ANALISIS KEAMANAN LALU LINTAS WEB PADA PERANGKAT IOT ESP8266 MENGGUNAKAN TEKNIK SNIFFING PAKET
DOI:
https://doi.org/10.54314/jssr.v8i4.5110Abstract
Abstract: Technological developments in recent years have increased quite rapidly, especially in the field of IoT (Internet of Things). With the increasing development of IoT, of course, in line with the increasing use of IoT devices in everyday life. With the increasing number of IoT devices, the issue of data security in IoT devices is certainly one of the important things that must be considered. In this study, a security analysis of web data traffic was conducted on the IoT NodeMCU esp8266 device. The experiment was conducted using two IoT devices acting as senders and receivers of data and one computer device as an attacker. In the analysis process, three scenarios were carried out: sending data without encryption, sending data with base64 encryption without a key, and finally sending data with XOR encryption with a key inserted in the header of the sent data packet. The tapping process was carried out using Wireshark software. From the results of the trials carried out, the entire data transfer process between the two IoT devices can be fully intercepted by Wireshark. Plaintext data (without encoding) tends to be easier to obtain information, while data with encryption without a key on base64 must be analyzed for its pattern to be able to be decrypted. And for encryption that requires a key in XOR, further analysis is carried out by looking for the key inserted in the header so that decryption can be carried out.
Â
Keywords: Internet Of Things (IOT); Wireshark; NodeMCU; Base64 Encoding, XORÂ Encoding.
Abstrak: Perkembangan teknologi dalam beberapa tahun terakhir meningkat dengan cukup pesat khususnya dalam bidang IOT (Internet Of Things). Dengan semakin meningkatnya perkembangan IOT tentu sejalan dengan meningkatnya penggunaan perangkat IOT dikehidupan sehari-hari. Dengan semakin banyaknya perangkat IOT yang ada tentu masalah keamanan data dalam perangkat IOT menjadi salah satu hal penting yang harus diperhatikan. Dalam penelitian ini dilakukan analisa keamanan lalu lintas data web pada perangkat IOT NodeMCU esp8266. Percobaan dilakukan dengan menggunakan 2 perangkt IOT yang bertindak sebagai pengirim dan penerima data dan satu perangkat komputer sebagai penyerang. Dalam proses analisa dilakukan tiga skenario yaitu pengiriman data tanpa enkripsi, pengiriman data dengan enkripsi base64 tanpa key, dan yang terakhir pengirimn data dengan enkripsi XOR dengan key disisipkan di header paket data yang dikirim. Proses penyadapan dilakukan dengan menggunakan perangkat lunak Wireshark. Dari hasil ujicoba yang dilakukan seluruh proses transfer data antara kedua perangkat IOT dapat disadap sepenuhnya oleh Wireshark. Data plaintext (tanpa encoding) cenderung lebih mudah didapatkan informasinya, sementara data dengan enkripsi tanpa key pada base64 harus dianalisa polanya untuk bisa dilakukan dekripsi. Dan untuk enkripsi yang membutuhkan key pada XOR dilakukan analisa lanjutan dengan mencari key yang disisipkan diheader agar bisa lakukan dekripsi.
Â
Kata kunci: Â Internet Of Things (IOT); Wireshark; NodeMCU; Base64 Encoding, XOR Encoding.
Downloads
References
G. H. Sandi and Y. Fatma, “PEMANFAATAN TEKNOLOGI INTERNET OF THINGS (IOT) PADA BIDANG PERTANIAN,†2023.
B. Harsanto, “INOVASI INTERNET OF THINGS PADA SEKTOR PERTANIAN: PENDEKATAN ANALISIS SCIENTOMETRICS Internet of Things Innovation in Agriculture Sector: A Scientometrics Analysis.â€
Anggy Giri Prawiyogi and Aang Solahudin Anwar, “Perkembangan Internet of Things (IoT) pada Sektor Energi : Sistematik Literatur Review,†Jurnal MENTARI: Manajemen, Pendidikan dan Teknologi Informasi, vol. 1, no. 2, pp. 187–197, Jan. 2023, doi: 10.34306/mentari.v1i2.254.
K. Wójcicki, M. Biegańska, B. Paliwoda, and J. Górna, “Internet of Things in Industry: Research Profiling, Application, Challenges and Opportunities—A Review,†Mar. 01, 2022, MDPI. doi: 10.3390/en15051806.
F. Nahdi and H. Dhika, “Analisis Dampak Internet of Things (IoT) Pada Perkembangan Teknologi di Masa Yang Akan Datang 33.â€
Arjun Pratikto Wahyu Hendrawan and Ni Putu Agustini, “Simulasi Kendali Dan Monitoring Daya Listrik Peralatan Rumah Tangga Berbasis ESP32,†ALINIER JURNAL, 2022.
M. F. Wicaksono and M. D. Rahmatya, “Implementasi Arduino dan ESP32 CAM untuk Smart Home,†Jurnal Teknologi dan Informasi, doi: 10.34010/jati.v10i1.
Danang Danang, Ekky Fredyan, and Iman Saufik Suasana, “Prototype Alat Keamanan Rumah Internet Of Things (Iot) Berbasis Nodemcu Esp8266 Dengan Esp32 Cam Dan Kombinasi Sensor Menggunakan Telegram,†UNITECH, 2022.
A. Bhattacharjya, “A HOLISTIC STUDY ON THE USE OF BLOCKCHAIN TECHNOLOGY IN CPS AND IOT ARCHITECTURES MAINTAINING THE CIA TRIAD IN DATA COMMUNICATION,†International Journal of Applied Mathematics and Computer Science, vol. 32, no. 3, pp. 403–413, Sep. 2022, doi: 10.34768/amcs-2022-0029.
A. Copyright @ Farkhan Nindyarayhan Dhanendra and I. Sujarwo, “Strategi Keamanan pada Sistem Bank Air Kami v2 menggunakan Trias CIA,†Journal Of Social Science Research, vol. 4, pp. 1048–1062, 2024.
A. H. Harahap, C. Difa Andani, A. Christie, D. Nurhaliza, and A. Fauzi, “Pentingnya Peranan CIA Triad Dalam Keamanan Informasi dan Data Untuk Pemangku Kepentingan atau Stakholderâ€.
M. S. Al Reshan, “IoT-based Application of Information Security Triad,†International Journal of Interactive Mobile Technologies, vol. 15, no. 24, pp. 61–76, 2021, doi: 10.3991/IJIM.V15I24.27333.
K. A. Yousif Yaseen, “Importance of Cybersecurity in The Higher Education Sector 2022,†Asian Journal of Computer Science and Technology, vol. 11, no. 2, pp. 20–24, Dec. 2022, doi: 10.51983/ajcst-2022.11.2.3448.
H. J. Jara Ochoa, R. Peña, Y. Ledo Mezquita, E. Gonzalez, and S. Camacho-Leon, “Comparative Analysis of Power Consumption between MQTT and HTTP Protocols in an IoT Platform Designed and Implemented for Remote Real-Time Monitoring of Long-Term Cold Chain Transport Operations,†Sensors, vol. 23, no. 10, May 2023, doi: 10.3390/s23104896.
S. Handaja, K. Dewi, and R. H. Triyanto, “Wireless Volume Corrector for Natural Gas Flow Metering Using ESP32 Microcontroller and Open-Source Web Server.†[Online]. Available: www.joiv.org/index.php/joiv
A. Komparatif Konsumsi Daya Baterai pada Perangkat IoT Menggunakan Protokol Komunikasi MQTT dan HTTP and R. Mirza, “Analisis Komparatif Konsumsi Daya Baterai pada Perangkat IoT Menggunakan Protokol Komunikasi MQTT dan HTTP,†vol. 02, no. 02, [Online]. Available: https://jurnal.komputasi.org/index.php/jst/article/view/35
W. Khalid, M. Jamil, A. A. Khan, and Q. Awais, “Open-Source Internet of Things-Based Supervisory Control and Data Acquisition System for Photovoltaic Monitoring and Control Using HTTP and TCP/IP Protocols,†Energies (Basel), vol. 17, no. 16, Aug. 2024, doi: 10.3390/en17164083.
K. T. M. Tran, A. X. Pham, N. P. Nguyen, and P. T. Dang, “Analysis and Performance Comparison of IoT Message Transfer Protocols Applying in Real Photovoltaic System,†International Journal of Networked and Distributed Computing, vol. 12, no. 1, pp. 131–143, Jun. 2024, doi: 10.1007/s44227-024-00021-4.
U. Brawijaya, I. Sentosa, H. Prasetio, and A. Pinandito, “Implementasi Kompresi Data Dengan Menggunakan Zlib Data Compression dan Encoding Base64 Pada Sistem Paratransit Trip Data Collection Berbasis Esp32,†2017. [Online]. Available: http://j-ptiik.ub.ac.id
D. Pradeka, Z. Khaerunnisa, S. Aqila Humaira, and A. Salsa Billa, “Digital Data Security Using a Combination of Base64 Encoding, Rail Fence Cipher, and GZIP Compression Pradeka et al., Digital Data Security Using a Combination of Base64 Encoding, Rail Fence Cipher … |52,†COELITE), vol. 4, no. 1, pp. 51–60, 2025, doi: 10.17509/coelite.v4i1.82498.
A. F. Cobantoro, M. B. Setyawan, and H. Oktavianto, “Rekayasa Aplikasi Eposal Menggunakan Algoritma Base64 Untuk Menyimpan Data Pengguna,†Jurnal Komtika (Komputasi dan Informatika), vol. 7, no. 1, pp. 31–38, May 2023, doi: 10.31603/komtika.v7i1.8711.
D. Protic and M. Stankovic, “XOR-Based Detector of Different Decisions on Anomalies in the Computer Network Traffic,†2023.
G. Golovko, A. Matiashenko, and N. Solopihin, “DATA ENCRYPTION USING XOR CIPHER,†СиÑтеми управліннÑ, навігації та зв’Ñзку. Збірник наукових праць, vol. 1, no. 63, pp. 81–83, Feb. 2021, doi: 10.26906/sunz.2021.1.081.
O. Thinnukool, T. Panityakul, and M. Bano, “Double encryption using trigonometric chaotic map and XOR of an image,†Computers, Materials and Continua, vol. 69, no. 3, pp. 3033–3046, 2021, doi: 10.32604/cmc.2021.019153.
“Vulnerability Analysis and Password Cracking Using Wireshark.†[Online]. Available: https://ieeexplore.ieee.org/document/8014711
N. A. L. Mabsali, H. Jassim, and J. Mani, “Effectiveness of Wireshark Tool for Detecting Attacks and Vulnerabilities in Network Traffic,†in Proceedings of the 1st International Conference on Innovation in Information Technology and Business (ICIITB 2022), Atlantis Press International BV, 2023, pp. 114–135. doi: 10.2991/978-94-6463-110-4_10.
T. Wu, F. Breitinger, and S. Niemann, “IoT network traffic analysis: Opportunities and challenges for forensic investigators?,†Forensic Science International: Digital Investigation, vol. 38, Oct. 2021, doi: 10.1016/j.fsidi.2021.301123.
S. K. Shandilya, C. Ganguli, I. Izonin, and P. A. K. Nagar, “Cyber attack evaluation dataset for deep packet inspection and analysis,†Data Brief, vol. 46, Feb. 2023, doi: 10.1016/j.dib.2022.108771.
A. Hussain, A. Hussain, S. Qadri, A. Razzaq, H. Nazir, and M. S. Ullah, “Enhancing LAN Security by Mitigating Credential Threats via HTTP Packet Analysis with Wiresharkâ€, doi: 10.56979/602/2024.
M. Syaffiq, A. Malek, and A. R. Amran, “A Study of Packet Sniffing as an Imperative Security Solution in Cybersecurity,†2021.
