EFFICIENT KEY MECHANISMS IN MULTI-NODE NETWORK FOR SECURED DATA TRANSMISSION

(1)

EFFICIENT KEY MECHANISMS IN

MULTI-NODE NETWORK FOR

SECURED DATA TRANSMISSION

*Ajay Kakkar **Dr. M. L. Singh ***Dr. P. K. Bansal

*Thapar University, Patiala, India **GNDU, Amritsar, India Ex-Principal, MIMIT, Malout, India Abstract:

Cryptography is a technique used to avoid unauthorized access of data. It is the technique of scrambling data to make it indecipherable to all, except the intended person. It includes encryption algorithm and reliable key(s). It is clear that key design flaws account for 50 percent of security problems, and architectural risk analysis plays an important role in any solid security program. The importance of key management has been profound, since most attacks to encryption algorithm are based on vulnerabilities caused by poorly designed and developed key management. The strength of the model depends upon the key length. Keys having short lengths are not suitable for secure transmission in multinode network (MN) because they results in more hacking time. If large key lengths are used then they leads to more processing time. Therefore it is highly required to frame a model which provides the flexibility to the user to select the keys having variable lengths. The main highlight of the work is to reduce the time available to the hacker by using S-Boxes and variable key lengths. The paper includes an optimal approach for secure data processing by using S- Boxes and variable key length. The simulation results are obtained by using Matlab 7.3.

Key Words: Encryption, S- Boxes, Multinode Network (MN), Security, Keys.

1. Introduction

Security attacks against network are increasing significantly with time. Over the years a number of various techniques and approaches have been developed to ensure data confidentiality, integrity, and availability. The techniques for the data security include multiple passwords, cryptography, biometrics, etc. By using the information regarding timing, power consumption by a device during the execution of cryptographic algorithm, cryptanalysts can break the model [27]. Therefore, the main purpose of secured encryption algorithm is to protect the interests of parties communicating in the presence of adversaries [2,4]. The modeling of the behavior of cyber attackers is difficult and to determine the appropriate level of attack is very important for the security point of view. We are aware in multi-node Network (MN) security decreases with increase in the number of nodes [28]. In view of this, multiple keys are used to provide resistance against the virtual and real attacks made by the hacker.

1.1 Objectives

1. To study various security aspects in connection with data transmission. 2. To develop an optimized efficient key management technique(s) in order to:

 Generate random key(s) from the data by the algorithm.

 Determination of failure rate of multiple key(s) used by various S- Boxes.

 Reduce the time available for the hacker in which attempts are made to destroy the model.

 Limit the processing time in multiple key systems.

 Minimize the key shifting time

 



from 1st key to 2nd key and so on.

 Minimize the latency and encryption time in order to provide faster response.

3. To design and develop algorithm(s) for secured wireless data communication with minimum overheads. 1.2 Related Work and Motivation:

(2)

Ajay Kakkar et al. / International Journal of Engineering Science and Technology Vol. 2(5), 2010, 787-795

Standard (PES) and in 1992, it was renamed as IDEA. It is a block cipher that uses 64-bit data blocks and 128-bit key. W. Aeillo et al. (1996) [25] describes that with

n

selected plaintexts in MN which can be distinguished by the hacker with the numbers from a random function. This means that it is possible to hack the model with determined probability. A. Banerjee et al. (2001) [1] gives an overview of signaling enhancement and recovery techniques used in MN. Such techniques are useful to determine the security of model. L. Eschenauer et al. (2002) [17] proposed a random key establishment technique for wireless sensor networks. S .K. Lee et al. (2002) [23] presented hierarchical approach to resolve multiple failures at the multi-node network (MN). In whcih various security levels have been proposed for different type of attacks and recovery mechanism can be selected on the basis of these security levels. H. Chan et al. (2003) [13] extended the technique of

n

random key establishment, that enables two neighbor nodes to establish a secured communication only when they share

n

common keys (where

n



2

). W. Du (2003) [26] developed two similar random key pre distribution techniques which uses the multi space key pool to improve network resilience and memory usage efficiency [9]. L. Hundessa (2004) [18] presented a protection mechanism packed up with multiple key (s) to handle multiple link/ node failures. Further Michael Backes et al. (2005) [19] presented the relating symbolic and cryptographic secrecy technique for MN. Elisa Bertino et. al (2008) [10] discussing an efficient Time-Bound hierarchical key management scheme for secure broadcasting. There are numerous cryptographic algorithms for data encryption and authentication techniques for Multi-node Network (MN). By using encryption efficient generic solution for MN was proposed by Naor et al. (1999) [20]. Naor’s model was not so much compatible with multiple keys having different failure rates. L. Hundessa [18] provides the data gathering strategies over all the possible network routes. Blake and Kolesnikov (2004) [7-8] not provides any practical ways to achieve secured re- routing schemes. The related work indicates that there is need to develop a model which provides the flexibility to select short and long data length sequences as per the requirement. The selection of key(s) and S- Boxes should be based upon the data sequence in order to reduce the hacking and processing times. Also, in case of node failure, the algorithm immediately generates new keys(s) for corresponding node. It has been found that for efficient and reliable model; keys should be generated from the available data. Key recovery mechanisms should be available in the model in order to look after the failure situation.

2. Proposed Work

(3)

Figure 2.1

1st approach: Change encryption key; i.e,

K

₁



K

₂

,

K

₁'



K

₂'

,

K

₁''



K

₂'' and follow the same path.

B

S

K

S

K

S

K

S

A

P

Path

₁

:



₁



(

₂

)



₃



(

₂

,

₂'

)



₄



₅



₇

(

₂

,

₂'

,

₂''

)



₈



2nd approach: Change path

(i)

Path

P

₁

:

A



S

₂



(

K

₁

)



S

₃



(

K

₁

,

K

₁'

)



S

₄



S

₅



S

₇

(

K

₁

,

K

₁'

,

K

₁''

)



S

₈



B

(ii)

Path

P

A



S



K



S



K



S



S



S

K



S

8



B

'' 2 ' 2 2 7 5 4 ' 2 2 3 2 2

2

:

(

)

(

,

)

(

,

)

The above two paths

P

1

,

P

2still includes weak nodes, therefore alternate paths are used.

(iii)

Path

P

A



S



K



S



K



S



S

K



S

8



B

'' 1 ' 1 1 7 5 ' 1 1 4 1 2

3

:

(

)

(

,

)

(

,

)

For highly secured system transmission takes place from

A



S

4. The Proposed model will be evaluated based upon its performance with existing models/mechanisms for secured data transmissions in multi-node networks on the basis of following factors: (i) Number of users (ii) Type of hardware/software (iii) Channel capacity (iv) Number of failures during the installation (v) Number of failures occurred during data transmission (vi) Time required for the recovery of data (vii) Speed of the operation (viii) Type of algorithm used (ix) Size and number of keys and S-boxes (x) Number of check points (xi) Encryption, transmission, decryption, latency time. (xii) Level of protection, First level encryption, Second level encryption and Re-encryption (xiii) Active stations with reliable key(s) (xiv) synchronization time (xv) Compression Factor (xvi) Padding.

3. Outcome of the work so far:

This section deals with the analysis of failure rate of various key(s) used by different S- Boxes in MN. On the basis of number of attacks, hacking levels and security levels are determined for the model (table 3.1). Multiple keys

2 1

&

k

having different failure rate

a

,

b

, are used for different stations

S

i

,

S

i

where

1 

i



N

'

,

.

,

₂ ₁ ₂

1

T

active

time

of

k

resp

(4)

S. No.

Hacking Level Total number

of attacks in one minute

Level of Security

Remarks

1 Low 0-50 Very Good Used for both short

and long data sequences

2 Medium 51-100 Good Normally used for

long data sequences with multiple keys

3 Average 101-150 Average Prefer short

sequences 4 Marginally acceptable, provided that 2nd key (low

failure rate take the charge immediately in case of failure of 1st key)

151-200 Weak Only short data

length sequences

5 High Above 200 Very weak Not used

Table 3.1

Figure 3.1: Various security levels for different S- Boxes

(5)

Figure 3.2: Secure path is achieved by using low failure rate of keys

Calculation of Hacking and Processing Times for different Nodes and S-Boxes

This section shows that how hacking time is reduced with the increase in key length and S-Boxes for different number of nodes.

Node = 5, S-Boxes= 8

S. No. Data Length Key Length S-Boxes Processing time (ns) Hacking Time (min)

1. 26 8 8 13.36 81.71

2. 56 8 8 24.00 84.03

3. 56 16 8 32.76 26.83

4. 124 8 8 44.76 156.71

5. 256 8 8 55.14 193.05

Table 3.2

Followings observations are made from table 3.2

 For same key length (8 bits), increase in the data length from 26 to 56 bits provides more time to the hacker (84.03 min.).

 Processing time (13.26 to 24.00 ns) is also increased for above combination, but this will not affect the model much.

 If key length is increased from 8 to 16 bits for same data length (56 bits) then it shows that the hacking time (84.03 to 26.83 min.) reduces significantly with nominal increase in processing time.

Node = 5, S-Boxes= 16

1. 26 8 16 17.99 74.78

2. 56 8 16 27.93 76.86

3. 56 16 16 40.70 8.44

(6)

The combination of 16 bit key-length (K.L) and 8 S-boxes provides 26.83 minutes (table 3.2) to the hacker. If we increase the number of S-Boxes then it simply reduces the hacking time (8.44 minutes, table 3.3). By increasing S- Boxes from 8 to 16 and keeping all other parameters same, it has been observed that the model security is increased. Although, it increases the processing time from 32.76 to 40.70 ns, but it does acts as much overhead to the model.

By keeping all the other parameter same, the number of nodes are increased (5 to 15) then it increases the processing time (32.76 min, shown in table 3.2 to 36.37 min shown in table 3.4) and hacking time (26.83 to 27.33 minutes). So, it shows that the security decreases with increase in the number of nodes.

Node = 15, Boxes= 8

1. 26 8 8 24.92 86.34

2. 56 8 8 47.35 88.65

3. 56 16 8 36.37 27.33

4. 124 8 8 88.32 165.33

5. 256 8 8 108.80 203.68

Table 3.4

Node = 15, Boxes= 16

1. 26 8 16 29.33 78.71

2. 56 8 16 54.29 80.90

3. 56 16 16 43.32 19.95

4. 124 8 16 101.25 150.88

5. 256 8 16 124.73 185.87

Table 3.5

For the same parameters, the combination of 16 bit key length and 16 S-Boxes provides 19.95 minutes (table 3.5) to the hacker. It has been observed from the results of tables (3.2-3.5) that:

 If numbers of nodes are increased then it takes more processing time.

 It also provides enough time to the hacker.

 If there is an increase in the data length then hacking and processing times are increased.

 By increasing key length the hacking time is reduced.

 Increase in the number of S- Boxes reduces the hacking time with nominal increase in processing time. So, correct combination of key length and S- Boxes are selected in order to achieve optimized efficient results.

N=5,S-Boxes=8

0 50 100 150 200 250

26 56 56 124 256

Data Le ngth (bits )

Ti

m

e

Processing Time(ns)

Hacking Time(min)

(7)

N=5, S- Boxes=16

0

20

40

60

80

100

120

140

160

180

200

26

56

124

256

Data Length(bits)

Ti

m

e

Processing Time(ns)

Hacking Time(min)

Figure 3.2: Hacking and Processing time Vs data length for Node=5, S- Box=16.

N=15, S- Boxes=8

0 50 100 150 200 250

26 56 56 124 256

Ti

m

e

Processing Time(ns)

Hacking Time(min)

(8)

N=15, S- Boxes=16

0 20 40 60 80 100 120 140 160 180 200

26 56 56 124 256

Ti

m

e

Processing Time(ns)

Hacking Time(min)

Figure 3.4: Hacking and Processing time Vs data length for Node=15, S- Box=16.

The increase in the number of nodes in the network leads to increase in the processing time. Thus allows to have more number of options (time) to break the model. Table 3.2 shows the practical results for a model having 5 nodes in a network. By using S-Boxes =8, initially the hacking time is less = 81.71(min) for Node, N =5, Key length, K. L=8, Data Length, D. L=26. Increase in the data length from 26 to 56 with same key length provides enough time to the hacker, which can be reduced by increasing the key length from 8 to 16, by keeping all the other parameters same. Increase in the S- Boxes =16 (N=5, K. L=16, D. L=56) provides more security to the model (hacking time is reduced to 8.44 from 26.83 min) (table 3.2 & 3.3).

Increase in the number of nodes from 5 to 15 for fixed S- Boxes =08, N=5, K. L=08, D. L=08, simply increases the hacking time from 81.71 min (table 3.2) to 86.34 min. (table 3.4). Depending on the particular attacking scenarios, various combinations may be employed associated with integrity and confidentiality of the data.

Node = 30, S-Boxes=8

1. 256 128 08 188.30 19.53

2. 56 16 08 92.62 78.85

Table 3.6: For Node=30, S- Boxes=8, different key lengths, hacking and processing time Vs data length For large number of nodes the data length, key length and S-boxes can be selected in order to provide optimized efficient results. Table 3.6 shows that for a large MN (30) there is increase in processing time is increased with increase in the data and key length. Thus, the objective is to reduce the hacking time by keeping an eye on the processing time. i.e the processing time should not be allowed to increase rapidly.

5. Conclusion and Future Work

(9)

6. References

[1] A. Banerjee, L. Drake, L. Lang, B. Turner, D. Awduche, L. Berger, K. Kompella, and Y. Rekhter (July 2001), “Generalized Multiprotocol Label Switching: An Overview of Signaling Enhancements and Recovery Techniques,” IEEE Communication Magazine, Vol. 39, No. 7, pp. 144-151.

[2] A. Bobbio and K.S. Trivedi (1990), “Computing Cumulative Measures of Stiff Markov Chains Using Aggregation,” IEEE Transaction on Computers, Vol. 39, No. 10, pp. 1291-1297.

[3] A. Reibman and K.S. Trivedi (1988), “Numerical Transient Analysis of Markov Models,” Computers and Operations Research, Vol. 15, No. 1, pp. 19-36.

[4] Alexander Chatzigeorgiou ,George Stephanides, Spyros T. Halkidis, Nikolaos Tsantalis (September 2008), “Architectural Risk Analysis of Software Systems Based on Security Patterns” IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp. 129-142.

[5] B. Livshits and M.S. Lam (Aug. 2005), “Finding Security Vulnerabilities in Java Applications with Static Analysis,” Proceedings of 14th_{Usenix Security Symposium pp. 19-36.}

[6] B. B. Madan, K. Goseva-Popstojanova, K. Vaidyanathan, and K.S. Trivedi (March, 2004), “A Method for Modeling and Quantifying the Security Attributes of Intrusion Tolerant Systems,” Performance Evaluation, Vol. 56, No1, pp. 167-186.

[7] Blake, I.F. and Kolesnikov, V. (2004) ‘Strong conditional oblivious transfer and computing on intervals’, in P.J. Lee, (Ed).

ASIACRYPT’04, Volume 3329 of Lecture Notes in Computer Science, Springer, pp.515–529.

[8] Blake, I.F. and Kolesnikov, V. (2006) ‘Conditional encrypted mapping and comparing encrypted numbers’, in G. Di Crescenzo and A. Rubin, (Eds). FC 06, Volume 4107 of Lecture Notes in Computer Science, Springer, pp.410–421.

[9] D. Liu and P. Ning (October 2003), “Establishing Pair-wise Keys in Distributed Sensor Networks,” Proceedings of 10th_ACM

Conference on Computer and Communication Security (CCS ’03), pp. 52-61.

[10] Elisa Bertino, Ning Shang, and Samuel S. Wagstaff Jr. (April 2008) “An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting”, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp-65-70.

[11] Fischlin, M. (2001) “A cost-effective pay-per-multiplication comparison method for millionaires”, CT-RSA’01, Volume 2020 of

Lecture Notes in Computer Science, Springer, pp.457–472.

[12] G. Ciardo, R.M. Marmorstein, and R. Siminiceanu (2003), “Saturation Unbound”, Proceedings of International on Tools and Algorithms for the Construction and Analysis of Systems, pp. 379-393.

[13] H. Chan, A. Perrig, and D. Song (May, 2003), “Random Key Pre distribution Schemes for Sensor Networks,” Proceedings of IEEE Symposium on Security and Privacy (S & P ’03), pp. 197-213.

[14] J. Muppala, M. Malhotra, and K. Trivedi (1994), “Stiffness-Tolerant Methods for Transient Analysis of Stiff Markov Chains,” Microelectronics and Reliability, Vol. 34, No.11, pp. 1825-1841.

[15] Jian Ren, and Lein Harn, (July 2008), “Generalized Ring Signatures”, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp153-164.

[16] Jong Tae Park, Jae Wook Nah, and Wee Hyuk Lee, (July 2008), “Dynamic Path Management with Resilience Constraints under Multiple Link Failures in MPLS/GMPLS Networks”, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp143-154.

[17] L. Eschenauer and V. D. Gligor (Nov. 2002), “A Key-Management Scheme for Distributed Sensor Networks,” Proceedings of 9th

ACM Conference on Computer and Comm. Security (CCS ’02), pp. 41-47.

[18] L. Hundessa and J. Domingo-Pascual (2004), “Optimal and Guaranteed Alternative LSP for Multiple Failures,” Proceedings of 13th IEEE International Conference on Computer Communication and Networks (IC3N ’04), pp. 59-64.

[19] Michael Backes, and Birgit Pfitzmann (April, 2005), “Relating Symbolic and Cryptographic Secrecy”, IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp109-123.

[20] Naor, M., Pinkas, B. and Sumner, R. (1999) ‘Privacy preserving auctions and mechanism design’, EC’99, New York: ACM Press, pp.129–139.

[21] P. Papadimitratos and Z. J. Haas (July, 2003), “Secure Message Transmission in Mobile Ad Hoc Networks,” Elsevier Ad Hoc Networks, Vol. 1, No. 1, pp. 193-209.

[22] Paillier, P. (1999) “Public-key cryptosystems based on composite degree residuosity classes”, in J. Stern (Ed). EUROCRYPT’99, Volume 1592 of Lecture Notes in Computer Science, Springer, pp.223–238.

[23] S. K. Lee and D. Griffith (Aug., 2002), “Hierarchical Restoration Scheme for Multiple Failures in GMPLS Networks,” Proc. 31st

International Conference on Parallel Processing Workshops (ICPPW ’02), pp. 177-182.

[24] T. Halkidis, Nikolaos Tsantalis, Alexander Chatzigeorgiou, and George Stephanides (July 2008), Architectural Risk Analysis of Software Systems based on Security Patterns Spyros, IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, pp129-142.

[25] W. Aiello and R. Venkatesan (1996), “Foiling birthday attacks in length-doubling transformations in U. Maurer”, editor, Advances in Cryptology - EUROCRYPT ’96, LNCS 1070,. Springer-Verlag, Berlin pp. 307–320.

[26] W. Du, J. Deng, Y. S. Han, and P.K. Varshney (Oct., 2003), “A Pair wise Key Pre distribution Scheme for Wireless Sensor Networks,” Proceedings of 10th_{ACM Conference on Computer and Communication Security (CCS ’03), pp. 42-51.}

[27] Xubin He, Ming Zhang, and Qing (Ken) Yang (April, 2005), “SPEK: A Storage Performance Evaluation Kernel Module for Block-Level Storage Systems under Faulty Conditions” IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp138-149. [28] Zhenghua Fu, Haiyun Luo, Petros Zerfos, Songwu Lu, Lixia Zhang (March, 2005), “The Impact of Multihop Wireless Channel on