Analisis Keamanan Sistem Informasi Akademik Berbasis Web Di Fakultas Teknik Universitas Diponegoro

Satoto, Kodrat Iman and Isnanto, R. Rizal and Masykur, Ahmad. M (2008) Analisis Keamanan Sistem Informasi Akademik Berbasis Web Di Fakultas Teknik Universitas Diponegoro. Seminar Nasional Aplikasi Sains dan Teknologi . 175 - 186. ISSN 1979-911X

[img]
Preview
PDF - Published Version
388Kb

Abstract

Web-based Academic Information System (web-based AIS) has been used by all students of Faculty of Engineering, Diponegoro University, Semarang. Therefore, all student academic records through the campus network needs to be done research on the security system is established so that safe. The study was conducted by the steps of the analysis and testing of the system is installed, needs analysis, solution design problems, making improvements to the module, the module installation and repair module re-testing. From the results of research conducted can be concluded that there are weaknesses in the login system. Weaknesses include the use of the Students number identification (NIM), as a default user name and password, the data the user name and password is not encrypted before sent to the server through the network, track a user name and password left behind in browser as a manager in the cache or password can be seen as a simple text (plaintext) is not encrypted. From the results of the analysis of the security, login system of AIS can be improved by implementation of HMAC MD5 encryption technology and Challenge Handshake Authentication Protocol (CHAP). Challenge raised by the server randomly and used as an encryption key in the process of HMAC MD5. With the use of the challenge your password sent a hash value will always be different at each session. Javascript in the client-side encryption used to do so before the data is sent to the server is encrypted.

Item Type:Article
Subjects:T Technology > T Technology (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions:Faculty of Engineering > Department of Computer System
Faculty of Engineering > Department of Computer System
ID Code:5501
Deposited By:Mr. Siskom Admin
Deposited On:26 Jan 2010 09:30
Last Modified:26 Jan 2010 09:30

Repository Staff Only: item control page