Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

A Semidecentralized PKI System Based on Public Blockchains with Automatic Indemnification Mechanism

The PKI framework is a widely used network identity verification framework. Users will register their identity information with a certification authority to obtain a digital certificate and then show the digital certificate to others as an identity certificate. After others receive the certificate, they must check the revocation list from the CA to confirm whether the certificate is valid. Although this architecture has a long history of use on the Internet, significant doubt surrounds its security. Because the CA may be attacked by DDoS, the verifier may not obtain the revocation list to complete the verification process. At present, there are many new PKI architectures that can improve on the CA’s single point of failure, but since they still have some shortcomings, the original architecture is still used. In this paper, we proposed a semidecentralized PKI architecture that can easily prevent a single point of failure. Users can obtain cryptographic evidence through specific protocols to clarify the responsibility for the incorrect certificate and then submit the cryptographic evidence to the smart contract for automatic judgment and indemnification.

Does the EU COVID Digital Certificate Strike a Reasonable Balance between Mobility Needs and Public Health?

The need to fight a highly aggressive virus such as SARS-CoV-2 has compelled governments to put in place measures, which, in the name of health protection, have constrained many freedoms we all enjoy, including freedom of movement, both nationally and within the European Union. In order to encourage and facilitate the return to free movement, the European Parliament has launched a “COVID-19 digital certificate.” A spirited debate centered around the use of this certificate is still ongoing among scholars, many of whom have pointed out the uncertainties relative to COVID-19 immunity, privacy issues and the risk of discriminatory effects. The authors, while highlighting some critical aspects, argue that the COVID digital certificate in its current approved version can effectively help prevent the spread of the infection and promote free movement, while upholding the right to health as much as possible. However, they also stress the need for a thorough information campaign to illustrate the advantages and limitations of this document in order to avoid creating a false sense of security in the public opinion, who may wrongly assume that the emergency has been overcome for good.

Lightweight Digital Certificate Management and Efficacious Symmetric Cryptographic Mechanism over Industrial Internet of Things

The certificate authority, a trusted entity, issues digital certificates which contain identity credentials to help Industrial Internet of Things (IIoT) devices to represent their authenticity in a secure means. The crucial challenge of a digital certificate is to how design a secure certification authority management system that can counteract cyberattacks on the IIoT network. Moreover, current IIoT systems are not capable of implementing complex mathematical operations due to their constrained power capacity and processing capability. This paper proposes an effective, secure symmetric cryptographic mechanism (ESSC) based on the certificate authority management and Elliptic Curve Diffie Hellman (ECDH) to share a digital certificate among IIoT devices. The proposed certificate authority is used to securely exchange the shared secret key and to resolve the problem of spoofing attacks that may be used to impersonate the identity of the certificate authority. Also, ESSC uses the shared secret key to encrypt the sensitive data during transmission through the insecure communication channel. This research studies the adversary model for ESSC on IIoT and analyzes the cybersecurity of ESSC in the random oracle model. The findings that result from the experiments show that ESSC outperforms the baseline in terms of communication, computation, and storage costs. ESSC thus provides an adequate lightweight digital certificate management and cryptographic scheme which can help in the detection and prevention of several cyberattacks that can harm IIoT networks.

Tanggung Jawab Notaris Dalam Menjaga Keamanan Digitalisasi Akta

The purpose of this research is to examine notary’s roles and responsibilities regarding data security of the parties. This study uses normative legal research methods. The results of this study indicate that the misuse of digital signatures can be avoided by taking preventive measures, such as increasing the security of computer device securities in accordance with the UN Congress Resolution policy standards as outlined in the Information and Electronic Transaction Law and Government Regulations on the Implementation of Electronic Systems and Transactions, one of which is the use of digital signature based on digital certificate. However, if the notary fails to maintain the security and data confidentiality of the parties in the deed that they make and keep, it can be related to neglecting to carry out the Notary's obligations in article 16 letter (f), to keep everything about the Deed made by the Notary confidential. Administrative sanctions for notary negligence include written warnings, temporary dismissal, honorific dismissal, or dishonorable dismissal. If the Notary is proven to have deliberately manipulated or caused the loss or damage of the deed so that it fulfills the elements of an illegal act based on Article 1365 of the Civil Code, civil and criminal sanctions may be imposed. Tujuan penelitian ini yaitu untuk mengkaji peran dan tanggung jawab notaris berkaitan dengan keamanan data para pihak. Studi ini menggunakan metode penelitian hukum normatif. Hasil penelitian ini mengunjukkan bahwa penyalahgunaan tanda tangan digital dapat dihindari dengan tindakan preventif yakni meningkatkan keamanan sekuritas perangkat komputer sesuai dengan standar kebijakan Resolusi Kongres PBB yang dituangkan dalam Undang-Undang Informasi dan Transaksi Elektronik serta Peraturan Pemerintah Penyelenggaraan Sistem dan Transaksi Elektronik, salah satunya dengan penggunaan digital signature berdasarkan digital certificate. Namun apabila notaris gagal menjaga keamanan dan kerahasiaan data para pihak dalam akta yang dibuat dan disimpannya, dapat dikaitkan dengan lalai menjalankan kewajiban Notaris dalam pasal 16 huruf (f) yakni merahasiakan segala sesuatu mengenai Akta yang dibuat Notaris. Sanksi administratif atas kelalaian notaris berupa peringatan tertulis, pemberhentian sementara, pemberhentian dengan hormat, atau pemberhentian dengan tidak hormat. Apabila Notaris terbukti dengan sengaja memanipulasi atau menyebabkan hilang maupun rusaknya akta sehingga memenuhi unsur perbuatan melawan hukum berdasarkan Pasal 1365 Kitab Undang-Undang Hukum Perdata, dapat dikenakan sanksi perdata dan pidana.

Socio-economic impact of Blockchain utilization on Digital certificates

This research is an effective digital certificate publishing activity by utilizing blockchain technology. By implementing decentralized systems and cryptography owned by the blockchain, it will potentially enlarge the educational progress space in Indonesia. The weakness of the current running system, lies in the difficulty of identifying the validity of a certificate issued by an educational institution. Therefore, the advantages that blockchain has, able to assist an educational institution, in establishing a widely accessible certification system infrastructure, to support the transparency and accountability of an educational institution, in identifying the validity of the certificate. Blockcert as one of MIT's tools, while acting as a barometer, is used to perform a series of activities in publishing activities and the implementation of official documents that are designed based on a technology commonly referred to as Blockchain. The research conducted will demonstrate that a decentralized consensus will be able to provide good distribution of information that can include all certificate deployment activities.

Enhancing Digital Certificate Usability in Long Lifespan IoT Devices by Utilizing Private CA

Today, smart devices and services have become a part of our daily life. These devices and services offer a richer user experience with a much higher quality of services than before. Many of them utilize sensing functions via cloud architecture to perform remote device controls and monitoring. Generally, the security of the communication between these devices and the service provider (e.g., cloud server) is achieved by using the TLS protocol via PKI standard. In this study, we investigate the risk associating with the use of public certificate authorities (CAs) in a PKI-based IoT system. An experiment is conducted to demonstrate existing vulnerabilities in real IoT devices available in the market. Next, the use of a private CA in the cloud-centric IoT architecture is proposed to achieve better control over the certificate issuing process and the validity period of the certificate. Lastly, the security analysis pointing out the strengths and drawbacks of the proposed method is discussed in detail.