Synergistic Information Security Design Implementation based on Role-Based Access Control, Information Classification, and AES Cryptographic Encryption

: Security technology has undergone significant development and research in response to increasing cyber threats. The Intranet Document Management System (IDMS) was created to centralize documents within organizations, ensuring efficiency and streamlining processes. Given the critical nature of document management in organizational workflows, secure and safe management is paramount. This study aims to develop a secure IDMS using Advanced Encryption Standard (AES) encryption, Role-Based Access Control (RBAC), and an Information Classification Model. We also provide a comprehensive overview of the key characteristics and performance metrics of each access control model and cryptographic algorithm, facilitating decision-making for system design and implementation. The system offers high granularity, ease of administration through role assignments with document classification, high flexibility with customized permissions, and scalability with roles and classification. AES is chosen for its high security and fast performance, making it a widely used encryption standard.


INTRODUCTION
In this era of digitization, where digital data overwhelms organizations and individuals, there is a greater need than ever for effective, secure, and well-organized documentation.The IDMS, a crucial tool that revolutionizes how we create, save, access, and distribute information in new ways, ushers in a new era of effective document handling.According to (Imen & Belhassen, 2018), digital document management, or DMS, is a computer applicationbased method for measuring, managing, storing, and minimizing paper use.With the integration of the AES encryption method, IDMS is a sophisticated software solution created to centrally manage, secure, share, and arrange digital data.NIST held a competition 2000 to find a robust encryption/decryption method, and the AES algorithm emerged victorious.There are no known security weaknesses, and it will take years for computers to achieve the processing capacity required for brute-force attacks (Garcia, 2015).
Due to the vast volumes of information organizations generate and receive, including emails, reports, contracts, and more, the digital age has resulted in a data overload by the company.This volume may be too much to handle.These days, it is necessary to protect sensitive and confidential data.Unauthorized access, accidental disclosures, and data breaches can all have negative consequences.There needs to be more version control to make it easier for organizations to identify the most recent version of a document.Nevertheless, ensuring that only authorized personnel access specific information can be challenging while maintaining the ease of sharing with those who need it.Permission and access control are relevant here.Keeping track of who has viewed and read the papers you provide to end users is crucial.Achieving the ideal balance between security and accessibility is crucial.
Analytical applications are the core of the Big Data phenomenon, as they extract significant value in information and knowledge from the data acquired and archived with the techniques described above (Fugini & Finocchi, 2018).This result can be achieved through business intelligence or more exploratory techniques, defined as advanced analytics.However, Lee and Iio (2015) volunteered to work in several small-scale archives, and almost all the institutions need help introducing information systems to fulfill the needs of their clients and staff.The problem is that both staff and users need help with time-consuming procedures.It is reasonable to close the shelves to protect valuable information resources in a traditional way of storing documents.On the other hand, (Reddy & Gopu, 2017) developed an EDRM system that protects documents in a corporate environment using cryptographic primitives, RSA, and AES encryption.The EDRM also displays the decrypted contents in a secure Viewer, restricting the operations that can be performed on the content.However, (Abang et al., 2022) analyzed the DMS for private HEIs in the Philippines; there are some problems arising during the manual requisition of documents, such as (1) a Hard time accommodating a large number of requestors entering the school premises; (2) Misplaced request forms; (3) Hard time in checking the request documents if it is already in process or already for release; (4) Hard time to go to school for request process and claiming the documents and; (5) Misplaced claim stub and receipt.
An Intranet Document Management System (IDMS) with AES encryption, Role-Based Access Control (RBAC), and information classification is crucial to address the issues of data overload, protecting sensitive information, and the requirement for effective version control and access permissions.AES encryption shields sensitive papers from unwanted access and data breaches, guaranteeing they are encrypted before storage.RBAC allows businesses to set access rights according to employee responsibilities, guaranteeing that only persons with the proper authorization may access specific data.Furthermore, information classification makes it possible to group documents according to their level of sensitivity, which facilitates the use of suitable security measures and turns them into structured information.Moreover, through automated reports such as document trails and user actions, organizations may strike a balance between security and accessibility by including these three security measures in the IDMS.This will guarantee that confidential data is safeguarded while preserving effective internal sharing and collaboration.

REVIEW OF RELATED LITERATURE
The median cost of a single data breach in 2015 was $3.8 million, increasing 23% from the previous year.Many companies have transitioned to electronic methods of collecting, storing, and exchanging data to save costs, streamline operations, and reorganize internal divisions to deliver services more successfully and economically (Joseph, 2018).Furthermore, as network technology has advanced, malicious computer viruses and hacker attacks have become common.Password cracking is used in these attacks to steal user information, compromise databases, erase or modify data, and carry out other criminal tasks.Even worse, it could compromise the computer system's security, putting the online library at serious risk.Users' and licensees' interests are compromised, and they are at risk.Many users distribute digital libraries, limiting the uniformity of information security expertise (Hao, 2015).
However, encrypting documents at the file level can provide data security and protect data transfer or storage safety (Lin et al., 2021).Document security is ensured via encryption, done with a key or password.Only those with the correct decryption keys may view the encrypted documents.For example, in some exceptional cases, it is necessary to securely share the password with the recipient after sending the encrypted file.According to Raigoza and Jituri (2016), the previous ten years have mainly benefited the Advanced Encryption Standard (AES) industry standard.Formerly known as Rijndael, the AES completed a five-year standardization process.The National Standards and Technology Institute (NIST) selected it as the AES after competing with fifteen other designs.
According to Imen and Belhassen (2018), when information and data are stored on a drive or documents, they are essential for organizing company activities.However, the present business process languages and models do not clearly explain the link between data flow and access control.A recent development in business process management is the artifact-centric and data-aware approach.They aim to provide a comprehensive process flow and increase the usage of data-driven processes in BPM systems by utilizing modeling, data, or documentation.Moreover, according to a study by (Liu, 2021), colleges and other educational institutions must develop an electronic document organization system that keeps up with the expansion of big data.The current situation of electronic information documents in higher education institutions is concerning when looking at data.The main problems are a shortage of full-time employees, bad administration, and inattention.To effectively tackle these difficulties, leadership emphasis and resource integration are required to handle the platform issue, encourage using electronic documents in academic institutions, and address basic and complicated issues.
Despite the valuable insights provided by existing literature, several gaps and areas for further research have been identified.Firstly, while the median cost of a single data breach was highlighted in previous studies, there is a lack of recent data and analysis on the current trends and costs associated with data breaches.This gap presents an opportunity for future research to provide updated insights into the financial impacts of data breaches on organizations.Additionally, the transition of many companies to electronic methods for data collection, storage, and exchange has been noted.However, there is a need for further research to explore the specific challenges and benefits of this transition, particularly in terms of cost savings, operational efficiency, and organizational restructuring.Furthermore, while the literature acknowledges the prevalence of malicious computer viruses and hacker attacks, there is a gap in understanding the specific techniques used in these attacks, such as password cracking, and their potential impact on data security.Future research could delve deeper into these areas to enhance our understanding of cybersecurity threats and mitigation strategies.

Objective of the Study
This study aims to design and develop an Intranet Document Management System that centralizes the company's different types of documents and implements three information security measures: Role-Based Access Control (RBAC), Information Classification, and AES-128 document encryption.

Specific Objectives
1. Analyze the encryption and decryption process of the Advanced Encryption Standard (AES)-128 algorithm.2. Determine the document file size after encryption.3. Evaluate different access control models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC) based on Granularity, Ease of Administration, Flexibility, Scalability, Security, and Adaptability.4. Compare various cryptographic algorithms, such as AES, DES, 3DES, RSA, Blowfish, Twofish, and RC4, based on key size, block size, security, performance, and usage.

METHODOLOGY
As stated in the earlier section, the development of IDMS with the implementation of AES-128 encryption, RBAC, and Information Classification is the primary purpose of this study.However, some preparations were needed before getting started with this project.

Data Collection
At this point, data was collected by identifying different papers of the company that needed to be centralized.The author will be able to learn about document management systems, accessibility, and security systems from the early literature as the author gathers and examines reliable data from multiple sources in this first stage and assesses potential results for creating this system.

Requirement Specification
The Software Requirements Specification (SRS) serves as the basis of software development, exhibiting influence over all succeeding stages.Accordingly, a high-quality SRS may increase the likelihood of excellent software quality (Osman & Zaharin, 2018).At this point, the author determined the information needs and requirements for constructing the system, as well as the system goals and objectives of the stakeholders to be designed.When creating the DMS, the authors should adhere to ISO 27001's four (3) levels of information classification: restricted (accessible to most employees), internal (accessible to all employees), confidential (accessible only to senior management), and public (accessible to everyone).

System Analysis and Design
System analysis and design is a problem-solving technique that entails looking at a more extensive system, disassembling its component pieces, and figuring out how it functions to achieve a specific goal.At this point, the authors investigate the issues, pinpoint the goals and specifications, and then create the best solution to meet those demands.This may entail reviewing the procedure to satisfy end users' basic needs.The system's overall model design process, which includes inputs into the design process, process activities, and process outputs, is shown in Figure 1.The design process's activities are independent and interconnected, influencing earlier design choices.Knowledge of the platform is essential to the design process to prevent long-term procedures, as most software design process rework is unavoidable.

Architectural Design
Therefore, an architectural design decision results from a design process at the earliest stages of building or during the software system's evolution.The application domain of the system, the architectural styles and patterns employed in the system, the COTS components and other infrastructure options, as well as other elements required to satisfy the system, may all be taken into consideration when making architectural design decisions (Bosch & Jansen, 2005).Figure 2 illustrates the platform's layered architecture design and encompasses the system's overall structure, components, and interactions.It defines how the software components will be organized, how they will communicate, and how the system will be deployed and maintained.The presentation layer includes a web interface that provides users access to the platform through a web browser using a computer, tablet, or mobile device.The application layer contains the platform's business logic, user authentication, content management, and communication features.The business logic layer implements role-based access control (RBAC) to manage user permissions and access levels and uses AES-128 encryption to encrypt documents and prevent unauthorized access.The database layer stores and manages the platform's data, including user profiles, documents, and other content.Monitoring and logging functions monitor user activities within the platform and provide reports for the system administrator.Deployment involves

Database Design
The cornerstone of application system design is database architecture.A data flow diagram, data dictionary, or other appropriate tools should be used to define user requirements in the database design process precisely.According to Juxiang and Zhihong (2012), it involves removing redundant data and rewriting, deleting, and introducing anomalous material while adhering to standard form theory.The authors created the system's database structure using the data they had collected during the requirements definition and SAD stages.The Entity Relationship Diagram (ERD) depicted in Figure 3 thoroughly examines, comprehends, and produces the system's data structures.Moreover, the database architecture design was derived by examining the relationships between each attribute of the provided database.The ERD is a visual representation of the relationships between entities in the database.It helps design and model data structures and is critical to database design.The ERD consists of several key components: entities, attributes, a primary key, relationships, and a foreign key.

Interface Design
The User interface (UI) design is the asset that helps users interact with the product's interface for services.For example, the User Interface consists of visual design elements, including colors and typography (Sharma & Tiwari, 2021).The user interface is also used to look at the functionality of the screens or unconventional systems like voicebased processes.The author came up with the design of the system interface.The author initialized the interface design using Figma and developed it into a web-based platform using HTML, CSS, JavaScript, Bootstrap Framework, JQuery, and PHP Programming.

Component Selection and Design
Before designing a combination of components for an application, it is highly significant for practitioners to define the requirements of performance very clearly.The system components have a significant impact on the system's performance.The number of combinations could be considerably large, and practitioners could feel no place to start when facing such a large dataset (Cao et al., (2014).The author integrated an AES-128 encryption and decryption process using php implementation and role-based access control as a mechanism to grant access to the different documents displayed in the intranet and uses an information classification model to classify the documents by safeguarding the company's information.Email integration was added as a feature for users' password recovery.It utilized a web push library and notification API as a system notification for the newly added documents or information and new incoming messages between each type of user.

Use the Case Diagram of the Encryption and Decryption and the System Flowchart of the three Information Security
Figure 4 provides a behavioral or use case diagram representing user interactions and system interactions to achieve a specific goal.It visually depicts the encryption functional requirements of a system and shows the various use cases (functions or services) that the system performs in response to actors.The System admin will be responsible for uploading or adding a document, and the IDMS will respond to the user request by passing it to the Key Management to generate the AES Key.The AES will process the document's encryption, and after the encryption process, the document and its metadata should be stored in the database.Once the document is available to the specified users, the decryption process will occur before rendering it to the client.Figure 5 illustrates the workflow for accessing and decrypting documents within an information security implementation system.The process begins with the user authentication step, where users must authenticate themselves to gain access to the system, ensuring that only authorized users can proceed.
After successful authentication, the user's role is retrieved, determining their access level and permissions.The user then attempts to access documents within the system, with access control managed by Role-Based Access Control (RBAC) policies, ensuring that users can only access documents appropriate to their roles.
Once the user attempts to access the documents, the system classifies them into three categories: Confidential, Restricted, and Internal, each representing different levels of information sensitivity and security requirements.Regardless of the classification, all documents undergo AES-128 decryption, which decrypts the document using the Advanced Encryption Standard (AES) with a 128-bit key, ensuring secure access to the content.
Upon successful decryption, the document is available in its readable form, allowing the user to access the information.The process concludes with an end node, indicating the completion of the document access and decryption workflow.

Structural Features of AES Algorithm
AES takes a 128-bit data block as input and performs several transformations to generate output cipher text.Each 128-bit data block is processed in a 4-by-4 array of bytes called the state (Chen et al., 2019).The Round Key size can be 128, 192, or 256 bits (Kuai & Li, 2020).The number of rounds repeated in the AES, Nr, is defined by the key length, which is 10, 12, or 14 for key lengths of 128, 192, or 256 bits, respectively.
The AES algorithm encryption and decryption are shown in Figure 6.The number of rounds of transformations (Nr) is given by: The AES 128 bits secret key algorithm results in a total of 10 rounds, out of which from 1 to Nr rounds have four transformations AddRoundKey, SubBytes using S-Box, ShiftRows, and MixColumns except the Nr round have only three transformations Sub Bytes, Shift Row and Add Round Key.The input bits are arranged in a 4 × 4 matrix of bytes known as a state array, and each column and row are known as a word.

Add Round Key
The round cipher keys are generated in the key expansion by bitwise XOR operation.After the key schedule in key expansion, the key can be divided into 11 groups of 4-byte words.The first 4-byte word is the initial 128-bit secret key, and subsequent keys are generated in the key expansion using SubWord, Rotation Word (RotWord), and Rcon.
SubWord means a nonlinear transformation of each key byte using S-Box (Gangadari & Ahamed, 2016).The RotWord is a cyclic left shift of each byte in a word-by-one byte.Rcon is an array of constant words, and the leftmost byte in a word is non-zero, involved in direct XOR operation with the plain text, and the rest of the ten rounds use subsequent four words to generate ARKs.

Bytes Substitution using S-Box
S-box transformation replaces each element (byte) of input data with another data (byte) using precomputed LUTs, as seen in Figure 7. AES defines an S-box of 256 values for the substitution.You work through the 16 bytes of the state matrix and use each byte as an index into the 256-byte S-Box (Reddy & Gopu, 2017).

Shift Rows
The transformation moves elements by one byte, which produces diffusion in the encrypted text.As seen in Figure 8, the first row's bytes stay the same while the second, third, and fourth rows are shifted 1, 2, and 3 to the left, respectively.

Mix Column
It is also a linear transition.This layer mixes each column of the state matrix, and each transformation causes a byte to affect three other bytes in the same column.During MixColumns and InvMixColumns, a linear transformation is applied to the input state matrix to form the output state matrix (Fang et. al., 2017).This transformation consists of a matrix multiplication over the Galois Field (GF( 28)) between a fixed matrix and the input state matrix (see Figure 9).

RESULTS AND DISCUSSION
Organizations typically categorize information according to confidentiality, and people are allowed access to view it.Classification information model is a method by which organizations evaluate the data they contain and the degree of protection they should receive based on ISO 27001 criteria (Irwin, 2022).Figure 11 shows the interface design with three options for classifying documents.The classification information field is internal, restricted, and confidential.End users will request access to all confidential levels, and restricted levels are linked to specific roles or titles.The documents are viewable by all workers or users at the internal level.document to an array so that the system can check whether the authenticated user has permission to access the document.
The document is assigned in confidential and restricted types, and the system will allow the users to request a particular document, as shown in Figure 15.It should be submitted with their intention on the documents or their purpose.After request submission, the system admin can view and evaluate their request.

Figure 15. Permission Control
The system administrator can view analytics in the dashboard depending on the user's action (see Figure 16).The system provided a communication module for them to follow up on a specific document, which is counted when the system has received user messages.However, in the card New Request, the system will count how many pending document requests have been received by the system.On the Approved request and Declined Request, the system will count how many documents have been approved or declined by the system administrator.The system can also provide a trend line chart for the downloaded files based on today's, yesterday's, and last week's downloaded files.The top document type card is based on the files requested by the users.On the other hand, the Visited Users card will show the number of users who visited the IDMS based on Today, Yesterday, Last week, Last month, Last Year, and All Visited Dates.17 displays the user interface of a log trail module designed to track and record user activity within a system.The log trail module organizes data in a table format, providing a clear and accessible layout.It includes a "Show Entries" dropdown, allowing users to customize the number of entries displayed per page, and a search box for finding specific log entries quickly.The table features two columns: "DateTime Access," which records the exact date and time of page accesses, and "Page," which lists the specific pages visited.

Security Analysis
A comparison of all encrypted files based on their output size in Table 2 reveals no significant differences.Compared to their initial size, every file has grown by around 33%.The 116 kb original file size was raised by 32.76% to 154 kb in comparison.Also enlarged by 33% over the initial size are 510 kb, 1075 kb, and 1710 kb.
Table 3 displays a comparative study of each access control model.Each model exhibits varying levels of granularity, ease of administration, flexibility, scalability, security, and adaptability.Each model has its strengths and weaknesses, highlighting the importance of selecting the most suitable model based on specific organizational needs and requirements.
Table 4 displays a comparative study of every cryptographic method.Upon analyzing the characteristics of various encryption algorithms, including AES, DES, 3DES, RSA, Blowfish, Twofish, and RC4, it is evident that each algorithm offers unique features and trade-offs in terms of key size, block size, security, performance, and usage.Each algorithm has its strengths and weaknesses, making it crucial to select the most suitable algorithm based on the application or system's specific security and performance requirements.protection against unauthorized access.RBAC further enhances security by simplifying access control administration and ensuring users access only necessary resources for their roles.The information classification model is a crucial component in the security framework, providing a structured approach to categorizing and handling information based on its sensitivity and importance.These measures are crucial in environments where privacy and document security are paramount.
based hosting and domain services load balancing and auto-scaling to handle varying traffic levels.

Figure 4 .
Figure 4. Conceptual Diagram of Intranet Document Management with AES

Figure 6 .
Figure 6.AES Algorithm flow for Encryption and Decryption

Figure 10 .
Figure 10.Role-Based Access Control of the system.

Figure 11 .
Figure 11.Uploading of DocumentIn the process of adding the documents, before saving them, the backend encrypts the file and locates it in the file database.Figures12 and 13illustrate the result and the algorithm of the encrypted document.

Figure 12 .
Figure 12.Output of Encrypted Document

Figure
Figure17displays the user interface of a log trail module designed to track and record user activity within a system.The log trail module organizes data in a table format, providing a clear and accessible layout.It includes a "Show Entries" dropdown, allowing users to customize the number of entries displayed per page, and a search box for finding specific log entries quickly.The table features two columns: "DateTime Access," which records the exact date and time of page accesses, and "Page," which lists the specific pages visited.

Table 2
AES-128 encrypted output file size