Implementation of Encrypt National ID Card in Sinovi Application Use Waterfall Methodology

In this era of increasingly rapid technology, the development of information systems is also growing rapidly, because information systems provide what users need. Information is a very valuable thing. When information or data falls into irresponsible hands, it will bring disaster to the owner


Introduction
Advances in information technology have increased the need for data security regarding the confidentiality of information exchanged over the Internet, especially when the data resides on a computer network connected to another network [1]. This obviously poses a risk when irresponsible people access sensitive or valuable information. If this happens, it is likely to harm not only the sender of the message, but also the organization. Also, hacked data can be corrupted or lost, leading to huge losses [2], [3].
The author wants to implement this security encryption on the Sinovi application, Sinovi is an application for copyright registration and commercial application of Telkom Institute of Technology Purwokerto in the form of a website accessible to teachers and students. This app stores some important data like emails, addresses and IDs.
Not long ago, news about personal data, email addresses, addresses, phone numbers, ID and other cases of private data leakage appeared non-stop. [4]. For example Tokopedia e-commerce hacked by hackers. Tokopedia was reported to have been hacked, in fact the number was estimated at 91 million accounts and 7 million merchant accounts, no longer 15 million as previously reported. Whereas in 2019, Tokopedia revealed that there were around 91 million active accounts on its platform (Suyanto, 2003). This means that almost all accounts on Tokopedia have been successfully retrieved by hackers. The perpetrators sell data on the dark web in the form of user ID, email, full name, date of birth, gender, cellphone number and password that are still encrypted. All are sold at a price of US $5,000 or around Rp.74,000,000.00 (seventyfour million rupiah). There are even 14,999,896 Tokopedia accounts whose data can now be downloaded [5], In addition, previous research revealed that consumers who were harmed due to leaks stored by the online marketplace could file a lawsuit with the Minister of Communication and Information of the Republic of Indonesia to demand accountability for the online marketplace as the Electronic System Operator, this is in accordance with the ITE Law, PP PSTE, and Permenkominfo PDPSE [6]. Therefore, to prevent this from happening, the author uses the AES encryption algorithm while encrypting and describing the data. Encryption has become an integral part of cyber security systems and one of the ways to encrypt data is the Advanced Encryption Standard (AES) [7], AES is the first and only cipher approved by the US National Security Agency (NSA) to protect classified information [8]. AES was originally named after its two developers, Belgian cryptographers Vincent Rijman and Joan Daemen Rijndael [9]. This study will use the waterfall research method, Waterfall is an approach to systematic and sequential software development starting from problem analysis, design, implementation, testing and maintenance [10]. The reason we use Waterfall is because it is easy to use, sequential processes from analysis to support, each process does not overlap [11], At the testing stage, the researcher will present data in the form of a table from the blackbox testing process, Black box testing or also known as Behavioral Testing is a test carried out to observe the input and output results of the software without knowing the code structure of the software. This test is carried out at the end of making the software to find out whether the software can function properly [12].
Writer use the PHP programming language. The hypertext preprocessor (PHP) is an interpreted programming language that translates lines of code into programs that a computer can understand at runtime [13], [14]. PHP is a very popular and easy to use server programming language. Many people use PHP to build different types of websites [15], [16]. This study uses an encryption library written in PHP programming language which was introduced earlier, in this library all ciphers are converted into one so that users can use it more easily [17]. The wirter have a plan and idea to secure a national id card, the author wants to change a sensitive image saved into a random text that cannot be opened by the responsible party, after the ID card image is encrypted, the random word will be stored in a file to replace the previous ID card image, so that irresponsible parties will find it difficult to guess someone's ID card [18] and in this research writer will try to use this encryption library to secure national id card are stored in sinovi application.
The hope is that with this research, the data in the Sinovi application will be more secure, and overcome data leaks to irresponsible parties, if data leaks no one can find out except the person who created the data security key. The author also hopes that this research can be a theoretical basis for other research

Research Methods
As explained in the previous chapter, this research uses the waterfall research method [10]. The waterfall method involves successive stages of software development, from analysis, design, coding and testing.
The research stage is organized so that the research activities carried out are planned, organized and systematic and the research objectives can be achieved. Figure 1 below shows the research phase for implementation [19], the steps of the method can be seen in the image below.

Figure 1 Waterfall Software Development Life Cycle
In figure 1, it is explained that the research will carry out 5 stages, namely: a. Requirements In this steps, writter will collect all requirements for the next step, such as the main problem for the discussion from sinovi application and download several fake national id card from internet for as a sample. b. Design In steps two, writer will design a simple encryption system, and writer will show to you the random strings are must create from the encryption process. c. Implementation In steps three writer will start to code a encryption system use a PHP encryption library, because to make easy the encryption process and we don't to code from zero because we will too many time for that's, and writer will copy several fake national id card images inside a folder (one location from the PHP code) and the code will read all images one by one use loop, and encrypt them as random text. d. Verification (Testing) In steps four, the writer will check again for the encryption results. Is same as a design steps or not. If not, writer will re-check the encryption process one by one, the test was performed using the black box test method. This test will test the functionality of the National ID card encryption system

Results and Discussions
a. Requirements In this stage, the formation of the problem that we are going to solve is explained. In the field of technology, every company must build a security system. Because data is very important, there is very important private data in the Sinovi app, one of which is the service user ID card. Unfortunately, the Sinovi service does not set up strong enough encryption for the ID card, and I am concerned that the data will be leaked and irresponsibly distributed to users. In figure 2, the ID card of the user of the Sinovi application is not encrypted, so the data is feared to be seen by irresponsible parties, for example To display a national id card, sinovi will give a URL like in figure 3. The URL is divided into 3 parts, part one is the main domain, part two is a folder and part three is a filename with file extension and the response will be like this   figure 3) they can see another national id card. This method is often referred to as brute force. In cryptography, a brute force attack is a technique used to attack computer security systems by testing all keys [20], [21] . Attackers systematically check all possible passwords and passphrases until they find the correct one [22]. Not only password guessing, if someone tries to guess the sinovi app URL, it can also be considered as brute force [23], [24]. So in this research will use several images as a sample encryption test.
b. Design In this step, the author will use a simple php command line application to code multiple images as shown in the previous step and the application folder structure will be like this And how about for running the application like this in figure 6, the writer will execute main file from the command line, and the application will read all fake national id card images and encrypt them one by one. When the program finishes encrypting all images, it will say success and the results must will be a random string, like in figure 7. So when the results in implementation steps later are same at this step, so the experiment was successful, and when not the writer will check again until the result are the same at this step. Because according to the abstract and introduction protecting data is very important.  At this research the php command line program will works like in figure 9, for loop will scan all files inside of source folders, and the program will convert a original national id card to a random string. So not anyone can open for a hashed national id card. In the first test, the writer will edit the master file to decrypt all encrypted national ID cards, and the writer will re-run the master file and the program will convert it back as an image, so anyone can see the original national id card image. Figure 12 is the project's structure folder after the program is successfully executed there are some image files in decrypt_results, all images in the decrypt_results folder must be the same as the source image, see figure 13 for the decryption results.  In the second step of the test, the author will uploads the encoded results to the sinovi server and brute force them one by one the URL without login into sinovi as an admin user (like in figure 3), to ensure the author can guess another national id card or not, if the author failed to guess another national id card, and finally this research are successful, and when the author tries to guess the URL address of someone else's ID that is stored in the sinovi server, the author sees as in figure 14, only random words that are difficult to guess appear. If the author sees a random sentence given by the sinovi server, then the irresponsible party also cannot see the original version of the national id card that has been secured, no one can open the security except someone who has secured it and someone who creates a security password for the ID card. This way, data security is higher, and can prevent data leakage to unauthorized parties. As explained in the design stage, which requires that the output of the encryption process is a random word that cannot be easily guessed by someone, at this trial stage it has been in accordance with the previous design stage. So this step can be said to be complete and successful, and the writer summarize all testing steps in table 1 below When all stages have been passed and when the verification process is in accordance with the design process, at this stage the author will carry out monitoring and improvement so that the Sinovi application can run normally and the encryption system that has been designed previously runs well without any problems.

Conclusion
The conclusion obtained from this research is that data is an important asset for a person and for a company, so that everyone must protect their own data and companies must also have their own security systems to protect customer data. For example, as in this study, which uses the AES 256 method to secure the ID card data of users of the Sinovi service to make it more secure and anticipate data leaks to irresponsible parties. The limitation of the research in this study is only the scope of KTP data on the Sinovi application belonging to the Telkom Institute of Technology Purwokerto, and in this study the researcher has contributed to others in the form of having created an encryption library using the PHP programming language named t_encrypt so that other people can encrypt the data they have, are the same as those described in this study. It is hoped that people or a company that is making an application service must perform data encryption, the authors hope that this research can be useful as a theoretical basis for anyone who wants to research about data security and ID card encryption, and the author hopes that there will be more research developed that is the same as this research, even the researcher hopes that there will be future research that uses the library that the author has made before, to speed up their research and have research that tests AES 256 with different methods research