Data Integrity and Security using Keccak and Digital Signature Algorithm (DSA)

Data security is a very important compilation using cloud computing; one of the research that is running and using cloud technology as a means of storage is G-Connect. One of the developments made by the G-Connect project is about data security; most of the problems verification of the data sent. In previous studies, Keccak and RSA algorithms have implemented for data verification needs. But after a literature study of other algorithms that can make digital signatures, we found what is meant by an algorithm that is better than RSA in rectangular speeds, namely Digital Signature Algorithm (DSA)


INTRODUCTION
Cloud computing is a technology that utilizes services using a central server that is provided by a provider and is virtual and can provide services to the use of software, data storage, networks, and data computing using.Therefore, data security is very important when using cloud computing at all levels: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS), including data-in-transit, data-at-rest, data processing, data flow, and data origin [1].
One study that is running and using cloud technology as a means of storage is G-Connect.G-Connect is a research that focuses on developing applications in the field of Internet of Things (IoT) and cloud technology with the characteristics of research locations in 3T areas that are minimal with their internet network.Some developments are in the active device IoT model, data management on IoT devices, management of data transmission from IoT devices to the cloud, and security for data transfer and data storage on the cloud.
For development carried out on G-Connect using cloud technology as a means of storing data, several aspects need to be considered in its development, that is data security aspects.In the security aspect of data, one of the problems is about verifying the data sent, whether it is from the node (address) that is correct or not.One method that can be used to verify data is the digital signature method.Digital signatures are a method used to authenticate message content and provide the ability to verify the owner of the message and the time of signature.One algorithm that can be used for digital signature needs is the Digital Signature Algorithm (DSA) [2].
DSA designed by the National Institute of Standards Technology (NIST) and the National Security Agency (NSA) in the early 90s and then published in 1991.DSA is a public key technique, which is only a scheme of digital signatures with the results of signs his hand is 320 signature bits [3].DSA uses Secure Hash Algorithm (SHA) as its hash algorithm.SHA is the most used hash function, made by NIST and published in 1993.Until now, there are four types of SHA, i.e.SHA (SHA-0), SHA-1, SHA-2, and SHA-3 [4].Although SHA-1 cannot be solved yet, because of the structure and operation similar to MD-5 and SHA-0, it is considered unsafe.SHA-2 is safer than SHA-1, but because of the same mathematical structure and operation as SHA-1, it might be unsafe.Therefore NIST built a new standard and created a competition generation new hash function created by NIST, which is now called SHA-3 [5].
The Keccak algorithm is one of the hash function algorithms designed by Guido Bertoni, Joan Daemen, Michael Peeteres, and Gilles Van Assche.Keccak is Keccak, the winner of the SHA-3 Cryptographic Hash Algorithm Competition, organized by NIST and has become the standard for the new Secure Hash Algorithm (SHA-3) hash function algorithm.Keccak is different from other SHA-3 finalists in terms of using sponge construction.If other designs depending on the compression function, Keccak uses a non-compression function to absorb and then squeezing the digestion [6].
In its application, the Keccak algorithm can be combined with public-key techniques.In the previous study [7], which discussed the use of the Keccak algorithm on RSA for data verification needs.But after a literature study of the RSA and DSA algorithms in the use of digital signatures, it was found that DSA is a better algorithm than RSA in terms of speed.
Based on the previous description, the focus of this research is on how the application of Keccak algorithm in Digital Signature Algorithm (DSA) to verify data, and comparison of execution time between Keccak algorithm on DSA and Keccak algorithm in RSA using data sourced on IoT devices.

Figure 1 Illustrations Data Validation of G-Connect
Regarding data verification, this research used the Keccak algorithm on DSA to verify data received in the cloud.DSA is used to create digital signatures, while the Keccak algorithm is used to do the hashing process on the DSA.DSA creates 320-bit digital signatures and is an algorithm used for digital signature processes, where digital signatures are a method to authenticate message content and provide the ability to verify the owner of the message and the time the signature for the DSA summary is shown in Table 1.
version received from M, r, s For the Keccak algorithm, it is chosen to replace the hash function that exists on DSA, because the hash function on DSA still uses SHA-1, so Keccak is chosen to replace the hash that is on DSA, because Keccak is an SHA-3 hash function that has become the standard hash function new, proven security [8].

2 Keccak Algorithm
Keccak is a one-way hash function algorithm based on sponge construction using the fkeccak permutation function with a permutation length range b size of each lane.The condition of b is indicated by equation (1) and equation (2).

2 l b 
(1) where 06 l  (2) The Keccak algorithm has the same principle as the cipher block algorithm, where the process is carried out on blocks, each process result depends on the input and results of the previous process, and each process is imposed on the main function consisting of several round functions which are titrated several times.But there is a difference between the Keccak one-way hash algorithm, with the cipher block algorithm, as follows: The Keccak algorithm accepts three input parameters, i.e. bitrate (r), capacity (c), and diversity (d).In general the process of this Keccak is: 1. Preparation of input messages (P), which is applying padding to the input message.The length of the message input padding result must be a multiple of r, with r = bitrate.2. Enumeration of the input message becomes 0 1 2 , , , , i P P P P , where i = number of multiples of the length of the bitrate for the length of the input message.3. Absorbing all fractions of the input message.4. Squeezing a number of j, where j = multiple output lengths r/w to fill the desired output length, r = bitrate and w = lane length of state.Where: Output is a concomitation of squeezing output in a certain bitrate range.
State on Keccak is a series of bits that are seen as a three-dimensional array of these bits.Each axis in the array is represented by x, y, and z. x x y is the slice of the state, and z is the axis of the lane state.The process carried out on the Keccak state is based on each slice state.The number of bits for each slice in the state is fixed, i.e. 5 x 5 or 25-bit while the size of each lane for a state is 1, 2, 4, 8, 16, 32 or 64.
The Sponge function on Keccak is based on the sponge work scheme.The sponge work process scheme is a simple iterative process scheme for constructing a sponge function with variable length inputs and variable output lengths depending on the fixed length of transformation (or permutation) f operating in a fixed number b in bits [9].Absorbing function iteratively according to the number of fractions obtained.. 2. Fase squeezing, is a phase to get the output.In this phase, several specific bits of f function is confirmed so that the number of concomitant bits is the same as the desired number of concomitant bits.The function of the Keccak sponge is the application of sponge construction by first carrying out the initialization process.In general, the initialization process is divided into two stages, as follows: 1. Sets each bit in a state with zero for the initial state.2. Applying the padding to the message so that the length of the input message is a multiple of the length of the initial bitrate specified.This process is done by adding 1 and several 0 as little as possible until the length of the message meets the multiples of the specified bitrate state length.Equation (4) and equation ( 5) are applied in this process. ( ( , ) pad M n function where message M plus 1 is then added 0 such that the number M is the smallest multiple of n.
( , ) enc x n function that produces a string with n-bit length taken from Least Significant Bit (LSB) kto Most Significant Bit (MSB), on x.
The keccak-f permutation function is the main function in Keccak.This function takes the state as input and performs several permutation operations consisting of five stages [6], i.e. diffusion (theta), inter-slice dispersion (rho), disturbing horizontal/vertical alignment (pi), non-linearity (chi) and break symmetry (iota).1. Diffusion operation/ θ (theta) Diffusion operations are linear.
This operation only checks 11 bits into one.Therefore, each bit affects the other eleven bits.In this process, 50 XOR and five rotations occur.

Inter-slice dispersion operation/ ρ (rho)
Inter-slice dispersion operations consist of translation operations in the lane.Without this operation, the diffusion between slices will be very slow.This operation is also linear, with the inverse in the form of a reshuffle which is contrary to the previous shift.

Disturbing horizontal/vertical alignment operation/ π (pi)
The disturbing operation horizontal/vertical alignment is a transposition operation against a lane that provides dispersion and aims to obtain long-term diffusion.The essence of this operation is to multiply each bit in slice with a matrix [[0,1], [2,3]].4. Non-Linearity operation/ χ (chi) The non-linearity operation is the only non-linear mapping operation in the keccak-f.Without this operation, the round Keccak function will be linear.This operation can be seen as a 5w S-Box operation application for 5-bit lines.This operation itself is invertible; the inverse of χ itself is different.5. Break symmetry operation/ ι (iota) The break symmetry operation consists of adding round constants which aim to disperse symmetry.The number of active bit positions in the round constant is l + 1.If l increases, the round constant will add more asymmetry.
This permutation operation in the keccak-f function is often also called the Round.At each keccak-f function, several rounds are carried out.The number of rounds recommended can be calculated using equation ( 6), with l as in equation (2  2. q, is prime 160 bit, is a factor of 1 p  , so that ( 1) mod 0 pq  .Parameter q is a public key.3.
( 1)/ mod pq g h p   , where 1 hp  so that ( 1)/ mod 1 pq hp   .Parameter g is a public key.

4.
x, is an integer and xq  .x is a private key.-Primes q 160-bit is selected -Primes p is selected -g is selected -Random private key x is selected -q is selected Figure 3 Illustration of the signing process The procedure for generating a key pair is as follows.

IJCCS
ISSN (print): 1978-1520, ISSN (online): 2460-7258  Data Integrity and Security using Keccak and Digital Signature... (Muhammad Asghar Nazal) This research is part of G-Connect, where the research is one of the research projects within the Department of Computer and Electrical Sciences that implement IoT devices and Cloud technology to help disaster-prone areas.The scope of the G-Connect Project is divided into seven parts including device communication between Arduino and Raspberry Pi, compression and transmission of data on the Raspberry Pi, operating system and scheduling on Raspberry Pi, cloud scheduling, the transmission of data extraction, correct and data validation in the cloud while the main focus of this research is about data validation (verification) in the cloud.For illustrations data validation of G-Connect shown in Figure 1.

IJCCS 1 .
ISSN (print): 1978-1520, ISSN (online): 2460-7258  Data Integrity and Security using Keccak and Digital Signature... (Muhammad Asghar Nazal)277 Keccak does not have a key schedule 2. Use round constants that are fixed rather than round keys.Keccak uses the inner state during the hashing process.And the function of the sponge used consists of padding, absorbing, and squeezing.Each state has a length according to the length of the permutation i.e. b.

4 .
public key.6. m, message will be signed.DSA has three main processes; i .e. Key Pair Generation, Digital Signature Generation, and Digital Signature verification.The Key Pair Generation and Digital Signature Generation are shown in Figure 3, while the Digital Signature verification process is shown in Figure

3 .
Random private key x is selected, where xq  Next is a signature generation procedure (signing), as follows.1. Message m is converted to message digest with Keccak Algorithm H(m).

2 . 4 .
Random number k is selected, where kq  3. The signature of message m is number r and s. r and s are calculated as follows.Message m sent with the signature r and s.

Table 1
).So for keccak-f [1600] the recommended number of rounds is 24.L must be multiples 64.Parameter p public and can be shared by people in the group.
1. p, is a prime number with length L bits, where 512 1024 L  and Data Integrity and Security using Keccak and Digital Signature... (Muhammad Asghar Nazal)