Search

Your search keyword '"Sukarno"' showing total 68 results
Start Over Author "Sukarno" Publisher ieee
68 results on '"Sukarno"'

6. An Analytical Framework for Control Synthesis of Cyber-Physical Systems with Safety Guarantee

Author

Niu, Luyao, Maruf, Abdullah Al, Clark, Andrew, Mertoguno, J. Sukarno, and Poovendran, Radha

Subjects
FOS: Electrical engineering, electronic engineering, information engineering, Systems and Control (eess.SY), Electrical Engineering and Systems Science - Systems and Control
Abstract

Cyber-physical systems (CPS) are required to operate safely under fault and malicious attacks. The simplex architecture and the recently proposed cyber resilient architectures, e.g., Byzantine fault tolerant++ (BFT++), provide safety for CPS under faults and malicious cyber attacks, respectively. However, these existing architectures make use of different timing parameters and implementations to provide safety, and are seemingly unrelated. In this paper, we propose an analytical framework to represent the simplex, BFT++ and other practical cyber resilient architectures (CRAs). We construct a hybrid system that models CPS adopting any of these architectures. We derive sufficient conditions via our proposed framework under which a control policy is guaranteed to be safe. We present an algorithm to synthesize the control policy. We validate the proposed framework using a case study on lateral control of a Boeing 747, and demonstrate that our proposed approach ensures safety of the system.

Published
2022
Full Text
View/download PDF

7. A Compositional Approach to Safety-Critical Resilient Control for Systems with Coupled Dynamics

Author

Maruf, Abdullah Al, Niu, Luyao, Clark, Andrew, Mertoguno, J. Sukarno, and Poovendran, Radha

Subjects
FOS: Electrical engineering, electronic engineering, information engineering, Systems and Control (eess.SY), Electrical Engineering and Systems Science - Systems and Control
Abstract

Complex, interconnected Cyber-physical Systems (CPS) are increasingly common in applications including smart grids and transportation. Ensuring safety of interconnected systems whose dynamics are coupled is challenging because the effects of faults and attacks in one sub-system can propagate to other sub-systems and lead to safety violations. In this paper, we study the problem of safety-critical control for CPS with coupled dynamics when some sub-systems are subject to failure or attack. We first propose resilient-safety indices (RSIs) for the faulty or compromised sub-systems that bound the worst-case impacts of faulty or compromised sub-systems on a set of specified safety constraints. By incorporating the RSIs, we provide a sufficient condition for the synthesis of control policies in each failure- and attack- free sub-systems. The synthesized control policies compensate for the impacts of the faulty or compromised sub-systems to guarantee safety. We formulate sum-of-square optimization programs to compute the RSIs and the safety-ensuring control policies. We present a case study that applies our proposed approach on the temperature regulation of three coupled rooms. The case study demonstrates that control policies obtained using our algorithm guarantee system's safety constraints.

Published
2022
Full Text
View/download PDF

15. Thermal Characteristics of Tube Economizer with Serrated Fin

Author

Rif’ah Amalia, Fifi Hesty Sholihah, Aldila Sukarno Putri, and Teguh Hady Ariwibowo

Subjects
Materials science, Fin, Economizer, business.industry, Turbulence, Thermal, Flow (psychology), Heat transfer, Fluid dynamics, Mechanics, Computational fluid dynamics, business
Abstract

This works present Computational Fluid Dynamics model of serrated fin on tube economizer for thermal performance. One of the parameters that affect the heat transfer in the fin is turbulence. Increased turbulence can enhance heat transfer. In serrated fins, more turbulence than that of the solid fin. Generally, fin pitch could contribute to thermal performance. In this works, the serrated fin variations are pitch at 2.623 mm, 3.623 mm, 4.623 mm, 5.623 mm, and 6.623 mm. Solid fin is utilized as the benchmark of serrated fin performance improvement. The research method is carried out by using software ANSYS Fluent. The results show that the temperature distribution on the modified geometry of the serrated fin is better than the initial geometry of the solid fin. The serrated fin can increase the turbulence of the flue gas flow and make flue gas flows into the gap in the serrated fin, increasing the heat transfer that occurs. The effectiveness of the fins on serrated fins is higher than solid fins. In serrated fin, the fin effectiveness value is 2.77 at 2.623 mm fin pitch, while the fin effectiveness value on the solid fin is 2.46 at 2.623 mm fin pitch. In addition, the temperature distribution and fin effectiveness will decrease with increasing fin pitch.

Published
2021
Full Text
View/download PDF

17. How Can National Identity Card Reduce Authentication Risks in Enterprise Attendance Management System?

Author

Parman Sukarno, Abdul Aziz, and Rahmat Yasirandi

Subjects
Process (engineering), business.industry, media_common.quotation_subject, Attendance, Computer security, computer.software_genre, Authentication (law), Survey methodology, Respondent, Identity (object-oriented programming), Quality (business), Business, Smart card, computer, media_common
Abstract

The attendance process is widespread today in Indonesia. One everyday use case is recording attendance at an enterprise. However, the existing attendance system still poses some risks. One of the biggest causes is when the smart card used does not have a good quality guarantee and does not use an official Indonesian identity card, namely e-KTP. This issue causes the wasteful use of smart cards. In addition, this is not under the Law of the Republic of Indonesia. Therefore, this research focuses on utilizing the e-KTP as an authentication factor in recording attendance. In addition, this study uses two methods: survey methods and theoretical methods. As a result, the proposed mechanism system has fewer steps than the current enterprise’s (2 out of 3). With the e-KTP, the conclusion obtained indicate that the proposed mechanism has successfully mitigated all technical existing risks (R2, R4, and R5). User Agreement Testing also shows the same results, participant’s perspectives of R1 and R3 scenarios more feel comfortable with e-KTP as the proposed ID cards in their enterprise. This study has been founding a new mechanism approach that is handled 100% risk (5 risks are covered), with all of the enterprise respondent’s responses that showed the agreement about the more efficiency and effectiveness of the proposed scheme that using e-KTP than the enterprise’s smartcard owned.

Published
2021
Full Text
View/download PDF

18. Randomness, Uniqueness, and Steadiness Evaluation of Physical Unclonable Functions

Author

Rizka Reza Pahlevi, Rivaldo Ludovicus Sembiring, and Parman Sukarno

Subjects
Computer science, business.industry, Physical unclonable function, Process (computing), Arbiter, Cryptography, Computer security, computer.software_genre, Encryption, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Key (cryptography), Field-programmable gate array, business, computer, Randomness
Abstract

The development of the Internet of Things (IoT) can be found in various places. However, multiple kinds of attacks have also increased. IoT devices are very vulnerable to attacks, both physical and non-physical, because of their unmanned nature. In non-physical attacks, the most important thing is to secure the data on memory devices. Physical unclonable function (PUF) is the strongest and lightest method to securing memory devices and can be used on unmanned IoT devices. The advantage of PUF over current classical cryptography types is its compatibility on IoT devices with limited computing resources. However, before PUF can be claimed to provide security property, it must meet the evaluation indicators: randomness, uniqueness, and steadiness. PUF can be the best solution for securing data on IoT devices because the encryption process does not put a secret key on the device. Instead, the key is generated randomly. This research is evaluating two different PUF chips with the same PUF design. We designed the arbiter PUF on the FPGA and evaluated the results of the responses given. Through rigorous experiments, this research succeeded to evaluate the three indicators of PUF where the randomness is 54.43%:45.4%, and 25.88%: 74.2%, the uniqueness between chip is 69.53%, and lastly, the steadiness is 89.84%, and 91.41%.

Published
2021
Full Text
View/download PDF

22. Comparison of 5G NR Planning in Mid-Band and High-Band in Jababeka Industrial Estate

Author

Alfin Hikmaturokhman, Dina Rachmawaty, and Ari Sukarno

Subjects
Network planning and design, Non-line-of-sight propagation, Link budget, Computer science, business.industry, Mobile broadband, Real-time computing, Telecommunications link, Bandwidth (computing), Wireless, business, 5G
Abstract

New Radio (NR) is the fifth generation of wireless access technology that is able to provide extreme mobile broadband, massive connectivity and low-latency communications. This study aimed to compare network planning in mid-band at 2.6 GHz and in high-band at 26 GHz which enables very large bandwidth for multi-Gigabitper-second (Gbps) data rate transmission. The network planning used Mentum Planet 7.3 based on coverage area in the form of a case study in Jababeka Industrial Estate with an area of 22.67 km2. Link budget was calculated using Downlink Outdoor-to-Outdoor (O2O) with Line of Sight (LOS) and Non-Line of Sight (NLOS) scenarios based on the Urban Micro (UMi) and Urban Macro (UMa) propagation models with 3GPP TR 38.901 standardization. The simulation results showed that scenario 1 (downlink-O2OLOS) produced a better network than scenario 2 (downlinkO2O-NLOS). The NLOS scenario required a higher number of gNodeB than the LOS scenario because in the NLOS scenario, there was a trouble between the gNodeB and the user terminal. The maximum data rate at 2.6 GHz was 436.31 Mbps with an average SS-RSRP value of -96.01 dBm and an average SS-SINR value of 4.21 dB, while the maximum data rate for 26 GHz was 1.83 Gbps with an average SS-RSRP value of -78.14 dBm and an average SSSINR value of 0.46 dB.

Published
2020
Full Text
View/download PDF

23. Mitigating Risk of IoT Sensing Data Error Using Platform as a Data Handler

Author

Parman Sukarno, Muhamad Diaz Ramdani, and Rahmat Yasirandi

Subjects
0209 industrial biotechnology, Data error, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Sensing data, Service-level agreement, 020901 industrial engineering & automation, 0202 electrical engineering, electronic engineering, information engineering, Data verification, Service guarantee, Security level, business, Internet of Things, computer, Risk management
Abstract

Sensing node principally is only responsible for sending data to the server that later on will forward the data to the user. Through this mechanism, the user will receive the data from the sensing node based on the value sent without any data verification at the server-side. The data in this case could be invalid. Thus, error handling as the main problem of the research is needed. By ensuring that this problem is worth objectivity raising, then through the Risk Management Process Model, it is certain that this problem will cause an adverse threat. After identification, 6 arising risk were found, with the level of control at threat”. Furthermore, 7 Mitigation Actions (MA) were designed and grouped into 3 Mitigation Phases (MP). Mitigation plan was realized into a platform with several system blocks, including 2 middleware blocks giving data error handling service directly. Moreover, to ensure that the proposed platform has covered all existing risks, service guarantee agreement was made in the form of a Service Level Agreement (SLA).The test results showed that both SLA 1 and SLA 2 succeed in guaranteeing no more risk arising. The test results showed the security level value is 6/ 6=1, which means all of the risks are ”handled” status and succeed in scope of ”eliminate”. Eventually, when the proposed platform is adopted directly to the organizations that need it, it is expected that it can be the answer to the problem of error in data sensing.

Published
2020
Full Text
View/download PDF

24. Blacklisted IP Distribution System to handle DDoS attacks on IPS Snort based on Blockchain

Author

Parman Sukarno, Bram Andika Ahmad Al'aziz, and Aulia Arif Wardana

Subjects
business.industry, Computer science, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Denial-of-service attack, Blocking (statistics), law.invention, Distribution system, law, Server, Internet Protocol, Network performance, business, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, Ip address, Computer network
Abstract

The mechanism for distributing information on the source of the attack by combining blockchain technology with the Intrusion Prevention System (IPS) can be done so that DDoS attack mitigation becomes more flexible, saves resources and costs. Also, by informing the blacklisted Internet Protocol(IP), each IPS can share attack source information so that attack traffic blocking can be carried out on IPS that are closer to the source of the attack. Therefore, the attack traffic passing through the network can be drastically reduced because the attack traffic has been blocked on the IPS that is closer to the attack source. The blocking of existing DDoS attack traffic is generally carried out on each IPS without a mechanism to share information on the source of the attack so that each IPS cannot cooperate. Also, even though the DDoS attack traffic did not reach the server because it had been blocked by IPS, the attack traffic still flooded the network so that network performance was reduced. Through smart contracts on the Ethereum blockchain, it is possible to inform the source of the attack or blacklisted IP addresses without requiring additional infrastructure. The blacklisted IP address is used by IPS to detect and handle DDoS attacks. Through the blacklisted IP distribution scheme, testing and analysis are carried out to see information on the source of the attack on each IPS and the attack traffic that passes on the network. The result is that each IPS can have the same blacklisted IP so that each IPS can have the same attack source information. The results also showed that the attack traffic through the network infrastructure can be drastically reduced. Initially, the total number of attack packets had an average of 115,578 reduced to 27,165.

Published
2020
Full Text
View/download PDF

25. Overhead Analysis of the Use of Digital Signature in MQTT Protocol for Constrained Device in the Internet of Things System

Author

Andaresta Fauzan, Parman Sukarno, and Aulia Arif Wardana

Subjects
MQTT, Memory management, Digital signature, Computer science, business.industry, Payload, Overhead (computing), Encryption, business, Message queue, Signature (logic), Computer network
Abstract

This paper presents an overhead analysis of the use of digital signature mechanisms in the Message Queue Telemetry Transport (MQTT) protocol for three classes of constrained-device. Because the resources provided by constrained-devices are very limited, the purpose of this overhead analysis is to help find out the advantages and disadvantages of each class of constrained-devices after a security mechanism has been applied, namely by applying a digital signature mechanism. The objective of using this digital signature mechanism is for providing integrity, that if the payload sent and received in its destination is still original and not changed during the transmission process. The overhead analysis aspects performed are including analyzing decryption time, signature verification performance, message delivery time, memory and flash usage in the three classes of constrained-device. Based on the overhead analysis result, it can be seen that for decryption time and signature verification performance, the Class-2 device is the fastest one. For message delivery time, the smallest time needed for receiving the payload is Class-l device. For memory usage, the Class-2 device is providing the biggest available memory and flash.

Published
2020
Full Text
View/download PDF

26. Comparative Analysis of K-Nearest Neighbor and Decision Tree in Detecting Distributed Denial of Service

Author

Ilham Ramadhan, Muhammad Arief Nugroho, and Parman Sukarno

Subjects
Statistical classification, Computer science, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Feature extraction, Decision tree, Denial-of-service attack, Intrusion detection system, Data mining, computer.software_genre, computer, k-nearest neighbors algorithm, Flooding (computer networking)
Abstract

Distributed Denial of Service (DDoS) attacks are attacks made by several attackers by flooding the victim’s device with a packet. The ease of making DDoS attacks has led to an increase of these attacks in network traffic. In contrast, the method of non-machine learning Intrusion Detection System (IDS) is now seen very inaccurate. There is a need then for an IDS method with machine learning (ML) that is more accurate in detecting attacks. Several previous studies have known that the K-Nearest Neighbor (KNN) and Decision Tree (DT) algorithms are two algorithms with high accuracy in detecting DDoS attacks. However, research comparing the two algorithms is not found so far. In this study, a comparative analysis was carried out between the two algorithms. The result of this study showed that DT had a higher accuracy with an accuracy value of 99.91% than KNN which only had an accuracy value of 98.94% in detecting DDoS attacks.

Published
2020
Full Text
View/download PDF

27. Security Functional Requirements for The Development of a Biometrics Attendance System

Author

Parman Sukarno, Rahmat Yasirandi, Mhd. Algiansyah, and Emiya Fefayosa Br Tarigan

Subjects
021110 strategic, defence & security studies, Authentication, business.industry, Process (engineering), Computer science, 0211 other engineering and technologies, Attendance, Information technology, Functional requirement, 02 engineering and technology, Computer security, computer.software_genre, Product (business), Protection Profile, Common Criteria, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer
Abstract

The traditional validation process of the attendance system today still has myriad threats in its use. One of that is popularly known as the manipulation of attendance data (especially if using paper-based). This study aims to improve security during the validation system by designing a security document that can be used as a guide when developing an attendance system. After following each step in the common criteria framework, a security document will be generated later. The document is also commonly referred to as the Protection Profile (PP) of the document. PP documents can be used as a basic guide when a developer will build a product. Generally, products related to security aspects need this kind of guidance. By describing 6 threats which are divided into 6 Security Objectives (SO). 11 Security Functional Requirements (SFR) are needed to deal with the threat. And at the end of the section, it is illustrated the correlation each SFR has been able to overcome all threats. With every threat, SO, and SFR mapped.

Published
2020
Full Text
View/download PDF

28. How Can Fingerprint Improves The Payment Experience of a Drink Vending Machine?

Author

Parman Sukarno, Rahmat Yasirandi, and Satria Hutomo

Subjects
021110 strategic, defence & security studies, Mobile banking, Computer science, business.industry, media_common.quotation_subject, Fingerprint (computing), 0211 other engineering and technologies, Payment system, 02 engineering and technology, Computer security, computer.software_genre, Payment, Authentication (law), User experience design, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, Smart card, business, computer, media_common
Abstract

Many examples of technology on the payment scheme already help and facilitate transactions in Indonesia such as internet banking, ATM or debit cards, e-money, and also mobile banking. Included on drink vending machine, it is a sale that utilizes machines. Today’s commonly, drink vending machines still use coins or smart cards, which based on the Legal and Ethical Experience this factor is still have many weaknesses and threats, that can occur in this payment system. So the payment authentication factor is needed to pay more attention to user experience components, some of which are ownership, privacy, and security.So that in this study, the implementation of the fingerprint authentication scheme was made as an epayment factor based on user experience. This study uses a mixed-method in analyzing every pain problem of the research. Where to conduct exploratory studies through literature review and direct observation in the case of the application of the vending machines, especially in developing countries such as Indonesia. This research shows that the payment authentication system can solve the problem of the risk of system attack, the risk of topping up fails, it can harm the user (R1), if the user loses a smart card, the smart card is at risk of being used by not the owner (R2), if the data on the smart card is cloned, it can poses a risk to the system (R3). The conclusion of the proposed payment system can overcomes the existing problems obtained from the system security testing scenario. In addition, user agreement testing (R4 and R5) are also done by providing a questionnaire comparing the level of satisfaction of the existing and proposed payment systems, the results of this test shows that the user feels comfortable with the proposed payment system.

Published
2020
Full Text
View/download PDF

29. Notice of Removal: Material Handling Cost Analysis in Oil and Gas Company: (Case Study: Removal of Heat Exchanger with Rough Terrain Crane)

Author

Vinda Aprillia Ardita and Iwan Sukarno

Subjects
business.industry, Process (engineering), Business process, Computer science, media_common.quotation_subject, Fossil fuel, Terrain, Procurement, Heat exchanger, Process engineering, business, Function (engineering), Material handling, media_common
Abstract

The upstream oil and gas industry has an important role in economic development in Indonesia. The material handling process is one of the contributing factors in the optimization of industrial business processes. To optimize existing business processes in the upstream oil and gas industry then support in terms of both process material handlers is needed. The study was conducted at the company's oil and gas on Procurement function. The removal of the heat exchanger is performed using a crane capacity of 50 tons with a frequency of three times a day. The material removal process can negatively impact the company in case of inaccuracy of material handling processes. The negative impact that may arise, namely in terms of cost that may experience a loss. This research is faced with the problems of imprecision in material handling, resulting in the cost of materials handling companies. The method used to solve this problem is the calculation and analysis of total material handling costs. The results obtained based on these studies is a loss in terms of costs by 54.5% because the material handling process is not according to standards. The conclusion is better when the material handling process takes place can use 2 operators and time for 1 hour 6 minutes to reduce losses.

Published
2020
Full Text
View/download PDF

38. Toward Autonomy: Symbiotic Formal and Statistical Machine Reasoning

Author

J. Sukarno Mertoguno

Subjects
Binary analysis, Computer science, business.industry, media_common.quotation_subject, Set (abstract data type), Software, Scalability, Statistical inference, Machine reasoning, Software engineering, business, Autonomy, Strengths and weaknesses, media_common
Abstract

Different types of machine learning, statistical types, where its knowledge in contained in set of numbers, and formal types, where its knowledge is contained in set of rules or statements, have their own strengths and weaknesses. We argue that their strengths and weaknesses are complementary, and develop a concept called Learn2Reason to harness their collective strength, without inheriting their weaknesses. The efficacy of Learn2Reason concept has been successfully demonstrated in software/binary analysis and cyber security areas. Adoption of the concept significantly improve the performance and scalability of software/binary analysis and cyber security applications and tools.

Published
2019
Full Text
View/download PDF

39. Adopting Fingerprint as an Authentication Factor on E-Ticketing Mechanism

Author

Rahmat Yasirandi, Raden Muhammad Ichsan Al Rasyid, and Parman Sukarno

Subjects
010302 applied physics, Biometrics, Computer science, Mechanism (biology), Fingerprint (computing), 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Security testing, Authentication (law), ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Survey methodology, Factor (programming language), 0103 physical sciences, Ticket, 0202 electrical engineering, electronic engineering, information engineering, computer, computer.programming_language
Abstract

E-ticketing system is one of the most commonly used system these days. One common use case for e-ticketing is in ticket sales. Unfortunately, there are risks involved in existing e-ticketing systems. One of the biggest causes of risks consists of when the physical tickets are involved in its identification system. This research focuses on increasing the number of physical ticket authentication factors. Moreover, this research involves two methods; survey and theoretical method. The survey method is a research method used to collect physical tickets mainly based on oral and/or written communication. This research also uses literature where the research method is based on research from conferences, journals, and data from the data industry. The e-ticketing systems nowadays are still at the what you have level, while those proposed systems have risen at the what you are level. With fingerprints as a biometric authentication factor, the results show that security testing successfully resolved the risks involved.

Published
2019
Full Text
View/download PDF

40. Mitigation of Cryptojacking Attacks Using Taint Analysis

Author

Muhammad Al Makky, Arief Dwi Yulianto, Aulia Arif Warrdana, and Parman Sukarno

Subjects
Cryptocurrency, Computer science, Cross-site scripting, 020206 networking & telecommunications, 02 engineering and technology, Man-in-the-middle attack, computer.software_genre, Computer security, Taint checking, Threat model, 0202 electrical engineering, electronic engineering, information engineering, Abuse case, Malware, 020201 artificial intelligence & image processing, computer
Abstract

Cryptojacking (also called malicious cryptocurrency mining or cryptomining) is a new threat model using CPU resources covertly “mining” a cryptocurrency in the browser. The impact is a surge in CPU Usage and slows the system performance. In this research, in-browsercryptojacking mitigation has been built as an extension in Google Chrome using Taint analysis method. The method used in this research is attack modeling with abuse case using the Man-In-The-Middle (MITM) attack as a testing for mitigation. The proposed model is designed so that users will be notified if a cryptojacking attack occurs. Hence, the user is able to check the script characteristics that run on the website background. The results of this research show that the taint analysis is a promising method to mitigate cryptojacking attacks. From 100 random sample websites, the taint analysis method can detect 19 websites that are infcted by cryptojacking.

Published
2019
Full Text
View/download PDF

41. Virtual Password Authentication Scheme in Hashed Domain

Author

Mohammad Zakie Faiz Rahiemy and Parman Sukarno

Subjects
Password, Authentication, 021103 operations research, Theoretical computer science, Plain text, Computer science, 0211 other engineering and technologies, 02 engineering and technology, computer.file_format, Keystroke logging, Login, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Brute-force attack, Personal computer, computer
Abstract

This paper proposes a virtual password authentication scheme which is able to work in the hashed domain. Many research in the area of virtual password have been proposed to overcome keylogger attacks. Unfortunately, current methods are still lack of complexities and have a short cracking time. Several research have partially overcome these problems. However, the proposed methods work only in the plain text domain which is vulnerable to the privacy and security attacks. To overcome this problem, we proposed a virtual password scheme that generates dynamic length of a random password consisting of both uppercase and lowercase alphabets, numbers, and symbols. Importantly, our method is also able to compare user’s password despite it is hashed. With an efficient algorithm that help this method’s computation time somewhat similar with regular login, the cracking time and complexity of this method are superior which scores 174 on password complexity and calculated to be cracked after 10,000+ and 9 centuries by brute force attack using a personal computer and conficker botnets respectively.

Published
2019
Full Text
View/download PDF

42. Overhead Analysis on the Use of Digital Signature in MQTT Protocol

Author

Parman Sukarno, Aulia Arif Wardana, and Husnul Hidayat

Subjects
MQTT, Secure Hash Algorithm, business.industry, Computer science, Payload (computing), 02 engineering and technology, Encryption, Digital signature, 020204 information systems, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), 020201 artificial intelligence & image processing, business, Message queue, Computer network
Abstract

This study proposes a digital signature scheme to secure messages sent by the publish/subscribe middleware Message Queue Telemetry Transport (MQTT) protocol. In which, it uses the Advanced Encryption System (AES) and Secure Hash Algorithm (SHA) with the end-to-end method and analyze the overhead of application of digital signature. Because, the disadvantage of MQTT is that there is no encryption process on the payload. In which, allows one to be able to find out the payload content that causes no privacy in the data. Data integrity is also a problem with MQTT. The purpose of this digital signature is to verify that the payload sent is a genuine one, which does not change during the transmission process, and the secrecy of the payload. After evaluating and testing the proposed system, the program can secure the MQTT payload. The addition of a security mechanism in MQTT such as the encryption process, decryption, verification results produces overhead in several aspects. The overhead used in this study is to measure the size of the payload, the time of sending messages, the process of the mechanism of digital signature security, memory consumption, and CPU usage. In an overhead analysis, overhead is carried out by examining various types of AES keys and multiple types of SHA. After examination, there is an increase in size for several aspects that have been mentioned because of the digital signature scheme.

Published
2019
Full Text
View/download PDF

43. Security Document for Smart Parking Gate based on Common Criteria Framework

Author

Rahmat Yasirandi, Parman Sukarno, and Yoso Adi Setyoko

Subjects
Authentication, business.industry, Computer science, Information technology, 020302 automobile design & engineering, 020206 networking & telecommunications, Functional requirement, Iso standards, 02 engineering and technology, Tree (data structure), 0203 mechanical engineering, Risk analysis (engineering), Common Criteria, 0202 electrical engineering, electronic engineering, information engineering, Smart card, business, Smart parking
Abstract

This research used Common Criteria Framework to design more complete security requirements than the previous research for smart parking gate. Common Evaluation Methodology (CEM) mentions that Common Criteria Framework must use ISO 15408. This research used ISO 15408 as a guideline for analyzing, designing, and documenting the system security requirements in a more complete and comprehensive smart parking gate. The initial stage of Common Criteria Framework is to analyze the threats that might occur on the system. This research refers to the threat tree analysis in ISO 15446 to obtain a list of threats that may occur in the system. Based on the threat tree analysis, there were 6 threats to the system built. The next step is mapping the threats to security objectives and obtaining 7 Security Objectives (SO). At the end of this study, the functional requirement of security for the system referring to the references obtained in the previous stage were analyzed. Therefore, 17 Security Functional Requirements (SFR) were obtained. Those 17 SFR can be used as references in developing a system on the smart parking gate to ward off the threats that have been identified initially.

Published
2019
Full Text
View/download PDF

44. Quality of Service (QoS) Comparison Analysis of Snort IDS and Bro IDS Application in Software Define Network (SDN) Architecture

Author

Hendrawan Hendrawan, Muhammad Arief Nugroho, and Parman Sukarno

Subjects
Computer science, business.industry, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, CPU time, 020206 networking & telecommunications, Throughput, 02 engineering and technology, Intrusion detection system, Signature (logic), ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Resource (project management), Packet loss, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Architecture, business, Computer network
Abstract

Intrusion Detection system (IDS) was an application which was aimed to monitor network activity or system and it could find if there was a dangerous operation. Implementation of IDS on Software Define Network architecture (SDN) has drawbacks. IDS on SDN architecture might decreasing network Quality of Service (QoS). So the network could not provide services to the existing network traffic. Throughput, delay and packet loss were important parameters of QoS measurement. Snort IDS and bro IDS were tools in the application of IDS on the network. Both had differences, one of which was found in the detection method. Snort IDS used a signature based detection method while bro IDS used an anomaly based detection method. The difference between them had effects in handling the network traffic through it. In this research, we compared both tools. This comparison are done with testing parameters such as throughput, delay, packet loss, CPU usage, and memory usage. From this test, it was found that bro outperform snort IDS for throughput, delay , and packet loss parameters. However, CPU usage and memory usage on bro requires higher resource than snort.

Published
2019
Full Text
View/download PDF

45. Improving The Accuracy of Fuzzy Vault Scheme in Fingerprint Biometric

Author

Parman Sukarno and Joni Saputra

Subjects
Minutiae, Password, Identification (information), Authentication, Biometrics, Computer science, business.industry, Fingerprint (computing), Cryptosystem, Pattern recognition, Cryptography, Artificial intelligence, business
Abstract

At present, authentication techniques using fingerprint biometrics have been widely used in various fields. This is because the authentication techniques using biometrics are safer and more comfortable than using traditional passwords. In order to realize this, a technique in the biometric cryptosystem is proposed in the research, called the fuzzy vault scheme. Although the fingerprint data in the form of minutiae can be protected with a fuzzy vault scheme compared to traditional authentication systems, it can reduce user convenience. Previous studies proposed a distance-based method in the fuzzy vault scheme. The distance-based method is proposed because it is no need to align and rotate the fingerprint image during registration or authentication. Then with the distance-based method also does not produce a helper data that can lead to information leakage that can be exploited by impostor. In the research, the distance-based method is proposed with several modifications, which are the minutiae filter and candidate points identification techniques. The previous method produces FRR 13.4375% and FAR 0.4515% and the proposed method produced FRR 8.9475% and FAR 0.3520%.

Published
2019
Full Text
View/download PDF

46. Reducing Attack Surface via Executable Transformation

Author

Ryan Craven, Matthew S. Mickelson, Daniel Koller, and Sukarno Mertoguno

Subjects
Source code, business.industry, Computer science, media_common.quotation_subject, Code reuse, Software development, Attack surface, Software maintenance, computer.file_format, Software deployment, Use case, Executable, business, Software engineering, computer, media_common
Abstract

Modern software development and deployment practices encourage complexity and bloat while unintentionally sacrificing efficiency and security. A major driver in this is the overwhelming emphasis on programmers' productivity. The constant demands to speed up development while reducing costs have forced a series of individual decisions and approaches throughout software engineering history that have led to this point. The current state-of-the-practice in the field is a patchwork of architectures and frameworks, packed full of features in order to appeal to: the greatest number of people, obscure use cases, maximal code reuse, and minimal developer effort. The Office of Naval Research (ONR) Total Platform Cyber Protection (TPCP) program seeks to de-bloat software binaries late in the life-cycle with little or no access to the source code or the development process.

Published
2018
Full Text
View/download PDF

47. Analysis and Classification of Danger Level in Android Applications Using Naive Bayes Algorithm

Author

Ridho Alif Utama, Parman Sukarno, and Erwid Musthofa Jadied

Subjects
Computer science, 020206 networking & telecommunications, 02 engineering and technology, Permission, computer.software_genre, Computer security, Naive Bayes classifier, Statistical classification, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Android application, Android (operating system), computer
Abstract

This paper considers danger level classification of Android applications based on permissions and vulnerabilities by using Naive Bayes (NB) algorithm in order to assist and inform users whether an application is safe to use or not. With the increasing development and use of Android, unfortunately, malicious software (malware) and malicious applications are also beginning to increase. Many methods have been proposed to protect Android, however, they are only able to detect or classify Android applications against malware based on permission. This kind of approach is still considered less effective, because there is no information in classifying the danger level of an Android application, be it malware or goodware. To overcome the problem, this research classifies the danger level into three categories namely, safe, suspicious, and dangerous. The accuracy obtained from this research is 97.2%. To our knowledge, this is the first and only work to use danger level classification of Android applications based on permissions and vulnerabilities.

Published
2018
Full Text
View/download PDF

48. Analysis of the Technology Acceptance Model (TAM) on Survey System Based Smartphone by the National Population and Family Planning Indonesia

Author

Nl. Meilani, Sukarno Sono, Titut Yuli Prihyugiarto, and Yuli Karyanti

Subjects
021110 strategic, defence & security studies, education.field_of_study, Government, Knowledge management, Data collection, Computer science, business.industry, 030231 tropical medicine, Population, 0211 other engineering and technologies, Information technology, 02 engineering and technology, Structural equation modeling, 03 medical and health sciences, Open data, 0302 clinical medicine, Accountability, Technology acceptance model, business, education
Abstract

There is a change in the technique or method of collecting and processing data on the Performance Monitoring Accountability (PMA) 2020 Survey by the National Population and Family Planning Indonesia, from a paper-based system to electronic-based which paperless system, one of the tools called Open Data Kit. This study was therefore aimed at identifying the users' perception and attitude towards the application of the new technology in this survey in Indonesia. One of the methods to determine the extent to which the users' acceptance of the application of a new technology is to use the Technology Acceptance Model. Data analysis was performed using the Structural equation Modelling with Analysis of Moment Structure software. The analysis results prove that out of six hypotheses, only one hypothesis is rejected. The results suggest that the application of a new technology system is acceptable and has no resistance from the supervisors and enumerators as the of smartphone-based surveys users. In conclusion, this technology is possible to apply in other surveys in Indonesia.

Published
2018
Full Text
View/download PDF

49. Hardening the Virtual Password Authentication Scheme

Author

Parman Sukarno, Mohammad Zakie Faiz Rahiemy, and Erwid Musthofa Jadied

Subjects
Password, 021103 operations research, computer.internet_protocol, Computer science, business.industry, 05 social sciences, 0211 other engineering and technologies, Botnet, 050801 communication & media studies, 02 engineering and technology, Authentication system, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0508 media and communications, Server, Password authentication protocol, The Internet, business, computer
Abstract

Although Internet has become one of most important parts and mostly needed by societies, that does not mean Internet is a safe place to share sensitive data. One of many unsolved Internet attacks is key-logger which is used to steal victim's data such as passwords. Researchers have done a lot of research to overcome these attacks. However, the authentication system still lacks password complexities which can be compromised with short cracking time and limited generated passwords. Therefore, we proposed a virtual password method that has the following rules: i) has minimum and maximum limit of password and ii) the generated passwords are not limited only to letters, but also numbers and symbols. With those rules, by using Kaspersky Lab secure password measurement, the cracking time can be significantly increased to 9 centuries on the conficker botnet with 10 million cores of processors. Moreover, by using Password Meter the proposed method gets score of 171.

Published
2018
Full Text
View/download PDF

50. An SSH Honeypot Architecture Using Port Knocking and Intrusion Detection System

Author

Ridho Maulana Arifianto, Parman Sukarno, and Erwid Musthofa Jadied

Subjects
Authentication, Honeypot, Port knocking, Computer science, Secure Shell, Data theft, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Port (computer networking), Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer
Abstract

This paper proposes an architecture of Secure Shell (SSH) honeypot using port knocking and Intrusion Detection System (IDS) to learn the information about attacks on SSH service and determine proper security mechanisms to deal with the attacks. Rapid development of information technology is directly proportional to the number of attacks, destruction, and data theft of a system. SSH service has become one of the popular targets from the whole vulnerabilities which is existed. Attacks on SSH service have various characteristics. Therefore, it is required to learn these characteristics by typically utilizing honeypots so that proper mechanisms can be applied in the real servers. Various attempts to learn the attacks and mitigate them have been proposed, however, attacks on SSH service are kept occurring. This research proposes a different and effective strategy to deal with the SSH service attack. This is done by combining port knocking and IDS to make the server keeps the service on a closed port and open it under user demand by sending predefined port sequence as an authentication process to control the access to the server. In doing so, it is evident that port knocking is effective in protecting SSH service. The number of login attempts obtained by using our proposed method is zero.

Published
2018
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results