Hasil Pencarian  ::  Simpan CSV :: Kembali

"Over the last decade, mobile telecommunications has grown dramatically, from a niche technology to a massive industry. As the mobile phone becomes ubiquitous and the divisions between PCs, personal digital assistants, mobiles phones and other mobile devices becomes blurred, the security both of the information handled by these devices and the devices themselves becomes increasingly important. The book consists of 17 chapters covering current developments in security for mobility; underlying technologies; network security; mobile code issues; application security; and the future."

"Mobile phone security and forensics provides both theoretical and practical background of security and forensics for mobile phones. The author discusses confidentiality, integrity, and availability threats in mobile telephones to provide background for the rest of the book. Security and secrets of mobile phones are discussed including software and hardware interception, fraud and other malicious techniques used “against” users. "

"ABSTRAKTeknologi informasi dan komunikasi dimanfaatkan secara signifikan dalam kegiatan sehari-hari, sehingga infrastruktur kritis Inggris kini bergantung pada kondisi dalam lingkungan cyberspace. Hal ini tidak hanya memberikan manfaat, tetapi juga dapat menimbulkan ancaman yang dapat mempengaruhi stabilitas keamanan nasional. Oleh karena itu cyber security menjadi salah satu prioritas tertinggi dalam kebijakan keamanan nasional Inggris. Namun regulasi cyber security di Inggris sering kali mengundang perdebatan dan tentangan dari berbagai pihak. Penelitian ini bertujuan untuk mengkonstruksi pro dan kontra masyarakat terhadap regulasi tersebut serta menganalisis penyebab regulasi cyber security di Inggris bertentangan dengan prinsip HAM. Analisis dalam penelitian ini menggunakan teori keamanan dan teori masyarakat informasi dengan metode penelitian hukum normatif dan pendekatan kualitatif. Hasil dari penelitian ini menunjukkan bahwa regulasi cyber security di Inggris tidak mencerminkan nilai kebebasan individu serta dapat bersifat positif dan negatif di saat yang bersamaan. Di satu sisi bertujuan untuk melindungi kemanan seluruh warganya dari kejahatan serius dan di sisi lain tujuan tersebut diwujudkan melalui peraturan yang mencederai hak fundamental individu.

---

ABSTRACTInformation and communication technology utilized significantly in daily activities, so that critical infrastructures in the UK now dependent on conditions in cyberspace. It rsquo s not only bring advantages, but also could pose threats that affect national security. Therefore cyber security becomes one of the highest priorities in national security policy of the UK. Cyber security regulations in the UK are often invite debate and opposition from various parties. This study aimed to construct the pros and cons of the regulation and analyze the causes of its contrary to the principles of Human Rights. The analysis in this study uses security theory and the theory of the information society with normative legal research methods and qualitative approaches. The results of this study indicate that the regulation of cyber security in the UK do not reflect the values of individual freedom and could be positive and negative at the same time. On the one hand aims to protect the security of all citizens from serious crime and on the other hand this objective is manifested through regulations that harm the fundamental rights of individuals."

"Di era saat ini, kepemilikan terhadap informasi strategis dan kemampuan untuk mengelola informasi tersebut secara efektif telah menjadi suatu keunggulan yang signifikan. Berkaca dari pengalaman mengenai serangan terhadap komunikasi strategis di Indonesia diantaranya penyadapan percakapan Presiden Susilo Bambang Yudhoyono melalui jaringan Selular dan penyadapan rumah dinas Presiden Jokowi, kemudian Indonesia menaruh perhatian lebih terhadap keamanan pada sektor ini. Perangkat X adalah salah satu alat komunikasi strategis rahasia yang digunakan di Indonesia. Penggunaan perangkat ini digagas oleh Instansi XYZ. Hingga tahun 2020, telah terdapat 1.284-unit Perangkat X yang digunakan secara luas oleh TNI, POLRI, dan instansi lain yang bersifat strategis di Indonesia. Dalam selang 5 tahun operasional, Instansi XYZ telah melakukan kajian terhadap keamanan algoritma yang digunakan dalam Perangkat X, namun di satu sisi belum pernah dilakukan kajian terhadap keamanan protokol otentikasi dan komunikasi dari perangkat tersebut. Pada peneitian ini dilakukan analisis keamanan protokol komunikasi suara dan otentikasi Perangkat X dengan pendekatan verifikasi formal menggunakan Scyther Tool untuk melengkapi kajian keamanan Perangkat X sebagai salah satu perangkat komunikasi strategis rahasia di Indonesia. Analisis berfokus pada aspek jaminan kerahasiaan informasi dan otentikasi dengan empat kriteria yaitu secrecy, aliveness, synchronization, dan agreement. Hasil percobaan menunjukkan bahwa protokol otentikasi dan komunikasi suara Perangkat X dinilai telah menenuhi kriteria secrecy untuk informasi rahasia yang ditransmisikan namun belum memenuhi kriteria aliveness, synchronization, dan agreement pada beberapa entitas yang terlibat dalam protokol tersebut. Sehingga, protokol otentikasi dan komunikasi suara Perangkat X dapat dikatakan aman berdasarkan aspek kerahasiaan informasi, namun belum aman dilihat dari aspek otentikasi.

---

In the current era, the ownership of strategic information and the ability to effectively manage it has become a significant advantage. Reflecting on the experience of attacks on strategic communications in Indonesia, including the tapping of President Susilo Bambang Yudhoyono's conversation through the Cellular network and the tapping of President Jokowi's official residence, therefore Indonesia pays more attention to security in this sector. Device X is one of the secret strategic communication tools used in Indonesia. The XYZ Agency initiated the use of this device. Until 2020, there have been 1,284 X Device units widely used by the Army, Police Officer, and other strategic agencies in Indonesia. In 5 years of operation, the XYZ Agency has researched the algorithm security used in Device X, but on the one hand, there has never been a study of the security regarding the authentication and communication protocols of this device. This research aims to make a security analysis of voice communication and authentication protocols of Device X. The research was implemented using Scyther Tool as a formal verification approach. The analysis focuses on aspects of guaranteeing the confidentiality of information and authentication with four criteria, namely secrecy, aliveness, synchronization, and agreement. The experimental results show that the authentication and voice communication protocol of Device X is considered to have satisfied the secrecy criteria for transmitted confidential information but does not satisfy the criteria of aliveness, synchronization, and agreement on several entities involved in the protocol. Thus, the authentication and voice communication protocol of Device X can be claimed to be provably secure based on the confidentiality aspect of information but is not from the authentication aspect."

"ABSTRAKPenelitian kuantitatif ini berdasar dari fenomena order fiktif yang dilakukan sejumlah pengendara ojek daring sebagai pengguna aplikasi transportasi daring. Tujuan dari penelitian ini adalah untuk mengetahui pengaruh sanksi yang dirasakan dan kepercayaan moral terhadap intensi penyalahgunaan aplikasi mobile. Penelitian ini menggunakan dasar deterrence theory dan mengadopsi penelitian Hovav & DArcy (2012) dengan memodifikasi indikator pada variabel kepercayaan moral dan menghilangkan domain budaya negara. Pengumpulan data dilakukan dengan menggunakan kuesioner yang disebar secara langsung kepada pengendara ojek daring. Data yang berhasil diperoleh dari responden sebanyak 198 sampel. Pengolahan data menggunakan metode Partial Least Square-Structural Equation Modelling (PLS-SEM). Dari delapan hipotesis yang digunakan pada penelitian ini, tujuh hipotesis diterima dan satu hipotesis mengenai hubungan kepastian sanksi yang dirasakan terhadap intensi penyalahgunaan aplikasi mobile ditolak. Kesimpulan yang diperoleh pada penelitian ini adalah ketegasan sanksi yang dirasakan pengendara ojek daring serta keyakinan moral mereka memiliki hubungan yang signifikan dengan intensi melakukan penyalahgunaan aplikasi mobile, sedangkan kepastian sanksi yang dirasakan tidak memiliki hubungan yang signifikan dengan intensi pengendara ojek daring melakukan penyalahgunaan aplikasi mobile. Selanjutnya, juga dapat disimpulkan bahwa kendali keamanan, dalam bentuk kendali teknis dan kendali prosedural memiliki hubungan yang signifikan dengan kepastian sanksi yang dirasakan, ketegasan sanksi yang dirasakan, dan keyakinan moral pengendara ojek daring.

---

ABSTRACTThis quantitative research is based on the phenomenon of fictitious order made by a number of online motorcycle taxi drivers as users of ride-hailing mobile applications. The purpose of this study is to determine the effect of sanctions perceived and moral beliefs against the intention of mobile application abuse. This study uses deterrence theory and adopts Hovav & DArcy (2012) research by modifying the indicator on moral beliefs and eliminating the national cultural domain. Data were collected by using questionnaires that were distributed directly to motorcycle taxi drivers. 198 sample was collected and analysed using Partial Least Square-Structural Equation Modelling (PLS-SEM). Seven of the eight hypotheses are accepted and one hypothesis, regarding the relationship between perceived of sanctions certainty and intention of mobile application abuse, is rejected. The conclusion obtained in this research is perceived of sanction celerity by the online motorcycle-taxi rider and their moral belief has a significant relationship with the intention of mobile application abuse, whereas the perceived of sanction certainty does not have significant relationship with the intention of the online motorcycle taxi driver to abuse the mobile application. Furthermore, it also can be concluded that security countermeasures, in the form of technical control and procedural control, have a significant relationship with the perceived of sanction certainty, perceived of sanction celerity, and the moral beliefs of online motorcycle taxi drivers."

"Mobile context awareness presents work from industrial and academic researchers, focusing on novel methods of context acquisition in the mobile environment – particularly through the use of physical and virtual sensors – along with research into new applications utilising this context. In addition, the book provides insights into the technical and usability challenges involved in mobile context-awareness, as well as observations on current and future trends in the field."

"The authors present a methodology for formally describing security protocols and their environment. This methodology includes a model for describing protocols, their execution model, and the intruder model. The models are extended with a number of well-defined security properties, which capture the notions of correct protocols, and secrecy of data. The methodology can be used to prove that protocols satisfy these properties. Based on the model they have developed a tool set called Scyther that can automatically find attacks on security protocols or prove their correctness. In case studies they show the application of the methodology as well as the effectiveness of the analysis tool."

"Aplikasi berbasis web dengan kemudahan fitur yang ditawarkan bagi user membuat perusahaan-perusahaan menggunakannya sebagai aplikasi penunjang bisnis mereka. Namun dibalik kemudahan itu, aplikasi ini memiliki celah keamanan berupa suatu kerawanan yang dapat dieksploitasi apabila tidak ditangani dengan baik. Faktor keamanan suatu aplikasi harus diperhatikan tidak hanya saat aplikasi tersebut beroperasi, tapi sudah dimulai sejak aplikasi tersebut masih dalam proses pengembangan. Tidak adanya pedoman keamanan yang dapat dijadikan acuan dalam proses pengembangan aplikasi dapat berakibat pada kurangnya kualitas keamanan aplikasi yang akan dihasilkan. Penelitian ini berusaha menunjukkan suatu proses perancangan pedoman keamanan pengembangan aplikasi berbasis web studi kasus pada perusahaan industri telekomunikasi yang memiliki strategi mengembangkan sendiri aplikasi-aplikasi berbasis web sebagai penunjang bisnisnya. Proses diawali dengan kajian risiko keamanan aplikasi berbasis web dalam proses pengembangan aplikasi yang sudah ada dalam perusahaan tersebut. Dilanjutkan dengan pemilihan kontrol-kontrol untuk mengendalikan risiko hasil kajian tadi. Kajian risiko menggunakan kerangka kerja yang sudah dibakukan di perusahaan dan dikombinasikan dengan kerangka kerja kajian risiko dan kontrol standar dari OWASP dan NIST. Hasil yang diharapkan berupa pedoman keamanan pengembangan aplikasi berbasis web yang sesuai untuk lingkungan studi kasus tersebut.

---

Web base application with the rich fitur that can be offered to the user has motivate many companies to use it as a business application platform. But behind the simplicity, this application has a security vulnerability that can be exploited if not handled properly. Safety factor of the application must be considered not only when the application is in operation, but has started since the application is still under development. The absence of security guidelines that can be used as a reference in the application development process can result in a lack of quality security application that will be generated.

This study attempted to show a security guideline development process of designing a web-based application on a case study of the telecommunication industry company who have their own strategies to develop web-based applications to support its business. The process begins with the assessment of security risks in web based application development process existing applications within the enterprise. Followed by the selection of controls to control risk assessment results earlier.

Using a risk assessment framework that has been standardized across the enterprise and combined with the framework of risk assessment and control of the OWASP and NIST standards. Results are expected in the form of security guideline fort web-based application development environment in the case study."