Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer
Nico F. Sitorus
Fakultas Ilmu Komputer, Universitas Brawijaya
Computer Science & IT Control & Systems Engineering Education Electrical & Electronics Engineering Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Implementasi Autentikasi Berbasis Token Menggunakan Platform-Agnostic Security Tokens (PASETO) Sebagai Mekanisme Autentikansi RESTful API Nico F. Sitorus; Ari Kusyanti; Adhitya Bhawiyuga
Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer Vol 4 No 11 (2020): November 2020
Publisher : Fakultas Ilmu Komputer (FILKOM), Universitas Brawijaya

Show Abstract | Download Original | Original Source | Check in Google Scholar

Abstract

RESTful API is a client-server communication architecture standard for web services, but low in terms of security. RESTful API data security uses authentication to limit access to the API by not saving the session state, so that token-based authentication is required which is sent via a request header such as JSON Web Token (JWT). JWT tokens can be forged by exploiting None algorithm, utilizing JWT mechanism which always believes in token's header that contains token's algorithm used, and using HMAC algorithm which was already to be exploited. Token forgery can be overcome by not using None algorithm and changing JWT's mechanism. JWT's mechanism can be replaced with a standard that only provides the version and purpose of the cryptographic protocol used and always compares the version and purpose of the cryptographic protocol used with the token's header had sent. HMAC algorithm can be replaced with BLAKE2b algorithm. Its power equivalent to SHA-3, but faster than SHA-1 and MD5. PASETO also uses XChaCha20-Poly1305 algorithm for encryption and Ed25519 algorithm for signatures. PASETO can be implemented using python, using a wrapper for Libsodium library so that it can be used in python, and childprocess with nodeJS.
Co-Authors Adhitya Bhawiyuga ari kusyanti