DOCSLIB.ORG

Stable Version Available

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Stable Version Available SecureDrop Documentation Release 2.0.2 SecureDrop Team and Contributors Sep 20, 2021 User Guides 1 Source Guide 3 1.1 What is SecureDrop?...........................................3 1.2 Choosing the Right Location.......................................3 1.3 Get Tor Browser.............................................4 1.4 Choose Who to Submit To........................................4 1.5 Making Your First Submission......................................5 1.6 Continuing the Conversation....................................... 11 2 Journalist Guide 15 2.1 Connecting to the Tor network in Tails................................. 15 2.2 Updating Your Workstation....................................... 16 2.3 Connecting to the Journalist Interface .................................. 17 2.4 Daily Journalist Alerts About Submissions............................... 18 2.5 Interacting With Sources......................................... 19 2.6 Moving Documents to the Secure Viewing Station ........................... 21 2.7 Working with Documents........................................ 26 2.8 Moving Documents to Your Everyday Workstation........................... 31 2.9 Decrypting and Preparing to Publish................................... 34 2.10 Deleting submissions and source accounts................................ 35 3 Admin Guide 39 3.1 Responsibilities.............................................. 39 3.2 The Admin Interface........................................... 42 3.3 Server SSH Access............................................ 52 3.4 The securedrop-admin Utility................................... 54 3.5 Frequently Asked Questions....................................... 57 4 Passphrase Best Practices 59 4.1 General Best Practices.......................................... 59 4.2 For Sources................................................ 60 4.3 For Journalists/Admins.......................................... 60 5 Overview 61 5.1 Technical Summary........................................... 61 5.2 Infrastructure............................................... 62 5.3 Operation................................................. 63 i 6 Glossary 65 6.1 Admin Workstation............................................ 65 6.2 Application Server............................................ 65 6.3 Export Device.............................................. 65 6.4 Journalist................................................. 66 6.5 Journalist Alert Public Key........................................ 66 6.6 Journalist Interface............................................ 66 6.7 Journalist Workstation.......................................... 66 6.8 Landing Page............................................... 66 6.9 Monitor Server.............................................. 66 6.10 Onion Service.............................................. 67 6.11 OSSEC Alert Public Key......................................... 67 6.12 Secure Viewing Station......................................... 67 6.13 Source.................................................. 67 6.14 Source Interface............................................. 68 6.15 Submission Key............................................. 68 6.16 Transfer Device............................................. 68 6.17 Two-Factor Authentication........................................ 68 7 Passphrases 69 7.1 Admin.................................................. 69 7.2 Journalist................................................. 70 8 Hardware 71 8.1 Hardware Overview........................................... 71 8.2 Advice for users on a tight budget.................................... 72 8.3 Required Hardware............................................ 72 8.4 Optional Hardware............................................ 75 8.5 Specific Hardware Recommendations.................................. 77 9 Before You Begin 85 10 Create Tails USBs 87 10.1 Install Tails................................................ 87 10.2 Enable Persistent Storage........................................ 88 11 Set Up the Secure Viewing Station 89 11.1 Correct the System Time......................................... 89 12 Set Up the Transfer Device and the Export Device 91 12.1 Choose media types and encryption................................... 92 12.2 Decide how to manage encryption passphrases............................. 92 12.3 Create USB Transfer Device ....................................... 92 12.4 Create a USB Export Device ....................................... 97 13 Generate the Submission Key 99 13.1 Create the Key.............................................. 99 13.2 Export the Submission Public Key .................................... 102 14 Set up the Admin Workstation 107 14.1 Start Tails with Persistence Enabled................................... 107 14.2 Download the SecureDrop repository.................................. 108 14.3 Create the Admin Passphrase Database................................. 110 15 Set Up the Network Firewall 113 ii 15.1 Before You Begin............................................ 113 15.2 Initial Configuration........................................... 114 15.3 Disable DHCP on the LAN....................................... 124 15.4 SecureDrop Configuration........................................ 130 15.5 Tips for Setting Up pfSense Firewall Rules............................... 147 15.6 Keeping pfSense up to Date....................................... 147 15.7 Abstract Firewall Rules......................................... 151 16 Set Up the Servers 153 16.1 Pre-Install Steps............................................. 153 16.2 Install Ubuntu.............................................. 153 16.3 Test Connectivity............................................. 158 16.4 Set Up SSH Keys............................................. 158 17 Install SecureDrop 161 17.1 Install Prerequisites........................................... 161 17.2 Localization of the Source Interface and Journalist Interface ...................... 162 17.3 Configure the Installation........................................ 162 17.4 Install SecureDrop Servers........................................ 164 18 Configure the Admin Workstation Post-Install and Create Backups 167 18.1 Auto-connect to the Authenticated Onion Services........................... 167 18.2 Back Up the Workstations........................................ 168 19 Create an Admin Account on the Journalist Interface 169 20 Test the Installation 171 20.1 Test Connectivity............................................. 171 20.2 Sanity-Check the Installation...................................... 172 20.3 Test the Web Interfaces.......................................... 172 21 Onboard Journalists 173 21.1 Determine Access Protocol for the Secure Viewing Station ....................... 173 21.2 Create a Journalist Tails USB...................................... 174 21.3 Set Up Automatic Access to the Journalist Interface .......................... 174 21.4 Add an account on the Journalist Interface ............................... 175 21.5 Provision a personal Transfer Device and Export Device ........................ 175 21.6 Verify Journalist Setup.......................................... 175 22 Overview 177 23 Landing Page 179 23.1 URL and Location............................................ 179 23.2 HTTPS Only (No Mixed Content).................................... 179 23.3 Perfect Forward Secrecy......................................... 180 23.4 SSL Certificate Recommendations.................................... 180 23.5 Do Not Use Third-Party Analytics, Tracking, or Advertising...................... 180 23.6 Do Not Hyperlink .onion Addresses................................... 181 23.7 Avoid Direct Links to SecureDrop.org.................................. 181 23.8 Apply Security Headers......................................... 181 23.9 Additional Apache Configuration.................................... 182 23.10 Further Security Considerations..................................... 183 23.11 How to test your Landing Page using Tor Browser........................... 183 23.12 Landing Page Content Suggestions................................... 184 iii 24 Minimum requirements for the SecureDrop environment 187 25 Whole Site Changes 189 25.1 Suggested................................................. 189 26 Sample SecureDrop Privacy Policy 191 26.1 Collection of Information From Sources................................. 191 26.2 Collection of Information About Journalists’ Use of SecureDrop.................... 192 26.3 Data Security............................................... 192 26.4 Children Under 13............................................ 192 26.5 Changes to This Policy.......................................... 192 26.6 Contact.................................................. 192 27 Promoting Your SecureDrop Instance 193 27.1 Make a High Profile Announcement................................... 193 27.2 Provide a Clear Link on Your Homepage................................ 193 27.3 Provide Links at the Bottom of Your Articles.............................. 195 27.4 Create an Instructional Video on How to Access and Use Your SecureDrop.............. 195 27.5 Regularly Share Your SecureDrop Landing Page on Social Media................... 195 27.6 Target Potential Whistleblowers with Advertising............................ 196 27.7 Put an Advertisement in Your Physical Paper.............................. 196 28 What Makes SecureDrop Unique 199 28.1 No Third Parties
Load more

Recommended publications
  • Cryptography
    56 Protecting Information With Cryptography Chapter by Peter Reiher (UCLA) 56.1 Introduction In previous chapters, we’ve discussed clarifying your security goals, determining your security policies, using authentication mechanisms to identify principals, and using access control mechanisms to enforce poli- cies concerning which principals can access which computer resources in which ways. While we identified a number of shortcomings and prob- lems inherent in all of these elements of securing your system, if we re- gard those topics as covered, what’s left for the operating system to worry about, from a security perspective? Why isn’t that everything? There are a number of reasons why we need more. Of particular im- portance: not everything is controlled by the operating system. But per- haps you respond, you told me the operating system is all-powerful! Not really. It has substantial control over a limited domain – the hardware on which it runs, using the interfaces of which it is given control. It has no real control over what happens on other machines, nor what happens if one of its pieces of hardware is accessed via some mechanism outside the operating system’s control. But how can we expect the operating system to protect something when the system does not itself control access to that resource? The an- swer is to prepare the resource for trouble in advance. In essence, we assume that we are going to lose the data, or that an opponent will try to alter it improperly. And we take steps to ensure that such actions don’t cause us problems.
    [Show full text]
  • PCI Assessment Evidence of PCI Policy Compliance
    PCI Assessment Evidence of PCI Policy Compliance CONFIDENTIALITY NOTE: The information contained in this report document is for the Prepared for: exclusive use of the client specified above and may contain confidential, privileged and non-disclosable information. If the recipient of this report is not the client or Prospect or Customer addressee, such recipient is strictly prohibited from reading, photocopying, distributing or otherwise using this report or its contents in any way. Prepared by: Your Company Name Evidence of PCI Policy Compliance PCI ASSESSMENT Table of Contents 1 - Overview 1.1 - Security Officer 1.2 - Overall Risk 2 - PCI DSS Evidence of Compliance 2.1 - Install and maintain firewall to protect cardholder data 2.1.1.1 - Requirements for firewall at each Internet connections and between DMZ and internal network zone 2.1.1.2 - Business justification for use of all services, protocols and ports allowed 2.1.2 - Build firewall and router configurations that restrict connections between untrusted networks and the cardholder data environment 2.1.2.1 - Restrict inbound and outbound to that which is necessary for the cardholder data environment 2.1.2.3 - Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet 2.1.2.4 - Implement stateful inspection (also known as dynamic packet filtering) 2.1.2.5 - Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet 2.2 - Prohibition of vendor-supplied default password for systems and security parameters 2.2.1
    [Show full text]
  • Dark and Deep Webs-Liberty Or Abuse
    International Journal of Cyber Warfare and Terrorism Volume 9 • Issue 2 • April-June 2019 Dark and Deep Webs-Liberty or Abuse Lev Topor, Bar Ilan University, Ramat Gan, Israel https://orcid.org/0000-0002-1836-5150 ABSTRACT While the Dark Web is the safest internet platform, it is also the most dangerous platform at the same time. While users can stay secure and almost totally anonymously, they can also be exploited by other users, hackers, cyber-criminals, and even foreign governments. The purpose of this article is to explore and discuss the tremendous benefits of anonymous networks while comparing them to the hazards and risks that are also found on those platforms. In order to open this dark portal and contribute to the discussion of cyber and politics, a comparative analysis of the dark and deep web to the commonly familiar surface web (World Wide Web) is made, aiming to find and describe both the advantages and disadvantages of the platforms. KeyWoRD Cyber, DarkNet, Information, New Politics, Web, World Wide Web INTRoDUCTIoN In June 2018, the United States Department of Justice uncovered its nationwide undercover operation in which it targeted dark web vendors. This operation resulted in 35 arrests and seizure of weapons, drugs, illegal erotica material and much more. In total, the U.S. Department of Justice seized more than 23.6$ Million.1 In that same year, as in past years, the largest dark web platform, TOR (The Onion Router),2 was sponsored almost exclusively by the U.S. government and other Western allies.3 Thus, an important and even philosophical question is derived from this situation- Who is responsible for the illegal goods and cyber-crimes? Was it the criminal[s] that committed them or was it the facilitator and developer, the U.S.
    [Show full text]
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
    [Show full text]
  • Cryptographic Control Standard, Version
    Nuclear Regulatory Commission Office of the Chief Information Officer Computer Security Standard Office Instruction: OCIO-CS-STD-2009 Office Instruction Title: Cryptographic Control Standard Revision Number: 2.0 Issuance: Date of last signature below Effective Date: October 1, 2017 Primary Contacts: Kathy Lyons-Burke, Senior Level Advisor for Information Security Responsible Organization: OCIO Summary of Changes: OCIO-CS-STD-2009, “Cryptographic Control Standard,” provides the minimum security requirements that must be applied to the Nuclear Regulatory Commission (NRC) systems which utilize cryptographic algorithms, protocols, and cryptographic modules to provide secure communication services. This update is based on the latest versions of the National Institute of Standards and Technology (NIST) Guidance and Federal Information Processing Standards (FIPS) publications, Committee on National Security System (CNSS) issuances, and National Security Agency (NSA) requirements. Training: Upon request ADAMS Accession No.: ML17024A095 Approvals Primary Office Owner Office of the Chief Information Officer Signature Date Enterprise Security Kathy Lyons-Burke 09/26/17 Architecture Working Group Chair CIO David Nelson /RA/ 09/26/17 CISO Jonathan Feibus 09/26/17 OCIO-CS-STD-2009 Page i TABLE OF CONTENTS 1 PURPOSE ............................................................................................................................. 1 2 INTRODUCTION ..................................................................................................................
    [Show full text]
  • Guide De Protection Numérique Des Sources Journalistiques
    Guide de Protection numérique des Sources journalistiques Mise en œuvre simplifiée Par Hector Sudan Version du document : 23.04.2021 Mises à jour disponibles gratuitement sur https://sourcesguard.ch/publications Guide de Protection numérique des Sources journalistiques Les journalistes ne sont pas suffisamment sensibilisés aux risques numé- riques et ne disposent pas assez d'outils pour s'en protéger. C'est la consta- tation finale d'une première recherche sociologique dans le domaine jour- nalistique en Suisse romande. Ce GPS (Guide de Protection numérique des Sources) est le premier résultat des recommandations de cette étude. Un GPS qui ne parle pas, mais qui va droit au but en proposant des solutions concrètes pour la sécurité numérique des journalistes et de leurs sources. Il vous est proposé une approche andragogique et tactique, de manière résumée, afin que vous puissiez mettre en œuvre rapidement des mesures visant à améliorer votre sécurité numérique, tout en vous permettant d'être efficient. Même sans être journaliste d'investigation, vos informations et votre protection sont importantes. Vous n'êtes peut-être pas directement la cible, mais pouvez être le vecteur d'une attaque visant une personne dont vous avez les informations de contact. Hector Sudan est informaticien au bénéfice d'un Brevet fédéral en technique des sys- tèmes et d'un MAS en lutte contre la crimina- lité économique. Avec son travail de master l'Artiste responsable et ce GPS, il se posi- tionne comme chercheur, formateur et consul- tant actif dans le domaine de la sécurité numé- rique pour les médias et journalistes. +41 76 556 43 19 keybase.io/hectorsudan [email protected] SourcesGuard Avant propos Ce GPS (Guide de Protection numérique des Sources journalistes) est à l’image de son acronyme : concis, clair, allant droit au but, tout en offrant la possibilité de passer par des chemins techniquement complexes.
    [Show full text]
  • Unlocking the Fifth Amendment: Passwords and Encrypted Devices
    Fordham Law Review Volume 87 Issue 1 Article 9 2018 Unlocking the Fifth Amendment: Passwords and Encrypted Devices Laurent Sacharoff University of Arkansas School of Law, Fayetteville Follow this and additional works at: https://ir.lawnet.fordham.edu/flr Part of the Constitutional Law Commons, and the Criminal Procedure Commons Recommended Citation Laurent Sacharoff, Unlocking the Fifth Amendment: Passwords and Encrypted Devices, 87 Fordham L. Rev. 203 (2018). Available at: https://ir.lawnet.fordham.edu/flr/vol87/iss1/9 This Article is brought to you for free and open access by FLASH: The Fordham Law Archive of Scholarship and History. It has been accepted for inclusion in Fordham Law Review by an authorized editor of FLASH: The Fordham Law Archive of Scholarship and History. For more information, please contact [email protected]. UNLOCKING THE FIFTH AMENDMENT: PASSWORDS AND ENCRYPTED DEVICES Laurent Sacharoff* Each year, law enforcement seizes thousands of electronic devices— smartphones, laptops, and notebooks—that it cannot open without the suspect’s password. Without this password, the information on the device sits completely scrambled behind a wall of encryption. Sometimes agents will be able to obtain the information by hacking, discovering copies of data on the cloud, or obtaining the password voluntarily from the suspects themselves. But when they cannot, may the government compel suspects to disclose or enter their password? This Article considers the Fifth Amendment protection against compelled disclosures of passwords—a question that has split and confused courts. It measures this right against the legal right of law enforcement, armed with a warrant, to search the device that it has validly seized.
    [Show full text]
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996
    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s
    [Show full text]
  • UC Irvine UC Irvine Electronic Theses and Dissertations
    UC Irvine UC Irvine Electronic Theses and Dissertations Title The Role of Corporate and Government Surveillance in Shifting Journalistic Information Security Practices Permalink https://escholarship.org/uc/item/9p22j7q3 Author Shelton, Martin Publication Date 2015 License https://creativecommons.org/licenses/by-sa/4.0/ 4.0 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA, IRVINE The Role of Corporate and Government Surveillance in Shifting Journalistic Information Security Practices DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Information and Computer Science by Martin L. Shelton Dissertation Committee: Professor Bonnie A. Nardi, Chair Professor Judith S. Olson Professor Victoria Bernal 2015 © 2015 Martin Shelton This document is distributed under a Creative Commons Attribution-ShareAlike 4.0 International License. TABLE OF CONTENTS Page LIST OF FIGURES v ACKNOWLEDGMENTS vi CURRICULUM VITAE viii ABSTRACT OF THE DISSERTATION ix SECTION 1: Introduction and Context 1 CHAPTER 1: The Impulse for Information Security in Investigative 2 Journalism 1.1 Motivations 6 1.2 Research Scope 9 CHAPTER 2: Literature Review 12 2.1 Journalistic Ideologies 12 2.1.1 Investigative Routines and Ideologies 15 2.2 Panoptic Enforcement of Journalism 17 2.3 Watching the Watchdogs 21 2.4 The Decentralization and Normalization of Surveillance 27 SECTION 2: Findings 30 CHAPTER 3: Methods 31 3.1 Gathering Surveillance
    [Show full text]
  • Mitigating the Risks of Whistleblowing an Approach Using Distributed System Technologies
    Mitigating the Risks of Whistleblowing An Approach Using Distributed System Technologies Ali Habbabeh1, Petra Maria Asprion1, and Bettina Schneider1 1 University of Applied Sciences Northwestern Switzerland, Basel, Switzerland [email protected] [email protected] [email protected] Abstract. Whistleblowing is an effective tool to fight corruption and expose wrongdoing in governments and corporations. Insiders who are willing to report misconduct, called whistleblowers, often seek to reach a recipient who can dis- seminate the relevant information to the public. However, whistleblowers often face many challenges to protect themselves from retaliation when using the ex- isting (centralized) whistleblowing platforms. This study discusses several asso- ciated risks of whistleblowing when communicating with third parties using web- forms of newspapers, trusted organizations like WikiLeaks, or whistleblowing software like GlobaLeaks or SecureDrop. Then, this study proposes an outlook to a solution using decentralized systems to mitigate these risks using Block- chain, Smart Contracts, Distributed File Synchronization and Sharing (DFSS), and Distributed Domain Name Systems (DDNS). Keywords: Whistleblowing, Blockchain, Smart Contracts 1 Introduction By all indications, the topic of whistleblowing has been gaining extensive media atten- tion since the financial crisis in 2008, which ignited a crackdown on the corruption of institutions [1]. However, some whistleblowers have also become discouraged by the negative association with the term [2], although numerous studies show that whistle- blowers have often revealed misconduct of public interest [3]. Therefore, researchers like [3] argue that we - the community of citizens - must protect whistleblowers. Addi- tionally, some researchers, such as [1], claim that, although not perfect, we should re- ward whistleblowers financially to incentivize them to speak out to fight corruption [1].
    [Show full text]
  • The Dark Net Free
    FREE THE DARK NET PDF Jamie Bartlett | 320 pages | 12 Mar 2015 | Cornerstone | 9780099592020 | English | London, United Kingdom What Is the Dark Net? A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or The Dark Net, [1] and often uses a unique customised communication protocol. Two typical darknet types are social networks [2] usually used for file hosting with a peer-to-peer connection[3] and anonymity proxy networks such as Tor via an anonymized series of connections. The term The Dark Net was popularised by major news outlets to associate with Tor Onion serviceswhen the infamous drug bazaar Silk Road used it, [4] despite the terminology being unofficial. Technology such as TorI2Pand Freenet was intended to defend digital rights by providing security, anonymity, or censorship resistance and is used for both illegal and legitimate reasons. Anonymous communication between whistle- blowersactivists, journalists and news organisations is also facilitated The Dark Net darknets through use of applications such as SecureDrop. The term originally The Dark Net computers on ARPANET that were hidden, programmed to receive messages but not respond to or acknowledge anything, thus remaining invisible, in the dark. Since ARPANETthe usage of dark net has expanded to include friend-to-friend networks usually used for file sharing with a peer-to-peer connection and privacy networks such as Tor. The term "darknet" is often used interchangeably with The Dark Net " dark web " due to the quantity of hidden services on Tor 's darknet. The term is often inaccurately used interchangeably with the deep web due to Tor's history as a platform that could not be search-indexed.
    [Show full text]
  • Case Study on the Official Scripts Electronic Applications in Bantul)
    I.J. Information Engineering and Electronic Business, 2017, 4, 1-6 Published Online July 2017 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijieeb.2017.04.01 The Implementation of Pretty Good Privacy in eGovernment Applications (Case Study on the Official Scripts Electronic Applications in Bantul) Didit Suprihanto Department of Electrical Engineering Universitas Mulawarman, Kalimantan Timur, Indonesia, 75123 Email: [email protected] Tri Kuntoro Priyambodo Department of Computer Sciences & Electronics, Universitas Gadjah Mada, Yogyakarta, Indonesia, 55281 Corresponding Author Email: [email protected] Abstract—eGovernment application has evolved from the world [1]. The United Nations‘ global survey reports simply appearing as a website providing news and some ICT indicators that point to the measure of how far information, to the application that provides various a nation has gone in the implementation of e-governance services through online transactions. Provision of online such as: 1.E-readiness, 2.Web measure index, 3. transactions require the effectively and safely service, so Telecommunications infrastructure index, 4. Human the users can make sure that the entry data is secure and capital index, 5. E-participation index[2] will not be used by other parties which are not authorized. Information security is a major factor in the service of Security is also necessary for the service provider side of eGovernment. The using of the host to host in previous online transactions, it is necessary to keep the system, and services of eGovernment is considered as lacking in the data transactions sent through the communications security. Therefore, it needs more security to serve clients media and the data stored in the database are secured.
    [Show full text]