DEVELOPMENT OF DETERMINATION MODEL, INDICATORS, AND CHARACTERISTICS OF DIGITAL CERTIFICATE LEVEL OF ASSURANCE
Nowadays electronic systems are so much needed by users and be a prime service by electronic system providers in various fields including e-government, e-business, and e-banking. The amount of information security threats and vulnerabilities arising from this trend have caused many electronic system...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/29638 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Nowadays electronic systems are so much needed by users and be a prime service by electronic system providers in various fields including e-government, e-business, and e-banking. The amount of information security threats and vulnerabilities arising from this trend have caused many electronic system providers to use electronic certificates as a control over these risks. Therefore a method of determining the level of assurance and the characteristics of each level of electronic certificate assurance is needed in order to be able to apply electronic certificates appropriately. The determination and characteristics of this level of assurance illustrates the degree of trust or confidence of an electronic system to an electronic certificate that is claimed as the identity of a legitimate entity. <br />
<br />
<br />
<br />
<br />
<br />
The existing standards of assurance levels are still minimal in discussing the measurement of information sensitivity as an indicator of determining the level of assurance, while many electronic system providers use electronic certificates precisely because of the requirement of information sensitivity protection. In addition, electronic system providers as electronic certificate users often find that it is difficult to running the method of determining the level of assurance that already exists because it does not describe fundamentally any indicators of information sensitivity. This study attempts to solve this problem by develop a model for determining the level of assurance and characteristics of each level of assurance by including measurement of information sensitivity. In addition, information sensitivity indicators are also described with the aim that determining the level of assruance can be easier. Another indicator that was also assessed in determining the guarantee level was the authentication error risk indicator that illustrated how high the risk impact caused by authentication errors affect electronic transactions in an electronic system. <br />
<br />
<br />
<br />
<br />
<br />
The research was carried out by analyze and synthesize NIST SP 800-63-3, ISO / IEC 29115: 2013, STORK, and KANTARA standards to determine the indicators and characteristics of each level of assurance using the meta synthesis method. Furthermore, the determination of the priority order of indicator measurement is based on pairwise comparisons between indicators using the analytic hierarchycal process (AHP) method. The indicators, the characteristics of each level of assurance, and the priority order of indicators will be the components of the model for determining the level of assurance. The results show that information sensitivity indicators are more priority than indicators of risk of authentication errors. The model for determining the level of assurance and the characteristics of each level of assurance is resulted from this research, besides this model also makes it easy for users of electronic certificates to determine the level of assurance required. In the end, the initial <br />
<br />
<br />
<br />
<br />
concept of development model for determining the level of assurance from the digital certificate provider and user. |
|---|