The Model for Storing Tokens in Local Storage (Cookies) Using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in E-Learning Systems

Authors

  • Syabdan Dalimunthe Politeknik Caltex Riau
  • Joeharsyah Reza Politeknik Caltex Riau
  • Asep Marzuki Politeknik Caltex Riau

DOI:

https://doi.org/10.37385/jaets.v3i2.662

Keywords:

Hash-Based Message Authentication Code, Json Web Token, Restful API, E-Learning

Abstract

E-learning is a technology that may be used in the learning process to improve not only the distribution of learning materials but also the ability of learners to modify their abilities of various competencies contained in a database. A Web Service is used to integrate the data. Web Service is a set of standards and programming methods for sharing data between different software applications, distributing services over the internet that supports system interoperability. In this digital era, the system that will survive is one that can function on multiple platforms, and one of the options is to use web servicess. Data is exchanged in JSON format, and JSON Web Tokens are used for authentication security (JWT). The use of JWT for token-based authentication on web services can help overcome interoperability issues. JWT is stateless and allows for the inclusion of data in the token authorisation. JWT includes a number of algorithm possibilities, including HMAC. Overall, the adoption of HMAC outperforms the criteria of token generation time, token size, and token transfer speed. Storing JSON Web Token into local storage in the client browser using the HMAC algorithm has been presented in this paper. The proposed work has shown that JWTs do not need to be stored on the server but can be stored on the client browser side using local storage.

Downloads

Download data is not yet available.

References

Adam, S. I., Moedjahedy, J. H., & Maramis, J. (2020, October 27). RESTful Web Service Implementation on Unklab Information System Using JSON Web Token (JWT). 2020 2nd International Conference on Cybernetics and Intelligent System, ICORIS 2020. https://doi.org/10.1109/ICORIS50180.2020.9320801

Alam, M. S., Atmojo, U. D., Blech, J. O., & Lastra, J. L. M. (2020). A REST and HTTP-based Service Architecture for Industrial Facilities. Proceedings - 2020 IEEE Conference on Industrial Cyberphysical Systems, ICPS 2020, 398–401. https://doi.org/10.1109/ICPS48405.2020.9274792

Aldya, A. P., Rahmatulloh, A., & Arifin, M. N. (2019). Stateless Authentication with JSON Web Tokens using RSA-512 Algorithm. JURNAL INFOTEL, 11(2), 36. https://doi.org/10.20895/infotel.v11i2.427

Ed-Douibi, H., Izquierdo, J. L. C., Gómez, A., Tisi, M., & Cabot, J. (2016). EMF-REST: Generation of RESTful APIs from models. Proceedings of the ACM Symposium on Applied Computing, 04-08-April-2016, 1446–1453. https://doi.org/10.1145/2851613.2851782

Ethelbert, O., Moghaddam, F. F., Wieder, P., & Yahyapour, R. (2017). A JSON token-based authentication and access management schema for cloud SaaS applications. Proceedings - 2017 IEEE 5th International Conference on Future Internet of Things and Cloud, FiCloud 2017, 2017-January, 47–53. https://doi.org/10.1109/FiCloud.2017.29

Gunawan, R., & Rahmatulloh, A. (2018). Optimasi Sistem Informasi Akademik View project Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) Studi Kasus STIKes BTH Tasikmalaya View project. https://www.researchgate.net/publication/332278532

Haupt, F., Leymann, F., Scherer, A., & Vukojevic-Haupt, K. (2017). A Framework for the Structural Analysis of REST APIs. Proceedings - 2017 IEEE International Conference on Software Architecture, ICSA 2017, 55–58. https://doi.org/10.1109/ICSA.2017.40

Insights of JSON Web Token. (2020). International Journal of Recent Technology and Engineering, 8(6), 1707–1710. https://doi.org/10.35940/ijrte.f7689.038620

Kumari, A., Yahya Abbasi, M., Kumar, V., & Khan, A. A. (2019). A secure user authentication protocol using elliptic curve cryptography. Journal of Discrete Mathematical Sciences and Cryptography, 22(4), 521–530. https://doi.org/10.1080/09720529.2019.1637155

Lee, A., & Han, J.-Y. (n.d.). Effective User Authentication System in an E-Learning Platform. In International Journal of Innovation, Creativity and Change. www.ijicc.net (Vol. 13). www.ijicc.net

Miguel, J., Caballé, S., Xhafa, F., & Prieto, J. (2015). Security in online web learning assessment: Providing an effective trustworthiness approach to support e-learning teams. World Wide Web, 18(6), 1655–1676. https://doi.org/10.1007/s11280-014-0320-2

Mousavi, S. M., & Shakour, Dr. M. H. (2019). Increasing Cryptography Security using Hash-based Message Authentication Code. International Journal of Engineering and Technology, 11(4), 1046–1056. https://doi.org/10.21817/ijet/2019/v11i4/191104086

Neumann, A., Laranjeiro, N., & Bernardino, J. (2021). An Analysis of Public REST Web Service APIs. IEEE Transactions on Services Computing, 14(4), 957–970. https://doi.org/10.1109/TSC.2018.2847344

Perkasa, M. I., & Setiawan, E. B. (2018). Pembangunan Web Service Data Masyarakat Menggunakan REST API dengan Access Token. ULTIMA Computing, X(1).

Rahmatulloh, A., Gunawan, R., & Nursuwars, F. M. S. (2019a). Performance comparison of signed algorithms on JSON Web Token. IOP Conference Series: Materials Science and Engineering, 550(1). https://doi.org/10.1088/1757-899X/550/1/012023

Rahmatulloh, A., Gunawan, R., & Nursuwars, F. M. S. (2019b). Performance comparison of signed algorithms on JSON Web Token. IOP Conference Series: Materials Science and Engineering, 550(1). https://doi.org/10.1088/1757-899X/550/1/012023

Sabir, B. E., Youssfi, M., Bouattane, O., & Allali, H. (2019). Authentication and load balancing scheme based on JSON Token for Multi-Agent Systems. Procedia Computer Science, 148, 562–570. https://doi.org/10.1016/j.procs.2019.01.029

Tihomirovs, J., & Grabis, J. (2017). Comparison of SOAP and REST Based Web Services Using Software Evaluation Metrics. Information Technology and Management Science, 19(1). https://doi.org/10.1515/itms-2016-0017

Downloads

Published

2022-06-30

How to Cite

Dalimunthe, S., Reza, J., & Marzuki, A. (2022). The Model for Storing Tokens in Local Storage (Cookies) Using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in E-Learning Systems. Journal of Applied Engineering and Technological Science (JAETS), 3(2), 149–155. https://doi.org/10.37385/jaets.v3i2.662