Security Analysis of Simpel Desa using Mobile Security Framework and ISO 27002:2013

Khairunnisak Nur Isnaini; Didit Suhartono

doi:10.29407/intensif.v7i1.18742

Khairunnisak Nur Isnaini Universitas Amikom Purwokerto https://orcid.org/0000-0002-0387-1237
Didit Suhartono Universitas Amikom Purwokerto https://orcid.org/0000-0003-0019-2519

https://doi.org/10.29407/intensif.v7i1.18742

Abstract views: 650 ,

PDF downloads: 808

Keywords: Information Security, Vulnerabilities, MobSF, ISO 27002:2013

Abstract

The Personal Identification Number or KTP is prone to be stolen and used by unwanted parties, this is also a possibility for the Simpel Desa, a village administration application that also contain and use the Personal Identification Number. This study aims to detect information security vulnerabilities. This study aims to analyze security vulnerabilities in applications using MobSF and ISO 27002:2013. MobSF is used for penetration testing for malware in applications. In MobSF the Simpel Desa application is analyzed in two ways, namely static and dynamic. ISO 27002:2013 is used to map the findings of vulnerabilities and potential misuse of information so that they get accurate analysis results. The control used is domain 9 (access control) and 10 (cryptography). The results obtained in the static analysis found the existence of vulnerabilities in aspects of cryptography and permission access. The dynamic analysis found that Root Detection and Debugger Check Bypass had not been implemented. Overall, based on ISO 27002:2013 information security has not been maximally implemented. The recommendations given focus on the aspects of application permissions and access rights, user authentication, and the implementation of information security.

Downloads

Download data is not yet available.

References

Admin, “Simpel Desa,” 2022. www.simpeldesa.com

C. Hanifurohman and D. DurbinHutagalung, “Analisa Keamanan Aplikasi Mobile E-Commerce Berbasis Android Menggunakan Mobile Security Framework,” Prosiding Universitas Pamulang, Vol. 1, No. 1, PP. 1–7, 2020, [Online]. Available: http://openjournal.unpam.ac.id/index.php/Proceedings/article/view/5195

S. A. Sholikhatin and K. N. Isnaini, “Analysis of Information Security Using ISO 27001 and Triangular Fuzzy Number Weighting,” Jurnal Ilmiah Informatika, Vol. 6, No. 1, PP. 43–49, Jun. 2021, doi: 10.35316/jimi.v6i1.1224.

I. A. Dianta and E. Zusrony, “Analisis Pengaruh Sistem Keamanan Informasi Perbankan Pada Nasabah Pengguna Internet Banking,” INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, Vol. 3, No. 1, P. 1, Feb. 2019, doi: 10.29407/intensif.v3i1.12125.

T. A. Cahyanto, V. Wahanggara, and D. Ramadana, “Analisis dan Deteksi Malware Menggunakan Metode Malware Analisis Dinamis dan Malware Analisis Statis,” Justindo, Jurnal Sistem & Teknologi Informasi Indonesia, Vol. 2, No. 1, PP. 19–30, 2017, doi: 10.32528/justindo.v2i1.1037.

Fina Triana, Jon Endri, and Irma Salamah, “Implementation of CAESAR CIPHER Cryptography Techniques for Android Based Information Data Security,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), Vol. 4, No. 4, PP. 627–634, Aug. 2020, doi: 10.29207/resti.v4i4.1984.

K. N. Isnaini and D. Suhartono, “Evaluation of Basic Principles of Information Security at University Using COBIT 5,” MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, Vol. 21, No. 2, PP. 317–326, Mar. 2022, doi: 10.30812/matrik.v21i2.1311.

A. Mahfuth, “Security Knowledge Required To Improve Employee Security Behavior in Information Security Culture,” International Journal of Computer Science and Information Security, Vol. 20, No. 2, 2022, [Online]. Available: https://www.researchgate.net/publication/359187687

A. Prameshwari and N. P. Sastra, “Implementasi Algoritma Advanced Encryption Standard (AES) 128 Untuk Enkripsi dan Dekripsi File Dokumen,” Eksplora Informatika, Vol. 8, No. 1, P. 52, Sep. 2018, doi: 10.30864/eksplora.v8i1.139.

N. Matondang, I. N. Isnainiyah, and A. Muliawatic, “Analisis Manajemen Risiko Keamanan Data Sistem Informasi (Studi Kasus: RSUD XYZ),” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), Vol. 2, No. 1, PP. 282–287, Apr. 2018, doi: 10.29207/resti.v2i1.96.

D. P. Agustino, “Information Security Management System Analysis Menggunakan ISO/IEC 27001 (Studi Kasus: STMIK STIKOM Bali),” Eksplora Informatika, Vol. 8, No. 1, P. 1, Sep. 2018, doi: 10.30864/eksplora.v8i1.130.

N. Kohli and M. Mohaghegh, “Security Testing Of Android Based Covid Tracer Applications,” in 2020 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE), Dec. 2020, PP. 1–6. doi: 10.1109/CSDE50874.2020.9411579.

P. Weichbroth and Ł. Łysik, “Mobile Security: Threats and Best Practices,” Mobile Information Systems, Vol. 2020, PP. 1–15, Dec. 2020, doi: 10.1155/2020/8828078.

A. Kartono, A. Sularsa, and S. J. I. Ismail, “Membangun Sistem Pengujian Keamanan Aplikasi Android Menggunakan Mobsf,” 2019, Vol. 5, No. 1, PP. 146–151. [Online]. Available: https://openlibrarypublications.telkomuniversity.ac.id/index.php/appliedscience/article/view/8563/8431

C. Hanifurohman and D. D. Hutagalung, “ANALISIS STATIS MENGGUNAKAN MOBILE SECURITY FRAMEWORK UNTUK PENGUJIAN KEAMANAN APLIKASI MOBILE E-COMMERCE BERBASIS ANDROID,” Sebatik, Vol. 24, No. 1, PP. 22–28, Jun. 2020, doi: 10.46984/sebatik.v24i1.920.

E. Tansen and D. W. Nurdiarto, “Analisis dan Deteksi Malware dengan Metode Hybrid Analysis Menggunakan Framework MOBSF,” Jurnal Teknologi Informasi, Vol. 4, No. 2, PP. 191–201, Dec. 2020, doi: 10.36294/jurti.v4i2.1338.

H. Shahriar, C. Zhang, M. A. Talukder, and S. Islam, Machine Intelligence and Big Data Analytics for Cybersecurity Applications, Vol. 919. Cham: Springer International Publishing, 2021. doi: 10.1007/978-3-030-57024-8.

F. Nurindahsari and B. Parga Zen, “ANALISIS STATIK KEAMANAN APLIKASI VIDEO STREAMING BERBASIS ANDROID MENGGUNAKAN MOBILE SECURITY FRAMEWORK (MOBSF),” Cyber Security dan Forensik Digital, Vol. 4, No. 2, PP. 63–80, Apr. 2022, doi: 10.14421/csecurity.2021.4.2.3373.

M. Zeybek, E. N. Yilmaz, and I. Alper Dogru, “A Study on Security Awareness in Mobile Devices,” in 2019 1st International Informatics and Software Engineering Conference (UBMYK), Nov. 2019, No. November, PP. 1–6. doi: 10.1109/UBMYK48245.2019.8965476.

D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS,” JOIV : International Journal on Informatics Visualization, Vol. 4, No. 4, P. 225, Dec. 2020, doi: 10.30630/joiv.4.4.482.

S. R. Musyarofah and R. Bisma, “Pembuatan Standard Operating Procedure ( SOP ) Keamanan Informasi Berdasarkan Framework ISO / IEC 27001 : 2013 dan ISO / IEC 27002 : 2013 pada Dinas Komunikasi dan Informatika Pemerintah Kota Madiun,” JEISBI: Journal of Emerging Information Systems and Business Intelligence, Vol. 01, PP. 43–50, 2020, [Online]. Available: https://ejournal.unesa.ac.id/index.php/JEISBI/article/view/36860

S. Fenz and T. Neubauer, “Ontology-based information security compliance determination and control selection on the example of ISO 27002,” Information & Computer Security, Vol. 26, No. 5, PP. 551–567, Nov. 2018, doi: 10.1108/ICS-02-2018-0020.

I Made Sukarsa, I Made Rama Pradana, and Putu Wira Buana, “Implementasi Enkripsi dan Otentikasi Transmisi Data ZeroMQ Menggunakan Advanced Encryption Standard,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), Vol. 4, No. 6, PP. 1149–1156, Dec. 2020, doi: 10.29207/resti.v4i6.2581.

A. Syahir and C. C. Wen, “Secure Login Mechanism for Online Banking,” JOIV : International Journal on Informatics Visualization, Vol. 2, No. 3–2, P. 179, Jun. 2018, doi: 10.30630/joiv.2.3-2.136.

E. Kurniawan and I. Riadi, “Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM,” INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, Vol. 2, No. 1, P. 12, Feb. 2018, doi: 10.29407/intensif.v2i1.11830.

A. David Purba, I. K. Adi Purnawan, and I. P. Agus Eka Pratama, “Audit Keamanan TI Menggunakan Standar ISO/IEC 27002 dengan COBIT 5,” Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), Vol. 6, No. 3, P. 148, Dec. 2018, doi: 10.24843/JIM.2018.v06.i03.p01.

I. K. A. O. Ardita, I. G. N. Anom Cahyadi Putra, M. R. Kustiadie, G. N. M. Dika Varuna, and M. Y. Eka Prananda, “Analisis Keamanan Aplikasi Android Dengan Metode Vulnerability Assessment,” JELIKU (Jurnal Elektronik Ilmu Komputer Udayana), Vol. 10, No. 3, P. 279, Apr. 2022, doi: 10.24843/JLK.2022.v10.i03.p04.

B. Yankson, J. V. K, P. C. K. Hung, F. Iqbal, and L. Ali, “Security Assessment for Zenbo Robot Using Drozer and mobSF Frameworks,” in 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Apr. 2021, PP. 1–7. doi: 10.1109/NTMS49979.2021.9432666.

Admin, “What are CVSS Scores,” 2022. https://www.balbix.com/insights/understanding-cvss-scores/ (accessed Nov. 24, 2022).

Gregory Manley, “What Is MD5 and Why Is It Considered Insecure?,” 2022. https://www.section.io/engineering-education/what-is-md5/ (accessed Nov. 24, 2022).

Security Analysis of Simpel Desa using Mobile Security Framework and ISO 27002:2013

Abstract

Downloads

References

PlumX Metrics