Data Security for School Service Top-Up Transactions Based on AES Combination Blockchain Technology Modification

The application of Blockchain technology has begun to be widely accommodated in industrial and business practitioner environments as a safeguard of transaction security so that now including the education sector, non-business institutions enjoy the use of this technology to support the learning process. Information on the protected Blockchain can be in the form of transactions, assets, identities, and other information packaged in digital form. Information is collected in the form of blocks that are interrelated by using the hash function as cryptographic encryption. This research uses Blockchain for online pocket money top-up transactions for students. The use of a centralized Blockchain is centralized to reduce server procurement costs, but to increase the security of transaction information, modification of each block series is carried out using the AES cryptographic approach. The results showed that the attack by inserting a Cross-Site Scripting (XSS) script if you want to know the value of the top-up transaction amount, you must be able to hack the cryptographic process. This is supported by chain validation testing to determine how many block changes have been changed.


Introduction
Blockchain is a technology that involves third parties in the process of exchanging information. Information on the Blockchain can be in the form of data entry in transactions form, assets, identities, and other information that is packaged in digital form [1]. The form of blockchain information is easy to find, tends to be transparent and permanent, allowing users to monitor the history of information that occurs [2] [3]. Blockchain technology is an alternative with a centralized technology architecture to support the disruption era. Conceptually, Blockchain is a technology with a distributed database that is stored and then shared with authorized users [3] [4]. This concept is to replace the role of third parties such as financial institutions or other institutions, but on the literal side, Blockchain technology is considered as a collection of interrelated blocks of information by utilizing the hash function as encryption in the field of cryptography [5] [6].
Cryptography has become a science that has been widely used to maintain information security with mathematical calculation techniques [7] [8]. This technique can convert plaintext using keys into random messages or ciphertext. There are several algorithms for data security, one of which is the Advanced Encryption Standard (AES), which is known as the standard crypto algorithm Data Encryption Standard (DES) [9] [10]. AES is known to be resistant to differential attacks, namely conventional cryptographic cracking.
Blockchain is not a new technology this is involving old combinations with renewable means. For example, the relationship involving 3 (three) technologies such as the internet, cryptography, and protocols from software, to produce strong security but still be able to interact or transact digitally. The relationship between Blockchain technology and cryptography where the cryptography use keys as an authentication tool in terms of ownership of an authorized person. So that maintaining the confidentiality and content of the transaction prevents hacking. Besides, the cryptographic process is required to maintain the validity of broadcasting the contents of transaction information correctly, reducing failure and the risk of fraud to remain on the Blockchain protocol path.
The application of Blockchain technology has begun to be widely accommodated in industrial and business practitioners' environments as a safeguard of transaction security so that now including the education sector as non-business institutions enjoy the use of this technology to support the learning process. In the school system in Indonesia, there are several learning contracts for students that are required to pay for school needs, such as school fees that are billed periodically every month, an obligation to save, and other transactions. Financial transactions are charged to students as the support for the sustainability of the school so that it requires the use of the internet in its digital interactions. The importance of recording risky financial transactions with costly data theft needs to present Blockchain technology as a solution. Not only that, Blockchain can reduce the involvement of many parties in online transactions because it allows building your network, thus reducing costs both administratively and operationally.
Research with Blockchain in an educational environment is used to protect many useful assets such as digital document management, such as in Nugraha's research [11]. However, the research to be carried out involves financial transactions that occur in the school environment, namely with the online top-up pocket case studies. Putra's research combines Blockchain with RSA cryptography for data security on the network, the use of the RSA method affects the number of keys, and its implementation cannot be directly applied to several devices [12]. In this research, it is implemented on mobile android, and Blockchain technology will be applied with AES, which does not affect the size of the key. In the world of education, Blockchain technology is usually in the form of block certificates, book copyrights, and e-portfolios to avoid file forgery [13], as in Winarno's research using it for case studies of e-transcript publishing. Each application of Blockchain technology makes the attacker has to challenge the system for the formation of a longer blockchain, including for e-transcript cases. So this study will modify each series of blocks by utilizing the AES cryptographic approach to better maintain the integrity of stored messages, but applied to financial transactions that occur in the school environment. Another study conducted by Perdana [14] states that if financial technology needs to be protected from cybercrime, users still have easy access to financial transactions by increasing financial literacy. If FinTech involves many servers, it requires vendor consolidation and requires a high level of system security. Then the proposed research will implement a centralized blockchain and efforts to increase its security with cryptographic techniques for each block of transactions.
Research by Benchoufi [15] has explored the core function of Blockchain as applied to clinical trials and the context of approval for trial protocols. The results of this study can help to check the integrity of clinical trials transparently, but if a core metadata set is defined. The proposed research will be directed to use structured metadata, namely transaction data that occurs in the school environment, namely cases of online pocket money top-up transactions that are entered as student savings data. Other studies have summarized the use of Blockchain technology in several cases, namely for cryptocurrencies, smart contracts, smart cities, and this research proves that Blockchain technology has penetrated all areas of life [16]. So the research focuses on the educational environment in schools and implements case studies of financial transactions.
Blockchain in the research of Wright and Filippi [17] proves that if this approach makes it easy for users to access an automatic transaction system and an innovative governance model based on transparency, then this research will design its implementation until the assault testing scenario and validation results are planned. Blockchain-based platforms provide solutions for distributed data governance and participatory access control in the health sector, which aims to improve Information Technology in the health sector [18], the health sector which aims to improve Information Technology in health sector [18], Shabani's research is not yet in the implementation stage. So that researchers will implement it in the field of education. Another study in the health sector revealed that Blockchain is good at structuring data types in a decentralized manner, which facilitates more transparent interactions [15]. However, the use of decentralization will cost money to procure a lot of servers. The research conducted utilizes centralization with a centralized server for financial transactions to be recorded in a transparent, centralized manner and can save costs.
The proposed method in the research uses a modified Advanced Encryption Standard (AES) cryptographic combination Blockchain technology for the protection of digital pocket money to up transactions in a school environment. The workings of AES are in each Blockchain resulting in higher security. The use of data in research uses structured data; namely, top-up transactions carried out by students; of course, this makes it easier to centralize a centralized server so that it remains recorded transparently and, of course, saves costs. To find out the resistance of the proposed algorithm modification, the test was carried out using the attack scenario with Cross-Site Scripting (XSS) and Chain Validation.

Figure 1. AES Combined Blockchain Technology Research Flowchart
The research uses Blockchain technology with AES cryptography to be utilized in the school environment, especially in pocket money top-up transactions, as shown in Figure 1. Architectural analysis of Blockchain and Cryptography with the AES method, then how the two works are combined in securing transactions. The test scenario will be carried out by injection attack with Cross-Site Scripting ( XSS) and test the validity of each block with Chain Validation.

Literature Review
The literature review by studying various sources in the form of descriptions of theory and findings obtained from books, similar research journals, scientific works, and other relevant sources. Especially the discussion regarding Blockchain technology and the performance of the AES cryptographic method.

Data Requirements Analysis
Researchers used a case study of top-up pocket money transactions in educational settings, especially schools. Pocket money top-up is a digital transaction made by students as savings, which later can be useful for paying school needs such as bills, cash withdrawals, as infaq, zakat, and other transactions. The transactions that will be used and secured for the validity of the transactions are illustrated in Table 1 with the following data: 158 especially in the data amount of the rupiah value top-up, the Blockchain process is carried out, and the AES cryptographic modification.  [20]. The description is a series of blockchain architectures with one block genesis at the beginning of block formation, then followed by a block header that is strung according to the previous hash. The Genesis Block is the first block in a series of blocks. In Figure 3, it is explained that the contents of the block are the headers and contents of the blocks contained in online transactions on the school system that occur, namely an explanation of the transaction identity in status, message, name. In the entry, the amount is the number of transactions made in rupiah. The nonce is a 4-byte field that starts at 0 and will increase as the hash value is calculated. The index becomes the data described in each block, and the timestamp becomes the universal time in the calculation of seconds. Parents Block hash a 256-bit hash value that points to the previous block.

Advanced Encryption Standard (AES) Cryptographic Performance Analysis
Advanced Encryption Standard (AES) is one of the modern cryptographic methods as a replacement for the 56-bit block Data Encryption Standard (DES) algorithm, which is considered unsafe [21] [22]. The selection criteria of this algorithm are based on the characteristics, safety, and cost if used and their implementation. This algorithm is a single key by using the same key  The description in FIgure 4. The encryption key is carried out by the AES process by previously receiving information, then processed with the selected bits. AES has assigned the bit lengths of the known keys AES-128, AES-192, and AES-256. Bit selection affects the key length, block size, and the number of rounds [24]. Plaintext or messages that will be processed in the cryptography process are XORed so that they produce meaningless messages. This study uses a 256-bit cryptographic key, with a key length of 8, block size 4, and the number of turns 14. a. Add Round Key is this stage to be an initial round, namely initializing the initial state by XOR the plaintext process with a ciphertext key. b. Round of Nr-1 times, with 256 bits, then as many as Nr-14. Where in the process of each round includes the SubBytes process by substituting bytes with S-boxes, ShiftRows shifting on each row array, Mix Columns method randomizing data in columns, and AddRoundKey XOR process between states that occur with its round key. c. Final round is the final round process using the SubBytes, ShiftRows, AddRoundKey methods.

Combination of Blockchain and Advanced Encryption Standard (AES) Cryptography
The modification in this study utilizes the Blockchain chain combined with the AES Cryptography method, shown in Figure 6.

Figure 6. AES Blockchain Modification
Explanation in Figure 6. The Blockchain in each block contains information from each student who makes top-up transactions and other transactions. Of course, the transaction is changed in the form of a hash, but in this study using the parameter amount ( top-up value in rupiah) to perform the cryptographic process with AES. Applies to each chain in the transaction because the amount is prone to attacks to avoid a difference in the value of both the initial transaction and the total.

Cross-Site Scripting (XSS)
Cross-Site Scripting is also known as an injection attack from Cross Scripting, where the attack inserts the attack command code script on a website [26]. The attacker will change the data by hijacking the session, attacking cookies to cause data consistency [27]. So that this research will utilize the XSS scenario in attacking transactions, then perform a validation test on the Blockchain.

Chain Validation
This test validates the chain on each Blockchain to detect changes in each block by verifying the hash associated with the previous and next block [28] [29]. Valid chains will produce true output that is true without any changes, and invalid chains will give false output indicating an attack from unauthorized parties. In checking the validation, the researcher utilizes a script from Proof of Work, which is a computational method commonly used for Blockchain technology [30].

Figure 7. Use Case School Transaction Diagram
Use Case diagram illustrates the relationship between the parties of students, both parents or guardians and the school and the school transaction system according to Figure 7. The interaction made by the students is a digital pocket money top-up transaction that can be used to pay school bills. Then the payment will be followed up by the school. This transaction requires protection.
b. Database Design Each student has a unique code in the form of VA, which is used in transactions according to Figure 9. If you are going to make a transaction, it will appear in Figure 10. The display on the student side is like Figure 10. The student who will do the top-up is provided with an open payment field and adjusts the nominal top-up that will be done.

Figure 11. Alur Kerja Transaksi Top
It is shown in Figure 11. In the design of the procedure for a top-up of pocket money transactions, the students do top up with the VA listed, then the system checks if the VA is valid, then it will continue to be able to enter the top-up nominal. In the transaction process that occurs, the Blockchain-AES approach process is carried out.
. . ], "difficulty": 1 } } Figure 12. API Response Top Up Figure 12. is the result of response API when successful conduct transactions top up money pocket. Status 00 in the source code in Fig. 8 indicates the success of the transaction, on behalf of "Dwi Damayanti," top up with a total transaction balance of 650,000 IDR. In the first chain, it is initiated with the Genesis Block, then the value in the "data" chain represents the amount or value of the top-up transaction that has undergone the AES cryptography process then continues to the next chain, which is connected to the previous hash before which is chained with the next hash. The implementation of this proposed method uses the PHP programming language CodeIgniter, which generates an API response.

a. Cross-Site Scripting (XSS) Attack
Scenario testing an attack on the system is using XSS is to deliberately insert a script that can change the data of transactions specific to the system when it is executed. The scenario for which the attack is performed on the 'amount' data. In this scenario, the attacker has succeeded in changing the security of his transaction data without knowing the actual amount because it is encrypted.  Table 2 shown the transaction data conducted by students on behalf of Dwi Damayanti, where the top-up of the transaction has been recorded in the database server according to the transaction date and according to the top-up value. The scenario (see table 3) was performed by the attacker, and the data was changed in the third transaction.  Table 3. is the attack scenario on transaction id 3, where the attacker changes the transaction to 300,000 IDR. The total amount was obtained to be 700,000 IDR because previously in the user database, under the name "Dwi Damayanti," 650,000 IDR were stored according to the actual data. The calculation is that on transaction ID 3, the actual data value ( according to table 2) is 250,000 IDR, then the attacker (see table 3) fills in the amount of 300,000 IDR, then the difference is 50,000 IDR. The difference is added to the total amount of the actual data. Then the attacker data will add the total amount to 700,000 IDR so that the amount of data affects the next chain.

b. Chain Validation
This test needs to be done to determine the successful performance of Blockchain technology modification with cryptography. Scenario testing on the system is using a chain validation that will correct the blocks one by one to match the previous hash of the block before. Chain valid will produce output true, and the chain is not valid will provide output false. The results of the p chain validation test are shown in Table 4. The performance of this cryptographic modification of Blockchain technology is working properly on this system. This evidenced in the success of the chain validation to detect whether there is the immutability data or not that shown on the valid column valuable true or false.

Conclusion
The performance of blockchain technology with a combination of AES cryptography can be applied to online transactions to top up pocket money in schools. The use of a centralized blockchain can save costs in using servers, but double security can be provided, namely by involving AES cryptography. The test scenario involves the insertion of the script with Cross-Site Scripting (XSS) attacks, and an attacker must first perform a cryptographic process to find out the actual top-up value of the transaction. In chain validation testing, it can be seen that chain has been attacked and the changes can be identified.