S
ECURE
D
ATA
T
RANSMISSION
-U
SING
D
YNAMIC
R
OUTING
A
ND
V
ULNERABILITY
E
VALUATION
S.Kavin hari hara sudhan(1),
(1)M.Tech student in Computer Science and Engineering Dr.MGR Educational and Research Institute, Chennai, Tamilnadu, INDIA
Abstract
In the present scenario secure data transmission is achieved by complex cryptographic algorithms. These complex cryptographic algorithm leads to increase in the number of cycles per byte data processing. In the present situation we are in the need of power reduction, so we have to reduce the processing time, power utilization, and increase through put by using less complex cryptography algorithms. But as security as concern this less complex algorithms are lagging so we are adopting dynamic routing with vulnerability evaluation for better security. In our proposed method we are going to use dynamic routing and evaluating vulnerable node as well as vulnerable path, which will increase the security. And will reduce time delay and computation. In this dynamic routing we are adopting one additional feature like no two consecutive packets through similar noded paths to enhance the security. In this paper we are adopting blowfish encryption algorithm which is very simple , less time consuming , less power consumption, which has been identified by comparing with other encryption algorithms. So with the help of least complex encryption algorithm we are going to achieve better security by using dynamic routing and vulnerability evaluation.
Key terms: Data transmission , Dynamic routing, Randomization, Security, Vulnerability.
1.
Introduction
In the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on security-enhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptograph based systems, the IP Security (IPSec) [8] and the Secure Socket Layer (SSL) [4] are popularly supported and implemented in many systems and platforms. Although IPSec and SSL do greatly improve the security level for data
and effective network bandwidth. For example, the data transmission overhead is 5 cycles/byte over an Intel Pentium II with the Linux IP stack alone, and the overhead increases to 58 cycles/byte when Advanced Encryption Standard (AES) [10] is adopted for encryption/decryption for IPSec. Another alternative for security-enhanced data transmission is to dynamically route packets between each source and its destination so that the chance for system break-in, due to successful interception of consecutive packets for a session, is slim. The intention of security-enhanced routing is different from the adopting of multiple paths between a source and a destination to increase the throughput of data transmission.
In our proposed work we are adopting vulnerability evaluation in both node as well as path. The vulnerable node is one in which is having more number of connections. The vulnerable path is one in which is having more nodes to reach the destination.
In particular, Lou et al[6][7]. proposed a secure routing protocol to improve the security of end-to-end data transmission based on multiple path deliveries. The set of multiple paths between each source and its destination is determined in an online fashion, and extra control message exchanging is needed. Bohacek et al. proposed a secure stochastic routing mechanism to improve routing security. Similar to the work proposed by Lou et al., a set of paths is discovered for each source and its destination in an online fashion based on message flooding. Thus, a mass of control messages is needed. Yang and Papavassiliou explored the trading of the security level and the traffic dispersion. They proposed a traffic dispersion scheme to reduce the probability of eavesdropped information along the used paths provided that the set of data delivery paths is discovered in advance. Although excellent research results have been proposed for security-enhanced dynamic routing, many of them rely on the discovery of multiple paths either in an online or offline fashion. For those online path searching approaches, the discovery of multiple paths involves a significant number of control signals over the Internet.
On the other hand, the discovery of paths in an offline fashion might not be suitable to networks with a dynamic
dynamic routing algorithm to provide security enhanced data delivery without introducing any extra control messages. The objective of this work is to explore a security enhanced dynamic routing algorithm based on distributed routing information widely supported in existing wired and wireless networks. We aim at the randomization of delivery paths for data transmission to provide considerably small path similarity (i.e., the number of common links between two delivery paths) of two consecutive transmitted packets.
The proposed algorithm should be easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol (RIP) for wired networks [2] and Destination-Sequenced Distance Vector (DSDV) protocol for wireless networks [3], over existing infrastructures. These protocols shall not increase the number of control messages if the proposed algorithm is adopted. An analytic study will be presented for the proposed routing algorithm, and a series of simulation study will be conducted to verify the analytic results and to show the capability of the proposed algorithm.
2.Existing work
Every node in the network is given a routing table and a link table using Hello protocol.
The security has been enhanced only by using cryptographic algorithms.
construction and maintenance of routing tables are revised based on the well-known Bellman-Ford algorithm
The discovery of paths in an offline fashion might not be suitable to networks with a dynamic changing configuration which has been used in existing system.
In the existing system vulnerability evaluation is not possible.
3.Related work
The proposed algorithm implement’s popular routing protocols, such as
1. Routing Information Protocol (RIP) for wired networks
2. Destination-Sequenced Distance Vector (DSDV) protocol for wireless networks.
Those based on RIP, each node maintains a routing table.
If the proposed algorithm is implemented over RIP with equal cost links, then the
Resulted path set would be the same as that generated by an equal-cost multipath protocol based on RIP.
Our security enhanced dynamic routing could be used with cryptography- based system designs to further improve the security of data transmission over networks.
3.1.Dynamic routing protocol
Function(s) of Dynamic Routing Protocols:Dynamically share information between routers. Automatically update routing table when topology changes. Determine best path to a destination.
Fig 1-Periodical updating routing table
3.2.Routing Information Protocol (RIP)
The Routing Information Protocol (RIP) is a distance-vector routing protocol, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops allowed for RIP is 15. This hop limit, however, also limits the size of networks that RIP can support. A hop count of 16 is considered an infinite distance and used to deprecate inaccessible, inoperable, or otherwise undesirable routes in the selection process.How RIP works. What makes RIP work is a routing database that stores information on the fastest route from computer to computer, an update process that enables each router to tell other routers which route is the fastest from its point of view, and an update algorithm that enables each router to update its database with the fastest route communicated from neighboring routers:
Database. Each RIP router on a given network keeps a database that stores the following information for every computer in that network:
o IP Address. The Internet Protocol address of the computer.
o Gateway. The best gateway to send a message addressed to that IP address.
o Distance: The number of routers between this router and the router that can send the message directly to that IP address.
o Route change flag. A flag that indicates that this information has changed, used by other routers to update their own databases.
o Timers. Various timers.
Algorithm. The RIP algorithm works like this:
Update. At regular intervals each router sends an update message describing its routing database to all the other routers that it is directly connected to. Some routers will send this message as often as every 30 seconds, so that the network will always have up-to-date information to quickly adapt to changes as computers and routers come on and off the network.
Propagation. When a router X finds that a router Y has a shorter and faster path to a router Z, then it will update its own routing database to indicate that fact. Any faster path is quickly propagated to neighboring routers through the update process, until it is spread across the entire RIP network. A mathematical description of this algorithm is shown below.
Let D(i,j) be the metric for the best route from router i to router j.
Let d(i,j) represent the distance from router i to router j, set to infinite if i and j are the same or if i and j are not immediate neighbors.
The best distance is then D ( i, i ) = 0, for all i
D ( i, j ) = min ( d ( i, k ) + D ( k, j ) ), for i <> j, over all k
3.2.1.RIP version 1 (RIPv1)
This is a simple distance vector protocol. It has been enhanced with various techniques, including Split Horizon and Poison Reverse in order to enable it to perform better in somewhat complicated networks.
The longest path cannot exceed 15 hops. RIP uses static metrics to compare routes. The maximum datagram size is 512 bytes not including the IP or UDP headers.
3.2.2.RIP version 2 (RIPv2)
This version added several new features. External route tags. Subnet masks.
Next hop router addresses. Authentication.
Multicast support.
3.3.Destination
– sequenced distance
vector (DSDV)
Each entry in the routing table contains a sequence number, the sequence numbers are generally even if a link is present; else, an odd number is used. The number is generated by the destination, and the emitter needs to send out the next update with this number. Routing information is distributed between nodes by sending full dumps
infrequently and smaller incremental updates more frequently.
Fig 2 DSDV
For example the routing table of Node A in this network is
Destination Next Hop Number of Hops Sequence Number Install Time A A 0 A 46 001000 B B 1 B 36 001200 C B 2 C 28 001500
If a router receives new information, then it uses the latest sequence number. If the sequence number is the same as the one already in the table, the route with the better metric is used. Stale entries are those entries that have not been updated for a while. Such entries as well as the routes using those nodes as next hops are deleted.
3.4.Vulnerability evaluation protocol
3.4.1.Evaluating vulnerable node
The node which is having more number of connections, that node is said to be vulnerable node. This evaluation will reduce the chance of getting hacked.
3.4.2.Evaluating vulnerable path
The path which is having more number of nodes to cross, that path is said to be vulnerable path. These evaluations will be useful in future routing.
3.5.Comparison
between
various
cryptographic algorithms
Encryption time is used to calculate the throughput of an encryption scheme. In this section, we calculated CPU work load, Encryption throughput and power consumption for encryption text files without transmission to show which encryption is more powerful than others. The CPU work load (millisecond) ,throughput (megabytes/second) , power consumption (micro joule/byte), and power consumption (percent of battery consumed) are shown in Fig
1.
CPU work load
0 100 200 300 400 500 AE S 3DE S DE S RC 2 Blow fis h RC 6
CPU work load
2.
Encryption throughput
0 5 10 15 20 25 RC 2 DE S 3D ES RSA Blow fis h RC 6 Throughput(Me gabyte/sec)3. Power consumption (Micro
joule/byte)
0 1 2 3 4 AE S 3DE S DE S RC2 Blow fis h RC6 Power consumption(mi crojoule/byte)4. % of battery power consumed
0 0.002 0.004 0.006 0.008 AE S 3DE S DES RC2 b lo w fis h RC6 % battery consumed
5. Time consumption
From the above comparison we can identify that the blowfish algorithm is least complex when comparing with other algorithms. According to this comparison blowfish algorithm has less CPU work load, high encryption through put, less power consumption, less time consumption, less cost.
By using such least complex and less secure cryptographic algorithm in our proposed work we can achieve high security by using dynamic routing and vulnerability evaluation.
3.6.BLOW FISH ALGORITHM
The input is a 64-bit data element, x. Step 1:Divide x into two 32-bit halves: xL, xR Step 2:For i = 1 to 16:
Step 3:xL = xL XOR Pi Step 4:xR = F(xL) XOR xR Step 5:Swap xL and xR
Next i
Step 6:Swap xL and xR (Undo the last swap.) Step 7:xR = xR XOR P17
Step 8:xL = xL XOR P18 Step 9:Recombine xL and xR Function F:
Step 1:Divide xL into four eight-bit quarters: a, b, c, and d Step 2:F(xL) = ((S1,a + S2,b mod 232) XOR S3,c) + S4,d mod 232
Step 3:Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order.
Generating the Sub keys :
The sub keys are calculated using the Blowfish algorithm. The exact method is as follows:
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of pi (less the initial 3).For example: P1 = 0x243f6a88
P2 = 0x85a308d3 P3 = 0x13198a2e P4 = 0x03707344
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (possibly up to P14). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits. (For every short key, there is at least one equivalent longer key; for example, if A is a 64-bit key, then AA, AAA, etc., are equivalent keys.)
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps (1) and (2).
4. Replace P1 and P2 with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish algorithm with the modified sub keys.
6. Replace P3 and P4 with the output of step (5).
7. Continue the process, replacing all entries of the P- array, and then all four S-boxes in order, with the output of the continuously-changing Blowfish algorithm.
In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys rather than execute this derivation process multiple times.
Here we explore a security enhanced dynamic routing algorithm based on distributed routing information widely supported in existing wired and wireless networks. We aim at the randomization of delivery paths for data transmission to provide considerably small path similarity (i.e., the number of common links between two delivery paths) of two consecutive transmitted packets. The proposed algorithm should be easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol (RIP) for wired networks and Destination-Sequenced Distance Vector (DSDV) protocol for wireless networks, over existing infrastructures. These protocols shall not increase the number of control messages if the proposed algorithm is adopted. The analytic study will be presented for the proposed routing algorithm, and a series of simulation study will be conducted to verify the analytic results and to show the capability of the proposed algorithm.
4.Conclusion
The proposed system is adopting blowfish which least complex among many cryptographic algorithms by using such algorithm we can achieve better security by using dynamic routing and vulnerability evaluation.This paper has proposed a security-enhanced dynamic routing algorithm based on distributed routing information widely supported in existing networks for secure data transmission and vulnerability evaluation precautionary measures. The proposed algorithm is easy to implement and compatible with popular routing protocols, such as RIP and DSDV, over existing infrastructures. The above procedure will send the data more secure by providing encryption process to the data and the encrypted data will undergo dynamic routing process which is more secure in transferring the data from hop to hop. This proposed system will improve throughput, security, routing, and vulnerability evaluation.
References
[1] G. Apostolopoulos, V. Peris, P. Pradhan, and D. Saha, ―Securing Electronic Commerce: Reducing the SSL Overhead,‖IEEE Network, 2000.
[2] G. Malkin, Routing Information Protocol (RIP) Version 2 Carrying Additional Information, Request for comments (RFC 1723),Nov. 1994.
[3] C. Perkins and P. Bhagwat, ―Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers,‖Proc. ACM SIGCOMM ’94, pp. 234-244, 1994.
[4] Secure Sockets Layer (SSL), http://www.openssl.org/, 2008.
[5] S. Bohacek, J.P. Hespanha, K. Obraczka, J. Lee, and C. Lim, ―Enhancing Security via Stochastic Routing,‖
Proc. 11th Int’l Conf. Computer Comm. and Networks (ICCCN), 2002.
[6] W. Lou and Y. Fang, ―A Multipath Routing Approach for Secure Data Delivery,‖ Proc. IEEE Military Comm. Conf. (MilCom), 2001.
[7] W. Lou, W. Liu, and Y. Fang, ―SPREAD: Improving Network Security by Multipath Routing,‖ Proc. IEEE Military Comm. Conf. (MilCom), 2003.
[8] R. Thayer, N. Doraswamy, and R. Glenn, IP Security Document Roadmap, Request for comments (RFC 2411), Nov. 1998.
[9] S.-H. Liu, Y.-F. Lu, C.-F. Kuo, A.-C. Pang, and T.-W. Kuo, ―The Performance Evaluation of a Dynamic Configuration Method over IPSEC,‖ Proc. 24th IEEE Real-Time Systems Symp.: Works in Progress Session (RTSS WIP), 2003.
[10] C. Kaufman, R. Perlman, and M. Speciner, Network Security—PRIVATE Communication in a PUBLIC World, second ed. Prentice Hall PTR, 2002.
Biographies
(1)
Author S. Kavin Hari Hara Sudhan is an M.Tech student in computer science & engineering, Dr.MGR University, Chennai, Tamil Nadu, India. He has published 1 paper in international conference and 2 papers in national conferences. He shall be contacted through [email protected]
