Web-based Academic Information System Security

Abstract

Web-based Academic Information System (SIA) has been used by all students of the Faculty of Information Technology KH. A. Wahab Unwaha Jombang University. Because all student academic records are stored through the campus network, it is necessary to conduct research on security so that a secure system is obtained. This research was conducted with steps including analysis and testing of installed systems, analyzing needs, designing problem solutions, making repair modules, installing modules and retesting repair modules. From the results of the research conducted, it can be concluded that there are weaknesses in the login system. The weaknesses include the use of the Student Identification Number (NIM) as the default username and password, username and password data is not encrypted before being sent to the server over the network, traces of usernames and passwords left in the browser as a cache or in the password manager can be seen as unencrypted plaintext. From the security analysis results, the SIA login system can be improved by applying HMAC MD5 encryption technology and Challenge Handshake Authentication Protocol (CHAP). Challenge is generated by the server randomly and used as a key in the HMAC MD5 encryption process. With the use of challenge passwords sent in the form of hash values will always be different in each session. Javascript on the client side is used to perform encryption so that the data before being sent to the server is already in an encrypted state.