IMPLEMENTASI TWO FACTOR AUTHENTICATION DAN PROTOKOL ZERO KNOWLEDGE PROOF PADA SISTEM LOGIN

Willy Sudiarto Raharjo, Ignatia Dhian E.K. Ratri, Henry Susilo

Abstract


Abstract — This paper describes a login system utilizing Two Factor Authentication and Zero Knowledge Proof using Schnorr NIZK. The proposed system is designed to prevent password leak when being sent over insecure network or when used in an untrusted devices. Zero Knowledge Proof is used  for maintaining the confidentiality of the password and Two Factor Authentication is used to secure login process on untrusted devices. The proposed system has been tested and initial results indicates that such system is able to secure the login process without leaking the user’s password.

 

Keywords— Authentication, Security, Two Factor Authentication, Password, Zero Knowledge Proof


Full Text:

PDF

References


(2010) Website Firesheep [Online]. Tersedia: https://codebutler.github.com/firesheep

(2009) Website Proyek SSLStrip [Online]. Tersedia: https://github.com/moxie0/sslstrip

S. Renfro (2013) “Secure browsing by default” [Online]. Tersedia: https://www.facebook.com/notes/facebook-engineering/secure-browsing-by-default/10151590414803920/

S. Schillace (2010) "Default https access for Gmail" [Online]. Tersedia: https://gmail.googleblog.com/2010/01/default-https-access-for-gmail.html.

N. Lidzborski (2014) “Staying at the forefront of email security and reliability: HTTPS-only and 99.978% availability” [Online]. Tersedia: https://gmail.googleblog.com/2014/03/staying-at-forefront-of-email-security.html

B. Möller, et al. (2014) “This POODLE Bites: Exploiting The SSL 3.0 Fallback” [Online]. Tersedia: https://www.openssl.org/~bodo/ssl-poodle.pdf.

T. Duong (2011) “BEAST” [Online]. Tersedia: https://vnhacker.blogspot.co.id/2011/09/beast.html

B. Beurdouche, et al (Mei, 2015) “A Messy State of the Union: Taming the Composite State Machines of TLS” dalam IEEE Symposium on Security and Privacy [Online]. Tersedia: http://www.ieee-security.org/TC/SP2015/papers-archived/6949a535.pdf

D. Adrian, et al (Oktober, 2015) “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice” dalam 22nd ACM Conference on Computer and Communications Security (CCS ’15) [Online]. Tersedia: https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

N. Aviram, et al (Agustus, 2016) “DROWN: Breaking TLS using SSLv2” dalam 25th USENIX Security Symposium [Online]. Tersedia: https://drownattack.com/drown-attack-paper.pdf

(2014) Website Heartbleed Bug [Online]. Tersedia: http://heartbleed.com/

(2017) Website SSL Pulse [Online]. Tersedia: https://www.trustworthyinternet.org/ssl-pulse/

M. De Soete (2011), “Two-Factor Authentication,” dalam Encyclopedia of Cryptography and Security, Springer US, hal. 1341.

N. Shah (2011) “Advanced sign-in security for your Google account” [Online]. Tersedia: https://gmail.googleblog.com/2011/02/advanced-sign-in-security-for-your.html

Jimio (2013) “Getting started with login verification” [Online]. Tersedia: https://blog.twitter.com/2013/getting-started-with-login-verification

A. Song (2011) “Introducing Login Approvals” [Online]. Tersedia: https://www.facebook.com/notes/facebook-engineering/introducing-login-approvals/10150172618258920/

Feige, U., et al. (1988) “Zero-knowledge proofs of identity” dalam Journal of Cryptology Vol 1, Issue 2, hal 77.

S. Goldwasser, et al (Desember 1985) “The knowledge complexity of interactive proof-systems” dalam STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing, hal. 291-304.

U. Feige, et al (Juni 1988), “Zero-knowledge proofs of identity” dalam Jurnal of Cryptology, Springer, 1: 77. doi:10.1007/BF02351717

T.N. Situngkir “Implementasi zero knowledge proof dengan feige fiat shamir dan quadratic linear congruential generator” Skripsi, Ilmu Komputer, Universitas Sumatera Utara, Medan, Indonesia, 2013

D. Raffo, “Digital certificates and the feige-fiat shamir zero knowledge protocol. France : Traineeship report, 2012.

J. Katz dan Y. Lindel, “Introduction to Modern Cryptography”, Boca Raton, FL: CRC Press, 2015.

J.S. Kraft, L.C. Washington, “An Introduction to Number Theory with Cryptography”, Boca Raton, FL: CRC Press, 2014

F. Hao (2016) “Schnorr NIZK Proof: Non-interactive Zero Knowledge Proof for Discrete Logarithm version 5” [Online]. Tersedia: https://tools.ietf.org/html/draft-hao-schnorr-05

W.S. Raharjo dan D. Susanti, “Implementasi Zero Knowledge Proof Menggunakan Protokol Feige Fiat Shamir Untuk Verifikasi Tiket Rahasia” Jurnal ULTIMATICS UMN, Vol 2, No 2, 2015, hal 91-97.

M. Stamp, “Information Security: Principles and Practices” San Jose, CA: Wiley, 2011, hal 276.

J.S., Railton, K. Kleemola (2015) “London Calling: Two-Factor Authentication Phishing From Iran” [Online]. Tersedia: https://citizenlab.org/2015/08/iran_two_factor_ phishing/

J. Lang, et al (Februari, 2016) “Security Keys: Practical Cryptographic Second Factors for the Modern Web” dalam Financial Cryptography and Data Security 2016 [Online]. Tersedia: http://fc16.ifca.ai/preproceedings/25_Lang.pdf

B. Hill (Januari, 2017) “Security Key for safer logins with a touch” [Online]. Tersedia: https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766/

M. Coates (Juni, 2016) “Keeping your account safe” [Online]. Tersedia: https://blog.twitter.com/2016/keeping-your-account-safe

Neil H. (Februari, 1994) "The S/KEY One-Time Password System", Proceedings of the ISOC Symposium on Network and Distributed System Security, San Diego, CA

N. Haller, (1995) "The S/KEY One-Time Password System", RFC 1760 [Online]. Tersedia https://tools.ietf.org/html/rfc1760.

L. Lamport (November, 1981) "Password Authentication with Insecure Communication" dalam Communications of the ACM 24.11 hal. 770-772

D. M'Raihi, et al (Desember, 2005) “HOTP: An HMAC-Based One-Time Password Algorithm” RFC 4226 [Online]. Tersedia https://tools.ietf.org/html/rfc4226

D. M'Raihi, et al (Mei, 2011) “TOTP: Time-Based One-Time Password Algorithm” RFC 6238 [Online]. Tersedia https://tools.ietf.org/html/rfc6238

(2017) Website Let’s Encrypt [Online]. Tersedia https://letsencrypt.org/

(2017) Website Proyek Certbot [Online]. Tersedia https://github.com/certbot/certbot/

R. Nikhil (2013) “Two Factor Authentication Using Mobile Phones” dalam ASM International of E-Journal of Ongoing Research in Management and IT, INCON13 [Online]. Tersedia: https://pdfs.semanticscholar.org/b607/ef444fe10250fa1a3c42f09dc02c4c4ed6b5.pdf

K.P., Kaliyamurthie dan D. Parameswari (Desember 2011) “Two Factor Authentication Using Mobile Phones” International Journal of Computer Trends and Technology (IJCTT), vol 2, issue 2 number 4 [Online]. Tersedia: http://www.ijcttjournal.org/Volume2/issue-2/number-4/IJCTT-V2I2N4P3.pdf

F. Aloul, et al (Mei, 2009) “Two factor authentication using mobile phones” 2009 IEEE/ACS International Conference on Computer Systems and Applications.




DOI: http://dx.doi.org/10.28932/jutisi.v3i1.579

Refbacks

  • There are currently no refbacks.


Copyright (c) 2017 Jurnal Teknik Informatika dan Sistem Informasi