Analisa Implementasi Protokol HTTPS pada Situs Web Perguruan Tinggi di Pulau Jawa
Abstract
HTTPS protocol offers better data protection than regular HTTP protocol since it utilize cryptography, mainly encryption and authentication mechanism to provide confidentiality and authenticity to packets sent to and from servers. However, not all institutions have properly implemented HTTPS protocol for their web sites. This paper analyzed the implementation of HTTPS protocol for all higher education web sites in Java island. We found that only 28 out of 1505 (1.86%) of all higher education institution who have a domain name have been using HTTPS protocol for their main domain. Furthermore, not all of them have properly implemented HTTPS protocol. We analyzed all 28 domains and we found that 8 out of 28 (28.57%) institutions are still using SSLv3 protocol which is no longer recommended to be used since it’s vulnerable to POODLE attack, 9 out of 28 (32.14%) institutions are still using an old algorithm RC4 which is proven to be insecure, 4 out of 28 (14.28%) institutions only support up to TLS 1.0, and 6 out of 28 (21.42%) institutions are still using SSLv2 or reusing same RSA keys thus vulnerable to DROWN attack. Many of the best practices of implementing HTTPS protocol were also neglected. HTTP Strict Transport Security (HSTS) is used by 5 out of 28 (17.8%) institutions and none of them have implemented HTTP Public Key Pinning (HPKP).
Index Terms—cryptography, HTTPS, SSL, TLS
Downloads
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike International License (CC-BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Copyright without Restrictions
The journal allows the author(s) to hold the copyright without restrictions and will retain publishing rights without restrictions.
The submitted papers are assumed to contain no proprietary material unprotected by patent or patent application; responsibility for technical content and for protection of proprietary material rests solely with the author(s) and their organizations and is not the responsibility of the ULTIMATICS or its Editorial Staff. The main (first/corresponding) author is responsible for ensuring that the article has been seen and approved by all the other authors. It is the responsibility of the author to obtain all necessary copyright release permissions for the use of any copyrighted materials in the manuscript prior to the submission.