OVERCOMING PROBLEMS COMBINATION OF SERVER AND CLIENT SIDE ENCRYPTION ON WEB CODE SECURITY USING THE SLICE CODE METHOD

Authors

  • Kamarudin Kamarudin Universitas Muhammadiyah Banjarmasin
  • Fajar Akbar Maulana Universitas Muhammadiyah Banjarmasin

DOI:

https://doi.org/10.30787/restia.v1i2.1249

Keywords:

encryption, source code, slice code, web security, web encryption

Abstract

Web security protection that is carried out by some web developers is to protect the source code of web applications by encrypting the source code, both the source code that runs on the web server or the source code that runs on the client browser. Combining these two encryption technologies is a problem for web developers. If using server side encryption, the client side source code is not protected. However, if you use client-side encryption, the server source code becomes unreadable by the web server. This study aims to overcome the problem of the combination of these two encryption technologies, so the Slice Code method is used, which is a method that the researchers themselves have developed and used to encrypt server and client source code simultaneously and combine the two. With this method, the original source code is separated into 2 parts, then the pure client source code is encrypted using client encryption technology, then embedded into the pure server source code. The next step is to encrypt the pure server source code. The result is that web applications can run perfectly by having source code encryption from both sides, namely the server side and the client side

References

D. H. Curie, J. Jaison, J. Yadav, and J. R. Fiona, “Analysis on Web Frameworks,” J. Phys. Conf. Ser., vol. 1362, no. 1, p. 12114, 2019, doi: 10.1088/1742-6596/1362/1/012114.

A. S. Bhadouria, “Study of: Impact of Malicious Attacks and Data Breach on the Growth and Performance of the Company and Few of the World’s Biggest Data Breaches,” Int. J. Sci. Res. Publ., 2022.

K.-C. Chang, Y.-K. Gao, and S.-C. Lee, “The effect of data theft on a firm’s short-term and long-term market value,” Mathematics, vol. 8, no. 5, p. 808, 2020.

A. N. Luthiya, B. Irawan, and R. Yulia, “Kebijakan Hukum Pidana Terhadap Pengaturan Pencurian Data Pribadi Sebagai Penyalahgunaan Teknologi Komunikasi Dan Informasi,” J. Huk. Pidana dan Kriminologi, vol. 2, no. 2, pp. 14–29, 2021.

R. A. Prastyanti, I. Rahayu, E. Yafi, K. Wardiono, and A. Budiono, “Law And Personal Data: Offering Strategies For Consumer Protection In New Normal Situation In Indonesia,” J. Jurisprud., vol. 11, no. 1, pp. 82–99, 2022.

D.-W. Huang, W. Liu, and J. Bi, “Data tampering attacks diagnosis in dynamic wireless sensor networks,” Comput. Commun., vol. 172, pp. 84–92, 2021.

G. Ping, “Detection of Power Data Tampering Attack based on Gradient Boosting Decision Tree,” in Journal of Physics: Conference Series, IOP Publishing, 2021, p. 12057.

R. K. Shrivastava, S. Mishra, V. E. Archana, and C. Hota, “Preventing data tampering in IoT networks,” in 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), IEEE, 2019, pp. 1–6.

S. M. T. Situmeang, “Penyalahgunaan Data Pribadi Sebagai Bentuk Kejahatan Sempurna Dalam Perspektif Hukum Siber,” Sasi, vol. 27, no. 1, pp. 38–52, 2021.

V. N. N. Damanik and S. U. Sunaringtyas, “Secure code recommendation based on code review result using owasp code review guide,” in 2020 International Workshop on Big Data and Information Security (IWBIS), IEEE, 2020, pp. 153–158.

M. Aljabri et al., “Testing and Exploiting Tools to Improve OWASP Top Ten Security Vulnerabilities Detection,” in 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN), IEEE, 2022, pp. 797–803.

A. Alanda, D. Satria, M. I. Ardhana, A. A. Dahlan, and H. A. Mooduto, “Web application penetration testing using SQL Injection attack,” JOIV Int. J. Informatics Vis., vol. 5, no. 3, pp. 320–326, 2021.

C. Sharma, S. C. Jain, and A. K. Sharma, “Explorative study of SQL injection attacks and mechanisms to secure web application database-A,” Int J Adv Comput Sci Appl, vol. 7, no. 3, pp. 79–87, 2016.

M. O’Neill, “Insecurity by design: Today’s IoT device security problem,” Engineering, vol. 2, no. 1, pp. 48–49, 2016.

B. Eshete, A. Villafiorita, and K. Weldemariam, “Early detection of security misconfiguration vulnerabilities in web applications,” in 2011 Sixth International Conference on Availability, Reliability and Security, IEEE, 2011, pp. 169–174.

R. Poptani and M. V. Gatty, “Security Misconfiguration,” Secur. Misconfiguration, vol. 7, no. 1, p. 3, 2018.

E. K. Marino and A. J. Faas, “Is vulnerability an outdated concept? After subjects and spaces,” Ann. Anthropol. Pract., vol. 44, no. 1, pp. 33–46, 2020.

R. Posso and S. Criollo-C, “Analysis of Authentication Failures in the Enterprise,” in New Knowledge in Information Systems and Technologies: Volume 2, Springer, 2019, pp. 911–920.

M. Zviran and Z. Erlich, “Identification and authentication: technology and implementation issues,” Commun. Assoc. Inf. Syst., vol. 17, no. 1, p. 4, 2006.

D. V. S. Kaja, Y. Fatima, and A. B. Mailewa, “Data integrity attacks in cloud computing: A review of identifying and protecting techniques,” J. homepage www. ijrpr. com ISSN, vol. 2582, p. 7421, 2022.

J. Svacina et al., “On vulnerability and security log analysis: A systematic literature review on recent trends,” in Proceedings of the International Conference on Research in Adaptive and Convergent Systems, 2020, pp. 175–180.

K. Al-talak and O. Abbass, “Detecting server-side request forgery (SSRF) attack by using deep learning techniques,” Int. J. Adv. Comput. Sci. Appl., vol. 12, no. 12, 2021.

R. N. Ibrahim, “Kriptografi Algoritma Des, Aes/Rijndael, Blowfish Untuk Keamanan Citra Digital Dengan Menggunakan Metode Discrete Wavelet Transformation (Dwt),” J. Comput. Bisnis, vol. 6, no. 2, pp. 82–95, 2012.

C. Riman and P. E. Abi-Char, “Comparative analysis of block cipher-based encryption algorithms: a survey,” Inf. Secur. Comput. Fraud, vol. 3, no. 1, pp. 1–7, 2015.

K. Curran, A. Bond, and G. Fisher, “HTML5 and the Mobile Web,” Int. J. Innov. Digit. Econ., vol. 3, no. 2, pp. 40–56, 2012.

M. H. Alfirdaus, M. Tahir, N. E. Dewanti, R. Ardianto, N. N. Azurah, and N. F. Cahyono, “Perancangan Aplikasi Enkripsi Deskripsi Mengunakan Metode Caesar Chiper Berbasis Web,” J. Tek. Mesin, Ind. Elektro dan Inform., vol. 2, no. 2, pp. 64–76, 2023.

D. Adhar, “Implementasi Algoritma DES (Data Encryption Standard) Pada Enkripsi Dan Deskripsi SMS Berbasis Android,” JTIK (Jurnal Tek. Inform. Kaputama), vol. 3, no. 2, pp. 53–60, 2019.

A. Elanda and R. L. Buana, “Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review,” CESS (Journal Comput. Eng. Syst. Sci., vol. 5, no. 2, pp. 185–191, 2020.

Downloads

Published

2023-07-19

How to Cite

Kamarudin, K., & Akbar Maulana, F. (2023). OVERCOMING PROBLEMS COMBINATION OF SERVER AND CLIENT SIDE ENCRYPTION ON WEB CODE SECURITY USING THE SLICE CODE METHOD. Jurnal Riset Sistem Dan Teknologi Informasi, 1(2), 1–11. https://doi.org/10.30787/restia.v1i2.1249