User data security innovation is a particular concern in protecting one's privacy rights, which is one of the serious violations when an attacker can bypass the user authentication so that it looks like something legitimate and becomes legal. Based on these issues, the research aims at optimizing and evaluating the blockchain-based authentication systems to minimize data leakage, manipulate the data, and modify the data. Blockchain is one of the innovations that can solve this problem. Data or transactions in the blockchain are saved in hash form to make it difficult for hackers to break into them. The Blockchain implementation uses the Solidity programming language to build smart contracts and other tools such as MetaMask, Ganache, and Truffle. The Network Forensics Development Life Cycle (NFLDC) is used as a framework with the following five stages: Initiation, Acquisition, Implementation, Operation, and Disposition. Based on the research conducted, the attack strategy against blockchain-based systems consists of several scenarios covering the Burp Suite, XSS, SQL Injection, and DoS. The results show that the percentage of authentication optimization reaches a value of 90.1%, and 8.9% is the percentage for evaluating systems such as the possibility of cyberattack. Based on these results, this research has achieved its goals and may assist in further research.

 

Doi: 10.28991/esj-2021-SP1-015

Full Text: PDF

Authentication; Blockchain; NFDLC; Network; Cyberattack.

Kim, W., Jeong, O.-R., Kim, C., & So, J. (2011). The dark side of the Internet: Attacks, costs and responses. Information Systems, 36(3), 675–705. doi:10.1016/j.is.2010.11.003.

Subekti, Z. M., & Subandri, S. (2020). Implementasi Metode Per Connection Queue Dengan Access User Direct Mac Filtering Pada Jaringan Wireless. INOVTEK Polbeng - Seri Informatika, 5(2), 240. doi:10.35314/isi.v5i2.1472.

Tian, Y., Zheng, N., Chen, X., & Gao, L. (2021). Wasserstein Metric-Based Location Spoofing Attack Detection in WiFi Positioning Systems. Security and Communication Networks, 2021. doi:10.1155/2021/8817569.

Teferi, F., & Nixon, J. S. (2019). A Security Mechanism to Mitigate DDoS Attack on Wireless Local Area Network (WLAN) using MAC with SSID. International Journal of Computer Sciences and Engineering, 7(4), 864–869. doi:10.26438/ijcse/v7i4.864869.

Hidayat, T. N., & Riadi, I. (2021). Optimation Wireless Security IEEE 802.1X using the Extensible Authentication Protocol-Protected Extensible Authentication Protocol (EAP-PEAP). International Journal of Computer Applications, 174(11), 25–30. doi:10.5120/ijca2021920988.

Marques, N., Zúquete, A., & Barraca, J. P. (2019). Integration of the Captive Portal paradigm with the 802.1 X architecture. arXiv preprint arXiv:1908.09927.

Umar, R., Riadi, I., & Kusuma, R. S. (2021). Mitigating sodinokibi ransomware attack on cloud network using software-defined networking (SDN). International Journal of Safety and Security Engineering, 11(3), 239–246. doi:10.18280/ijsse.110304.

Rahardja, U., Harahap, E. P., & Christianto, D. D. (2019). Pengaruh Teknologi Blockchain Terhadap Tingkat Keaslian Ijazah. Technomedia Journal, 4(2), 211–222. doi:10.33050/tmj.v4i2.1107.

Cui, Y., Cui, J., & Hu, J. (2020). A Survey on XSS Attack Detection and Prevention in Web Applications. ACM International Conference Proceeding Series, al, 443–449. doi:10.1145/3383972.3384027.

Vimala, S. T., & Dhas, J. P. M. (2018). SDN based DDoS attack detection system by exploiting ensemble classification for cloud computing. International Journal of Intelligent Engineering and Systems, 11(6), 282–291. doi:10.22266/IJIES2018.1231.28.

El-Sofany, H. F. (2020). A new cybersecurity approach for protecting cloud services against DDoS attacks. International Journal of Intelligent Engineering and Systems, 13(2), 205–215. doi:10.22266/ijies2020.0430.20.

Wang, Z., Yang, L., Wang, Q., Liu, D., Xu, Z., & Liu, S. (2019). ArtChain: Blockchain-enabled platform for art marketplace. Proceedings - 2019 2nd IEEE International Conference on Blockchain, Blockchain 2019, 447–454. doi:10.1109/Blockchain.2019.00068.

Salman, T., Zolanvari, M., Erbad, A., Jain, R., & Samaka, M. (2019). Security services using blockchains: A state of the art survey. IEEE Communications Surveys and Tutorials, 21(1), 858–880. doi:10.1109/COMST.2018.2863956.

Aprialim, F., Adnan, & Paundu, A. W. (2021). Penerapan Blockchain dengan Integrasi Smart Contract pada Sistem Crowdfunding. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 5(1), 148–154. doi:10.29207/resti.v5i1.2613.

Noorsanti, R., Yulianton, H., & Hadiono, K. (2018). Blockchain - Teknologi Mata Uang Kripto (Crypto Currency). Proceeding SENDI_U. Available online: https://www.unisbank.ac.id/ojs/index.php/sendi_u/article/view/5999 (accessed on May 2021).

Zhang, R., Xue, R., & Liu, L. (2019). Security and privacy on blockchain. ACM Computing Surveys 52, (3), 1-34. doi:10.1145/3316481.

Fadlil, A., Riadi, I., & Nugrahantoro, A. (2020). Data Security for School Service Top-Up Transactions Based on AES Combination Blockchain Technology. Lontar Komputer : Jurnal Ilmiah Teknologi Informasi, 11(3), 155. doi:10.24843/lkjiti.2020.v11.i03.p04.

Ismanto, L., Ar, H. S., Fajar, A. N., Sfenrianto, & Bachtiar, S. (2019). Blockchain as E-Commerce Platform in Indonesia. Journal of Physics: Conference Series, 1179(1). doi:10.1088/1742-6596/1179/1/012114.

Rizky, A., Kurniawan, S., Gumelar, R. D., Kurniawan, V., & Prakoso, M. B. (2021). Use Of blockchain technology in implementing information system security on education. Journal of Biology Education Sains & Technology, 4(1), 62–70.

Zheng, Y., Li, Y., Wang, Z., Deng, C., Luo, Y., Li, Y., & Ding, J. (2019). Blockchain-based privacy protection unified identity authentication. Proceedings - 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2019, 42–49. doi:10.1109/CyberC.2019.00017.

Alam, A., Zia Ur Rashid, S. M., Abdus Salam, M., & Islam, A. (2018). Towards Blockchain-Based E-voting System. 2018 International Conference on Innovations in Science, Engineering and Technology (ICISET). doi:10.1109/iciset.2018.8745613.

Shorman, S., Allaymoun, M., & Hamid, O. (2019). Developing the E-Commerce Model a Consumer To Consumer Using Blockchain Network Technique. International Journal of Managing Information Technology, 11(02), 55–64. doi:10.5121/ijmit.2019.11204.

Schintler, L. A., & McNeely, C. L. (2022). Encyclopedia of Big Data. Springer Nature Switzerland doi:10.1007/978-3-319-32010-6.

Efanov, D., & Roschin, P. (2018). The all-pervasiveness of the blockchain technology. Procedia Computer Science, 123, 116–121. doi:10.1016/j.procs.2018.01.019.

Abas Sunarya, P., Henderi, Sulistiawati, Khoirunisa, A., & Nursaputri, P. (2020). Blockchain family deed certificate for privacy and data security. 5th International Conference on Informatics and Computing, ICIC 2020. doi:10.1109/ICIC50835.2020.9288528.

Rejeb, A., Sűle, E., & Keogh, J. G. (2018). Exploring new technologies in procurement. Transport & Logistics: The International Journal, 18(45), 76–86.

Milkovic, M., Samardžija, J., & Ognjan, M. (2020). Application of Blockchain Technology in Media Ecology. Medijska Istrazivanja, 26(1), 29–52. doi:10.22572/mi.26.1.2.

Sartipi, F. (2021). Publicizing construction firms by cryptocurrency. Journal of Construction Materials, 2(3), 1–8, doi:10.36756/jcm.v2.3.1.

Rejeb, A., & Rejeb, K. (2020). Blockchain and supply chain sustainability. Logforum, 16(3), 363–372. doi:10.17270/j.log.2020.467.

Choi, S.-Y., & Whinston, A. B. (2000). The Future of the Digital Economy. Handbook on Electronic Commerce, 25–52. doi:10.1007/978-3-642-58327-8_2.

Arse, M., & Dubey, J. (2020). A Survey of Internet of Things node’s transactions Secure through Blockchain Technology. International Journal of Computer Applications, 175(25), 33–37. doi:10.5120/ijca2020920796.

Zou, W., Lo, D., Kochhar, P. S., Le, X. B. D., Xia, X., Feng, Y., ... & Xu, B. (2019). Smart contract development: Challenges and opportunities. IEEE Transactions on Software Engineering, 1-20.

Chaniago, N., Sukarno, P., & Wardana, A. A. (2021). Electronic document authenticity verification of diploma and transcript using smart contract on ethereum blockchain. Register: Jurnal Ilmiah Teknologi Sistem Informasi, 7(2), 149–163. doi:10.26594/REGISTER.V7I2.1959.

Bragagnolo, S., Rocha, H., Denker, M., & Ducasse, S. (2018). SmartInspect: Solidity smart contract inspector. In 2018 IEEE 1st International Workshop on Blockchain Oriented Software Engineering, IWBOSE 2018 - Proceedings (Vols. 2018), 9–18. doi:10.1109/IWBOSE.2018.8327566.

Mohanta, B. K., Panda, S. S., & Jena, D. (2018). An Overview of Smart Contract and Use Cases in Blockchain Technology. 2018 9th International Conference on Computing, Communication and Networking Technologies, ICCCNT 2018, 1–4. doi:10.1109/ICCCNT.2018.8494045.

Wang, S., Yuan, Y., Wang, X., Li, J., Qin, R., & Wang, F. Y. (2018). An Overview of Smart Contract: Architecture, Applications, and Future Trends. IEEE Intelligent Vehicles Symposium, Proceedings, 2018-June, 108–113. doi:10.1109/IVS.2018.8500488.

Sai Kiran, K. V. V. N. L., Devisetty, R. N. K., Kalyan, N. P., Mukundini, K., & Karthi, R. (2020). Building a Intrusion Detection System for IoT Environment using Machine Learning Techniques. Procedia Computer Science, 171, 2372–2379. doi:10.1016/j.procs.2020.04.257.

Pallavi, C., Girija, R., & Jayalakshmi, S. L. (2021). An Analysis on Network Security Tools and Systems. SSRN Electronic Journal. doi:10.2139/ssrn.3833455.

Gitanjali Simran T, and Sasikala D (2019). Vulnerability Assessment of Web Applications using Penetration Testing. In International Journal of Recent Technology and Engineering 8(4), 1552–1556. doi:10.35940/ijrte.b2133.118419.

Sikos, L. F. (Ed.). (2019). AI in Cybersecurity. Intelligent Systems Reference Library. Springer Nature Switzerland. doi:10.1007/978-3-319-98842-9.

Patel, K. (2019). A survey on vulnerability assessment penetration testing for secure communication. Proceedings of the International Conference on Trends in Electronics and Informatics, ICOEI 2019, 320–325. doi:10.1109/ICOEI.2019.8862767.

Mokbal, F. M. M., Dan, W., Imran, A., Jiuchuan, L., Akhtar, F., & Xiaoxi, W. (2019). MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique. IEEE Access, 7, 100567–100580. doi:10.1109/ACCESS.2019.2927417.

Gupta, S., & Gupta, B. B. (2017). Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. International Journal of Systems Assurance Engineering and Management, 8, 512–530. doi:10.1007/s13198-015-0376-0.

Khera, Y., Kumar, D., Sujay, S., & Garg, N. (2019). Analysis and Impact of Vulnerability Assessment and Penetration Testing. Proceedings of the International Conference on Machine Learning, Big Data, Cloud and Parallel Computing: Trends, Prespectives and Prospects, COMITCon 2019, 525–530. doi:10.1109/COMITCon.2019.8862224.

Sarmah, U., Bhattacharyya, D. K., & Kalita, J. K. (2018). A survey of detection methods for XSS attacks. Journal of Network and Computer Applications, 118, 113–143. doi:10.1016/j.jnca.2018.06.004.

Shurman, M. M., Khrais, R. M., & Yateem, A. A. (2019). IoT denial-of-service attack detection and prevention using hybrid IDS. Proceedings - 2019 International Arab Conference on Information Technology, ACIT 2019, 252–254. doi:10.1109/ACIT47987.2019.8991097.

El-Sofany, H. F., El-Seoud, S. A., & Taj-Eddin, I. A. T. F. (2019). A case study of the impact of denial of service attacks in cloud applications. Journal of Communications, 14(2), 153–158. doi:10.12720/jcm.14.2.153-158.

Syed, N. F., Baig, Z., Ibrahim, A., & Valli, C. (2020). Denial of service attack detection through machine learning for the IoT. Journal of Information and Telecommunication, 4(4), 482–503. doi:10.1080/24751839.2020.1767484.

Abushwereb, M., Mustafa, M., Al-Kasassbeh, M., & Qasaimeh, M. (2020). Attack based DoS attack detection using multiple classifier. arXiv preprint arXiv:2001.05707..

Chen, D., Yan, Q., Wu, C., & Zhao, J. (2021). SQL Injection Attack Detection and Prevention Techniques Using Deep Learning. Journal of Physics: Conference Series, 1757(1). doi:10.1088/1742-6596/1757/1/012055.

Kareem, F. Q., Ameen, S. Y., Salih, A. A., Ahmed, D. M., Kak, S. F., Yasin, H. M., ... & Omar, N. (2021). SQL injection attacks prevention system technology. Asian Journal of Research in Computer Science, 13, 32.

Endicott-Popovsky, B. E., & Frincke, D. A. (2006). Embedding forensic capabilities into networks: Addressing inefficiencies in digital forensics investigations. Proceedings of the 2006 IEEE Workshop on Information Assurance, 2006, 133–139. doi:10.1109/iaw.2006.1652087.

Endicott-Popovsky, B., Frincke, D. A., & Taylor, C. A. (2007). A theoretical framework for organizational network forensic readiness. Journal of Computers, 2(3), 1–11. doi:10.4304/jcp.2.3.1-11.

Shajina, A. R., & Varalakshmi, P. (2017). A novel dual authentication protocol (DAP) for multi-owners in cloud computing. Cluster Computing, 20(1), 507–523. doi:10.1007/s10586-017-0774-y.

Yang, X., Chen, Y., & Chen, X. (2019). Effective scheme against 51% attack on proof-of-work blockchain with history weighted information. Proceedings - 2019 2nd IEEE International Conference on Blockchain, Blockchain 2019, 261–265. doi:10.1109/Blockchain.2019.00041.