efficient key mechanisms in multi-node network for secured data ...

Ajay Kakkar et al. / International Journal of Engineering Science and Technology Vol. 2(5), 2010, 787-795

EFFICIENT KEY MECHANISMS IN MULTI-NODE NETWORK FOR SECURED DATA TRANSMISSION *Ajay Kakkar **Dr. M. L. Singh ***Dr. P. K. Bansal *Thapar University, Patiala, India **GNDU, Amritsar, India Ex-Principal, MIMIT, Malout, India Abstract: Cryptography is a technique used to avoid unauthorized access of data. It is the technique of scrambling data to make it indecipherable to all, except the intended person. It includes encryption algorithm and reliable key(s). It is clear that key design flaws account for 50 percent of security problems, and architectural risk analysis plays an important role in any solid security program. The importance of key management has been profound, since most attacks to encryption algorithm are based on vulnerabilities caused by poorly designed and developed key management. The strength of the model depends upon the key length. Keys having short lengths are not suitable for secure transmission in multinode network (MN) because they results in more hacking time. If large key lengths are used then they leads to more processing time. Therefore it is highly required to frame a model which provides the flexibility to the user to select the keys having variable lengths. The main highlight of the work is to reduce the time available to the hacker by using S-Boxes and variable key lengths. The paper includes an optimal approach for secure data processing by using S- Boxes and variable key length. The simulation results are obtained by using Matlab 7.3. Key Words: Encryption, S- Boxes, Multinode Network (MN), Security, Keys. 1. Introduction Security attacks against network are increasing significantly with time. Over the years a number of various techniques and approaches have been developed to ensure data confidentiality, integrity, and availability. The techniques for the data security include multiple passwords, cryptography, biometrics, etc. By using the information regarding timing, power consumption by a device during the execution of cryptographic algorithm, cryptanalysts can break the model [27]. Therefore, the main purpose of secured encryption algorithm is to protect the interests of parties communicating in the presence of adversaries [2,4]. The modeling of the behavior of cyber attackers is difficult and to determine the appropriate level of attack is very important for the security point of view. We are aware in multi-node Network (MN) security decreases with increase in the number of nodes [28]. In view of this, multiple keys are used to provide resistance against the virtual and real attacks made by the hacker. 1.1 1. 2.

3.

Objectives To study various security aspects in connection with data transmission. To develop an optimized efficient key management technique(s) in order to:  Generate random key(s) from the data by the algorithm.  Determination of failure rate of multiple key(s) used by various S- Boxes.  Reduce the time available for the hacker in which attempts are made to destroy the model.  Limit the processing time in multiple key systems.  Minimize the key shifting time   from 1st key to 2nd key and so on.  Minimize the latency and encryption time in order to provide faster response. To design and develop algorithm(s) for secured wireless data communication with minimum overheads.

1.2 Related Work and Motivation: The following section describes the work of various researchers in the area of data security in multi-node networks (MN). Data Encryption Standard (DES) is one of the most widely accepted, publicly available cryptographic system. It was developed by IBM in the 1970s but was later adopted by the US government as a National Standard. In 1990, International Data Encryption Algorithm (IDEA) was originally developed as the Proposed Encrypted

ISSN: 0975-5462

787

Ajay Kakkar et al. / International Journal of Engineering Science and Technology Vol. 2(5), 2010, 787-795 Standard (PES) and in 1992, it was renamed as IDEA. It is a block cipher that uses 64-bit data blocks and 128-bit key. W. Aeillo et al. (1996) [25] describes that with n selected plaintexts in MN which can be distinguished by the hacker with the numbers from a random function. This means that it is possible to hack the model with determined probability. A. Banerjee et al. (2001) [1] gives an overview of signaling enhancement and recovery techniques used in MN. Such techniques are useful to determine the security of model. L. Eschenauer et al. (2002) [17] proposed a random key establishment technique for wireless sensor networks. S .K. Lee et al. (2002) [23] presented hierarchical approach to resolve multiple failures at the multi-node network (MN). In whcih various security levels have been proposed for different type of attacks and recovery mechanism can be selected on the basis of these security levels. H. Chan et al. (2003) [13] extended the technique of n random key establishment, that enables two neighbor nodes to establish a secured communication only when they share n common keys (where n  2 ). W. Du (2003) [26] developed two similar random key pre distribution techniques which uses the multi space key pool to improve network resilience and memory usage efficiency [9]. L. Hundessa (2004) [18] presented a protection mechanism packed up with multiple key (s) to handle multiple link/ node failures. Further Michael Backes et al. (2005) [19] presented the relating symbolic and cryptographic secrecy technique for MN. Elisa Bertino et. al (2008) [10] discussing an efficient Time-Bound hierarchical key management scheme for secure broadcasting. There are numerous cryptographic algorithms for data encryption and authentication techniques for Multi-node Network (MN). By using encryption efficient generic solution for MN was proposed by Naor et al. (1999) [20]. Naor’s model was not so much compatible with multiple keys having different failure rates. L. Hundessa [18] provides the data gathering strategies over all the possible network routes. Blake and Kolesnikov (2004) [7-8] not provides any practical ways to achieve secured re- routing schemes. The related work indicates that there is need to develop a model which provides the flexibility to select short and long data length sequences as per the requirement. The selection of key(s) and S- Boxes should be based upon the data sequence in order to reduce the hacking and processing times. Also, in case of node failure, the algorithm immediately generates new keys(s) for corresponding node. It has been found that for efficient and reliable model; keys should be generated from the available data. Key recovery mechanisms should be available in the model in order to look after the failure situation. 2. Proposed Work It is intended to design a model having optimized efficient key mechanisms for real time operations. Real time operations require immediate response from the device when called by the main station. Perhaps the related work is focused on the concept of multiple key(s) for encrypting [4-5,9,24] the data in initially unknown environment for web transmission. When the geometry of the environment is known in advance then coverage becomes a special case of path planning/ routing and system is designed on the basis of users [16,22]. All the equipment and the accessories are installed by keeping an eye on the total users. Normally, a rough estimate is taken about the user, than it is taken care that grade of service should not fall below 73% [4,15]. If model contains n number of stations; each capable of supporting x number of user then the total users in a model is calculated by U TN  n  x . Faulty user simply wastes the bandwidth and creates an overhead on the other station (retransmission of data, reencryption, generation of key(s), etc) [3-4]. The security of the model depends upon its internal architecture. Let us take a case in which user A wants to transmit the data through the channel having stations S1 , S 2 ........S 8  . Multiple paths are provided to send the data shown in the figure 1. P1 is the path where encrypted packets are transmitted by A . Similarly P2 , P3 and other paths can be made. For a secure system all the intermediate nodes/stations should be under the control of A . Failure notification is immediately forwarded to any node (preferably neighboring node) [1,11-12,14] in case of node failure. Fast reroute method are employed in such situations, which deals with the change of path if node’s secure level falls below a certain level i.e Master node A immediately changes the path and re-encrypt the data by using another key [5,6]. Figure 2.1 depicts various paths used by user A for secure data transmission in the presence of multiple stations. Suppose S3 is the weak station, now there are two possible approaches to provide support to the model.

ISSN: 0975-5462

788


Figure 2.1

1st approach: Change encryption key; i.e, K 1  K 2 , K 1  K 2 , K 1  K 2 and follow the same path. '

'

''

''

Path P1 : A  S1  ( K 2 )  S 3  ( K 2 , K 2' )  S 4  S 5  S 7 ( K 2 , K 2' , K 2'' )  S 8  B 2nd approach: Change path (i) Path P1 : A  S 2  ( K 1 )  S 3  ( K 1 , K 1 )  S 4  S 5  S 7 ( K 1 , K 1 , K 1 )  S 8  B '

'

''

(ii) Path P2 : A  S 2  ( K 2 )  S 3  ( K 2 , K 2 )  S 4  S 5  S 7 ( K 2 , K 2 , K 2 )  S 8  B '

'

''

The above two paths P1 , P2 still includes weak nodes, therefore alternate paths are used. (iii) Path P3 : A  S 2  ( K 1 )  S 4  ( K 1 , K 1 )  S 5  S 7 ( K 1 , K 1 , K 1 )  S 8  B '

'

''

For highly secured system transmission takes place from A  S 4 . The Proposed model will be evaluated based upon its performance with existing models/mechanisms for secured data transmissions in multi-node networks on the basis of following factors: (i) Number of users (ii) Type of hardware/software (iii) Channel capacity (iv) Number of failures during the installation (v) Number of failures occurred during data transmission (vi) Time required for the recovery of data (vii) Speed of the operation (viii) Type of algorithm used (ix) Size and number of keys and S-boxes (x) Number of check points (xi) Encryption, transmission, decryption, latency time. (xii) Level of protection, First level encryption, Second level encryption and Re-encryption (xiii) Active stations with reliable key(s) (xiv) synchronization time (xv) Compression Factor (xvi) Padding. 3. Outcome of the work so far: This section deals with the analysis of failure rate of various key(s) used by different S- Boxes in MN. On the basis of number of attacks, hacking levels and security levels are determined for the model (table 3.1). Multiple keys

k1 & k 2 having different failure rate a, b , are used for different stations S i , S i' where 1  i  N ,

T1 , T2  active time of k1 , k 2 resp.

ISSN: 0975-5462

789

Ajay Kakkar et al. / International Journal of Engineering Science and Technology Vol. 2(5), 2010, 787-795 S. No.

Hacking Level

Level Security

Low

Total number of attacks in one minute 0-50

1

2

Medium

51-100

Good

3

Average

101-150

Average

4

Marginally acceptable, provided that 2nd key (low failure rate take the charge immediately in case of failure of 1st key) High

151-200

Weak

Above 200

Very weak

5

Very Good

of

Remarks

Used for both short and long data sequences Normally used for long data sequences with multiple keys Prefer short sequences Only short data length sequences Not used

Table 3.1

Figure 3.1: Various security levels for different S- Boxes

By using multiple key(s) various security levels for different S- Boxes can be achieved. The correct combination of keys reduces the probability of hacking. Based upon the results appropriate S-Box(s) are selected for data transmission. If we reduce the failure rate of keys then the response of the model for a particular node/station (Figure 3.2) falls below the danger level. Whenever the failure rate of the 2nd key is more as compared to the 1st key then the system reliability tends to decrease. At that time recovery mechanisms are made active. If 1st key fails then it does not affect the model too much, because 2nd key is used to encrypt the data in such situation with minimum key shifting time  .

ISSN: 0975-5462

790


Figure 3.2: Secure path is achieved by using low failure rate of keys

Calculation of Hacking and Processing Times for different Nodes and S-Boxes This section shows that how hacking time is reduced with the increase in key length and S-Boxes for different number of nodes. Node = 5, S-Boxes= 8 S. No. Data Length Key Length S-Boxes Processing time (ns) Hacking Time (min) 1. 26 8 8 13.36 81.71 2.

56

8

8

24.00

84.03

3.

56

16

8

32.76

26.83

4.

124

8

8

44.76

156.71

5.

256

8

8

55.14

193.05

Table 3.2

Followings observations are made from table 3.2  For same key length (8 bits), increase in the data length from 26 to 56 bits provides more time to the hacker (84.03 min.).  Processing time (13.26 to 24.00 ns) is also increased for above combination, but this will not affect the model much.  If key length is increased from 8 to 16 bits for same data length (56 bits) then it shows that the hacking time (84.03 to 26.83 min.) reduces significantly with nominal increase in processing time. Node = 5, S-Boxes= 16 S. No. Data Length Key Length S-Boxes Processing time (ns) Hacking Time (min) 1. 26 8 16 17.99 74.78 2.

56

8

16

27.93

76.86

3.

56

16

16

40.70

8.44

4.

124

8

16

52.10

143.34

5.

256

8

16

64.189

176.58

Table 3.3

ISSN: 0975-5462

791

Ajay Kakkar et al. / International Journal of Engineering Science and Technology Vol. 2(5), 2010, 787-795 The combination of 16 bit key-length (K.L) and 8 S-boxes provides 26.83 minutes (table 3.2) to the hacker. If we increase the number of S-Boxes then it simply reduces the hacking time (8.44 minutes, table 3.3). By increasing SBoxes from 8 to 16 and keeping all other parameters same, it has been observed that the model security is increased. Although, it increases the processing time from 32.76 to 40.70 ns, but it does acts as much overhead to the model. By keeping all the other parameter same, the number of nodes are increased (5 to 15) then it increases the processing time (32.76 min, shown in table 3.2 to 36.37 min shown in table 3.4) and hacking time (26.83 to 27.33 minutes). So, it shows that the security decreases with increase in the number of nodes. Node = 15, Boxes= 8 S. No. Data Length Key Length S-Boxes Processing time (ns) Hacking Time (min) 1. 26 8 8 24.92 86.34 2.

56

8

8

47.35

88.65

3.

56

16

8

36.37

27.33

4.

124

8

8

88.32

165.33

5.

256

8

8

108.80

203.68

Table 3.4

Node = 15, Boxes= 16 S. No. Data Length 1. 26

Key Length 8

S-Boxes 16

Processing time (ns) 29.33

Hacking Time (min) 78.71

2.

56

8

16

54.29

80.90

3.

56

16

16

43.32

19.95

4.

124

8

16

101.25

150.88

5.

256

8

16

124.73

185.87

Table 3.5

For the same parameters, the combination of 16 bit key length and 16 S-Boxes provides 19.95 minutes (table 3.5) to the hacker. It has been observed from the results of tables (3.2-3.5) that:  If numbers of nodes are increased then it takes more processing time.  It also provides enough time to the hacker.  If there is an increase in the data length then hacking and processing times are increased.  By increasing key length the hacking time is reduced.  Increase in the number of S- Boxes reduces the hacking time with nominal increase in processing time. So, correct combination of key length and S- Boxes are selected in order to achieve optimized efficient results. 250

N=5,S-Boxes=8 200

Processing Time(ns) 150

Hacking Time(min)

Time

100

50

0

Data Le ngth (bits )

26

56

56

124

256

Figure 3.1: Hacking and Processing time Vs data length for Node=5, S- Box=8.

ISSN: 0975-5462

792


200

N=5, S- Boxes=16

180

Processing Time(ns)

160

Hacking Time(min)

140 120 100 80 Time

60 40 20 0

Data Length(bits)

26

56

56

124

256


250

N=15, S- Boxes=8

200 Processing Time(ns) Hacking Time(min)

150

Time

100 50 0 26

56

Data Length(bits) 56 124

256

Figure3.3: Hacking and Processing time Vs data length for Node=15, S- Box=8.

ISSN: 0975-5462

793

Ajay Kakkar et al. / International Journal of Engineering Science and Technology Vol. 2(5), 2010, 787-795 200

N=15, S- Boxes=16

180 160

Processing Time(ns)

140

Hacking Time(min)

120 100 Time

80 60 40 20 0

Data Length(bits)

26

56

56

124

256


The increase in the number of nodes in the network leads to increase in the processing time. Thus allows to have more number of options (time) to break the model. Table 3.2 shows the practical results for a model having 5 nodes in a network. By using S-Boxes =8, initially the hacking time is less = 81.71(min) for Node, N =5, Key length, K. L=8, Data Length, D. L=26. Increase in the data length from 26 to 56 with same key length provides enough time to the hacker, which can be reduced by increasing the key length from 8 to 16, by keeping all the other parameters same. Increase in the S- Boxes =16 (N=5, K. L=16, D. L=56) provides more security to the model (hacking time is reduced to 8.44 from 26.83 min) (table 3.2 & 3.3). Increase in the number of nodes from 5 to 15 for fixed S- Boxes =08, N=5, K. L=08, D. L=08, simply increases the hacking time from 81.71 min (table 3.2) to 86.34 min. (table 3.4). Depending on the particular attacking scenarios, various combinations may be employed associated with integrity and confidentiality of the data. Node = 30, S-Boxes=8 S. No. Data Length Key Length S-Boxes Processing time (ns) Hacking Time (min) 1. 256 128 08 188.30 19.53 2.

56

16

08

92.62

78.85

Table 3.6: For Node=30, S- Boxes=8, different key lengths, hacking and processing time Vs data length For large number of nodes the data length, key length and S-boxes can be selected in order to provide optimized efficient results. Table 3.6 shows that for a large MN (30) there is increase in processing time is increased with increase in the data and key length. Thus, the objective is to reduce the hacking time by keeping an eye on the processing time. i.e the processing time should not be allowed to increase rapidly. 5. Conclusion and Future Work Secure and timely transmission of data is always an important aspect for an organization. Cryptography with simple encryption algorithm and optimized key management is treated as best technique for the task. Efficient encryption algorithm should consist of two factors; (i) fast response and ii) reduced complexity. Key selection techniques and analysis for security provision of multi-node network have attracted significant interests recently. The keys used for encryption/decryption process must be generated very carefully, if these keys are lost then the probability of recovering the data is very less. Key selection schemes loads a relatively small number of keys randomly chosen from a large key pool. Afterwards neighborhood sensor tries to find common keys with its direct neighbors to establish link keys, used to determine the correlation between the keys. As a result the failure rates of key(s) are determined which would be helpful to evaluate the security parameters of the model. The security also increases if key size is increased and key shifting time  is reduced, the above combination may be adopted for secure transmission. The goal of work is to provide near-prefect confidentiality with a minimum of overhead. It is expected that if more number of S-boxes (64 and 128) are used for the same task then the key length would be reduced with nominal processing time.

ISSN: 0975-5462

794

Ajay Kakkar et al. / International Journal of Engineering Science and Technology Vol. 2(5), 2010, 787-795 6.

References [1]

[2] [3] [4]

[5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]

[17] [18] [19] [20] [21] [22] [23] [24]

[25] [26] [27] [28]

A. Banerjee, L. Drake, L. Lang, B. Turner, D. Awduche, L. Berger, K. Kompella, and Y. Rekhter (July 2001), “Generalized Multiprotocol Label Switching: An Overview of Signaling Enhancements and Recovery Techniques,” IEEE Communication Magazine, Vol. 39, No. 7, pp. 144-151. A. Bobbio and K.S. Trivedi (1990), “Computing Cumulative Measures of Stiff Markov Chains Using Aggregation,” IEEE Transaction on Computers, Vol. 39, No. 10, pp. 1291-1297. A. Reibman and K.S. Trivedi (1988), “Numerical Transient Analysis of Markov Models,” Computers and Operations Research, Vol. 15, No. 1, pp. 19-36. Alexander Chatzigeorgiou ,George Stephanides, Spyros T. Halkidis, Nikolaos Tsantalis (September 2008), “Architectural Risk Analysis of Software Systems Based on Security Patterns” IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp. 129-142. B. Livshits and M.S. Lam (Aug. 2005), “Finding Security Vulnerabilities in Java Applications with Static Analysis,” Proceedings of 14th Usenix Security Symposium pp. 19-36. B. B. Madan, K. Goseva-Popstojanova, K. Vaidyanathan, and K.S. Trivedi (March, 2004), “A Method for Modeling and Quantifying the Security Attributes of Intrusion Tolerant Systems,” Performance Evaluation, Vol. 56, No1, pp. 167-186. Blake, I.F. and Kolesnikov, V. (2004) ‘Strong conditional oblivious transfer and computing on intervals’, in P.J. Lee, (Ed). ASIACRYPT’04, Volume 3329 of Lecture Notes in Computer Science, Springer, pp.515–529. Blake, I.F. and Kolesnikov, V. (2006) ‘Conditional encrypted mapping and comparing encrypted numbers’, in G. Di Crescenzo and A. Rubin, (Eds). FC 06, Volume 4107 of Lecture Notes in Computer Science, Springer, pp.410–421. D. Liu and P. Ning (October 2003), “Establishing Pair-wise Keys in Distributed Sensor Networks,” Proceedings of 10th ACM Conference on Computer and Communication Security (CCS ’03), pp. 52-61. Elisa Bertino, Ning Shang, and Samuel S. Wagstaff Jr. (April 2008) “An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting”, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp-65-70. Fischlin, M. (2001) “A cost-effective pay-per-multiplication comparison method for millionaires”, CT-RSA’01, Volume 2020 of Lecture Notes in Computer Science, Springer, pp.457–472. G. Ciardo, R.M. Marmorstein, and R. Siminiceanu (2003), “Saturation Unbound”, Proceedings of International on Tools and Algorithms for the Construction and Analysis of Systems, pp. 379-393. H. Chan, A. Perrig, and D. Song (May, 2003), “Random Key Pre distribution Schemes for Sensor Networks,” Proceedings of IEEE Symposium on Security and Privacy (S & P ’03), pp. 197-213. J. Muppala, M. Malhotra, and K. Trivedi (1994), “Stiffness-Tolerant Methods for Transient Analysis of Stiff Markov Chains,” Microelectronics and Reliability, Vol. 34, No.11, pp. 1825-1841. Jian Ren, and Lein Harn, (July 2008), “Generalized Ring Signatures”, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp153-164. Jong Tae Park, Jae Wook Nah, and Wee Hyuk Lee, (July 2008), “Dynamic Path Management with Resilience Constraints under Multiple Link Failures in MPLS/GMPLS Networks”, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp143154. L. Eschenauer and V. D. Gligor (Nov. 2002), “A Key-Management Scheme for Distributed Sensor Networks,” Proceedings of 9th ACM Conference on Computer and Comm. Security (CCS ’02), pp. 41-47. L. Hundessa and J. Domingo-Pascual (2004), “Optimal and Guaranteed Alternative LSP for Multiple Failures,” Proceedings of 13th IEEE International Conference on Computer Communication and Networks (IC3N ’04), pp. 59-64. Michael Backes, and Birgit Pfitzmann (April, 2005), “Relating Symbolic and Cryptographic Secrecy”, IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp109-123. Naor, M., Pinkas, B. and Sumner, R. (1999) ‘Privacy preserving auctions and mechanism design’, EC’99, New York: ACM Press, pp.129–139. P. Papadimitratos and Z. J. Haas (July, 2003), “Secure Message Transmission in Mobile Ad Hoc Networks,” Elsevier Ad Hoc Networks, Vol. 1, No. 1, pp. 193-209. Paillier, P. (1999) “Public-key cryptosystems based on composite degree residuosity classes”, in J. Stern (Ed). EUROCRYPT’99, Volume 1592 of Lecture Notes in Computer Science, Springer, pp.223–238. S. K. Lee and D. Griffith (Aug., 2002), “Hierarchical Restoration Scheme for Multiple Failures in GMPLS Networks,” Proc. 31st International Conference on Parallel Processing Workshops (ICPPW ’02), pp. 177-182. T. Halkidis, Nikolaos Tsantalis, Alexander Chatzigeorgiou, and George Stephanides (July 2008), Architectural Risk Analysis of Software Systems based on Security Patterns Spyros, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp129142. W. Aiello and R. Venkatesan (1996), “Foiling birthday attacks in length-doubling transformations in U. Maurer”, editor, Advances in Cryptology - EUROCRYPT ’96, LNCS 1070,. Springer-Verlag, Berlin pp. 307–320. W. Du, J. Deng, Y. S. Han, and P.K. Varshney (Oct., 2003), “A Pair wise Key Pre distribution Scheme for Wireless Sensor Networks,” Proceedings of 10th ACM Conference on Computer and Communication Security (CCS ’03), pp. 42-51. Xubin He, Ming Zhang, and Qing (Ken) Yang (April, 2005), “SPEK: A Storage Performance Evaluation Kernel Module for BlockLevel Storage Systems under Faulty Conditions” IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp138-149. Zhenghua Fu, Haiyun Luo, Petros Zerfos, Songwu Lu, Lixia Zhang (March, 2005), “The Impact of Multihop Wireless Channel on TCP Performance”, IEEE Transactions on Mobile Computing, Vol. 4, No. 2, pp 209-221.

ISSN: 0975-5462

795