Академический Документы
Профессиональный Документы
Культура Документы
1 2
INFORMATION SECURITY LEVEL RECLASSIFICATION N.Duraipandian , C.Chellappan
1 2
pandiandurai@yahoo.com, cchell@hotmail.com
NS | 1
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
discusses the results and section 8 concludes. implications for the company (i.e. the data is not
2. RELATED WORKS confidential). Data integrity is not vital. Loss of
Policies are written & enforced in an organization to service due to malicious attacks is an acceptable
say what would be allowed and how security danger.
mechanism should work. Policies are normally Examples: Test services without confidential data,
implemented using DAC [Sandhu et al. 1994], certain public information services, and product
MAC[Biba 1977][Martzahn 2003] , RBAC[Ferariolo brochures widely distributed data available in the
et al. 1992]models. Each has their own advantages. public domain anyway.
But in all these models dynamic classification b. Internal use only information
changes have not been done. External access to this data is to be prevented, but
Today’s scenario warrants information definition & should this data become public, the consequences are
resource access policies should adapt to network and not critical (e.g. the company may be publicly
situational threat conditions. In one method [Gupta et embarrassed). Internal access is selective. Data
al. 2003] RBAC is added with an alert priority integrity is important but not vital.
scheme to develop counter measure against attacks. Examples of this type of data are found in
Federated security management for dynamic coalition development groups (where no live data is present),
project at Tilcordia technologies suggests the use of certain production public services, certain Customer
coalition policies when networks form a coalition to Data, "normal" working documents and
provide multiple services[Bhatt et al. 2003]. project/meeting protocols, Telephone books.
Nicolls [Nicolls] believed that information is an asset c. Confidential information
of an enterprise, but different information has Data in this class is confidential within the company
different values to the enterprise, and information and protected from external access. If such data were
should be classified based on their importance. to be accessed by unauthorized persons, it could
According to the concept of information lifecycle influence the company's operational effectiveness,
management, Du [Du 2005] noted that different data cause an important financial loss, provide a
have different levels of importance, the value of the significant gain to a competitor or cause a major drop
same data may also be different in different in customer confidence. Data integrity is vital.
lifecycles, and data of different values should get Examples: Data centers normally maintain this level
different levels of protection. The work of Mathkour, of security. Salaries, Personnel data, Accounting
et. al. [Mathkour et al. 2005] revealed that data, passwords, information on corporate security
information classification depends on the impact of weaknesses, very confidential customer data and
information exposure on the information users . confidential contracts.
[Xianliang et al. 2007] Xianliang has developed the d. Highly Confidential Information Unauthorized
V-S axis method for information classification based external or internal access to this data would be
on the in-depth analysis of information value and critical to the company. Data integrity is vital. The
sensitivity. This method can be used for quantitative number of people with access to this data should be
classification of information, and is highly practical. very small. Very strict rules must be adhered to in the
Due to the increasing amount of information present usage of this data.
on the Web, Automatic Document Classification Examples: Military data, secret contracts.
(ADC) has become an important research topic 4. REQUIREMENTS FOR
[Fernando et al. 2008] ADC usually follows a CLASSIFICATION LEVEL CHANGE
standard supervised learning strategy, where authors Any method claiming to suggest the changes in
first buiild a model using pre-classified documents classification level of a file is required to consider
and then use it to classify new unseen documents. various essential information sources such as file
3. INFORMATION CLASSIFICATION usage data, organization specific data etc. In this
LEVELS section, we discuss and describe these necessary
To protect information, information is classified into information sources for building a successful system,
four levels based on their values and using any access which can suggest Classification Level change for a
control methods, access to sensitive information can file. The requirements for classification level changes
be controlled. The information can be classified [AH are:
2003][Lindsay DEC][Bob, SANS] as a.. Public 1. File usage data (or file profile) is very useful in
information determining the importance of a file. They provide
This applies to information that has been approved by information about the frequency of using file, number
the company for release to the public. Data on these of users accessing it. This information contains useful
systems could be made public without any statistics about type of actions being performed on
NS | 2
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
files and what level of users (medium or high) is the file server. U1 and U2 in Figure 1 are two users
performing the actions. requesting documents from the file server. This
2. Organizational data plays an important role when request is first validated through the policy server and
determining the change in the usage. The usage of then the document is sent to the user machines. The
files may change due to the increase or decrease in policy server keeps a tabular data about users and
the number of users associated with them. associated documents, along with the usage cost
Organizational data provides information about the B. File Profile
files related to a particular project and can thus The information in an organization is divided in to
explain the increase or reduction in usage of these highly confidential, confidential, for internal use only
files. & public. Also the users accessing this information
3. A reasoning module is required to unify the are classified into various classes such as low,
information from file usage data and organizational medium, high according to their roles in the
data to make a decision about the change. This organization. Similarly actions performed on
reasoning module combines the information and information are classified as low, medium, high.
based on the defined algorithms, comes up with These classifications are based on importance of
suggestions for classification level change action. Read is considered as a low level action,
5. PROPOSED ARCHITECTURE append a medium level action, delete & print high
Files are stored in the file server of organization. level actions. Modeling file usage pattern over a
Users can make a request for a particular file. The file period of time provides better understanding of the
server on getting a request from the user sends a deviation from its initial classification. The user
request to policy server for verifying whether the said activities on a file can be modeled in terms of user
user has the required
privileges to access the
file. If the user has
required rights, the file is
sent to the level and action level. The set of these user activities
on certain file are considered as file profile.
DISCUSSION Due to the unavailability of real data
sets containing user actions on documents we have
generated our own data set to test our architecture.
We considered file profile based on three-user level
(low, medium, high) and three levels of action on
documents (low, medium high). We assumed that no.
of actions performed on a files is random. Filet
profile is generated based on random. The value
changed of a file are plotted over a two-week period
and plotted. We have used JAVA to compute the
values of the equation1.
RFUL RFUM RFUH RILow RIMedium RIHigh
RFAL RFAM RFAH
user and the actions user can perform on that file.
This policy enforcement is done at the client machine 0.698795 0.855422 1.052257 0.963855 0.975904
where user works. The operations performed on the 1.028103 0.771084 0.662651 1.06133 1.050931
file by user is collected and used for developing a file 0.977974 0.594714 1.055755 0.885463 0.621145
profile. In this way file profile is collected daily and 1.033814 0.700441 1.032294 0.907317 1.032573
along with organization data a decision on whether 0.951219 0.878049 1.05354 0.8675 0.834146
any classification level is to be done or not is taken. 0.980488 1.035127 1 1 1 0.679012 1.037346
The reasoning module does this. 0.987456 1.040424 0.728395 1 0.307087 1.112995
1.0233 1.025794 1.04856 0.88888 0.8976 1.040678
COMPONENTS OF THE 1.037721 1.040641 0.775 0.957888 0.875 1.027562
ARCHITECTURE 1.028891 0.90786 0.5 0.65 0.634855 1.030685
A Policy Server 1.100001 0.423237 1.041098 1.0456 0.93545
A policy server is used for specifying static policies 1.026687 1.03208 1.043642 0.901554 1.1234
on each document in the pool. It validates the access 1.044675 1.028759 1.03456 0.98675 0.637306
permissions when the documents are requested from
NS | 3
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 4
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
Abstract- IEEE 802.16/WiMAX is one of the most promising feature set specifically targeted at the networking application
technologies for Broadband Wireless Access, both for fixed and domain [1], [2]. Network processors are typically software
mobile use. In reality, to successfully deploy WiMAX networks, programmable devices and would have generic
security is one of the major challenges that must be addressed characteristics similar to central processing unit. Network
[4],[5]. In this paper, we propose a network control framework
processors are special purpose, programmable hardware
to achieve secure data transmission over WiMAX. The
architecture was implemented using network processor and device that combines the low cost and flexibility of a RISC
tested for real time systems. The results clearly indicate that the processor with the speed and scalability of custom silicon
secure transmission has been achieved without affecting the (i.e., ASIC chips). Network processors are building blocks
throughput of the system drastically. used to construct network systems. A network processor
achieves flexibility by having packet processing specified
Keywords: WiMAX, IP, Security, Microengine
with software [3]. The ACESS SERVICE Network Gateway
I. INTRODUCTION of the WiMAX network is developed using a network
WiMAX is a recent wireless broadband standard that has processor to achieve security. Fig 1 illustrates the IP based
promised high bandwidth over long range transmission. In WiMAX Network Architecture.
the medium access control (MAC) layer, IEEE 802.16
supports two modes: point-to-multipoint (PMP) and mesh
[6]. The former organizes nodes into a cellular-like structure
consisting of a base station (BS) and subscriber stations
(SSs). PMP mode requires all SSs to be within the
transmission range and clear line of sight (LOS) of the BS.
On the other hand, in mesh mode an ad hoc network can be
formed with all nodes acting as relaying routers in addition
Fig 1. WiMAX Network Architecture
to their sender and receiver roles, although there may still be
nodes that serve as BSs and provide backhaul connectivity. Once the packets enters the AS gateway the processor
receives the packets and classifies the packets into their
Multihop is becoming more and more important to respective data types. The audio and video packets which
WiMAX system as it is a cost effective solution. To
require real time streaming are routed to the respective
successfully deploy multihop WiMAX networks, security is
destination ports. Encryption is performed only on the data
one of the major challenges that must be addressed Security
packets to achieve secure transmission and then is
challenges become more complicated during multihop transmitted to the output ports. RSA algorithm is used for
WiMAX networks because it does not have a mutual the encryption process. All the microengines in the network
authentication system i.e., the SS cannot authenticate the BS processor perform parallel processing thereby reducing
[4],[7]. So it is very easy for the external agent to hack the
delay in packet processing [8]. Fig 2 demonstrates the block
information In this paper, we propose a secure network
diagram of the operations performed in the network
framework for WiMAX networks whish makes it difficult
processor.
for external sources to hack the information during
transmission.
The frame work is modeled using a network processor. A
Network Processor is an integrated circuit which has a
NS | 5
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
Initialization:
REGISTER OFFSET NOTES
NS | 6
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
Initialization:
REGISTER NOTES Fig.4 Throughput of the Network before and after Encryption
CTX_ENABLES This register is used by the context arbiter and is The red line in Fig 4 indicates that the throughput of the
also used for debugging. network after encryption has dropped but it still remains at
an acceptable level thereby not affecting the performance of
Flowchart for Decryption of packets the system.
Step 1: Initialize scratch ring and DRAM registers.
Step 2: Wait until an element is pushed into scratch
NS | 7
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
V. CONCLUSION
Real time implementation of proposed architecture using
Network processor IXP2400 is achieved. A high degree of
security is achieved by encrypting the data packets using the
RSA algorithm in AS gateway. This paper also provides a
scope for the users to explore a cutting edge technology in
networking. As a future work we plan to work on the key
distribution scheme for group communication.
ACKNOWLEDGMENT
The authors wish to thank Intel Inc., for providing
facilities to implement and test the algorithms on routers
constructed using Intel IXP Network processors.
REFERENCES
[1] Samratt Bhattarcharjee et al, "An Architecture for Active Networking”
PROC. INFOCOM ‘97, April 1997
[2] David Wetherall, “Active network vision and reality – lessons from a
capsule-based system”, 17th ACM Symposium on Operating Systems
Principles (SOSP ’99)
[3] Douglas E. Comer, “Network System Design and Network
Processors”, Pearson Edition.
[4] Intel Network Processor IXP 2400 hardware and software reference
manual, 2004
[5] Wetherall, Tennenhouse, "The Active IP Option", Proc. 7th ACM
SIGOPS European Workshop, Connemara, Ireland, Sept. 1996
[6] Tennenhouse, Wetherall, "A Survey of Active Network Research”,
IEEE Communication ,Mag. ,January1997
[7] Stuart Eichart, Osman N. Ertugay, Dan Nessett, Suresh Vobbilisetty,
"Commercially viable Active Networking"
[8] Kenneth L. Calvert, Samratt Bhattarcharjee, Ellen Zegura, James
Sterbenz, "Directions in Active Networks"
NS | 8
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
ABSTRACT maximize the life time of the sensor network. In this work,
to create the mobile environment in WSN, the GloMoSim
A major technical challenge for a mobile wireless
simulator is chosen and, the AODV protocol is suitably
sensor network lies in the energy constraint at each node,
modified to choose the shortest optimal path for the
which poses a fundamental limit on the network
destination, which consumes less energy and is called as
lifetime[1]. To over come this energy constraint, in this
Modified AODV (MAODV). Also tuning the transmitter
work, an energy aware optimal routing strategy is
energy based on distance between the two nodes is carried
implemented by modifying the AODV protocol, which is
out to conserve the energy between the nodes. To
termed as Modified AODV (MAODV) and also tuning of
implement the data security the AES algorithm is
energy is carried out at each transmitting node to ensure
implemented in MAODV and is termed as SAODV and is
minimum consumption of energy. The other important
simulated using GloMoSim. The performance of such
constraint is the data security. This data security is
SAODV will be compared with the MAODV and
augmented by applying an Advanced Encryption Standard
conventional AODV in terms of energy consumption per
(AES) for WSN. This AES algorithm is implemented in
packet, average energy consumption of nodes, packet
modified AODV and this is termed as Secured AODV
delivery ratio, Average end-to-end Delay for various pause
(SAODV). Since, the nodes are mobile in nature, to
time values and the number of nodes in GloMoSim.
implement the MAODV and SAODV the environment is
created using Global Mobile Information System
This paper is organized into five sections. The
Simulator (GLOMOSIM), and the simulation is carried
present section introduces the concept of sensor networks.
out for various pause time values and the number of nodes.
Section 2 introduces the sensor networks and security,
From simulation, it is observed that in MAODV, energy consumption and the various routing strategies being
the energy consumption per packet and the Average followed in sensor networks. Section 3 deals in depth the
energy consumption of the nodes are approximately 20% functioning of the Ad hoc On demand Distance Vector
less compared to conventional AODV and the Secured protocol (AODV) and the MAODV and AES Algorithm
AODV gives better packet delivery ratio when compared .Section 4 discusses the simulated results of the proposed
to MAODV. MAODV and SAODV and also shows the Performance
analysis of SAODV compared with the MAODV, and
Key words: WSN, Energy, Routing, Ad-Hoc
conventional AODV and Conclusions are given in section
Networks, AODV, AES.
5.
I. INTRODUCTION
II. AODV AND MODIFIED AODV ROUTING PROTOCOL
Mobile Wireless sensor networks combine simple
wireless communication, minimal computation facilities, and
The AODV protocol is composed of two mechanisms
some sort of sensing of the physical environment into a new
that work together to allow the discovery and maintenance
form of network that can be deeply embedded in our physical
of source routes in an ad hoc network are: Route discovery
environment, fueled by the low cost and the wireless
and Route Maintenance.[3]
communication facilities. Because of the small size of the
sensor node and its operation is in an unattended environment Route Discovery
have many challenges [1] [2]. The research areas in wireless When a node wishes to send a packet to some
sensor network include efficient energy consumption, destination node, it checks its route table to determine
localization, routing and security. The main objective of this whether it has a current route to that node. If so, it forwards
work is to propose an optimal energy aware routing for the the packet to the appropriate next node toward the
mobile wireless sensor network to minimize the energy to
NS | 9
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
destination. However, if the node does not have a valid route Each node along the path that the Route Request
to the destination, it must initiate a route discovery process. To was propagated updates its routing table to mark the node
begin such a process, the node (call it the source) creates a from where it received the Route Reply as the next hop for
Route Request (RREQ) packet. the new route. As such, the Route Reply is propagated along
Route Request Process
the reverse path all the way to the source of the original
Route Request and the routing table of each node along the
The AODV protocol works complete by on demand, way is updated to reflect the next hop along the route.
which means that there are no periodic route updates in the
network. This means that if a node (Source) wants to send a In case the node replying to the Route Request was not
packet to another node (Destination), it first has to discover a the destination but instead knew a valid route to the
route to node (D). The first step in route discovery is that the destination, then this node also sends a needless Route
Source node (S) searches its own route cache for a route to the Reply to the destination along the path it knows to that
Destination node (D). If there is a route to the target node, destination, such that the destination knows how to reply to
then the source route uses this route to send its data package. the source when it receives data from it, without having to
If there isn’t a route to the destination then the source node explicitly send out another Route Request to search for the
sends a RREQ to its neighbors using broadcasting. This source.
RREEQ package identifies the initiator node and the target 3. PROPOSED MODIFICATION IN AODV PROTOCOL
node of the Route Discovery. Also the packet contains unique
request ID, determined by the initiator of the Route Discovery. Due to the ad-hoc nature of sensor networks and
Route request process is illustrated in Fig 1. severe battery energy limitations, energy efficient protocols
are required at all the layers of the protocol stack. Since a
When this Route Request is received by another node sensor network is deployed with an objective of gathering
the node first checks if it has already seen the combination of information, for a given initial battery energy, it is desired
the source node and the request ID of the Route Request that the network continues to function and provide data
packet. If so, it discards the packet and not processes it further. updates for as long as possible. This is referred to as the
Otherwise it is checked if this node is the target node the route maximum lifetime problem in sensor networks. During each
is searched for. If so, the node returns a Route Reply Packet to data gathering phase, nodes spend a part of their battery
the source node of the Route Request containing the route energy on transmitting, receiving and relaying packets.
from the source to the target node given by the node list within Hence the routing algorithm should be designed to
the Route Request Packet. maximize the time until the first battery expires, or a
fraction of the nodes have their batteries expired.
In the first phase of work, the shortest path is
calculated based on the distance between the source and
destination. Intermediate nodes on receiving request packet
checks in its cache whether route to the destination is
present or not. If route is present, it then gets the hop count
from the source to the destination. Shortest Route can not be
Fig.1 Route request process determined only based on the number of hop counts alone.
And so the distance between the nodes is calculated from
Route Reply Process the time it takes for the RREP which takes minimum time to
reach the source from the destination. This ensures
If a node is the destination, or has a valid route to the conservation of the energy in the nodes. In order to reduce
destination, it unicasts a route reply message (RREP) back to the energy consumption per node, the transmitting nodes are
the source [4]-[6]. When a node contains an up-to-date route tuned based on the distance between the intermediate nodes
to a destination that is the target of a Route Request it to conserve the minimum energy. In the second phase the
receives, or is the destination itself, it unicasts a Route Reply AES algorithm is applied for data security and is simulated
(RREP) message back to the node from which it received the using GloMoSim. During, simulation first the energy aware
Route Request. Route Reply process is shown in Fig 2. optimal routing algorithm is invoked and after finding the
optimal route the encrypted packets are transmitted along
this route.
Algorithm
NS | 10
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
Step 1: While transmitting the reply packet, check all the entries distributed between 0 and the maximal velocity.
in the route table at each node in the forward path. Subsequently, the node drives to the selected point at
Step 2: If the next node is source node then it will wait until the constant speed. After arriving at the end point the node
timer expires and forward the information to the next remains there for a certain time. Subsequently, the node
node. repeats the operation by selecting a new end point and a
Step 3: If the next node is not source node them it will calculate new speed. When the pause time is 0 seconds, the nodes
the minimum energy (remaining energy) required to move constantly. In contrast, when the pause time is 900
transmit. seconds the nodes do not move at all. Five pairs of source-
Step 4: Now the remaining energy is compared with the destination were taken for simulation with a transmitted
received energy. power of 15-dBm.Constant Bit Rate (CBR) traffic was
Step 5: If the remaining energy is not less than the received chosen for our simulation to ensure minimum delay.
energy go to the step 3.
Step 6: If the remaining energy is less than the received energy COMPARISION OF MODIFIED AODV WITH AODV
then assign the received energy to the transmitter, and
then go to step 2. To get a better idea of the performance of MAODV
protocol it is compared with the conventional AODV. The
AES Algorithm performance metrics like Energy Consumption per Packet,
Average end-to-end Delay, Packet delivery ratio are
For the AES algorithm, the length of the input block,
considered for evaluation purpose. The comparison between
the output block and the State is 128 bits. This is represented
AODV and MAODV was carried out in terms of the
by Nb = 4, which reflects the number of 32-bit words (number
average energy consumption, energy consumption per
of columns) in the State [7][8]. The length of the Cipher Key,
packet. The snapshot of the node connections are shown in
K, may be 128, 192, or 256 bits. The key length is represented
Fig 3.
by Nk = 4, 6, or 8, which reflects the number of 32-bit words
(number of columns) in the Cipher Key.
In AES algorithm, the number of rounds to be
performed during the execution of the algorithm is dependent
on the key size. The number of rounds is represented by Nr,
where Nr = 10 when Nk = 4, Nr = 12 when Nk = 6, and Nr =
14 when Nk = 8. The only Key-Block-Round combinations
that conform to this standard are given in Table 1.
NS | 11
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
their own node ids in the request packet and rebroadcast that
route request packet, with recalculated energy. The energy is
calculated, based on the transmitted energy and the received
energy and is given by the equation 2.
NS | 12
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
Number of
nodes MAODV SAODV
50 24.25698563 24.26542562
60 25.9022405 25.91254256
70 26.25698543 26.4562562
80 28.65985422 28.93652145
90 31.77823534 31.93562452
100 31.9856521 32.01254625
110 29.273709 30.2563252
Fi
g .9 Variation of Average end-to-end delay with pause
time for 70 nodes
Different Pause
times MAODV SAODV
0 23.85929692 24.6254852
100 26.27346181 27.25648568
200 28.09148871 29.25658458
300 28.20997351 29.9564585
Fig .11 Variation of Average end-to-end delay with
400 30.0508246 30.25458965 Number of nodes
NS | 13
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
Packet delivery ratio. The packet delivery ratio is the ratio 5. CONCLUSION
between the number of packets sent by constant bit rate
sources (CBR, “application layer”) and the number of received The proposed MAODV in this work which minimizes the
packets by the CBR sink at destination. It describes percentage energy consumption and there by maximizes the lifetime of
of the packets which reaches the destination. Simulation is the network. The performance of the proposed MAODV is
carried out for 5 pairs of communicating nodes and the compared with the conventional AODV. The simulation
number of nodes are assumed to be 50, and to be the pause result shows that the MAODV performs much better under
time varied from 0 to 900ms , the packet delivery ratio is different terrain scenarios. From the simulation results, it is
calculated for MAODV and SAODV and is plotted in figs 12 observed that in MAODV the energy consumption per
and 13 . From this it is shown that there is the slight packet and average energy consumption per nodes are
improvement in packet delivery ratio in the case of SAODV reduced by 20%, and the throughput is improved. Hence the
compared to MAODV. MAODV performs better then that of the conventional
AODV. Secondly, the AES algorithm is applied for data
security and is simulated using GloMoSim. During,
simulation first the energy aware optimal routing algorithm
is invoked and after finding the optimal route the packets
are transmitted along this route. The performance of
MAODV without data security and SAODV with data
security is carried out in GloMoSim, and the results are
compared in terms of packet delivery ratio, Average end-to-
end Delay for various pause time values and for different
number of nodes. From, the simulation results it is observed
Fig.12 Variation of packet delivery ratio with Pause time that the SAODV gives better packet delivery ratio when
compared to MAODV as the data is secured in the case of
SAODV.
REFERENCES
NS | 14
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
Abstract—Ad hoc networks are self organizing, self cooperating II. OVERVIEW OF AODV PROTOCOL
networks in which each node acts as a router and forwards other
In AODV [1,2], path discovery is entirely on-demand.
nodes’ data. AODV (ad-hoc on demand distance vector protocol) is a
routing protocol used in ad hoc networks. The properties of the When a source node needs to send packets to a destination to
protocol are exploited by intruders to cause so many attacks which it has no available route, it broadcasts a RREQ (Route
including Denial of Service (DoS) attacks. A DoS attack refers to Request) packet to its neighbors. Each node maintains a
denying service to a legitimate user in the network, by disturbing monotonically increasing sequence number to ensure loop free
network services. The DoS attacks addressed in this paper are routing and supersede stale route cache. The source node
flooding attack and rushing attack. This paper proposes solution to
includes the known sequence number of the destination in the
both these attacks and also proposes the ways to minimize control
overhead in AODV protocol. Simulations will be done in ns2 to RREQ packet. The intermediate node receiving a RREQ
compare the performance of existing AODV protocol with improved packet checks its route table entries. If it possesses a route
AODV. towards the destination with greater sequence number than that
in the RREQ packet, it unicasts a RREP (Route Reply) packet
Keywords— Ad hoc Networks, Denial of Service attacks, back to its neighbor from which it received the RREQ packet.
Routing protocols. Otherwise, it sets up the reverse path and then rebroadcasts the
RREQ packet. Duplicate RREQ packets received by one node
I. INTRODUCTION are silently dropped. In this way, the RREQ packet is flooded
NS | 15
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
broadcasts a RREQ, it waits up to roundtrip time for the any further RREQs from this Route Discovery. When non-
reception of a RREP. If a RREP is not received within that attacking RREQs arrive later at these nodes, they will discard
time, the source node sends a new RREQ. When calculating those legitimate RREQs. As a result, the initiator will be
the time to wait for the RREP after sending the second RREQ, unable to discover any usable routes (i.e., routes that do not
the source node must use a binary exponential back-off. include the attacker) containing at least two hops (three
Hence, the waiting time for the RREP corresponding to the nodes). In general terms, an attacker that can forward RREQs
second RREQ is 2 * round-trip time. The RREQ packets are more quickly than legitimate nodes can do so, can increase the
broadcast in an incrementing ring to reduce the overhead probability that routes that include the attacker will be
caused by flooding the whole network. The packets are discovered rather than other valid routes. Whereas the
discussion above has used the case of nodes that forward only
flooded in a small area (a ring) first defined by a starting TTL
the first RREQ from any Route Discovery, the rushing attack
(time-to-live) in the IP headers. After RING TRAVERSAL
can also be used against any protocol that predictably forwards
TIME, if no RREP has been received, the flooded area is
any particular REQUEST for each Route Discovery.
enlarged by increasing the TTL by a fixed value. The
procedure is repeated until a RREP is received by the
originator of the RREQ, i.e., the route has been found.
NS | 16
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 17
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
IV CONCLUSION
Thus in this paper we have seen the two main DoS attacks
that exploits the properties of AODV, Rushing attack and
Flooding attack. This paper also gives a method to reduce the
control overhead in communication. The solutions suggested
in this paper will be simulated using ns2[8,9] and results will
show that definitely the solutions can overcome DoS attacks.
NS | 18
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 19
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
The client sends a clear text message to the AS requesting a. Upon receiving messages E and F from TGS, the
services on behalf of the user. Sample message: "User client has enough information to authenticate itself to
XYZ would like to request services". Note: Neither the the SS. The client connects to the SS and sends the
secret key nor the password is sent to the AS. following two messages:
a. The AS checks to see if the client is in its database. If Message E from the previous step (the
it is, the AS sends back the following two messages client-to-server ticket, encrypted using
to the client: service's secret key).
Message B: Ticket-Granting Ticket (which b. The SS decrypts the ticket using its own secret key to
includes the client ID, client network retrieve the Client/Server Session Key. Using the
address, ticket validity period, and the sessions key, SS decrypts the Authenticator and sends
client/TGS session key) encrypted using the the following message to the client to confirm its true
secret key of the TGS. identity and willingness to serve the client:
b. Once the client receives messages A and B, it Message H: the timestamp found in client's
decrypts message A to obtain the Client/TGS Session Authenticator plus 1, encrypted using the
Key. This session key is used for further Client/Server Session Key.
communications with TGS. (Note: The client cannot
decrypt Message B, as it is encrypted using TGS's c. The client decrypts the confirmation using the
secret key.) At this point, the client has enough Client/Server Session Key and checks whether the
information to authenticate itself to the TGS. timestamp is correctly updated. If so, then the client
can trust the server and can start issuing service
1.1.3 Client Service Authorization Steps: requests to the server.
a. When requesting services, the client sends the d. The server provides the requested services to the
following two messages to the TGS: client.
NS | 20
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
significantly less computing power than traditional 2.1 PERFORMANCE ANALYSIS OF INTEGRATION
identification paradigms, which makes them especially
The integration of Zero Knowledge Protocols in Kerberos
appealing for small wireless devices. [5] Unfortunately, little
environment enlists the following merits:
work has been done to implement ZKP algorithms and validate
• The Authentication server cannot learn anything from the
their completeness and soundness on a practical level
protocol. The AS does not learn anything in the process of the
[12].Zero Knowledge Protocols are instances of Interactive
proof that he could derive from public information by himself.
Proof Systems, wherein a prover and a verifier exchange
This is the central concept of zero knowledge, i.e., zero amount
challenges and responses, typically dependent on random
of knowledge is transferred.
numbers (ideally, the outcomes of fair coin tosses) which they
• The Client cannot cheat the Authentication server. If the
are allowed to keep secret.[7] The proofs in this context are
client doesn’t know the secret, it can only fool AS with an
probabilistic rather than absolute as in the mathematical sense.
incredible amount of luck. The odds that an impostor can cheat
These proofs need only be correct with a certain bounded
the AS can be made as low as necessary by increasing the
probability. The client proves its identity with the
number of rounds executed in the protocol.
Authentication server based on Guillou – Quisquater protocol
• The AS cannot cheat the Client. The AS cannot get any
[5] [6] and is as follows:
information out of the protocol, even if it doesn’t stick to the
A trusted third party chooses two large primes p and q to rules. The only thing AS can do is decide when it accepts that
calculate the value of n =p x q. It also chooses an exponent e, the client actually knows the secret. The client will always
which is co prime with Φ = (p-1) x (q-1). The values of n and reveal one solution of many; by doing this it insures that the
e are announced to be public; the values of p and q are kept to secret remains intact.
be secret. The trusted party chooses two numbers for each • The AS cannot pretend to be the Client to a third party. As
entity, v is public and s which is secret such that s e x v ≡ 1 stated earlier, no information flows from client to
mod n. The three exchanges constitute a round; verification is Authentication server. This precludes AS from trying to
repeated several times with a random value of c between 1 and masquerade as the client to a third party. Nevertheless, some
e. The client must pass the test in each round to be verified. If ZKP protocols are vulnerable to man-in-the-middle attacks, in
it fails, the process is aborted and it is not authenticated else it which an eavesdropper relays traffic to achieve the desired
is granted with the ticket that is encrypted with the public key impersonation effect.
of the client using RSA algorithm. The figure shows one
round. III.CONCLUSION
The use of Zero Knowledge protocols for authentication of
the client with the Authentication server does not report any
degradation with usage. [9] Zero Knowledge protocols are also
resistant to chosen text attacks. [10] Most Zero Knowledge
and Public key protocols depend on the unproven assumptions
(quadratic residuosity, factoring, discrete log, etc). The use of
Zero knowledge protocols completely eliminates the
drawbacks of password Authentication. With a negligible
amount of downtime, any machine can be configured to act as
authentication server. No points of vulnerability can be
reported for compromising the Authentication server. However,
ZK protocols are usually less efficient than PK protocols. This
is an important factor to consider in certain application
environments where (hard or soft) real time computations are
to be ensured. Further enhancements could be done for
reducing the computational power required in Guillou
quisquater protocol which is three times higher than Feige Fiat
Shamir protocol[13]. Future Work can be focused upon the
design of algorithm that could generate the session key to be
shared between the client and the Authentication server based
on the challenge Response interactions.
REFERENCES
The Client Service Authorization Steps with the Ticket [1] web.mit.edu/Kerberos/
Granting server and Client Service Request Steps with the [2] en.wikipedia.org/wiki/Kerberos_protocol
server (That provides the required service) are the same as in [3] www.kerberos.info
[4]Hannu A. Aronsson, Zero knowledge protocols and small systems.
original Kerberos environment. Technical report, Helsinki University of Technology. 2000
NS | 21
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
http://www.tml.hut.fi/Opinnot/Tik-110.501/1995/zeroknowledge.html,
[5] L. C. Guillou, et al., Advances in Cryptology—Eurocrypt '88, pp. 123-
128, A Practical Zero-Knowledge Protocol Fitted to Security
Microprocessor Minimizing Both Transmission and Memory, May 25-27,
1988.
[6] J-J. Quisquater, et al., Electronics Letters, vol. 18, No. 21, pp. 905-907,
Fast Decipherment Algorithm for RSA Public-Key Cryptosystem, Oct. 14,
1982.
[7] Gerardo I. Simari, A Primer on Zero Knowledge Protocols, Universidad
Nacional del Sur - June 27, 2002
[8] G.Gaskel and M.Loi, Integrating SmartCards into Authentication Systems,
Procedings of Cryptography Poliyand Algorithms Confernce
vSpringerVerlag, Lecture Notes in Computer Sience,July195, pages270-
281.
[9] Joan Boyar, Katalin Friedl, and Carsten Lund. Practical zero-knowledge
proofs: Giving hints and using deficiencies. Lecture Notes in Computer
Science, 434:155-, 1990.
[10] Ronald Cramer and Victor Shoup. A practical public key cryptosystem
provably secure against adaptive chosen ciphertext attack. Lecture Notes
in Computer Science, 1462:13-, 1998.
[11] Bruce Schneier. Applied Cryptography, Wiley & Sons, 1994, ISBN 0-471-
59756-2, 1994.
[12] Brandt, et al., Advances in Cryptology—Crypto '88 Proceedings, pp. 583-
588, ―Zero-Knowledge Authentication Scheme with Secret Key
Exchange‖,Aug.21-25,1988.
[13] Fiat, et al., Advances in Cryptology—Crypto '86 Proceedings, pp. 186-
194, ―How to Prove Yourself: Practical Solutions to Identification and
Signature Problems‖, Aug. 11-15, 1986.
NS | 22
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
1
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
distributing them to the group members is called Optimize the latency: Thus induces minimization of
rekeying operation. Rekeying is required in secure data transmission time.
multicast to ensure that a new member cannot Optimize the energy consumption: This induces
decrypt the stored multicast data (before its joining) minimization of number of transmissions for the
and prevents a leaving member from eavesdropping forwarding messages to all the clusters.
future multicast data. The remainder of this paper is structured as
A critical problem with any rekey technique is follows. Section 2 presents the related works about
scalability. The rekey process should be done after multicast key management protocols in MANETs.
each membership change, and if the membership Section 3 deals with the proposed approach, which
changes are frequent, key management will require a reduces rekeying overhead based on group clustering.
large number of key exchanges per unit time in order Section 4 presents the simulation results of the
to maintain both forward and backward secrecies. proposed approach. Finally, Section 5 concludes the
The number of TEK update messages in the case of paper.
frequent join and leave operations induces “1 affects II. RELATED WORKS
n” phenomenon.
To overcome this problem, several approaches Key management is the core challenging area in
propose a multicast group clustering. Clustering is security. Existing multicast key management
dividing the multicast group into several sub-groups. approaches are presented in the coming section.
Each sub group is managed by a Local controller
(LC) is responsible for local key management within A. Multicast Key management approach
its cluster. Thus, after Join or Leave procedures, only
members within the concerned cluster are affected by Several key management protocols for securing
rekeying process, and the local dynamics of a cluster multicast communications in ad hoc networks have
does not affect the other clusters of the group. been proposed. They are basically classified into
Moreover, few solutions for multicast group three main approaches as shown in figure 1.
clustering did consider the energy and latency issues
to achieve an efficient key distribution process,
whereas energy and latency constitutes main issue in
Key management Protocols
ad hoc environments.
This paper presents a new clustering scheme for
multicast key distribution in mobile adhoc networks.
It uses MAC 802.11 for providing communication
between nodes. It provides channel bandwidth for Centralized Distributed Decentralized
minimization of congestion that occurs during
transmission. It also uses congestion control
mechanism to control flooding message. It sends
acknowledgement for each transmission in order to Static Dynamic
reduce the retransmission. It uses DSDV (Destination clustering clustering
Sequenced Distance Vector) routing protocol to
maintain routing table periodically and event-
triggered exchanges the routing table for electing the Figure 1. Classification of multicast key management
cluster head and distributing the keys when a node Approaches
joins and leaves. Thus this new clustering scheme Centralized approach: In Centralized approach, a
deals with integrating OMCT (Optimized Multicast designated single entity (eg. The global controller,
Cluster Tree) a dynamic clustering scheme with the group leader or a key server) is responsible for
DSDV routing protocol, which becomes easy to elect generation and distribution of unique symmetric key
the local controllers of the clusters and updates to all the group members. For example GKMAN[11]
periodically as the node joins and leaves the cluster. and KAYA AND AL[8] belong to this approach.
This integrated approach is demonstrated as Distributed approach: In Distributed approach, all
Optimize the bandwidth consumption: This induces multicast group members cooperate and collaborate
minimization of multi hop retransmission within the to ensure a secure multicast communication between
cluster by providing acknowledgement. them. For example Chiang and AL[6] proposes a
distributed group key management protocol for
NS | 24
2
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
MANET based on GPS measures and on the group strongly correlated clusters property. The election of
key exchange. local controllers is done according to the localization
Decentralized approach, The decentralized approach and GPS information of the group members, which
divides the multicast group into subgroups or does not reflect the true connectivity between nodes.
clusters, each sub-group is managed by a LC (Local
Controller) responsible for security management of B. DSDV
members and its subgroup. Two kinds of DSDV (Destination Sequenced Distance Vector)
decentralized protocols are distinguished as static is a table driven proactive routing protocol designed
clustering and dynamic clustering. for mobile ad hoc networks. This protocol maintains
In Static clustering approach, the multicast routing table as a permanent storage. Routes are
group is initially divided into several subgroups. maintained through periodically and event triggered
Each subgroup shares a local session key managed by exchanges the routing table as the node join and
LC. Example: IOLUS [9] and DEP[ 7] belongs to the leave. Route selection is based on optimization of
category which are more scalable than centralized distance vector. It avoids routing loops and each node
protocol. has a unique sequence number which updates
Dynamic clustering approach aims to solve periodically. It is mainly used for intra cluster
the “1 affect n” phenomenon. This approach starts a routing. It allows fast reaction to topology changes.
multicast session with centralized key management Thus DSDV protocol is simple, more dynamic and
and divide the group dynamically. Example: AKMP needs less convergence time. Thus the proposed
[1], SAKM [5] belong to this approach and are approach uses DSDV routing protocol to find 1-hop
dedicated to wired networks. Enhanced BAAL [2] neighborhood of each node.
and OMCT [3,4] proposes dynamic clustering Each node in the network selects, its own child
scheme for multicast key distribution in adhoc among its symmetric 1-hop neighborhood. It must
networks. reach all its symmetric strict 2-hop neighbors,
OMCT [3,4] (Optimized Multicast Cluster through its LCs.
Tree) is a dynamic clustering scheme for multicast The proposal of this paper is to enhance OMCT
key distribution dedicated to operate in ad hoc by integrating with DSDV routing protocol, which
networks. This scheme optimizes energy makes easy to elect the Local Controllers of the
consumption and latency for key delivery. OMCT clusters and updates periodically as the node joins
needs the geographical location information of all and leaves the cluster.
group members in the construction of the key
distribution tree. Thus, a Global Positioning System III OMCT WITH DSDV
(GPS) is assumed to be available. During multicast
group initialization, every group member is attached The main idea of this clustering key distribution
to the group source, called Global Controller (GC). protocol is to use DSDV routing protocol to
This entity is responsible for the TEK generation and elect the local controllers of the created clusters. It
its distribution to all group receivers. In addition, the uses MAC 802.11 for providing communication
GC periodically verifies whether the group is highly between nodes. It provides channel bandwidth for
correlated, and verifies whether the key distribution minimization of congestion that occurs during
process is optimal. This is done by evaluation of transmission. It uses congestion control mechanism
cluster cohesion as to control flooding messages. It sends
Cluster Cohesion = M acknowledgement for each transmission in order to
C reduce the retransmission.
M= members in the LC range The principle of this clustering scheme is to start
C = Cluster members number with the group source GC, to collect its 1-hop
This parameter measures the proximity of the neighbors by DSDV, and to elect LCs which are
cluster members compared to their controller. This group members and which have child group members
cohesion parameter allows verifying if a cluster is (the LC belongs to the unicast path between the
strongly correlated. source and the child group members). The selected
Once the clusters are created within the multicast nodes will be elected as local controllers.
group, the new LC become responsible for the local At this step, the group members which are 2-
key management and distribution to their local hops neighbors of the group source are covered by
members, and also for the maintenance of the the elected LCs. This scheme iterates until LCs
NS | 25
3
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
covers all the group members. The same rule is All the members reachable by this new LC will form
executed for a node, which is a group member, and a new cluster.
which has child group members, becomes a LC. The Step3:
multicast tree is thus constructed as shown in figure If group members exist which do not belong to
2. formed clusters due to the cohesion parameter
smaller than the threshold. This approach chooses
from these remaining group members the nodes that
have the maximum reachability to the others nodes in
one hop. This reachability information is collected
through the DSDV routing protocol, consolidated
through OMCT signaling. However, the created
clusters do not cover group members yet. Thus,
nodes are selected as local controllers for the
remaining group members.
The principles of the proposed clustering approach
are described in algorithm 1.
Algorithm 1 OMCT_with_DSDV (Clusterhead)
//STEP 1
Figure 2. OMCT with DSDV ListLCs = Cluster Head
In this example shown in figure 2, the group Listnodes = {1, 2, 3, ..., c} //c is the number of
source GC 0 collects its 1-hop neighbors by DSDV, cluster members
and elects LCs node 1 and 7, which are group //STEP 2
members and which have child group members as for ( i = 1 to List nodes ) do
2,3,4,5,6 and 8,9,10,11,12 respectively. The selected if (Listnodes ≠ φ ) then
nodes will be elected as local controllers. However, if ( i ε multicast group) && ( i has group
during the election of these LCs, their authentication members
must be checked to avoid malicious behaviors. To do Childs) then
so, authentication and identification of nodes are ListLCs = ListLCs ∪ { i } ; // Add i to the local
ensured via the CBIDs technique CryptoBased controllers list
IDentifiers [10]. Each node in the network generates Listnodes = Listnodes / {group members covered
its public and private keys and computes its CBID by i };
according to these keys. The crypto based identifiers // Remove members covered by i of the members
are statically unique and cryptographically verifiable, list
ensuring a strong cryptographic relation between OMCT_with_DSDV ( i ) ;
public and private keys, and it is almost impossible // Execute recursively the algorithm applied to i
that two entities in the network have the same end if
identifier. end if
A. OMCT with DSDV Algorithm end for
The main steps of OMCT with DSDV algorithm are //STEP 3
as follows: if (Listnodes ≠ φ ) then
Step1: for ( j = 1 to Listnodesnumber ) do
Initially, the list of LCs contains only the source Compute the reachability factor of j : number of
of the group, which computes the cohesion factor of members in List nodes, in 1-hop from the node
its group and decides to cluster it by electing new end for
local controllers and forming new clusters. The list of while (List nodes = i ) do
the current LC is collected. // Group of child nodes provide reachabi;ity
Step2: factor
Traverse the list nodes, while there are group ListLCs = Listnodes {i}; // LC joins the new
members not yet covered by LCs, and verify for each member lists
one if it is a group member and if it has a child group ListLCs ≠ Listnodes {i};
members. In case of success, add the LC to the list of // Remove from the members list
LCs, and withdraw from the list of group members. end while
end if
NS | 26
4
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
IV EXPERIMENTAL RESULTS
5
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
References
NS | 28
6
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 29
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 30
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
authorization and delegation across domains as decision language used to represent the runtime
disparate parties come together in virtual request for a resource.
organizations are critical.
When a policy is located which protects a
3.4 An improved general model for resource, functions compare attributes in the
Delegation and Privacy. request against attributes contained in the policy
In the long-term, scalability, functional rules ultimately yielding a permit or deny
requirements and privacy considerations all decision.
require a new, detailed, model of delegation and
token privacy. Fine grain delegation and pull as
well as push mechanisms for delegation need to
be considered.
4. Design
The grid-wide intrusion detection is
based on studying the behavior of the users who
are requesting for the service and compare them
with the policies written for that particular
service. Actions should be taken as specified in
the EACL listing. The design is discussed in
detail as follows. Figure 1: Authorization process using XACML
NS | 31
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 32
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 33
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 34
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
If not present, the function checks for Besides making access control decisions, this
the database whether the current IP is used by model also support functions such as
any other user. And also checks for the other Ips notification, logging, dynamic intrusion detection
the currents user has used before. If the IP is & response that are correlated to the
repeated and some other user has already used authorization phase.
this IP, the the current user is said to have
spoofed the IP and hence banned temporarily 7. References
from using the services with that spoofed IP [1]GIDA: Toward Enabling Grid Intrusion Detection
thereby preventing the illegal use of resources in SystemsM. F. Tolba M. S. Abdel-Wahab I. A. Taha A. M.
Al-Shishtaw 2006
the name of an authorized USER. [2]Towards a Grid-wide Intrusion Detection System Stuart
Kenny and Brian Coghlan Trinity College Dublin, Ireland
6. Conclusion 2005
[3]Simon Godik, Tim Moses, Extensible Access Control
This intrusion detection model provides Markup Language (XACML) Version 1.0
a straightforward and uniform interface for [4]IEEE: Defending Yourself:The Role of Intrusion
access control. By integrating into grid services, Detection Systems John McHugh, Alan Christie, and Julia
instead of rewriting and recompiling the source Allen,Software Engineering Institute, CERT Coordination
Center
code for access control, administrators can easily Integrating Grid with Intrusion Detection Fang-Yie Leu*, Jia-
customize their specific security requirements by Chun Lin**, Ming-Chang Li, Chao-Tung Yang, Po-Chi Shih
simply writing Extended Access Control List Department of Computer Science and Information
(EACL) policies in plaintext. Engineering, Tung-Hai University, Taiwan. -2006
[5]I. Foster, C. Kesselman, G. Tsudik, S. Tuecke, A Security
By implementing each mechanism as a Architecture for Computational Grids.Proc. 5th ACM
condition, it can easily and seamlessly Conference on Computer and Communications Security
incorporate multiple grid security mechanisms Conference, pp. 83-92,1998.
and local security mechanisms together. The [6]Federated Access Control and Intrusion Detection for Grid
Computing 2003,Li Zhou Clifford Neuman,Information
interrelation (AND, OR, etc.) among these Science Institue,University of Southern California,Marina del
mechanisms can be freely regulated by EACL. Ray, CA 90292 {zhou,bcn}@isi.edu
Moreover, to introduce a new security [7]The Anatomy of the Grid Enabling Scalable Virtual
mechanism into the Grid system, we only need to Organizations *
Ian Foster Carl Kesselman § Steven Tuecke • {foster,
implement it as a new condition. This tuecke}@mcs.anl.gov, carl@isi.edu-2002
mechanism could dynamically take effect as [8] The Physiology of the Grid An Open Grid Services
soon as we add the corresponding condition into Architecture for Distributed Systems Integration Ian Foster,
the EACL policy. Carl Kesselman, Jeffrey M. Nick, Steven Tuecke,2006
[9]Choon, O. T.; Samsudim, A. Grid-based Intrusion
Aided by GSTP(the database Detection System. The 9th IEEE Asia-Pacific Conference
maintaining all the details of the users identity, Communications, September 2003.
timing and resource utilization), the model can [10]Fang-Yie Leu , Jia-Chun Lin , Ming-Chang Li , Chao-
make interoperable access control decisions on Tung Yang , Po-Chi Shih, Integrating Grid with Intrusion
Detection, Proceedings of the 19th International Conference
the basis of real-time information from other grid on Advanced Information Networking and Applications,
services that are located remotely. Thus, p.304-309, March 25-30, 2005
advanced access control in a distributed manner [11]Wood, M. Intrusion Detection message exchange
such as global quota, dynamic lockdown, etc. requirements. Draft-ietf-idwg-requirements-10, October
2002. Available at http://www.ietf.org/internet-drafts/draft-
can be fulfilled straightforwardly. ietf-idwg-requirements-10.txt. Access March 2006.
This supports a hierarchy of security [12] FY Leu, JC Lin, MC Li, CT Yang - Proceedings of the
policies. Besides the local policy defined for 29th Annual International Computer, 2005 –
each grid service, host administrators can impose doi.ieeecomputersociety.org Page 1. A Performance-Based
Grid Intrusion Detection System Fang-Yie Leu,Jia-Chun
their host-wide policies, and virtual organization Lin, Ming-Chang Li, Chao-Tung Yang Department.
administrators can impose its global policy on all [13]Giles, K., Marchette, D. J., and Priebe, C. E. (2003).A
grid services within their corresponding backscatter characterization of denial-of-service attacks in
domains. Since it's difficult for every individual Proceedings of the Joint Statistical Meetings
[14]Marchette, D.J. Computer Intrusion Detection and
grid service to define its local policy elaborately Network Monitoring: A Statistical Viewpoint. Springer, New
enough to protect itself from all potential York. 2001
security threats dynamically, conforming to host- [15]Marchette, D.J. (2002). A study of denial of service
attacks on the internet.
wide policies and global policies could give the
In Proceedings of the Army Conference on Applied
grid service a more robust level of security. Statistics, pages 41-60.
[16]Moore, D., Voelker, G.M., and Savage, S. (2001).
Infering Internet denial-of-service activity. Available on the
web at www.usenix.org/publications/library/
NS | 35
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 36
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
ABSTRACT
1. INTRODUCTION
The techniques such as secured A random password generator is
socket layer (SSL) with client-side software program or hardware device
certificates are well known in the that takes input from a random or
security research community. Most pseudo-random number generator and
commercial web sites rely on a relatively automatically generates a password.
weak form of password authentication, Random passwords can be generated
the browser simply sends a user’s manually, using simple sources of
plaintext password to a remote web randomness such as dice or coins, or
server, often using SSL. Even when used they can be generated using a computer.
over an encrypted connection, this form
of password authentication is vulnerable While there are many examples
to attack. of "random" password generator
programs available on the Internet,
The proposal design and develop generating randomness can be tricky and
a user interface, and implementation of a many programs do not generate random
browser extension, password hash, that characters in a way that ensures strong
strengthens web password security. A common recommendation is
authentication. Providing customized to use open source security tools where
passwords, can reduce the threat of possible, since they allow independent
password attacks with no server changes checks on the quality of the methods
and little or no change to the user used. Note that simply generating a
experience. The proposed techniques are password at random does not ensure the
designed to transparently provide novice password is a strong password, because
users with the benefits of password it is possible, although highly unlikely,
practices that are otherwise only feasible to generate an easily guessed or cracked
for security experts. Experimentation are password.
done with Internet Explorer and Fire fox
implementations and report the result of A password generator can be part
initial user. of a password manager. When a
NS | 37
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 38
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 39
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
(a-z, 0-9)
3. METHODOLOGY
Mixed case 62 5.95 bits
Random password generators letters and digits
normally output a string of symbols of (a-z, A-Z, 0-9)
specified length. These can be individual
characters from some character set,
syllables designed to form All standard U.S. 94 6.55 bits
pronounceable passwords, or words keyboard
from some word list to form a characters
passphrase. The program can be
customized to ensure the resulting
Dice ware word 7776 12.9 bits
password complies with the local
list
password policy, say by always
producing a mix of letters, numbers and
special characters. Thus an eight character password
of single case letters and digits would
The strength of a random have 41 bits of entropy (8 x 5.17). The
password can be calculated by same length password selected at
computing the information entropy of random from all U.S. computer
the random process that produced it. If keyboard characters would have 52 bit
each symbol in the password is produced entropy; however such a password
independently, the entropy is just given would be harder to memorize and might
by the formula be difficult to enter on non-U.S.
keyboards. A ten character password of
H = Llog2 N = L (log N/ log 2) single case letters and digits would have
essentailly the same strength (51.7 bits).
where N is the number of possible
symbols and L is the number of symbols Any password generator is
in the password. The function log2 is the limited by the state space of the pseudo-
base-2 logarithm. H is measured in bits. random number generator, if one is used.
Thus a password generated using a 32-
bit generator has a maximum entropy of
Symbol set N Entropy/sy 32 bits, regardless of the number of
mbol characters the password contains.
NS | 40
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 41
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 42
International Conference on Sensors,Security,Software and Intelligent Systems
8 - 10, January 2009
Organized by Coimbatore Institute of Technology,Coimbatore and Oklahoma State University USA ISSSIS 2009
NS | 43