menerapkan pemecahan hak akses pada JSON Web Token (JWT) dan bukan hanya ditujukan pada pengguna yang memiliki kesamaan hak akses belum pernah dijelaskan sebelumnya

JWT (Json Web Token) sebagai Mekanisme Keamanan Web (Studi Kasus: PT. XYZ)

Penelitian ini bertujuan untuk mengamankan pengguna (Client) dari aplikasi web harus mempercayai developer aplikasi untuk mengambil tindakan pencegahan keamanan yang diperlukan. Banyak Developer aplikasi Web, di sisi lain, beranggapan bahwa aspek keamanan sangat sulit dan tidak mudah untuk dilakukan.Seiring berjalannya waktu, session dapat dengan mudah menjadi celah yang dapat dengan mudah dilewati oleh penyerang. Hal ini menyebabkan mekanisme keamanan Web yang kurang maksimal. JWT (Json Web Token) menawarkan pendekatan yang berbeda dan mampu mengatasi setiap celah yang dimiliki oleh session. JWT dapat diartikan sebagai sebuah claim yang berisikan identitas client, yang digunakan dalam proses identifikasi. JWT merupakan sarana yang mewakili klaim yang akan ditransfer antara dua pihak (dalam hal ini, client dan server). Klaim dalam sebuah JWT data dikodekan dalam objek JSON yang ditandatangani secara digital menggunakan JSON Web Signature (JWS) dan dienkripsi menggunakan JSON Web Encryption (JWE). Menggunakan JWT dapat memungkinkan penerbit token untuk membuat pernyataan tentang subjek token kepada audiens yang dimaksudkan dengan cara penerima dapat memverifikasi bahwa data yang diperoleh dibuat oleh penerbit. Kemampuan ini merupakan dasar untuk sistem identitas digital.This study aims to secure the users of the web application must trust the application developer to take the necessary safety precautions. Many Web application developers, on the other hand, assume that the security aspect is very difficult and not easy to do. Over time, the session can easily become a gap that the attacker can easily pass. This causes a less than optimal Web security mechanism, (Json Web Token) offers a different approach and is able to overcome any loopholes that the session has. can be interpreted as a claim containing the client's identity, which is used in the identification process. is a means that represents claims claims that will be transferred between two parties (in this case, client and server). Claims in a data are encoded in a JSON object digitally signed using JSON Web Signature (JWS) and encrypted using JSON Web Encryption (JWE). Using a can allow the token publisher to make a statement about the subject token to the audience which is intended by the way the recipient can verify that the data obtained is made by the publisher. This capability is the basis for a digital identity system

Stateless Authentication with JSON Web Tokens using RSA-512 Algorithm

Today's technology needs are getting higher, one of the technologies that continues to grow now is Web Service (WS). WS can increase service flexibility on a system. However, security at WS is one of the things that needs attention. One effort to overcome this problem is JWT (JSON Web Token). JWT is one of the authentication mechanisms in WS, with a standard signature algorithm, HMAC SHA256, RSA-256 or ECDSA. In this research we will discuss the performance of JWT RSA-512 which is implemented on SOAP and RESTful. Because based on previous research the speed performance of the 512-bit algorithm is better, but it is not yet known if applied to JWT. The test results show that the speed of the JWT RSA-512 token on the RESTful process is superior to 24.69% compared to SOAP. Then the speed of the authentication of JWT RSA-512 tokens, RESTful is superior to 11.64% compared to SOAP. Whereas in testing the size of JWT RSA-512 generated tokens, RESTful is only 1.25% superior to SOAP.Today's technology needs are getting higher, one of the technologies that continues to grow now is Web Service (WS). WS can increase service flexibility on a system. However, security at WS is one of the things that needs attention. One effort to overcome this problem is JWT (JSON Web Token). JWT is one of the authentication mechanisms in WS, with a standard signature algorithm, HMAC SHA256, RSA-256 or ECDSA. In this research we will discuss the performance of JWT RSA-512 which is implemented on SOAP and RESTful. Because based on previous research the speed performance of the 512-bit algorithm is better, but it is not yet known if applied to JWT. The test results show that the speed of the JWT RSA-512 token on the RESTful process is superior to 24.69% compared to SOAP. Then the speed of the authentication of JWT RSA-512 tokens, RESTful is superior to 11.64% compared to SOAP. Whereas in testing the size of JWT RSA-512 generated tokens, RESTful is only 1.25% superior to SOAP

Enhancing Data Security: A Comprehensive Study on the Efficacy of JSON Web Token (JWT) and HMAC SHA-256 Algorithm for Web Application Security

In today's digital era, data security is a very important aspect in various applications and services. In order to protect the integrity, confidentiality and authentication of data, security technologies such as JSON Web Token (JWT) and HMAC SHA256 algorithm are widely used. JWT is an open standard (RFC 7519) that is used to represent information in the form of tokens that can be signed digitally. The research methodology used in this research is a descriptive research method. The descriptive method is a method that describes the purpose of the data collected and records every aspect of the situation being investigated to get a clear picture of what is needed. It was found that there were several data leaks when data security was not implemented in layers, including cases that had occurred such as loss of important data contained in the website and leaks of important data which caused identities to be spread widely. Conclusions from the use of JSON Web Token (JWT) and HMAC-SHA-256 algorithm for website security is that this combination provides a strong layer of protection against security threats that are common in the online environment

Evaluating the performance of novel JWT revocation strategy

JSON Web Tokens (JWT) provide a scalable, distributed way of user access control for modern web-based systems. The main advantage of the scheme is that the tokens are valid by themselves – through the use of digital signing – also imply its greatest weakness. Once issued, there is no trivial way to revoke a JWT token. In our work, we present a novel approach for this revocation problem, overcoming some of the problems of currently used solutions. To compare our solution to the established solutions, we also introduce the mathematical framework of comparison, which we ultimately test using real-world measurements

Pengembangan Aplikasi Evaluasi Dosen Berbasis Android dengan Keamanan Json Web token (JWT)

Pengembangan aplikasi ini dilatarbelakangi oleh penilaian kinerja pegawai yang merupakan kegiatan umum untuk dilakukan sebagai bahan evaluasi terhadap performa dan kinerja pegawai dengan tujuan peningkatan mutu pegawai dalam hal ini adalah peningkatan kinerja dosen di pendidikan tinggi. Kurangnya efektifitas dan efisiensi dalam melakukan kegiatan evaluasi dosen yang hanya dapat dilakukan melalui web inilah yang mendasari dilakukannya perancangan aplikasi evaluasi dosen berbasis android. Proses dalam pembuatan aplikasi android adalah pada sisi keamanan data web servicenya. Untuk meningkatkan keamanan dalam lingkungan android dan web service akan memanfaatkan metode JSON Web token (JWT) yang berguna untuk melakukan pertukaran data dengan memanfaatkan token. Serta dari hasil perancangan aplikasi evaluasi dosen berbasis android dengan keamanan Json Web token (JWT) ini adalah aplikasi android yang memberikan efisiensi dan efektifitas bagi mahasiswa dalam melakukan proses evaluasi terhadap dosen. Dari hasil pengujian yang telah dilakukan, membuktikan bahwa mulai dari menampilkan halaman login sampai dengan keluar aplikasi evaluasi dosen dapat dilakukan dengan baik dengan status berhasil. Serta dalam hasil implementasi dan pengujian aplikasi maka dapat diambil kesimpulan pengembangan web service dapat dipergunakan untuk mengintegrasikan sistem aplikasi evaluasi dosen berbasis android dengan sistem yang sudah ada dan dengan keamanan JWT pada web service membantu proses pertukaran data lebih terjamin keamanannya

A security analysis of authentication and authorization implemented in web applications based on the REST architecture

The purpose of this article is to prepare a security analysis of authentication and authorization mechanisms in web applications based on the REST architecture. The article analyzes the problems encountered during the implementation of the JSON Web Token (JWT) mechanism. The article presents examples of problems related to the implementation of authorization and authentication, and presents good practices that help ensure application security