Wirasbawa, Nicholas Dwiarto and Khaeruzzaman, Yaman and Waworuntu, Alexander (2023) Modern, Secure Application Programming Interface Implementation using RFC 6238 and RFC 7617. IEEE Xplore.
|
Text
Modern, Secure Application Programming Interface Implementation using RFC 6238 and RFC 7617 (1).pdf Download (2MB) | Preview |
Abstract
Application Programming Interface (API) is an interface that could be used to access or utilize services on the Internet. API has several advantages, namely being technology agnostic and becoming a middleware before a request arrives at the database. A Report from Salt Security claims that 30% of security vulnerabilities of APIs in 2021 comes from authentication problems. Two-factor authentication in the form of Time-Based One-Time Passwords (TOTP) is a method that could be implemented to achieve data integrity, secure transactions, and protection of private resources in API. A potential combination of algorithms that could be used to generate and send TOTPs are RFC 6238 and RFC 7617. An API connected to a web application is built in order to provide proof of concept which showcases that this combination is feasible to implement in an API. Technologies used are Express.js, Next.js, MariaDB, and Redis. Implementation is done in a simulation of the attendance system to find an alternative to existing attendance systems. The result of the research showcases that the whole system has been built, deployed, and conforms to OWASP Standards (metrics being Authorization, Authentication, API Security, OTP Security, and Session Security) and Snyk. The additional implementation of the simulation of the attendance system is also well accepted by application users, evidenced by an acceptance rate of 91.81% by the Technology Acceptance Model. This research has proven the algorithms used are secure without sacrificing usability and can be implemented in any API. This research also opens up possibilities of attendance systems being implemented with TOTPs.
Item Type: | Article |
---|---|
Keywords: | Application Programming Interface, Attendance System, RFC 6238, RFC 7617, Two-Factor Authentication |
Subjects: | 000 Computer Science, Information and General Works > 000 Computer Science, Knowledge and Systems > 005 Computer Programming |
Divisions: | Faculty of Engineering & Informatics > Informatics |
Depositing User: | Administrator UMN Library |
Date Deposited: | 10 May 2023 07:21 |
Last Modified: | 10 May 2023 07:21 |
URI: | https://kc.umn.ac.id/id/eprint/25294 |
Actions (login required)
View Item |