A NOVEL PARADIGM IN AUTHENTICATION SYSTEM USING SWIFI ENCRYPTION /DECRYPTION APPROACH



Similar documents
A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Advanced Authentication

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Chapter 10. Network Security

Chapter 8. Network Security

Chapter 7 Transport-Level Security

Chapter 6 Electronic Mail Security

Message Authentication Codes

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

How To Use Pretty Good Privacy (Pgp) For A Secure Communication

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Savitribai Phule Pune University

Cryptography and Network Security Chapter 15

Information Security Basic Concepts

Network Security. HIT Shimrit Tzur-David

Strengthen RFID Tags Security Using New Data Structure

SENSE Security overview 2014

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Network Security Essentials Chapter 7

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Pretty Good Privacy (PGP)

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

Overview. SSL Cryptography Overview CHAPTER 1

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

As enterprises conduct more and more

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

What is network security?

Alaa Alhamami, Avan Sabah Hamdi Amman Arab University Amman, Jordan

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Research Article. Research of network payment system based on multi-factor authentication

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Chapter 23. Database Security. Security Issues. Database Security

Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006

Chapter 1: Introduction

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Is your data safe out there? -A white Paper on Online Security

Chap. 1: Introduction

Information Security

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

Dynamic Query Updation for User Authentication in cloud Environment

Client Server Registration Protocol

Securing MANET Using Diffie Hellman Digital Signature Scheme

CPSC 467: Cryptography and Computer Security

Evaluation of the RC4 Algorithm for Data Encryption

SSL A discussion of the Secure Socket Layer

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

A Road Map on Security Deliverables for Mobile Cloud Application

Balamaruthu Mani. Supervisor: Professor Barak A. Pearlmutter

An Introduction to Cryptography and Digital Signatures

CPSC 467b: Cryptography and Computer Security

CSE/EE 461 Lecture 23

Chapter 23. Database Security. Security Issues. Database Security

A Novel Approach to combine Public-key encryption with Symmetric-key encryption

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

A REVIEW ON ENHANCING DATA SECURITY IN CLOUD COMPUTING USING RSA AND AES ALGORITHMS

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Problems of Security in Ad Hoc Sensor Network

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

A NEW APPROACH FOR COMPLEX ENCRYPTING AND DECRYPTING DATA

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Vulnerabilities in WEP Christopher Hoffman Cryptography

CS 758: Cryptography / Network Security

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

A Noval Approach for S/MIME

PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO

Network Security. Network Security. Security in Computer Networks

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Lecture 9 - Network Security TDTS (ht1)

Secure Network Communication Based on Text-to-Image Encryption

Healthcare Compliance Solutions

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Content Teaching Academy at James Madison University

Public Key Applications & Usage A Brief Insight

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Cryptography and Network Security

Network Security Protocols

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

Three attacks in SSL protocol and their solutions

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Computer Security: Principles and Practice

AMI security considerations

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Transcription:

A NOVEL PARADIGM IN AUTHENTICATION SYSTEM USING SWIFI ENCRYPTION /DECRYPTION APPROACH Shadi R. Masadeh 1, Ahmad Azzazi 2, Bassam A. Y. Alqaralleh 3 and Ali, Mousa.Al Sbou 4 1 Computer Networks Department, Isra University, Amman, Jordan 2 Computer Information Systems Department, Applied Science University, Amman, Jordan 3 Computer Science Department, Al-Hussein Bin Talal University, Ma'an, Jordan 4 Computer Science Department, Al-Hussein Bin Talal University, Ma'an, Jordan ABSTRACT Maintaining the security of your computer, network and private/sensitive data against unauthorized access and a wide variety of security threats can be challenging. Verifying data integrity and authentication are essential security services in order to secure data transmission process. In this paper we propose a novel security technique which uses new encryption and decryption algorithms to achieve authenticated communication and enhanced data integrity. The proposed technique is very complex for attackers to decode, and it is applicable to client-server architecture. KEYWORDS Authentication, PGP, swifi, HMAC, Encryption\Decryption, integrity. 1. INTRODUCTION ("Internet security and encryption," 2012) All Network users aim to access information and transfer data safely. To ensure secure transmission of information between the parties; a group of challenges must met. We confined these challenges to three areas: data Integrity, authentication and privacy (Alaidaros, Rasid, Othman, & Abdullah, 2007). Privacy refers to secure and valuable data (Diffie & Hellman, 1979) which should not be accessible unless the parties concerned are allowed to do so. Many techniques can be used to maintain and improve user privacy such as cryptography techniques (Griffin, 1998), passwords and firewall. In an unsecure environment, it is easy to break through privacy in several ways. For example, viewing data without certificate, behavior scanning or movement tracking (Hajny, Pelka, & Zeman, 2010) and eavesdropping. Recently, there is an attempt to break the privacy of the users on encrypted channels (Dusi, Gringoli, & Salgarelli, 2008). Integrity refers to the consistency and accuracy of data to ensure that unauthorized parties are prevented from modifying data Authentication (Serwan Waleed, 2011). As a result, the data which is received must be to be the same as the data sent. Protecting data transmission process is necessary to avoid any intentional or unintentional changes of these data. Any damage or distort of data will affect the feasibility of these data or information; it becomes not beneficial and not DOI : 10.5121/ijnsa.2014.6102 17

safe to use. Data can use multiple techniques such as encryption, Digital signature and Checksum to avoid any damage or distort. Authentication is the process of verifying if a user or entity or device is who claims to be. In other words it s a combination of verification and Identification. Authentication falls into three categories (Al-Assam, Sellahewa, & Jassim, 2010): Knowledge factors: something you know (e.g. Password, personal identification number) Ownership factors: something you have (e.g. Smart Card, cell phone, ID card) Inherence factors: something you are (e.g. fingerprint, signature, voice, iris, biometric). To enhance security, different types of authentication are combined. The client, host and transmission channel are the locations where authenticators can be attacked (O'Gorman, 2003). In this paper, we propose a novel approach to enhance the data integrity, authentication and privacy depending on some encryption / decryption methods by combining PGP, swifi and HMAC Systems. The proposed system provides the protection and safety to secure data transfer across networks against spoofing, tampering, repudiation, security attacks and Information disclosure. The rest of this paper is organized as follows: Section 2 describes the related work. Proposed Authentication model is discussed in Section 3. Finally, conclusions are drawn in section 4. 2. RELATED WORK According to (American Bankers, 2000), the HMAC is a technique that uses cryptographic hash functions for message authentication. This technique combines any iterative cryptographic with a shared secret key. The HMAC has two parameters, the message and a shared secret key which is known only to the sender and receiver. The sender uses HMAC to produce a value which is represents the combination of the secret key and the message input, the new value is called MAC the sender appends the MAC message and sends all to the receiver. The receiver uses HMAC and a shared secret key, that the sender used before, by applying the MAC algorithm to the received message and compares the result with the received MAC. We can insure that the message has been correctly received if the two values match. This process also provides assurance that the message comes from sender who shares the key. (Krovetz, 2006) in their paper mentioned that only the sender and receiver know the hash function which is used by sender to hash message and produce the hash value, then the sender encrypts the resulting hash value by using cryptographic function to create a message tag which is sent to receiver with the message. On the receiver s side, the user needs to verify that the receiver s tag is valid for the receiver message based on the hash function and cryptographic key which are known only to the sender and receiver. (Aljawarneh, Masadeh, & Alkhateeb, 2010), proposed a secure Wireless Fidelity (swifi) system which provides more efficiency, security and authentication for transmitted data over the network. Basically, swifi are based on HMAC Algorithm. 18

There are many steps to use swifi : First, the swifi is split into two parts: The first part is the plain text for key purposes, the second part is split into four pieces; to generate and encrypt the key using logical OR-ing and bit shifting of the data in a certain pattern in the four portions. In order to generate the key, encrypt the first part and disrupt the probabilistic phenomena of the letters in the language. Finally, within the blocks the encrypted data is shuffled to make sure that there is no similarity with original data. (Aljawarneh et al., 2010) Pretty Good Privacy, is one of the most important encryption and security applications that use efficient and confidential algorithms to secure data transmission. The PGP as a encryption program founded by Phil Zimmerman on 1991 provides complete verification and encryption for message files (McLaughlin, 2006). The PGP is considered the most key cryptographic used by the public with PGP in a secure manner so there is no need for any specific infrastructure (Chadwick, Young, & Cicovic, 1997).The security of PGP Model is trusted since it is an open Source so professional people can close any weaknesses if found, it is based on symmetric-key cryptography and use combination of data compression, hashing and public-key cryptography (Kurniawan, Albone, & Rahyuwibowo, 2011). (Abdul-Rahman, 1997),(Guibing, Jie, & Vassileva, 2011) The PGP is the first successful attempt of a free cryptographic model which is available for the public. The sender who has the private key is able to create a digital signature for corresponding public key. Digitally, PGP gives other users the ability to sign certificates that they think it is authentic, so the owner of the public key is an owner of the certificate. To verify a public key, the user needs to check if there are any digital signatures that are signed by the trusted users. PGP compresses the message and creates a public key and a private key for the sender through cryptography software. When the plain text is encrypted, the public key is encrypted to the receiver's private key which can be used by the receiver to decrypt the message (Abdul-Rahman, 1997). Although the PGP is considered as one of the best encryption techniques, it does have some disadvantages. The PGP process is considered a complex process to use on a regular basis since it is very difficult for many people to grasp the meaning of Cryptography. Also, The PGP is a twoway street that the sender and the recipient must use it, otherwise the recipient will not be able to view the encrypted data(gibson, 2002). Managing keys for a new user using PGP will be a challenge. Lost or corrupted keys lead to high risk and will not allow users to view encrypted data. 19

3. PROPOSED AUTHENTICATION MODEL Figure 1: Authentication model in Sender side In this method the sender submits a plain text message, and uses an HMAC generator to generate an HMAC for to the text. A local program generates a secure value (S_Value) which is in turn concatenated with the HMAC that is previously generated. The message is then fed to AES encryptor that generates an encrypted version of the concatenated (HMAC II S_VALUE) and concatenates the result with the original plain text message. The message is then encrypted using PGP using the receiver public key to generate the PGP encrypted message. The encrypted message is then further encrypted using swifi encryptor to generate the final message in order to be sent to the receiver as depicted in the steps below: 1- Enter the message (plain text) and then insert the Hash message authentication code (HMAC) and secured value (S_value) to the original message. 2- Concatenate the HMAC with S_value. 3- Encrypt the result from step 2 using private key as follows C ( Eprk (HMAC II S_value)) 4- Concatenate the result from step 3 with the original message (plain text) as follows: 20

C (P II (Eprk (HMAC II S_value))). 5- Encrypt the result from step 4 using PGP as follows: C Epbk (P II ( Epr (HMAC II S_value))). 6- Encrypt the result from step 5 using swifi as follows: C E swifi [Epbk (P II ( Epr (HMAC II S_value))) ]. Figure 2: Authentication model in Receiver side On the receiver's side, the receiver uses the swifi decryptor to get the PGP encrypted message, which is then decrypted using the sender's Public key with the receiver's private key. The receiver then uses the AES decryptor to retrieve the encrypted message that contains the HMAC and S_VALUE at the end of the message. The receiver then extracts the HMAC and S_VALUE, and generates a new HMAC from the received message. The receiver then compares both HMACs. If both HMACs match, the message is authenticated and has not been altered, or otherwise, the receiver sends the sender a request to resend the message. The full process is illustrated by the following steps: 1- Receive the message (cipher text) from the sender as follows: 21

C E swifi [ Epbk ( P II ( Eprk (HMAC II S_value))) ] Then the receiver decrypts the formula as follows: P D swifi [ Epbk ( C II ( Eprk (HMAC II S_value))) ] 2- Decrypt the result from step1 using PGP as follows: P Dpbk ( C II ( Eprk (HMAC II S_value))). 3- Decrypt the result from step 2 as follows: P Dprk (HMAC II S_value))). 4- Extraction the HMAC with S_value. 5- Compare the plain text (original message) from sender side with the message from receiver side. If there is no alteration of the message was found then the message is authenticated. 4. CONCLUSION A novel design approach for authentication system was presented in this paper. Our approach can reduce the security risk across networks by combining PGP, swifi and HMAC systems. The proposed system is expected to present, protect, and enhance the data integrity, Authentication and privacy. Also, it increases the strength against network risks. Furthermore, our authentication system is very complex, which means that it is almost impossible to decrypt the method. REFERENCES [1] Abdul-Rahman, A. (1997). The PGP Trust Model. EDI-Forum: The Journal of Electronic Commerce, 10(3), 27-31. doi: citeulike-article-id:8251892 [2] Al-Assam, H., Sellahewa, H., & Jassim, S. (2010). Multi-factor biometrics for authentication: a false sense of security. Paper presented at the Proceedings of the 12th ACM workshop on Multimedia and security, Roma, Italy. [3] Alaidaros, H. M., Rasid, M. F. A., Othman, M., & Abdullah, R. S. A. (2007, 14-17 May 2007). Enhancing security performance with parallel crypto operations in SSL bulk data transfer phase. Paper presented at the Telecommunications and Malaysia International Conference on Communications, 2007. ICT-MICC 2007. IEEE International Conference on. [4] Aljawarneh, S., Masadeh, S., & Alkhateeb, F. (2010). A secure wifi system for wireless networks: an experimental evaluation. NETWORK SECURITY(Jun), 6-12. [5] American Bankers, A. (2000). Keyed hash message authentication code : X9.71-2000. Wash., D.C.: ABA. [6] Chadwick, D. W., Young, A. J., & Cicovic, N. K. (1997). Merging and extending the PGP and PEM trust models-the ICE-TEL trust model. Network, IEEE, 11(3), 16-24. doi: 10.1109/65.587045 [7] Diffie, W., & Hellman, M. E. (1979). Privacy and authentication : An introduction to Cryptography. Proceedings of the IEEE, 397. 22

[8] Dusi, M., Gringoli, F., & Salgarelli, L. (2008, 8-10 Sept. 2008). A Model for the Study of Privacy Issues in Secure Shell Connections. Paper presented at the Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on. [9] Gibson, D. (2002). Email Security Risks and How To Reduce Them. 1.4. [10] Griffin, J. A. (1998, 12-13 Jun 1998). Privacy and security in the Digital Age. Paper presented at the Technology and Society, 1998. ISTAS 98. Wiring the World: The Impact of Information Technology on Society., Proceedings of the 1998 International Symposium on. [11] Guibing, G., Jie, Z., & Vassileva, J. (2011, 22-27 Aug. 2011). Improving PGP Web of Trust through the Expansion of Trusted Neighborhood. Paper presented at the Web Intelligence and Intelligent Agent Technology (WI-IAT), 2011 IEEE/WIC/ACM International Conference on. [12] Hajny, J., Pelka, T., & Zeman, V. (2010, 26-28 July 2010). Privacy protection for user authentication. Paper presented at the Security and Cryptography (SECRYPT), Proceedings of the 2010 International Conference on. [13] Internet security and encryption. (2012) Retrieved 18/12/2012, from http://www.hazemsakeek.com/scientifc_assay/internet/security.htm [14] Krovetz, T. (2006). Message Authentication on 64-bit Architectures. IACR Cryptology eprint Archive, 37. [15] Kurniawan, Y., Albone, A., & Rahyuwibowo, H. (2011, 17-19 July 2011). The design of mini PGP security. Paper presented at the Electrical Engineering and Informatics (ICEEI), 2011 International Conference on. [16] McLaughlin, L. (2006). Philip Zimmermann on What's Next after PGP. Security & Privacy, IEEE, 4(1), 10-13. doi: 10.1109/msp.2006.20 [17] O'Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE, 91(12), 2021-2040. doi: 10.1109/jproc.2003.819611 [18] Serwan Waleed, J. (2011). IMPROVEMENT OF DATA INTEGRITY USING DIFFERENT ENCRYPTION ALGORITHMS. IRAQI JOURNAL OF COMPUTERS,COMMUNICATION AND تالاصتالاو تابساحلا ةسدنهل ةيقارعلا ةلجملا CONTROL & SYSTEMS ENGINEERING.1-6,(2)11,مظنلاو ةرطيسلاو Authors Shadi R. Masadeh received a BSc degree in Computer Science and Computer Information System in 2000 and MSc degree in Information Technology in 2003. with a Thesis titled "A Mathematical Approach for Ciphering and Deciphering Techniques" After that, I received PhD from department of Computer Information System in 2009 with a Thesis titled "A New Embedded Method for Encryption/Decryption Technique Using Self Approach" My research interests including E- learning Management and Security Issues, Encryption and Decryption Systems. Networking and Wireless security. Currently, I'm working at Al-ISRA University in Computer Networks Department as assistant Prof. I have submitted a number of conference papers and journals. Ahmad Azzazi is an assistant professor in the Department of Computer Information Systems at the Applied Science University. Dr. Azzazi s research interests include software engineering frameworks, speech processing, software security, expert systems and expert systems. 23

Bassam A. Y. Alqaralleh received a BSc degree in Computer Science in 1992, graduate Diploma in Computer Information Systems in 2002 and Masters degree in Computer Science in 2004. After that, I received PhD from University of Sydney in 2010 with a Thesis titled " Addressing Data and Access Skew Problems in Data-Indexed Overlays". My research interests including Distributed Systems, Load-Balancing, Networking, Security Systems. and Wireless security. Currently, I'm working at Al-Hussein Bin Talal University in Computer Science Department as assistant Prof. I have published a number of conference papers and journals. Ali Mousa Al Sbou has got the BSc degree in computer science from Mutah University, Jordan in 2001.Andhe has got master degree in information technology from Universiti Utara Malaysia, Malaysia in 2010. He is works as a Computer lab supervisor at Al Hussein Bin Talal University, Jordan. 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information