Comparison of Security Signing Data Authentication Integrity in Combination of Digest And AES Message Algorithm

Online information systems with the Single Sign-On (SSO) model are currently widely used by many companies. Single Sign-On (SSO) is an independent authentication model. This system runs on the Hypertext Transfer Protocol (HTTP) protocol. Sending data or information without security is at risk of eavesdropping on information by the authorities. This study aims to compare the combination of Message-Digest and Advanced Encryption Standard (AES) algorithms to improve data security by modifying dynamic keys. The test results show that in each execution the user name and password with the MD5 algorithm are always the same while in the AES algorithm the results are always different so it is safe from replay attacks. So that the Advanced Encryption Standard (AES) algorithm can secure data through the Single-Sign-On authentication process with high-security accuracy.


Introduction
The rapid development of technology and information has a positive impact, namely the ease of sharing information or data through a computer network [1]. But at the same time, it also has a negative impact that is information or data can be accessed by parties who are not responsible for the crime. This also applies to the application of new technologies, the organization is faced with various opportunities and risks that can affect the performance of the organization [2]. One of the applications of new technology is that online information systems currently take an important role in companies. Online information systems are intended to improve service to each employee and improve company performance. Management of information systems becomes an important principle of the security of the system. This is because, the ease of accessing information, whether directly or indirectly, certainly has an impact on the emergence of risks and threats to the security and integrity of the data set. Threats that are expected to occur are unauthorized access to information or sources of information, such as duplication, alteration, or even destruction of information itself, thus bringing harm. For this reason, security management is needed that can protect or retain unauthorized access to maintain the data within a certain period time [3]. The system needs to implement security services such as authentication, encryption, access control, user management, and licensing [4]. Information security is one of the problems in ensuring data transmission over the web [5].
Information security is an effort to safeguard information and information systems from all possible threats to ensure and ensure business continuity, minimize business risk, and increase business opportunities. Information is an organizational asset that must be protected by security [6]. Data security has a major role in the development of a communication system, where more randomization in the secret keys increases the security as well as the complexity of the cryptography algorithms [7].
The login system is something that is found and is one of the important aspects of the world of the internet, which needs to be considered for its safety. The internet is built through a network of interconnected computers, with so many users connected to the network, data and information are very vulnerable from unauthorized outsiders [8]. This makes all data and information easily accessible to anyone. Not only can be accessed by people who are authorized or interested, but also by others who want to use it for personal gain by stealing data and information from the computer system (hackers) [8]. For this reason, the system is demanded to be able to know the users or users who will use the system are those who have been given permission or who have an interest [9]. The user must identify himself to the system, and the system must ascertain whether the identification is authentic or not [8].
From the literature search results, there are currently several methods that can be used to improve the security of sending data using the HTTP protocol. These security methods include Hypertext Transfer Protocol Secure (HTTPS) [10], Secure Hypertext Protocol (SHTTP) [10], and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) [11]. However, several other research results show there are still some weaknesses in using HTTPS [12]. Other literature that has improved data security by using MD5 [13][14] [15], hardware to support MD5 speed and security level [16]. MD5 process by adding bits, adding message length values, initializing the Message Digest buffer, and processing messages in 512-bit blocks [17]. The data processing MD5 algorithm is quite fast because it only takes a data length of 128 bits [8].
In information systems that implement authentication using a password, each user logs in to the system by typing in a username and password, which is ideally known only by the system and the user concerned. The process of logging in is when the system is convinced that the user who is trying to access is entitled [18]. Web-based information systems usually store data about the username and password in a table in the database. Therefore, the system will check into the database whether the user name and password entered are correct or not [18].
From the background and problems raised above, a study was conducted to compare the use of the MD5 algorithm on Single Sign-On and the 128 bits Advanced Encryption Standard (AES) algorithm. The output of this research is expected considering the selection of algorithms in securing the integrity of data security, flexibility in various software and hardware.

Algorithm Message Digest
MD5 is developed from MD, MD2, MD3, and MD4 [16]. This algorithm utilizes a series of non-linear algorithms to perform circular operations, so the cracker cannot return the original data.
In cryptography, it is said that an algorithm such as an irrevocable algorithm can effectively prevent data leakage caused by reverse operations. Both theory and practice have because the use of the MD5 algorithm does not require payment of royalties, less time, and costs which makes it widely used in general non-confidential applications. Operates on a single block (of 512 bits for Whirlpool) but the communication remains unidirectional except for the last block of the hash computation when the result is returned [19]. The processing logic is shown in Fig. 1  The 4-cycle process has the same structure but each has a different logic function. The functions used in each round are as follows: H (x, y, z) = x ^ y ^ z (3) I (x, y, z) = y ^ (x | (~ z)) (4) The MD5 algorithm falls into two categories. 1. Hash operation on large data block and get hash value 2. Hash operation on many small data blocks and get the hash value of each small data block [16].

Algorithm Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES) can store data and communications within an organization. AES uses the same key as the transmission isobilateral key as the receiver. AES uses 128, 192, and 256-bit cryptographic keys [20].
The AES algorithm has a complex internal process and structure that ensures it is very safe and has no weaknesses [21]. The Rijndael AES algorithm consists of variable block sizes which can also be 128, 192, or 256-bit. This Rijndael algorithm with key sizes of 128, 192, and 256-bit provides approx [21]. Rijndael can be used as an iterated hash function by using it as the round function. Here is one possible implementation. It is advised to use a block and key length both equal to 256 bits. The chaining variable goes into the "input" and the message block goes into the "Cipher Key". The new value of the chaining variable is given by the old value EXORed with the cipher output [22]. Some stages in AES are ByteSub, Shift Rows, MixColumn, and add Round key [20]. The first stage is SubBytes, which is the replacement of non-linear bytes, where each state byte is operated independently. Н is reached via S-box. S-box is a substitute table that has been calculated previously with a value of 256 numbers (from 0 -255) and the value of the matching results. The second stage, Shift Rows: In the transformation phase shift Line 0 stays in position, when rows 1,2 and 3 shift one byte, two bytes, and three bytes respectively [23].
The fourth stage is the Round Key. Subkeys are generated from the primary key. Subkeys are the same size and inserted with concatenating each with related bytes in subkeys [24]. In the AES decryption process, the cipher transformation can be reversed and implemented in the opposite direction to produce an inverse cipher that is easily understood for the AES algorithm. The byte transforms used in inverse ciphers are InvShiftRows, InvSubBytes, InvMixColomns, and ArroundKey.

Research Tools and Materials
The hardware specifications used in the system implementation used in this study are as follows: While the software specifications used in implementing the system used in this study are as follows:

Implementation of MD5 dan AES
The implementation of the MD5 algorithm is to accept input in the form of randomly generated messages and produce a message digest that has a length of 128 bits. AES is a symmetric block cipher where a single key is used for both encryption and decryption process. Te input and output for the AES algorithm each consist of sequences of 128 bits. The key used in this algorithm consists of 128, 192, or 256 bits. AES operates on 8-bit bytes [25].
AES is a symmetric blocks cipher with key sizes 128, 192, or 256 bits and blocks size of 128 bits. It has 10, 12, and 14 rounds which depend on the key size. The proposed design is based on the AES-128 Encryption. Each 128-data bits block along with the 128-bit cipher key are processed through a 4 x 4 state matrix and key matrix respectively. At the start of the algorithm, the state matrix is initialized with the original plain text while the key matrix is initialized with the user input key.
The following block diagram of AES Algorithm: Implementation of AES Algorithm [26] The input data block is XOR-ed with the first 128 bits of the passkey to generate the status (intermediate cipher result) [27]. For encryption, each round consists of the following four steps: 1) substitute bytes, 2) shift rows, 3) mix columns, and 4) add round key. For decryption, each round consists of the following four steps: 1) inverse shift rows, 2) inverse substitute bytes, 3) add round key, and 4) inverse mix columns. The last step consists of XOR-ing the output of the previous three steps with four words from the key schedule; the outcome of the last round is either the encrypted or decrypted block. In the encryption and decryption process of AES, the State array is modified at each round by a round function that defines four different byte-oriented transformations [28]. Each round of the encryption process requires a series of steps to alter the state of the array [29]. Implementation of AES Algorithm is as follows : a. All the 16 byte input messages are arranged in a four-of-four byte matrix called state matrix. A Shift Row is arranging elements of a state key matrix which performs a circular shift each row. The circular shift length is different for each row. The first row is never moved over. Second row moves one first element to the right at the last element. Third row moves two first elements to the right at the last element and the last row moves three first elements [30].
e. Mix Column Transformation: This is a linear transformation which mixes each column of the state matrix obtained after shift row transformation and all the arithmetic involving the coefficients is done in Galois Field (GF (28)). Key Generation Using GA-The process of generating the key from the Genetic [31]. The MixColumn step is a linear transformation which mixes each column of the state matrix. Each byte is replaced by a value dependent on all 4 bytes in the column and is performed by the following multiplication [32]. The decryption process will be the opposite of the encryption round where the different functions will be using their inverses: ShiftRow to Inverse ShiftRow, SubBytes to Inverse SubBytes, and MixColumns to Inverse MixColumns [33].
f. Key Addition Layer: In this layer the state byte matrix obtained after the mix column transformation layer are XORed with the sub keys of the previous round. Which also consist of 16 bytes [28]. A simple bitwise XOR operation between each byte in the state matrix with its corresponding byte in the key matrix. The key matrix corresponds to the same round of the state matrix [34]. The final round consists of only three transformations ignoring MixColumns [35]. The Decryption method is the reverse of encryption and it consists of four transformations [36]:

Inverse Substitution Bytes
The 16 byte plain-text substitutes the corresponding value from substitution table S-box [37]. Table 3. Inverse S-Box [35] Inverse Substitution Bytes is the inverse of the substitution byte transformation. This is performed through inverse S-box [38] [39].

Inverse Shift Rows
In shiftrows transformation, the bytes in last 3 rows will be shifted cyclically over number of bytes present. a) The first row will remain same. b) The second row will get shifted to the left by one position. c) The third row will get shifted to the left by two positions. d) The fourth row will be shifted to the left by three positions.

Inverse Mix Columns
MixColumns transformation performs by transforming each column of four bytes. It takes input as one column which is of 4 bytes and output as completely different 4 bytes by transforming the original column.
The resultant matrix is same as the size of plain-text. MixColumn transformation will not be carried in the last round.

Add Round Key
The 16 bytes which is produced from MixColumns is equal to 128 bits which is XORed with the round key of 128 bits. The above process has been repeated until final round to produce the corresponding cipher text [40].
Different from AES, MD5 many situations where a potentially long message needs to be processed and/or compared quickly [41]. The MD5 algorithm takes as input a message of arbitrary length and produces as output a 128-bit message digest of the input. The authentication algorithm computes a digest of the entire data of the secret message, used for authentication [42]. MD5 consists of 64 operations, grouped into four rounds of 16 operations [43].
The main MD5 process consist of five steps that is used to convert plain text into cipher text which are as follows: Step 1: Append padding bits The message is padded so that its length is congruent to 448, modulo 512. The message is extended so that it is just 64-bit shy of being a multiple of 512 bits long. So, "1" bit is appended to the message and then 0 is appended so that the length is congruent to 448.
Step 2: Append length A 64-bit representation of length of message before padding bits were added is appended to the result of the previous step.
Step 3: Initialize MD buffer A four-word buffer is used to compute the message digest where each of the 32-bit register is initialized in hexadecimal, low-order bytes.
Step 4: Process message in 16-word bits The four auxiliary function is then processed with various steps to produce the desired output.
Step 5: Output The message digest is produced as an output. The plain text is converted into cipher text or hashed form [44].
Following is the basic implementation of the MD5 algorithm: = modulo addition operation 232 The steps in implementing the MD5 method are done by using 2 PHP files that function as input form files and database connections. Initial value of the hash function is replaced by a non-standard value, which is the result of the attack [45]. The database used for this implementation is MySQL, arguing that MD5 cryptography is an integrated part of MySQL. By using syntax: Then the password on the database will be encrypted by itself MD5 in a similar way, and the result hash value is compared with the hash value in the database for that particular user [46].
The SSO authentication in this study uses the MD5 algorithm to validate login user accounts. Users can connect with SSO through validating user login sessions. The process goes through stages on the NuSOAP web service by checking the value on id_user.

Testing
Testing in this study was conducted on hash variables and user login accounts. The test was carried out to obtain the results of the plaintext from the user's login encryption on SSO and MD5 from the table. Stages of testing consist of two, namely testing the sample username and password stored in two separate files.
Matches on the username and password in the results of this test were found by looking for the match string and Http response variables of each username and password. Testing on the AES encryption side with a dynamic key generator with the username and password received in the form of ciphertext. The process with the application of a dynamic key generator means that the AES key used will always change for each decryption encryption process based on changes in time value. AES is secure against the brute-force attack [47]. In the AES encryption process using four basic transformations with sub bytes, shift rows, mix columns, and add round key sequences. Whereas the decryption process uses the inverse of all basic transformations in the AES algorithm except add round key in the order of the transformation of in shift rows, in sub bytes, add round key, and in mix columns. In-text data, the encryption process begins by converting text into ASCII code in hexadecimal numbers formed into 4x4 byte matrices. Then some basic information is performed, such as sub bytes, shift rows, mix columns, and add round key. However, when carrying out data transformation, the data that is processed in each form is binary data from the hexadecimal matrix. AES 128-bit cryptography has a keyspace of 2128 which is a very large value and is considered safe to use avoid brute force attacks [48]. The following is a comparison test table for encryption with MD5 and AES Table 4 : The test results above show that in each execution the user name and password with the MD5 algorithm are always the same, while in the AES algorithm the results are always different so it is safe from replay attacks. The dynamic key is generated on the AES algorithm using a function of time. Key can be generated at random based on the value of the time when the sender logs in to the system [49]. Cryptographic hash functions like MD5 do not have a sound mathematical security definition, but instead rely on the following "intuitive" notions of security: for a hash function h with domain D and range R, we require the following three properties [50].
AES has a varying number of rounds depending on key size [51]. The results of message encryption on both MD5 and AES algorithms increase in messages. For AES, the timing of memory accesses to look-up tables is strongly correlated with secret key data. Several implementation recommendations seek to reduce or eliminate this correlation.
If possible, the embedder should avoid look-up tables altogether and use the logical implementations of AES instead. Alternatively, lookup tables can be stored in registers to eliminate memory accesses and associated timing. AES implementations using a smaller set or multiple copies of tables are also available which changes the access statistics, making timing more difficult to predict [52]. implementing AES in a way that is impervious to this attack, let alone developing an efficient generic countermeasure, appears non-trivial [53]. Based on the text files used and the experimental result it was concluded that the AES algorithm consumes the least encryption and RSA consumes the encryption time [54]. AES, Advanced Encryption Standard, is a symmetric key encryption standard which is widely used to secure data where data confidentiality is an important and critical issue. Symmetric key (AES) has high efficiency that it is suitable for encrypting a relatively long plaintext [7].

Conclusion
This study uses a comparison of the combination of Message-Digest and Advanced Encryption Standard (AES) algorithms to improve data security by modifying dynamic keys. The test results show that in each execution the user name and password with the MD5 algorithm are always the same while in the AES algorithm the results are always different so it is safe from replay attacks. So that the Advanced Encryption Standard (AES) algorithm can secure data through the Single-Sign-On authentication process with high-security accuracy. AES has different advantages such as security, flexibility, and ease of implementation [33]. Advanced Encryption Standard (AES) algorithm has become the optimum choice for various security services in numerous applications [55]. MD5 are commonly used for encrypting plaintext passwords into strings that theoretically cannot be deciphered by hackers due to their one-way encryption feature. However, with time, attacks became possible through the use of dictionary tables and rainbow tables [46].