Access Control and File Distribution Management for Electronic Diploma and Transcript using Ethereum Smart Contract and InterPlanetary File System

This reserach build access control and file distribution management system for electronic diploma and transcript using ethereum smart contract and InterPlanetary File System (IPFS). The falsification of diplomas/transcripts is one of the problems in education. In Indonesia, falsification of diplomas/transcripts is a form of criminal act of falsifying letters. In addition, diplomas/transcripts that have not been digitalized make them easily damaged, lost, and difficult to manage. Therefore, this research developed digital diploma/transcript as digital twin from the hardcopy of diploma/tramscript. This research used IPFS to store data in a distributed system and Smart Contracts Blockchain to store and protect the digital diploma/transcript. The system also comes with access control to create and give approval for diplomas or transcripts to be published and saved into the system. Access control settings will be saved using the blockchain. This research using Quality of Service test method for measure throughput, packet loss, and delay. Beside that, tis research also analysis the usage of Central Processing Unit and Random Access Memory from the system. Based on the test that has been done, the fake diploma/transcript detection system can be run properly by using 1 node to 5 nodes. The best throughput value during the process of making and validating the diploma/transcript is to use 1 node. The value of packet loss in the process of making and validating the certificate/transcript has a very good category. The value of delay in the process of making and validating the diploma/transcript has a very good category.


Introduction
Diploma is a license which given as a sign of completion of study.In addition to a diploma, after finishing studying students also receive a transcript containing the grades of learning for all of semester (Nord et al. 2011).Diplomas / transcripts that have been given to students have many problems.One of them is the falsification of diplomas/transcripts. Counterfeiting of diplomas/transcripts causes losses to educational institutions and businesses.Educational institutions have lost their legitimacy and reputation due to falsification of diplomas/transcripts. Companies that run businesses are harmed by accepting employees with fake diplomas (Ezell 2019).
There are a lot of counterfeiting of diplomas/transcripts in Indonesia.In 2018, There were 873 certificates produced by private universities in Tangerang.However, only 145 students graduated, so there were 728 fake diplomas issued (Tirto 2018).In addressing these problems, the Higher Education Service Institute or LL Dikti initiated the National Diploma Numbering or PIN policy in 2017.Another solution implemented by LL Dikti is the Online Certificate Verification System or SIVIL which is integrated with the online Higher Education Database or PD Dikti.SIVIL is an application that is used to verify the diploma number that has ever been issued and verify the validity and ratification of the national diploma number (Muliyani et al. 2021).Unfortunately, the system built still uses centralized storage so it is vulnerable to hack which can be changing, damaging, and losing the data (Gimenez-Aguilar et al. 2021).In addition, the use of diplomas and printed transcripts also has weaknesses such as damage and loss of documents (Finandhita and Afrianto 2018).The diploma and transcript should store and save in digital environment for anticipate damage and loss of documents (Al-Bahri et al. 2020).
Based on the problem above, there are some research questions that will address in this research.First, how to manage multi digital files from diploma and transcript from the university students.Second, how to manage access control from multi digital files from the diploma and transcript.Third, how to manage legalization rule for creating and issuing digital diploma and transcript in Indonesian university environment.After defining the research questions above, this research will discuss the analysis and implementation of a fake diploma and transcript detection system using IPFS and blockchain smart contracts.The research also uses access control to protect diploma/transcript digital from unauthorized and unauthenticated user.
The IPFS and blockchain is choose because many research used this technology for manage digital document (Chen et al. 2017).IPFS and blockchain technology also used to manage access control from distributed digitak files (Chen et al. 2017).IPFS is a distributed file system that uses Peer to Peer (P2P) system to replace HTTP (Hypertext Transfer Protocol) (Chen et al. 2017).IPFS enables a distributed file system to work by making all connected nodes share or use the same file system.IPFS will split the stored files into blocks and then distribute them to nodes that connected to IPFS (Sun et al. 2020).Moreover, this research also uses Blockchain and integrated Smart Contracts.Blockchain security is guaranteed by asymmetric cryptography and cannot be tampered with or faked (Christidis and Devetsikiotis 2016).Based on the advantages and decentralized infrastructure, Blockchain technology is used to issues related to trust, efficiency, privacy, and data sharing.A smart Contract is the embodiment of a contract or agreement in cyberspace (Wang et al. 2018).This contract is in the form of a code that can be created if all the conditions for making the contract have been fulfilled (Vacca et al. 2020).The advantage of this system is peer-to-peer transactions and databases can be managed safely and reliably (Masud and Kiringa 2011).
In the digital diploma and transcript system, access control is an important aspect that must be maintained.Recipients, makers, and those who legalize digital diplomas/transcripts must also be protected (Al-Bahri et al. 2020).Access control is used to keep files from being accessed and misused by unauthorized persons (Samarati and di Vimercati 2001).In this study an access control system will be created by utilizing blockchain.Access control systems in distributed systems provide its own challenges for its implementation (Wang et al. 2018).Blockchain is a suitable system to support the implementation of authentication and authorization in distributed systems (Qin et al. 2021).
In this research, the IPFS and blockchain technology will implement in digital diploma and transcript.The study case using rule and environment in Indonesian University.The management system also includes issuing and legalizing the digital diploma and transcript.This research will test the performance of Quality of Service (QoS) on the fake diploma/transcript detection system and analysis of the usage of the Central Processing Unit (CPU) and Random-Access Memory (RAM).QoS is a method for measuring the quality of the network that be used and for defining the characteristics of a service (Zeng et al. 2004).QoS analysis will produce the time needed in the process of sending data to the recipient (throughput), the length of time required in the delivery process (delay), and the number of packets lost in the transmission process (packet loss) (Wang and Crowcroft 1996).

Literature Review
Digital diplomas/transcripts have the advantage of being easier to manage and paperless.Digital diplomas/transcripts are still prone to be forged.This makes research in this area still open (Gresch et al. 2019).In research (Chaniago et al. 2021), explains that securing diplomas can take advantage of smart contracts that exist on the ethereum blockchain.Security is carried out by saving the hash of the diploma file and digital transcript into a smart contract.Based on research (Al'aziz et al. 2020), blockchain also helps the system to distribute data to make it more reliable and secure.Apart from storing the hashes into smart contracts, the files must also be stored in a distributed system.One technology that stores files in a distributed manner and can be connected to the blockchain is IPFS (Kumar et al. 2021).In research (Nizamuddin et al. 2019), IPFS and blockchain were created to store digital diploma files.The IPFS system is good for distributed file management.
To increase the security of the digital diploma/transcript system, an access control system will be used.Access control is the process by which a user is granted access and the right to view the system, or information available (Sandhu 1998).In research (Di Francesco Maesa et al. 2017), a blockchain-based access control system is able to maintain the authentication and authorization of a distributed system.Users must be authenticated and authorized when accessing a distributed system.This research uses Acl-PFS to handle access control list (Steichen et al. 2018).The diploma and digital transcript system that will be built must also be resistant to SQL Injection attacks.SQL injection attacks are very dangerous for web applications because they can damage data and make data stolen by unauthorized users (Fhadillah et al. 2020).Therefore, the system built in this study will implement rules of the Open Web Application Security Project (OWASP) in web application framework for prevent SQL injection attacks (Shar and Tan 2012).Based on research before, the research for combining blockchain and IPFS for digital file management, especially in digital diploma and transcript is still open.The access control system for managing, issuing, and legalizing the digital diploma and transcript using blockchain and IPFS is also still open to research and implement.
Therefore, this reserach build access control and file distribution management system for electronic diploma and transcript using ethereum smart contract and IPFS.The business process of this digital diploma/transcript system will use the existing standards in Indonesia namely Regulation of the Minister of Research, Technology and Higher Education of the Republic of Indonesia Number 59 year 2018.There are three research contribution on this research.First, creating system for management digital diploma and transcript using blockchain and IPFS.Second, this research also maintains access control from digital diploma and transcript using blockchain and IPFS.Third, this system proposes a new feature that is approval for the issuance of new diplomas and transcripts using blockchain smart contracts based on existing standards in Indonesia.

Methods
This research starts with doing literature review from some existing system and research in field of digital diploma and transcript, blockchain and IPFS.That's done in introduction and literature review section.After that, this research describes the design from the prototype system in section file distribution management system and access control system.Lastly, the implementation and testing from the design is in result and discussion section.

File Distribution Management System
The system is designed using 5 nodes.The use of the number of nodes is intended to prove a distributed system and its relation to the QoS of the system.The node containing the web DApp will be installed IPFS and will create an IPFS cluster.This node will be installed by Geth to create Blockchain.The other nodes will be installed with IPFS and join the cluster that has been created.The system does not use Metamask so the storage process is done automatically.The system architecture can see on Figure 1.

Figure 1. Architecture System
The flow of system can see on Figure 2. In the process of making a diploma/transcript, there are several steps: (1) the user fills the form on the web DApp and the web DApp will create a diploma/transcript file based on the data entered.(2) the diploma/transcript that has been made will be sent to the IPFS cluster and will be converted the file into blocks to be distributed to nodes in the cluster.(3) the hash of the file will be sent back to the web DApp.Furthermore (4) the web DApp will send the hash to the Blockchain cluster then the hash will be distributed to the nodes in the cluster.Finally (5) the web DApp will send the certificate / transcript file to the user for download.
In the diploma/transcript validation process, there are several steps: (1) the user uploads the diploma/transcript file to the web DApp then (2) the web DApp will send the file to the IPFS cluster to be converted into a hash.(3) the hash will be sent back to the web DApp.(4) the web DApp will send a hash to be validated by the Blockchain cluster.Then (5) the results of the validation will be sent back to the web DApp and (5) the results will be displayed to the user.

Access Control System
The system has five roles, including creator, head of study program, dean, vice rector, and rector.Setting permissions will use the Blockchain as its database.The actor list can see on Table 1.The process of access control for all user can see on Figure 3. Applications for digital diplomas and transcripts are called DApps.The system will always be connected to the blockchain to verify the authentication and authorization of all actors/users who will access the system.

Figure 3. Access Control System
After the user login through the application, it will be verified via the blockchain.Credentials and user access will be checked in the blockchain.After that the response will be sent by the blockchain through to the application.If the credentials are wrong then the user cannot access, but if it is true the user will be able to access.

Results & Discussions
This research implemented using web-based application.The programming language that used for building the system is NodeJS.The blockchain in this system used Ethereum blockchain model.The programming language for create smart contract model in Ethereum blockchain using solidity programming language.The specification for server that used for virtualization is Server Dell R440

Application for detecting fake diploma/transcript
The application developed by the researcher is an application for making and checking fake diplomas/transcripts using IPFS and Smart Contract Blockchain.The dashboard of the application can be seen in Figure 4.

Figure 4. Dashboard of the application
The application consists of some features which make a diploma/transcript and validation a diploma/transcript.In making a diploma/transcript, the user is required to fill in the data on the form as shown in Figure 5.

Figure 5. Form for making diploma/transcript
The diploma/transcript that has been created will be stored in IPFS and the hash will be stored on the Blockchain.Users can download the diploma/transcript file through the "File List" menu as shown in Figure 6.

Figure 6. File list menu
The next menu is validating diplomas/transcripts.In this menu, the user can enter the diploma/transcript to check for authenticity.The menu for checking fake diplomas/transcripts can be seen in Figure 7.If the diploma/transcript file is declared genuine, the system will display the hash of the diploma/transcript file as shown in Figure 8.

Access control on the system
The application was developed by researchers using Smart Contract Blockchain as a database to store data along with the role of each account.The creator page can be seen in Figure 5, this role has access to create diplomas and transcripts stored on IPFS and the hashes will be stored on the Blockchain.The other four roles have pages as shown in Figure 9.The page contains a list of diplomas and transcripts that need to be approved by each role.Approval is given sequentially from the head of the study program, the dean, the vice rector, and finally by the rector.

QoS Analysis with Parameter Throughput
Throughput is the actual bandwidth which obtained when carrying out the data transmission process.Based on the test, the throughput obtained during the process of making diplomas/transcripts is shown in Figure 10.

Figure 10. Throughput of making diploma/transcript
Based on Figure 10, the throughput on a system that uses 1 node is 10,098.5Bps.Throughput on a system that uses 2 nodes is 9,462.3Bps.Throughput on a system that uses 3 nodes 8,937.1.Throughput on a system that uses 4 nodes is 8670.6Bps and Throughput on a system that uses 5 nodes is 8,507 Bps.QoS testing is also carried out using throughput parameters in the diploma/transcript validation process.The results of QoS at the time of diploma validation can be seen in Figure 11.
Based on Figure 11, the QoS in the diploma/transcript validation test using 1 node is 1,063,100 Bps.The throughput of QoS testing using 2 nodes is 882,700 Bps.The throughput of QoS testing using 3 nodes is 878,500 Bps.Throughput using 4 nodes is 871,100 Bps and throughput using 5 nodes is 989,700 Bps.

QoS Analysis with Parameter Delay
Delay is the time takes to send data from the transmitter to the receiver.According to Telecommunications and Internet Protocol Harmonization Over Network (TIPHON), delay can be categorized as in Table 2. Based on the tests that have been done, there is a delay in the process of making the diploma/transcript in Figure 12.

Figure 12. Delay of making diploma/transcript
Based on Figure 12, the delay in testing 1 node is 4.84 ms.Delay on testing 2 nodes 4.96 ms.Delay on testing 3 nodes 5.57 ms.The delay on the 4-node test is 6.81 ms and the delay on the 5 node test is 6.61 ms.The delay value for each number of nodes is classified as very good.The delay in the diploma/transcript validation process can be seen in Figure 13.

CPU Usage Analysis
CPU usage analysis aims to determine the allocation of CPU to carry out the process of making diplomas/transcripts and validation processes of diplomas/transcripts.The results of the analysis of CPU usage in the process of making diplomas/transcripts can be seen in Figure 14.

Figure 14. CPU usage of making diploma/transcript
Figure 14 shows a graph of CPU usage of making diplomas/transcripts in percent (%).On testing with 1 node, CPU usage reached 100%.The test uses 2 nodes, the CPU on the first node reaches 100% and the CPU on the second node reaches 43.07%.The test uses 3 nodes, CPU usage on the first node reaches 100%, the second node reaches 38.21% and the third node reaches 32.92%.In testing with 4 nodes, CPU usage at the first node reached 100%, the second node reached 52.54%, the third node reached 51.2% and the fourth node reached 51.2%.The test uses 5 nodes, CPU usage at the first node reaches 100%, the second node is 64.15%, the third node is 60.26%, the fourth node is 58.84% and the fifth node is 60.41%.
Figure 15 shows a graph of the CPU usage of the diploma/transcript validation process in percent (%).
In testing with 1 node, CPU usage reaches 100%.The test uses 2 nodes, the CPU on the first node reaches 100% and the CPU on the second node reaches 19.76%.The test uses 3 nodes, CPU usage on the first node reaches 100%, the second node reaches 14.37% and the third node reaches 12.39%.In testing with 4 nodes, CPU usage at the first node reached 100%, the second node reached 12.98%, the third node reached 11.93% and the fourth node reached 11.61%.Testing using 5 nodes, CPU usage on the first node reaches 100%, the second node is 15.42%, the third node is 16.06%, the fourth node is 13.86% and the fifth node is 13.28%.

Memory Usage Analysis
The analysis of memory usage aims to determine the allocation of memory to carry out the process of making diplomas/transcripts and validation processes of diplomas/transcripts.The results of the analysis of memory used in the process of making diplomas/transcripts can be seen in Figure 16.

Figure 16. The memory usage of making the diploma/transcript
Figure 16 shows a graph of the memory usage of making the diploma/transcript in percent (%).In testing with 1 node, memory usage reached 63.7%.The test uses 2 nodes, the memory in the first node reaches 68.09% and the memory at the second node reaches 25.32%.The test uses 3 nodes, memory usage at the first node reaches 67.16%, the second node reaches 25.41% and the third node reaches 23.3%.In testing with 4 nodes, memory usage at the first node reached 66.07%, the second node reached 25.2%, the third node reached 23.44% and the fourth node reached 23.44%.Testing using 5 nodes, memory usage at the first node reached 65.4%, the second node 25.07%, the third node 23.42, the fourth node 23.4%, and the fifth node 23.67%.Memory usage analysis is also carried out during the diploma/transcript validation process as shown in Figure 17.

Conclusion
Access controls are used to restrict some activities that can only be performed by certain positions such as creating or approving diplomas and transcripts.The diploma and transcript detection system are a system that use to create diplomas/transcripts and test the authenticity using Blockchain smart contracts and IPFS.IPFS is used to store diploma/transcript files in a distributed system.Using this distributed method can prevent SQL injection attacks from occurring on centralized storage.In this study, QoS analysis was also carried out of making diplomas/transcripts and the validation process for diplomas/transcripts.The QoS parameters used in this test are throughput, packet loss, and delay.Based on the experiments that have been done, the best throughput during the process of making diplomas/transcripts uses 1 node, which is 10,098.5Bps.The best throughput of diploma/transcript validation uses 1 node, which is 1,063,100 Bps.Packet loss in the process of making diplomas/transcripts and validation of diplomas/transcripts is in the very good category.The delay in the process of making diplomas/transcripts and validation of diplomas/transcripts has a very good category.Based on the analysis of memory and CPU usage, this system can run either using 1 node up to 5 nodes.The limitation of this study is conducted using virtual devices and the number of nodes is still limited.Therefore, for further research development, physical devices can be used, and the number of nodes can be increased so the CPU and memory usage can be analyzed more accurately.

Figure 9 .
Figure 9. Pages of Study Program Chairmen, Deans, Vice Rectors, and Rectors

Figure 13 .
Figure 13.Packet loss of validating diploma/transcriptBased on Figure13, the delay in testing 1 node is 0.111 ms.Delay on testing 2 nodes 0.135 ms.Delay on testing 3 nodes 0.134 ms.The delay in the 4 node test is 0.135 ms and the delay in the 5 node test is 0.107 ms.The delay value for each number of nodes is in the very good category.

Figure 17 .
Figure 17.The memory usage of validating the diploma/transcriptFigure17shows a graph of the memory usage of the diploma/transcript validation process in percent (%).In testing with 1 node, memory usage reached 30.2%.The test uses 2 nodes, the memory at the first node reaches 35.34% and the memory at the second node reaches 30.7%.The test uses 3 nodes, memory usage at the first node reaches 35.61%, the second node reaches 31.02% and the third node reaches 32.26%.In testing with 4 nodes, memory usage for the first node reached 35.39%, the second node reached 31.08%, the third node reached 32.4% and the fourth node reached 32.13%.Testing using 5 nodes, memory usage at the first node reached 35.42%, the second node 31.41%, the third node 32.72%, the fourth node 32.75%, and the fifth node 27.27%.

Table 2 . Category Delay
In testing with 1 node, memory usage reached 30.2%.The test uses 2 nodes, the memory at the first node reaches 35.34% and the memory at the second node reaches 30.7%.The test uses 3 nodes, memory usage at the first node reaches 35.61%, the second node reaches 31.02% and the third node reaches 32.26%.In testing with 4 nodes, memory usage for the first node reached 35.39%, the second node reached 31.08%, the third node reached 32.4% and the fourth node reached 32.13%.Testing using 5 nodes, memory usage at the first node reached 35.42%, the second node 31.41%, the third node 32.72%, the fourth node 32.75%, and the fifth node 27.27%.