Hasil Pencarian  ::  Simpan CSV :: Kembali

"Memasuki era transformasi digital, pertukaraan informasi menjadi aspek paling vital bagi hampir seluruh organisasi, terlebih lagi informasi rahasia dan strategis. Beragam preseden buruk tentang kebocoran informasi rahasia dan strategis di Indonesia menjadi tamparan keras yang harus dijawab dengan solusi efektif. Instansi XYZ telah mengembangkan aplikasi enkripsi file ABC pada tahun 2020 untuk menjawab tantangan pengamanan informasi rahasia khususnya yang ditransmisikan pada kanal elektronik. Hingga tahun 2022, aplikasi ABC telah diimplementasikan secara terbatas dan rencananya, skala implementasi akan diperluas secara nasional. Selang 2 tahun masa operasional, Instansi XYZ telah melakukan kajian terhadap keamanan algoritma yang digunakan dalam Aplikasi ABC, namun belum melakukan kajian mendalam terhadap keamanan rangkaian protokol yang digunakan dalam Aplikasi tersebut. Pada peneitian ini dilakukan analisis keamanan protokol registrasi, verifikasi pengguna, pembangkitan kunci, dan permintaan kunci untuk proses enkripsi-dekripsi Aplikasi ABC dengan pendekatan verifikasi formal menggunakan Scyther Tool. Analisis berfokus pada aspek jaminan kerahasiaan informasi dan autentikasi dengan empat kriteria yaitu secrecy, aliveness, synchronization, dan agreement. Hasil percobaan menunjukkan bahwa protokol-protokol tersebut telah menenuhi kriteria secrecy untuk informasi rahasia yang ditransmisikan namun memiliki kelemahan umum pada pada autentikasi khususnya untuk kriteria synchronization dan agreement. Berdasarkan kelemahan tersebut, peneliti mengajukan desain konseptual protokol yang mampu mengatasi kelemahan-kelemahan yang teridentifikasi. Hasilnya, desain protokol yang diajukan peneliti terbukti provably secure berdasarkan hasil pengujian dan memenuhi empat kriteria keamanan pada aspek kerahasiaan informasi dan autentikasi entitas dan isi pesan.

---

In the era of digital transformation, information exchange, especially confidential and strategic information has become the most vital aspect for almost all organizations. Various bad precedents regarding classified and strategic information leaks in Indonesia have become a slap in the face that must be acknowledge and answered with effective solutions. In 2020, XYZ Agency developed a file encryption application (ABC Application) to address the challenge of securing confidential information, especially those transmitted on electronic channels. Until 2022, the ABC Application has been implemented in a limited scope and its implementation is planned to be expanded nationally. After 2 years of operation, the XYZ Agency has conducted a study on the security of the algorithm used in ABC Application, but unfortunately has not conducted an in-depth study regarding the security of the protocol suite used in the Application. In this research, a security analysis of ABC application protocol suites, namely the registration protocol, user verification, key generation, and key request for the encryption-decryption process protocol was conducted through formal verification approach using the Scyther Tool. The analysis focuses on aspects of guaranteeing confidentiality of information and authentication with four criteria, namely secrecy, aliveness, synchronization, and agreement. The experimental results showed that these protocols meet the security criteria for the transmitted confidential information but have general weaknesses in the authentication aspect, especially for synchronization and agreement criteria. Based on these identified weaknesses, We proposed a robust conceptual protocol design to overcome these weaknesses. As a result, the proposed design was proved to be provably secure based on the test results and met the four security criteria in the aspects of information confidentiality and authentication in terms of entity authentication and message content integrity. "

"Seiring berjalannya waktu, era digitalisasi sudah semakin menjamur menuju berbagai macam faktor dalam kehidupan manusia, tak terkecuali dalam faktor finansial. Adapun salah satu bentuk kemajuan teknologi dalam sudut pandang finansial adalah dengan maraknya bank digital yang diyakini dapat memudahkan para nasabah untuk melakukan kegiatan di dalamnya secara online seperti pembuatan rekening hingga transaksi transfer uang tanpa harus mengunjungi kantor fisik. Karena seluruh aktivitas yang ada akan dilakukan sepenuhnya secara online, maka pihak bank digital telah mengimplementasikan algoritma enkripsi kriptografi untuk melindungi informasi pribadi dan data kredensial para nasabah bank digital tersebut. Namun, di lain sisi, algoritma enkripsi yang ada saat ini pun sudah cukup bervariatif. Dengan ini, akan dilakukan suatu penelitian yang akan mengkaji algoritma enkripsi kriptografi yang telah diimplementasikan oleh salah satu Bank Digital di Indonesia. Penelitian ini akan membahas algoritma enkripsi apa yang telah dipilih untuk mengamankan data-data kredensial terkait. Nantinya, pada akhir penelitian ini akan dilakukan analisis terhadap keamanan dari algoritma enkripsi tersebut dengan menghitung nilai Avalanche Effect yang ada. Adapun algoritma enkripsi tersebut dapat memiliki performa yang baik apabila menghasilkan nilai Avalanche Effect cenderung mendekati 50%.

---

As the time goes by, the era of digitalization has increasingly taken all over the place towards various factors in human life, including financial. One massive example of technological improvement from a financial point of view is the rise of digital banks which are believed to bring convenience for customers to carry out activities online such as creating accounts and transfer transactions without having to visit a physical office. Since all existing activities will be carried out entirely online, the digital bank has implemented a cryptographic encryption algorithm to protect the personal information and credential data of the digital bank's customers. However, on the other hand, the existing encryption algorithms are quite varied. Therefore, this study will be carried out which will examine the cryptographic encryption algorithm that has been implemented by one of the digital banks in Indonesia. This research will discuss which encryption algorithm has been chosen to secure all existing credential data. Later, at the end of this study, an analysis of the security of the encryption algorithm will be carried out by calculating the Avalanche Effect value. The encryption algorithm can have good performance if it produces an Avalanche Effect with value closer to 50%."

"Penyandian blok merupakan salah satu jenis enkripsi yang sering digunakan untuk komunikasi aman, karena dapat diimplementasikan dengan mudah dan praktis. Namun, sandi blok hanya dapat mengenkripsi satu blok data dengan ukuran tertentu. Oleh karena itu, penggunaan sandi blok disertai dengan mode-mode operasi, yang membagi data ke dalam beberapa blok dan melibatkan masukan-masukan lain. Dalam tulisan ini, beberapa mode operasi sandi blok dari skema enkripsi AES diimplementasikan dalam bahasa C dan dianalisis dari segi keamanan, performa, dan penggunaan sumber daya. Hasil perbandingan ini akan dapat digunakan sebagai pertimbangan untuk memilih metode enkripsi untuk beberapa kasus komputasi dimana sistem memiliki kemampuan terbatas dan performa lebih diutamakan.

---

Block ciphers are a type of encryption often used for secure communication, due to its ease of implementation and practicality. However, block ciphers can only encrypt one block of data at a time of a specific size. Therefore, block cipher implementations employ a mode of operation, that divides data into several blocks and involves other inputs. In this paper, several block cipher modes of operation with the AES cryptoscheme are implemented in the C programming language and analyzed from the security, performance, and resource perspectives. The results can then be used as information in determining an encryption method for a particular computation use case where system capabilities are limited and performance is an important factor."

"This book offers an in-depth study of the design and challenges addressed by a high-level synthesis tool targeting a specific class of cryptographic kernels, i.e. symmetric key cryptography. With the aid of detailed case studies, it also discusses optimization strategies that cannot be automatically undertaken by CRYKET (Cryptographic kernels toolkit. The dynamic nature of cryptography, where newer cryptographic functions and attacks frequently surface, means that such a tool can help cryptographers expedite the very large scale integration (VLSI) design cycle by rapidly exploring various design alternatives before reaching an optimal design option. Features include flexibility in cryptographic processors to support emerging cryptanalytic schemes; area-efficient multinational designs supporting various cryptographic functions; and design scalability on modern graphics processing units (GPUs). These case studies serve as a guide to cryptographers exploring the design of efficient cryptographic implementations."

"Preventing fault attacks without sacrificing performance is nontrivial and this is the subject of this book. Part I deals with side-channel analysis and its relevance to fault attacks. The chapters in Part II cover fault analysis in secret key cryptography, with chapters on block ciphers, fault analysis of DES and AES, countermeasures for symmetric-key ciphers, and countermeasures against attacks on AES. Part III deals with fault analysis in public key cryptography, with chapters dedicated to classical RSA and RSA-CRT implementations, elliptic curve cryptosystems and countermeasures using fault detection, devices resilient to fault injection attacks, lattice-based fault attacks on signatures, and fault attacks on pairing-based cryptography. Part IV examines fault attacks on stream ciphers and how faults interact with countermeasures used to prevent power analysis attacks. Finally, Part V contains chapters that explain how fault attacks are implemented, with chapters on fault injection technologies for microprocessors, and fault injection and key retrieval experiments on a widely used evaluation board."

"Keamanan data pribadi merupakan tren keamanan siber yang menyita perhatian dunia. Pemerintah, praktisi dan akademisi bersama-sama membangun keamanan data pribadi dalam berbagai sistem komunikasi, termasuk IoT. Protokol komunikasi IoT yang banyak digunakan secara luas adalah protokol MQTT. Secara default, MQTT tidak menghadirkan fitur keamanan data berupa data enkripsi. Karena itu, dalam penelitian ini dilakukan desain dan implementasi Secure End-to-End Encryption pada protokol MQTT dengan Kriptografi Lightweight berbasis Block Cipher. Protokol didesain dengan memanfaatkan skema Galantucci secret sharing dan algoritma kriptografi lightweight berbasis block cipher. Algoritma yang diterapkan antara lain adalah AES-128 mode GCM, GIFT-COFB, Romulus N1 dan Tiny JAMBU. Berdasarkan pengujian algoritma dalam protokol Secure End-to-End pada protokol MQTT pada ARM M4 dan ESP8266, diperoleh hasil bahwa algoritma Tiny JAMBU memiliki performa yang tercepat, diikuti AES-128 Mode GCM, GIFT-COFB dan Romulus N1. Pada NodeMCU, Tiny JAMBU memiliki rata-rata enkripsi 314 !" dan rata-rata waktu dekripsi 328 !". AES-128 mode GCM memiliki rata-rata waktu enkripsi 571 !" dan rata-rata waktu dekripsi 584 !". GIFT-COFB memiliki rata-rata waktu enkripsi 1093 !" dan rata-rata waktu dekripsi 1111 !". Sementara itu, Romulus N1 memiliki rata-rata waktu enkripsi 2159 !" dan rata-rata waktu dekripsi 2181 !". Pada STM32L4 discovery, Tiny JAMBU memiliki rata-rata enkripsi 81 !" dan rata-rata waktu dekripsi 85 !". AES-128 mode GCM memiliki rata- rata waktu enkripsi 164 !" dan rata-rata waktu dekripsi 165 !". GIFT-COFB memiliki rata-rata waktu enkripsi 164 !" dan rata-rata waktu dekripsi 166 !". Sementara itu, Romulus N1 memiliki rata-rata waktu enkripsi 605 !" dan rata-rata waktu dekripsi 607.

---

Personal data security is a cybersecurity trend that has captured the world's attention. Governments, practitioners and academics are jointly building personal data security in various communication systems, including IoT. The protocol that is widely used in IoT implementation is MQTT. By default, MQTT does not provide data security features in the form of data encryption. Because of this, a research was carried out on the design of Secure End-to-End Encryption MQTT with Block Cipher-Based Lightweight Cryptography. The protocol is designed by utilizing the Galantucci secret sharing scheme and a lightweight cryptographic algorithm based on a block cipher. The algorithms used include AES-128 GCM mode, GIFT-COFB, Romulus N1 and Tiny JAMBU. Our testing in the Secure End-to-End for MQTT protocol on ARM M4 and ESP8266, show that the fastest performance is produced by Tiny JAMBU, followed by AES-128 Mode GCM, GIFT-COFB and Romulus N1. Our testing in NodeMCU, Tiny JAMBU has an average encryption of 314 microsecond and an average decryption time of 328 microsecond. AES-128 GCM mode has an average encryption time of 571 microsecond and an average decryption time of 584 microsecond. GIFT-COFB has an average encryption time of 1093 microsecond and an average decryption time of 1111 microsecond. Meanwhile, Romulus N1 has an average encryption time of 2159 microsecond and an average decryption time of 2181 microsecond. On STM32L4 discovery, Tiny JAMBU had an average encryption of 81 microsecond and an average decryption time of 85 microsecond. AES-128 GCM mode has an average encryption time of 164 microsecond and an average decryption time of 165 microsecond. GIFT-COFB has an average encryption time of 164 microsecond and an average decryption time of 166 microsecond. Meanwhile, Romulus N1 has an average encryption time of 605 microsecond and an average decryption time of 607 microsecond."

"This book constitutes the thoroughly refereed post-conference proceedings of the 7th International Conference on Information Security and Cryptology, Inscrypt 2011, held in Beijing, China, in November/December 2011. The 24 revised full papers presented together with 2 invited talks were carefully reviewed and selected from 80 submissions. The papers present research advances in the areas of information security, cryptology, and their applications."

"Indonesia sejalan dengan pesatnya perkembangan teknologi dan informasi. Menjawab tantangan tersebut instansi ABC mengembangkan aplikasi XYZ sebagai salah satu solusi dalam pengamanan data dan informasi. Oleh karena itu, untuk memastikan kemampuan aplikasi tersebut dalam memberikan jaminan keamanan kepada pengguna, pada penelitian ini dilakukan analisis dan verifikasi keamanan protokol kriptografi aplikasi XYZ. Analisis dan verifikasi dilakukan melalui pendekatan verifikasi formal menggunakan alat bantu Scyther dengan focus pada protokol verifikasi pengguna, pembangkitan kunci, dan permintaan kunci untuk proses enkripsi-dekripsi. Hasil analisis menunjukan bahwa protokol-protokol tersebut telah menenuhi kriteria secrecy untuk informasi rahasia yang ditransmisikan namun memiliki kelemahan pada aspek autentikasi. Penerapan sharedsecret dan rangkaian cryptographic nonce terbukti mampu mengatasi kelemahan pada protokol verifikasi pengguna aplikasi XYZ.

---

The increasing threats and attacks that result in data leakage in Indonesia are in line with the rapid development of technology and information. Responding to these challenges, the ABC agency developed the XYZ application as a solution for data and information security. Therefore, to ensure the application's ability to provide security guarantees to users, this research analyzes and verifies the security of the XYZ application cryptographic protocol. Analysis and verification is carried out through a formal verification approach using Scyther tools with a focus on user verification protocols, key generation, and key requests for the encryption-decryption process. The results of the analysis show that these protocols have met the secrecy criteria for transmitted confidential information but have weaknesses in the authentication aspect. The application of shared secret and a series of cryptographic nonces is proven to be able to overcome weaknesses in the XYZ application user verification protocol."

"Perkembangan informasi dan teknologi di Indonesia telah mendorong masyarakat untuk beradaptasi secara cepat. Hal ini semakin terlihat pada saat pandemi COVID-19, yang juga berdampak kepada perubahan pola aktivitas di masyarakat. Hampir semua kegiatan mengalami perubahan berfokus kepada pendekatan digital, termasuk dalam melakukan transaksi pembayaran. Kehadiran e-wallet menjadi salah satu adaptasi yang dirasakan oleh masyarakat Indonesia, karena sifat penggunaannya yang secara contactless dan effortless memberikan kemudahan bagi penggunanya. Setiap penyedia layanan e-wallet memiliki manfaat, kepuasan, dan resikonya yang berbeda-beda. Hal tersebut yang menjadi faktor keberlanjutan dalam penggunaan aplikasi e-wallet. Penelitian ini dilakukan terhadap 522 responden yang merupakan pengguna aktif e-wallet dalam waktu satu bulan terakhir dari waktu mulai hingga akhir melakukan survei. Tim penulis melakukan pengolahan data setelah data telah dikumpulkan. Pengolahan data yang dilakukan menggunakan Partial Least Square Equation Modeling (PLS-SEM) dengan aplikasi SmartPLS 4 dan IBM SPSS Statistics 25. Tim penulis menemukan adanya prioritas faktor keamanan yang pengguna anggap memiliki pengaruh paling besar terhadap rasa aman mereka ketika menggunakan aplikasi e-wallet. Faktor-faktor tersebut terdiri dari information provided, user privacy, encryption, dan transaction process. Penelitian ini diharapkan dapat memberikan manfaat bagi penyedia layanan e-wallet sebagai referensi dalam mengevaluasi layanan yang telah dijalankan, sehingga layanan tersebut dapat digunakan secara berkelanjutan oleh pengguna.

---

The development of information and technology in Indonesia has encouraged people to adapt quickly. This was increasingly seen during the COVID-19 pandemic, which also had an impact on changes in activity patterns in society. Almost all activities have changed to focus on digital approaches, including in making payment transactions. The presence of e-wallets is one of the adaptations felt by the people of Indonesia, due to the nature of its use which is contactless and effortless to provide convenience for its users. Each e-wallet service provider has different benefits, satisfactions and risks. This is a factor of sustainability in the use of e-wallet applications. This research was conducted on 522 respondents who were active e-wallet users within the last one month from the start to the end of conducting the survey. The writing team performs data processing after the data has been collected. Data processing was carried out using Partial Least Square Equation Modeling (PLS-SEM) with the SmartPLS 4 and IBM SPSS Statistics 25 applications. The author's team found a priority of security factors that users considered had the greatest influence on their sense of security when using the e-wallet application. These factors consist of information provided, user privacy, encryption, and transaction processes. This research is expected to provide benefits for e-wallet service providers as a reference in evaluating services that have been implemented, so that these services can be used on an ongoing basis by users."

"This book presents a collection of automated methods that are useful for different aspects of fault analysis in cryptography. The first part focuses on automated analysis of symmetric cipher design specifications, software implementations, and hardware circuits. The second part provides automated deployment of countermeasures. The third part provides automated evaluation of countermeasures against fault attacks. Finally, the fourth part focuses on automating fault attack experiments. The presented methods enable software developers, circuit designers, and cryptographers to test and harden their products. "