Treffer: One-Time Pad Cryptography for Secure Data Transmission in IoT Smart Door Using QR Code.

The increasing use of the Internet of Things (IoT) in security systems such as Smart Doors has created new challenges for data security, especially the risk of wiretapping through sniffing attacks. This research proposes applying the One-Time Pad (OTP) XOR algorithm as an Encryption method to protect QR Code-based data transmission in the Smart Door system. The implementation is carried out on three main communication paths: sending UUID from the server to the user's website, sending the results of QR Code scanning from ESP32-CAM to the server, and sending instructions from the server to the ESP32 device. The test results show that the resulting ciphertext is always different even though the plaintext is the same, with a 0% algorithm identification success rate by Cipher Identifier and a 100% resistance level to brute force XOR, based on testing using dCode.fr tools. In addition, the Encryption and Decryption processes are very fast, with an average Encryption time on the ESP32-CAM of 0.34 milliseconds and an average Decryption time on the ESP32 of 0.17 milliseconds. These results show that the OTP XOR algorithm is able to disguise data against basic cryptanalysis attacks and can be run on IoT devices that have limited resources. In the future, it is suggested to apply better key management methods such as pre-shared key (PSK), key rotation, or Key Derivation Function (KDF) to improve the security of key distribution in this symmetrical system. In addition, the security system can be improved through separating the OTP key transmission path using an approach such as Out-of-Band Key Exchange or asymmetric key wrapping with the RSA algorithm so that the key remains protected even if sniffing occurs. [ABSTRACT FROM AUTHOR]

Copyright of Jurnal Media Informasi Teknologi is the property of Jurnal Media Informasi Teknologi and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)