Secured MyVirtualPDA using Advanced Encryption

0 downloads 0 Views 273KB Size Report
credit card numbers, personal iden- tification, and ... cryptography, also known as science and mathematical lock and key ... use a lot of encryption algorithms.
Secured MyVirtualPDA using Advanced Encryption Standard

O

Digital Object Identifier 10.1109/MPOT.2008.931161

40 

0278-6648/09/$25.00 © 2009 IEEE

IEEE POTENTIALS

© stockbyte & brand X pictures

modes. Its key setup time is excellent ne of the most useful mohd helmy abd wahab, and its key agility is good. AES’ very features in any perNik Shahidah Afifi Md Taujuddin, low memory requirements make it sonal digital assistant well suited for restricted-space environ(PDA) is that it can acZaleha Mohamad Noor, ments, in which it also demonstrates cumulate information Zarina Tukiran, and excellent performance. needed including easy-to-forget deAriffin Abdul Mutalib AES’s operations are among the tails. Some of the information stored easiest to defend against power and is likely to be very sensitive including timing attacks. Additionally, it appears credit card numbers, personal identhat some defense can be provided tification, and passwords. To protect against such attacks without significantly impacting AES’s perthis sensitive data, most PDAs offer password protection as a formance. AES is designed with some flexibility where it can basic authentication. However, to rely on this type of protecaccommodate alterations in the number of rounds and supports tion alone is not enough. As the writing of secret message a wide range of key sizes, mainly 128 b, 192 b, and 256 b. cryptography, also known as science and mathematical lock Due to this secured algorithm, we at InfoSec research group and key (Schafer, 2003), evolved people rely on the encrypdecided to design and develop a prototype known as Virtual tion process to increase their level of data protection. The PDA has existed in the market since the 1970s but the VirtualPDA has only experienced average usage and is not very popular. In the 2000s, there are few commercial organizations developing the VirtualPDA, such as Mini Opera, which possesses features like a regular PDA but which operates on a mobile phone. VirtualPDA is also developed to be published on the Internet so it can easily be accessed. Today, the security of the VirtualPDA is quite strong since developers use a lot of encryption algorithms (Melnick, 2003). As the encryption algorithms rise, so do the number of hackers who want to crack these entire algorithms. On 26 November 2001, it was announced that the Rijndael algorithm had been selected as the Advanced Encryption Standard (AES) and since that time no one has been able to crack or hack it (Wright, 2001). It can be said that the AES is the most secure encryption algorithm today due to its highly complicated process. AES is a combination of security, performance, efficiency, ease of implementation, and flexibility that makes it an appropriate selection for any system. Specifically, AES appears to be a consistently good performer in both hardware and software across a wide range of computing environments, regardless of its use in feedback or non-feedback

Begin

Begin

Register

Securing your data, DataSec

Yes

New User? Begin

Yes

Login success?

No

No

Yes

My Address Book

My Diary

DataSec==Y ?

Reminder Message, user resp

My Notes

user resp==Y

My Reminder

No

Yes Session Finish?

No

Encryption type (eT): FE: File Encryption TE: Text encryption

Yes My PDA Security

Done?

No

No

eT== FE Yes

Perform File encryption

Yes Logout

Perform File encryption

Finish

Finish

Fig. 1 The interaction flow of the MyVirtualPDA system.

Personal Digital Assistant that is able to encrypt any data using AES. The system is named MyVirtualPDA.

Why VirtualPDA? The main purpose of implementing this project is to make the data in MyVirtualPDA more secure. The security system implemented in existing VirtualPDA is not truly effective because people can easily hack the system. The security features in PDA handheld devices are different than those embedded in the VirtualPDA. However, the security system in VirtualPDA can be implemented in PDA handheld. This VirtualPDA will use the AES algorithm, which fixes block length to 128 b and support key lengths of 128 b, 192 b, and 256 b only. The features in the MyVirtualPDA include notes, diary, rejanuary/february 2009

minder, and an address book in which the interaction flow has been designed as depicted in Fig. 1. This article will elaborate on MyVirtualPDA and its specialties and features.

Security check We developed the prototype with graphical user interfaces. In MyVirtualPDA, as is similar with all protected systems, the login page mechanism is a must, functioning as a basic security feature. It serves as the main interface of MyVirtualPDA to indicate that only authenticated users are allowed access into the system. Registered users are given an account and are allowed to access the system after entering the username and password at the Login Page (see Fig. 3). When users enter the correct combination of username and password, the

Fig. 2 My PDA Security interaction flow.

main menu will appear and the button is automatically placed to ensure it is working to trigger its function. for provided features. There are five application for users in MyVirtualPDA: 1) My Address Book—a personal directory to store contact information, 2) My Diary—allows users to write specific or important events, 3) My Notes—good for personal journal writing, 4) My Reminder—a feature to remind users regarding specific events or tasks as well as deadlines, and 5) MyPDA Security—a feature to encrypt the entire user’s data. Also, an option to log out from the system is provided. Fig. 4 illustrates the main menu for MyVirtualPDA. Among all the provided features, this article focuses on describing the security mechanism in MyVirtualPDA. A set of procedures has been carried 41

Fig. 4 Main menu interface

Fig. 3 The login page.

out to test the reliability of the security feature. The aim of the test was to investigate whether the data was securely coded. In the test, before users log out of the system, they must make sure that the data was kept fully secured. If they forget to perform the My PDA Security procedure, an alert box (as in Fig. 5) will appear to remind them. There are two buttons to click; if they click “Yes,” then they can log out successfully; but if they click “No,” then the My PDA Security window will automatically appear. As the users insert the appropriate keys, a percentage indicating the key quality will change in real time. To have a higher quality key, a user must make sure the key is constructed by combining numbers, symbols, and letters. When a longer key is inserted, the percentage indicating quality key will get higher. The keys for encryption and decryption processes must be identical. There are two ways users can choose to make their data secured. The first way is to perform file encryption where the data is secured in an encrypted database. A user can also choose to perform text encryption manually and copy the cipher text to any feature. This text encryption is performed to encrypt only characters. A user may choose this encryption type to save their private data. These options are available in a single pop-up window as depicted in Fig. 6. MyVirtualPDA is secured by implementing AES algorithm as the security 42 

mechanism. In short, this approach promotes that privacy, authentication, integrity, availability, access control, and no repudiation of a system can be achieved.

Read more about it D. Melnick, M. Dinman, and A. Muratov, PDA Security. New York: McGrawHill, 2003. G. Schafer, Security in Fixed and Wireless Networks. England: Wiley, 2003. M.A. Wright, “The Advanced Encryption Standard,” Journal Network Security, vol. 2001, no. 10, pp. 11-13, 2001.

computer science, both from Universiti Teknologi Malaysia. Zaleha Mohamad Noor ([email protected]) is an engineer at NXP Semiconductor Malaysia Sdn Bhd (formally known as Philips Semiconductor). Zarina Tukiran ([email protected]) is a lecturer at the Department of Computer Engineering, Faculty of Electrical and Electonic Engineering, Universiti Tun Hussein Onn Malaysia. Ariffin Abdul Mutalib ([email protected]) is a senior lecturer in the Applied Sciences Department, College of Arts and Sciences, Universiti Utara Malaysia.

About the authors Mohd Helmy Abd Wahab (helmy@ uthm.edu.my) is a lecturer from the Fig. 5 An alert box to remind about Department of Computer Engineering, securing data. Universiti Tun Hussein Onn Malaysia. He holds a bachelor’s of information technology with honors and a master’s degree in intelligent systems from Universiti Utara Malaysia. Nik Shahidah Afifi Md Taujuddin ([email protected]. my) is a faulty member with the Department of Computer Engineering, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia. She holds a bachelor’s degree in electrical engineering (computer engineering) and a master’s degree in Fig. 6 Options to encrypt a file and text. IEEE POTENTIALS