Twofish Cryptography Algorithm as Safety Equipment in Web-Based E-Commerce

Transcription

1 4 th ICRIEMS Proceedings Published by The Faculty Of Mathematics And Natural Sciences Yogyakarta State University, ISBN Twofish Cryptography Algorithm as Safety Equipment in Web-Based E-Commerce Akik Hidayat 1,a), Detik Pristiana Warjaya 2,b), Erick Paulus 1,c), Asep Sholahuddin 1,d) 1) Department of Computer Engineering, Faculty of Mathematic and science, Padjadaran University, Bandung, Indonesia 2) Informatics engineering practitioners, Bandung, Indonesia ) Department of Computer Engineering, Faculty of Mathematic and science, Padjadaran University, Bandung, Indonesia 4) Department of Computer Engineering, Faculty of Mathematic and science, Padjadaran University, Bandung, Indonesia a) akik@unpad.ac.id b) detikmath08@gmail.com c) erick@unpad.ac.id d) asep.sholahuddin@unpad.ac.id Abstract. Along with many web-based development, online transaction become one of the payment options for goods and services. Fr that reason, infrastructure of data security has been built to provide convenience, comfort and security when transaction. This transaction process can lure cybercrime action against buyer and seller information, so it s necessary to safeguard the transaction process. This study conduct Twofish algorithm that is one of the algorithm cryptographic that can be implemented for web-based E-commerce as a safeguard process between buyer and seller. Kata Kunci : Cryptographic, Twofish,, E-Commerce INTRODUCTION Cybercrime as an action against a law that performed using sophisticated computer technology (Wisnubroto,1999), to overcome this situation, it s necessary to have an information protection that provides protection to buyer and seller information with cryptographic technique that is by encrypt the seller information or buyer information. This buy and sell activity bring out the term of E-commerce that is using computer network for doing communication business and commercial transaction (Yuan Gao,2005). One of the problems of the process of buy and sell on E-Commerce is the payment process itself, in general, the payment made by transaction through the Bank by transferring some amount of money to seller account, then the buyer to confirm to the seller that the money has been transferred. After the seller check whether or not transfer process, the seller delivering the goods or services to the buyer. That process has a drawback, especially in the efficiency of the time. It would be better if the transaction process is done on the concerned E-Commerce By the needed in online payment security process than the online payment secure infrastructure has been built to provide convenience, comfort and security while transaction. Another reason and also must be anticipated is the act of cybercrime against buyer and seller information in the online transaction. Based on that reason, we want to conduct studies that implement Twofish cryptographic algorithms on the web based E-Commerce as the security mechanism in online transactions. Twofish is modern symmetrical cryptographic that one of the AES (Advance Encrytion System) Candidate in algorithm process using XOR (exclusive or) Matrix MDS, PHT or Pseudo-Hadamard transformation process. Whitening, F function and key schedule done by looping the process 16 times. The Twofish algorithm be expected to secure the buyer transaction while doing online payment on web E-commerce. This student conduct to implemented Twofish algorithm on the web E-Commerce as an encryption process for buyer information. The aim of this study is to secure buyer data or information when transaction using a Twofish cryptographic algorithm. SE-7

2 METHOD The method that used in this study is action research, that is learn main literature about the Twofish algorithms from various published sources such as textbooks, Journals, and other literature related to the issues. Looking for information related to the research issues using internet facility and learning the concept of data security. Implementation Twofish algorithm on the web application using programing language PHP or javascript. RESULT AND DISCUSSION Twofish Algorithm Twofish using a Fiestel structure through 16 loops with an additional whitening at the input and output that consist three functions, that is F function, G function, and H function. FIGURE 1. Twofish Flow Diagram F function F function is a function that found in shift of the bit, g function, S-Box and PHT (Pseudo-Hadamard Transform). The input from f function is the whitening first result that is R 0, R 1, R 2, and R. F function looping 16 times on each rotation there is an exchange position from (R 0, R 1, R 2, R ) to (R 2, R, R 0, R 1). The following equation in the f function is : (Landgeet al., 2012). T 0 = g(r 0) (1) T 1 = g(rol(r 1,8)) (2) F 0= (T 0 + T 1 + K 2r+8) mod 2 2 () F 1=(T 0 + T 1 + K 2r+9) mod 2 2 (4) G function G function is the core function from Twofish, who calculating S-Box and mapping 2 word value that is R 0 and R 1 with the result of S-Box and MDS multiplication through h function. G function denoted in (.5) equation (Landge et al.,2012) g (R0, ROL (R1, 8)) = (h (R0, S), (h(rol (R0), 8), S)) (5) S value in this equation obtained on key scheduling process SE-8

3 H function H function is the function that consists two inputs with the length of data is four bytes respectively, this function has two phases with the last process experienced a matrix multiplication process. The first step is to spell out the input word that goes into one character so divided become ASCII value with for a character in each word. For example, the input value is baju when converted to hexa become 0x98, 0x97, 0x6A, 0x75. But before processing, change the order with little Indian conversion to become (0x75,0x6A,0x97,0x98). Denoted by with h(x,l) using that converter become x = (y 2,j = x j) with j = 0... After that, input into following equation (Schneier, 1996): Z value acquired by the output of the h function with MDS matrix value is given as follows(schneier, 1996). y 0 = q 1 [ q 0 [q [y 2,0] l 1,0 ] l 0,0] (6) y 1 = q 0 [ q 0 [q 1[ y 2,1] l 1,1] l 0,1] (7) y 2 = q 1 [ q 1 [q 0 [y 2,2] l 1,2] l 0,2] (8) y = q 0 [ q 1 [q 1 [y 2,] l 1,] l 0,] (9) Z Z Z Z 0 1 = 2 Z = j0 Z MDS Y Y Y Y j i = 0,.., (11) (10) Whitening Whitening is the process that is done before and after the f function, the aim is to become the process more complicated. In the Twofish whitening algorithm, the first performed by the XOR operation in R 0, R 1, R 2, R, with the sub key zero to three in the first whitening a four until seven at the last whitening. Key scheduling Key scheduling, known as generate key is the manufacturing process of the M key that entered into 40 piece of sub keys. In this study, the key length is only 16bytes. The first obtained k value by k= N/8, N is the eight of the key, so obtained k=16/8, then k=2. After that, the key will be split into four words, M 0, M 1, M 2, and M using Indian little conversion (Schneier, 1996). M i = m (4i j). 2 8j i = 0,.., (12) j That s four words are partitioned into two parts so that become M genap and M ganjil two members respectively (Schneier, 1996). M genap = (M 0,M 2) (1) M genjil = (M 1,M ) (14) Then look for s value for the next step as an S-Box. S value obtained by the formula matrix multiplication in GF(2 8 ) (Schneier, 1996). Si Si Si Si Z,0,1,2, = RS M M M M. M 8i 8i1 8i2 8i 8i7 (15) S i = S ( i, j). 2 8j i = 0,1 (16) j SE-9

4 S i = (S 1,S 0) (17) RS is a Red Solomon Code matrix which is the result of the mapping multiplication of GF(2 8 ) with GF(2)[x]/w(x), with w(x)=x 8 +x 6 +x +x Then the constant RS matrix obtained as follows (Schneier,1996). 01 A A 58 DB 9E RS = A F 1E C6 68 E5 (18) 02 A4 A1 55 FC 87 C1 5A AE DB The final step is to make the looping process 20 times to get 40 sub keys following equations (Schneier, 1996). P = (19) A i = h(2 ip,m genap) (20) B i = ROL(h((2i + 1)p,M ganjil),8) (21) K 2i = (A i + B i)mod2 2 (22) K 2i + 1 =ROL((A i + 2B i)mod 2 2,9) (2) D 9E 19 0 Twofish Algorithm Implementation Testing This process is done on the web, e-commerce using simulated data for the registration form using this following data. TABLE 1 Registration Form Table Data Parameter Value Byte Amount Key gpoi8sigm6iwrrct 16 Name Test 4 test@test.com 1 Password Number To view the encryption process, the third application named fiddler used. In the Figure 1. The encryption process that occurs in web e-commerce has been shown. FIGURE 1 Fiddler List Process Scan Result FIGURE 2. Entry Process or Login Process Data. SE-10

5 FIGURE Coupon Code Encryption Process FIGURE 4 Encryption Process In Payment Process FIGURE 5 Payment Process Successfully. FIGURE 6 Transaction Process Enkription Process SE-11

6 FIGURE 7 Transaction Process Table In the data above, the delivery process via HTTP protocol change from plaintext into ciphertext that cannot be read by the hackers who tried to steal a user or customer information. The key in this process actually having refraction so that the keys do not appear in the data transmission process, so information delivery is secure. CONCLUSION Implemented Twofish algorithm in web e-commerce with encrypting message or data on the client while distribution the data in web e-commerce to the server through the HTTP protocol and subsequent decrypting in the server side so that can secure client data or information while doing transaction using a Twofish cryptographic algorithm. REFFERENCE 1. Al, Wisnubroto Kebijakan Hukum Pidana dalam Penanggulangan Penyalahgunaan Komputer. Yogyakarta: Universitas Widyatama. 2. Bartle, G Introduction to real analysis. New York : John Wiley & Sons, Inc. Cyber Crime Statistics and Ttrends, (online), (Accessed 28 Oktober 2016). 4. Gao, Yuan Encyclopedia of Information Science and Technology. California: Idea Group Reference. 5. Landge, Irfan, Bharmal, Tasneem, dan Narwankar, Pooja Encryption and decryption of data using Twofish algorithm paper presented at the National Conference on Emerging Trends in Information Techonology, World Journal Science and Technology. Maharashtra, India. 21 April Mulyanta, S. Edi Pengenalan Protokol Jaringan Wireless Komputer. Yogyakarta: Andi 7. Rosa A. S. And Shalahuddin, M Rekayasa Perangkat Lunak Terstruktur dan Berorientasi Objek, Bandung: Penerbit Informatika. 8. Sadikin, Rifki Kriptografi untuk Keamanan Jaringan.Yogyakarta: Penerbit Andi 9. Schneier, Bruce E.J Twofish: A 128-Bit Block Cipher, ( Accessed 28 Oktober 2016) SE-12