Article Per Year (5 Year)
p-Index From 2019 - 2024
0.23
P-Index
This Author published in this journals
All Journal JUTI: Jurnal Ilmiah Teknologi Informasi
Azhar, Adistya
Departemen Teknik Informatika, Institut Teknologi Sepuluh Nopember
Computer Science & IT Dentistry Education Library & Information Science

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
IMPERSONATION METHOD ON AUTHORIZATION SERVER USING CLIENT-INITIATED BACK-CHANNEL AUTHENTICATION PROTOCOL Akbar, Rizky Januar; Ariyani, Nurul Fajrin; Azhar, Adistya; Andra, Andika
JUTI: Jurnal Ilmiah Teknologi Informasi Vol. 19, No. 1, Januari 2021
Publisher : Department of Informatics, Institut Teknologi Sepuluh Nopember

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.12962/j24068535.v19i1.a1022

Abstract

There is an impersonation (login as) feature in several applications that can be used by system administrators who have special privileges. This feature can be utilized by development and maintenance teams that have administrator rights to reproduce errors or bugs, to check specific features in applications according to the specific users’ login sessions. Beside its benefits, there is a security vulnerability that allows administrators to abuse the rights. They can access users’ private data or execute some activities inside the system without account or resource owners’ consents.This research proposes an impersonation method on authorization server using Client-Initiated Back-channel Authentication (CIBA) protocol. This method prevents impersonation without account or resource owners’ consent. The application will ask users’ authentication and permission via authentication device possessed by resource owners before the administrator performs impersonation. By utilizing authentication device, the impersonation feature should be preceded by users’ consent and there is no direct interaction needed between the administrator and resource owners to prove the users’ identities. The result shows that the implementation of CIBA protocol can be used to complement the impersonation method and can also run on the authorization server that uses OAuth 2.0 and OpenID Connect 1.0 protocols. The system testing is done by adopting FAPI CIBA conformance testing.
Co-Authors Akbar, Rizky Januar Andra, Andika Nurul Fajrin Ariyani