Data Security in Mobile Ad Hoc Networks using Genetic Based Biometrics
IJCSIS is an open access publishing venue for research in general computer science and information security. Target Audience: IT academics, university IT faculties; industry IT departments; government departments; the mobile industry and computing industry. Coverage includes: security infrastructures, network security: Internet security, content protection, cryptography, steganography and formal methods in information security; computer science, computer applications, multimedia systems, software, information systems, intelligent systems, web services, data mining, wireless communication, networking and technologies, innovation technology and management. The average paper acceptance rate for IJCSIS issues is kept at 25-30% with an aim to provide selective research work of quality in the areas of computer science and engineering. Thanks for your contributions in September 2010 issue and we are grateful to the experienced team of reviewers for providing valuable comments.
(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 Data Security in Mobile Ad Hoc Networks using Genetic Based Biometrics B. Shanthini, Research Scholar S. Swamynathan, Assistant Professor CSE Department CSE Department Anna University Anna University Chennai, India Chennai, India firstname.lastname@example.org email@example.com Abstract— A mobile ad hoc network (MANET) is a self A. Security challenges in MANET configuring, dynamic, multi hop radio network without any fixed Wireless ad hoc networks are vulnerable to various attacks infrastructure. MANETs are collections of wireless mobile . Adversaries may attempt passive and active attacks to gain devices with restricted broadcast range and resources and unauthorized access to classified information, modify the communication is achieved by relaying data along appropriate information, delete the information or disrupt the information routes that are dynamically discovered and maintained through flow. The best way to protect data information in a most fine- collaboration between the nodes. The main challenge in the granular way is by providing security at the application layer. It design of such networks is how to prevent the attacks against is highly desirable to handle data confidentiality and integrity data such as unauthorized data modification, impersonation etc. in application layer, since this is the easiest way to protect data Biometrics provides possible solutions for this security problem from altering, fabrication and compromise. With the rapid in MANET since it has the direct connection with user identity evolution of wireless technology the reliance of ad hoc and needs little user interruption. So, researchers have been networks to carry mission critical information is rapidly investigating ways to use biometric features of the user rather growing. This is especially important in a military scenario than memorable password or passphrase, in an attempt to produce tough and repeatable cryptographic keys. In this paper where strategic and tactical information is sent. Therefore the such a security system based on Biometrics and Genetic ability to achieve a highly secure authentication is becoming algorithm which is providing data security in MANET is more critical. presented. Numerous countermeasures such as strong authentication, Keywords-– Mobile Ad hoc Networks, Data Security, encrypting and decrypting the messages using traditional Biometrics, Genetic Algorithm. cryptographic algorithms and redundant transmission can be used to tackle these attacks. Even though these traditional I. INTRODUCTION approaches play an important role in achieving confidentiality, Mobile ad hoc networks are seen as autonomous that can be integrity, authentication and non-repudiation, these are not quickly formed, on demand, for specific tasks and mission sufficient for more sensitive and mission-critical applications support. Communication generally happens through wireless and they can address only a subset of the threats. Moreover, links, in which nodes within a radio range communicate and MANETs  cannot support complex computations or high coordinate to create a virtual and temporary communication communication over head due to the limited memory and infrastructure for data routing and data transmission. MANET limited computation power of mobile nodes. can operate in isolation or in coordination with a wired network through a gateway node participating in both networks. This B. Necessity of Biometrics Security flexibility along with their self-organizing capabilities, are For mission-critical applications such as a military some of their biggest strengths, as well as their biggest security application may have higher requirements regarding data or weaknesses. information security. In such a scenario, we may design the The applications of MANET include the foremost security system combining both biometrics and cryptography. situations such as emergency/crisis management, military, Biometric based security scheme overcome the limitations of healthcare, disaster relief operations and intelligent traditional security solutions. Biometrics refers to the methods transportation systems. So message security plays a vital role in for uniquely recognizing humans based upon one or more data transmission in MANET. However, because of the intrinsic physical or behavioral traits like fingerprints, iris, absence of an established infrastructure or centralized retina scans, hand, face, ear geometry, hand vein, nail bed, administration, implementation of hard-cryptographic DNA, palm print, signature, voice, keystroke or mouse algorithms is a challenging prospect. So, in this paper, we dynamics, and gait analysis etc. present a novel security method using genetic based biometric cryptography for message security in mobile ad hoc networks. 149 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 Biometric technologies have confirmed its importance in Qinghan Xiao  introduced a new strategy for the fields such as security, access control and monitoring authentication of mobile users. Each user has a profile which applications. The tradeoffs among these biometric contains all the information of the ID holders. The group leader technologies really depend on the application and security also maintains the biometric templates of the group members. level involved. The best biometric technology  that can Instead of a central authentication server, the group leaders act easily be deployable in ad hoc networks is fingerprint as distributed authenticators. Each group has a shared recognition. Fingerprints have been successfully used in cryptographic key which is used for cryptographic civilian identification for years because of their communication within the group. The proposed approach is designed for high security small group coalition operations and unchangeability during the human life time and uniqueness of may not be suitable for enterprise usage. each individual. As biometrics can't be borrowed, stolen, or forgotten, and forging is practically impossible, it has been Jie Liu et al.  proposed an optimal biometric-based presented as a natural identity tool that offers greater security continuous authentication scheme in MANET which and convenience than traditional methods of personal distinguished two classes of authentications: user-to-device and recognition. device-to-network. This model focused on the user-to-device Even though biometric has advantages, it also raises many class and it can optimally control whether or not to perform security and privacy concerns as given below: authentication as well as which biometrics to use to minimize the usage of system resources. i. Biometric is authentic but not secret. ii. Biometric cannot be revoked or cancelled. B Ananda Krishna et al.  depicted a model which used iii. If a biometric is lost once, it is compromised forever. multiple algorithms for encryption and decryption. Each time a iv. Cross-matching can be used to track individuals without data packet is sent to the application layer it is encrypted using their consent. one of these randomly selected algorithms. When responses are analyzed they give a random pattern and difficult to know To overcome these disadvantages, instead of using the neither algorithms nor keys. The proposed scheme worked original biometric, a set of features are taken from it and well for heavily loaded networks with high mobility. transformed using genetic algorithm. If a biometric is compromised, it can be simply reenrolled using another feature Zarza L et al.  explained the context of the study of set and another genetic operation, thus providing revocability Genetic Algorithms as an aiding tool for generating and and the privacy of the biometric is preserved. optimizing security protocols. This paper explains how security protocols can be represented as binary strings, how GA tools are used to define genome interpretation in optimization C. Genetic Algorithms problems. Genetic algorithms  are a family of computational models inspired by natural evolution. They belong to the field B. Shanthini et al.  explained Cancelable Biometric- of evolutionary computation and are based on three main Based Security System (CBBSS), where cancelable biometrics operators: Selection selects the fittest individuals, called is used for data security in mobile ad hoc networks. Fingerprint parents that contribute to the reproduction of the population at feature of the receiver is coupled with the tokenized random the next generation, Crossover combines two parents to form data by using inner-product algorithm and this product is children for the next generation and Mutation applies random discretized based on a threshold to produce a set of private changes to individual parents to form children. Two-point binary code which is acting as a cryptographic key in this crossover operator is used here which has the ability to generate, system. promote, and juxtapose building blocks to form the optimal strings. A. Jagadeesan et al. , proposed an efficient approach based on multimodal biometrics (Iris and fingerprint) for This paper is organized into 4 sections. Section 1 introduces generating a secure cryptographic key, where the security is the background and initiatives of the research. It also discusses further enhanced with the difficulty of factoring large the challenges of message security, the necessity of biometric numbers. At first, the features, minutiae points and texture security in MANET and Genetic algorithms. Section 2 explains properties are extracted from the fingerprint and iris images the related research works that has been done to provide respectively. Then, the extracted features are fused at the security in MANET. Section 3 proposes a new security scheme feature level to obtain the multi-biometric template. Finally, a for MANET which combines genetic algorithm and biometrics. Section 4 contains conclusion and suggestions for future multi-biometric template is used for generating a 256-bit research. cryptographic key. III. PROPOSED WORK II. RELATED WORK In this proposed Genetic-Based Biometric Security System A few research works that has been done for data security (GBBSS), a genetic two-point crossover operator is applied on in MANET, the various approaches of biometric security and biometric feature set and is used for data security in mobile ad Genetic algorithms in security are briefly presented. hoc networks. The main objective of the proposed security scheme is to improvise the existing data security approaches for MANET to suit technology enhancements and to study the network performance. 150 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 A. Generation of Genetic-Based Biometric Key B. Securing the Data In this model all the group members maintain the biometric Data is secured by applying this cryptographic key to templates of the other group members. Suppose a member encrypt the actual message using a simple cryptographic wants to send a message to any other member, the receiver’s algorithm say Fiestel algorithm. The encryption and decryption fingerprint is divided into slices and feature set taken from the processes are specified by the formulae: slices is undergone a genetic two-point crossover operation and the result is the cryptographic key in this system. Generation of C = EKR ( P ) and P = DKR ( C ) cryptographic key is shown in figure 1. where P – Plain Text C - Cipher Text Fingerprint KR - Key created by Receiver’s Biometric E - Encryption Algorithm D - Decryption Algorithm In Fiestal algorithm, a block of size N is divided into two halves, of length N/2, the left half called XL and right half called XR. The output of the ith round is determined from the output of the (i-1)th round. The same key is used for all iterations without generating sub keys. Also the number of iterations performed is reduced to show that security can be achieved by using simple algorithm. For example if the plaintext is of 512 bytes, then encryption is performed for every 64 bits and the process is repeated until all 512 bytes are encrypted. Fiestel structure is given in figure 2. . Cryptographic Key Figure 1. Figure 1. Generation of cryptographic key from the finger print features. The same key is generated by the receiver by using his biometric and the same sort of cross over operations and is used for decryption. Example: 01011100 1010000011111010 00110101 Parent 00110011 1111000011110000 11001100 After Crossover Figure 2. Fiestel Algorithm 01011100 1111000011110000 00110101 Algorithm for Encryption: Children 1. Divide the plaintext into two blocks of size, 32 bytes, 00110011 1010000011111010 11001100 XL and XR 2. For I = 1 to 32 If this biometric based key is compromised a new one can Do XL = XL XOR Key be issued by using a different set of features and different cross XR = F (XL) XOR XR over operation and the compromised one is rendered completely useless. It can also be an application specific that is Swap XL, XR different sets of fingerprint features can be used with different Join XL, XR cross over operations to generate respective cryptographic key 3. Repeat step 2 until the entire plaintext is encrypted for different applications. Algorithm for Decryption: Do the reverse operation of Encryption process. 151 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 C. Implementation of GBBSS in MANET Even though the attacker can get the cipher text he cannot The proposed scheme can be implemented over any unicast view the original message since it is secured using genetic routing protocols like DSR or AODV which discover routes as based biometric cryptography. and when necessary and the routes are maintained just as long as necessary. A typical MANET is shown in figure 3. E. Security Analysis Suppose User A wants to send the message to User C, after This section reports the analysis of the security parameters like time taken for key generation, encryption and decryption the forward and reverse paths are set up by the route discovery for various algorithms like 3DES192, AES128, AES256 and method, the data will be sent through that path to the GBBSS64 in an ad hoc network environment. The graphs destination C. Before sending the data through that path, the shown in figure 4 and figure 5 are generated by using the data will be encrypted by Fiestel algorithm using the genetic values given in the following table 1: based biometric key. Once the cipher text is received by the receiver, the cipher text is decrypted by using the same key. Parameters Encryption Time taken Algorithm Key Time taken for Time taken for for Key Size Encryption Decryption Generation 3DES192 192 0.08 ms 0.08 ms 0.07 ms Mobile Ad hoc NW AES-128 128 0.13 ms 0.1 ms 0.1 ms AES-256 256 0.13 ms 0.12 ms 0.11 ms GBBSS-64 64 0.06 ms 0.04 ms 0.02 ms Table 1: Key size and Timing measurements for various algorithms 0.14 0.12 0.1 Time in ms Figure 3. MANET Structure 0.08 0.06 0.04 D. The security functions of the proposed system 0.02 Confidentiality: The privacy of the message is protected 0 3DES-192 AES-128 AES-256 GBBSS-64 by this scheme. Suppose if the attacker wants to derive the Algorithms Applied original message from the encrypted text, he needs the Key Generation Encryption Decryption cryptographic key. The key can be obtained only by using the biometric of the receiver. Furthermore the biometric is Figure 4. Timing measurements for various algorithms not used as such instead a cancelable version is used. So, it is computationally infeasible to get the key. 400 Authentication: In our proposed scheme, the members of Key Size and Security Level 350 the ad hoc group can authenticate each other through their 300 biometric. If the receiver wants to verify whether the 250 message is coming from the genuine sender, the message 200 can be encrypted by using the sender’s biometric and the 150 receiver can use the same biometric to decrypt the 100 message. These processes can be specified by the 50 following formulae: 0 C = EKS ( P ) and P = DKS ( C ) 3DES 192 AES-128 AES-256 GBBSS-64 Algorithms Applied where KS is the Key created by Sender’s Biometric. Key size Security Level Integrity: In our proposed scheme, the recipient can verify whether the received message is the original one that was Figure 5. Key Size and Security Levels for various algorithms sent by the sender. If the attacker changes the cipher text, the original plain text can not be generated after decrypting From the above charts we can understand that our proposed with the key created by using receiver’s biometric. By the GBBSS achieves relatively high performance in terms of less property of one-way hash function, it is computationally overhead and high security level. Since the key size is very infeasible for the attacker to modify the cipher text. small compared to the other algorithms, the time taken to generate the key, time taken to encrypt and decrypt are also Man-in-the-middle attack: An attacker sits between the less. sender and the receiver and sniffs any information being sent between two ends is called man in the middle attack. 152 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 IV. CONCLUSION AND FUTURE WORK  Qinghan Xiao, “A Biometric Authentication Approach for High Security Ad hoc Networks”, Proceedings of IEEE Although MANET is a very promising technology, Workshop on Information Assistance, pp. 250-256, June challenges are slowing its development and deployment. 2004. Traditional security mechanisms are not sufficient for the  Jie Liu, F. Richard Yu, Chung-Horng Lung and Helen nodes roaming in a hostile environment with relatively poor Tang, “Optimal Biometric-Based Continuous physical protection. Therefore to strengthen the encryption Authentication in Mobile Ad hoc Networks”, Third IEEE International Conference on Wireless and Mobile algorithm and key, first the advantages of biometric and Computing, Networking and Communications, pp. 76-81, genetic algorithms are taken into our system. Secondly, 2007. security should be achieved by using simple algorithms that  B Ananda Krishna, S Radha and K Chenna Kesava involve small inherent delays rather than complex algorithms Reddy, “Data Security in Ad hoc Networks using which occupy considerable memory and delay. Finally, ad hoc Randomization of Cryptographic Algorithms”, Journal of network may consist of thousands of nodes. So, security Applied Sciences, pp. 4007-4012, 2007. mechanisms should be scalable to handle such a large network.  Zarza L., Pegueroles J and Soriano M “Interpretation of Binary Strings as Security Protocols for their Evolution The method presented in this paper remains as a by means of Genetic Algorithms”, International preliminary approach to realize biometric security in ad hoc Conference on Database and Expert Systems Applications, pp. 708-712, 2007. networks which needs high security. This approach can be used  B. Shanthini and S. Swamynathan “A Cancelable in very critical, crucial and vital applications where data Biometric-Based Security System for Mobile Ad Hoc security is very important and members who have accessed that Networks”, International Conference on Computer data is limited in number like military officers at war-field, Technology (ICONCT 09), pp. 179-184, December, 2009. scientists in a confidential conference, officers in the intelligent  A. Jagadeesan, T. Thillaikkarasi and K. Duraiswamy, buildings etc. There are many security problems still persist in “Cryptographic Key Generation from Multiple Biometric these types of ad-hoc networks and as a future work, this paper Modalities: Fusing Minutiae with Iris Feature”, International Journal of Computer Applications , Vol. 2, can be extended to solve those problems with different No.6, pp. 0975–8887, June 2010. biometrics and also with multimodal biometrics. REFERENCES B. Shanthini is a research scholar in Anna University, Chennai, India.  Stallings W, “Cryptography and Network Security– She received her Bachelor’s degree Principles and Practices”, 3rd Edition, Pearson Education, 2004. in C.S.E. from M.K.University,  Animesh K. Trivedi, Rajan Arora, Rishi Kapoor, Sudip Madurai and Master’s degree in Sanyal, Ajith Abraham, Sugata Sanyal, “Mobile Ad Hoc C.S.E. from M.S. University, Network Security Vulnerabilities”, IGI Global, 2009. Tirunelveli. Her research interests  Maltoni D. Maio, Jain A. K. and Prabhakar S, “Handbook include Network Security, Web of Fingerprint Recognition”, Springer Verlag, 2003. Security, Wireless Communication,  Fessi B A, Ben Abdallah, S, Hamdi Mand Boudriga, “A new genetic algorithm approach for intrusion response Biometrics and Cloud Computing. system in computer networks”, IEEE Symposium on Computers and Communications, pp. 342-347, 2009. Dr. S. Swamynathan is an Assistant Professor of Computer Science and Engineering at Anna University Chennai, India. He received his Master’s in Computer Science and Engineering and Doctorate in Reactive Web Services from Anna University, Chennai. His research interests include Web Service, Security, Web Mining and Automated Workflow Systems. 153 http://sites.google.com/site/ijcsis/ ISSN 1947-5500