Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application
| Main Authors: | Putri, Marsha Chikita Intania, Sukarno, Parman, Wardana, Aulia Arif |
|---|---|
| Other Authors: | Department of Informatics Engineering, Telkom University |
| Format: | Article info application/pdf eJournal |
| Bahasa: | eng |
| Terbitan: |
Information Systems - Universitas Pesantren Tinggi Darul Ulum
, 2020
|
| Subjects: | |
| Online Access: |
http://journal.unipdu.ac.id:8080/index.php/register/article/view/1932 http://journal.unipdu.ac.id:8080/index.php/register/article/view/1932/pdf http://journal.unipdu.ac.id:8080/index.php/register/article/downloadSuppFile/1932/226 http://journal.unipdu.ac.id:8080/index.php/register/article/downloadSuppFile/1932/227 |
Daftar Isi:
- Authentication is a method for securing an account by verifying the user identity by inputting email with a password. Two factor authentications is an authentication system that combines the first-factor authentication with the second factor. General two factor authentication by entering an email or username with a password are similar. However, two factor authentication requires additional information that must be inputted by the user. Additional information can be in the form of tokens or one-time passwords (OTP). Two factor authentications generally still uses third-party services to generate token or OTP still have vulnerable because can attacked from tokens steal through MITM and found that the generated tokens with the same value. Therefore, we propose a two-factor authentication framework based on ethereum blockchain with dApp as token generation system. Firstly, outcome from the analysis of the system, next succeeded in creating a two-factor authentication system without using third-parties. Second, token system generate up to 3164 different tokens in one second and has been collisions tested. Third, security method to protect token from MITM attack. The attacker unable to get access caused all the checking are done by dApp user authentication.