Combination of Hybrid Cryptography In One Time Pad (OTP) Algorithm And Keyed-Hash Message Authentication Code (HMAC) In Securing The Whatsapp Communication Application

Whatsapp is a cross-platform messaging application that allows us to exchange messages without SMS fees, because WhatsApp uses the same internet data package for email, web browsing, and more. The WhatsApp application reportedly has improved the security system of applications that are end to end encryption (E2EE). This proves that the WhatsApp manager paid considerable attention to privacy and security issues for its users. In addition, it also implies an important matter where business actors have begun to realize that the application of cryptographic services is part of a very promising business strategy or even determines the present and future consequences. The consequence of implementing E2EE is the description encryption process that takes place at the application layer (OSI layer). Cryptography is a study that studies methods to send messages in secret (that is, encrypted or disguised) so that only the intended recipient of the message can decode and read the message. For this reason, cirptography is one method that can implement E2EE on whatsapp. One Time Pad (OTP) is a type of symmetry algorithm, each key is only used for one message. If the key is random (cannot be reproduced) and only used once, then the algorithm is perfectly safe. The MAC (Message Authentication Code) is an identifier to prove the authenticity of a document obtained by using meaningless messages obtained from processing some of the contents of the document using a private key .


INTRODUCTION
Whatsapp is a cross-platform messaging application that allows us to exchange messages without SMS fees, because WhatsApp uses the same internet data package for email, web browsing, and more. The WhatsApp application reportedly has improved the security system of applications that are end to end encryption (E2EE) [9]. This proves that the WhatsApp manager paid considerable attention to privacy and security issues for its users. In addition, it also implies an important matter where business actors have begun to realize that the application of cryptographic services is part of a business strategy that is very promising or even determines the present and future [4] [7].
The consequence of implementing E2EE is the description encryption process that takes place at the application layer (OSI layer). The only technique in computer science that is used to secure data is cryptography. Cryptography is a study that studies the method for sending messages in secret (that is, encrypted or disguised) so that only the intended recipient of the message can decode and read the message. For this reason, cryptography is one method that can implement E2EE on whatsapp.
Based on the type of key cryptographic algorithms are divided into two types, namely symmetry and asymmetry cryptographic algorithms. Symmetry cryptographic algorithm is an algorithm that uses the same key when doing the encryption and decryption process, while the asymmetric cryptographic algorithm is an algorithm that has two keys, namely private key and public key.
One Time Pad (OTP) is a type of symmetry algorithm, this algorithm was invented by Major Joseph Maugborne and Gilbert Vernam in 1917. Each key is only used for one message. If the key is random (cannot be reproduced) and only used once, then the algorithm is perfectly safe. But if the key is used for two or more messages, then security is no longer guaranteed [5].
MAC (Message Authentication Code) is an ID to prove the authenticity of a document that is obtained by using a meaningless message obtained from processing part of the contents of the document using a private key. Technically, (half) the document is processed using a private key to produce a MAC message, which is simpler than the contents of the document. This MAC message is then attached to the document and sent to the recipient. The recipient then uses the same key to obtain the MAC message from the document received and compare it with the MAC message received [8].
Siti Kholilah Pulungan, (2017) uses a combination of two One Time Pad (OTP) and Micali Goldwasser algorithms in the implementation of hybrid cryptography. His research aims to increase knowledge and references about how the One Time Pad algorithm works in securing text data and how the Micali-Goldwasser algorithm works in securing keys used to secure data [5].
Patra Abdala, Mohammad Andri Budiman, Herriyance, used the Vernam Chiper cryptographic algorithm and Data Encryption Standards (DES) on an Android-based chat application [1]. Jhon Daniel Situmorang, (2013) uses the Keyed-Hash Message Authentication Code (MAC) algorithm in chat-based text messages. Mechanisms that provide message integrity checks based on secret or private keys are also commonly known as Message Authentication Codes. Usually, Message Authentication Code is used when two parties share a secret or private key to authenticate messages that are transmitted between these parties [2]. In this paper the author tries to combine cryptographic one-time pad algorithm and message authentication code to optimize data security contained in whattsapp.

RESEARCH METHOD A. One Time Pad
One Time Pad (OTP) is one example of cryptographic methods with symmetric type algorithms. So that in this One Time Pad algorithm the key used for the encryption process can be reused as a key for the decryption process.
To generate a key on the One Time Pad algorithm is done randomly and the length of the number of one time pad keys must be the same as the length of the original text, so that there is no looping of keys during the encryption process. An algorithm is said to be safe, if there is no way to find the plaintext. Until now, only the One Time Pad (OTP) algorithm has been declared unbreakable [5].

Key Generating Process
Random number generator is needed for things like simulations in physics, mathematics, and also very important in cryptography. One method used as a random number generator is the Linear Congruential Generator (LCG) algorithm. Linear Congruential Generator (LCG) represents one of the oldest and most popular pseudo random number algorithms. This algorithm was created by D. H. Lehmer in 1951. The theory of this algorithm is easily understood and can be implemented quickly (Bilqis, 2012). LCG is defined by the following equation (1): where Xn = The nth random number of the series. Xn-1 = Previous random number. a = Multiplier factor. b = Increment. m = Modulus.
The key generator is X0 which is called bait.

Encryption Process
The encryption process is the process of changing plaintext into ciphertext by using a key with the aim of disguising or encoding plaintext so that unauthorized parties cannot find out the contents of the message. In the One Time Pad algorithm, the encryption process can be done with the following equation (2):

Decryption process
Decryption process is the process of returning a message in the form of ciphertext into a plaintext message with the aim that the recipient has the right to be able to read the contents of the original message. In the One Time Pad algorithm, the decryption process can be carried out with the following equation (3): Where: Ci = Ciphertext length. Pi = Plaintext length. Ki = Key length. N = Number of characters.

B. Keyed-Hash Message Authentication Code Algorithm
MAC is the message authentication code. Similar to hash. The hash may already be quite commonly used by web programmers to secure passwords. Hash that is usually used for example MD5. The difference is that MAC uses keys while hashes don't. The use of keys minimizes the possibility of a MAC being falsified. In general, MAC is a tool for the recipient to find out the sender of the message. Originally, MAC used DES with CBC operating mode (FIPS 81). But, MAC with encryption base was no longer developed. Used now is the Hashed Message Authentication Code (HMAC). In HMAC, the key is added to the message and then the hash value is taken. With HMAC we get integrity (data is not modified) and authentication (to prove who the sender really is). The HMAC can indicate who sent it, depending on the algorithm used.
With the above definition, the easiest way to create a MAC or HMAC is to connect our message with the key we have, then retrieve the hash value: K = key M = message H = hash function, for example MD5 or SHA1 The output of the hash function is also called the hash value (message hash). In the above equation, h is the hash value or message digest of the H function for input M. In other words, the hash function compresses any message of any size into a message digest whose size is always fixed (and is shorter than the original message length). The picture shows an example of 3 different length messages always hashed to produce a fixed length concise message (in this example a concise message is expressed in hexadecimal code that is 128 bits in length. One decimal hex character = 4 bits). Other names for hash functions are compression or contraction (compression function), fingerprint, cryptographic or cryptographic checks, checking message integrity or message integrity check (MIC), manipulation of code manipulation or manipulation detection code (MDC) [2]. In general, the HMAC algorithm can be explained by the equation below:

RESULTS AND DISCUSSION
In this paper, the author tries to combine cryptographic one time pad (OTP) algorithm and message authentication code (MAC) to optimize data security contained in whattsapp. In this paper, whatsApp security is designed by combining the OTP and MAC algorithms with the waterfall model. The waterfall model is shown in Figure 1.

35
The application of the one time pad method here is used to lock the message when chatting between the sender and recipient of the message. So that if the message is considered confidential, it is not easy to spread irresponsibly. Meanwhile, the application of the keyed-has message authentication code method here as a key generator for authentic confidential orders. This keyed-hash method is like the md5 hash process. Following is the implementation of the hybrid cryptographic combination application.