Manajemen Kontrol Akses Berbasis Blockchain untuk Pendidikan Online Terdesentralisasi

Banyak pengguna menggunakan internet sebagai alat untuk layanan informasi yang lebih baik di lembaga pendidikan. Jaringan ini tidak memiliki penyedia layanan yang bertindak sebagai otoritas pusat dan pengguna memiliki kontrol lebih besar atas informasi mereka sehingga tidak ada pihak ketiga. Sehingga diusulkan sebagai solusi alternatif untuk sistem pembelajaran jaringan terpusat saat ini menggunakan Decentralized Online Educations (DOE). Banyak DOE telah diusulkan, namun keberadaan layanan Decentralized Online Educations (DOE) membutuhkan solusi terdistribusi yang efisien untuk melindungi privasi pengguna. Dalam beberapa tahun terakhir, banyak teknologi blockchain telah diimplementasikan ke dalam sistem pembelajaran sehingga sangat cocok untuk institusi pendidikan yang digunakan untuk menyelesaikan masalah privasi dalam sistem desentralisasi. Pada platform ini, menggunakan teknologi blockchain sebagai sistem penyimpanan, dan materi pembelajaran yang bersifat publik. Dalam studi ini, buat kerangka kerja kontrol akses yang dapat dikelola dan diaudit untuk Decentralized Online Educations (DOE) menggunakan teknologi blockchain untuk membahas definisi kebijakan privasi. Kunci publik yang digunakan oleh pemilik sumber daya menggunakan dari subjek untuk menentukan kebijakan akses dapat diaudit menggunakan Access Control List (ACL), sedangkan untuk mendekripsi data pribadi setelah izin akses divalidasi di blockchain menggunakan kunci pribadi yang terkait dengan akun Ethereum subjek. Untuk memberikan evaluasi dari pendekatan ini, gunakan testnet Rinkeby Ethereum untuk mengimplementasikan Kontrak Cerdas. Dan hasil dari percobaan ini dapat menunjukkan bahwa Access Control List (ACL) yang diusulkan menggunakan Attribute-Based Access Control (ABAC) dalam sistem pembelajarannya. Untuk mewujudkannya, diperlukan Access Control List (ACL).

Analisis Performa Access Control List Menggunakan Metode Firewall Policy Base

Pemanfaatan teknologi informasi mampu mendukung mobilitas yang begitu cepat dan sangat efesien. Kini, hampir semua transfer data dilakukan menggunakan jaringan komputer dan bersifat terbuka. dengan terjadinya transfer data yang bersifat terbuka hal ini mampu memicu terjadinya kejahatan didalam dunia jaringan komputer (cybercrime). Penerapan keamanan jaringan komputer merupakan hal yang sangat vital. untuk memiminalisir cybercrime didalam jaringan komputer, maka diterapkanlah keamanan jaringan menggunakan metode zone-based policy firewall. Zone-based policy firewall mampu melakukan pembatasan akses berdasarkan mekanisme keamanan yang digunakan untuk melindungi sistem internal dari gangguan para pelaku Cybercrime atau pihak-pihak lain yang ingin memasuki kedalam sistem tanpa mempunyai hak akses. dari hasil penelitian analisa performa access control list menggunakan metode zon based policy firewall didapatkan penerapan keamanan jaringan komputer zone-based policy firewall mampu membatasi akses menuju server dari client yang terhubung didalam jaringan yang sama. Serta zone-based policy firewall mampu menyembunyikan hop count yang dilalui untuk menghubungkan antara client dengan server.

Privacy Preservation for On-Chain Data in the Permission less Blockchain using Symmetric Key Encryption and Smart Contract

Blockchain technology provides several suitable characteristics such as immutability, decentralization and verifiable ledger. It records the transactions in a decentralized way and can be integrated into several fields like eHealth, e-Government and smart cities etc. However, blockchain has several privacy and security issues, one of them is the on-chain data privacy. To deal with this issue we provide a privacy-preserving solution for permission less blockchain to empower the user to take control of transaction data in the open ledger. This work focuses on designing and developing the peer-to-peer system using symmetric cryptography and ethereum smart contract. In this scheme, we create smart contracts for the interaction of the data provider, data consumer, and access control list. Data providers register authorized users in the access control list. Data consumers can check their validity in the access control list. After successful validation, data consumers can request the security key from data providers to access secret information. Based on successful validation, a smart contract that is created between the data provider and data consumer is executed to send a key to the data consumer for accessing the secret information. The smart contracts of this proposed model are modeled in solidity, and the performance of the contracts is assessed in the Ropsten test network.

An efficient algorithm to detect DDoS amplification attacks

Domain name system (DNS) plays a critical part in the functioning of the Internet. But since DNS queries are sent using UDP, it is vulnerable to Distributed Denial of Service (DDoS) attacks. The attacker can take advantage of this and spoof the source IP address and direct the response towards the victim network. And since the network does not keep track of the number of requests going out and responses coming in, the attacker can flood the network with these unwanted DNS responses. Along with DNS, other protocols are also exploited to perform DDoS. Usage of Network Time Protocol (NTP) is to synchronize clocks on systems. Its monlist command replies with 600 entries of previous traffic records. This response is enormous compared to the request. This functionality is used by the attacker in DDoS. Since these attacks can cause colossal congestion, it is crucial to prevent or mitigate these types of attacks. It is obligatory to discover a way to drop the spoofed packets while entering the network to mitigate this type of attack. Intelligent cybersecurity systems are designed for the detection of these attacks. An Intelligent system has AI and ML algorithms to achieve its function. This paper discusses such intelligent method to detect the attack server from legitimate traffic. This method uses an algorithm that gets activated by excess traffic in the network. The excess traffic is determined by the speed or rate of the requests and responses and their ratio. The algorithm extracts the IP addresses of servers and detects which server is sending more packets than requested or which are not requested. This server can be later blocked using a firewall or Access Control List (ACL).

Interoperable HL7 FHIR platform to report PCR SARS-CoV-2 tests from laboratories to the Chilean government (Preprint)

BACKGROUND Testing, traceability, and the isolation (TTI strategy) actions are a central strategy defined by WHO to contain the COVID-19 pandemic. In this sense, countries have had difficulties in counting the number of people infected with SARS-CoV-2. Errors in reporting results are a common factor as well as the lack of interoperability between laboratories and governments. Approaches aimed at sending spreadsheets via email expose patients' privacy and have increased the probability of errors due to re-typing and generate a delay in the notification of results. OBJECTIVE Design and develop an interoperable platform to report PCR SARS-CoV-2 tests from laboratories to the Chilean government. METHODS The methodology to design and develop the interoperable platform was comprised of six well-structured stages: 1) Creation of a minimum dataset to PCR SARS-CoV-2 tests, 2) Modeling process and endpoints where institutions interchange information, 3) Standards and interoperability design, 4) Software development, 5) Quality assurance and 6) Software implementation. RESULTS The main result was the interoperable FHIR platform to report PCR SARS-CoV-2 tests from laboratories to the Chilean government. The platform was designed, developed, tested, and implemented following a structured methodology. The platform's performance to 1,000 requests resulted in a response time of 240 milliseconds, throughput was 28.3 requests per second, and the process management time was 131 milliseconds. The platform has availability of 99.9 %. The security was implemented with JSON Web Token (JWT) to ensure confidentiality, authorization, and authentication. All the PCR SARS-CoV-2 tests were accessible through an Application Programming Interface (API) gateway with valid credentials and the right access control list. CONCLUSIONS The platform was implemented and is currently being used by UC Christus Laboratory. The platform is secure. It was tested adequately for confidentiality, secure authorization, authentication, and message integrity. This platform simplifies the reporting of PCR SARS-CoV-2 tests and reduces the time and probability of mistakes in counting positive cases. The interoperable solution with FHIR is working successfully and is open for the community, laboratories, and any institution that needs to report PCR SARS-CoV-2 tests.