Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application

Authors

  • Marsha Chikita Intania Putri Telkom University, Bandung
  • Parman Sukarno Telkom University, Bandung
  • Aulia Arif Wardana Telkom University, Bandung

DOI:

https://doi.org/10.26594/register.v6i2.1932

Keywords:

authentication, blockchain, ethereum, third-party, web

Abstract

Authentication is a method for securing an account by verifying the user identity by inputting email with a password. Two factor authentications is an authentication system that combines the first-factor authentication with the second factor. General two factor authentication by entering an email or username with a password are similar. However, two factor authentication requires additional information that must be inputted by the user. Additional information can be in the form of tokens or one-time passwords (OTP). Two factor authentications generally still uses third-party services to generate token or OTP still have vulnerable because can attacked from tokens steal through MITM and found that the generated tokens with the same value. Therefore, we propose a two-factor authentication framework based on ethereum blockchain with dApp as token generation system. Firstly, outcome from the analysis of the system, next succeeded in creating a two-factor authentication system without using third-parties. Second, token system generate up to 3164 different tokens  in one second and has been collisions tested. Third, security method to protect token from MITM attack. The attacker unable to get access caused all the checking are done by dApp user authentication.

Author Biographies

Marsha Chikita Intania Putri, Telkom University, Bandung

Department of Informatics Engineering

Parman Sukarno, Telkom University, Bandung

Department of Informatics Engineering

Aulia Arif Wardana, Telkom University, Bandung

Department of Informatics Engineering

References

D. DeFigueiredo, "The Case for Mobile Two-Factor Authentication," IEEE Security & Privacy, vol. 9, no. 5, pp. 81-85, 2011.

E. Alharbi and D. Alghazzawi, "Two Factor Authentication Framework Using OTP-SMS Based on Blockchain," Transactions on Machine Learning and Artificial Intelligence, vol. 7, no. 3, pp. 17-27, 2019.

R. Gupta, Hands-On Cybersecurity with Blockchain: Implement DDoS protection, PKI-based identity, 2FA, and DNS security using Blockchain, Birmingham, UK: Packt, 2018.

J. Song, D. Wang, Z. Yun and X. Han, "Alphapwd: A Password Generation Strategy Based on Mnemonic Shape," IEEE Access, vol. 7, pp. 119052-119059, 2019.

H.-M. Sun, Y.-H. Chen and Y.-H. Lin, "oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks," IEEE Transactions on Information Forensics and Security, vol. 7, no. 2, pp. 651-663, 2012.

J. Yan, A. Blackwell, R. Anderson and A. Grant, "Password Memorability and Security: Empirical Results," IEEE Security & Privacy, vol. 2, no. 5, pp. 25-31, 2004.

M. Shirvanian, N. Saxena, S. Jarecki and H. Krawczyk, "Building and Studying a Password Store that Perfectly Hides Passwords from Itself," IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 5, pp. 770-782, 2019.

A. D. Yulianto, P. Sukarno, A. A. Warrdana and M. A. Makky, "Mitigation of Cryptojacking Attacks Using Taint Analysis," in 4th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Yogyakarta, Indonesia, 2019.

A. A. Wardana and R. S. Perdana, "Access Control on Internet of Things based on Publish/Subscribe using Authentication Server and Secure Protocol," in 10th International Conference on Information Technology and Electrical Engineering (ICITEE), Kuta, Indonesia, 2018.

A. Rauf, M. Faiqurahman and D. R. Akbi, "Secure random port list generator pada mekanisme autentikasi dengan menggunakan Port Knocking dan Secure Socket Layer," Register: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 4, no. 2, pp. 103-113, 2018.

V. Amrutiya, S. Jhamb, P. Priyadarshi and A. Bhatia, "Trustless Two-Factor Authentication Using Smart Contracts in Blockchains," in International Conference on Information Networking (ICOIN), Kuala Lumpur, Malaysia, 2019.

S. M. Danish, M. Lestas, W. Asif, H. K. Qureshi and M. Rajarajan, "A Lightweight Blockchain Based Two Factor Authentication Mechanism for LoRaWAN Join Procedure," in IEEE International Conference on Communications Workshops (ICC Workshops), Shanghai, China, 2019.

L. Wu, X. Du, W. Wang and B. Lin, "An Out-of-band Authentication Scheme for Internet of Things Using Blockchain Technology," in International Conference on Computing, Networking and Communications (ICNC), Maui, HI, USA, 2018.

W.-S. Park, D.-Y. Hwang and K.-H. Kim, "A TOTP-Based Two Factor Authentication Scheme for Hyperledger Fabric Blockchain," in Tenth International Conference on Ubiquitous and Future Networks (ICUFN), Prague, Czech Republic, 2018.

A. Shahnaz, U. Qamar and A. Khalid, "Using Blockchain for Electronic Health Records," IEEE Access, vol. 7, pp. 147782-147795, 2019.

C. Lin, D. He, N. Kumar, X. Huang, P. Vijayakumar and K.-K. R. Choo, "HomeChain: A Blockchain-Based Secure Mutual Authentication System for Smart Homes," IEEE Internet of Things Journal, vol. 7, no. 2, pp. 818-829, 2020.

R. Shrestha and S. Y. Nam, "Regional Blockchain for Vehicular Networks to Prevent 51% Attacks," IEEE Access, vol. 7, pp. 95033-95045, 2019.

S. Sayeed, H. Marco-Gisbert and T. Caira, "Smart Contract: Attacks and Protections," IEEE Access, vol. 8, pp. 24416-24427, 2020.

W. Cai, Z. Wang, J. B. Ernst, Z. Hong, C. Feng and V. C. M. Leung, "Decentralized Applications: The Blockchain-Empowered Software System," IEEE Access, vol. 6, pp. 53019-53033, 2018.

S. R. Niya, F. Schupfer, T. Bocek and B. Stiller, "A Peer-to-peer Purchase and Rental Smart Contract-based Application (PuRSCA)," it - Information Technology, vol. 60, no. 5, pp. 307-320, 2018.

Q. Xu, Z. He, Z. Li, M. Xiao, R. S. M. Goh and Y. Li, "Chapter 8 - An effective blockchain-based, decentralized application for smart building system management," Real-Time Data Analytics for Large Scale Sensor Data, vol. 6, pp. 157-181, 2020.

A. Esfahani, G. Mantas, J. Ribeiro, J. Bastos, S. Mumtaz, M. A. Violas, A. M. D. O. Duarte and J. Rodriguez, "An Efficient Web Authentication Mechanism Preventing Man-In-The-Middle Attacks in Industry 4.0 Supply Chain," IEEE Access, vol. 7, pp. 58981-58989, 2019.

C. Li, Z. Qin, E. Novak and Q. Li, "Securing SDN Infrastructure of IoT–Fog Networks From MitM Attacks," IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1156-1164, 2017.

M. Agarwal, S. Biswas and S. Nandi, "Advanced Stealth Man-in-The-Middle Attack in WPA2 Encrypted Wi-Fi Networks," IEEE Communications Letters, vol. 19, no. 4, pp. 581-584, 2015.

Y. Zheng and W. Wu, "Security of Khudra Against Meet-in-the-Middle-Type Cryptanalysis," Chinese Journal of Electronics, vol. 28, no. 3, p. 482–488, 2019.

M. Conti, N. Dragoni and V. Lesyk, "A Survey of Man In The Middle Attacks," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027-2051, 2016.

G. Oliva, S. Cioabă and C. N. Hadjicostis, "Distributed Calculation of Edge-Disjoint Spanning Trees for Robustifying Distributed Algorithms Against Man-in-the-Middle Attacks," IEEE Transactions on Control of Network Systems, vol. 5, no. 4, pp. 1646-1656, 2018.

F. Ahmad, F. Kurugollu, A. Adnane, R. Hussain and F. Hussain, "MARINE: Man-in-the-Middle Attack Resistant Trust Model in Connected Vehicles," IEEE Internet of Things Journal, vol. 7, no. 4, pp. 3310-3322, 2020.

M. S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli and M. H. Rehmani, "Applications of Blockchains in the Internet of Things: A Comprehensive Survey," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1676-1717, 2019.

Y. Hu, A. Manzoor, P. Ekparinya, M. Liyanage, K. Thilakarathna, G. Jourjon and A. Seneviratne, "A Delay-Tolerant Payment Scheme Based on the Ethereum Blockchain," IEEE Access, vol. 7, pp. 33159-33172, 2019.

S. Guo, X. Hu, S. Guo, X. Qiu and F. Qi, "Blockchain Meets Edge Computing: A Distributed and Trusted Authentication System," IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 1972-1983, 2020.

Downloads

Published

2020-06-03

How to Cite

[1]
M. C. I. Putri, P. Sukarno, and A. A. Wardana, “Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application”, Register: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 6, no. 2, pp. 74–85, Jun. 2020.

Issue

Section

Article