scholarly journals SISTEM INFORMASI BERBASIS E-BANKING

2021 ◽  
Author(s):  
Zahrullah
Keyword(s):  
Secure Socket Layer

PERANCANGAN SISTEM INFORMASI PEMBAYARAN ONLINE MENGGUNAKAN PAYMENT GATEWAYSeiring dengan semakin meluasnya penggunaan Internet, penggunaan untuk bisnis juga semakin meningkat, yaitu salah satunya untuk melakukan transaksi secara elektronik. Transaksi elektronik menguntungkan karena dapat mengurangi biaya transaksi bisnis dan dapat memperbaiki kualitas pelayanan kepada pelanggan. Walaupun demikian, sistem transaksi elektronik yang rapuh mudah sekali disalahgunakan oleh pihak – pihak yang tidak bertanggung jawab. Seperti layaknya sebuah transaksi dagang, transaksi elektronik melibatkan dua pihak. Informasi – informasi yang melibatkan transaksi elektronik, termasuk jumlah potongan yang harus dilakukan akun bank tertentu dan penambahan nilai uang pada akun yang lain telah menjadi sangat penting, sehingga dengan demikian menarik serangan – serangan, baik untuk mencuri informasi tersebut atau bahkan memodifikasinya, dalam melakukan transaksi elektronik yaitu Secure Socket Layer

Using a WWW-based Mail User Agent for Secure Electronic Mail Service for Health Care Users

1998 ◽  
Vol 37 (03) ◽  
pp. 247-253 ◽  
Author(s):  
K. Ohe ◽  
S. Kaihara ◽  
T. Kiuchi
Keyword(s):  
Information Exchange ◽  
Electronic Mail ◽  
Medical Professionals ◽  
Secure Socket Layer ◽  
User Agent ◽  
Mail Server ◽  
Hypertext Transfer Protocol ◽  
Secure Network ◽  
Mail Service ◽  
Mail System

AbstractWWW-based user interface is presented for secure electronic mail service for healthcare users. Using this method, communications between an electronic mail (WWW) server and users (WWW browsers) can be performed securely using Secure Socket Layer protocol-based Hypertext Transfer Protocol (SSL-HTIP). The mail can be encrypted, signed, and sent to the recipients and vice versa on the remote WWW server. The merit of this method is that many healthcare users can use a secure electronic mail system easily and immediately, because SSL-compatible WWW browsers are widely used and this system can be made available simply by installing a WWW-based mail user agent on a mail server. We implemented a WWWbased mail user agent which is compatible with PEM-based secure mail and made it available to about 16,000 healthcare users. We believe this approach is effective in facilitating secure network-based information exchange among medical professionals.

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

2020 ◽  
pp. 1-26
Author(s):  
Qinwen Hu ◽  
Muhammad Rizwan Asghar ◽  
Nevil Brownlee
Keyword(s):  
Secure Communication ◽  
Large Scale ◽  
Transport Layer ◽  
Security Level ◽  
Secure Socket Layer ◽  
Security Issues ◽  
Large Scale Analysis ◽  
Government Websites ◽  
Encrypted Communication ◽  
Specific Implementation

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web servers and clients, for different purposes such as online banking and e-commerce. However, many HTTPS vulnerabilities have been disclosed in recent years. Although many studies have pointed out that these vulnerabilities can lead to serious consequences, domain administrators seem to ignore them. In this study, we evaluate the HTTPS security level of Alexa’s top 1 million domains from two perspectives. First, we explore which popular sites are still affected by those well-known security issues. Our results show that less than 0.1% of HTTPS-enabled servers in the measured domains are still vulnerable to known attacks including Rivest Cipher 4 (RC4), Compression Ratio Info-Leak Mass Exploitation (CRIME), Padding Oracle On Downgraded Legacy Encryption (POODLE), Factoring RSA Export Keys (FREAK), Logjam, and Decrypting Rivest–Shamir–Adleman (RSA) using Obsolete and Weakened eNcryption (DROWN). Second, we assess the security level of the digital certificates used by each measured HTTPS domain. Our results highlight that less than 0.52% domains use the expired certificate, 0.42% HTTPS certificates contain different hostnames, and 2.59% HTTPS domains use a self-signed certificate. The domains we investigate in our study cover 5 regions (including ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC) and 61 different categories such as online shopping websites, banking websites, educational websites, and government websites. Although our results show that the problem still exists, we find that changes have been taking place when HTTPS vulnerabilities were discovered. Through this three-year study, we found that more attention has been paid to the use and configuration of HTTPS. For example, more and more domains begin to enable the HTTPS protocol to ensure a secure communication channel between users and websites. From the first measurement, we observed that many domains are still using TLS 1.0 and 1.1, SSL 2.0, and SSL 3.0 protocols to support user clients that use outdated systems. As the previous studies revealed security risks of using these protocols, in the subsequent studies, we found that the majority of domains updated their TLS protocol on time. Our 2020 results suggest that most HTTPS domains use the TLS 1.2 protocol and show that some HTTPS domains are still vulnerable to the existing known attacks. As academics and industry professionals continue to disclose attacks against HTTPS and recommend the secure configuration of HTTPS, we found that the number of vulnerable domain is gradually decreasing every year.

Applying Spring Security Framework with KeyCloak-based OAuth2 to Protect Microservice Architecture APIs for a Health eCoach System: A Proof-of-Concept Study (Preprint)

2021 ◽  
Author(s):  
Ayan Chatterjee ◽  
Andreas Prinz
Keyword(s):  
Open Access ◽  
Medical Devices ◽  
Data Protection ◽  
Experimental Testing ◽  
Virtual Private Network ◽  
Security And Privacy ◽  
Secure Socket Layer ◽  
Proof Of Concept ◽  
Private Network ◽  
Microservice Architecture

UNSTRUCTURED The Internet of Medical Things (IoMT) combines medical devices and applications connected to healthcare information technology systems using network technologies. With the flourishing adaptation rate of Internet-enabled medical devices in healthcare applications, we need to guarantee the security and privacy of electronic health records (EHRs) and communications among these IoMT devices, exposed web services, and the underlying infrastructure. This research is a proof-of-concept (PoC) study for implementing an integrated security solution with Spring Security and KeyCloak open-access platform (SSK) to safeguard microservice architecture application programming interfaces (APIs). Subsequently, we extended the security solution with a virtual private network (VPN), Bcrypt hash, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure following the Norwegian data protection policies and General Data Protection Regulation (GDPR). In this study, we have not proposed any new security solution; however, we have focused on accomplishing a hybrid security solution based on the established frameworks (e.g., Spring Security) and open-access software product (e.g., Keycloak) to protect microservice APIs for a health eCoach system as a PoC study. This study describes the methodological, technical, and practical considerations to protect REST interfaces only and ensuring the privacy of data in the system. We validate our SSK security implementation by theoretical evaluation and experimental testing. In addition, we compare the test results with related studies qualitatively to determine the effectiveness of the hybrid security solution (SSK).

scholarly journals A Study of major secure SDLC processes in web based applications

2018 ◽  
Vol 7 (2.4) ◽  
pp. 1
Author(s):  
Subhranshu Mohanty ◽  
Amar Kumar Mohapatra ◽  
Srikanta Patnaik
Keyword(s):  
Web Applications ◽  
Query Language ◽  
Development Program ◽  
Life Cycles ◽  
Secure Socket Layer ◽  
Web Development ◽  
Security Threat ◽  
Development Cycle ◽  
To Come ◽  
The Web

Web applications have become important but there are different types of security problems which could lead to tampering with details. The most common are cookies poisoning, structured query language, cross-site scripting and parameter tempering. This is the reason why most of the web companies today are verifying the type of content they receive and most importantly, from where the contents are originated. It has been thus noted from the above deduction that the major security threat has nothing to do with the Secure Socket Layer rather other layers in the web development program. In order to avoid such threats and other vulnerabilities, initial stages of the web development cycle need to be taken care of.Thus, the main focus of this research paper is to come up with a framework that would help to strengthen the security of the various stages in the web development cycle. For the same, various modules and life cycles have been used.

TLS, SSL, and SET

2008 ◽  
pp. 300-333
Author(s):  
Manuel Mogollon
Keyword(s):  
Credit Card ◽  
Web Server ◽  
Point Of View ◽  
Transport Layer ◽  
The Internet ◽  
Secure Socket Layer ◽  
End User ◽  
Credit Card Number ◽  
Transport Layer Security ◽  
Commercial Transaction

In an Internet commercial transaction, the secure Web server and the buyer’s computer authenticate each other and encipher the data transmitted using transport layer security (TLS) or secure socket layer (SSL) protocols. When a purchase is made online using a credit card, does the customer’s bank need to know what was purchased? Not really. Does the seller need to know the customer’s credit card number? Actually, the answer is no. The responses to these questions were the main premises of the secure electronic transaction (SET). In the late 1990’s, SET was approved as the credit card standard, but it failed to be accepted because of its cost and the problems regarding distribution of end-user certificates. However, SET is explained in this chapter as an ideal protocol, from the point of view of certificates, digital signatures, and cryptography for securing credit card transactions over the Internet.

scholarly journals Privacy enforcement on subscribers data in cloud computing

2021 ◽  
Vol 40 (2) ◽  
pp. 308-320
Author(s):  
S.A. Akinboro ◽  
U.J. Asanga ◽  
M.O. Abass
Keyword(s):  
Cloud Computing ◽  
Service Providers ◽  
Cloud Service ◽  
Cloud Provider ◽  
Sensitive Information ◽  
Secure Socket Layer ◽  
Brute Force ◽  
User Privacy ◽  
Platform As A Service ◽  
High Level

Data stored in the cloud are susceptible to an array of threats from hackers. This is because threats, hackers and unauthorized access are not supported by the cloud service providers as implied. This study improves user privacy in the cloud system, using privacy with non-trusted provider (PNTP) on software and platform as a service model. The subscribers encrypt the data using user’s personal Advanced Encryption Standard (AES) symmetric key algorithm and send the encrypted data to the storage pool of the Cloud Service Provider (CSP) via a secure socket layer. The AES performs a second encryption on the data sent to the cloud and generates for the subscriber a key that will be used for decryption of previously stored data. The encryption and decryption keys are managed by the key server and have been hardcoded into the PNTP system. The model was simulated using the Stanford University multimedia dataset and benchmarked with a Privacy with Trusted cloud Provider (PTP) model using encryption time, decryption time and efficiency (brute force hacking) as parameters. Results showed that it took a longer time to access the user files in PNTP than in the PTP system. The brute force hacking took a longer time (almost double) to access data stored on the PNTP system. This will give subscribers a high level of control over their data and increase the adoption of cloud computing by businesses and organizations with highly sensitive information.

Sign in / Sign up

Export Citation Format

Share Document