Printer Friendly

Application of RC4 Cryptography Method to Support XML Security on Digital Chain of Custody Data Storage.


XML is a standard for the representation of complex web and data information management [1]. Unlike other programming languages, XML does not have a standard tag, as well as everyone can freely create their own XML tag format independently. In today's world, there are several commonly used XML formats on the web: XML, XHTML, SVG, MathML, XSL, RDF, Atom and RSS [2].

Markup languages such as HTML which is designed for text documents. Along with the development of the digital media, the types of information stored also evolved. Music, Video, vector images, and various web services are some examples of frequently used formats on a web page. XML not only well defined but also it can be developed. There are several good points of XML compared to other programming languages.

a. XML is descriptive. XML does not require additional documents to interpret it.

b. XML can be read easily by human as well as computer system.

c. XML does not require any special applications. XML writing can be done using Notepad (Windows operating system) or TextEdit (Mac operating system).

d. XML can be opened by any operating system.

e. XML can be used as a data storage. This means no DBMS (Database Management System) is required for data management.

Chain of custody is the documentation of the digital evidence of the cases handled. Chain of custody becomes the most important part because it becomes part of the legality of the disclosure of the case faced when presented in court. The data contained in the chain of custody is confidential and should not be changed by unauthorized persons. One of the important data in the chain of custody is the Hash number of digital evidence. The Hash number is a unique code formed from a specific algorithm (SHA1 and MD5) of the tested digital evidence. If this hash number is changed, then the digital proof obtained is unacceptable, since there is a different hash number between the data from the chain of custody and the hash result of the application used to generate the hash value.

Therefore, it takes one particular encryption mechanism to make the data in the chain of custody stored in XML form become hard to read. This research is expected to produce a certain algorithm to encrypt the XML structure, so as to improve the security of the data chain of custody.

There are 2 parts in XML that need to be developed to improve XML security which are XML Signature and XML encryption [3], but this paper will explain about the encryption on XML structure. Encryption in this XML will generate certain XML characters that make it hardly to read.


The issue of data security in the chain of custody becomes one of the important study materials in the handling of digital evidence. The concepts and tools of digital chain of custody are currently focused on the discovery of digital evidence, but have not yet supported security in the chain of custody data storage [4]. There are at least 4 major problems in handling the chain of custody [5], namely:

a. Flexibility and capability of chain of custody documentation. This problem arises because of the increasing data generated by various new digital forensics tools.

b. Interoperability between digital evidence and the data chain of custody obtained from the analysis process.

c. Security of chain of custody documentation. This is a very important issue because digital evidence and chain of custody data can be duplicated to other computers.

d. Problems on how to represent a chain of custody data so that it can be understood by judges and other law enforcement officials who have no background in IT. In order to be understood by everyone, the chain of custody is divided into 2 aspects of information, ie information that has a direct link to the case using the 5W and 1 H formulas, as well as information related to the source, authenticity and process of obtaining the evidence.

Currently the research on chain of custody is still very limited, research and documents that have been published by organizations such as IOCE, SWGDE, DRWS are generally only written about general aspects of handling digital evidence [6]. However, these writings do not explain how its implementation can be used by government agencies and private companies engaged in digital forensics. In addition, the rapid development of digital technology, followed by the increasing variety of cybercrime cases, has become a necessity for increased capability in terms of new understanding and handling of digital evidence.


The use of XML in recent years has been increasing. XML is used in the web (web service). Furthermore, it uses to represent various content in a file. The data contained in the XML structure can be seen clearly, this further can be changed by unauthorized people. Therefore, it is required a special encryption to secure the data [7]. Encryption is the result of encoding of plain text. Science that studies about data security is called Cryptography [8]. The type of symmetric encryption becomes type encryption becomes the right solution because of this encryption only has 1 key (private key) that used to encrypt and decrypt [9]. Symmetric encryption has 2 type of encoding (cipher) [10]:

a. Stream cipher is the process of encryption and decryption which are done every bit.

b. Block chipper is the process of dividing plaintext into multiple blocks of the same size. Then the block is encrypted or decrypted. Once divided, the block is encrypted or decrypted.

One of the method of symmetric encryption is RC4. The RC4 encryption method has 4 processes [11] namely: S-Box initialization, Key to byte Array, s-Box Permutation and Pseudorandom.

RC4 uses 2 arrays of 256 lengths. This array contains the numbers 0 to 255, the next array contains permutations which are functions of keys of varying length[12]. The S-Box initialization is the first step used to initialize the first array S [0] to S [255]. Then the array is filled with numbers 0 through 255 like S [0] = 1 to S [255] = 255.

Initialization process S-Box (Array S)

for i = 0 to 255 S[i] = i

After that, another array (Array K) is created and it is initialized by dividing the array key by the length of the array key.

for i = 0 to 255 K[i] = Key[i mod length]

Next, the array in the S-Box is scrambled.

i = 0;j = 0 for i = o to 255 { j = (j + S[i] + K[i] mod 256 swap S[i] and S[j] }

The next step is creating a pseudorandom byte.

i = (i + 1) mod 256 j = (j + S[i]) mod 256 swap S[i] and S[j] t = (S[i] + S[j] mod 256 K = S[t]

After the pseudorandom byte process is complete, the next step is the XOR process (eXclusive OR). The XOR process is a boolean comparison process [13].

The use of XOR in the RC4 method is to compare plaintext binary numbers (unencrypted text) with pseudorandom bytes (binary). The result of XOR is called ciphertext or encrypted text. While decryption is the process to turn the ciphertext into plaintext.


This research through several systematic processes. It is intended that the problems encountered can be resolved and the results and the difficulties encountered during the ongoing research process can be analyzed. Figure 2 shows the flow of the research conducted.

4.1 Literature Review

Review literature is undertaken at the first step to collect information relevant to the topic or problem to be researched. Sources of information are obtained through books that have relevance to the issues to be studied, scientific journals and other sources of information that can be obtained through the internet. The information can also be obtained by attending scientific seminars that are often held by several universities.

4.2 Case Simulation

Stages of case simulation is a step to create a specific scenario that aims to create a fit between the needs with the system created. The case simulations are based on cases that have occurred, but the names of the characters and the scene are fictitious. The digital evidence used in this case simulation is 001 format. This format is a commonly used format of acquisition of digital evidence.

4.3 Implementation

This stage is an activity to creating XML encryption and decryption system based on the design that was created earlier. This is to ensure that the system works properly. At this stage, making the system using the Python programming language and Wing 101 as the compiler.

4.4 Encryption and Decryption of XML

The algorithm used to encrypt and decrypt XML structures is the RC4 algorithm. To use RC4 in the Python programming language, it takes a certain package or library. All the necessary packages and libraries can be downloaded for free through the Pypi-Python website.

4.5 Testing Encryption of XML

The encryption test is performed by uploading an encrypted XML file to a site that provides the RC4 file decryption feature. To encrypt and decrypt the RC4 algorithm, it takes a word called a key. This key is a string that is formed randomly by RC4 algorithm which is very difficult to guess even though using Brute Force Attack technique. This technique is used to hack passwords by trying all possible passwords in wordlist.

4.6 Results

The result of encryption testing of the system is the creation of secure encryption and decryption results. Encryption results can be categorized safe if other systems cannot open the encryption results and the encryption results are difficult to read without going through the decryption process of the system.


This encryption method was tested using Mac OS 10.11.6 El Capitan operating system. The system created to perform the process of encryption and decryption using the Python programming language version 2.7.13 which was released on December 6, 2016. Encrypted file storage is stored in xhtml format, as well as, it is easy viewing of XML structures before being encrypted.

The case used for this implementation is defamation. This case happened through instant messaging (SMS and Whatsapp). This case is simulated has happened in America with a suspect named Mike Kalashnikov. While the victim was named George Armand. Based on the case, it is obtained an electronic evidence in the form of mobile phones found at the scene.

Chain of custody is required in the disclosure of a cyber crime case because it contains a special procedure for documenting the disclosure flow of the case [14]. The information contained in the digital chain of custody contains 4 information on cases handled: case descriptions, description of electronic evidence obtained at the scene, description of digital evidence from the acquisition and description of the tools used in the acquisition process [15]. The data of digital chain of custody is inserted into the XML structure.

In the handling of digital evidence there is a very important information that is the hash value. Generally the hash values used are SHA1 and MD5. This value falls into the category of static data. This hash value can be checked using applications that are already available both online and offline The digital evidence is invalid, if there is a difference in the hash value after being tested with another application.

The information is stored into an XML structure in a file named cabinet_encrypt.xhtml in the warehouse directory. Figure 3 shows the XML structure of the chain of custody information.

5.1 Encryption Implementation

Encryption is performed using files with XHTML extension that stores chain of custody information from cybercrime case simulations. Figure 4 shows the encryption flow of the XML structure.

The encryption process is done by creating a variable that contains the XML structure. This variable will be encrypted by the system. Then, the user specifies the length of the S-Box array. In this simulation, the Array length is 8 bytes. After determining the length of the array, encryption is done by opening a file. This file has a function as a storage of encryption.

Source code of encryption

Tree ## variable that stores XML Structure obj1 ='01234567') chipertext = obj1.encrypt(tree) with open("warehouse/cabinet_encrypt.xhtml', 'r') as outFile: outFile.write(chipertext)

The first line is used to store the XML structure. This XML structure will be encrypted on the next process. The second line is the determination of the S-Box array length (8 bytes). After that, the system opens cabinet_encrypt.xhtml file in the warehouse directory, which is used to store the encryption results. The last line is used to perform the encryption process.

5.2 Decryption Implementation

Decryption is the process of converting a previously encrypted file into a readable (decode) XML structure. The decryption process aims to display data on certain elements, so that users can view the information that exists on each element through the system. This process also aims to change the values contained in certain elements. Figure 6 shows the decryption flow of the XML structure

First of all, the system opens an encrypted XHTML file. Once the file is opened, the system decrypts the data in the file. The results of decrypted data are stored in a string.

Next, the string is converted into an XML structure. This process aims to allow the system to read every element of the XML structure.

After that, the system will the system will display the existing data on certain elements.

Source code of decryption

objl ='01234567') with open("warehouse/cabinet_encrypt.xhtml', 'r') as outFile: chipertext = dec2 = obj1.decrypt(ciphertext) topRoot2 = ETZ.fromstring(dec2) print topRoot2 // show all XML structure

The first line is used for the determination of the S-Box array length (8 bytes). The second line is used to open the cabinet_encrypt.xhtml file in the warehouse directory used as the storage place for encryption. The encrypted file is read and the reading result is stored in a variable (line 3). After that, the result of the data reading process is decrypted by the system (row 4) using the number of arrays that have been specified in the first row. The last line is used to convert the decryption into an XML structure.

5.3 Manipulating Data

Manipulation of encrypted data, the process flow is almost the same as the process of data decryption. However, there are some additional processes after the encrypted data becomes the XML structure. Figure 7 shows the manipulating data flow process of the XML structure.

After the decryption process is complete, the system will process the data that is changing from certain elements. In this process, the system rearranges the XML structure. It aims to prevent errors when entering new data. After that, the system inserts all the changed data into a string to be encrypted.

Source code of manipulating data

// Decrypting Process obj1 ='01234567') with open("warehouse/cabinet_encrypt.xhtml', 'r') as outFile: chipertext = dec2 = obj1.decrypt(ciphertext) topRoot2 = ETZ.fromstring(dec2)

//Manipulating Data Process var = // it contains new data detail = topRoot2.find(".//case_name") detail.text = var xml_str = ETZ.tostring(topRoot2, encoding='UTF8', method='XML')

//Encrypting Data Process obj2 ='01234567') chipper_text2 = obj2.encrypt(xml_str) with open("warehouse/cabinet_encrypt.xhtml', 'r') as outFile2: outFile2.write(cipher_text2)

5.4 Testing of Encryption Results

Testing of encrypted results is done by uploading the file cabinet_encrypt.html on a website which is managed by AITIS business company from the Czech Republic. Table 1 shows the results of encryption testing of XML structures.

Based on the test results in table 2, it can be concluded that the encryption of XML structure in cabinet_encrypt.xhtml file is good and safe. This is because during testing using 5 different keys, the system used to decrypt the file, it cannot decrypt the XML structure in the file cabinet_encrypt.xhtml.


Based on the implementation to the test result analysis, it is concluded that RC4 encryption method can be used to encrypt XML structure. From the test results, RC4 encryption has been safe to use for securing information in digital chain of custody data. This is because encryption cannot be opened without knowing the key used to encrypt. RC4 encryption processes plaintext quickly if the characters on the plaintext are not long. However, if the plaintext is long, then RC4 encryption will take longer. In fact, the data in the Chain of Custody is possible to always increase according to the case being handled. It is expected that further research will be focused on RC4 performance in encrypting long plaintext.


[1] J. Tekli, "An Overview on XML Semantic Disambiguation Background, Applications, and Ongoing Challenges," Knowl. Data Eng., vol. 28, no. 6, pp. 1383-1407, 2016.

[2] L. Sikos, Web Standards: Mastering HTML5, CSS3, and XML. New York: Apress, 2011.

[3] K. Miyauchi, "XML Signature/Encryption the Basis of Web Services Security," J. Adv. Technol., vol. 2, no. 1, pp. 35-39, 2004.

[4] Y. Prayudi, "Problema dan Solusi Digital Chain Of Custody," Semin. Nas. Apl. Teknol. Inf., no. 2011, pp. 197-204, 2014.

[5] T. F. Gayed, H. Lounis, and M. Bari, "Cyber Forensics : Representing and (Im ) Proving the Chain of Custody Using the Semantic web," Cogn. 2012 Fourth Int. Conf. Adv. Cogn. Technol. Appl., pp. 19-23, 2012.

[6] J. Cosic and Z. Cosic, "Chain of Custody and Life Cycle of Digital Evidence," Comput. Technol. Appl., vol. 3, no. 2012, pp. 126-129, 2012.

[7] A. A. A. El-aziz and A. Kannan, "A Survey on XML Security," Int. Conf. Recent Trends Inf. Technol., pp. 638-642, 2013.

[8] F. N. Pabokory, I. F. Astuti, and A. H. Kridalaksana, "Implementasi Kriptografi Pengamanan Data pada Pesan Teks, Isi File Dokumen dan File Dokumen Menggunakan Algoritma Advanced Encryption," J. Inform. Mulawarman, vol. 10, no. 1, pp. 20-31, 2015.

[9] V. Sankar and G. Zayaraz, "Securing Confidential Data In XML Using Custom Level Encryption," Int. Conf. Comput. Power, Energy Inf. Commun., pp. 227-230, 2016.

[10] R. H. Zain, S. Kom, and M. Kom, "Perancangan Dan Implementasi Cryptography Dengan Metode Algoritma RC4 Pada Type File Document Menggunakan Bahasa Pemrograman Visual Basic 6. 0," J. Momentum, vol. 12, no. 1, pp. 71-81, 2012.

[11] I. Sumartono, A. Putera, U. Siahaan, and N. Mayasari, "An Overview of the RC4 Algorithm," J. Comput. Eng., vol. 18, no. 6, pp. 67-73, 2016.

[12] Y. Ariyanto, "Algoritma RC4 dalam Proteksi Transmisi dan Hasil Qeury untuk ORDBMS Postgresql," J. Inform., vol. 10, no. 1, pp. 53-59, 2009.

[13] L. Samir and S. Grouni, "A New Training Method For Solving The XOR Problem," 5th Int. Conf. Electr. Eng., pp. 29-32, 2017.

[14] Y. Prayudi and Azhari, "Digital Chain of Custody: State Of The Art," Int. J. Comput. Appl., vol. 114, no. 5, pp. 1-9, 2015.

[15] Y. Prayudi, A. Ashari, and T. K. Priyambodo, "Digital Evidence Cabinets : A Proposed Frameworks for Handling Digital Chain of Custody," Int. J. Comput. Appl., vol. 109, no. 9, pp. 30-36, 2014.

Krisna Widatama (1), Yudi Prayudi (2), Bambang Sugiantoro (3)

(1, 2) Department of Informatics Engineering, Universitas Islam Indonesia

(3) Department of Informatics Engineering, Sunan Kalijaga State Islamic University

(1), (2), (3)
Table 1. XOR Boolean

Boolean A  Boolean B  A XOR B

0          0          0
0          1          1
1          0          1
1          1          0

Table 2. Test of Results

No.  Key              Results
                Succeed  Failed

1.   01234567            [check]
2.   qwerty              [check]
3.   qWErTy              [check]
4.   qazwsxr             [check]
5.   poiuytlLo           [check]
COPYRIGHT 2018 The Society of Digital Information and Wireless Communications
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2018 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:rivest cipher version 4; extensible markup language
Author:Widatama, Krisna; Prayudi, Yudi; Sugiantoro, Bambang
Publication:International Journal of Cyber-Security and Digital Forensics
Article Type:Report
Date:Sep 1, 2018
Previous Article:Cloud Computing Service Level Agreement Issues and Challenges: A Bibliographic Review.
Next Article:Data Mining Classification Approaches for Malicious Executable File Detection.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters