Design of Secure Chatting Application with End to End Encryption for Android Platform

In this paper, a secure chatting application with end to end encryption for smart phones that used the android OS has beenproposed. This is achieved by the use of public key cryptography techniques. The proposed application used the Elliptic Curve DiffieHellman Key Exchange (ECDH) algorithm to generate the key pair and exchange to produce the shared key that will be used for theencryption of data by symmetric algorithms. The proposed Application allows the users to communicate via text messages, voicemessages and photos. For the text message security the standard AES algorithm with a 128 bit key are used. The generated key (160 bit)minimized to 128 bit length by selecting the first 128 bit of the generated key in order to be used by the AES algorithm. For the voice andimage security processes the proposed application used the symmetric algorithm RC4 for this purpose

2019 RPS KEAMANAN INFORMASI

SECURIT

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies

A Review of Technical Issues on IDS and Alerts

The fact that swindlers can trick computer and mobile systems to commit different criminal offenses have to lead to the current advancement in the domain of Intrusion Detection Systems (IDSs). While the toolkits are growing mechanisms for monitoring, analyzing, gathering and reporting activities that can endanger computer and mobile systems, however, they are frequently subjected to series of fiery debates over the years. Thus, a wide range of taxonomy has been proposed to clarify their strengths and weaknesses. Nonetheless, researchers often reticent from critical issues associated with the “used alerts” and “unused alerts” that the toolkits can generate to warn analysts. Thus, this paper presents the progression of the above mechanisms over the years; and exhaustively explains some salient issues that were faulted in the previous reviews. Finally, we suggest various ways to improve the efficacy of the toolkits and how to lessen cases of intrusions across the globe

L’EFFICACIA DEL NUOVO REGOLAMENTO UE 2016/679 (GDPR) SULLA PROTEZIONE DEI DATI PERSONALI NELLA REPUBBLICA DI CROAZIA

Nakon više od sedam godina od početne inicijative i četiri godine pregovora, novi europski okvir za zaštitu osobnih podataka konačno je usvojen u travnju 2016. godine. Opća EU uredba o zaštiti osobnih podataka 2016/679 ili GDPR (General Data Protection Regulation) zamjenjuje trenutnu EU direktivu i izravno se primjenjuje u svim državama članicama Europske unije. Mogućnost prilagodbe određenih dijelova ipak je ostavljena u nacionalnom zakonodavstvu zaključno s 25. svibnja 2018. kada se GDPR počinje primjenjivati! Ključna pretpostavka razvoja suvremene digitalne ekonomije temelji se na ubrzanom razvoju informacijskih i komunikacijskih tehnologija, istodobno stvarajući nove izazove i ugroze privatnosti i zaštite osobnih podataka. Obrada podataka, osobito obrada osobnih podataka, novi IT alati i digitalno tržište, razvilo je potrebu za povećanjem zaštite privatnosti novih digitalnih proizvoda i usluga. Rješenje je navedeno u novoj reformi EU okviru zaštite osobnih podataka koja unosi velike promjene u načine upravljanja osobnim podacima i izravno se primjenjuje na sve organizacije koje raspolažu osobnim podacima građana Europske unije. Također, GDPR sa sobom donosi bitne promjene u pravilima koja definiraju osobne podatke te uvoodi nove pojmove kao i usklađenost, planiranje, implementaciju, održavanje usklađenosti te procjenu učinka. U nekim slučajevima organizacije će trebati imenovati i kvalificiranog službenika za zaštitu osobnih podataka (DPO – Data Protection Officer) koji će odgovarati izravno Upravi. Ustanove i tvrtke dužne su usklađivanje završiti do 25. svibnja 2018., kada se GDPR počinje primjenjivati u cijeloj Europskoj uniji. U ovom radu autori će predstaviti odredbe i primjenu nove EU Uredbe o zaštiti podataka i odredbama javnog i privatnog sektora u provedbi GDPR-a, s posebnim naglaskom na procjenu učinka koja će osigurati modernizirani okvir za zaštitu podataka u Europi. Nova će pravila uspostaviti europski zakon o zaštiti podataka, uvodeći novu definiciju osobnih podataka i zamjenjujući trenutne nedosljedne nacionalne zakone u svrhu u povećanja razine zašite podataka kao i povećanja pravne sigurnosti u rastućoj digitalnoj ekonomiji.After more than seven years from the initial initiative and four years of negotiations, the new EU General Protection Regulation was finally adopted in April 2016. In full name Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (here and after GDPR) replaces the current EU Directive 95/46/ EZ and comes into force on the date of adoption and is directly applicable in all EU Member States. The ability to adapt certain parts is still left in national legislation as of May 25, 2018, when GDPR starts to apply!The key assumption of the development of the contemporary digital economy is based on the accelerated development of information and communication technologies, at the same time creating new challenges and threats to privacy and the protection of personal data. Data processing, especially personal data processing, new information and communication tools and the digital market, have developed the need to increase privacy protection of new digital products and services. The solution is mentioned in the new EU data protection framework called GDPR. The Regulation introduces major changes in personal data management and applies directly to all organizations that have personal data of EU citizens. Also, GDPR brings significant changes to the rules that define personal information and defines new concepts as well as compliance, planning, implementation and compliance compliance, as well as performance appraisal. In some cases the organization will also need to appoint a qualified Data Protection Officer who will be directly responsible to the Administration. Institutions and companies are required to complete alignment by May 25, 2018 - then the GDPR will come into force throughout the European Union. In this paper, authors will present the impact assessment of the new EU Data Protection Regulation and the legal remedies obligatory to the public and private sector in the implementation of GDPR, which will provide the modernized data protection framework in Europe. The new rules will establish the new European Data Protection framework introducing a new definition of personal data and replacing current inconsistent national laws with a view to increasing the level of data protection and increasing legal certainty in the growing digital economy.Nach mehr als sieben Jahren seit der Initiative dazu und nach vier Jahren von Verhandlungen wurde im April 2016 endlich der neue europäische Datenschutzrahmen verabschiedet. Die allgemeine Verordnung (EU) 2016/679 zum Schutz personenbezogener Daten oder GDPR (General Data Protection Regulation) hebt die Richtlinie 95/46/EG auf und wird direkt in alllen EU-Mitgliedstaaten angewandt. EUMitgliedstaaten andererseits dürfen Änderungen mancher Vorschriften vorschlagen und sie bis zum 25. Mai 2018 (Inkrafttreten der GDPR) der Kommission mitteilen. Die Entwicklung moderner digitaler Ökonomie beruht auf schneller Entwicklung der Informations- und Kommunikationstechnologie, aber gleichzeitig schafft sie neue Herausforderungen und Gefahren für den Schutz personenbezogener Daten. Die Datenverarbeitung, insbesondere die Verarbeitung personenbezogener Daten, neue IT-Tools und digitale Märkte haben das Bedürfnis nach Erhöhung des Schutzes personenbezogener Daten bei neuen digitalen Produkten und Diensten geweckt. Die Lösung dazu wurde in der neuen Reform des europäischen Datenschutzrahmens angeboten, welcher groβe Änderungen im Bereich der Verarbeitung personenbezogener Daten einführt und wird direkt an alle mit personenbezogenen Daten der EU-Bürger verfügenden Vereinigungen angewandt. Ebenfalls führt die GDPR wesentliche Änderungen in den Regeln zur Definierung personenbezogener Daten ein und definiert sowohl neue Begriffe als auch die schon bekannten Begriffe der Angleichung, Planung, Umsetzung, Aufrechterhaltung der Angleichung und Auswirkungsbewertung. In manchen Fällen sollten die Vereinigungen den Datenschutzbeauftragten (DPO – Data Protection Officer) ernennen, der direkt den höchsten Managementebene berichtet. Stiftungen und Unternehmen müssen die Angleichung bis zum 25. Mai 2018 beenden, wenn die GDPR in allen EU-Mitgliedstaaten in Kraft tritt. Diese Arbeit stellt die Bestimmungen und die Anwendung der neuen Verordnung (EU) zum Schutz personenbezogener Daten sowie auch die Bestimmungen des öffentlichen und privaten Sektors zur GDPR-Umsetzung unter besonderer Berücksichtigung der Bewertung ihrer Auswirkung dar. Neue Regeln werden zum europäischen Datenschutzrahmen beitragen, indem sie die neue Definition personenbezogener Daten einführen und uneinheitliche nationale Gesetze ersetzen, alles mit dem Ziel den Datenschutz und die Rechtssicherheit in der Zeit der ständig fortschreitenden Entwicklung digitaler Ökonomie zu erhöhen.Dopo più di sette anni dalla proposta iniziale e dopo quattro anni di trattative, finalmente nell’aprile del 2016 è stato emanato il nuovo quadro normativo in materia di protezione dei dati personali. Il Regolamento UE sulla protezione dei dati personali 2016/679 o anche noto come GDPR (General Data Protection Regulation) sostituisce l’attuale direttiva UE e si applica direttamente in tutti gli Stati Membri dell’UE. Tuttavia, viene lasciata ai singoli legislatori nazionali la possibilità di adeguamento di alcune parti fino al 25 maggio 2018, data in cui il GDPR entrerà in vigore! Il presupposto fondamentale dello sviluppo dell’economia digitale contemporanea si basa sullo sviluppo delle tecnologie dell’informazione e della comunicazione; al tempo stesso, ciò crea nuove sfide e nuove insidie per la privacy e per la protezione dei dati personali. Il trattamento dei dati, in particolare dei dati personali, come i nuovi strumenti IT ed il mercato digitale, impongono la necessità di un innalzamento della protezione della privacy nell’ambito dei nuovi prodotti e dei servizi digitali. La soluzione è indicata nella nuova riforma UE nell’ambito della protezione dei dati personali, la quale introduce grandi cambiamenti nel modo di amministrare i dati personali, applicandosi direttamente a tutte le organizzazioni che dispongono di dati personali dei cittadini dell’Unione europea. Altresì, il GDPR porta con sé significativi cambiamenti nelle regole che determinano i dati personali e definisce le nuove nozioni, come pure l’adeguamento ed il suo mantenimento, la pianificazione, l’attuazione e la valutazione degli effetti. In alcuni casi le organizzazioni dovranno nominare un responsabile qualificato per la protezione dei dati personali (DPO – Data Protection Officer) il quale risponderà direttamente all’amministrazione. Gli enti e le società hanno l’obbligo di concludere l’adeguamento entro il 25 maggio 2018, quando il GDPR entra in vigore nell’intera Unione europea. In questo lavoro gli autori presenteranno le disposizioni e l’applicazione del nuovo Regolamento UE sulla protezione dei dati personali ed illustreranno le disposizioni rilevanti tanto nel settore pubblico, che in quello privato in occasione dell’applicazione del GDPR, prestando attenzione alla valutazione dell’efficacia che garantirà un quadro moderno per la protezione dei dati in Europa. Le nuove regole porranno il fondamento per la legislazione europea sulla protezione dei dati personali, sostituendo le attuali contradditorie legislazioni nazionali al fine di innalzare la soglia della protezione dei dati personali, come anche di aumentare la certezza del diritto nella crescente economia digitale

Experimental Study on One-Time Password used in Authentication within Norwegian Banking

Postponed access: the file will be accessible after 2021-06-02Authentication is a vital part of this fast-growing, digitalized world. Fundamentally, today’s society is more reliant on computer technology and digitalization than ever before. Therefore, the use of dynamic one-time passwords plays a significant role within online banking in Norway by strengthening the level of security. This study examines four tokens provided by DNB, Sparebanken Møre, Sparebank 1 and Nordea used in token-based authentication and the one-time passwords they generate. By studying one-time passwords collected at various time intervals, it was able to reconstruct the internal token-algorithm and the verification protocol. This research argues that three out of four tokens indicate weaknesses that can have damaging effects. This is also proven by explaining a basic theoretical attack, which demonstrates that the success probability of an attack is higher than the expected probability of 10^(-6) or 10^(-8).Masteroppgåve i informatikkINF399MAMN-PROGMAMN-IN

Project of communication network infrastructure for office building

Bakalárska práca sa zaoberá návrhom komunikačnej infraštruktúry viacpodlažnej administratívnej budovy. Práca rieši návrh metalických horizontálnych vedení, ako aj optické vertikálne vedenie medzi poschodiami budovy. Jedným z hlavným faktorov, od ktorých sa návrh odvíjal bola možnosť prenájmu budovy viacerým nájomcom. V projekte je čiastočne navrhnutá bezdrôtová sieť a celá prácu je ukončená ekonomickým zhodnotením, ktoré obsahuje pasívne prvky, aktívne prvky a približnú cenu inštalácie pasívnych prvkov.The bachelor's thesis deals with the design of a communication infrastructure of a multi-story office building. The work deals with a design of a metallic horizontal wires, as well as optical vertical wires between the floors of the building. One of the main factors, which the proposal was based on, was the possibility of renting the building to several tenants. As a part of the project is also partially designed wireless network and the whole work is concluded by an economic evaluation, witch contains active elements, passive elements and approximate price of passive elements installation.

Design of communication network at a congress hotel

Bakalářská práce se zabývá kompletním návrhem datové komunikační infrastruktury pro novou budovu kongresového hotelu v okolí Humpolce. Východiskem práce jsou požadavky investora a stavební dokumentace. V práci jsou popsané kompletně postupy a prostředky potřebné pro realizaci počítačové sítě.The bachelor's thesis deals with the complete design of a data communication infrastructure for a new congress hotel building in the vicinity of Humpolec. The starting point of the work are the requirements of the investor and project documentation. The work completely describes the procedures and resources needed for the implementation of a computer network.