Monitoring System with Two Central Facilities Protocol

The security of data and information on government’s information system required proper way of defending against threat. Security aspect can be achieved by using cryptography algorithm, applying information hiding concept, and implementing security protocol. In this research, two central facilities protocol was implemented on Research and Development Center of Mineral and Coal Technology’s Cooperation Contract Monitoring System by utilizing AES and whitespace manipulation algorithm. Adjustment on the protocol by creating several rule of validation ID’s generation and checking processes could fulfill two of four cryptography objectives, consist of authentication and non-repudiation. The solid collaboration between central legitimization agency (CLA), central tabulating facility (CTF), and client is the main idea in two central facilities protocol. The utilization of AES algorithm could defend the data on transmission from man in the middle attack scenario. On the other hand, whitespace manipulation algorithm provided data integrity aspect of the document that is uploaded to the system itself. Both of the algorithm fulfill confidentiality, data integrity, and authentication. © 2017 Tim Pengembang Jurnal UPI Article History: Received 03 February 2017 Revised 07 February 2017 Accepted 12 February 2017 Available online 01 April 2017 ____________________ Keyword: Protokol, Two Central Facilities, AES, Whitespace Manipulation, Cryptography. Indonesian Journal of Science & Technology Journal homepage: http://ejournal.upi.edu/index.php/ijost/ Indonesia Journal of Science & Technology 2 (1) (2017) 8-25 Caesar F., Wahyudin, Eddy P. N,. Monitoring System With Two Central Facilities Protocol... | 9 DOI: http://dx.doi.org/10.17509/ijost.v2i1 pISSN 2528-1410 eISSN 2527-8045


INTRODUCTION
Today, the use of information technology influences various fields, such as health, education, government, politics, and so on.(Hurd, 1998) Security aspect must be taken seriously by considering variety of both general and confidential information exchanged through the network.(Cheminod et al., 2013) Both personal and government data do not immune to the threat from irresponsible parties.(Sartor, 2013) Security measure to this particular problem can be achieved using cryptograhy and information hiding in order to improve the security aspect of the information and communication technology (ICT) based system.(Liao & Hsiao, 2014) The main security problems in egovernment are confidentiality, information integrity, authentication toward information or copyright protection, non-repudiation, and more.(Lambrinoudakis et al., 2003) ICT based system's security has to provide protection toward the secrecy of the data itself.Security, authentication, and verification must be applied in line with privacy, and the government must ensure on securing the confidentiality of the information.Basically, digital watermarking is a tool to keep the copyright or to authenticate copyright of digital data.However, its mature digital watermarking can improve the security of e-government system (Sharma et al., 2007).For example, mineral and coal research and development center's cooperation contract monitoring system is a system developed to monitor cooperation contract data.This system has the ability to attach files to particular cooperation contract data.Affiliation staff can upload PDF files of a scanned contract.(Sun et al., 1994) This example was applied and confirmed that reported contract data with its attachment is required to be secured due to its high value of information.
In this particular research, the cooperation contract monitoring system will be modified by using two central facilities protocol and implementing both Advanced Encryption Standard (AES) and whitespace manipulation.The protocol will authenticate the user.Thus, this can maintain that only authenticated user has access to the system.Whitespace manipulation algorithm will be used to claim the PDF files so it can keep the data integrity.On the other hand, AES algorithm provide the ability to encrypt and decrypt data on transmit.This research will give a new view of the two central facilities protocol's utilization outside of e-voting sector.

Cryptography
Cryptography is derived from Greek, cryptos that mean secret and graphien which mean writing.Cryptography can be interpreted as secret writing.Cryptography is science and art to keep secret message.(Diffie & Hellman, 1976)  manipulations consist of insertion, deletion, and substitution.
(iii) Authentication.Authentication is a function that is highly related with identification.The parties that are communicating in a system should be identified one to another.Authentication does not only applied to the communicating parties but also the information that preserve its authenticity.
(iv) Non-repudiation.Non-repudiation is a function to prevent any denial to an act or event that actually happen.For example, a party could not admit.It received some funds if there is a receipt that mentioned the amount of its transaction with both name and sign of the sender.

ADVANCED ENCRYPTION STANDARD (AES)
Advanced Encryption Standard (AES) is cryptography algorithm that designed to operate with 128 bit block message and used three variation of key with 128, 192, or 256 bit.In 2001, AES was used as the new standard of cryptography algorithm which is published by National Institute of Standard and Technology (NIST) as the successor of Data Encryption Standard (DES).(Thakur & Kumar, 2011) AES is a cryptography algorithm that operate with 128 bit block message and has three variation of key.
Specific key size will determine the number of iteration in this algorithm.(Potlapally et al., 2006) The characteristic of each AES algorithm showed in

INFORMATION HIDING
Information hiding is a form of secret communication while transmitting information.Information hiding is a measure to embed the ownership information and distribution destination detail of a picture or music digital content.Steganography is an information hiding with communication purpose.On the other hand, digital watermarking is used to preserve the intellectual property right.(Al-Othmani, 2009) Figure 2 shows the classification of information hiding based on the used technique.Watermarking emphasizes the copyright marking, which is used to claim the ownership of a copyright, while steganography emphasizes on the form of secret communication.(Petitcolas, 1999)

WHITESPACE MANIPULATION
Information hiding on digital document can be achieved by manipulating some components within the document.The manipulation can be categorized as toline shift coding, word shift coding, whitespace manipulation, and text content.(Sullivan et al., 2010) Whitespace means space and tab in a text document.When giving the right data, this approach the manipulation can keep some data.The rule of embedding data can be manipulated according to the developer.(Por et al., 2008)

TWO CENTRAL FACILITIES PROTOCOL
Two central facilities protocol is a protocol, which is developed to handle voting using two central facilities, Central Legitimization Agency (CLA) and Central Tabulating Facilities (CTF).CLA is a facility which is responsible to verify the user by using series of process, while CTF is facility to tabulate alldata.(Muharram & Satrya,

METHODS
The present study involved five steps, in which these steps are described in the following (See Figure 4): Cryptography and Network Security Principle provided the quitessence of network security and AES algorithm which acts as an important role in security factors.This provided a solid knowledge forming understanding towards network security.The rest of the journals also provide the supplemental material that gave additional insight in this research (ii) Cooperation contract monitoring system modification.
In this step, modification of cooperation contract monitoring system has been done by implementing previous concepted two central facilities protocol, AES, Information Hiding, and Whitespace Manipulation.Two central facilities protocol will allow system to filter or to determine the user by its previledge.Whitespace manipulation is used to insert certain information that act as verifier to keep its integrity.AES was used when transmitting data.The result from this step is the modified cooperation contract monitoring system.
(iii) Software development Software development was done using sequential linear method, which consists of analysist, design, coding, and testing.
(v) Final stage documentation

Monitoring System with Two Central Facilities Protocol
We developed two central facilities protocol by dividing into three different sub systems, voter client, CLA, dan CTF.This protocol is developed to ensure security and minimize the load of each sub system.Both CLA and CTF have different database with different organizations according to each function.There are several modifications to this protocol in order to implement it to cooperation contract monitoring system.These are the conducted modification (See Figures 4-6

User Authentication
User will be given random 16 digits of validation number after CLA authenticate the username and password.Validation ID is used by CLA and CTF to determine whether the user has access or not to access the system.This research uses 16 digitsof numeric validation ID, for example "2222578348197275".After generated, validation ID will be stored in CLA and CTF in chipertext form by using AES algorithm.
Validation ID is used in two step authentication.
In the developed system, client will trigger two step authentication that performed by CLA and CTF.Both CLA and CTF will check the validation ID in current session with the stored validation ID in both databases.By doing so, system could prevent any unauthorized user.
Table 2 shows the general description of monitoring system with two central facilities protocol.There are three main components that communicate with one to another.

Component Function
Client Interacting with user.Showing received data from CTF.

Agency
Authenticate user.

Facility
Serving contract data request, storing file uploaded by user.

AES 128 bit Implementation
AES-128 is choosed as the cryptography algorithm to securing data on transmit between every sub system by considering the performance of the system.In every iteration there are several mathematical transformations applied to the data.The transformations consist of SubBytes, ShiftRows, MixColumns, dan AddRoundKey.
Chipertext is the result of the mathematical transformation.AES-128 use symmetri key while encrypting and decrypting.Here is an example of encryption result using AES-128 is shown in Table 3.
In the xml files, every field is in chipertext form.The destination will decrypt this file then process it according to specified function.This kind of transmission occurred between client to server, and server to server.

Watermark Insertion using Whitespace Manipulation
The uploaded PDF files is processed in order to keep the security while the data is on transmission.The system can verify the uploaded PDF files using whitespace manipulation algorithm.PDF file as cover media will be inserted with a text using whitespace manipulation.This will ensure the data integrity of PDF file (See Figures 6-8) Watermark is inserted after "%EOF" tag.This tag marked the end of file.This position is chosed by considering the suspiciousness of ther party.The inserted watermark will be showed as a plain space or null.The process is showed in the Figures 9 and 10.The spaces in Figure 10 showed the inserted watermark.The insertion process takes 0.0316 second.
Both database keep the data in chipertext form.By avoiding unnecessary encryption and decryption, the time and load needed will be decreased.An example of data transmitted between CTF and client are shown in Figures 7 and 8  Validation ID matching is done by involving CLA and CTF so it can ensure the security and the system could not be deceived.Validation ID on CTF 63d3964f83d2be34669829f6ae6116f6

Man in the Middle Attack Scenario
Man in the Middle Attack Scenario is a testing scenario evaluating security aspect by eavesdropping data on transmission between two parties.This research will test sniffing attack form.Sniffing is a kind of attack that the attacker takes every single data packet on transmission.
By using wireshark, packet data on transmission between every sub system can be monitored.Figure 11 is the result of captured data packet between CTF and client.The data is on chipertext form or encrypted form.Sniffing attack type is useless against the scenario that included authentication using encryption.(De Vivo et al., 1998)

Turn Around Time
Turn Around Time is the total time needed of a plaintext to be encrypted and back to its original form (plaintext).This testing is done with 25 PDF files with 14 KB to 1.003 KB file size.The result of this testing is shown in Table 4.

Implication of Using Algorithm AES in Monitoring System on Two Central Facilities Protocol
These are the implication of algorithm AES in monitoring system using two central facilities protocol.In short, the impact can be classified into four topics, including confidentiality, data integrity, authetication, and non-repudiation.Discussion about this implication can be described in the following: a. Confidentiality Encryption and decryption process to data on transmit is a measure to provide confidentiality from unauthorized parties.Key that is used in this process consist of 16 digits of alpha numeric combination.A web owned by Foundstone said that it need 56 million years to brute force a 16 digits lowercase alpha numeric key with 4670K k/s calculation.b.Data Integrity AES algorithm is an algorithm that use symmetry key.It means, in order to encrypt or decrypt AES algorithm need the same exact key.The data integrity will be provided as long as the key remain secret.c.Authentication.
Authentication to registrated user is done by using validation ID stored on both CLA and CTF database.A result of authentication testing is shown in detail in Table 6.d.Non-repudiation Authorized users have access to the system.The system will record every action that this type of user did while logging in.

Whitespace Manipulation Implementation Analysis
Whitespace manipulation algorithm could ensure data integirty from PDF file which uploaded to the monitoring system.It can be achieved by doing verification to the uploaded data.System's log also showed that the verification involved both CLA and CTF.

ACKNOWLEDGEMENTS
Authors acknowledged Universitas Pendidikan Indonesia Jl.Dr. Setiabudhi No. 229 Bandung 40154 Jawa Barat -Indonesia for providing facilities for conducting the research activities.

AUTHORS' NOTE
The author(s) declare(s) that there is no conflict of interest regarding the publication of this article.Authors confirmed that the data and the paper are free of plagiarism.

Figure 5 .
Figure 5. Monitoring system with two central facilities protocol architecture

Table 1 .
The

Table 4
are the tested files which obtained from PUSLITBANG tekMIRA and other journal from various website.Every pdf files consist of text, table, and figure.File size increased by 3.785 to 4.095 times.It occurred because PDF files was converted to hexadecimal resulted twice increased file size from the original.Every single string then encrypted with AES resulting chipertext with about two times length from the hexadecimal.On this point, the file size increased four times from the original.