Group Key Establishment Protocol Based on ECC for ...

2 downloads 1 Views 2MB Size Report
group key establishment protocol for mobile ad-hoc networks to share music file, has been ...... encoding an uncompressed minute of symphonic orchestra music. ...... yes no. (Only .mp3). TrueShare. (P2P) no no no yes r-Music no no yes yes.

Group Key Establishment Protocol Based on ECC for Mobile Ad-hoc Networks to Share Music Files

W. A. C. Weerakoon

2

Abstract This project, provides a strong conceptual foundation which has a distributed key establishment and atomic behaviour in the group, to protect music files from illegal sharing occur due to most of cryptographic cracks that are currently exists, and produces a smart mobile application. This basically improves the encryption procedure, establishing a group key establishment protocol based on ECC for legal music sharing within a group of authorized people. When the encryption procedure is approaching in to engage with an ad-hoc network, it is more challengeable than in the case of usual network. There the emphasis has to be put on some considerable possessions such as having no central control or fixed infrastructure, incapability of generating large keys and limited processing power, memory and bandwidth. Elliptic Curve Cryptography and Lagrange interpolation is going to facilitate the key generation, key management and key distribution lending a hand to overcome the drawbacks of existing Public Key Infrastructures such as DSA and RSA. This Elliptic Curve Cryptography based group key establishment protocol for mobile ad-hoc networks to share music file, has been made up from supporting decrypting value, distributed shared private key and group public key, allowing to create a consistent logical group at each task of possession of music file. Even though, the every member of the group should be participate in its tasks from the establishment of the group to the setting out the music file from the server, they do not need to be online always. The group establishment protocol has been implemented using Java servlets and it has been established on a web server. The database has been constructed using MySQL, the open source Database Management System. The construction has been taken part on a Windows XP service pack 2 Operating system which is established on a computer which has Intel(R) Core(TM)2 Duo CPU, E7300 @ 2.66GHz and 988 MB of RAM Using the IDE Netbeans 6.5.1 and the mobile application has been implemented using Java Platform Micro Edition.

3

Acknowledgment It is with a deep sense of gratitude that I acknowledge the guidance and encouragement gives me by my supervisor, Dr. Kasun De Zoyza, who has allowed me to involve in this project and supported me during my project period with his patience and knowledge while allowing me a room to work in my own approach.

I would like to offer my greatest gratitude to Mr. Uditha de Zoysa and Mr. Gayan Jayasinghe for their kind advices, guidance given during the project time and facilitating me with necessary facts with their past experience.

I would like to extend my greatest gratitude to Mr. Manoj Ekanayake, Mr. Hasitha Gunasekara and Mr. Sanath Pushpakumara for their support given me in technical matters in the implementation of the system.

Then, I would like to thank Mrs. S. Uthpalawanna and Miss W. A. R. T. Weerakoon, for their support given me during preparation period for the project and thesis writing period.

I am heartily thankful to Mr. M. A. Prasanna Costa, for his support given me in clarifying the behavior of EC and Lagrange Interpolation (Mathematical Concepts behind the project) and the encouragement, patience and kindness showed towards me as being my loving husband.

Finally, I would like to give my heartfelt thank to my ever loving parents for their dedication, guidance, encouragement and all the conveniences given me, all the time, being behind myself.

Their patience, munificence and excellent supports were Admirable.

4

Table of Content Abstract…………………………………………………………………..............

ii

Declaration…………………………………………………………………….....

iii

Acknowledgement……………………………………………………………….

iv

Table of Content…………………………………………………………………

v

List of tables……………………………………………………………………..

ix

List of figures…………………………………………………………………….

xt

1. INTRODUCTION………………………………………………………….

1

1.1. Motivation……………………………………………………………....

1

1.2. Objective and Scope of Project ……………………………………….

2

1.3. Organization of the Thesis…………………………………………….

3

2. BACKGROUND………………….……………………………………......

4

2.1

Introduction ……………………………..…………………………..

4

2.2

Requirement Analysis ………………………………………………

4

2.2.1 Main Analysis ………………………………………………..

4

2.2.2 Deeper Analysis……………………………………………….

5

2.2.3 OvercomingDrawbacks – The Analysis……………………......

6

2.2.4 Assumptions…………………………………………………..

7

2.2.5 Requirements for the Application …………………………….

7

2.2.5.1 Basic Explanation.............................................................

7

2.2.5.2 The Users of the Application …………………………..

8

2.3

Audio File Formats ………………………………………………….

10

2.3.1 Introduction…………………………………………………...

10

5

2.4

2.5

2.3.2 Audio File Formats …………………………………………

10

2.3.3 Types of Formats …………………………………………...

10

2.3.3.1 Free and open file formats …………………………...

11

2.3.3.2 Open file formats …………………………………….

12

2.3.3.3 Proprietary formats…………………………………...

12

2.3.4 Audio File Structures………………………………………..

12

Elliptic Curve Cryptography………………………………………

13

2.4.1 Introduction………………………………………………

13

2.4.2 Mathematical Background………………………………

13

2.4.2.1 Group…………………………………………………

13

2.4.2.2 Field…………………………………………………..

14

2.4.2.3 Finite Field…………………………………………...

15

2.4.2.4 Elliptic Curve………………………………………...

16

2.4.2.4.1 Point Addition………………………………..

17

2.4.2.4.2 Point Doubling……………………………….

18

2.4.2.4.3 Point Multiplication………………………….

18

2.4.3 ECC Key Generation………………………………………..

19

2.4.4 Elliptic Curve Discrete Logarithm Problem (ECDLP)……...

19

2.4.5 Elliptic Curve over Finite Field……………………………..

20

2.4.5.1 Elliptic Curve over Fp…………………………………….

20

2.4.5.2 Elliptic Curve over 𝐹2𝑚 ……………………………

21

2.4.6 Choosing an Elliptic Curve………………………………….

22

2.4.7 ECC Practical Implementation……………………………...

23

2.4.7.1 Choosing Domain Parameters………………………..

23

2.4.7.2 Related Standards……………………………………

24

2.4.8 ECC Encryption/Decryption………………………………..

25

Group Key Establishment…………………………………………...

27

2.5.1 Introduction…………………………………………………

27

2.5.2 Group Key Management protocol…………………………..

27

2.5.2.1 Protocol Overview……………………………………

27

2.5.2.2 GKMP Roles…………………………………………

28

2.5.2.3 GKMP Key Generation and Distribution……………

28

6

3

2.5.3 Drawbacks of Existing Group Key Establishments…………

29

2.5.3.1 Key Size……………………………………………...

29

2.5.3.2 Latency………………………………………………

29

2.5.3.3 Extendibility………………………………………….

29

2.5.3.4 Communication Bottleneck…………………………..

30

2.5.3.5 High Message Overhead……………………………..

30

2.6 Lagrange Interpolation……………………………………………

30

2.7 J2ME………………………………………………………………..

32

2.8 Servlet/ JSP…………………………………………………………

32

2.9 GPRS………………………………………………………………..

33

2.10 MySQL……………………………………………………………...

34

DESIGN AND IMPLEMENTATION…………………………………

35

3.1 Introduction…………………………………………………….

35

3.2 System Design………………………………………………………..

35

3.2.1 Assumptions…………………………………

35

3.2.2 Key Generation…………………………………………….

36

3.2.2.1 Shared Private Key Generation………………………

36

3.2.2.2 Generating Group Public Key………………………..

37

3.2.2.3 Core Design……………………………………

39

3.2.2.3.1 Atomicity of Cryptographic operation

39

3.2.2.3.2 Re-Key Process……………………………….

39

3.2.3 Encryption……………………………………

39

3.2.3.1 Pre Encryption work…………………………………

39

3.2.3.2 Encryption Process………………………………

40

3.2.3.3 Post Encryption work……………………………….

41

3.2.4 Decryption……………………………………

43

3.2.4.1 Pre Decryption Work…………………………….

43

3.2.4.2 Decryption Process……………………………..

43

3.2.5 Application Design…………………………………..

45

3.2.6 Database Design ……………………………………

46

3.3 Objective of the Implementation……………………………

46

3.4 Architecture of the Application……………………………..

47

7

4

5

3.5 Construction……………………………………………………

49

TESTING AND EVALUATION …………………………………….

50

4.1 Introduction.....................................................................................

50

4.2 Testing..............................................................................................

50

4.2.1 Test Plan...............................................................................

50

4.2.2 Sample Test Cases...............................................................

51

4.3 Technologies and tools used for the evaluation...............................

53

4.4 Evaluation Process and Its Results...................................................

54

4.5 Comparison with existing systems....................................................

59

CONCLUSION AND FUTURE WORK………………………………

60

5.1 Conclusion…………………………………………………….......

60

5.2 Final Outcome...................................................................................

61

5.3 Future Work……………………………………………………

62

APPENDIX A – REFFERENCES APPENDIX B – CRITICAL CODING PARTS

8

List of Tables Table 2.1: Equivalent key sizes for ECC and RSA ( NIST guideline for public key sizes for AES)..............................................................................................

24

Table 2.2: ECC Standards by many well known Organization..........................

25

Table 4.1: Sample Test Cases.............................................................................

53

Table 4.2: Some of the similar existing systems................................................

59

Table 5.1: Functionality Check List...................................................................

61

Table 5.2: User Satisfaction...............................................................................

62

9

List of Figures Figure 2.1: Separating the Private Key into Several Sub Keys.....................................

5

Figure 2.2: Actual System...........................................................................................

7

Figure 2.3: Users...........................................................................................................

8

Figure 2.4: Sub cases of sharing music files..................................................................

8

Figure 2.5: An Elliptic Curve........................................................................................

16

Figure 2.6: Adding distinct points P and Q...................................................................

17

Figure 2.7: Doubling the Point P...................................................................................

18

Figure 2.8: Elliptic Curve over Fp: y2 = x3+x over F23 .................................................

21

Figure 2.9: Secure Transaction using ECC....................................................................

25

Figure 2.10: Lagrange Interpolation Technique............................................................

31

Figure 2.11: GPRS Connection.....................................................................................

34

Figure 3.1: Ad-hoc network...........................................................................................

40

Figure 3.2: The Application...........................................................................................

45

Figure 3.3: Database tables............................................................................................

46

Figure 3.4: Architecture.................................................................................................

49

Figure 4.1: Waveform of the Original File with Adobe Premier CS3........................... 54 Figure 4.2: Waveform of the Processed File with Adobe Premier CS3. ......................

55

Figure 4.3: Waveform and Spectrum of the Original File with Adobe Soundbooth CS3. ............................................................................................................................... 56 Figure 4.4: Waveform and Spectrum of the Processed File with Adobe Soundbooth CS3. ............................................................................................................................... 56 Figure 4.5: Resource Monitor – For Original File.........................................................

57

Figure 4.6: Resource Monitor – For Processed File......................................................

57

10

Chapter 1 Introduction 1.1 Motivation While the Digital right management (DRM) companies were working on finding technical solutions to prevent the pirating of copyrighted digital music, they found the encryption as a better prevention solution. With this finding the digital music business model, which allows label people (artists, distributors, music publishers, lawyers, technology developers and people from media companies) to continue legally sell or share songs, albums and compilations in digital format, was moved to the web and was ensured that those digital files are not being illegally shared, since they have been encrypted against copying. But, more complex the encryption technology, it will be harder to smoothly integrate it on all platforms. For example; among music files that could not be copied, were found, about 3% of them would not play in consumers’ existing devices (Ex: mobile phone).

Since, the technology has been gone beyond extremes this encryption was not secure as much as DRM expected. Increasing popularity of peer-to-peer illegal music file sharing has been caused to trigger an especially heated debate (against this process) from the record industry. Issues voiced are predominantly the notion of intellectual property. However, the fine print in the record industries has been facing the problem, which is centered on the loss of sales and then the loss of the profit for the respected organizations. The industry claims that sharing of copyrighted music files leads to losses amounting to millions of rupees/dollars. For this reason, illegal music file sharing badly effects, in relation to business focuses not only on the industry as a business, but also on the artists. Therefore, they have to take an enormous effort it to be kept the security up.

The people, sitting in geographically dispersed area, can set up a small group and can make their job to be done. But since having no priori means of digital identifying and authenticating each other, there is no secure communication channel between them and an attacker can easily monitor and modify all traffic on the communication channel and may also attempt to impersonate as valid member of the group. This problem similarly effect on any group formed for legal music sharing by the label people.

11

With coming into the era, the secure music sharing within groups, there are many shortcomings to be taken into consideration, such as limited CPU, band width, memory, processing power and unpredictable topology changes. These are extremely challenging factors. Specially, when talk about the mobile ad-hoc networks.

To ensure the security of these communications if the traditional PKI cryptosystem algorithms such as RSA or DSA have used, a problem will arise due to its larger key size. Applying the typical PKI algorithms directly causes the users to be discouraged due to the fact that the cryptosystem tries to use many resources for its purpose than their actual communication. Another thing is, as each member can alone encrypt or decrypt data without aware of the other members in the group; each of the members has the risk of being deceived within the group. Then within this context Group Key Establishment protocol based on Elliptic Curve Cryptography (ECC) can act as a better prevention solution and this project work revolves around establishing that protocol.

1.2 Objective and Scope of Project Objective of the project is to ensure the security of music sharing by forming a group establishment protocol based on ECC by achieving; Prevent pirating of copyrighted music files, Make the music files easy to integrate on any plat form, Reduce the losses occur due to sharing copyrighted music files, Reduce the recourse utilization in cryptosystems related to this case and Reduce the risk of being deceived within the group.

Finding the protocol will mainly focus on finding solutions for the above mentioned problems and achieving the above mentioned objectives. During this limited project period, finding a keying procedure including computation of private key shares and corresponding group public key, an encryption process and a decryption process have been set up. And a smart mobile application has been developed to map this work in to the real world. The project work has been carried out according to the assumptions, limitations and statements defined in each phase.

12

1.3 Organization of the Thesis Chapter 1 – This chapter explains the problem which is going to be undertaken during the project, the objectives and scope of the project. Chapter 2 – This chapter analyzes the requirements and presents the literature survey of the project. It expose to the problem, and the concepts that will be undertaken during this project work. Chapter 3 – This chapter illustrates system design methodology, how the implementation has been carried out and it describes some critical coding parts. Chapter 4 – In this chapter describes, how the system has been tested and evaluated and the results of those processes. Chapter 5 – This presents the conclusion for the project work and some suggestions to enhance the flexibility of the system.

Appendices

Appendix A - References Appendix B - Critical Coding Parts

13

Chapter 2 Background 2.6

Introduction

In this chapter, it tries to discuss about the identified specific requirements for the project, and thorough and comprehensive review of relevant literature and other sources. In major, this describes the context of the project work. This chapter will put its concern over the following major points. 1. Requirement Analysis. 2. Audio file formats. 3. Elliptic Curve Cryptography. 4. Group Key Establishment. 5. Lagrange Interpolation.

2.7

Requirement Analysis

2.2.6 Main Analysis This project is mainly focused on providing a cryptographic solution to facilitate the secure transmission of music files in mobile ad-hoc networks as introduced in the introduction chapter. Today these transmissions are suffering from a lot of drawbacks, raised due to several facts; 1. Existing weighty Keying Infrastructures. 2. Poorer security embedded in these keying infrastructures.

The requirements for this project work have been arising from the above mentioned problematic environment and there the requirements can be point out in high level as follows;

1. Prepare the Keying Infrastructure, so as to support the mobile devices. 

Reduce the key size.

2. Use rationalized key generation, management, encryption and decryption procedures to overcome the existing drawbacks. 3. Perform secure music sharing within ad-hoc networks. 

Prepare an application to use in mobile devices.

2.2.7 Deeper Analysis

14

After setting out the major requirements, this subsection moves in to the deepth of the requirement analysis process; 

Prepare the Keying Infrastructure, so as to support the mobile devices: Reduce the key size. With reference to the literature review Elliptic Curve Cryptography is the most suitable concept, which not only satisfying this expected requirement, but also add excess security.



Use rationalized key generation, management, encryption and decryption procedures to overcome the existing drawbacks. Complete private keys are not suitable in grouped background. Therefore, the private key can be decomposed in to separate parts and can be distributed among the each and every member of the group (figure 2.1). Then, without having the contribution of all music file transmission cannot be done. K1

K2

K3

K4

Figure 2.1: Separating the Private Key into Several Sub Keys

With use of EC, separated key parts should be able to add up and then, draw the secret shared private key (each key share lays with each member and use in decryption process) and the public key (this is common to all and use in encryption process) from it and use these to hide or divulge the message. Unreliable file transmissions within sub groups, without conveying to the other members should be avoided. That means the absence or disagreement of even a single group member, should be caused to disposal of the group.

15

Lagrange Interpolation technique has to be used in generating keys and this should satisfy the Elliptic Curve Discrete logarithm Problem which is leading the contentment of the requirements. 2.2.8 Overcoming Drawbacks – The analysis All the time, due to the shortcomings exist in the existing contexts, new discoveries have been taken place. This sub section analytically presents the drawbacks in the existing context which of those made the reason to discover new means to provide secure transmission of music files. This can be done satisfying the above mentioned requirements.

Due to the joint key generation process, all are responsible in establishing groups and their keys and performing secure transmission of music files - Therefore, it reduces the risk of being deceiving within group and also it prevents pirating of music files.

Since, all are responsible in key establishment and secure transmissions of music files, these groups have an atomic behaviour. That means one of the group member has failed to participate in these processes, then the established group have been disposed and new group can be formed - Then, that means the dynamical changes in the topology can be adopted. Then preserve the ad-hoc behaviour.

As this is going to be developed for mobile devices reducing the size of the keys without losing the security would be advantageous in saving memory and bandwidth consumption - Then the process can be complete in an efficient way.

16

2.2.9 Assumptions Few assumptions have been made over the underlying communication protocol and the channel to satisfy the above mentioned requirements. They are;

There is an underlying communication protocol between group members (HTTP) which facilitates the communication between them as necessary.

Failures occur during the transmission or the crashes of nodes during the execution can be detected. This information can be used to preserve the atomicity of the group.

These assumptions have been taken in to consideration to achieve objective of the project staying within the defined scope during the fourth coming design chapter.

2.2.10 Requirements for the Application 2.2.5.1 Basic Explanation An existing actual system for music file production is as follows in the figure 2.2. What the author had to do is to set an application to embed the encryption and decryption procedures to preserve the security of the process, using the group establishment protocol which satisfies the above mention requirements.

• Original media goes to encoding house

Encoding House

• Compresses media for special players

Recording Label

MediaPrepared Music Prepared

• Co-locate media universally

Client

• Compresses media for special players

Content Server (Media Providers)

Music Stored

Figure 2.2: Actual System

Music Delivered

17

2.2.5.2 The Users of the Application Users of the application will be owners, non-owner members and new users as shown in the figure 2.3. Here, a user who is not a subscriber/ member of the system is called as a New user, The user who has uploaded and shared his/her music file/s is called as an owner and The others who are not called as owner are called as the non-owner member/subscriber.

Owner

Member NonOwner

User New User

Figure 2.3: Users These users expect to have the following functional and non functional requirements from the application.

Functional Requirements: 1. New User: Get the membership/ Be a subscriber. i.

Enter user Details

ii.

Get membership.

2. Owner: Upload/ Share music files. This has four sub cases according to the ownership and the profitability; Single Owner

Profitable

Group of Owners

Profitable

Share Music file

(1)

Non-Profitable (2) (3)

Non-Profitable (4)

Figure 2.4: Sub cases of sharing music files

18

19

Case (1): For the music file there is only a single owner he is going to sell his file. Case (2): For the music file there is only a single owner he is going to share his file with his colleagues. Case (3): For the music file there is a group of owners they are going to sell their file. Case (4): For the music file there is a group of owners they are going to share their file with their colleagues.

3. Owner/Non-Owner: Request music files. Any member of the system can request a music file. They have to do a credit card payment for that file and then they can buy the file.

Non-Functional Requirements: 1. Easy to handle; i.e. low complexity. 2. Standard interfaces and well organized 3. Higher performance 4. It is pleasurable to use 5. Visually Pleasing 6. Provide easy recovery from errors 7. Low Letancy 8. Higher Security

Within this environment, the protocol responsible for satisfying the following requirements; 1. Select an Elliptic Curve 2. Obtain generator point 3. Create session key 4. Create public key 5. Share public key 6. Create public key 7. Encrypt music file 8. Decrypt music file

20

Audio File Formats

2.8

2.3.1 Introduction Since, this project mainly focused on finding a group key establishment protocol for music sharing, it is necessary to put the emphasis on encryption or decryption music files. Therefore, it is crucial to be familiar with the music formats and there structures. There are a massive number of open or free music file formats, and each and every file format has its own file structure. This section does discuss about these formats and structures that are going to be used during this project.

2.3.2 Audio File Formats An audio file format[7] is a file format for storing audio data on a computer system. It can be a raw bitstream, but it is usually a container format or an audio data format with defined storage layer. The general approach towards storing digital audio is to sample the audio voltage which, on playback, would correspond to a certain position of the membrane in a speaker of the individual channels with a certain resolution (the number of bits per sample) in regular intervals (forming the sample rate). This data can then be stored uncompressed, or compressed to reduce the file size.

2.3.3 Types of Formats It is important to distinguish between a file format and a codec. A codec performs the encoding and decoding of the raw audio data while the data itself is stored in a file with a specific audio file format. Most of the publicly documented audio file formats can be created with one of two or more encoders or codecs. Although most audio file formats support only one type of audio data (created with an audio coder), a multimedia container format (as MKV or AVI) may support multiple types of audio and video data.

There are three major groups of audio file formats: 

Uncompressed audio formats[7], such as WAV, AIFF, AU or raw header-less PCM;



Formats with lossless compression[7], such as FLAC, Monkey's Audio (filename extension APE), WavPack (filename extension WV), Shorten, Tom's lossless Audio Kompressor (TAK), TTA, ATRAC Advanced Lossless, Apple Lossless, MPEG-4 SLS, MPEG-4 ALS, MPEG-4 DST, Windows Media Audio Lossless (WMA Lossless).



Formats with lossy compression[7], such as MP3, Vorbis, Musepack, AAC, ATRAC and lossy Windows Media Audio (WMA).

21

A lossless compressed format requires more processing time than an uncompressed format but is more efficient in space usage.

Uncompressed audio formats encode both sound and silence with the same number of bits per unit of time. Encoding an uncompressed minute of absolute silence produces a file of the same size as encoding an uncompressed minute of symphonic orchestra music. In a lossless compressed format, however, the music would occupy a marginally smaller file and the silence takes up almost no space at all.

Lossless compression formats (such as the most widespread Apple Lossless) provide a compression ratio of about 2:1. Development in lossless compression formats aims to reduce processing time while maintaining a good compression ratio.

Here are some music file formats;

2.3.3.1 Free and open file formats wav[7] - standard audio file container format used mainly in Windows PCs. Commonly used for storing uncompressed (PCM), CD-quality sound files, which means that they can be large in size around 10 MB per minute. Wave files can also contain data encoded with a variety of codecs to reduce the file size (for example the GSM or mp3 codecs). Wav files use a RIFF structure.

aiff[7] - the standard audio file format used by Apple. It is like a wav file for the Mac.

au[7] - the standard audio file format used by Sun, Unix and Java. The audio in au files can be PCM or compressed with the μ-law, a-law or G729 codecs.

22

2.3.3.2 Open file formats dct[7] - A variable codec format designed for dictation. It has dictation header information and can be encrypted (often required by medical confidentiality laws).

vox[7] - the vox format most commonly uses the Dialogic ADPCM (Adaptive Differential Pulse Code Modulation) codec. Similar to other ADPCM formats, it compresses to 4-bits. Vox format files are similar to wave files except that the vox files contain no information about the file itself so the codec sample rate and number of channels must first be specified in order to play a vox file.

2.3.3.3 Proprietary formats mp3[7] - MPEG Layer-3 format is the most popular format for downloading and storing music. By eliminating portions of the audio file that are essentially inaudible, mp3 files are compressed to roughly one-tenth the size of an equivalent PCM file while maintaining good audio quality.

wma[7] - the popular Windows Media Audio format owned by Microsoft. Designed with Digital Rights Management (DRM) abilities for copy protection

2.3.4 Audio File Structures For example let see the structure of a MPEG audio file[7]: An MPEG audio file is built up from smaller parts called frames. Generally, frames are independent items. Each frame has its own header and audio information. As there is no file header, you can cut any part of MPEG file and play it correctly. Following is a presentation of the header content. Characters from A to M are used to indicate different fields.

AAAAAAAA AAABBCCD EEEEFFGH IIJJKLMM A- Bit set for Frame Sync

E- Bitrate index

B- MPEG Audio version ID

F- Sampling rate frequency index

C- Layer description

G- Padding bit

D- Protection bit

H- Private bit

0 - Protected

I- Channel Mode

1 - Not protected

2.9

Elliptic Curve Cryptography

23

2.

Introduction

Elliptic Curve Cryptography shortly ECC[11][19] is a public key cryptographic[34] approach that is based on the algebraic structure of elliptic curves over finite fields [12]. As it name implies the so called Elliptic Curve, it is heavily based on elliptic curve theory[26], finite field[12], group theory[13], point multiplication[4]and arduous mathematical operations which impose a novel features that signify over traditional cryptographic concepts. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of key generation as the product of very large prime numbers. Its inherent mathematical properties made ECC very difficult to break, fast to execute and more importantly, it offers the equivalent security strength with smaller key sizes. According the former findings, ECC is able to yield a level of security with a 164-bit key that other systems require a 1,024-bit key. The consequences of these positive results help faster computation, lower power consumption, memory and bandwidth savings. Under these circumstances ECC would be the right candidate to use in mobile ad-hoc networks.

Before, carry out the process it is necessary to choose an EC. It is more convenient to select an EC from the set of curves that are published by the NIST (National Institute of Standards and Technology)[3]

3.

Mathematical Background

To get a better understanding over the existing required mathematical background (Group Theory, Field Theory, Elliptic Curves, Elliptic Curve Cryptography, ECDLP…) author has been carried out a thorough literature survey.

2.4.2.1 Group A group[13] is defined as an algebraic structure which has a set together with an addition (+) operation. This addition (+) operation is defined the way that combines any two of its elements to form a third element. In fact the addition operation is a general placeholder for a given operation in the domain of interest. In order to qualify as a group, the set elements should satisfy four properties called group axioms. Which are closure, identity, invertibility and associativity.

Group G is defined on a set S with a binary operation (+) which adhere to the following properties. 

G = {S,+}

24



Closure: ∀ a,b ∈ G, a+b ∈ G.



Identity: ∃ e ∈ G, ∀a ∈ G, a+e = a.



Inverse: ∀ a ∈ G, ∃b ∈ G, a+b = e.



Associativity: ∀ a, b, c ∈ G, a+(b+c) = (a+b)+c.

For an example, define a group G={Zmod 5,+}, more elaborately G={(0, 1, 2, 3, 4),+}. This group should satisfy the above mentioned properties. 

Closure: (0+1)mod 5 = 1, 1 ∈ G, by this way, it is feasible to prove that closure is satisfied ∀x

∈ G. 

Identity: ∀x 2 G; (1+0)mod 5 = 1, (2+0)mod 5 = 2 and , e = 0, 0 ∈ G.



Inverse: (1+4)mod 5 = 0(e), (2+3)mod 5 = 0, by this way it is provable that every element in G there exists an inverse element.



Associativity: (1+(2+3))mod 5 = ((1+2)+3)mod 5, this can be proved to all elements in G.

Since all the group axioms are satisfied, G = {(0, 1, 2, 3, 4), +} is a group. The reason of studying Group fundamentals is, ECC uses the group theory and the chosen EC for the cryptography is formed a group over finite field which will be described later.

2.4.2.2 Field A Field[12] is a set with two binary operations which are called addition (+) and multiplication (*) and qualifying the following axioms.

Field is denoted as F 

Closure of F for both addition and multiplication: ∀a; b ∈ F ; a+b and a.b ∈ F.



Associativity of F for both addition and multiplication: ∀a, b,c ; a+(b+c) = (a+b)+c and a.(b.c) = (a.b).c



Commutativity of F for both addition and multiplication: ∀a; b ∈ F ; a+b = b+a and a.b = b.a



Identity of F for both addition and multiplication: ∃e ∈ F; and, ∀a ∈ F; a+e=a, e is an additive identity denoted as 0. And ∃e1 ∈ F and ∀a ∈ F ; a.e1 = a, is an multiplicative identity denoted as 1.

25



Inverse of F for both addition and multiplication: ∀a ∈ F; ∃ (-b) ∈ F; such that a+(-b) = 0, this is additive inverse and similarly ∀a ∈ F; a ≠ 0 , ∃b-1 ∈ F, such that a.b-1 = 1.



Distributivity of F for both addition and multiplication: ∀a, b, c ∈ F ; a.(b+c) = (a.b)+(a.c).

The typical examples of a Field are Real Numbers, Complex numbers, Integer modulo prime numbers which satisfy all the above axioms.

2.4.2.3 Finite Field [12] Finite Field[12] or Galois Field is a Field which has finite amount of elements. Finite Field can be described as unique field of order Pn where p is prime and n is positive integer. p is called the characteristic of the field. For every prime number p and positive integer n, 𝐹𝑃𝑛 exists with Pn elements. Another notation is GF (Pn), GF : Galois Field.

Typical cryptographic operations are done over real numbers which are slow and less accurate due to round-off error but with a constraint device the operation should be consumed less resource and at the same time it should be fast and accurate. Therefore ECC is defined over two finite Fields which are; 

Prime Field, Fp This is a finite field with p (p is prime) elements which consists of 0, 1,2, … , p-1. For example; F23 is a finite field which has elements 0 to 22. And any operation under this field will result an integer between 0 and 22.



Binary polynomial Field, 𝐹2𝑚 This is a finite field which comprises of binary polynomials as its elements and number of elements are 2m. For an example; consider 𝐹24 are binary polynomials of length 4. The elements can be noted as 1, x, x2, x3, x2 +x, x3+x2+x+1…etc.

26

2.4.2.4 Elliptic Curve Elliptic Curve (EC) [1] [11] is an algebraic curve of genus one. An Elliptic Curve over real numbers can be defined in the following general equation. y2 = x3+ax+b

Figure 2.5: An Elliptic Curve where x, y, a, b ∈ R and the curve has no self intersections. Figure 2.5 shows the standard EC. EC is varying due to a and b.

In ECC, the EC is used to define the members of the set over which the group is calculated. The crucial property of the EC is, it is able to define a rule for adding two points which are on the curve and the result point is also on the curve. Based on this addition property ECC forms a group over finite field and its point multiplication is used as the cryptographic fundamental. Now let’s take a look at, how the EC group operations are carried out. In fact, there are two major operations are defined which are point addition[1] [11] and point doubling[1] [11]. These point addition and point doubling are used as the basic for point multiplication.

27

2.4.2.4.1 Point Addition

Figure 2.6: Adding distinct points P and Q The addition of two points in EC is defined geometrically. Point P = (x,y) is on the curve and -P = (x,y) is also in the curve. And to add the two distinct points P and Q, P ≠ Q. a line is drawn through P and Q and this line will intersect the curve is exactly one point called R, The point R is reflected in the x-axis to the point -R. So the law of addition in EC group is P+Q = -R. The distinct point addition is shown in figure 2.6.

28

2.4.2.4.2 Point Doubling

Figure 2.7: Doubling the Point P In order to add point P to itself, a tangent line is drawn at point P: If y value of point P(≠0) the drawn tangent line will intersect EC at exactly one point which is -R. -R is reflected in the x-axis to R. The law of doubling a point an EC is defined as P+P = 2P = R. The doubling operation is illustrated in figure 2.7.

2.4.2.4.3 Point Multiplication The major operation in ECC is point multiplication[1] [11] (or scalar multiplication). This operation is the foundation for cryptographic key generation. The point multiplication operation is done with the help of point addition and point doubling. The operation is fairly simple to execute but the inverse is very difficult (EC Discrete logarithm problem). Point Multiplication is computing kP, by adding k copies of the point P where k is an integer and P is a point on the EC defined in the prime field. (EC over finite). This can be written as P*P*P* … *P = kP = Q.

Finding kP is done with the collaboration of point addition and point doubling. Take a point, add it to itself (using doubling) then get the result and the original point, add them together again using tangent and reflection techniques. Then take the result and the original point again and use the tangent and reflection techniques again and so on until obtain the result kP.

29

4.ECC Key Generation As a result of the point multiplication the asymmetric keys are generated[19]. Assuming that the result of the point multiplication is kP which can be written as Q(x,y) = kP(x,y).

Public Key: kP

Private Key: k

(Note: Private key is the scalar and the k*P is the multiplication operation which was defined in the decided finite field.)

P: base point (curve parameter)

5.Elliptic Curve Discrete Logarithm Problem (ECDLP) ECC’s degree of difficulty is based on discrete logarithm problem which is known as Elliptic Curve Discrete Logarithm Problem (ECDLP)[1][3]. ECDLP can be described as, given Q and P (Q, P,∈ E(Fp) or Q,P, ∈ E(F2m)) find k such that Q = kP where P has order n provided that 0 ≤ k ≤ n-1 exists. Certain way of finding k is performing additions and doubling repeatedly stepping through P, 2P, 3P until kP[1] value is received as the output. The method of initiating the process by start doubling P, then adding P to 2P finding 3P, then 3P to P finding 4P and so on is called the brute force (or naive) method.

For example, find a k with given values; EC group is defined over F23 and the curve is y2 = x3+9x+17, and Q = (4,5), P = (16,5). What is the discrete logarithm for k of Q to the base P?

According to naive method, k can be found through multiplies through P until Q is found. First few multiplies of P can be written as P = (16,25) , 2P = (20,20), 3P = (14,14), 4P = (19,20), 5P = (13,10), 6P = (7,3), 7P = (8,7), 8P = (12,17), 9P = (4,5) = Q. k = 9: (the discrete logarithm of Q to the base P is 9).

Choosing large enough prime field yields the number of possible values for k is becoming inconveniently large and it would be infeasible to find the k in this manner. Selecting such a large prime field is quite practical and searching through the possible values of k would take all the

30

processor time such as thousands of years. Therefore degree of difficulty of solving ECDLP is very high and as a result of ECDLP breaking ECC is very hard in real applications. (The ECC whose security resides on the DLP over the points on the elliptic curve) The main attraction of ECC over RSA and DSA is that the best known algorithm for solving the underlying hard mathematical problem in ECC takes full exponential time where RSA and DSA take sub-exponential time. This means that significantly smaller parameters can be used in ECC than in other systems such as RSA and DSA, but with equivalent levels of security. A typical example of the size in bits of the keys used in different public key systems, with a comparable level of security (against known attacks), is that a 160-bit ECC key is equivalent to RSA and DSA with a modulus of 1024 bits. The lack of a sub-exponential attack on ECC offers potential reductions in processing power and memory size.

2.4.5 Elliptic Curve over Finite Field De facto of calculations of cryptosystems need precise and fast arithmetic to use in real applications. Therefore Elliptic Curve groups over finite filed are defined over Fp or 𝐹2𝑚 in practical cryptographic applications

2.4.5.1 Elliptic Curve over Fp An EC over Fp which is denoted as E(Fp) can be formed by selecting the variables a and b within the Fp field. (a, b are coefficients of y2 = x3+ax+b). Formally, E(Fp) = y2 = x3 +ax+b with a, b ∈Fp and consists the set of points {P = (x,y) |y2 = x3+ax+b; x, y, a, b ∈ Fp} together with the point ∞. For an example, y2mod p=(x3+ax+b) mod p has a field over Fp, if a, b ∈Fp: Assume p = 23 hence Fp = F23and a = 1, b = 0. Then the EC equation is y2 = x3+x. According to the given formula the point (9,5) fulfills the equation. y2mod p = (x3+ax+b) mod p 25mod 23 = (729+9) mod 23 2=2

The other 22 points which satisfy the equation are, (0,0),(1,5), (1,18), (9,18), (11,10), (11,13), (13,5), (13,18), (15,3), (15,20), (16,8), (16,15), (17,10), (17,13), (18,10), (18,13), (19,1), (19,22), (20,4), (20,19), (21,6), (21,17).

31

Figure 2.8: Elliptic Curve over Fp: y2 = x3+x over F23

And the points are graphed as shown in figure 2.8. Here the fact that needs to be pointed out is, EC group over Fp has a finite number of elements which is a mandatory property of cryptographic solutions and there is no clear cut to show that the points of Fp forms a visual elliptic curve. And also there is no clear or visual scene about how the geometric relationships are applied.

As a result, the geometry used in EC groups over real numbers is not possible to use for EC groups over Fp. But algebraic rules can be adapted for EC over Fp. Furthermore state that, there is no involvement of round-off errors with the computations over the field of Fp.

2.4.5.2 Elliptic Curve over 𝑭𝟐𝒎 EC over 𝐹2𝑚 [1] is denoted as E(𝐹2𝑚 ) can be constructed by selecting a and b within 𝐹2𝑚 where b 6= 0. The elements of 𝐹2𝑚 are m bit strings which can be considered as binary polynomial of degree m-1; and arithmetic rules can be defined over polynomial representation. Computers can operate efficiently over 𝐹2𝑚 since the 𝐹2𝑚 operations are done on bit strings. 𝐹2𝑚 is having characteristic 2, therefore EC is merely adjusted for its binary representation which can denoted as y2+xy = x3+ax2+b, b ≠0. Formally, E(𝐹2𝑚 ) = y2 +xy = x3 +ax2 +b, b 6= 0: and consists of set of points {P = (x,y)|y2 = x3+ax+b; x, y, a, b ∈ 𝐹2𝑚 } together with the point ∞.

32

Again, the curve for 𝐹2𝑚

is not smooth at all as similar to EC over Fp. Therefore geometrical

relationships can’t be reflected as it is in real numbers but algebraic rules can be adapted for the curves over𝐹2𝑚 . 2.4.6 Choosing an Elliptic Curve Elliptic Curve Cryptographic System depends on the degree of difficulty of the EC discrete logarithm problem. Therefore EC which are going to choose[1] [11] must not be susceptible to the known fast attacks on ECDLP, such as the MOV attack, Pollard-r-attack and Semaev,Smart and Satoh-Araki attack. In order to avoid the mentioned attacks the curve must satisfy the following restrictions.

2.4.2.4.1 There should have sufficiently large prime p dividing E(Fq), so the problem is not susceptible to the Pollard-r-attack. 2.4.2.4.2 The EC should not adhere to 𝐸(𝐹𝑞) ≠ 𝑞 (i.e. the curve is not anomalous). This prevents the problem from being susceptible to the Semaev, Smart and Satoh-Araki attack. 2.4.2.4.3 The order of P must not divide qk-1 for all k such that 1≤ k≤ C, where C is a sufficiently large constant so that it is difficult to solve the ECDLP in 𝐹𝑞𝑥𝑐 . This condition is necessary for MOV to not to generate a quick solution. The easiest way of choosing an EC is to pick a curve E(Fq)=y2+x3+ax+b at random by selecting a,b ∈ Fq for example 4a3+27b2 ≠0, q is prime, b≠0. Then perform a check against the conditions given above. Most of the conditions will be satisfied but if they are not, try a different a, b. But in order to make the programmer’s life easier, National Institute of Standards and Technology (NIST) has published set of curves with its domain parameters that would avoid all the possible attacks in ECC. For example NIST has announced that 112 bits is secure through 2030 and 128 bits as secure indefinitely.

33

2.4.7 ECC Practical Implementation In reality, the performance of ECC[11] depends mainly on the efficiency of finite field computations and fast algorithms for EC scalar multiplications. Following sub sections clearly describes the essential component to establish an Elliptic Curve.

2.4.7.1 Choosing Domain Parameters In order to practically implement ECC, a crucial fact is do determine the EC domain parameters[11][3]. Selecting the proper domain parameters will assure fulfillment of the whole cryptosystem. There are two types of domain parameters that can be generated which are domain parameters over Fp and parameters over𝐹2𝑚 . Domain Parameters over Fp or 𝐹2𝑚 can be represented as septuple. Such as T =(q, FR, a, b, G, n, h) 

q is prime p or 2m



FR is the method of representing the elements of the field.



a and b are the curve coefficients and are selected based on NIST standards.



G is the base point such as G = (Gx,Gy), one element of the E(Fp) and the G has the largest order n.



n is the order of G. And E(Fp) is divisible by n.



h is E(Fp)=n

Once the domain parameters are setup there are few choices to be made that is required by the EC cryptosystem. 

Define the underlying field (Fp or 𝐹2𝑚 , and its values such as p and 2m)



A representation of the field elements.



Algorithms that have been implemented to fulfill the operations in the field as well as the operations that have the potential to execute EC operations.



An appropriate EC (recommended using NIST standards).



And finally, ECC protocols such as Elliptic Curve Digital Signature Algorithm



(ECDSA), Elliptic Curve Diffie-Hellman (ECDH) etc.

34

ECC Key Size

RSA Key Size

Key Size

(Bits)

(Bits)

(Ratio)

163

1024

1:6

256

3072

1:12

384

7680

1:20

512

15360

1:30

Table 2.1: Equivalent key sizes for ECC and RSA (NIST guideline for public key sizes for AES)

Before using the EC as the active cryptosystem, it is mandatory to check whether the conditions that are elaborated in section 2.4.6 are met. Public and private keys are based on a selected scalar, (1≤ k≤ n-1) to generate the key pair and, if the cryptosystem must adhere to the standard key sizes then the keys sizes should be comply with NIST standards which are shown in table 2.1.

2.4.7.2 Related Standards NIST recommends 15 ECs specially federal information processing standards[3] publication (FIPS) 186-2 has published 10 recommended finite fields. For the Fp there are 5 prime Fields which are p = {192, 224, 256, 384, 521} for each of these prime fields one EC has been recommended. For the 𝐹2𝑚 , another 5 binary fields which are 2m = {2163, 2233, 2283, 2409, 2571}. For each of the binary field one EC and one Koblitz curve has been decided.

35

Group

Standards

IEEE

1363-2000, 1363a, 1363.2

CEN

TC331 WG3 (DPM)

NESSIE

ECDSA , “PSEC”

ANSI X9F

X9.24 Key management , X9.37 Check Image Exchange, X9.57 Cert management

FIPS

FIPS 186-2 Signatures (ECDSA), SP 800-56 Key Establishment

FAA Security

Next Generation ATN, Secure ACARS

ISO

14888, 15946, 9796

IETF

PKIX, SMIME, IPSec (IKE), TLS

CE 1394

Consumer Electronics DTCP

OMA

WTLS, WPKI, WML Scripts

Table 2.2: ECC Standards by many well known Organizations

NIST has published EC domain parameters, ECC standards which are ANSI X9.62, ANSI X9. 63 and IEEE P1363 and strongly recommended that its entire testimonial guarantees the successful deployment of ECC solutions. ECC was standardized by many organizations. List of such standards are shown in table 2.2.

2.4.8 ECC Encryption/Decryption M KA

m (C1, C2)

PA A

PB KB B

Figure 2.9: Secure Transaction using ECC Elliptic Curve E over finite field F and generator point G (∈ E) is the base point or rather generator point G ∈ E, E ∈ Fp or E ∈ 𝐹2𝑚 . Base point G is known by both parties. Suppose A and B need to do perform secure transaction. A sends a message m to B. Message m is transformed into M(∈ E) as shown in figure 2.9.

36

Private Keys A’s private key

= KA

B’s private key

= KB

The private keys are secured in place and the confidentially of the private keys are completely responsible by A and B.

Public Keys All the operations are Elliptic Curve operations which are described in sections above sections. A’s Public Key = PA = KA *G B’s Public Key = PB = KB *G Note: It is infeasible in real life to extract KA or KB from PA or PB due to Elliptic Curve Discrete Logarithm Problem.

Message Encryption A calculates C1 and C2. C1 = M +KrPB, (r is a random number) C2 = KrG Cipher Text = (C1, C2)

CalculatingC1 involves complex EC operations such as point multiplication for Temp= KrPB and point addition for M+Temp: And calculating C2 involves point multiplications. These values encompass the property of ECDLP which yields to make infeasible to disclose the message without knowing the private key. A sends (C1, C2) to B.

Message Decryption B receives C1 and C2 B calculates C1-KBC2 (KB is B’s private key) Again calculating C1-KBC2 involves EC operations which are point multiplication for Temp = KBC2 and point addition for C1+(-)Temp. Decryption =C1-KBC2 = M+KrPB-KBKrG = M+KrKBG-KBKrG= M

37

M is transformed back to m: 2.10 Group Key Establishment 2.5.4 Introduction This gives a general idea about the existing Group Key Management Protocols that are being practiced today and it describes what are the problems engaged with them. The "Group Key Establishment" is a technique to form a common key among the nodes of the network. Various techniques have been proposed but most of them act in accordance with a common notion. Group Key Management involves key generation and distribution. 2.5.5 Group Key Management protocol 2.5.2.1 Protocol Overview Group Key Management Protocol[5][14] (GKMP) creates key for cryptographic groups and distributes to the group members. This can be a session key or a permanent key, based on the type of the application context. It ensures the rule based access in order to adhere to the control of keys and denies access to compromised nodes that are known during the execution and allow hierarchical control of group actions. All most all the time, the key generation is centralized action and a selected node called control node would generate the key. Key distribution starts with exchanging the key between two protocol entities. There are several key generation algorithms viable for use in the GKMP such as RSA, Diffe-Hellman, Elliptic Curves etc, but all of these PKI algorithms are used to exchange the key between two entities to establish a single session key. In some protocols this is a multicast activity such as the control node (master) exchanges the key with all the other nodes (slaves) and in some protocol techniques this is done through propagating to each ones neighbor until the network is completely covered. In spite of the method that is used for key distribution, it is a time consuming and mutually suspicious activity since all of the actions and identities must be verified at each step of exchanging the keys between two protocol entities. GKMP facilitates a peer to peer review process. Let’s have a look at how this exchange is done with only two protocol entities.

1. Protocol entities pass permission certificates(PC) as part of the group key distribution process. 2. The PCs contain access control information which is assigned by a higher authority which then signs the PC. Therefore each entity can verify the permissions of any other GKMP entity but can’t modify others. 3. Each protocol entity checks the permissions and compares them the level of service requested. If the permissions do not exceed or equal the request is granted otherwise the service is denied.

38

4. The GKMP helps to avoid the nodes that are compromised. A list of compromised nodes of entities is distributed to members during key management actions. By checking against, the Compromise Recovery List (CRL), group members are allowed to drop connections with compromised entities. The CRL will be distributed by delegated controllers of the group that is somewhat easier to distribute the CRL to the most important GKMP entities. During each key management action the CRL version number is passed, when a CRL update operation is detected, it is downloaded and verified which is signed by a higher authority. 5. The GKMP allows control of group actions. In certain networks it is desirable for a higher authority to strictly control the generation of the keys. These networks usually have a central network operations authority. Typically selected node with highest value (referred as the leader) would become the candidate to generate the keys. The absence of the selected control node, another control node will be selected.

2.5.2.2 GKMP Roles Key Generation and distribution require assignment of roles which identify what functions the individual hosts perform in the protocol. The two primary roles[5][14] in the GKMP are controller and member. In simple terms the GKMP works as follows; "The controller initiates the generation of the key, forms the key distribution messages, and collects acknowledgment of key receipt from the receivers. The members wait for a distribution message, decrypt, validate, and acknowledge the receipt of the new key[14]. This phrase includes both Key generation and distribution which concludes as the Key management. Key distribution was comprehended in the previous section. Now let’s take a look at what is the role played by each primary associates.

2.5.2.3 GKMP Key Generation and Distribution Distributed Leader Election algorithms[5][6] have been used to detect who should be the controller. If the control host is compromised a new host will be elected as the leader or as the control node. Control node generates the key based on its underlying requirements. Once the key is generated inside a control node then it performs a typical handshake[8] protocol to authenticate the other nodes before start distributing the key. To assure a well ordered group key distribution, management information such as, the facts to identify the group controller, its permissions, current state of the CRL and the information about the key is being created should be exchanged between control node and the group members. All these information are passed securely by using asymmetric key cryptography.

39

2.5.6 Drawbacks of Existing Group Key Establishments 2.5.3.6 Key Size Typical GKMP uses PKI algorithms such as DSA[10]/RSA[14]/Diffie-Hellman[9] etc to manage their keys. But constrained devices are unable to deploy such large keys while allowing uninterrupted communication. Generating large keys would require huge resource consumption, bandwidth, memory and processing power which would consequence to drastically slow down the communication process.

2.5.3.7 Latency Latency[9][10][14] is basically the time requires to set-up to re-key a group. As mentioned earlier the GKMP allows delegation of group creation authority to any host in the group. In the sense, when a node needs be attached to a group, the node should be able to send a message and entangle with the group. Be a partner of the group must be requested through the central location. This central node would process the request in accordance with its priority and current workload. Latencies would hike if the workload of the central node gets unwieldy or if the communications to the central node become overloaded.

2.5.3.8 Extendibility One of the problems with a centralized key distribution system is the concentration of key management[9][10][14] workload at a single control node. The process of generating keys, access review and communication to group members take resource, time and effort. When the number of groups of the network grows the workload at that central node quickly reaches its maximum capacity.

The GKMP distributes the communication requirements to manage groups across the network. Each group manages the group using the same communication resources needed to pass the traffic. It is likely that if a communication group can support the traffic of a group, it will be able to support the minimal traffic needed to management the keys for that group. Though it is a temporary solution, the typical GKMP can’t rapidly adapt to the ad-hoc requirements and even sometimes it cannot be easily deployed into non ad-hoc networks. 2.5.3.9 Communication Bottleneck Because a centralized site is involved in creating, distributing, re-keying, and providing access control for every group, it is obvious fact that the control node is frequently accessed. The communication overhead often becomes a bottle neck for the groups.

40

2.5.3.10

High Message Overhead

Full stack of messages have to be maintained to operate the GKMP[14] successfully. The message types that are being kept can be categorized as following;  Tracking of Control Node  Identity of each node  Compromised Revocation List maintenance

 Messages that are used during the authentication and key exchange  Though the GKMP works its inherent message stack drastically slow down the communication

 Whether the node is alive or not

since the list of messages use heavy density of

 Acknowledgment

available resources.

2.11 Lagrange Interpolation If two points (x0,y0) and (x1,y1) are known then it is sufficient define a line as following.

The above equation can be simplified as to a formula which is well known as following. y = mx+c: In other words, if and only if the two points are known it is feasible to define a curve with degree 1 which is a line that satisfies the given two points.

Knowing three points, (x0,y0), (x1,y1), (x2,y2) it is feasible to define a polynomial with degree 2 which the general form is shown below. y = ax2+bx+c And the Lagrange Interpolation[15] can be written as

By this way knowing n+1 point is sufficient to derive a polynomial with degree n. Points are (x0,y0), (x1,y1), (x2,y2), ... , (xr,,yr), ..., (xn,yn).

General formula can be written as following.

41

The above formula can be written as the X’s function as shown below. L(x) = L1(x)+L2(x)+L3(x)+…+Lr(x)+…+Ln(x)

At the other way round, if one point is missing there is no way to find the correct polynomial since together with the unknown point there will be infinite number of polynomials generated. But if and only if all the necessary points are known then it is just a matter of fact to apply the points and reveal the polynomial.

Figure 2.10: Lagrange Interpolation Technique The General Idea of Lagrange Interpolation theory is “If and only if all the points are presented the designated polynomial can be revealed”. (figure 2.10) This strong concept gives a notion to use this as a cryptographic check sum which is, “If and only if all the parties are presented then the designated secret can be revealed”. This notion gives a clever input to use this to generate shared private keys together with ECC. This Lagrange Interpolation technique can be used as the fundamental concept behind generating group public key and shared private key.

2.7 J2ME

42

Java Platform, Micro Edition, or Java ME[17], is a Java platform designed for embedded systems (mobile devices are one kind of such systems). Target devices range from industrial controls to mobile phones (especially feature phones) and set-top boxes. Java ME was formerly known as Java 2 Platform, Micro Edition (J2ME).

Java ME was designed by Sun Microsystems, now a subsidiary of Oracle Corporation; the platform replaced a similar technology, PersonalJava. Originally developed under the Java Community Process as JSR 68, the different flavors of Java ME have evolved in separate JSRs. Sun provides a reference implementation of the specification, but has tended not to provide free binary implementations of its Java ME runtime environment for mobile devices, rather relying on third parties to provide their own. This can be used to implement the application.

2.8 Servlet/ JSP Servlet[18] is a Java class in Java EE that conforms to the Java Servlet API, a protocol by which a Java class may respond to HTTP requests. They are not tied to a specific client-server protocol, but are most often used with this protocol. The word "Servlet" is often used in the meaning of "HTTP Servlet". Thus, a software developer may use a servlet to add dynamic content to a Web server using the Java platform. The generated content is commonly HTML, but may be other data such as XML. Servlets are the Java counterpart to non-Java dynamic Web content technologies such as CGI and ASP.NET. Servlets can maintain state in session variables across many server transactions by using HTTP cookies, or URL rewriting.

The servlet API, contained in the Java package hierarchy javax.servlet, defines the expected interactions of a Web container and a servlet. A Web container is essentially the component of a Web server that interacts with the servlets. The Web container is responsible for managing the lifecycle of servlets, mapping a URL to a particular servlet and ensuring that the URL requester has the correct access rights.

A Servlet is an object that receives a request and generates a response based on that request. The basic servlet package defines Java objects to represent servlet requests and responses, as well as objects to reflect the servlet's configuration parameters and execution environment. The package javax.servlet.http defines HTTP-specific subclasses of the generic servlet elements, including

43

session management objects that track multiple requests and responses between the Web server and a client. Servlets may be packaged in a WAR file as a Web application.

Servlets can be generated automatically from JavaServer Pages (JSP) [18] by the JavaServer Pages compiler. The difference between Servlets and JSP is that Servlets typically embed HTML inside Java code, while JSPs embed Java code in HTML. While the direct usage of Servlets to generate HTML (as shown in the example below) is relatively rare nowadays, the higher level MVC web framework in Java EE (JSF) still explicitly uses the Servlet technology for the low level request/response handling via the FacesServlet. A somewhat older usage is to use servlets in conjunction with JSPs in a pattern called "Model 2", which is a flavour of the model-view-controller pattern. This can be used to build the prototype and to connect music store.

2.9 GPRS The GPRS core network[16] is the centralized part of the General Packet Radio Service (GPRS) system (figure 2.11) for 2G and WCDMA based 3G mobile networks. The GPRS system is used for transmitting IP packets and the GPRS core network is an integrated part of the GSM network switching subsystem.

The GPRS core network provides mobility management, session management and transport for Internet Protocol packet services in GSM and WCDMA networks. The core network also provides support for other additional functions such as billing and lawful interception. It was also proposed, at one stage, to support packet radio services in the US D-AMPS TDMA system, however, in practice, all of these networks have been converted to GSM so this option has become irrelevant. Like GSM in general, GPRS module is an open standards driven system. The standardization body is the 3GPP. Then this can be used to connect the mobile phone to the internet.

44

Figure 2.11: GPRS Connection

2.10 MySQL MySQL is an OpenSource database management system. The MySQL Database Server is very fast, reliable, and easy to use. MySQL Server works in client/server or embedded systems. This can be used to store music files.

45

Chapter 3 Design and Implementation 3.1 Introduction In this chapter, the author is going to discuss the methodological approach to how she had done the design of the group establishment protocol for music sharing in mobile ad-hoc networks and it describes how the group key establishment protocol and the application have been implemented according to the design using most relevant technologies.

3.2 System Design Here, this section describes the design phase of the project work. This system has been designed, based on the above mentioned requirements and this is a systematic enhancement for the concepts initiated by a former master degree student. What he has proposed is theoretical concepts of establishing group key establishment protocol for ad-hoc networks to share text files within a group. Going beyond that concepts this project work propose a design to establish a group establishment protocol for mobile ad-hoc networks to share music files not within the group but beyond the group. The design phase has to be based on few further assumptions in excess to the assumptions done in the previous chapter.

3.2.1 Assumptions 

Finite Field was chosen as Fp, where p prime number.



Elliptic Curve is EC =y2 mod p=(x3+ax+b) mod p, a, b ∈Fp: Generator point is G. o (For example p = 23; a = 1 and b = 0; hence the EC is y2 mod 23 = (x3+x) mod p).



Number of nodes in the group can be any number m.



Each node has a unique identity which are called n1, n2, n3, n4, ..., nm.



If m=1; there only a single user be the owner of the music file. If m>1; then there are more than one owner for the music file. They can share music files with others.



The group is agreed on a single value x = t.



These nodes are claimed as valid, hence each node is mapped to a point in the EC. Mapped points are n1 (x1,y1), n2 (x2,y2), n3 (x3,y3),..., nm (xm,ym), where {n1, n2, n3, ..., nm) ∈ EC.

3.2.2 Key Generation

46

This section is going to explain how the key generation has been formed using the Lagrange Interpolation. This can be done also by the Spline Interpolation. But, this work continues with the Lagrange Interpolation due to its clarity and low complexity than the Spline Interpolation in its way of structureing the nodes of the curve.

3.2.2.1 Shared Private Key Generation In general terms, Let’s assume that the number of nodes in the given group is n. (Node ids are n1, n2, n3,…, nn), Hence;

According to the Lagrange Interpolation technique

This can be written as; L(x) = L1(x)+L2(x)+L3(x)+…+Lr(x)+…+Ln(x)

Assuming that the shared private key (scalar) value of node ni is niki and it is derived when x = t. Shared private keys of each nodes are; 𝑛1𝑘1 = k1 = L1(t) 𝑛2𝑘2 = k2 = L2(t) 𝑛3𝑘3 = k3 = L3(t) ……………… 𝑛𝑟𝑘𝑟 = kr = Lr(t) ……………… 𝑛𝑛𝑘𝑛 = kn = Ln(t) In order to generate the private key share each ith node needs Li(x) value, x value can be chosen based on their agreement.

First of all, Shared Private Keys are to be generated by the algorithm 1. This has been done at the initialization process on the server. Evaluations of the complexities of these algorithms are mentioned in the evaluation chapter.

47

Algorithm 1 Generate Shared Private Key (Pseudo Code) Generate_Shared_Private_Key() { //At the protocol initialization time the group agreed on x = t x=t // The shared private key is generated during // the protocol initialization and during the re-key process. For Node ni(i = 1: n) // This process done by the server, where the music file are stored. And then //they are distributed to the group members Node_ID ni Shared_Private_Key ki Scalar_Value ti ni is mapped to a point P(xp,yp) P ∈ EC // Protocol is responsible for generating key shares for node and this Applying, formula of Lagrange Interpolation Technique over node nr Calculate the scalar value of ni, where r=i, // applying the value of x ki = ti } 3.2.2.2 Generating Group Public Key Before generating group public key[1], it is necessary to create public key shares for each member. In ECC, public key is a multiplication of the scalar and the generator point P. According to the ECC theory, public key is the multiplication of private key k into generator point G. The same concept is used here too. Let’s assume the number of nodes in the group is n and their unique ids are n1, n2, n3,…, nr,…, nn. Assuming shared private key of ni is ki ni calculates kiG and multicasts to nj (∀(i≠j)) At the end of the multicast rounds n; each node has the values kiG; i = 1…n Group public key is calculated as; 𝑛

𝐾𝑝𝑢𝑏 = ∑ 𝑘𝑖 𝐺 𝑖=1

Generating the Group public key involve complex EC operations. Calculating kiG by each node involves EC point multiplication and point doubling. Each kiG value has the ECDLP property, hence multicasting the kiG value among the group is not vulnerable to the shared private key ki of node ni[11].

48

Also, these public key shares are generated at the server as the second step of the initialization process. It calculates the group public key using the point addition of the EC reducing the complexity of the process. There is a related group establishment done by a former student. This establishment has been done at each node causing a larger complexity, as all the nodes have to multicast to each other. The algorithm 2 shows how this establishment has been done at the server.

Algorithm 2 Generating Group Public Key (Pseudo Code) Generate_Group_Public_Key() { //Get the dedicated Generator point G, G ∈ E(Fr) r ∈ {p,2m} Generator_Point G; For node ni Node_ID ni Shared private key ki Group public key Kpub EC_Point_Multiplication kiG For node nj Group public key Kpub // Node nj receives the kiG values from ni ∀i≠j Receive kiG EC_Point_Addition ∑𝑛𝑖=1 𝑘𝑖 𝐺 𝑛

𝐾𝑝𝑢𝑏 = ∑ 𝑘𝑖 𝐺 𝑖=1

} Before the algorithm is performed shared private keys should be created. In the sense that group should be established before this algorithm is put into action. The algorithm is executed at the last step of protocol initialization time and the last step of re-key process execution time. Group public key exists only until the Trusted Group Policy is protected and exists.

Important

: This private key or public generation processes are not to be done by the users and those will be internally done by the protocol itself without parsing the overhead of this process to users.

49

3.2.2.3 Core Design This is mainly targeted to explain how the ad-hoc requirements are satisfied and how the system ensures the atomic cryptographic operation.

3.2.2.3.1 Atomicity of Cryptographic operation To ensure the atomic behavior of the group, it has been define so as to dispose the group when a member of the group has been failed to continue, and then to change the topology of the group in real time.

3.2.2.3.2 Re-Key Process During the secure communication process there might be instances where either node is dropped or their shared private keys are compromised. But there is no way to distinguish either it is node crash or a compromised node. These two scenarios which are node crash and a compromised node are treated as an instance of the Trusted Group Policy violation.

If the Trusted Group Policy is breached then the protocol no longer provides its intended service hence the remaining nodes should be re-group by re-generating the shared private keys and the group public key. This re-generation of the keys among the remaining nodes and come up with a new logical group is defined as the Re-Key process.

Re-Key process re-initializes the protocol model by excluding the nodes which are either crashed or compromised and re-generate the keys among the remaining nodes. These will consequence to create a new logical group. Re-Key process helps to meet the ad-hoc behavior of the group.

3.2.3 Encryption Protocol is going to perform the encryption operation based on Elliptic Curve Cryptography using the above group key establishment protocol.

3.2.3.1 Pre Encryption work Before starting the encryption process protocol should make sure that each node should have their respective shared private key and should know the group public key. Simply says the protocol should have been successfully initialized before the actual encryption operation is triggered. 3.2.3.2 Encryption process

50

2 1 3

10 4 9

Protocol + Application

5 8

7

6

Figure 3.1: Ad-hoc network

See figure 3.1, this application has 10 members. Not all members involve in forming the group. For instance let take, only 1, 2, 3, 4, and 5 (n) forms a group to share music file and n1 be the initiator.

For n1 it calculates; C1 = m+krKpub C2 = krG Cipher text is C = (C1,C2)

C2 is considered as the Support Decrypt Value (SDV) which will require decrypting the message.

Then, encrypted music file is uploaded with the approval of the other group members.

Now the protocol has finished the encryption operation and saved in the server. After that the post encryption work will be started to give the support to the decryption operation.

51

3.2.3.3 Post Encryption work

Once the cipher has sent to server, C2 is sent to n2, n3, n4 and n5.

Upon receiving the value C2 from node, each node ni calculates kiC2, (i =1, 2, 3, 4, 5) which is considered as Support Decrypt values.

This means that;

n1 calculates k1C2 n2 calculates k2C2 n3 calculates k3C2 n4 calculates k4C2 n5 calculates k5C2 These Support Decrypt Values (SDV) again has the ECDLP property hence retrieving the ki from kiCj is exponential or Rather infeasible. Therefore sending kiCj among the network does not open any vulnerability issue. Let’s take a look at the algorithmic point of view of how the encryption is taken place which is described in algorithm 3.

52

Algorithm 3 Encryption (Pseudo Code) For Node j Shared_Private_Key ki Support_Decrypt_Value SDV Elliptic_Curve EC // Check whether the pre-encryption condtions are met If (Protocol_Initialization_Success) { Encrypt (Message M) { Transform Message M into message m (m ∈ EC) G =Get_Generator_Point (EC) Kpub =Get_Group_Public_Key() kr =Generate_K_Random() // Calculate krKpub Tempk =ECC_Point_Multiplication(kr, Kpub) // Calculate C1 = m+krKpub C1 =ECC_Addition(m , Tempk) // Calculate C2 = krG C2 =ECC_Point_Multiplication(kr, G ) Cipher = (C1,C2) Send Cipher to Node j } // Post Encryption work Multicast (C2) to the group For Node j // Upon receiving the value C2 Calculate Support Decrypt Value at node j k jC2 =ECC_Point_Multiplication(k j, C2) SDV = k jC2

Encryption algorithm has basically three parts which are pre encryption work, actual encryption and post encryption work. In order to execute the actual encryption task pre encryption conditions should have been met. Post encryption work is carried out as so as to make the decryption process easier. The actual encryption operation creates the cipher text from the original message by applying the node’s shared private key. Result cipher will be sent to the communicating node.

Post encryption task multicasts the C2 value to the nodes in the group and upon receiving the value C2 each node calculates the SDV value which will be used during the decryption. The algorithm has high coupling with EC operations and each subsequent results adhere to the ECC properties. Latter part of the encryption operation involves a multicast operation which requires sending a value (C2) around the

53

group. If there are n number of nodes then the number of messages to be sent during the encryption is n: Message complexity is O(n). Time complexity of the algorithm is O(n):

3.2.4 Decryption

Decryption is a collaborative process which involves everyone in the group.

3.2.4.1 Pre Decryption Work Before the actual decryption is taken place, it is needed to have Support Decrypt Values (SDV) from n1, n2, n3, n4 and n5. Upon receiving the SDV values decryption can be started.

3.2.4.2 DecryptionProcess

Since having the values C1,C2, k1C2, k2C2, k3C3, k4C2, k5C2;

Decryption =C1(k1C2+k2C2+k3C2+k4C2+k5C2)

C2 is common, hence C2 is taken out

Decryption =C1-C2(k1+k2+k3+k4+k5)

Substituting the value C1 = m+krKpub

Decryption = m+krKpub-C2(k1+k2+k3+k4+k5)

Substituting the value Kpub = krG(k1+k2+k3+k4+k5) and C2 = krG

Decryption = m+krG(k1+k2+k3+k4+k5)􀀀krG(k1+k2+k3+k4+k5)

krG(k1+k2+k3+k4+k5) is nullified hence;

Decryption = m

54

m is transformed back to M: Let’s take a look at the algorithmic point of view of how the decryption is taken place which is described in algorithm 4.

Algorithm 4 Decryption (Pseudo Code) For Node i Elliptic_Curve EC Cipher C = (C1,C2) C2 = krG C1 = m+krKpub Decrypted Message m // Status of the decryption whether it is success or not Decryption Status result // Pre Decryption work // Multicast Ready to Decrypt message to the group Multicast Ready_to_Decrypt Receive Support_Decrypt_Values_(SDV) kiC2 G =Get_Generator_Point (EC) if (Receive_SDV_from_ALL) { Decrypt (Cipher c) { // Temp_Result is the output // of EC addition of C2ki+C2ki+1,+C2ki+2+…+C2kn Temp_Result = ECC_Point_Addition(C2ki, C2ki+1, C2ki+2,…, C2kn) // Decrypt = C1-Temp_Result m =ECC_Point_Addition(C1,-(Temp_Result)) // Transform m back to M Decrypt_Msg = M result = success } } else { // Group policy is violated. result = unsuccess } For Node j // Upon receiving the Ready_to_Decrypt message from node i Send Support_Decrypt_Value k jC2 Decryption algorithm has basically two parts which are pre decryption work and the actual decryption. Pre decryption work ensures that the protocol receives all the SDV values from the group members hence the group policy is protected. Algorithm execution includes a multicast operation to all the group

55

members which results the message complexity to be O(n). The time complexity of the algorithm is O(1):

3.2.5 Application Design This section will discuss about the flow of the application and the database. To satisfy the requirements describe in the requirement analysis section, the application is designed as in the figure 3.2.

Application (1)

New User (2)

Existing Member (4)

Get Membership (3)

Request Music File (5)

Share Music File (6)

Profitable Transactions (7)

Group of Users (8)

Non - Profitable Transactions (10)

Single User (9)

Group of Users (11)

Single User (12)

Figure 3.2: The Application

(1)

Application

: This application, which has an embedded group key establishment

protocol, allows users to legally share music file.

(2)

New User

If the user is not a member, then he/she has to be a member,

(3)

Get Member

registering in the application giving personal information.

(4)

Existing Member

: If the user is a member then he/she can continue with an existing task

(to legally share an uploaded file) or to initiate new task (establish a group and upload a music file in to the server) or to buy a music file.

(5)

Request Music File : Buy a music file and downloaded in to the mobile phone memory.

(6)

Share Music File

: legally share an uploaded file

56

(7)

Profitable Transaction

: Sell a music file

(8)

Group of Users

: sharing of the music file is done by a group of owners

(9)

Single User

: sharing of the music file is done by a single owner

(10) Non-Profitable Transaction : Sharing music files with colleagues in this transaction there is no monitory value

3.2.6 Database Design The database, located in the web server of this application will store the music files. It consists of four table, those keeps the track of users, groups, music files, tasks and transactions (Figure 3.3).

User

MusicFile

Task

UserId

FileId

TaskId

Name_with_Init

FileName

FileId

Full_Name

Size

GroupId

Address

Format

UserId

Country

Price

UserRole

PostalCode

Path

Bdate

Transation

Age

Group

TransId

NID

GroupId

FileId

Email

UserId

Owners

Password

Scalar

Date

Shared_Private_Key

Time

Group_public

Recipients

Group_Id

Amount

No_of_Nodes

Price

Shared_Public_key

TransType

57

Figure 3.3: Database tables

58

3.3 Objective of the Implementation The core objective of this is to implement the application to share music files realistically. This will facilitate executing the following major functions.

1. Group Initialization. 2. Shared Private Key Generation. 3. Group Public Key Generation. 4. Encryption. 5. Decryption. 6. Re-Key Process. 7. Share music file. 8. Download music file

3.4 Architecture of the Application This application, gives the facility to perform each of the above operation visually which clearly demonstrates the basic concept proposed. Basically the main implementation has to be divided into major 4 parts based on the functional behavior. Major functional decomposition is; 1. ECC Operations 2. Handling Protocol Operations 3. Source for user side Application 4. Mobile Application UI

According to the above decomposition, few fundamental packages were created which performs as follows.

1. Package:- ECC Operations (a)This package is named as “SaveFile”.

(b) The package provides the fundamental functions to handle EC and ECC operations such as; i.

EC point addition and multiplication

ii.

EC Encryption.

iii.

EC Decryption.

59

iv.

Representing EC domain parameters.

v.

Generating EC private key.

vi.

Generating EC public key.

vii.

Representing Finite field.

(c) ECC functions implemented in this package is adhere to the NIST standards.

2. Package:- Handling Protocol Operations (a) The package is named as “protocolhandle”

(b) This package provides the major functions related protocol execution such as; i.

Representing the Node and its related functions.

ii.

Handles the compulsory protocol model functions.

iii.

Shared Private Key Generation.

iv.

Group Public Key Generation.

v.

Protocol Encryption.

vi.

Protocol Decryption.

vii.

Re-Key Process.

3. Package: Sources for user side Application (a) The packages are named as “SaveFile” and “finalWeb”

(b) These contains the servlets and Java classes to set the connection with the database, to handle notification sending process and control parallel processing. 4. Packages: Mobile Application UI (“Test” and “Songdownload”) This provides the user interfaces in the mobile phone to access the application. Allows users to upload and download music files. When uploading music files string content of the file is attached with the group unique string which is generated by using the unique shares of each member.

60

M D

M D

BS

Bank

BS

GPRS Access Network

NAT

Public Data Network

Gateway

Web Server

DB

Figure 3.4: Architecture

The figure 3.4 shows the architecture for the system. Users connect to the system through the mobile phone. The mobile phone connects to the public data network through base station and the GPRS connection. Since there is a billing process in the music selling, this application connects to the credit card providers and banking servers through a gateway. If and only if that billing process is valid, then the web server will issue music file from the database to the buyer.

3.5 Construction The group establishment protocol has been implemented using Java servlets and it has been established on a web server. The database has been constructed using MySQL, the open source Database Management System. The construction has been taken part on a Windows XP service pack 2 Operating system which is established on a computer which has Intel(R) Core(TM)2 Duo CPU, E7300 @ 2.66GHz and 988 MB of RAM Using Netbeans 6.5.1. Finally, the mobile application has been implemented using Java Platform Micro Edition. In the Appendix B, you can refer some critical coding parts used in the construction process.

61

Chapter 4 Testing and Evaluation 4.1 Introduction The Elliptic Curve Cryptographic based Group Key Establishment Protocol for Mobile Ad-hoc Networks to share music files, is engaged with new perception going beyond the traditional cryptographic frame enforcing to deploy on the real world without wrecking any existing crypto graphic fundamentals enhancing the security of the music file transmission. It provides a new way of legally sharing music files among the end users in a mobile ad-hoc network prevailing over the drawbacks exist in current keying infrastructures for mobile ad-hoc networks with efficient key generation, well organized key management, reduced key size and realistic mobile application preserving the frame synchronization and having no latency. This secure music transmission process eliminates the necessity for the center controlling node and it preserves the atomicity of the group. Atomicity is achieved via coding that if one member has been resigning, then the whole group will be disposed.

This chapter reveals, what are the technologies and tools used for the testing and evaluation, how the testing and evaluation have been carried out and the results of the testing and the evaluation.

4.2 Testing The testing process has been carried out to measure the effectiveness, efficiency, and satisfaction with which a specified set of users to achieve a specified set of tasks in particular environments. The test cases begin with the identification of use cases that can specify the target audience, tasks, and test goals. When designing a test, focus on use cases or tasks, not features.

4.2.1 Test Plan A test plan is developed to detect and identified potential problem before delivering the software to its users. A test plan offers road map for testing activities, where usability, user satisfaction, or quality assurance tests. 1. Objective of the test – Test the user input/requests versus system response. 2. Test Cases – Test data, inserted in the following table. 3. Test Analysis – Output of the test, also inserted in the following table.

62

4.2.2 Sample Test Cases Test cases are designed so as to cover the entire system, both the application and its embedded protocol. The author does not going to give a detailed description to the complete test case design process, but give a complete introduction. The following table 4.1 shows some test cases used in the testing phase and their results. All the test cases have the form of the following test cases, and they cover the entire system. Based on these test cases and their results, the final declaration for the user satisfaction and the functionality check list has been set up.

Test Case

Result

1. User wants to register as a member of the Once the user has pressed ‘Next’, then the system – Select the option ‘NewUser’ and application produce the following screen. press ‘Next’.

There the user must insert their personal details

and

press

‘Ok’.

Then

the

‘UserName’ will be sent to the mentioned email address.

2. Member wants to log in to the system – One time ‘Password’ will be sent to the Select the option ‘Member’, insert the mentioned email address. Inserting the ‘UserName’ and press ‘Next’.

respective password, member can log in to the system.

63

3. Member wants to initiate a new task –

The following screen will be loaded.

Select the option ‘New task’ and press ‘Ok’

4. Member wants to form a group and GoupId will be automatically generated and upload a music file – Select the option the user has to submit the No of owners. ‘Group of Owners’ and press ‘next’.

a). Then, insert the ‘No of owners’ and press ‘Ok’.

a) Then the following screen will be appeared. There the position of the member

in the group will

automatically generated.

be

64

b) Member details will be appeared and user can check the member details. If b). User has to insert one by one, the ids of

it is ok user can press ‘Next’. If it is

the members of the group, which is going to

not ok, press ‘Clear’ to clear the

be formed. First insert ‘UserId’, then press

boxes and enter the correct member

‘Verify’.

id.

All the test cases have been prepared as the sample test cases appeared in this table.

Table 4.1: Sample Test Cases

4.3 Technologies and Tools Used for the Evaluation One way of evaluating this project work is, checking music files for its performance, latencies and frame synchronization, using some tools, such as Adobe Premier, Adobe Soundbooth, Windows Movie maker, Sonic Visualiser, Pcscope and SPEAR, etc…. From these mentioned tools Adobe Premier and Adobe Soundbooth supports only for the music files of the type ‘wma’. These tools provide advanced waveform and spectrogram viewers. There the original music files have been compared with the encrypted and decrypted music files in there waveforms and frequencies to track latencies and frame

65

synchronization failures. The second way is to compare the bit streams of the original music file with the processed music file. The Third way is to check the resource utilization of original and the processed music files with the use of Windows Resource Monitor. Specially, there the response time can be checked. The final way is to analyze the algorithms and find the time complexities and message complexities.

4.4 Evaluation Process and Its Results Since, it was convenient to make available and use, the author of this project has selected Adobe Premier, Adobe Soundbooth and Windows Movie Maker to measure the performance, latencies and frame synchronization. Some examples for this evaluation process have been explained bellow.

Example 1: As shown in the figure 4.1, original file has been checked using the Waveform of the file via the Adobe Premier CS3. This file is a wma file and it is a stereo file, so then it has two channels (Left and Right) as below. This waveform appears in a time-volume graph. This can be compared with the same graph which is produced by the processed music file, showed in the figure 4.2.

Figure 4.1: Waveform of the Original File with Adobe Premier CS3.

66

Figure 4.2: Waveform of the Processed File with Adobe Premier CS3.

After having a careful examination over these two graphs, their interpretation can be presented as follows; the fluctuations lay between the

+ −3

dB, there the amplitude changes and the frequency

changes over the time slots are similar. From this, get the conclusion as; this encryption/decryption process has not introduced any noise for the music file.

Example 2: As shown in the figure 4.3, original file has been checked using the Waveform of the file and the frequency spectrum via the Adobe Premier CS3. This file is a wma file and it is a stereo file, so then it has two channels (Left and Right) as below. This waveform appears in a time-volume graph and the frequency spectrum appears in a time-frequency graph. Here the colors show the amplitude, ranging from dark blue for low amplitude to bright yellow for high amplitude. This can be compared with the same graph which is produced by the processed music file as in the figure 4.4. Here also the conclusion is the newly introduced encryption/ decryption process has not introduced any noise for the music file, since the two graphs do not have any difference, between them.

67

Figure 4.3: Waveform and Spectrum of the Original File with Adobe Soundbooth CS3.

68

Figure 4.4: Waveform and Spectrum of the Processed File with Adobe Soundbooth CS3.

Example 3: Third example is to use the Windows Resource Monitor. Windows Resource Monitor is a powerful tool for understanding how the system resources are used by the processes, in addition to monitoring it helps to find resource usage in real time. Therefore this can be used to monitor the resource utilization done by both the original and the processed music file. As shown in the figure 4.4 and 4.5 response time for the both file are same. There for the conclusion is, there is no latency in the processed music file.

Figure 4.5: Resource Monitor – For Original File.

Figure 4.6: Resource Monitor – For Processed File. To compare the bit streams of the original music file with the processed music file, the command, ‘diff Original.mpg Processed.mpg’ can be used in a SSH terminal in a Linux machine. If there is a difference between two files, then it results where the difference is located and what is the difference.

Using these methods, about five hundred original files and processed files have been compared. Result obtained from this evaluation is the encryption/decryption process does not affect over the latency or the frame synchronization of the music file.

Introduced key generation and management can be decomposed into two parts. They are shared private key generation and group public key generation. Let take there are n nodes; 

Shared Key Generation: Message complexity - O(n) Time Complexity

- O(1)

69

This has a reduced complexity with compared to the DSA and RSA algorithms. Therefore this reduces the run time of the application. 

Group Public Key Generation: Message complexity - O(3n) Time Complexity

- O(2)

This is bit complex than the shared Key generation, but in an establishment process of a group key generation appears only once until the clearance of the group. Therefore this increased complexity is negligible with compared to the existing traditional approaches and it improves the efficiency, combining with the encryption and decryption process. 

Encryption Message complexity - O(2n+1) Time Complexity

- O(n+2)(worst case) - O(3)(best case)



Decrytpion (for one reciever) Message complexity - O(2n+2) Time Complexity

- O(3)

With the use of above complexities, average complexities are; Message Comlexity

- (2n)

Time Complexity

- (2)

The application which was implemented embedding the group key establishment protocol was able to evaluate all the listed requirements. It was tested against group establishment (protocol initialization, shared private key generation, group public key generation, and re-key process functions), upload music file, share music files (encryption, decryption) for both group of owners and single owners, request music files and get membership. This application was tested successfully for many users, barely a practical number of user but it works as it is intended and it works just fine for all the practical number of nodes in a group.

70

4.5 Comparison with existing Systems There is a lot of music sharing systems in the web. The author compares this system with some of those existing systems. Almost all those systems are lack of at least one feature of this system. Before continue the comparison there is something to remind, that is, this system provides a Group key Establishment Protocol Based on ECC for Mobile Ad-hoc Networks to Share Music Files and this supports for any type of music files. Then this system compares with those systems basically with respect to the above underlined features. The table 4.2 shows the features of three similar systems.

System

Based on ECC

Mobility

Ad-hoc Network

supports for any type

iNoize

no

no

yes

no

(P2P) TrueShare

(Only .mp3) no

no

no

yes

r-Music

no

no

yes

yes

BluetunA

no

yes

yes

No

(P2P)

(Only .mp3)

Table 4.2: Some of the similar existing systems

The above mentioned systems work in P2P environment, but current P2P systems are lack of security; they do not offer protection against unauthorized access, guaranteed quality. Since the introduced system based on ECC, it is armed with more security with compared to the above mentioned systems, due to the discrete logarithm problem described in the background chapter. Again, since the introduced system supports ad-hoc feature, mobility and any file format it improves the availability and flexibility with compared to other systems.

71

Chapter 5 Conclusions and Future Work 5.1 Conclusions The project is finding an Elliptic Curve Cryptographic based Group Establishment Protocol for Mobile ad-hoc Networks to share music files. This work has been presented in several productive chapters in this thesis and each chapter firmly explained the objectives, gathering requirements, designing, implementation and the evaluation of the process and how those are accomplished.

The introduction chapter explains the context of the project work, where the problem which has been undertaken during the project, the objectives and scope of the project. Then, with this clear context the project work moves to establish and analyze the requirements for the project and find out the literature which consists of the theories, concepts and past works related to the declared context, to get deeper understanding over the existing problems related to the relevant context. This has been exceedingly helpful in moving towards the target. This deeper analysis provides the strong groundwork for the system design. One of the leading challenges during the work was to design the application preserving the security in a high level (User identification, get rid of impersonation…). After, structuring the design, the project work has been moved to its essential part, the Implementation, to implement the application to move this work in to the real world making it more realistic, satisfying the listed requirements. Project work has been always revolved around its target line during the project period and able to come up with the expected solution within the given period of time.

This Elliptic Curve Cryptography based group key establishment protocol for mobile ad-hoc networks to share music file, has been made up from supporting decrypting value, distributed shared private key and group public key, allowing to create a consistent logical group at each task of possession of music file. Even though, the every member of the group should be participate in its tasks from the establishment of the group to the setting out the music file from the server, they do not need to be online always as the ‘Push Registry’ has been enabled in the application descriptor.

In abstract this project, provides a strong conceptual foundation which has a distributed key establishment and atomic behavior in the group, to protect music files from illegal sharing occur due to most of cryptographic cracks that are currently exists, and produces a smart application built using Java Platform Micro Edition to use this in the real world.

72

5.2 Final Outcome Final outcome from the entire project work can be present in the following simple form. Table 5.1 shows the functionality completion of the project work. The following functionality can be expected from the designed and constructed protocol and its application. The completion of these proved by the testing process mentioned in the section 4.2. Task

Completion

Get Membership



Form the group



Upload music file



Encrypt music file



Select an Elliptic Curve



Obtain generator point



Create session key



Create public key



Share public key



Create public key



Request music file Decrypt music file

√ √

Table 5.1: Functionality Check List

This system has been tested for more than five hundred times with several users and the thought of the eighty percent of the users has been tabled as in the table 5.1. The major outcome of this is, they have no doubt related to the accuracy and the security of this method. But they bit questioned about the tide, security supplying mechanism, especially in onetime password.

73

Ratings 10

9

8

7

6

5

4

3



2

1 Very hard to

Is easy to use

Very easy to use

Is efficient to use

Very efficient



Is fun to use

Very fun



Not fun at all

Is Visually Pleasing

Very pleasing



Not pleasing

Provide easy

Very Easy

recovery from errors

recovery

Security

Higher security

Noise

No noise



Higher noise

Latency

No latency



High Latency

use Very inefficient



Not at all



No security

Table 5.2: User Satisfaction

5.3 Future Work Accomplishing the objectives of the project, the completion of the project has set, remaining within its specified limited scope. But this application can be enhanced so as to improve its flexibility. Here are some suggestions to achieve its flexibility. 1. Allow members to request music file from their colleagues, who are the owners of the music file, without paying money. 2. Due to the heaviness of the type “BigInteger”, the type used in the encryption/decryption process, Find an alternation for it, because this type does not support for the Java Platform Micro Edition. (Keys used within this process of the project are of type “BigInteger”). 3. Allow users to hear music files online, through the mobile phone.

74

Appendix A:

Critical Coding Parts

This contains some of the Critical Coding parts used in the Project work. A.1 Following Code Segment provides the connection between the MIDlet and the servlet import java.io.*; import javax.microedition.io.Connector; import javax.microedition.io.HttpConnection; public class connect { public HttpConnection hcon; public HttpConnection connection(String servlet){ String servlet1 = servlet; try { hcon = (HttpConnection) Connector.open("http://localhost:8084/finalWeb/" + servlet1); hcon.setRequestMethod(HttpConnection.POST); } catch (Exception ex) { ex.printStackTrace(); } return hcon; } } A.2 This Check the validity of the password protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { DataInputStream din = new DataInputStream(request.getInputStream()); String ini= din.readUTF(); try { Class.forName("com.mysql.jdbc.Driver"); //retrieve driver String url = "jdbc:mysql://localhost:3306/test"; //url for database Connection con = (Connection) DriverManager.getConnection(url, "root", "root"); //access database using username and password Statement st = (Statement) con.createStatement(); rs=(ResultSet) st.executeQuery("select Password from usertab where UserId='" + ini + "'"); while(rs.next()){ ss1=rs.getString("Password"); System.out.println("pw"+ss1); }

75

A.3 Coding for upload the music file InputStream fis = textFile.openInputStream(); byte[] b = new byte[1024]; int length = fis.read(b, 0, 1024); fis.close(); if (length > 0) { String songtxt = new String(b, 0, length); System.out.println(songtxt); musicFileTxt.setString(textFile.getURL()); Songupload sg = new Songupload(); sg.run(songtxt); // Calls the thread called SongUpload } A.4 Coding for inserting Owner details in a group int i = owner1; OwnNoTxt.setString(Integer.toString(count)); String regnumber = OwnNoTxt.getString(); String regname = nameOwnTxt.getString(); String regaddress = addOwnTxt.getString(); String regMobNo = mobtxt.getString(); String regemail = emailOwnTxt.getString(); ownerdetails[count][0] = regnumber; ownerdetails[count][1] = regname; ownerdetails[count][2] = regaddress; ownerdetails[count][3] = regMobNo; ownerdetails[count][4] = regemail; OwnNoTxt.setString(""); nameOwnTxt.setString(""); addOwnTxt.setString(""); mobtxt.setString(""); emailOwnTxt.setString(""); System.out.println(ownerdetails[count][0]); System.out.println(ownerdetails[count][1]); System.out.println(ownerdetails[count][2]); System.out.println(ownerdetails[count][3]); System.out.println(ownerdetails[count][4]); count++; if (count >= i) { switchDisplayable(null, getOwnDet2());

76

A.5 How to run the downloaded application private class PlayThread extends Thread { public void run() { try { byte[] data = rs.getRecord(1); String m=Integer.toString(rs.getNumRecords()); System.out.println(m); ByteArrayInputStream in = new ByteArrayInputStream(data); Player player=Manager.createPlayer(in,Constant.PLAYING_MIME_TYPE); player.realize(); player.start(); } catch (Exception ex) { ex.printStackTrace(); Alert a=new Alert("Error"); } } } A.6 How to Send Email Notifications public class EmailServlet extends HttpServlet { void m(String email,String pw,String user){ String username= user; String userPw= pw; String from = "from"; String to = email; String subject = "WELCOME TO MSCSYSTEM"; String message = "YOU HAVE SUCCSESSFULY REGISTERED \n username : " + username +"\n password :"+ userPw ; String login = "[email protected]"; String password ="email1234"; try { Properties props = new Properties(); props.setProperty("mail.host", "smtp.gmail.com"); props.setProperty("mail.smtp.port", "587"); props.setProperty("mail.smtp.auth", "true"); props.setProperty("mail.smtp.starttls.enable", "true"); Authenticator auth = new SMTPAuthenticator(login, password); Session session = Session.getInstance(props, auth); MimeMessage msg = new MimeMessage(session);

77

msg.setText(message); msg.setSubject(subject); msg.setFrom(new InternetAddress(from)); msg.addRecipient(Message.RecipientType.TO, new InternetAddress(to)); Transport.send(msg); } catch (Exception ex) { } } private class SMTPAuthenticator extends Authenticator { private PasswordAuthentication authentication; public SMTPAuthenticator(String login, String password) { authentication = new PasswordAuthentication(login, password); } A.7 How to insert Details to the tables through the servlet protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String User=""; try { Class.forName("com.mysql.jdbc.Driver"); //retrieve driver String url = "jdbc:mysql://localhost:3306/test"; //url for database Connection con = DriverManager.getConnection(url, "root", "root"); //access database using username and password System.out.println("connection"); Statement st = con.createStatement(); rs1= st.executeQuery("select max(UserId) From usertab"); while(rs1.next()){ User = rs1.getString("max(UserId)"); } int UserNo = Integer.parseInt(User.substring(4)); UserNo++; User = "user"+UserNo; DataInputStream din = new DataInputStream(request.getInputStream()); String Password = din.readUTF(); String initial= din.readUTF();

78

String name=din.readUTF(); String adress=din.readUTF(); String country=din.readUTF(); String code=din.readUTF(); String date=din.readUTF(); String nid=din.readUTF(); String email=din.readUTF();

EmailServlet em=new EmailServlet(); em.m(email,Password,User); Class.forName("com.mysql.jdbc.Driver"); //retrieve driver st.execute("Insert into usertab values('"+User+"','"+initial+"','"+name+"','"+adress+"','"+country+"','"+code+"','"+date+"','"+nid+"','"+ email+"','"+Password+"')"); } catch (Exception exception) { exception.printStackTrace(); }

Suggest Documents