Block-hash of blockchain framework against man-in-the-middle attacks

Imam Riadi(1), Rusydi Umar(2), Iqbal Busthomi(3*), Arif Wirawan Muhammad(4),

(1) Universitas Ahmad Dahlan
(2) Universitas Ahmad Dahlan
(3) Universitas Ahmad Dahlan
(4) Universiti Tun Hussein Onn Malaysia
(*) Corresponding Author
Imam Riadi
Rusydi Umar
Iqbal Busthomi
Arif Wirawan Muhammad

Abstract


Payload authentication is vulnerable to Man-in-the-middle (MITM) attack. Blockchain technology offers methods such as peer to peer, block hash, and proof-of-work to secure the payload of authentication process. The implementation uses block hash and proof-of-work methods on blockchain technology and testing is using White-box-testing and security tests distributed to system security practitioners who are competent in MITM attacks. The analyisis results before implementing Blockchain technology show that the authentication payload is still in plain text, so the data confidentiality has not minimize passive voice. After implementing Blockchain technology to the system, white-box testing using the Wireshark gives the result that the authentication payload sent has been well encrypted and safe enough. The percentage of security test results gets 95% which shows that securing the system from MITM attacks is relatively high. Although it has succeeded in securing the system from MITM attacks, it still has a vulnerability from other cyber attacks, so implementation of the Blockchain needs security improvisation.

Keywords


authentication; Man-in-the-middle attacks; blockchain technology; block-hash; payload

Full Text:

PDF

References


[1] I. Riadi, I. T. R. Yanto and E. Handoyo, "Analysis of academic service cybersecurity in university based on framework COBIT 5 using CMMI," IOP Conf. Series: Materials Science and Engineering, vol. 821, 2020.

[2] A. D. Kozlov and N. L. Noga, "Risk Management for Information Security of Corporate Information Systems Using Cloud Technology," in 2018 Eleventh International Conference "Management of large-scale system development" (MLSD), Moscow, Russia, 2018.

[3] M. Trnka, T. Cerny and N. Stickney, "Survey of Authentication and Authorization for the Internet of Things," Security and Communication Networks, 2018.

[4] I. Riadi, R. Umar and A. Sugandi, "Web Forensic on Kubernetes Cluster Services Using Grr Rapid Response Framework," International Journal of Scientific & Technology Research, vol. 9, no. 1, pp. 3484-3488, 2020.

[5] Y. Zhao, S. Li and L. Jiang, "Secure and Efficient User Authentication Scheme Based on Password and Smart Card for Multiserver Environment," Security and Communication Networks, 2018.

[6] Y. Park, K. Park and Y. Park, "Secure user authentication scheme with novel servermutual verification for multiserver environments," International Journal of Communication Systems, vol. 32, 2019.

[7] O. A. Simon, U. I. Bature, K. I. Jahun and N. M. Tahir, "Electronic doorbell system using keypad and GSM," International Journal of Informatics and Communication Technology, vol. 9, no. 3, pp. 212-220, 2020.

[8] A. O. Christiana, A. N. Oluwatobi, G. A. Victory and O. R. Oluwaseun, "A Secured One Time Password Authentication Technique using (3, 3) Visual Cryptography Scheme," IOP Conf. Series: Journal of Physics: Conf. Series, vol. 1299, 2019.

[9] A. Bánáti, E. Kail, K. Karóczkai and M. Kozlovszky, "Authentication and authorization orchestrator for microservice-based software architectures," 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2018, pp. 1180-1184.

[10] I. Riadi, R. Umar and A. Sugandi, "Web Forensic on Container Services Using GRR Rapid Response Framework," Scientific Journal of Informatics, vol. 7, no. 1, 2020.

[11] P. Chandrakar and H. Om, "RSA Based Two-factor Remote User Authentication Scheme with User Anonymity," Procedia Computer Science, vol. 70, pp. 318-324, 2015.

[12] R. A. Megantara, F. A. Rafrastara and S. N. Mahendra, "A combination of Hill CIPHER-LSB inRGB image encryption," Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, vol. 4, no. 3, 2019.

[13] S. Zhu, C. Zhu, W. Wang, "A New Image Encryption Algorithm Based on Chaos and Secure Hash SHA-256," Entropy, vol. 20, no. 9, pp. 716, 2018.

[14] A. R. Chordiya, S. Majumder and A. Y. Javaid, "Man-in-the-Middle (MITM) Attack Based Hijacking of HTTP Traffic Using Open Source Tools," 2018 IEEE International Conference on Electro/Information Technology (EIT), 2018, pp. 0438-0443.

[15] R. A. S. K. B. Ofori-Amanfo, G. A. Mills and K. M. Koumadi, "Detection and Prevention of Man-in-the-Middle Spoofing Attacks in MANETs Using Predictive Techniques in Artificial Neural Networks (ANN)," Journal of Computer Networks and Communications, 2019.

[16] A. Mallik, A. Ahsan, M. M. Z. Shahadat and J. C. Tsou, "Understanding Man-in-the-middle-attack through Survey of Literature," Indonesian Journal of Computing, Engineering, and Design, vol. 1, no. 1, pp. 44-56, 2019.

[17] P. Radhika., G. Ramya., K. Sadhana and R. Salini., "Defending Man In The Middle Attacks," International Research Journal of Engineering and Technology (IRJET), vol. 4, no. 3, 2017.

[18] A. Mallik, "Man-in-the-Middle-Attack: Understanding in Simple Words," Cyberspace: Jurnal Pendidikan Teknologi Informasi, vol. 2, no. 2, pp. 109-134, 2018.

[19] W. Stallings, Cryptography and Network Security, 4th ed., Prentice-Hall, 2005.

[20] C. Harris, "The History of Bitcoin," Crypto Currency News, 21 2 2018. [Online]. Available: https://cryptocurrencynews.com/the-history-of-bitcoin/.

[21] R. C. Noorsanti, H. Yulianton and K. Hadiono, "Blockchain-Teknologi Mata Uang Kripto (Crypto Currency)," in Proceeding SENDI_U, 2018.

[22] D. Efanov and P. Roschin, "The All-Pervasiveness of the Blockchain Technology," Procedia Computer Science, vol. 123, pp. 116-121, 2018.

[23] K. Salah, M. H. U. Rehman, N. Nizamuddin and A. Al-Fuqaha, "Blockchain for AI: Review and Open Research Challenges," IEEE Access, vol. 7, pp. 10127-10149, 2019.

[24] R. Zhang, R. Xue and L. Liu, "Security and Privacy on Blockchain," ACM Computing Surveys, vol. 52, no. 3, 2019.

[25] W. Pourmajidi and A. Miranskyy, "Logchain: Blockchain-Assisted Log Storage," in 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), 2018.

[26] S. Barjtya, A. Sharma and U. Rani, "A detailed study of Software Development Life Cycle (SDLC) Models," International Journal Of Engineering And Computer Science, vol. 6, pp. 22097-22100, 2017.

[27] M. M. Syaikhuddin, C. Anam, A. R. Rinaldi and M. E. B. Conoras, "Conventional Software Testing Using White Box Method," KINETIK, vol. 3, no. 1, pp. 65-72, 2018.

[28] P. X. Mai, F. Pastore, A. Goknil and L. Briand, "Metamorphic Security Testing for Web Systems," in 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), 2020.

[29] L. Zhou, C. Su, Y. Wen, W. Li, and Z. Gong, "Towards practical white-box lightweight block cipher implementations for IoTs," Future Generation Computer Systems, vol. 86, pp. 507-514, 2018..

[30] P. Navabud and C. Chen, "Analyzing the Web Mail Using Wireshark," 2018 14th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), 2018, pp. 1237-1239.




DOI: https://doi.org/10.26594/register.v8i1.2190

Article metrics

Abstract Abstract views : 0times
PDF views : 0 times

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 Imam Riadi, Rusydi Umar, Iqbal Busthomi, Arif Wirawan Muhammad

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.


Indexed in:

                          


 


This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International  License