Secured Cotabato City State Polytechnic College Web-Based Student Clearance System

The study describes the Secured CCSPC Web-Based Student Clearance System's use and predicted effects. Hypertext Transfer Protocol (HTTP), Hypertext Preprocessor (PHP), Sublime editor, Bootstrap, and MySQL as the database tool were used to create the clearance system. This system includes two-factor authentication for students and designated offices. In the clearance system, a Secure Socket Layer (SSL) for data transit, as well as a software firewall and anti-SQL Injection attack, were offered and implemented. The CCSPC Portal was linked to the web-based student clearance system and Web API, with Web API acting as a bridge between SIMone and the clearance system. SIMone's role is to offer just a limited amount of information on the web-based clearing, such as designated office operations, account status from the Cashier, and student profiles from the Registrar. Students and the approved offices in charge of signing the student clearance include the Graduating Class Association (GCA) Treasurer, Laboratory Custodian, Cashier, Librarian, Academic Related Services (ARS), SPEED Director, Department Chairperson, College Dean, and the Registrar. The ISO 9126-1 International Standard Tool for Software Evaluation, on the other hand, was utilized in the CCSPC beneficiaries' surveys to test the system's effectiveness and reliability.

SISTEM INFORMASI BERBASIS E-BANKING

PERANCANGAN SISTEM INFORMASI PEMBAYARAN ONLINE MENGGUNAKAN PAYMENT GATEWAYSeiring dengan semakin meluasnya penggunaan Internet, penggunaan untuk bisnis juga semakin meningkat, yaitu salah satunya untuk melakukan transaksi secara elektronik. Transaksi elektronik menguntungkan karena dapat mengurangi biaya transaksi bisnis dan dapat memperbaiki kualitas pelayanan kepada pelanggan. Walaupun demikian, sistem transaksi elektronik yang rapuh mudah sekali disalahgunakan oleh pihak – pihak yang tidak bertanggung jawab. Seperti layaknya sebuah transaksi dagang, transaksi elektronik melibatkan dua pihak. Informasi – informasi yang melibatkan transaksi elektronik, termasuk jumlah potongan yang harus dilakukan akun bank tertentu dan penambahan nilai uang pada akun yang lain telah menjadi sangat penting, sehingga dengan demikian menarik serangan – serangan, baik untuk mencuri informasi tersebut atau bahkan memodifikasinya, dalam melakukan transaksi elektronik yaitu Secure Socket Layer

PERANCANGAN SISTEM INFORMASI BERBASIS E-BANKING

PERANCANGAN SISTEM INFORMASI PEMBAYARAN ONLINE MENGGUNAKAN PAYMENT GATEWAYSeiring dengan semakin meluasnya penggunaan Internet, penggunaan untuk bisnis juga semakin meningkat, yaitu salah satunya untuk melakukan transaksi secara elektronik. Transaksi elektronik menguntungkan karena dapat mengurangi biaya transaksi bisnis dan dapat memperbaiki kualitas pelayanan kepada pelanggan. Walaupun demikian, sistem transaksi elektronik yang rapuh mudah sekali disalahgunakan oleh pihak – pihak yang tidak bertanggung jawab. Seperti layaknya sebuah transaksi dagang, transaksi elektronik melibatkan dua pihak. Informasi – informasi yang melibatkan transaksi elektronik, termasuk jumlah potongan yang harus dilakukan akun bank tertentu dan penambahan nilai uang pada akun yang lain telah menjadi sangat penting, sehingga dengan demikian menarik serangan – serangan, baik untuk mencuri informasi tersebut atau bahkan memodifikasinya, dalam melakukan transaksi elektronik yaitu Secure Socket Layer (SSL). Secure Socket Layer atau biasa disingkat SSL untuk komunikasi melalui Internet, yang artinya SSL berisi aturan untuk menjamin komunikasi yang terjadi aman. Jadi sebelum melakukan transaksi, protokol SSL harus dijamin terlebih dahulu. Maksudnya adalah pesan yang berfungsi sebagai tanda awal dimulainya saluran komunikasi yang aman, karena isi pesan untuk sesi komunikasi dan pesan ini merangkum dan mengirimkan seluruh hasil kesepakatan atas isi dari pesan SSL yang dipertukarkan sebelumnya dan nilai khusus yang menandakan pengirim pesan ini (client atau server). Layanan Payment Gateway telah menjadi terkenal di dunia online. Payment Gateway memberikan keuntungan lebih kepada customer yang bergantung kepada Internet untuk membeli produk – produk yang diinginkan, sehingga memerlukan transaksi uang secara online.Payment Gateway berguna untuk mendeskripsikan informasi pembayaran dan membandingkan nilai hash yang dikirimkan penjual. Apabila terjadi kecocokan, maka Payment Gateway yakin pembeli dan penjual telah sepakat mengenai pembelian yang dilakukan. Tugas Payment Gateway yang lain adalah melakukan pengesahan transaksi sesuai dengan kebijakan yang dimiliki oleh issuer kartu kredit. Yang menjadi pokok permasalahan, masih banyak orang terutama customer dan merchant masih tidak mengerti bagaimana sebenarnya cara kerja sistem transaksi online di internet. Pada hal bila ditinjau dari waktu sangat membantu Customer, dalam hal proses pembayaran online menggunakan payment gateway,dan manfaatnya supaya customer, merchant ataupun user lain bias mengerti tentang kinerja online yang aman.

Applying Spring Security Framework with KeyCloak-based OAuth2 to Protect Microservice Architecture APIs for a Health eCoach System: A Proof-of-Concept Study (Preprint)

UNSTRUCTURED The Internet of Medical Things (IoMT) combines medical devices and applications connected to healthcare information technology systems using network technologies. With the flourishing adaptation rate of Internet-enabled medical devices in healthcare applications, we need to guarantee the security and privacy of electronic health records (EHRs) and communications among these IoMT devices, exposed web services, and the underlying infrastructure. This research is a proof-of-concept (PoC) study for implementing an integrated security solution with Spring Security and KeyCloak open-access platform (SSK) to safeguard microservice architecture application programming interfaces (APIs). Subsequently, we extended the security solution with a virtual private network (VPN), Bcrypt hash, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure following the Norwegian data protection policies and General Data Protection Regulation (GDPR). In this study, we have not proposed any new security solution; however, we have focused on accomplishing a hybrid security solution based on the established frameworks (e.g., Spring Security) and open-access software product (e.g., Keycloak) to protect microservice APIs for a health eCoach system as a PoC study. This study describes the methodological, technical, and practical considerations to protect REST interfaces only and ensuring the privacy of data in the system. We validate our SSK security implementation by theoretical evaluation and experimental testing. In addition, we compare the test results with related studies qualitatively to determine the effectiveness of the hybrid security solution (SSK).

Privacy enforcement on subscribers data in cloud computing

Data stored in the cloud are susceptible to an array of threats from hackers. This is because threats, hackers and unauthorized access are not supported by the cloud service providers as implied. This study improves user privacy in the cloud system, using privacy with non-trusted provider (PNTP) on software and platform as a service model. The subscribers encrypt the data using user’s personal Advanced Encryption Standard (AES) symmetric key algorithm and send the encrypted data to the storage pool of the Cloud Service Provider (CSP) via a secure socket layer. The AES performs a second encryption on the data sent to the cloud and generates for the subscriber a key that will be used for decryption of previously stored data. The encryption and decryption keys are managed by the key server and have been hardcoded into the PNTP system. The model was simulated using the Stanford University multimedia dataset and benchmarked with a Privacy with Trusted cloud Provider (PTP) model using encryption time, decryption time and efficiency (brute force hacking) as parameters. Results showed that it took a longer time to access the user files in PNTP than in the PTP system. The brute force hacking took a longer time (almost double) to access data stored on the PNTP system. This will give subscribers a high level of control over their data and increase the adoption of cloud computing by businesses and organizations with highly sensitive information.

Design and Implementation of a Software-Based Advance Electronic Voting Machine Using Automatic Registration and Fingerprint Identification

In democratic countries, free and fair elections are required to quantify the populace's sentiments to form a government of representatives. It is challenging to maneuver due to the procedural variation from country to country and complexity. As paper-based electoral systems are slow and prone to error that take hours and ample manpower to announce the results, thus a secure efficient electoral system is always preferred. In this paper, we have proposed a secure implementation of auto-registration fingerprint identification-based electronic voting systems to overcome the aspect of accuracy and transparency. We have included a novel feature of automated registration to authenticate the user through identity before the vote casting. Moreover, credentials of voters are collected in a database including fingerprints, and communication of encrypted data between server and machine with secured Secure Socket Layer (SSL). Additionally, the voter can cast their votes through a touch screen Graphical User Interface (GUI), and once the voting time end, the screen can automatically disappear by authorizing admin to print Form-45. Conclusively, the proposed system count votes automatically that is much faster and accurate than the traditional voting techniques. Moreover, the results will be available to the general public in 1-2 hours which ensures fair elections.

Perancangan Sistem Keamanan File Transfer Protocol Dengan Secure Socket Layer Pada Server Centos 7

An advancement in communication technology currently has an influence on developments in data management in the joints of life, making the need for a media center something a must in digital archive storage. Data will not always be stored in personal computers, but it would be better if there was a centralized data container to be a solution in storage media, in order to prevent data loss or data backup. The term network (network) is used when there are at least two or more devices that are connected to one another. To carry out data exchange in this network, a protocol is used that specifies how data is exchanged, and one of the most widely used protocols is the File Transfer Protocol (FTP). FTP is generally useful as a means of exchanging files or data in a network. The FTP protocol is not secure enough, because when data transfer there is no security to protect it. Therefore the FTP protocol is necessary for additional security, by implementing the SSL security protocol or Secure Socket Layer Security protecting the FTP protocol during data transfer. SSL certificates are used for the purpose of handling the security of data packets transmitted over the network system. When SSL is activated, the server and client when the connection occurs will be encrypted so that the data cannot be seen by others. Keywords: FTP; Network; Server; SSL Abstrak: Suatu Kemajuan teknologi komunikasi saat ini memiliki pengaruh terhadap perkembangan didalam pengelolaan data didalam sendi kehidupan, membuat kebutuhan akan media center menjadi sesuatu yang harus dalam penyimpanan arsip digital. Data tidak selamanya akan tersimpan di dalam personal computer saja tetapi akan lebih baik jika ada wadah data terpusat menjadi solusi dalam media penyimpanan, agar menjaga dari kehilangan data atau cadangan data. Istilah jaringan (network) dipakai apabila terdapat minimal dua atau lebih perangkat yang terhubungkan satu dengan yang lainnya. Untuk melaksanakn pertukaran data didalam jaringan ini, digunakan protocol yang menspesifikasikan bagaimana data dipertukarkan, dan salah satu protocol yang banyak digunakan adalah File Transfer Protocol (FTP). FTP umumnya bermanfaat sebagai sarana pertukaran file atau data dalam suatu network. Protokol FTP tidaklah cukup aman, dikarenakan ketika transfer data tidak ada keamanan untuk melindunginya. Maka dari itu protokol FTP perlu untuk penambahan keamanan, dengan menerapkan protokol keamanan SSL atau Secure Socket Layer Security melindungi protokol FTP pada saat transfer data. Sertifikat SSL dimanfaatkan untuk keperluan menangani keamanan paket data yang ditransmisikan melalui sistem jaringan. Ketika SSL diakatifkan, maka server dan client ketika terjadi koneksi akan ter enkripsi sehingga data yang ada tidak dapat untuk dilihat oleh orang lain. Kata kunci: FTP;Network; Server; SSL

Securing sensor data transmission with ethernet elliptic curve cryptography secure socket layer on STM32F103 device

Currently there is no method, feature, or ability in securing data transmission in microcontroller systems and applications with client-server scheme communication, while major modern computer systems using secure socket layer (SSL) for establishing secure communication. However, ESP espressif based microcontroller has supported SSL communication to secure data transmission, but only works on the Wi-Fi network. A single-board computer based embedded system has fully supported SSL communication, but it costs a very high price. On the other hand, STM32F103 microcontrollers with a very affordable price even cheaper than the Arduino board has the opportunity to build secure data communication using SSL protocol based on MbedTLS library. In addition to wiznet W5100/W5500 ethernet shield, an STM32F103 SSL client device has been successfully built in this study. The SSL client device supports ECDHE ECDHA AES128 CBC SHA256 SSL cipher suite. The Apache web server must also be configured to support this cipher suite by generating OpenSSL ECC (elliptic curve cryptography) certificate. The system was tested with the LM35 analog temperature sensor, and as a result, the STM32F103 SSL client has successfully secured the data transmission to the Apache SSL web server. The communication time was 3 seconds for the first connection and 42 ms for the next data transmission.

Usulan Keamanan Sistem Informasi pada Penyelenggara Financial Technology (Fintech) Menggunakan Cobit 5 (Studi Kasus: Gandengtangan.org)

Gandengtangan.org adalah salah satu perusahaan startup di bidang financial technology (fintech) yang ada di Indonesia. Gandengtangan.org menyediakan layanan pengumpulan pinjaman (crowdlending) untuk para pelaku usaha sosial atau UMKM yang ada di Indonesia. Beberapa masalah yang muncul pada penelitian ini di antaranya: (1) kerentanan penggunaan internet terutama sektor finansial yang menjadi target serangan nomor 2 terbanyak. (2) Otoritas Jasa Keuangan (OJK) juga mewajibkan untuk setiap penyelenggara fintech di Indonesia agar dapat memenuhi standardisasi mengenai keamanan informasi pada perusahaannya. (3) Belum pernah dilakukaannya evaluasi terhadap keamanan sistem informasi di Gandengtangan. (4) Terjadinya 4 kasus keamanan informasi: satu kasus terkait phising, dua kasus tentang integrasi data, dan satu kasus terkait ssl (secure socket layer). Hal ini menunjukan keamanan informasi menjadi hal yang perlu mendapatkan perhatian penting pada Gandengtangan.org. Metode penilaian yang digunakan adalah perpaduan antara Process Assessment Model (PAM) dengan COBIT 5 Life cycle. Dipilih 5 domain yang berhubungan dengan keamanan pada COBIT 5 yakni, EDM03 (Ensure Risk Optimisation), APO12 (Manage Risk), APO13 (Manage Security), BAI06 (Manage Changes), dan DSS05 (Manage Security Services). Penelitian ini menghasilkan usulan keamanan informasi yang menjadi panduan Gandengtangan.org untuk mengantisipasi kerentanan keamanan pada bisnisnya dan untuk memenuhi persyaratan dari OJK.

Leak in OpenSSL

The term “hacker” has been spread around the world and has always been considered as a threat when we use the internet. We often hear hackers deface websites’ contents and break into system to steal private and confidential information, such as account’s username and password, credit card numbers and others. This is definitely an unethical behavior of irresponsible people who mostly aims to gain profit. However the term hacker, on the contrary actually originates from an expert computer technicians who tries to access the system to debug and fix security problems of the system. Nowadays there are dozens of websites out there and some of those websites have low level of security. Hacker can easily break through their system and steal their private confidential data but just because these websites have low level security, that doesn’t mean that it is ethical to break into someone’s system and read their data. It goes the same when someone entering other people’s house because the door was left open by the owner. As web development grows rapidly, security has become an essential part to make the website more secure and reliable. This is when a group of people decided to make a collaborative project on the implementation of SSL (Secure Socket Layer) and TLS (Transport Layer Security) that is available to be used by everyone. This project is called as OpenSSl and has been used by most of the websites in the internet today. What if this OpenSSL, which has been trusted and implemented by 2/3rd of the websites all around the world can be breached? Definitely it will attract dozens of hackers all around the world to do something unimaginably dangerous.