刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Balachandra Muniyal,K. V. Prema,Mamatha Balachandra

DOI: https://doi.org/10.48550/arXiv.1210.2934

2012-10-10

Abstract:The Public Key Infrastructure(PKI) provides facilities for data encryption, digital signature and time stamping. It is a system where different authorities verify and authenticate the validity of each participant with the use of digital certificates. A Certificate Policy (CP) is a named set of rules and it indicates the applicability of a certificate in a Public Key Infrastructure. Sometimes two companies or organizations with different PKIs merge. Therefore it would be necessary that their PKIs are also able to merge. Sometimes, the unification of different PKIs is not possible because of the different certificate policies. This paper presents a method to compare and assess certificate policies during merger and acquisition of companies.

Cryptography and Security

Tsara Ayuninggati,Eka Purnama Harahap,Raihan Junior,Mulyati

DOI: https://doi.org/10.34306/bfront.v1i01.3

2021-06-20

Blockchain Frontier Technology

Abstract:In the public key infrastructure, the certification authority is fully trusted, and the security of the public key infrastructure depends on the trust of the certification authority; however, recent attacks and corruption on the certification authority indicate that the certificate is forged when the certification authority fails . New solutions, blockchain-based public key infrastructure products and registry can repair vulnerabilities in public key infrastructure, especially weaker security systems. Proposals for infrastructure-based public key infrastructure. Public keys are still the target of global attacks. According to the registration of the target victim, it is signed as a temporary public key infrastructure based on the blockchain. High growth rates require permission to use the wallet. To solve this problem, this document introduces an integrated and responsible system for managing security certificates at the transport layer that represents the next generation of public key infrastructure.I merged two new architectures, introduced a new process, and created a registration and CA server. The domain owner has been notified. In supply chain management, the domain certificate signed by the CA is stored on the registration server, and the certificate server and the CA registration server are forwarded to the group that owns the domain. Compared with existing supply chain public key infrastructure products. The above-mentioned blockchain-based public key infrastructure scheme and registry are used for security and governance analysis.

A. Wiesmaier,M. Lippert,E. Karatsiolis,G. Raptis,J. Buchmann

DOI: https://doi.org/10.48550/arXiv.cs/0411065

2005-05-26

Abstract:National Root CAs enable legally binding E-Business and E-Government transactions. This is a report about the development, the evaluation and the certification of the new certification services system for the German National Root CA. We illustrate why a new certification services system was necessary, and which requirements to the new system existed. Then we derive the tasks to be done from the mentioned requirements. After that we introduce the initial situation at the beginning of the project. We report about the very process and talk about some unfamiliar situations, special approaches and remarkable experiences. Finally we present the ready IT system and its impact to E-Business and E-Government.

Cryptography and Security

DOI: https://doi.org/10.55057/ajrbm.2023.5.3.12

2023-09-30

Asian Journal of Research in Business and Management

Abstract:BPJS Kesehatan is a government-established Non-Profit Organization (NPO) in Indonesia that provides health insurance services to the entire population. The Department of Extension, Monitoring, and Participant Examination is responsible for expanding the participant base. Digital strategies have been implemented to improve efficiency of the performance, especially during the Covid-19 pandemic. However, there have been obstacles in reaching participant targets in 2020 and 2021. To measure the organization's digital maturity level and develop appropriate digital strategies, a mixed research method combining qualitative and quantitative approaches was used. Interviews and questionnaires were conducted with seven individuals directly involved in that department. The research identified four levels of digital maturity: Lagging, Adapting, Mature, and Best Practice. The average maturity level was found to be 2.63, ranging between Adapting and Mature. The research identified 27 indicators and categorized into five categories by 5 different theories: Digital Security, Communications, Data Management, Hardware & Infrastructure, and Program Management. Five digital strategies were recommended based on these categories: information and data literacy, communication and collaboration, digital content creation, security, and problem-solving. The study also contributes academically by combining digital maturity theories from TechSoup and Microsoft, focusing on the digital transformation of NPOs. Practical guidelines and recommendations were provided to BPJS Kesehatan Kupang for developing digital strategies. The adoption of appropriate digital technology can improve efficiency, participant registration, satisfaction, and community benefits. By implementing the right strategies, BPJS Kesehatan Kupang can effectively achieve participant expansion goals and contribute to research on NPOs in the healthcare sector in Indonesia.

Xiaolin Zhang,Chenghao Chen,Kailun Qin,Yuxuan Wang,Shipei Qu,Tengfei Wang,Chi Zhang,Dawu Gu

2024-10-26

Abstract:The signing key exposure of Certificate Authorities (CAs) remains a critical concern in PKI. These keys can be exposed by carefully designed attacks or operational errors even today. Traditional protections fail to eliminate such risk and one leaked key is enough to compromise the CA. This long-standing dilemma motivates us to consider removing CAs' signing keys and propose Armored Core, the first PKI security extension using the trusted binding of Physically Unclonable Function (PUF) for certificate operations. It makes key exposure impossible by eliminating the digital signing keys in CA. To achieve this, we design a set of PUF-based X.509v3 certificate functions for CAs to generate physically trusted "signatures" without using a digital key. Moreover, we introduce a novel PUF transparency mechanism to effectively monitor the PUF operations in CAs. We integrate Armored Core into real-world PKI systems including Let's Encrypt Pebble and Certbot. We also provide a PUF-embedded RISC-V CPU prototype. The evaluation results show that Armored Core can offer stronger security guarantees through signing key removal and without causing any extra overhead, but improves the overall performance by 11% on storage and 4.9%-73.7% on computation.

Cryptography and Security

Xiaolin Zhang,Chenghao Chen,Kailun Qin,Yuxuan Wang,Shipei Qu,Tengfei Wang,Chi Zhang,Dawu Gu

2024-09-06

Abstract:The signing key exposure of Certificate Authorities (CAs) remains a critical concern in PKI. These keys can be exposed even today by various attacks or operational errors. Traditional protections fail to eliminate such risk and one leaked key is enough to compromise the CA. This long-standing dilemma motivates us to consider removing CAs' signing keys and propose Armored Core, a PKI security extension using the trusted binding of Physically Unclonable Function (PUF) for certificate operations. It makes key exposure impossible by eliminating the digital signing keys for CA. To achieve this, we design a set of PUF-based X.509v3 certificate functions for CAs to generate physically trusted "signatures" without using a digital key. We have presented cryptographic proofs for these functions. Moreover, we introduce the first PUF transparency mechanism to effectively monitor the PUF operations in CAs. Armored Core is integrated into real-world PKI systems including Let's Encrypt Pebble and Certbot. We also provide a PUF-embedded RISC-V CPU prototype to verify the feasibility. The evaluation results show that Armored Core achieves key removal without introducing extra overhead, but improves the performance by 11% on storage and 4.9%~73.7% on computation.

Cryptography and Security

Nan Sun,Chang-Tsun Li,Hin Chan,Ba Dung Le,MD Zahidul Islam,Leo Yu Zhang,MD Rafiqul Islam,Warren Armstrong

DOI: https://doi.org/10.1109/ACCESS.2022.3168716

2022-04-02

Abstract:Advances of emerging Information and Communications Technology (ICT) technologies push the boundaries of what is possible and open up new markets for innovative ICT products and services. The adoption of ICT products and systems with security properties depends on consumers' confidence and markets' trust in the security functionalities and whether the assurance measures applied to these products meet the inherent security requirements. Such confidence and trust are primarily gained through the rigorous development of security requirements, validation criteria, evaluation, and certification. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for cyber security certification. In this paper, we conduct a systematic review of the CC standards and its adoptions. Adoption barriers of the CC are also investigated based on the analysis of current trends in security evaluation. Specifically, we share the experiences and lessons gained through the recent Development of Australian Cyber Criteria Assessment (DACCA) project that promotes the CC among stakeholders in ICT security products related to specification, development, evaluation, certification and approval, procurement, and deployment. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented.

Cryptography and Security,Computers and Society

Xiaolin Zhang,Chenghao Chen,Kailun Qin,Yuxuan Wang,Shipei Qu,Tengfei Wang,Chi Zhang,Dawu Gu

DOI: https://doi.org/10.48550/arxiv.2404.15582

2024-01-01

Abstract:The signing key exposure of Certificate Authorities (CAs) remains a critical concern in PKI. These keys can be exposed by carefully designed attacks or operational errors even today. Traditional protections fail to eliminate such risk and one leaked key is enough to compromise the CA. This long-standing dilemma motivates us to consider removing CAs' signing keys and propose Armored Core, the first PKI security extension using the trusted binding of Physically Unclonable Function (PUF) for certificate operations. It makes key exposure impossible by eliminating the digital signing keys in CA. To achieve this, we design a set of PUF-based X.509v3 certificate functions for CAs to generate physically trusted "signatures" without using a digital key. Moreover, we introduce a novel PUF transparency mechanism to effectively monitor the PUF operations in CAs. We integrate Armored Core into real-world PKI systems including Let's Encrypt Pebble and Certbot. We also provide a PUF-embedded RISC-V CPU prototype. The evaluation results show that Armored Core can offer stronger security guarantees through signing key removal and without causing any extra overhead, but improves the overall performance by 11 on storage and 4.9

Ajay Prasad,Saurabh Singh Verma,Ashok Kumar Sharma

DOI: https://doi.org/10.48550/arXiv.1007.0295

2010-07-02

Abstract:Services oriented grids will be more prominent among other kinds of grids in the present distributed environments. With the advent of online government services the governmental grids will come up in huge numbers. Apart from common security issues as in other grids, the authorization in service oriented grids faces certain shortcomings and needs to be looked upon differently. The CMMS model presented here overcomes all these shortcomings and adds to the simplicity of implementation because of its tight similarities with certain government services and their functioning. The model is used to prototype a State Police Information Grid (SPIG). Small technological restructuring is required in PKIX and X.509 certificates.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

LIU Bao-li,XIAO Xiao-chun,ZHANG Xu,ZHANG Gen-du

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.18.055

2007-01-01

Abstract:With the progressively development of PKI, the assessment of PKI has become more and more important. Security assurance level assessment is a key aspect of PKI assessment. Combined with analytic hierarchy process, linear weighted assessment, this paper provides an assessment method of PKI security assurance level.

Abel C. H. Chen

DOI: https://doi.org/10.1109/ICSSES62373.2024.10561274

2024-08-05

Abstract:In recent years, with the advancement of quantum computing, mainstream asymmetric cryptographic methods in the current Public Key Infrastructure (PKI) systems are gradually being threatened. Therefore, this study explores X.509 security certificates based on Post-Quantum Cryptography (PQC) and discusses implemented solutions. This study compares mainstream asymmetric cryptographic methods (including RSA and Elliptic Curve Digital Signature Algorithm (ECDSA)) with standard PQC methods (including Falcon, Dilithium, SPHINCS+), comparing the efficiency of certificate generation, signature generation, and signature verification. Finally, recommendations for a solution based on PQC for X.509 security certificates are proposed.

Cryptography and Security,Software Engineering

Adam Janovsky,Jan Jancar,Petr Svenda,Łukasz Chmielewski,Jiri Michalik,Vashek Matyas

DOI: https://doi.org/10.1016/j.cose.2024.103895

2024-07-02

Abstract:Products certified under security certification frameworks such as Common Criteria undergo significant scrutiny during the costly certification process. Yet, critical vulnerabilities, including private key recovery (ROCA, Minerva, TPM-Fail...), get discovered in certified products with high assurance levels. Furthermore, assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certified products. To address these problems, we conducted a large-scale automated analysis of Common Criteria certificates. We trained unsupervised models to learn which vulnerabilities from NIST's National Vulnerability Database impact existing certified products and how certified products reference each other. Our tooling automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. Further, we identify the security requirements that are associated with products being affected by fewer and less severe vulnerabilities. This indicates which aspects of certification correlate with higher security. We demonstrate how our tool can be used for better vulnerability mitigation on four case studies of known, high-profile vulnerabilities. All tools and continuously updated results are available at <a class="link-external link-https" href="https://seccerts.org" rel="external noopener nofollow">this https URL</a>

Cryptography and Security

F Pambudi Widiatmaka,Muh Harliman Saleh,Iing Mustain,Yeyen Herlina,Eko Wiyandi

DOI: https://doi.org/10.31098/cset.v3i1.749

2023-10-05

Abstract:Arriving Vessel Document Inspection System (Si-PDKT) is a web-based application that is implemented by utilizing information technology as a supporting tool for optimizing memorandum services in the process of inspecting arriving ship documents at the Class II Cirebon Harbormaster and Port Authority Office. The purpose of developing the Si-PDKT application that will be implemented in KSOP Class II Cirebon Section Legal Status and Ship Certification is more efficient management of ship data, digitally stored ship documents, avoiding document loss, facilitating the management of ship transactions, conducting validation and verification quickly. The method used is development research. In development research, a system design is carried out which is carried out in several stages based on an analysis of the needs of the system to be used. The stages are divided into three main stages, namely infrastructure requirements, system creation, and application usage. The research results show that the Si-PDKT that was built can be accessed at the address https://sipdkt.ksopcirebon.id. The stages of using Si-PDKT are (1) creating an account via email; (2) the user uploading the company decree; (3) After being verified, the user changes the profile; (4) on the company data menu, the user can choose the company where it works; (5) on the ship data menu, the user can add ships; (6) on the menu data memo-in contains the ship's data along with the documents and the memo-in (7.) If it has been filled in, a memo-in history will appear. At the end of verification from the operator, a verification status will appear where there is a color change following the verification status, and if you click on verification, the verification history will appear. If it has been verified as final, then the Memo In document can be downloaded.

Niels Menke,Kai Reinhard

DOI: https://doi.org/10.48550/arXiv.1012.4204

2010-12-21

Abstract:In 2008, the German Federal Office for Information Security issued the common criteria protection profile for Online Voting Products (PP-0037). Accord- ingly, we evaluated the Polyas electronic voting system, which is used for legally binding elections in several international organizations (German Gesellschaft for Informatik, GI, among others), for compliance with the common criteria protection profile and worked toward fulfilling the given requirements. In this article we pre- sent the findings of the process of creating a compliant security target, necessary restrictions and assumptions to the system design as well as the workings of the committee, and architectural and procedural changes made necessary.

Cryptography and Security

Sensia Gibsi Ompusunggu,Roy Valiant Salomo

DOI: https://doi.org/10.21776/ub.jiap.2019.005.01.10

2019-04-01

Jurnal Ilmiah Administrasi Publik

Abstract:Law Number 1 of 2004 concerning State Treasury Managing Government Systems in Indonesia. The Government of Indonesia has issued Government Regulation Number 60 of 2008 concerning the Government&#x27;s Internal Control System. Since the stipulation of Government Regulation Number 60 of 2008 has been approved for 10 years the regulation has been applied. However, the policy contained in Government Regulation Number 60 of 2008 has not been fully approved in Indonesia. The results of the government&#x27;s internal control system maturity evaluation of the maturity level of SPIP are still far from the Government&#x27;s target. In addition, the Supreme Audit Agency also found weaknesses in the Indonesian Government&#x27;s internal supervision system in 2015-2017 inspections. Things that hinder the implementation of the government&#x27;s internal control system in Indonesia include: (a) Weakness in terms of content and policy context; (b) There is no effect of applying sanctions; (c) Less consideration, according to consideration; (d) Error in agreement; (e) Management neglect; and (f) Collusion.

English Else

ZhiShuo Zhang,Wei Zhang,ZhiGuang Qin

DOI: https://doi.org/10.1109/sagc50777.2020.00026

2020-01-01

Abstract:Space-air-ground integrated network (SAGIN) is emerged as a versatile computing and traffic architecture in recent years. Though SAGIN brings many significant benefits for modern communication and computing services, there are many unprecedented challenges in SAGIN. The one critical challenge in SAGIN is the data security. In SAGIN, because the data will be stored in cleartext on cloud, the sensitive data may suffer from the illegal access by the unauthorized users even the untrusted cloud servers (CSs). Ciphertext-policy attribute-based encryption (CP-ABE), which is a type of attribute-based encryption (ABE), has been regarded as a promising solution to the critical challenge of the data security on cloud. But there are two main blemishes in traditional CP-ABE. The first one is that there is only one attribute authority (AA) in CP-ABE. If the single AA crashs down, the whole system will be shut down. The second one is that the AA cannot effectively manage the life cycle of the users’ private keys. If a user on longer has one attribute, the AA cannot revoke the user’s private key of this attribute. This means the user can still decrypt some ciphertexts using this invalid attribute. In this paper, to solve the two flaws mentioned above, we propose a multi-authority CP-ABE (MA-CP-ABE) scheme with the dynamical key revocation (DKR). Our key revocation supports both user revocation and attribute revocation. And the our revocation is time friendly. What’s more, by using our dynamically tag-based revocation algorithm, AAs can dynamically and directly re-enable or revoke the invalid attributes to users. Finally, by evaluating and implementing our scheme, we can observe that our scheme is more comprehensive and practical for cloud applications in SAGIN.

Risma Lukitowati,Kalamullah Ramli

DOI: https://doi.org/10.1166/jctn.2020.8823

2020-02-01

Journal of Computational and Theoretical Nanoscience

Abstract:The main purpose of information security is maintaining information assets that are owned by an organization, such as confidentiality, integrity, and availability (known as CIA). In maintaining information assets, a company usually manages information security by making and implementing an Information Security Management System (ISMS) policy. A widely used and applied ISMS policy in Indonesia is ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission). Indonesian telecommunications company PT ABC has implemented the ISO/IEC 27001:2013 standards and procedures. The company conducts an audit once a year to maintain the level of compliance with ISO/IEC 27001:2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of the company’s information security. This research focused on assessing how much information security awareness exists within PT ABC. Questionnaires were distributed in two departments of the company: supply chain management and service delivery of the Jakarta operations network. This research also examined company documents and surveillance audits in 2018. The employees were grouped based on their length of employment. The results of the questionnaires, with an error margin of 6%, were further compared with the results of the surveillance audit. Our data show that most employees who have worked at the company for more than six years understood and implemented ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked at the company for just one to two years.

Deuis Nur Astrida,Agung Restu Saputra,Akhmad Ikhza Assaufi

DOI: https://doi.org/10.33395/sinkron.v7i1.11249

2022-01-13

SinkrOn

Abstract:The use of computer networks in an agency aims to facilitate communication and data transfer between devices. The network that can be applied can be using wireless media or LAN cable. At SMP XYZ, most of the computers still use wireless networks. Based on the findings in the field, it was found that there was no user management problem. Therefore, an analysis and audit of the network security system is needed to ensure that the network security system at SMP XYZ is safe and running well. In conducting this analysis, a tool is needed which will be used as a benchmark to determine the security of the wireless network. The tools used are Penetration Testing Execution Standard (PTES) which is one of the tools to become a standard in analyzing or auditing network security systems in a company in this case, namely analyzing and auditing wireless network security systems. After conducting an analysis based on these tools, there are still many security holes in the XYZ wireless SMP that allow outsiders to illegally access and obtain vulnerabilities in terms of WPA2 cracking, DoS, wireless router password cracking, and access point isolation so that it can be said that network security at SMP XYZ is still not safe