Encoding the Record Database of Computer Based Test Exam Based on Spritz Algorithm

Computer utilization in the execution of the computer-based test is currently no strange. Almost all government agencies and companies at the time of conducting the test acceptance of new employees have been using computer-based test system online or often referred to as Computer Based Test (CBT). One of the important aspects to be considered and must be maintained in the execution of computer-based exams is the problem of question security and exam answers to abuse actions. One technique that can be done to solve the problems above is the use of cryptographic techniques. This research describes the use of spritz algorithm which is one of the cryptographic algorithms to encode the text database record of the computer-based test. The results of the encoding process can make it harder for the attackers to know the original text of the exam, so as to minimize the abuse of the exam.


Introduction
Implementation of computer-based exams online nowadays has been done by various agencies both government and private companies.This is done because the implementation process is more effective when compared with the Paper-Based Test (PBT) test or better known as a conventional test.Testing Computer-based or often known as Computer Based Test (CBT) is no longer excluded exams to come to the location of the exam or exam executive agencies, slowly can appear online anywhere or place that has been determined by the executive committee.One aspect that must be considered in making the test.Based on research conducted by Rejito and Setiana, who said things that must be considered in the implementation of CBT is the confidentiality of the exam database because it should not be published either from the side of the test participants (client) or database manager (administrator) [1].
Utilization of cryptographic algorithm techniques is one alternative solution to solve the above problems.Another study conducted by Setyaningsih say that the application of cryptographic techniques is one way that can be done to secure the data by encrypting it [2].Text exam records that have been stored in the database can be encoded by the procedure or the cryptographic algorithm.It can have a significant impact on the business to minimize the abuses of the exam from a party other than the legitimate parties.Counterparts, aiming to avoid the misuse of information by other parties who are not eligible [3].
Spritz algorithm is a variant of the RC4 algorithm produces sponge-base construction in generating a key in the encryption and decryption process.This algorithm works based on the concept of a stream cipher that is encryption one by one.One of the advantages of this algorithm is the process of generating the keys used in the process of encryption and decryption.The next generated key always depends on the flow of the previous key [4].The high complexity of the performance of the spritz algorithm led to the complexity of the cryptanalysts to find the key and solve this algorithm.This research describes how the security text records a computer-based exam conducted online.The safeguards do is minimize the abuses of the exam to encode the original text of exam questions are stored as database records based algorithm spritz.Records that have been LONTAR KOMPUTER VOL. 9, NO.encrypted is what will be accessed by the examinee (client) when accessing the exam.Exam encrypted will be decrypted automatically by the application test so that the original text of proficiency level exam questions can be understood by the examinee.

Research Methodology
The methodology that used in conducting this research is : a. Literature Review Search and study relevant literature or references to topics covered either through books or electronic journals.b.Analysis Analyzing the security problems in the implementation of the computer-based test, especially security exam on either the server or client computers.This is done to determine the solutions provided to solve problems that have been identified.c.Implementation Using spritz algorithm to encrypt the online test records computer-based database.

Computer Based Test
The Computer-based test known as Computer Based Test (CBT) has been done since 1960 [5].Until now, government agencies and companies are using CBT as a model of implementation of the various examination techniques or hiring new employees, because in addition to effectively and efficiently can reduce operating costs required in the implementation of the test.Computerbased exams involve client-server systems.Computer servers to act as a provider of the exam as well as a central controller for the client implementation of the test.Implementation of computer-based test can give participants more accurate test results because everything is done by the system.In addition to this, the level of fraud participants in working on the test can be minimized.

Cryptography
Cryptography is a term of one of the commonly used data security techniques.This technique works by encoding data to be secured so it is not easy to fall into the hands of others who are not the real recipient [6].Along with its development, the term cryptography is defined as a science that studies mathematical techniques relevant to data security aspects including confidentiality, integrity, authentication, and non-repudiation [9].Cryptographic techniques have several algorithms such as GOST, TDES, RC4, Spritz, Triangle Chain Cipher and others.The application of cryptographic algorithms must achieve the principle of confusion (confusion/confusion) and diffusion (diffusion/melting) [7][10].The basic functions of cryptographic algorithms are encryption, decryption, and keys.The elements of the cryptographic system are the original file/data (plaintext), the encrypted file (ciphertext), the encryption process, the process of converting ciphertext to plaintext (decryption) and key [6].
Spritz algorithm is an update of the RC4 algorithm performed by Ron Rivest and Jacob Schultz in 2014.Spritz as a variant of encryption RC4 cows including messages or data one by one using relatively short time-dependent transformation encryption [4][8].The addition of a relatively prime element to the N value of the pseudo-random generation algorithm is the difference with the RC4 algorithm.In addition to stream ciphers, the spritz algorithm can also be used as a hash function and the Message Authentication Code (MAC) by using the sponge function in securing data.The main procedure of the spritz algorithm as a stream cipher consists of three processes: Key Scheduling Algorithm (KSA), Pseudo-Random Generation Algorithm (PRGA) and encryption or decryption process.a. Key Scheduling Algorithm (KSA) The key scheduling process is a process that is done to make the S-Box where N is the size of the array to be mutated, i.e. 0 -255.

b. Pseudo-Random Generation Algorithm (PRGA)
The pseudo-random generator algorithm process is performed to derive a new key number of plain elements.The value of w is a new variable added to the spritz algorithm that corresponds to the RC4 algorithm.The value of the variable i, j, k and z starting at 0 and will change according to results at each iteration.This process involves an array of S values that have been permuted in the KSA process.Pseudo-code PRGA is : where w is a relatively prime value of integer with N and the value of i, j, k, z starts from 0.

c. Encryption and Decryption
The encryption and decryption process is done by XOR-binary each output z with each plain element in a stream.Formulation of the encryption process: (1) Formulation of the decryption process: (2) Description of the formula above: Pi = plain element Ci = cipher element z i = key element (the result of PRGA process)

Database
A database can simply be defined as a system that serves to store and process data into useful information.One of the data that should be maintained and maintained by the owner of the information system is the database.Information on a system can be updated by using the database management process [7].A database is filled with one or more tables, and each table is filled with some record.These records which shall be processed and processed into information for the users of the system.MySQL is one of the applications that can be used to create and manage databases.Through commands (query) owned by MySQL, the management of the database to generate information do.

Results and Discussion
Based on the description of the background above, the problem being analyzed is the issue of security text database record computer-based exam.One important aspect to be considered in the implementation of the computer-based test is the security of the exam.If the analogy database security exam conducted without securing the database, then it is very easy to be attacked by the other party, because if an attacker manages to get the exam can access the database, it is clear the record about the exam can be easily manipulated or leaked.
This study describes how the security database records are secured by encryption of the text record exam questions are then stored into the database exam application.

Figure 1. Encryption Process Scheme CBT Exam
A Based on the figure 1 above, it is known that the process is carried out starting with the process of encryption (encryption) exam conducted by the maker of the exam committee.The exam that was encrypted stored in the database exam application (server).That is, the text of records stored in the database password from the exam is about the original text.This database to be accessed by the client (examinees).Exam application that is accessed by the participants automatically perform the decryption process (returns cipher into a plain), so the exam can be understood by the client.

The process of Computer Based Test Database Encryption
The process of encrypting the computer-based test database is done by the test team and then stored into the exam application database (server).The encryption process is based on the spritz algorithm to generate exam ciphers.The schema of encryption process can be illustrated in Figure 2 below.

Figure 2. Schema of Encryption Process
The following database records will serve as an example of the encryption process in this research.Database created using MySQL application.a. KSA Process Based on the KSA process algorithm, it appears that there are two main processes that are done, namely, generate an array S and do permutations of the contents of the S array that has been formed.The contents of the Permuted S Array will be used in the PRGA process to generate a random key element.The value of i, j, in this case, start from 0 to 255, while the value of N is 256.
The initial step is the formation of an array of initial key: The next is the manufacture of the array S, by following the KSA's pseudo-code array S, so that the resulting table array with integer values ranging from 0-255.This process will be done up to the value of i = N -1 or equal to 255 (255th iteration).
During the iteration process, there are times when the contents of an array experiencing a process swap (exchange) more than once.The array S values that are permuted in the next process are the values of array S that has resulted from the previous permutation.The result of the key scheduling process (array S) as a whole is shown in table 5.The pseudo-random process will generate a new key at random which is equal to the number of plain elements.The value of i, j, k, z = 0 and the value w is selected one of the relatively prime values with 256, for example, w = 29.Suppose, PRGA process to encrypt exam number 1.
The text of the test (plain): Kepanjangan KSA adalah ....The number of text characters about the test is 26 characters, meaning that the key will be raised as much as 26.The key value obtained will be used to perform the encryption process of each text character on the exam in a stream.
The iteration process when the value of i, j and k = 0, then: LONTAR KOMPUTER VOL. 9, NO.This process is done until the 26th iteration (corresponding to the number of exam text).

c. Encryption Process
The process of encrypting text characters the exam is done based on equation (1) so that the cipher is obtained as follows: Exam Question (plain): Kepanjangan KSA adalah :.... Ciphertext of the exam that resulted from both of this process is ò and This process will be done until the entire text character of the exam is encoded.

LONTAR KOMPUTER
The result of the whole process of encoding the text of exam is shown in table 6.
Table 6.The Text of Record Database that Resulted from Encryption Process Based on table 6 above, it appears that stored in the database is a text record that has been encoded so that anyone who gets this record cannot easily understand the original meaning of the question.

Decryption Process of CBT Exam Database
The process of decrypting the text of a database record of an encrypted test is done in the same way as in the encryption process.Beginning with the KSA process, then the PRGA process and the last is the process of decryption.Decryption is performed based on the formulation in equation ( 2), which perform the XOR operation between the binary elements with a binary cipher each generated key to the process resulting PRGA to the original text of the record exam.The decryption process is done automatically by the application exam already available on the client computer when accessing a matter examinees.The decryption process scheme is shown in Figure 3.If examinees legitimate access the exam, then the exam application will automatically generate the decryption key to the process of KSA and PRGA based on the initial key used in the encryption process.KSA and PRGA process in the decryption process carried out in the same manner as in the encryption process, because of this algorithm including the symmetric key algorithms (the same key).Keys are generated from the process PRGA (equal the number of records about the ciphertext) is used as a key in the decryption process.Decryption process performed by equation ( 2), which perform XOR process between the cipher key element to element test database records.

First Key= CRYPTEx
The key generated from the PRGA process is 185 109 ..... Biner of key is: If we assume, the decrypted cipher is ò then the decryption process is: The next step is to XOR binary ciphers with binary keys generated from KSA and PRGA processes based on equation ( 2), so: The same process will be done to decrypt other record characters, so get the record database exam that same as the original.The overall result of the decryption process is shown in table 7.According to the table 8 above, it appears that more and more about the encrypted text characters, so the more time it takes to generate the key.Based on the generated key, it appears that the repetition of the same character with a very little initial key character that occurs at intervals that are not adjacent letters.
The performance level of the key generation graph shown in figure 4 below.Based on table 9 above, it appears that the processing time required to perform both encryption and decryption is the same because the process is the same.Time measurement process performed in this research does not include the time required to access the exam by the participant (client) on online question bank server.Based on the measurement results obtained, it was concluded that the more the number of characters exam encrypted or decrypted, the more time the process takes.This has become one of the characteristics of the algorithms that work on the principle of stream cipher (encryption or decryption on an individual basis) include spritz this algorithm.

Conclusion
Based on the description of the results and discussion of this research, it was concluded that the text encoding database record exam computer-based algorithm based spritz can minimize the abuses of the exam by parties who are not responsible for cipher generated by this algorithm is able to obscure the meaning of the exam original, so the principle of confusion and diffusion can be realized.Performance algorithms spritz in a random key generation process are quite reliable but requires a long processing time both encryption and decryption.Simple operation in the process of encryption and decryption in spritz algorithm becomes one of the weaknesses of this algorithm of attack types such as know-plain attack or cipher-only attack.

Figure 3 .
Figure 3. Schema of Decryption Process

Figure 4 .
Figure 4. Key Generation Performance TestingBased on figure4above, it appears that the more the number of text characters exam questions are encrypted, the higher the time needed in the key generation process, but the character is getting randomly generated key.b.Computing Performance of Encryption and Decryption ProcessPerformance computing process of encryption and decryption based on spritz algorithm in this research, conducted by measuring the time of encryption process and decryption of five database record about an exam.The measurement results are shown in table9below.

Table 1 .
Table of Record Database CBT Exam

Table 2 .
Initial The text colored red is the index of the array S.Based on table 2 above, it appears that the value of N is 256, since the number of arrays generated is 256 integer values.The next step is to permutate the initial array S values (table 2 values) based on pseudocode KSA.

Table 3 .
Value of Array S at Iteration 0 (i = 0)

Table 4 .
Value of Array S Tabel in Iteration 1 (i = 1)

Table 5 .
The Result of Key Scheduling Algorithm (KSA) Process

Table 7 .
Record of Database Exam After Decrypted Based on the tests performed, the key characters generated by the spritz algorithm are very random, since the keys generated for the encryption and decryption process are no longer the same as the initial key characters but will generate new key characters equal to the number text character test record.But the process of generation of key characters that many would take a long time.This is one of the weaknesses of this algorithm.This occurs because of the number of key characters that are raised to be equal to the number of text characters exam.

Table 9 .
Testing Time of Encryption and Decryption Process