Application of Improved SSL in Data Security Transmission of Mobile Database System

Transcription

1 Alication of Imrove SSL in Data Security Transmission of Mobile Database System RUIFENG WANG, XIAOHUA ZHANG, DECHAO XU College of Automation & Electrical Engineering Lanzhou Jiaotong University Lanzhou, CHINA Abstract: - The existing SSL (Secure Socet Layer) rotocol which mobile atabase system is using has many rawbacs, such as large amount of communication, comutational comlexity of encrytion algorithm an the worloa imbalance. In orer to solve these roblems, the aer rooses an imrove SSL rotocol. It ecomoses the rivate ey into ineenent elements which reucing the comutational comlexity an imlementing arallel comuting, at the same time it ut art of ecrytion calculation to the client so that balancing the worloa an shortening the running time of the algorithm. The imrove SSL rotocol exchanges certificate ientifier instea of certificate entities between client an server, which reuces the message ayloa. The imrove SSL rotocol imroves the ecrytion see an reuces the hanshae communication loa comare to the original SSL rotocol. Key-Wors: - Mobile atabase, security transmission, imrove SSL rotocol, RSA encrytion algorithm, ientity authentication into ineenent elements to ecrease the moe of ower oeration, at the same time it will ecomose art of the ecrytion moule an ower oeration, so that ensure the security of transmission ata an reuce comutational comlexity. An the imrove RSA algorithm erformance is comare with the traitional algorithm, the simulation results show that the imrove algorithm erformance is better. It authenticates clients to transfer unique ientification of certificate by storing server certificates in clients, effectively reucing the communication loa rotocol to imrove transmission efficiency. Introuction Mobile atabase system realizes ata synchronization transmission via wireless networ, its instability an wea immunity leas to illegal users easier to theft an tamer with transmission ata. So that it results in leaage of synchronous ata an error information transmission. If imortant information relate to security changes will lea to a major accient. Therefore it is very imortant to imrove the security of transmission ata. Literatures [-3] guarantee the security of ata transmission through taing encrytion algorithm to encryt the raio transmission lin, but comutational comlexity of the algorithm currently use results in transmission elay increasing. Literatures [4-8] roose to verify the ientity of the terminal to revent unauthorize users from logging system to steal ata. However it nees to ass the certification entity to verify its effectiveness, resulting in increase traffic loas an client comuting, an reucing efficiency of the system. The aer uts forwar an imrove SSL rotocol to achieve safe an efficient ata transmission in mobile atabase systems. The imrove SSL rotocol ecomoses the rivate ey 2 Mobile Database System Data Synchronization Transmission The alication of mobile atabase system is more an more oular with the rai eveloment of wireless communication technology an mobile comuting technology. The instability of wireless networ an frequent breaout lea to leaage of transmission ata[]. Mobile atabase SQL Server CE establishes a secure channel base on SSL rotocol in orer to guarantee security of ata transmission an integrity. Mobile atabase SQL Server CE rovies remote ata access an merge relication, ensures that the ata of SQL Server CE E-ISSN: Volume 3, 204

2 in the mobile client can be reliably transmitte. An it can offline oerate atabase, then sync with the server, which maes SQL Server CE ieal atabase in mobile an wireless environment. Before the SSL connection, it is necessary to create reliable TCP connections between client an server[2]. Ientity authentication server of SSL rotocol rovies authentication through the certificate entity first. Then the SQL Server CE client roxy sens HTTP requests to SQL Server CE server agent request. SSL hanshae rotocol consults encrytion algorithm an session ey which is use to encryt ata. Finally it can transfer synchronize ata through SSL channel which ensures confientiality an integrity of transmission ata. It will escribe the woring rocess of the SSL rotocol to achieve ata security transmission below. Then it will ut forwar imrovement measures which are aime at imroving the efficiency an security of transmission ata base on the SSL rotocol erformance efects. 3 SSL Protocol SSL Protocol has recor rotocol an hanshae rotocol two layers. Recor rotocol acets, comresses, encryts an encasulates the highlayer ata. Hanshae rotocol which running on the recor rotocol is use for ientity authentication, negotiation encrytion algorithm, ey exchange before the ata[3]. 3. Woring rocess of the SSL rotocol The woring rocess of the SSL rotocol is comose of shaing hans an ata transmission. Hanshae rotocol comletes connection before ata transmission, SSL rotocol woring rocess as shown in figure, the main woring rocess as follows. ()The client an server swa hello message which mainly inclues ranom number r c an r s, the session i SID, rotocol version number V an a suite SecNeg encrytion algorithm, to establish SSL security connection. (2)The server sens certificate, server-ey-exchange an certificate request, finally sens server- hello-one news which inicates server hello hase en. (3)Client sens its certificate, the function of ey generation an certificate- verify the result of the server certificate verification after it receives server- hello-one news. (4)The client an server sen change ciher-sec an finishe message each other. (5)They use the negotiate eys to sen ata after the hanshae finally. Client Client-hello Certificate Client-ey-exchange Certificate-verify Change-ciher-sec Finishe Alication-ata Server Server-hello Certificate Server-ey-exchange Certificate-request Server-hello-one Change-ciher-sec Finishe Alication-ata Fig.. Woring rocess of SSL rotocol. 3.. Ientity authenticationl Hanshae rotocol imlements the communication on both sies of the ientity authentication through the igital certificate. Certificate Authority(CA) which is got by Public Key Infrastructure (PKI) rovies the mechanism rovies an manages the igital certificate an verifies the authenticity of ientity[4]. The server will first calculate the server certificate hash value by the hash algorithm, then use its own rivate ey to encryt hash which form igital signature, finally it will sen certificate information an signature to the client. The client calculates the content of CA after it receives the information, an it uses the ublic ey to ecryt the signature that get hash value comare with the value of the client. If they are the same, the server authentication is successful. Server for client authentication methos is similar, so as to realize two-way authentication Princile of RSA encrytion algorithm It uses the RSA encrytion algorithm which has encrytion ey (KU) an ecrytion ey (KR) two eys to exchange session ey in the SSL hanshae rotocol[5]. The algorithm etaile rocess as follows. ()Select two rime numbers an q;(2) Calculate n an φ(n), n=q, φ(n)= (-)(q-), φ(n) is the euler function for n; (3) Generate a ranom number e with φ(n) corime, namely gc(e,φ(n))=, an <e<φ(n), it will get the ublic ey KU = (e, n); (4) Get the rivate ey by calculating meet e mo φ(n),it sai the rouct of an e o moular arithmetic result must be equal to ; (5) Suose M as transmission ata, C as encryte ata, e C M (mo n), the receiver after receiving the ciher ecrytion to get the original ata M C (mo n). 3.2 Performance efect an imrovement roject of the SSL rotocol The communication loa leas uring the hanshae ue to it is require to transfer certificate entity for ientity authentication an verify its effectiveness. The SSL hanshae uses RSA encrytion algorithm to exchange session eys, ue to the algorithm comutational comlexity, slow see, an worloa imbalance. They result in a ecline in overall system erformance. This aer E-ISSN: Volume 3, 204

3 rooses an imrove SSL rotocol for SSL above efects to reuce the communication loa, imrove the efficiency of ata transmission, to ensure the high-efficiency an safety of the synchronous ata. In the imrovement of the SSL rotocol, it will be uniquely corresoning to each certificate a certificate ientity CID an ut certificate list in avance to the rover. It will effectively avoi transferring certificate of entity each other in the rocess of shaing hans. It only nees to sen the CID in the rocess of the SSL hanshae, the rover accoring to the CID fin the corresoning certificate entity in the list[6]. It greatly reuces the amount of communication an imroves hanshae rotocol connection see. Since the client storage caacity, comuting ower, ower management are limite, encrytion algorithm the SSL hanshae rotocol chose also affects overall system erformance. Accoring to the characteristics of the mobile environment, the aer uts forwar an imrove algorithm which imroves the safety an efficiency of the system. If moulus n=q with secial form =as+b an q=cs+, this form of rime numbers of (, q) constitutes a wea ey of RSA crytograhy system. Assume f/e is /q the best aroximation value, e an f are relatively rime an f<e<2f, s= n /(ef ), the s ajoint olynomials about n as shown in formula(). 2 fn / s( x) = ax + bx + c () 2 The iscriminant formula (): if = b 4ac 0,it has two rational root, it can be reresente as formula(2), an q are two rime factors by 2 comuting. if = b 4ac < 0, it is looing for {e, f} an calculate the s, at the same time seeing, q trough the iscriminant olynomial. It can search for integer {e, f} in small scoe if the rimes are smaller, an get s ecoing algorithm easily. In orer to imrove the security of RSA algorithm, it is necessary to increase the rivate ey resulting in larger ower oeration, sening a lot of time an storage sace, increasing system erformance overhea. f n / s ( x) = ( a x + b )( aq x + bq ) = q (2) The imrove RSA algorithm will brea own into a number of ifferent bloc using vector D = (, 2,, ) inicating which can be a searate oeration, so it can efficiently erform encrytion oerations. At the same server transfers art of ecrytion comutation to the client, balancing its worloa. It can achieve arallel rocessing to meet more connection requests. The algorithm basic iea is that server broen own rivate ey : = f + f f (moϕ( n)) (3) In formula (3), fi, i were searately c bit, n bit ranom vector, c etermines its safety. Sen vector first to the client, The client accoring to vector D that the server sen to an the formula (4) calculates the vector Z each element sent to the server. z x i i = (mo n), i (4) It can see the calculation of vector Z elements only associate with the vector D from the Eq.(4). The vector D each element is ineenent, so it can arallel comuting each element of vector Z, imroving the client encrytion see. Then the server ecryts the session ey accoring to the vector Z an formula (5). fi zi = x fii = x (mo n) In the imrove RSA algorithm, it ecomose large numbers of ower oeration into small moulus ower oeration of M, M q, they resectively by Eq.(6) an Eq.(7) calculate, fi an gi are c bit ranom value, an q can be arallel comute alone through Eq. (8) an Eq. (9), then server comletes the ecrytion oeration through the formula (0). M fi = zi ) gi f (5) i (mo = x (6) i q M = z i (mo q) = x (7) q x f = fii mo( ) (8) q = gi i mo( q ) (9) = M n + M n (mon) (0) n q q = q( q (mo )) () n q = ( (moq)) (2) It erforms ecrytion oeration by the formula (0). The server resectively calculates n, nq through Eq.() an Eq.(2) in avance. 4 Analysis of the Imrove SSL Protocol Performance In this aer, it will analyze the erformance of the imrove SSL rotocol from ata security, ata E-ISSN: Volume 3, 204

4 traffic an efficiency three inicators. The security intensity of stanar RSA algorithm is etermine by the ey length which is in 024 ~536 bit ey length guaranteeing security. In the imrove RSA algorithm, the safety of an q ensure the confientiality. After the illegal users get vector, they can get an q by searching all the ossible values of vector F an G which have elements[7]. Each element has c bit, so it will nee to test 2c through the exhaustive search. When c > 72 the security is quite retty with RSA ey length 024~536 bit by calculating, therefore the imrovement of SSL rotocol still has high security. While the imrove SSL hanshae rotocol in ientity authentication, it only sens CID instea certificate of entity, reucing the amount of communication ata, imroving the hanshae rotocol connection see greatly. The hanshae transmission message in SSL rotocol an imrovement is as shown in tableⅠ. Among them, null inicates the fiel is emty, n means transfer certificate number. The client an server certificate both nee to be verifie after sening certificateverify message, therefore tae n for 2[8]. Table : The Comarison of Hanshae Message Length message orer hanshae message message length of original SSL rotocol message length of imrove SSL rotocol Client-hello r c + SID + SecNeg + V r c + SID + SecNeg + V 2 Server-hello r s + SID + V r s + SID + V 3 Certificate Cert CID 4 Server-ey-exchange SecNeg SecNeg 5 Certificate-request CertificateTye + CertificateAuthorites CertificateTye + CertificateAuthorites 6 Server-hello-one null null 7 Certificate-verify Cert n+ H(m) CID + H(m) 8 Client-ey-exchange SecNeg SecNeg 9 Change-ciher-sec Change-ciher-sec Change-ciher-sec 0 Finishe m5-hash m5-hash Change-ciher-sec Change-ciher-sec Change-ciher-sec 2 Finishe m5-hash m5-hash The length of the arameters in Table Ⅰ as follows: rc = rs =20Byte, SID =4 Byte, SecNeg =3Byte, V = lbyte, H() =20Byte, Changeciher-sec =Byte, CID =8Byte, m5- hash =6Byte, CertificateTye =Byte, CertificateAuthorites =2 Byte, SSL certificate length is estimate KB. Each message estimating length results are shown in Table Ⅱ. Transmission an verification certificate is a major cause of leaing to the SSL rotocol big traffic from Table Ⅱ. The imrove SSL hanshae rotocol transfers CID instea of the certificate reucing the traffic in the rocess of shaing hans. Its ata traffic reuces from 388 to 32 byte, is 4% of the original traffic, seeing u the SSL rotocol hanshae, enhancing the woring efficiency of the system. Hence it can eal with more the SSL connection requests. Table 2: The Message Length of Two Protocols (Unit: Byte) message orer length of hanshae message total original SSL rotocol imrove SSL rotocol The aer imroves the efficiency of SSL through imrove RSA encrytion algorithm. It uses c++ language to rogram the stanar RSA algorithm an the imrove algorithm. It aots exan Eucli algorithm to realize gc(e,φ(n)) an e-(mo φ(n)) an uses the basic metho to realize moe of ower oeration. The (len (), len (q)) that len(), len(q) resectively elegate, q igits inicates the size of RSA algorithm[9]. The algorithms ineenently run 00 times for ifferent igits of rime. The aer will comare efficiency of the imrove algorithm with stan algorithm from system initialization an ecrytion oeration two asects. The erformance comarison of two ins of algorithm initialize is shown in figure 2. The E-ISSN: Volume 3, 204

5 initialization execution time of two ins of algorithm is funamentally the same before (len (), len (q)) = (80, 60). The initialization execution time of the imrove RSA algorithm is about 40s when (len(), len(q))=(90,70), an the stanar algorithm is about 390s from the figure 2 Although the imrove RSA algorithm requires a certain time for the rivate ecomosition, the initialization time consuming is not significantly increasing with the increase of rime bits an the imrove algorithm only initializes once an erformance loss is not obvious. Hence running see of the imrove algorithm has quicene significantly in the bac of the moule an ower oeration once the algorithm is built. Fig.2 Comarison of Initialization erformance stanar algorithm neraly 0 times when (len(), len(q))=(00,80).the imrove RSA algorithm will greatly imrove the ecrytion see, shorten the hanshae connection time, hanle more requests, imrove the system efficiency. Because it ecomoses rivate ey that M, M q are comose of various small moule ower oeration comleting arallel rocessing an calculates the, q, n, n q in avance. At the time the server transfers art of ecrytion comutation to the client reucing worloa. 5 Conclusion The aer rooses an imrove SSL rotocol to realize synchronous ata secure transmission in view of the security roblem of synchronization ata in mobile atabase system. The imrove SSL rotocol ecomoses the rivate ey of RSA algorithm reucing the moe of ower oeration an re-rocesses art of the ecrytion moule so that reucing the overall running time an imroving the imlementation efficiency of the SSL rotocol. At the same time it restores server certificate on the client to abanon transferring certificate of entity in the rocess of the SSL hanshae to reuce the communication loa of the rotocol by assing the CID. The imrovements of the SSL rotocol guarantee synchronous ata securely an efficiently transorts in mobile atabase system. Fig.3 Comarison of ecrytion erformance The ecrytion erformance comarison of two algorithms is shown in figure 3.The imrove RSA algorithm ecrytion erformance is stanar algorithm about 7 times when (len(), len(q))=(80,60) from the figure 3, an the effect is more significant with the increase of rime bit. The imrove RSA algorithm ecrytion erformance is References: [] M.R. Chen, X. Zhang an K. He, Scheme of imrovement an chosen-cihertext security of ublic ey encrytion, Journal of comuter, vol.36, no.6,.49-54, 203. [2] PanosK. Chrysanthis, Transaction Processing in Mobile Comuting Environment, IEEE on Avances in Parallel an Distribute Systems, vol., no.0,.77-82, 999. [3] L. H. Yeo, A. Zaslavsy, Submission of Transactions from Mobile Worstations in a CooPerative Multiatabase Processing Environment, Proc. 4th IEEE CS International Conference on Distribute Comuting Systems. Polan. 994, [4] S. Acharya, M. Franlin an S. Zoni, Dissemination-base ata elivery using E-ISSN: Volume 3, 204

6 broacast iss, IEEE Personal Communications,.50-60, Dec [5] C. Su, L. Tassiulas, Broacast scheuling for information istribution, Proc. of IEEE Infocom, Los Alamitos, 997, [6] M. Nicola an M. Jare, Performance moeling of istribute an relicate atabases, IEEE Transaction on Knowlege & Data Engineering, vol.7, , [7] G.D. Walborn, P.K. Chrysanthis, Suorting Semantics-base Transaction Processing in Mobile Database Alications, Proceeings of 4th IEEE Symosium on Reliable Distribute Systems, vol.09,.3-40, 995. [8] E,U. Grenoble, Mobile Databases: a Reort on Oen Issues an Research Directions, ACM SIGMOD Recor, vol.33, no.2,.78-83, [9] J. Bachouse, H. Caro, A. McDonnell, Towar Public-Key Infrastructure Inter-oerability, Communications of the ACM, vol.46, no.6,.98-00, E-ISSN: Volume 3, 204