Docstoc

Data Security in Mobile Ad Hoc Networks using Genetic Based Biometrics

Document Sample
Data Security in Mobile Ad Hoc Networks using Genetic Based Biometrics Powered By Docstoc
					                                                        (IJCSIS) International Journal of Computer Science and Information Security,
                                                        Vol. 8, No. 6, September 2010




     Data Security in Mobile Ad Hoc Networks using
               Genetic Based Biometrics
             B. Shanthini, Research Scholar                                            S. Swamynathan, Assistant Professor
                      CSE Department                                                               CSE Department
                      Anna University                                                              Anna University
                       Chennai, India                                                               Chennai, India
                   bshanthini@gmail.com                                                         swamyns@annauniv.edu



Abstract— A mobile ad hoc network (MANET) is a self                        A. Security challenges in MANET
configuring, dynamic, multi hop radio network without any fixed                Wireless ad hoc networks are vulnerable to various attacks
infrastructure. MANETs are collections of wireless mobile                  [1]. Adversaries may attempt passive and active attacks to gain
devices with restricted broadcast range and resources and                  unauthorized access to classified information, modify the
communication is achieved by relaying data along appropriate               information, delete the information or disrupt the information
routes that are dynamically discovered and maintained through              flow. The best way to protect data information in a most fine-
collaboration between the nodes. The main challenge in the                 granular way is by providing security at the application layer. It
design of such networks is how to prevent the attacks against              is highly desirable to handle data confidentiality and integrity
data such as unauthorized data modification, impersonation etc.            in application layer, since this is the easiest way to protect data
Biometrics provides possible solutions for this security problem           from altering, fabrication and compromise. With the rapid
in MANET since it has the direct connection with user identity             evolution of wireless technology the reliance of ad hoc
and needs little user interruption. So, researchers have been              networks to carry mission critical information is rapidly
investigating ways to use biometric features of the user rather
                                                                           growing. This is especially important in a military scenario
than memorable password or passphrase, in an attempt to
produce tough and repeatable cryptographic keys. In this paper             where strategic and tactical information is sent. Therefore the
such a security system based on Biometrics and Genetic                     ability to achieve a highly secure authentication is becoming
algorithm which is providing data security in MANET is                     more critical.
presented.                                                                     Numerous countermeasures such as strong authentication,
    Keywords-– Mobile Ad hoc Networks, Data Security,                      encrypting and decrypting the messages using traditional
Biometrics, Genetic Algorithm.                                             cryptographic algorithms and redundant transmission can be
                                                                           used to tackle these attacks. Even though these traditional
                     I.   INTRODUCTION                                     approaches play an important role in achieving confidentiality,
    Mobile ad hoc networks are seen as autonomous that can be              integrity, authentication and non-repudiation, these are not
quickly formed, on demand, for specific tasks and mission                  sufficient for more sensitive and mission-critical applications
support. Communication generally happens through wireless                  and they can address only a subset of the threats. Moreover,
links, in which nodes within a radio range communicate and                 MANETs [2] cannot support complex computations or high
coordinate to create a virtual and temporary communication                 communication over head due to the limited memory and
infrastructure for data routing and data transmission. MANET               limited computation power of mobile nodes.
can operate in isolation or in coordination with a wired network
through a gateway node participating in both networks. This                B. Necessity of Biometrics Security
flexibility along with their self-organizing capabilities, are                 For mission-critical applications such as a military
some of their biggest strengths, as well as their biggest security         application may have higher requirements regarding data or
weaknesses.                                                                information security. In such a scenario, we may design the
    The applications of MANET include the foremost                         security system combining both biometrics and cryptography.
situations such as emergency/crisis management, military,                  Biometric based security scheme overcome the limitations of
healthcare, disaster relief operations and intelligent                     traditional security solutions. Biometrics refers to the methods
transportation systems. So message security plays a vital role in          for uniquely recognizing humans based upon one or more
data transmission in MANET. However, because of the                        intrinsic physical or behavioral traits like fingerprints, iris,
absence of an established infrastructure or centralized                    retina scans, hand, face, ear geometry, hand vein, nail bed,
administration,     implementation    of    hard-cryptographic             DNA, palm print, signature, voice, keystroke or mouse
algorithms is a challenging prospect. So, in this paper, we                dynamics, and gait analysis etc.
present a novel security method using genetic based biometric
cryptography for message security in mobile ad hoc networks.




                                                                     149                                 http://sites.google.com/site/ijcsis/
                                                                                                         ISSN 1947-5500
                                                        (IJCSIS) International Journal of Computer Science and Information Security,
                                                        Vol. 8, No. 6, September 2010



    Biometric technologies have confirmed its importance in                    Qinghan Xiao [5] introduced a new strategy for
the fields such as security, access control and monitoring                 authentication of mobile users. Each user has a profile which
applications. The tradeoffs among these biometric                          contains all the information of the ID holders. The group leader
technologies really depend on the application and security                 also maintains the biometric templates of the group members.
level involved. The best biometric technology [3] that can                 Instead of a central authentication server, the group leaders act
easily be deployable in ad hoc networks is fingerprint                     as distributed authenticators. Each group has a shared
recognition. Fingerprints have been successfully used in                   cryptographic key which is used for cryptographic
civilian identification for years because of their                         communication within the group. The proposed approach is
                                                                           designed for high security small group coalition operations and
unchangeability during the human life time and uniqueness of
                                                                           may not be suitable for enterprise usage.
each individual. As biometrics can't be borrowed, stolen, or
forgotten, and forging is practically impossible, it has been                  Jie Liu et al. [6] proposed an optimal biometric-based
presented as a natural identity tool that offers greater security          continuous authentication scheme in MANET which
and convenience than traditional methods of personal                       distinguished two classes of authentications: user-to-device and
recognition.                                                               device-to-network. This model focused on the user-to-device
    Even though biometric has advantages, it also raises many              class and it can optimally control whether or not to perform
security and privacy concerns as given below:                              authentication as well as which biometrics to use to minimize
                                                                           the usage of system resources.
i.     Biometric is authentic but not secret.
ii.    Biometric cannot be revoked or cancelled.                               B Ananda Krishna et al. [7] depicted a model which used
iii.   If a biometric is lost once, it is compromised forever.             multiple algorithms for encryption and decryption. Each time a
iv.    Cross-matching can be used to track individuals without             data packet is sent to the application layer it is encrypted using
       their consent.                                                      one of these randomly selected algorithms. When responses are
                                                                           analyzed they give a random pattern and difficult to know
    To overcome these disadvantages, instead of using the                  neither algorithms nor keys. The proposed scheme worked
original biometric, a set of features are taken from it and                well for heavily loaded networks with high mobility.
transformed using genetic algorithm. If a biometric is
compromised, it can be simply reenrolled using another feature                 Zarza L et al. [8] explained the context of the study of
set and another genetic operation, thus providing revocability             Genetic Algorithms as an aiding tool for generating and
and the privacy of the biometric is preserved.                             optimizing security protocols. This paper explains how security
                                                                           protocols can be represented as binary strings, how GA tools
                                                                           are used to define genome interpretation in optimization
C. Genetic Algorithms
                                                                           problems.
    Genetic algorithms [4] are a family of computational
models inspired by natural evolution. They belong to the field                 B. Shanthini et al. [9] explained Cancelable Biometric-
of evolutionary computation and are based on three main                    Based Security System (CBBSS), where cancelable biometrics
operators: Selection selects the fittest individuals, called               is used for data security in mobile ad hoc networks. Fingerprint
parents that contribute to the reproduction of the population at           feature of the receiver is coupled with the tokenized random
the next generation, Crossover combines two parents to form                data by using inner-product algorithm and this product is
children for the next generation and Mutation applies random               discretized based on a threshold to produce a set of private
changes to individual parents to form children. Two-point                  binary code which is acting as a cryptographic key in this
crossover operator is used here which has the ability to generate,         system.
promote, and juxtapose building blocks to form the optimal
strings.                                                                      A. Jagadeesan et al. [10], proposed an efficient approach
                                                                           based on multimodal biometrics (Iris and fingerprint) for
    This paper is organized into 4 sections. Section 1 introduces          generating a secure cryptographic key, where the security is
the background and initiatives of the research. It also discusses          further enhanced with the difficulty of factoring large
the challenges of message security, the necessity of biometric             numbers. At first, the features, minutiae points and texture
security in MANET and Genetic algorithms. Section 2 explains
                                                                           properties are extracted from the fingerprint and iris images
the related research works that has been done to provide
                                                                           respectively. Then, the extracted features are fused at the
security in MANET. Section 3 proposes a new security scheme
                                                                           feature level to obtain the multi-biometric template. Finally, a
for MANET which combines genetic algorithm and biometrics.
Section 4 contains conclusion and suggestions for future                   multi-biometric template is used for generating a 256-bit
research.                                                                  cryptographic key.

                                                                                              III.   PROPOSED WORK
                     II.   RELATED WORK
                                                                               In this proposed Genetic-Based Biometric Security System
   A few research works that has been done for data security               (GBBSS), a genetic two-point crossover operator is applied on
in MANET, the various approaches of biometric security and                 biometric feature set and is used for data security in mobile ad
Genetic algorithms in security are briefly presented.                      hoc networks. The main objective of the proposed security
                                                                           scheme is to improvise the existing data security approaches
                                                                           for MANET to suit technology enhancements and to study the
                                                                           network performance.




                                                                     150                                 http://sites.google.com/site/ijcsis/
                                                                                                         ISSN 1947-5500
                                                                    (IJCSIS) International Journal of Computer Science and Information Security,
                                                                    Vol. 8, No. 6, September 2010



A.    Generation of Genetic-Based Biometric Key                                    B.   Securing the Data
    In this model all the group members maintain the biometric                        Data is secured by applying this cryptographic key to
templates of the other group members. Suppose a member                             encrypt the actual message using a simple cryptographic
wants to send a message to any other member, the receiver’s                        algorithm say Fiestel algorithm. The encryption and decryption
fingerprint is divided into slices and feature set taken from the                  processes are specified by the formulae:
slices is undergone a genetic two-point crossover operation and
the result is the cryptographic key in this system. Generation of                            C = EKR ( P ) and P = DKR ( C )
cryptographic key is shown in figure 1.                                            where     P – Plain Text
                                                                                             C - Cipher Text
Fingerprint                                                                                  KR - Key created by Receiver’s Biometric
                                                                                             E - Encryption Algorithm
                                                                                             D - Decryption Algorithm

                                                                                       In Fiestal algorithm, a block of size N is divided into two
                                                                                   halves, of length N/2, the left half called XL and right half
                                                                                   called XR. The output of the ith round is determined from the
                                                                                   output of the (i-1)th round. The same key is used for all
                                                                                   iterations without generating sub keys. Also the number of
                                                                                   iterations performed is reduced to show that security can be
                                                                                   achieved by using simple algorithm. For example if the
                                                                                   plaintext is of 512 bytes, then encryption is performed for
                                                                                   every 64 bits and the process is repeated until all 512 bytes are
                                                                                   encrypted. Fiestel structure is given in figure 2. [1].




                         Cryptographic Key
                               Figure 1.


Figure 1. Generation of cryptographic key from the finger print features.

   The same key is generated by the receiver by using his
biometric and the same sort of cross over operations and is
used for decryption.
Example:
                      01011100 1010000011111010 00110101
 Parent
                      00110011 1111000011110000 11001100

                                      After Crossover
                                                                                                       Figure 2. Fiestel Algorithm

                      01011100 1111000011110000 00110101
                                                                                   Algorithm for Encryption:
Children
                                                                                       1. Divide the plaintext into two blocks of size, 32 bytes,
                      00110011 1010000011111010 11001100
                                                                                           XL and XR
                                                                                       2. For I = 1 to 32
    If this biometric based key is compromised a new one can
                                                                                                    Do XL = XL XOR Key
be issued by using a different set of features and different cross
                                                                                                    XR = F (XL) XOR XR
over operation and the compromised one is rendered
completely useless. It can also be an application specific that is                                  Swap XL, XR
different sets of fingerprint features can be used with different                                   Join XL, XR
cross over operations to generate respective cryptographic key                         3. Repeat step 2 until the entire plaintext is encrypted
for different applications.
                                                                                   Algorithm for Decryption:
                                                                                              Do the reverse operation of Encryption process.




                                                                             151                                 http://sites.google.com/site/ijcsis/
                                                                                                                 ISSN 1947-5500
                                                         (IJCSIS) International Journal of Computer Science and Information Security,
                                                         Vol. 8, No. 6, September 2010



C.   Implementation of GBBSS in MANET                                          Even though the attacker can get the cipher text he cannot
    The proposed scheme can be implemented over any unicast                    view the original message since it is secured using genetic
routing protocols like DSR or AODV which discover routes as                    based biometric cryptography.
and when necessary and the routes are maintained just as long
as necessary. A typical MANET is shown in figure 3.                        E. Security Analysis
    Suppose User A wants to send the message to User C, after                  This section reports the analysis of the security parameters
                                                                           like time taken for key generation, encryption and decryption
the forward and reverse paths are set up by the route discovery
                                                                           for various algorithms like 3DES192, AES128, AES256 and
method, the data will be sent through that path to the
                                                                           GBBSS64 in an ad hoc network environment. The graphs
destination C. Before sending the data through that path, the
                                                                           shown in figure 4 and figure 5 are generated by using the
data will be encrypted by Fiestel algorithm using the genetic
                                                                           values given in the following table 1:
based biometric key. Once the cipher text is received by the
receiver, the cipher text is decrypted by using the same key.                                                                                                    Parameters
                                                                            Encryption                                                          Time taken
                                                                            Algorithm                                             Key                                Time taken for          Time taken for
                                                                                                                                                  for Key
                                                                                                                                  Size                                Encryption               Decryption
                                                                                                                                                Generation
                                                                             3DES192                                              192             0.08 ms               0.08 ms                 0.07 ms
                                Mobile
                              Ad hoc NW                                      AES-128                                              128             0.13 ms               0.1 ms                  0.1 ms

                                                                             AES-256                                              256             0.13 ms               0.12 ms                 0.11 ms

                                                                            GBBSS-64                                              64              0.06 ms               0.04 ms                 0.02 ms

                                                                               Table 1: Key size and Timing measurements for various algorithms


                                                                                                                                  0.14
                                                                                                                                  0.12
                                                                                                                                      0.1




                                                                                                                     Time in ms
                    Figure 3. MANET Structure                                                                                     0.08
                                                                                                                                  0.06
                                                                                                                                  0.04
D. The security functions of the proposed system                                                                                  0.02

    Confidentiality: The privacy of the message is protected                                                                          0
                                                                                                                                              3DES-192     AES-128    AES-256     GBBSS-64
     by this scheme. Suppose if the attacker wants to derive the                                                                                           Algorithms Applied
     original message from the encrypted text, he needs the
                                                                                                                                        Key Generation         Encryption       Decryption
     cryptographic key. The key can be obtained only by using
     the biometric of the receiver. Furthermore the biometric is                    Figure 4. Timing measurements for various algorithms
     not used as such instead a cancelable version is used. So, it
     is computationally infeasible to get the key.
                                                                                                                     400
    Authentication: In our proposed scheme, the members of
                                                                                       Key Size and Security Level




                                                                                                                     350
     the ad hoc group can authenticate each other through their                                                      300
     biometric. If the receiver wants to verify whether the                                                          250
     message is coming from the genuine sender, the message                                                          200
     can be encrypted by using the sender’s biometric and the                                                        150
     receiver can use the same biometric to decrypt the                                                              100
     message. These processes can be specified by the
                                                                                                                            50
     following formulae:
                                                                                                                                  0
              C = EKS ( P ) and P = DKS ( C )                                                                                               3DES 192      AES-128    AES-256 GBBSS-64
                                                                                                                                                          Algorithms Applied
     where KS is the Key created by Sender’s Biometric.                                                                                                  Key size       Security Level

    Integrity: In our proposed scheme, the recipient can verify
     whether the received message is the original one that was                   Figure 5. Key Size and Security Levels for various algorithms
     sent by the sender. If the attacker changes the cipher text,
     the original plain text can not be generated after decrypting             From the above charts we can understand that our proposed
     with the key created by using receiver’s biometric. By the            GBBSS achieves relatively high performance in terms of less
     property of one-way hash function, it is computationally              overhead and high security level. Since the key size is very
     infeasible for the attacker to modify the cipher text.                small compared to the other algorithms, the time taken to
                                                                           generate the key, time taken to encrypt and decrypt are also
    Man-in-the-middle attack: An attacker sits between the                less.
     sender and the receiver and sniffs any information being
     sent between two ends is called man in the middle attack.




                                                                     152                                                                                    http://sites.google.com/site/ijcsis/
                                                                                                                                                            ISSN 1947-5500
                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                          Vol. 8, No. 6, September 2010



          IV.   CONCLUSION AND FUTURE WORK                                   [5]    Qinghan Xiao, “A Biometric Authentication Approach for
                                                                                    High Security Ad hoc Networks”, Proceedings of IEEE
   Although MANET is a very promising technology,                                   Workshop on Information Assistance, pp. 250-256, June
challenges are slowing its development and deployment.                              2004.
Traditional security mechanisms are not sufficient for the                   [6]    Jie Liu, F. Richard Yu, Chung-Horng Lung and Helen
nodes roaming in a hostile environment with relatively poor                         Tang,      “Optimal      Biometric-Based     Continuous
physical protection. Therefore to strengthen the encryption                         Authentication in Mobile Ad hoc Networks”, Third IEEE
                                                                                    International Conference on Wireless and Mobile
algorithm and key, first the advantages of biometric and                            Computing, Networking and Communications, pp. 76-81,
genetic algorithms are taken into our system. Secondly,                             2007.
security should be achieved by using simple algorithms that                  [7]    B Ananda Krishna, S Radha and K Chenna Kesava
involve small inherent delays rather than complex algorithms                        Reddy, “Data Security in Ad hoc Networks using
which occupy considerable memory and delay. Finally, ad hoc                         Randomization of Cryptographic Algorithms”, Journal of
network may consist of thousands of nodes. So, security                             Applied Sciences, pp. 4007-4012, 2007.
mechanisms should be scalable to handle such a large network.                [8]    Zarza L., Pegueroles J and Soriano M “Interpretation of
                                                                                    Binary Strings as Security Protocols for their Evolution
    The method presented in this paper remains as a                                 by means of Genetic Algorithms”, International
preliminary approach to realize biometric security in ad hoc                        Conference on         Database and Expert Systems
                                                                                    Applications, pp. 708-712, 2007.
networks which needs high security. This approach can be used
                                                                             [9]    B. Shanthini and S. Swamynathan “A Cancelable
in very critical, crucial and vital applications where data                         Biometric-Based Security System for Mobile Ad Hoc
security is very important and members who have accessed that                       Networks”, International Conference on Computer
data is limited in number like military officers at war-field,                      Technology (ICONCT 09), pp. 179-184, December, 2009.
scientists in a confidential conference, officers in the intelligent         [10]   A. Jagadeesan, T. Thillaikkarasi and K. Duraiswamy,
buildings etc. There are many security problems still persist in                    “Cryptographic Key Generation from Multiple Biometric
these types of ad-hoc networks and as a future work, this paper                     Modalities: Fusing Minutiae with Iris Feature”,
                                                                                    International Journal of Computer Applications , Vol. 2,
can be extended to solve those problems with different                              No.6, pp. 0975–8887, June 2010.
biometrics and also with multimodal biometrics.

                          REFERENCES                                                                   B. Shanthini is a research scholar in
                                                                                                       Anna University, Chennai, India.
[1]   Stallings W, “Cryptography and Network Security–                                                 She received her Bachelor’s degree
      Principles and Practices”, 3rd Edition, Pearson Education,
      2004.                                                                                            in C.S.E. from M.K.University,
[2]   Animesh K. Trivedi, Rajan Arora, Rishi Kapoor, Sudip                                             Madurai and Master’s degree in
      Sanyal, Ajith Abraham, Sugata Sanyal, “Mobile Ad Hoc                                             C.S.E. from M.S. University,
      Network Security Vulnerabilities”, IGI Global, 2009.                                             Tirunelveli. Her research interests
[3]   Maltoni D. Maio, Jain A. K. and Prabhakar S, “Handbook                                           include Network Security, Web
      of Fingerprint Recognition”, Springer Verlag, 2003.
                                                                                                       Security, Wireless Communication,
[4]   Fessi B A, Ben Abdallah, S, Hamdi Mand Boudriga, “A
      new genetic algorithm approach for intrusion response                                            Biometrics and Cloud Computing.
      system in computer networks”, IEEE Symposium on
      Computers and Communications, pp. 342-347, 2009.
                                                                                                       Dr. S. Swamynathan is an
                                                                                                       Assistant Professor of Computer
                                                                                                       Science and Engineering at Anna
                                                                                                       University Chennai, India. He
                                                                                                       received his Master’s in Computer
                                                                                                       Science and Engineering and
                                                                                                       Doctorate in Reactive Web Services
                                                                                                       from Anna University, Chennai. His
                                                                                                       research interests include Web
                                                                                                       Service, Security, Web Mining and
                                                                                                       Automated Workflow Systems.




                                                                       153                                 http://sites.google.com/site/ijcsis/
                                                                                                           ISSN 1947-5500

				
DOCUMENT INFO
Description: IJCSIS is an open access publishing venue for research in general computer science and information security. Target Audience: IT academics, university IT faculties; industry IT departments; government departments; the mobile industry and computing industry. Coverage includes: security infrastructures, network security: Internet security, content protection, cryptography, steganography and formal methods in information security; computer science, computer applications, multimedia systems, software, information systems, intelligent systems, web services, data mining, wireless communication, networking and technologies, innovation technology and management. The average paper acceptance rate for IJCSIS issues is kept at 25-30% with an aim to provide selective research work of quality in the areas of computer science and engineering. Thanks for your contributions in September 2010 issue and we are grateful to the experienced team of reviewers for providing valuable comments.