Block-hash of blockchain framework against man-in-the-middle attacks

Authors

  • Imam Riadi Universitas Ahmad Dahlan
  • Rusydi Umar Universitas Ahmad Dahlan
  • Iqbal Busthomi Universitas Ahmad Dahlan
  • Arif Wirawan Muhammad Universiti Tun Hussein Onn Malaysia

DOI:

https://doi.org/10.26594/register.v8i1.2190

Keywords:

authentication, Man-in-the-middle attacks, blockchain technology, block-hash, payload

Abstract

Payload authentication is vulnerable to Man-in-the-middle (MITM) attack. Blockchain technology offers methods such as peer to peer, block hash, and proof-of-work to secure the payload of authentication process. The implementation uses block hash and proof-of-work methods on blockchain technology and testing is using White-box-testing and security tests distributed to system security practitioners who are competent in MITM attacks. The analyisis results before implementing Blockchain technology show that the authentication payload is still in plain text, so the data confidentiality has not minimize passive voice. After implementing Blockchain technology to the system, white-box testing using the Wireshark gives the result that the authentication payload sent has been well encrypted and safe enough. The percentage of security test results gets 95% which shows that securing the system from MITM attacks is relatively high. Although it has succeeded in securing the system from MITM attacks, it still has a vulnerability from other cyber attacks, so implementation of the Blockchain needs security improvisation.

Author Biographies

Imam Riadi, Universitas Ahmad Dahlan

Department of Information Systems

Rusydi Umar, Universitas Ahmad Dahlan

Department of Informatics

Iqbal Busthomi, Universitas Ahmad Dahlan

Department of Informatics

Arif Wirawan Muhammad, Universiti Tun Hussein Onn Malaysia

Department of Information Security and Web Technology

References

[1] I. Riadi, I. T. R. Yanto and E. Handoyo, "Analysis of academic service cybersecurity in university based on framework COBIT 5 using CMMI," IOP Conf. Series: Materials Science and Engineering, vol. 821, 2020.

[2] A. D. Kozlov and N. L. Noga, "Risk Management for Information Security of Corporate Information Systems Using Cloud Technology," in 2018 Eleventh International Conference "Management of large-scale system development" (MLSD), Moscow, Russia, 2018.

[3] M. Trnka, T. Cerny and N. Stickney, "Survey of Authentication and Authorization for the Internet of Things," Security and Communication Networks, 2018.

[4] I. Riadi, R. Umar and A. Sugandi, "Web Forensic on Kubernetes Cluster Services Using Grr Rapid Response Framework," International Journal of Scientific & Technology Research, vol. 9, no. 1, pp. 3484-3488, 2020.

[5] Y. Zhao, S. Li and L. Jiang, "Secure and Efficient User Authentication Scheme Based on Password and Smart Card for Multiserver Environment," Security and Communication Networks, 2018.

[6] Y. Park, K. Park and Y. Park, "Secure user authentication scheme with novel servermutual verification for multiserver environments," International Journal of Communication Systems, vol. 32, 2019.

[7] O. A. Simon, U. I. Bature, K. I. Jahun and N. M. Tahir, "Electronic doorbell system using keypad and GSM," International Journal of Informatics and Communication Technology, vol. 9, no. 3, pp. 212-220, 2020.

[8] A. O. Christiana, A. N. Oluwatobi, G. A. Victory and O. R. Oluwaseun, "A Secured One Time Password Authentication Technique using (3, 3) Visual Cryptography Scheme," IOP Conf. Series: Journal of Physics: Conf. Series, vol. 1299, 2019.

[9] A. Bánáti, E. Kail, K. Karóczkai and M. Kozlovszky, "Authentication and authorization orchestrator for microservice-based software architectures," 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2018, pp. 1180-1184.

[10] I. Riadi, R. Umar and A. Sugandi, "Web Forensic on Container Services Using GRR Rapid Response Framework," Scientific Journal of Informatics, vol. 7, no. 1, 2020.

[11] P. Chandrakar and H. Om, "RSA Based Two-factor Remote User Authentication Scheme with User Anonymity," Procedia Computer Science, vol. 70, pp. 318-324, 2015.

[12] R. A. Megantara, F. A. Rafrastara and S. N. Mahendra, "A combination of Hill CIPHER-LSB inRGB image encryption," Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, vol. 4, no. 3, 2019.

[13] S. Zhu, C. Zhu, W. Wang, "A New Image Encryption Algorithm Based on Chaos and Secure Hash SHA-256," Entropy, vol. 20, no. 9, pp. 716, 2018.

[14] A. R. Chordiya, S. Majumder and A. Y. Javaid, "Man-in-the-Middle (MITM) Attack Based Hijacking of HTTP Traffic Using Open Source Tools," 2018 IEEE International Conference on Electro/Information Technology (EIT), 2018, pp. 0438-0443.

[15] R. A. S. K. B. Ofori-Amanfo, G. A. Mills and K. M. Koumadi, "Detection and Prevention of Man-in-the-Middle Spoofing Attacks in MANETs Using Predictive Techniques in Artificial Neural Networks (ANN)," Journal of Computer Networks and Communications, 2019.

[16] A. Mallik, A. Ahsan, M. M. Z. Shahadat and J. C. Tsou, "Understanding Man-in-the-middle-attack through Survey of Literature," Indonesian Journal of Computing, Engineering, and Design, vol. 1, no. 1, pp. 44-56, 2019.

[17] P. Radhika., G. Ramya., K. Sadhana and R. Salini., "Defending Man In The Middle Attacks," International Research Journal of Engineering and Technology (IRJET), vol. 4, no. 3, 2017.

[18] A. Mallik, "Man-in-the-Middle-Attack: Understanding in Simple Words," Cyberspace: Jurnal Pendidikan Teknologi Informasi, vol. 2, no. 2, pp. 109-134, 2018.

[19] W. Stallings, Cryptography and Network Security, 4th ed., Prentice-Hall, 2005.

[20] C. Harris, "The History of Bitcoin," Crypto Currency News, 21 2 2018. [Online]. Available: https://cryptocurrencynews.com/the-history-of-bitcoin/.

[21] R. C. Noorsanti, H. Yulianton and K. Hadiono, "Blockchain-Teknologi Mata Uang Kripto (Crypto Currency)," in Proceeding SENDI_U, 2018.

[22] D. Efanov and P. Roschin, "The All-Pervasiveness of the Blockchain Technology," Procedia Computer Science, vol. 123, pp. 116-121, 2018.

[23] K. Salah, M. H. U. Rehman, N. Nizamuddin and A. Al-Fuqaha, "Blockchain for AI: Review and Open Research Challenges," IEEE Access, vol. 7, pp. 10127-10149, 2019.

[24] R. Zhang, R. Xue and L. Liu, "Security and Privacy on Blockchain," ACM Computing Surveys, vol. 52, no. 3, 2019.

[25] W. Pourmajidi and A. Miranskyy, "Logchain: Blockchain-Assisted Log Storage," in 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), 2018.

[26] S. Barjtya, A. Sharma and U. Rani, "A detailed study of Software Development Life Cycle (SDLC) Models," International Journal Of Engineering And Computer Science, vol. 6, pp. 22097-22100, 2017.

[27] M. M. Syaikhuddin, C. Anam, A. R. Rinaldi and M. E. B. Conoras, "Conventional Software Testing Using White Box Method," KINETIK, vol. 3, no. 1, pp. 65-72, 2018.

[28] P. X. Mai, F. Pastore, A. Goknil and L. Briand, "Metamorphic Security Testing for Web Systems," in 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), 2020.

[29] L. Zhou, C. Su, Y. Wen, W. Li, and Z. Gong, "Towards practical white-box lightweight block cipher implementations for IoTs," Future Generation Computer Systems, vol. 86, pp. 507-514, 2018..

[30] P. Navabud and C. Chen, "Analyzing the Web Mail Using Wireshark," 2018 14th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), 2018, pp. 1237-1239.

Downloads

Published

2021-05-15

Issue

Section

Artikel