KANSA: high interoperability e-KTP decentralised database network using distributed hash table

,


Introduction
Today Indonesian Identity Card (e-KTP) have NFC Technology inside it.It is a new technology safer than standard RFID [1] which has much evaluation [2][3][4][5][6][7][8].The NFC Technology in e-KTP never been used until this time.Many government organisations have been used with conventional way into e-KTP to process many citizen service.There is also no regulation and socialisation to use e-KTP technology to integrate into existing government system.Beside the cost of e-KTP reader distribution and manufacturer, there was also infrastructure to built with big amount of money.This research focusing how to build decentralised network system for using e-KTP reader [9].The network we called KANSA which is provide lower price and easy to develop and integrate with existing system.
KANSA use Distributed Hash Table (DHT) concept to built decentralised network [10].DHT was used as base of Peer-to-per network [11] which we know as new concept of torrent [12], magnet URI [13].With the rapid development of the Internet, it needs more computing power resource [14].For example, it uses peer to peer network applications where storage capacity and network bandwidth can share between users.DHT (Distribution Hash Table ) is a system of efficient mechanisms for data placement and search the resources in the P2P network.The DHT-based system can apply in a backup file, which allows users to store their data files in a computer connected to the Internet and store all the time.In a DHT-based file backup system can enable users to store their data files on computers connected internet and keep it all the time [15].DHT is providing information search services for applications P2P (Peer To Peer) using a pair (key, value).Here the 'key' to act as input and returns 'value' as output [16].In the Peer to Peer (P2P), a single peer to peer further connected in a distributed storage system.A group of solitary resolution chart illustrates the distributed hash table of assets to the node in the P2P network where assets can be collected in the network and hence back.In the DHT offered the position of nodes and services that can extend, but not just in addition to any maneuver lookup (an activity that is used to place the asset in the system) [17].Distributed hash table (DHT) provides an efficient recovery method known as Checkpoint recovery and topology built using this table in a decentralized approach [18].

1361
AES-CBC is one method of encryption, known as the Rijndael algorithm.The AES-CBC method involves Initialization Vector (IV) for the XOR operation and requires 128 bits of data in single encryption.In the process the encryption and description, a plaintext must have a length of at least 128 bits of data XOR and IV to be operated on text first before a key encrypts it.The encryption process creates ciphertext.Then it will be decrypted by the first key.After that, the process will produce the plaintext decryption [19].Before encrypting blocks, XOR with the ciphertext from the previous ciphertext block.Analysis of AES-CBC method aims to find errors during the encryption process.The simulation was performed to analyze the reduction of the chip size [20].Mini-AES is a simple version of the application of the algorithm Rijndael (AES).Mini-AES AES has all the parameters are reduced significantly but still retains the original.Despite having all the parameters of AES, Mini-AES cannot represent AES security [21].
PBKDF2 a key derivation function based on a password [22].In implementation has a high impact on the security of a particular application.To improve efficiency, such as the CPU also on other hardware that has a special purpose as a modern GPU, Application-Specific Integrated Circuit (ASIC) or Field-Programmable Gate can be used.PBKDF2 can efficiently implement on the FPGA [23].Password-based authentication mode is the authentication mechanism has been widely used, after entering the user password, and then will compare the encryption calculation with a value of checks to authenticate user identity, application of the Internet is generally used by the encryption key password to protect the key communications sessions.The public key encryption standard 5 PKC (Public Key Cryptography Standard 5) is a secret key standard developed by the company RSA.It defines two single passwords is PBKDF1 Key-Based Lock function, and the other is PBKDF2 [24].PBKDF2 has implemented in Openoffice [25], developed beside SZRP protocol [26], compares with Bcrypt and Scrypt algorithm [27] and the weaknesses show in [28].e-KTP network infrastructure is a new problem and unresolved until now.This research proposing KANSA as e-KTP infrastructure as open standard.This standard can used in many government or non government organisation without breaking any law.

Research Method
The methods used in this study are DHT, AES-CBC, and PBKDF2.All three methods will combine and use on this project.The general methodof Distributed Hash Table (DHT) is structured overlay network is the average latency per successful search and percentage of successful searches.For searches based on DHT service with the top search for a failed search, both are average latency per successful search as well as the percentage of success search is the key to evaluating performance.Distributed Hash Tables (DHT) has a primary interface to meet the search process of structured P2P systems [16].In DHT offer the expandable position of nodes and services, but do not guard beside malevolent node maneuvering lookups (the activity used to situate the assets in the system).Malevolent nodes on a lookup pathway can merely undermine query.Systems like Halo (based on the chord) decrease such assaults by using superïňĆuous lookup queries.To supply better declaration, Reputation for Directory services is a foundation for boosting lookups in superfluous DHT by trailing how well further nodes service lookup desires.ReDS procedure can to practically any superfluous DHT containing halo.Moreover, also recognize mutual recognition and elimination of lousy lookup lanes in a way that does not bet on the dividing of reputation counts and dividing is susceptible to attacks that create it unïňĄt for the majority utilization of ReDS [17].This goal is an achieved by framing WSN with distributed hash table (DHT) which provides an efficient recovery method is known as Checkpoint recovery and the topology is constructed using this table in a decentralized approach [18].
AES-CBC is symmetric key algorithm, one method of encryption known as the Rijndael algorithm [19].AES working in which both the sender and the receiver use a single key for encryption and decryption.AES can define data block and key lengths.Data block length to 128 bits, and the key lengths to 128,192, or 256 bits.AES method is like iterative algorithm, and every iteration is called a round.The round can define as Nr, and the total number of rounds is 10, 12, or 14 when the key length is 128, 192, or 256 bits, respectively.There are four transformations each round in AES: Sub Bytes, ShiftRows, Mix Columns, and AddRoundKey [20].The steps to perform a encryption operation is first the plaintext must have length of multiple data 128 bits XOR with IV.And then it will be operated on the first plaintext  ISSN: 1693-6930 TELKOMNIKA Vol.17, No. 3, June 2019: 1360-1366 1362 before encrypted by the key.After that procees encryption creates a chipertext.After that a chipertext will descrypted by the key first.After description process, the XOR and IV are perfomed to result produce plaintext [19].The process of AES-CBC shows in Figure 1.
PBKDF2 a key derivation function based on a password.In algorthm PBKDF2 there is DK=PBKDF2 where, the Pass is the password, Salt is a salt value, c is the iteration count, dkLen is the length of DK.The Salt is a fixed random value ensuring a huge variety of derived keys for each password such that an attacker cannot use a brute-force attacking.And the c, iteration count, specifies the cycles of the pseudorandom function PRF against brute-force attack.PRF is the underlying pseudorandom function [22].Figure 2 shows illustration of pbdkf2 algorithm.

Results and Analysis
Every Node in the network acts as database server.The node can be a computer or mini PC or other operating system which can run the source code of KANSA node.The code shows in Figure 3.The node provides NoSQL database which is containing key and value.
The key is e-KTP NFC ID encrypted by PDKF2 and AES-CBC.The Value may consist Name or another field which is needed by stack-holder.The code uses asyncio and kademlia library to run DHT network.In this research simulates two nodes in one computer.Although running simulation on same computer, the port must different to avoid collision.The host is 127.0.0.1 and the port 8448 and 8468.

PBKDF2 and AES-CBC
The key stored in DHT network was encrypted using collaboration of PDKF2 and AES-CBC.The algorithm shows in Figure 4.The encryption algorithm uses pbkdf2 and AES library.The pbkdf2 uses passphrase, salt and iv with 16 character for each in length.In Figure 4 shows three function tailfill, urlEncode16 and encodeData 16.The tailfill function act to fill up the string uri until 16 character.The encodeData16 function is to generate cipher text using PBKDF2 and AES CBC from string msg.The urlEncode16 uses tailfill dan encodeData16 Function to generate cipher text.

Distributed Hash Table
The e-KTP data stored in Distributed Hash Table using set code.To get value data, get code will be use.The set algorithm shows in Figure 5 and get algorithm shows in Figure 6.

Simulation and Testing
Simulation start with two nodes.The simulation have several scenario shows in Table 1.First scenario with two nodes go live.There is no problem with get and set data with two nodes go live.In second scenario, we put down first node and the data get the result.In third scenario we put down second node and the data get the result.The get simulation shows in Figure 7 and set scenario shows in Figure 8.The simulation has successfully make sure the data will be available if there minimum a node alive.

Conclusion
The research proposed KANSA as open standard of network interoperability to utilise the technologi in Indonesian Citizenship Card.KANSA use decentralised model to decreasing server infrastructure cost.KANSA use DHT to store the data and successfully act as reliable and high availability to store the data.PBKDF2 and AES-CBC was used to secure the data from man of the middle and other attacker who want to steal the data.Further more development can be developed on DHT network side and encryption side.In the DHT side, the method for identifying and searching every node in the network can be optimise with another method of search algorithm.In encryption side, another encryption algorithm can make the data more secure and save from unattended user.

Figure 3 .
Figure 3.The source code of every node in network using python