Block-hash of blockchain framework against man-in-the-middle attacks

Authors

  • Imam Riadi Universitas Ahmad Dahlan
  • Rusydi Umar Universitas Ahmad Dahlan
  • Iqbal Busthomi Universitas Ahmad Dahlan
  • Arif Wirawan Muhammad Universiti Tun Hussein Onn Malaysia

DOI:

https://doi.org/10.26594/register.v8i1.2190

Keywords:

authentication, Man-in-the-middle attacks, blockchain technology, block-hash, payload

Abstract

Payload authentication is vulnerable to Man-in-the-middle (MITM) attack. Blockchain technology offers methods such as peer to peer, block hash, and proof-of-work to secure the payload of authentication process. The implementation uses block hash and proof-of-work methods on blockchain technology and testing is using White-box-testing and security tests distributed to system security practitioners who are competent in MITM attacks. The analyisis results before implementing Blockchain technology show that the authentication payload is still in plain text, so the data confidentiality has not minimize passive voice. After implementing Blockchain technology to the system, white-box testing using the Wireshark gives the result that the authentication payload sent has been well encrypted and safe enough. The percentage of security test results gets 95% which shows that securing the system from MITM attacks is relatively high. Although it has succeeded in securing the system from MITM attacks, it still has a vulnerability from other cyber attacks, so implementation of the Blockchain needs security improvisation.

Author Biographies

Imam Riadi, Universitas Ahmad Dahlan

Department of Information Systems

Rusydi Umar, Universitas Ahmad Dahlan

Department of Informatics

Iqbal Busthomi, Universitas Ahmad Dahlan

Department of Informatics

Arif Wirawan Muhammad, Universiti Tun Hussein Onn Malaysia

Department of Information Security and Web Technology

References

[1] I. Riadi, I. T. R. Yanto and E. Handoyo, "Analysis of academic service cybersecurity in university based on framework COBIT 5 using CMMI," IOP Conf. Series: Materials Science and Engineering, vol. 821, 2020.

[2] A. D. Kozlov and N. L. Noga, "Risk Management for Information Security of Corporate Information Systems Using Cloud Technology," in 2018 Eleventh International Conference "Management of large-scale system development" (MLSD), Moscow, Russia, 2018.

[3] M. Trnka, T. Cerny and N. Stickney, "Survey of Authentication and Authorization for the Internet of Things," Security and Communication Networks, 2018.

[4] I. Riadi, R. Umar and A. Sugandi, "Web Forensic on Kubernetes Cluster Services Using Grr Rapid Response Framework," International Journal of Scientific & Technology Research, vol. 9, no. 1, pp. 3484-3488, 2020.

[5] Y. Zhao, S. Li and L. Jiang, "Secure and Efficient User Authentication Scheme Based on Password and Smart Card for Multiserver Environment," Security and Communication Networks, 2018.

[6] Y. Park, K. Park and Y. Park, "Secure user authentication scheme with novel servermutual verification for multiserver environments," International Journal of Communication Systems, vol. 32, 2019.

[7] O. A. Simon, U. I. Bature, K. I. Jahun and N. M. Tahir, "Electronic doorbell system using keypad and GSM," International Journal of Informatics and Communication Technology, vol. 9, no. 3, pp. 212-220, 2020.

[8] A. O. Christiana, A. N. Oluwatobi, G. A. Victory and O. R. Oluwaseun, "A Secured One Time Password Authentication Technique using (3, 3) Visual Cryptography Scheme," IOP Conf. Series: Journal of Physics: Conf. Series, vol. 1299, 2019.

[9] A. Bánáti, E. Kail, K. Karóczkai and M. Kozlovszky, "Authentication and authorization orchestrator for microservice-based software architectures," 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2018, pp. 1180-1184.

[10] I. Riadi, R. Umar and A. Sugandi, "Web Forensic on Container Services Using GRR Rapid Response Framework," Scientific Journal of Informatics, vol. 7, no. 1, 2020.

[11] P. Chandrakar and H. Om, "RSA Based Two-factor Remote User Authentication Scheme with User Anonymity," Procedia Computer Science, vol. 70, pp. 318-324, 2015.

[12] R. A. Megantara, F. A. Rafrastara and S. N. Mahendra, "A combination of Hill CIPHER-LSB inRGB image encryption," Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, vol. 4, no. 3, 2019.

[13] S. Zhu, C. Zhu, W. Wang, "A New Image Encryption Algorithm Based on Chaos and Secure Hash SHA-256," Entropy, vol. 20, no. 9, pp. 716, 2018.

[14] A. R. Chordiya, S. Majumder and A. Y. Javaid, "Man-in-the-Middle (MITM) Attack Based Hijacking of HTTP Traffic Using Open Source Tools," 2018 IEEE International Conference on Electro/Information Technology (EIT), 2018, pp. 0438-0443.

[15] R. A. S. K. B. Ofori-Amanfo, G. A. Mills and K. M. Koumadi, "Detection and Prevention of Man-in-the-Middle Spoofing Attacks in MANETs Using Predictive Techniques in Artificial Neural Networks (ANN)," Journal of Computer Networks and Communications, 2019.

[16] A. Mallik, A. Ahsan, M. M. Z. Shahadat and J. C. Tsou, "Understanding Man-in-the-middle-attack through Survey of Literature," Indonesian Journal of Computing, Engineering, and Design, vol. 1, no. 1, pp. 44-56, 2019.

[17] P. Radhika., G. Ramya., K. Sadhana and R. Salini., "Defending Man In The Middle Attacks," International Research Journal of Engineering and Technology (IRJET), vol. 4, no. 3, 2017.

[18] A. Mallik, "Man-in-the-Middle-Attack: Understanding in Simple Words," Cyberspace: Jurnal Pendidikan Teknologi Informasi, vol. 2, no. 2, pp. 109-134, 2018.

[19] W. Stallings, Cryptography and Network Security, 4th ed., Prentice-Hall, 2005.

[20] C. Harris, "The History of Bitcoin," Crypto Currency News, 21 2 2018. [Online]. Available: https://cryptocurrencynews.com/the-history-of-bitcoin/.

[21] R. C. Noorsanti, H. Yulianton and K. Hadiono, "Blockchain-Teknologi Mata Uang Kripto (Crypto Currency)," in Proceeding SENDI_U, 2018.

[22] D. Efanov and P. Roschin, "The All-Pervasiveness of the Blockchain Technology," Procedia Computer Science, vol. 123, pp. 116-121, 2018.

[23] K. Salah, M. H. U. Rehman, N. Nizamuddin and A. Al-Fuqaha, "Blockchain for AI: Review and Open Research Challenges," IEEE Access, vol. 7, pp. 10127-10149, 2019.

[24] R. Zhang, R. Xue and L. Liu, "Security and Privacy on Blockchain," ACM Computing Surveys, vol. 52, no. 3, 2019.

[25] W. Pourmajidi and A. Miranskyy, "Logchain: Blockchain-Assisted Log Storage," in 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), 2018.

[26] S. Barjtya, A. Sharma and U. Rani, "A detailed study of Software Development Life Cycle (SDLC) Models," International Journal Of Engineering And Computer Science, vol. 6, pp. 22097-22100, 2017.

[27] M. M. Syaikhuddin, C. Anam, A. R. Rinaldi and M. E. B. Conoras, "Conventional Software Testing Using White Box Method," KINETIK, vol. 3, no. 1, pp. 65-72, 2018.

[28] P. X. Mai, F. Pastore, A. Goknil and L. Briand, "Metamorphic Security Testing for Web Systems," in 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), 2020.

[29] L. Zhou, C. Su, Y. Wen, W. Li, and Z. Gong, "Towards practical white-box lightweight block cipher implementations for IoTs," Future Generation Computer Systems, vol. 86, pp. 507-514, 2018..

[30] P. Navabud and C. Chen, "Analyzing the Web Mail Using Wireshark," 2018 14th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), 2018, pp. 1237-1239.

Downloads

Published

2021-05-15

How to Cite

[1]
I. Riadi, R. Umar, I. Busthomi, and A. W. Muhammad, “Block-hash of blockchain framework against man-in-the-middle attacks”, Register: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 8, no. 1, pp. 1–9, May 2021.

Issue

Vol. 8 No. 1 (2022): January

Section

Article

License


Please find the rights and licenses in Register: Jurnal Ilmiah Teknologi Sistem Informasi. By submitting the article/manuscript of the article, the author(s) agree with this policy. No specific document sign-off is required.

1. License

The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

2. Author(s)' Warranties

The author warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author(s).

3. User/Public Rights

Register's spirit is to disseminate articles published are as free as possible. Under the Creative Commons license, Register permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and Register on distributing works in the journal and other media of publications. Unless otherwise stated, the authors are public entities as soon as their articles got published.

4. Rights of Authors

Authors retain all their rights to the published works, such as (but not limited to) the following rights;

Copyright and other proprietary rights relating to the article, such as patent rights,
The right to use the substance of the article in own future works, including lectures and books,
The right to reproduce the article for own purposes,
The right to self-archive the article (please read out deposit policy),
The right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (Register: Jurnal Ilmiah Teknologi Sistem Informasi).
5. Co-Authorship

If the article was jointly prepared by more than one author, any authors submitting the manuscript warrants that he/she has been authorized by all co-authors to be agreed on this copyright and license notice (agreement) on their behalf, and agrees to inform his/her co-authors of the terms of this policy. Register will not be held liable for anything that may arise due to the author(s) internal dispute. Register will only communicate with the corresponding author.

6. Royalties

Being an open accessed journal and disseminating articles for free under the Creative Commons license term mentioned, author(s) aware that Register entitles the author(s) to no royalties or other fees.

7. Miscellaneous

Register will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed. Register's editors may modify the article to a style of punctuation, spelling, capitalization, referencing and usage that deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers as mentioned in point 3.