Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application

Authors

  • Marsha Chikita Intania Putri Telkom University, Bandung
  • Parman Sukarno Telkom University, Bandung
  • Aulia Arif Wardana Telkom University, Bandung

DOI:

https://doi.org/10.26594/register.v6i2.1932

Keywords:

authentication, blockchain, ethereum, third-party, web

Abstract

Authentication is a method for securing an account by verifying the user identity by inputting email with a password. Two factor authentications is an authentication system that combines the first-factor authentication with the second factor. General two factor authentication by entering an email or username with a password are similar. However, two factor authentication requires additional information that must be inputted by the user. Additional information can be in the form of tokens or one-time passwords (OTP). Two factor authentications generally still uses third-party services to generate token or OTP still have vulnerable because can attacked from tokens steal through MITM and found that the generated tokens with the same value. Therefore, we propose a two-factor authentication framework based on ethereum blockchain with dApp as token generation system. Firstly, outcome from the analysis of the system, next succeeded in creating a two-factor authentication system without using third-parties. Second, token system generate up to 3164 different tokens  in one second and has been collisions tested. Third, security method to protect token from MITM attack. The attacker unable to get access caused all the checking are done by dApp user authentication.

Author Biographies

Marsha Chikita Intania Putri, Telkom University, Bandung

Department of Informatics Engineering

Parman Sukarno, Telkom University, Bandung

Department of Informatics Engineering

Aulia Arif Wardana, Telkom University, Bandung

Department of Informatics Engineering

References

D. DeFigueiredo, "The Case for Mobile Two-Factor Authentication," IEEE Security & Privacy, vol. 9, no. 5, pp. 81-85, 2011.

E. Alharbi and D. Alghazzawi, "Two Factor Authentication Framework Using OTP-SMS Based on Blockchain," Transactions on Machine Learning and Artificial Intelligence, vol. 7, no. 3, pp. 17-27, 2019.

R. Gupta, Hands-On Cybersecurity with Blockchain: Implement DDoS protection, PKI-based identity, 2FA, and DNS security using Blockchain, Birmingham, UK: Packt, 2018.

J. Song, D. Wang, Z. Yun and X. Han, "Alphapwd: A Password Generation Strategy Based on Mnemonic Shape," IEEE Access, vol. 7, pp. 119052-119059, 2019.

H.-M. Sun, Y.-H. Chen and Y.-H. Lin, "oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks," IEEE Transactions on Information Forensics and Security, vol. 7, no. 2, pp. 651-663, 2012.

J. Yan, A. Blackwell, R. Anderson and A. Grant, "Password Memorability and Security: Empirical Results," IEEE Security & Privacy, vol. 2, no. 5, pp. 25-31, 2004.

M. Shirvanian, N. Saxena, S. Jarecki and H. Krawczyk, "Building and Studying a Password Store that Perfectly Hides Passwords from Itself," IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 5, pp. 770-782, 2019.

A. D. Yulianto, P. Sukarno, A. A. Warrdana and M. A. Makky, "Mitigation of Cryptojacking Attacks Using Taint Analysis," in 4th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Yogyakarta, Indonesia, 2019.

A. A. Wardana and R. S. Perdana, "Access Control on Internet of Things based on Publish/Subscribe using Authentication Server and Secure Protocol," in 10th International Conference on Information Technology and Electrical Engineering (ICITEE), Kuta, Indonesia, 2018.

A. Rauf, M. Faiqurahman and D. R. Akbi, "Secure random port list generator pada mekanisme autentikasi dengan menggunakan Port Knocking dan Secure Socket Layer," Register: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 4, no. 2, pp. 103-113, 2018.

V. Amrutiya, S. Jhamb, P. Priyadarshi and A. Bhatia, "Trustless Two-Factor Authentication Using Smart Contracts in Blockchains," in International Conference on Information Networking (ICOIN), Kuala Lumpur, Malaysia, 2019.

S. M. Danish, M. Lestas, W. Asif, H. K. Qureshi and M. Rajarajan, "A Lightweight Blockchain Based Two Factor Authentication Mechanism for LoRaWAN Join Procedure," in IEEE International Conference on Communications Workshops (ICC Workshops), Shanghai, China, 2019.

L. Wu, X. Du, W. Wang and B. Lin, "An Out-of-band Authentication Scheme for Internet of Things Using Blockchain Technology," in International Conference on Computing, Networking and Communications (ICNC), Maui, HI, USA, 2018.

W.-S. Park, D.-Y. Hwang and K.-H. Kim, "A TOTP-Based Two Factor Authentication Scheme for Hyperledger Fabric Blockchain," in Tenth International Conference on Ubiquitous and Future Networks (ICUFN), Prague, Czech Republic, 2018.

A. Shahnaz, U. Qamar and A. Khalid, "Using Blockchain for Electronic Health Records," IEEE Access, vol. 7, pp. 147782-147795, 2019.

C. Lin, D. He, N. Kumar, X. Huang, P. Vijayakumar and K.-K. R. Choo, "HomeChain: A Blockchain-Based Secure Mutual Authentication System for Smart Homes," IEEE Internet of Things Journal, vol. 7, no. 2, pp. 818-829, 2020.

R. Shrestha and S. Y. Nam, "Regional Blockchain for Vehicular Networks to Prevent 51% Attacks," IEEE Access, vol. 7, pp. 95033-95045, 2019.

S. Sayeed, H. Marco-Gisbert and T. Caira, "Smart Contract: Attacks and Protections," IEEE Access, vol. 8, pp. 24416-24427, 2020.

W. Cai, Z. Wang, J. B. Ernst, Z. Hong, C. Feng and V. C. M. Leung, "Decentralized Applications: The Blockchain-Empowered Software System," IEEE Access, vol. 6, pp. 53019-53033, 2018.

S. R. Niya, F. Schupfer, T. Bocek and B. Stiller, "A Peer-to-peer Purchase and Rental Smart Contract-based Application (PuRSCA)," it - Information Technology, vol. 60, no. 5, pp. 307-320, 2018.

Q. Xu, Z. He, Z. Li, M. Xiao, R. S. M. Goh and Y. Li, "Chapter 8 - An effective blockchain-based, decentralized application for smart building system management," Real-Time Data Analytics for Large Scale Sensor Data, vol. 6, pp. 157-181, 2020.

A. Esfahani, G. Mantas, J. Ribeiro, J. Bastos, S. Mumtaz, M. A. Violas, A. M. D. O. Duarte and J. Rodriguez, "An Efficient Web Authentication Mechanism Preventing Man-In-The-Middle Attacks in Industry 4.0 Supply Chain," IEEE Access, vol. 7, pp. 58981-58989, 2019.

C. Li, Z. Qin, E. Novak and Q. Li, "Securing SDN Infrastructure of IoT–Fog Networks From MitM Attacks," IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1156-1164, 2017.

M. Agarwal, S. Biswas and S. Nandi, "Advanced Stealth Man-in-The-Middle Attack in WPA2 Encrypted Wi-Fi Networks," IEEE Communications Letters, vol. 19, no. 4, pp. 581-584, 2015.

Y. Zheng and W. Wu, "Security of Khudra Against Meet-in-the-Middle-Type Cryptanalysis," Chinese Journal of Electronics, vol. 28, no. 3, p. 482–488, 2019.

M. Conti, N. Dragoni and V. Lesyk, "A Survey of Man In The Middle Attacks," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027-2051, 2016.

G. Oliva, S. Cioabă and C. N. Hadjicostis, "Distributed Calculation of Edge-Disjoint Spanning Trees for Robustifying Distributed Algorithms Against Man-in-the-Middle Attacks," IEEE Transactions on Control of Network Systems, vol. 5, no. 4, pp. 1646-1656, 2018.

F. Ahmad, F. Kurugollu, A. Adnane, R. Hussain and F. Hussain, "MARINE: Man-in-the-Middle Attack Resistant Trust Model in Connected Vehicles," IEEE Internet of Things Journal, vol. 7, no. 4, pp. 3310-3322, 2020.

M. S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli and M. H. Rehmani, "Applications of Blockchains in the Internet of Things: A Comprehensive Survey," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1676-1717, 2019.

Y. Hu, A. Manzoor, P. Ekparinya, M. Liyanage, K. Thilakarathna, G. Jourjon and A. Seneviratne, "A Delay-Tolerant Payment Scheme Based on the Ethereum Blockchain," IEEE Access, vol. 7, pp. 33159-33172, 2019.

S. Guo, X. Hu, S. Guo, X. Qiu and F. Qi, "Blockchain Meets Edge Computing: A Distributed and Trusted Authentication System," IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 1972-1983, 2020.

Downloads

Additional Files

Published

2020-06-03

How to Cite

[1]
M. C. I. Putri, P. Sukarno, and A. A. Wardana, “Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application”, regist. j. ilm. teknol. sist. inf., vol. 6, no. 2, pp. 74–85, Jun. 2020.

Issue

Vol. 6 No. 2 (2020): July

Section

Article

License


Please find the rights and licenses in Register: Jurnal Ilmiah Teknologi Sistem Informasi. By submitting the article/manuscript of the article, the author(s) agree with this policy. No specific document sign-off is required.

1. License

The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

2. Author(s)' Warranties

The author warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author(s).

3. User/Public Rights

Register's spirit is to disseminate articles published are as free as possible. Under the Creative Commons license, Register permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and Register on distributing works in the journal and other media of publications. Unless otherwise stated, the authors are public entities as soon as their articles got published.

4. Rights of Authors

Authors retain all their rights to the published works, such as (but not limited to) the following rights;

Copyright and other proprietary rights relating to the article, such as patent rights,
The right to use the substance of the article in own future works, including lectures and books,
The right to reproduce the article for own purposes,
The right to self-archive the article (please read out deposit policy),
The right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (Register: Jurnal Ilmiah Teknologi Sistem Informasi).
5. Co-Authorship

If the article was jointly prepared by more than one author, any authors submitting the manuscript warrants that he/she has been authorized by all co-authors to be agreed on this copyright and license notice (agreement) on their behalf, and agrees to inform his/her co-authors of the terms of this policy. Register will not be held liable for anything that may arise due to the author(s) internal dispute. Register will only communicate with the corresponding author.

6. Royalties

Being an open accessed journal and disseminating articles for free under the Creative Commons license term mentioned, author(s) aware that Register entitles the author(s) to no royalties or other fees.

7. Miscellaneous

Register will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed. Register's editors may modify the article to a style of punctuation, spelling, capitalization, referencing and usage that deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers as mentioned in point 3.