Implementasi Time-Based One-Time Password Menggunakan Algoritma Photon Untuk Autentikasi Dua Faktor

Penulis

  • Amry Yahya Universitas Brawijaya, Malang
  • Ari Kusyanti Universitas Brawijaya, Malang
  • Primantara Hari Trisnawan Universitas Brawijaya, Malang

DOI:

https://doi.org/10.25126/jtiik.124

Kata Kunci:

Autentikasi dua faktor, TOTP, PHOTON hash, HMAC

Abstrak

Di era digital yang makin maju, perlindungan terhadap data sensitif menjadi sangat penting. Two-factor Authentication (2FA) atau autentikasi dua faktor adalah metode keamanan yang efektif untuk memastikan bahwa hanya pengguna sah yang dapat mengakses data atau sistem sensitif dengan mengharuskan pengguna untuk memberikan dua bentuk identifikasi yang berbeda. Salah satu metode 2FA yang banyak digunakan adalah Time-based One-Time Password (TOTP) yang menggunakan algoritma Hash-based Message Authentication (HMAC) dengan fungsi hash SHA-1. Namun, fungsi SHA-1 diketahui memiliki kelemahan keamanan. Penelitian ini bertujuan untuk meningkatkan keamanan TOTP dengan mengimplementasikan fungsi hash PHOTON, algoritma hash ringan yang dirancang dengan keamanan yang baik dan penggunaan sumber daya komputasi yang efisien. Metodologi penelitian ini melibatkan pengembangan dan pengujian sistem autentikasi dua faktor berbasis TOTP dengan algoritma HMAC yang menggunakan fungsi hash PHOTON. Hasil penelitian menunjukkan bahwa sistem mampu bertahan dari brute-force attack dan birthday attack. Selain itu, fungsi TOTP yang menerapkan PHOTON memiliki waktu eksekusi yang lebih cepat dari SHA-1 dan SHA-2.

 

Abstract

In the increasingly advanced digital era, protection of sensitive data is very important. Two-factor Authentication (2FA) is an effective security method to ensure that only authorized users can access sensitive data or systems by requiring users to provide two different forms of identification. One of the widely used 2FA methods is Time-based One-Time Password (TOTP) which uses the Hash-based Message Authentication (HMAC) algorithm with the SHA-1 hash function. However, the SHA-1 function is known to have security weaknesses. This study aims to improve the security of TOTP by implementing the PHOTON hash function, a lightweight hash algorithm designed with good security and efficient use of computing resources. The research methodology involves the development and testing of a TOTP-based two-factor authentication system with the HMAC algorithm using the PHOTON hash function. The results of the study show that the system is able to withstand brute-force attacks and birthday attacks. In addition, the TOTP function implementing PHOTON has a faster execution time than SHA-1 and SHA-2.

Downloads

Download data is not yet available.

Referensi

BARKADEHI, M.H., NILASHI, M., IBRAHIM, O., ZAKERI FARDI, A. and SAMAD, S., 2018. Authentication systems: A literature review and classification. Telematics and Informatics, 35(5), pp.1491–1511. Tersedia di:<https://doi.org/10.1016/J.TELE.2018.03.018> [Diakses 5 Desember 2024].

BASAR, M.S., 2011. Summarizing data for secure transaction: A hash algorithm. African Journal of Business Management, 5(34), p.13211.

BHANDERI, D., KAVATHIYA, M., BHUT, T., KAUR, H. and MEHTA, M., 2023. Impact of Two-Factor Authentication on User Convenience and Security. In: 2023 10th International Conference on Computing for Sustainable Global Development (INDIACom). IEEE. pp.617–622.

DSILVA, R. & SHETTY, S., 2023. Applications, attacks, and advancements in cryptography and network security hash functions: a review. International Research Journal of Modernization in Engineering Technology and Science, 5(5). Tersedia di: <https://www.doi.org/10.56726/IRJMETS3937> [Diakses 22 September 2024].

EZUGWU, A., UKWANDU, E., UGWU, C., EZEMA, M., OLEBARA, C., NDUNAGU, J., OFUSORI, L. and OME, U., 2023. Password-based authentication and the experiences of end users. Scientific African, 21, p.e01743. Tersedia di: <https://doi.org/10.1016/J.SCIAF.2023.E01743> [Diakses 20 November 2023].

GUIDO, B., JOAN, D., MICHAËL, P. and GILLES, V.A., 2011. Cryptographic sponge functions.

GUO, J., PEYRIN, T. and POSCHMANN, A., 2011. The PHOTON family of lightweight hash functions. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), [online] 6841 LNCS, pp.222–239. Tersedia di: <https://doi.org/10.1007/978-3-642-22792-9_13/COVER> [Diakses 31 Agustus 2023]

KRAWCZYK, H., BELLARE, M. and CANETTI, R., 1997. RFC2104: HMAC: Keyed-hashing for message authentication.

M’RAIHI, D., MACHANI, S., PEI, M. and RYDELL, J., 2011. TOTP: Time-Based One-Time Password Algorithm. [online] Tersedia di: <https://doi.org/10.17487/RFC6238> [Diakses 31 Agustus 2023]

MIHAILESCU, M.I., NITA, S.L., 2021. Hash functions. Cryptography and Cryptanalysis in MATLAB: Creating and Programming Advanced Algorithms, pp.83-102.

OZKAN, C. and BICAKCI, K., 2020. Security analysis of mobile authenticator applications. In: 2020 International Conference on Information Security and Cryptology (ISCTURKEY). IEEE. pp.18–30.

PAPATHANASAKI, M., MAGLARAS, L., & AYRES, N., 2022. Modern authentication methods: A comprehensive survey. AI, Computer Science and Robotics Technology.

VIJAYACHANDRAN, A., KUMAR, K.G. and STUDENT, ], 2016. Anonymous Two-Factor Authentication in Distributed Systems. International Journal of Computer Science Trends and Technology, [online] 4. Tersedia melalui: [Diakses 1 August 2024].

ZULKARNAIN, S., IDRUS, S., CHERRIER, E., ROSENBERGER, C. and SCHWARTZMANN, J.-J., 2013. A Review on Authentication Methods. Australian Journal of Basic and Applied Sciences, [online] 7(5), pp.95–107. Tersedia di: <https://hal.science/hal-00912435> [Diakses 5 Desember 2023].

Diterbitkan

29-08-2025

Terbitan

Bagian

Ilmu Komputer

Cara Mengutip

Implementasi Time-Based One-Time Password Menggunakan Algoritma Photon Untuk Autentikasi Dua Faktor. (2025). Jurnal Teknologi Informasi Dan Ilmu Komputer, 12(4), 799-808. https://doi.org/10.25126/jtiik.124