Dissolving Active Networks Privacy Threats and Vulnerabilities

Document Sample
Dissolving Active Networks Privacy Threats and Vulnerabilities Powered By Docstoc
					WSEAS TRANSACTIONS on COMMUNICATIONS                                                            Tai-Hoon Kim

       Dissolving Active Networks Privacy Threats and Vulnerabilities

                                      TAI-HOON KIM
                             Multimedia Engineering Department,
                                     Hannam University
                            133 Ojeong-dong, Daeduk-gu, Daejeon,

   This paper proposes an efficient dual authentication key exchanged in an active network scenario.
The scheme protects personal privacy of identity information. It also provides an effective method to
protect against DOS attacks with the scope information of initiator’s random number table sent by
the responder.

  Keywords: Active Networks, Security, Identity Management System

1. Introduction                                          specific relationship to corresponding entities
                                                         in the real world. An axiomatic model of this
   In current generation information society
                                                         kind can be considered to express "pure
has been governed by a collection of huge
                                                         identity" in the sense that the model is not
amounts of information and services that
                                                         constrained by the context in which it is
provides convenience to people. However,
IMS (Identity Management Systems) have
been crucial as the information society is                  In general, an entity can have multiple
getting bigger. IMS provides a description of            identities, and each identity can consist of
the infrastructure within one or between                 multiple attributes or identifiers, some of
several organizations that have agreed upon a            which are shared and some of which are
mutual model of trust in managing and using              unique within a given name space. The
identities. Identity management or ID                    Figure1 below illustrates the conceptual
management is a broad administrative area                relationship between identities and the entities
that deals with identifying individuals in a             they represent, as well as between identities
system (such as a country, a network or an               and the attributes they consist of.
organization) and controlling the access to the
resources in that system by placing
restrictions on the established identities.
   In the real-world context of engineering
online systems, identity management can
involve three perspectives:
   A general model of identity can be
constructed from a small set of axiomatic
principles, for example that all identities in a         Figure1. Conceptualize relationship in pure
given abstract namespace are unique and                  identity [5]
distinctive, or that such identities bear a

ISSN: 1109-2742                                    473                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                            Tai-Hoon Kim

                                                         know which services they access. Petname
   In most theoretical and all practical models          systems have been proposed as a general
of digital identity, a given identity object             approach to providing service provider
                                                         identity management solutions.
consists of a finite set of properties. These
properties may be used to record information                Today [update], many organizations face a
about the object, either for purposes external           major clean-up in their systems if they are to
to the model itself or so as to assist the model         bring identity coherence into their influence.
operationally, for example in classification             Such coherence has become a prerequisite for
and retrieval. A "pure identity" model is                delivering unified services to very large
strictly not concerned with the external                 numbers of users on demand — cheaply, with
semantics of these properties.                           security    and   single-customer     viewing
   The most common departure from "pure                  facilities.
identity" in practice occurs with properties
intended to assure some aspect of identity, for             The Diffie-Hellman key exchange scheme
example a digital signature or software token            makes use of difficulty in computing discrete
which the model may use internally to verify             logarithms over a finite field. Since this
some aspect of the identity in satisfaction of           scheme does not authenticate the participants
an external purpose. [19] To the extent that             while exchanging messages, it is vulnerable to
the model attempts to express these semantics            man-in-the-middle attacks. For this reason,
internally, it is not a pure model.                      various authenticated key exchange schemes
                                                         based on the Diffie- Hellman have been
   Identity management, then, can be defined             studied by many researchers [10, 11, 12].
as a set of operations on a given identity               These schemes can be categorized into two
model, or as a set of capabilities with                  kinds of classes. The first class employs
reference to it. In practice, identity                   ‘certificates’ in its key exchange protocol,
management is often used to express how                  which      foil  man-in-the-middle     attacks.
identity information is to be provisioned and            Certificate-based schemes require additional
reconciled between multiple identity models.             cost and complexity in key exchange that they
                                                         are not widely accepted in the market.
   Another Identity management in the user
"log-on" perspective may involve an                         The other class proposes its authenticated
integrated system of business processes,                 key exchange protocol with an assumption
policies and technologies that enable                    that a pre-shared secret password or a secret
organizations to facilitate and control access           key exists between two communication
by their users to critical online applications           parties. Most of these authenticated key
and resources — while protecting confidential            exchange schemes are not efficient because
personal and business information from                   they use a public key cryptography
unauthorized access. It represents a category            mechanism which requires high computing
of interrelated solutions which system                   power. Recently proposed ones like the IKE
administrators employ towards managing user              [2, 8, 20] consider privacy of personal identity
authentication, Access rights and restrictions,          and DOS attacks, which require much more
account profiles, passwords, and other                   computing       power.     Recently,     mobile
attributes supportive of the roles/profiles of           computing      environment      requires    low
user in relation to applications and/or systems.         computing power and small memory space
Organizations have traditionally been less               even for security service. That is,
concerned with how users can verify the                  authenticated key exchange schemes that do
identity of service providers. The emergence             not use certificates and public key
of phishing attacks demonstrated that this               cryptography are preferable to the mobile
must be considered as an integral part of the            environment. This paper proposes an efficient
user access paradigm, otherwise users can not

ISSN: 1109-2742                                    474                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                          Tai-Hoon Kim

authentication and key exchange scheme that             the lack of a centralized monitoring or
does not use certificates and public key                management unit [2][3]
cryptography, while protecting against man-
in-the-middle attacks, replay attacks, DOS              2. Related Works
attacks and privacy intrusion. Characteristics
of our scheme are as follows. First, it uses a          2.1 P-SIGMA Based Key Exchange Method Using
symmetric block cipher with using a one-way             Signal
hash function, but without using certificates
for dual authentication and key exchange.                       As a derivation of P-SIGMA, this
Since symmetric block cipher requires smaller           method uses signals for authenticating users
computing amount and memory space, our                  and exchanging keys that are used in
scheme is more adaptable to modern                      symmetric cipher methods. The perfect
distribution environment, such as in                    forward secrecy of One-time-ID can be
ubiquitous and mobile computing. Next, due              realized by using the shared secret information
to the authentication key’s one-time property           which is generated through the Diffie-Hellman
used at each session, our scheme can detect             key exchange mechanism instead of using a
various attacks, such as DOS attacks and man-           secret key used in P-SIGMA. That is, the seed
in-the-middle     attacks,   without    severe          of OID assures the perfect forwards secrecy of
computing and memory overhead which                     One-Tisme-ID, solving the duplication
overcomes the weakness of Diffie-Hellman. In            problem of OID. It also provides a simple key
addition, it solves the problem of identity             exchange protocol that requires only two
privacy as well as perfect forward secrecy for          rounds, while P-SIGMA requires three rounds.
future data confidentiality.                            It also extends the application of using the
   Wireless Internet networks security has              OID method to encrypted communication.
become a primary concern in order to provide            [13]
protected communication between mobile
nodes in a hostile environment. Unlike the                       However, this method still has some
wire-line networks, the unique characteristics          problems. Since it uses the Diffie-Hellman
                                                        key exchange mechanism for generating the
of wireless Internet networks pose a number
                                                        private information of the next session, it
of nontrivial challenges to security design,
                                                        utilizes computing resources a lot. Responders
such     as   open      peer-to-peer    network
                                                        are charged with some computing overhead in
architecture,    shared    wireless    medium,
                                                        calculating OID. This method also cannot
stringent resource constraints, and highly              generate a dynamic seed for dual-
dynamic network topology. These challenges              authenticated key exchange that could be
clearly make a case for building multi-fence            changed according to the given security level
security solutions that achieve both broad              and the client environment. That is, it uses a
protection and desirable network performance.           fixed initial seed.
The unreliability of wireless links between
nodes, constantly changing topology due to              2.2 P-SIGMA
the movement of nodes in and out of the
networks, and lack of incorporation of                  The P-SIGMA solves the problems of
security features in statically configured              personal privacy exposure and DOS attacks by
wireless routing protocols not meant for                using One-Time-ID or simply OID. The OID
wireless Internet environments all lead to              is an identity that can be used only once for
increased vulnerability and exposure to                 identifying a user. In P-SIGMA, all OID
attacks. Security in wireless Internet networks         values are unique by means of sequence
is particularly difficult to achieve, notably           numbers and one-way hash functions with
because of the limited physical protection of           collision resistance. Thus, an adversary who
each node, the sporadic nature of connectivity,         does not know a secret key cannot predict the
the absence of a certification authority, and

ISSN: 1109-2742                                   475                        Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                                 Tai-Hoon Kim

OID that will be used in the future, while both               packet structure and support a variety running
users can calculate any OID values.                           environment. These existing researches
                                                              become a basis for the further studies of active
However, an adversary can guess all OIDs that                 network.
have been used previously and will be used in                         This paper classifies two transmission
the future if he can obtain a secret key, say K,              methods for the composition of the safer
because a fixed secret key is used for                        active network. The first one is the discrete
calculating all OID values. It implies the                    approach that firstly divides program code and
impossibility of perfect forward secrecy for                  data, and transmits them. The second one is
OID. Moreover, an adversary who obtains K                     the capsule method that integrates program
can impersonate a user in any future session.                 code and data as the active packet and
If a user shares the same OID with multiple                   transmits them. The capsule method creates
communication partners, he cannot decide                      “active packet (capsule)” that contains
whom the connection is from, even when he                     program code and data without saving
checks the One-Time-ID. [14]                                  program code at active node, and transmits it
Similarly another study which is related to                   to the network. Secondly, active node divides
this is the Prioritizing of Offenders in                      the program code and data from the received
Networks. This paper presented a work that                    active packet. The third procedure is loading
builds upon several years of experimentation                  program code to the runtime environment in
using forensic psychology guided exploratory                  active node, and process data by program
techniques      from      artificial    intelligence,         code. Finally, they recombine program code
statistics and spatial statistics. The central aim is         and processed data and creates active packet
the development of decision support systems for               and transmits it to the next active node. ANTS
crime prevention and detection, and this paper                project in MIT and PLANet in Pennsylvania
presents a novel algorithm that incorporates                  are using this method, but when the program
geographical information, frequency and regency               code is very large, the capsule method has
of criminal activity directly into the ‘between’s’            many problems, such as traffic overhead, if
metric of social network analysis. The algorithm              packet is lost then packet re-transmission, so
is ad hoc, and design decisions are presented,                the efficiency can be reduced. The discrete
alongside the operational use by police forces of             approach divides program code and data
such an algorithm, namely as a means for                      before transmission. It means the program
prioritizing of offenders in large networks. The              code is installed at active node before the
data presented is from the crime of burglary from             execution. The active node user transmits data
dwelling houses.[17]                                          with program code identifier. Secondly active
                                                              node which receives packet checks the
2.3 Active Network                                            identifier and run the proper program code at
                                                              the active node. Thirdly, it uses running
         ANTS(active      network     Transfer                program to process data, and finally it creates
System) as the early-stage research creates the               packet from the processed data and transmits
structure of active network and the composite                 it. ActiveIP and SwitchWare researched active
research results that makes data packet include               network with this method. The Discrete
programming code and installs the necessary                   approach can be adapted to the only already-
functions to the active node. Also,                           installed program code, and the only network
SwitchWare that strengthen the flexible                       manager can add program code, so it is
programming for the safety of network                         impossible to add the new program that the
structure and security is suggested, too.                     generic active hosts want to add. This paper
ABone(active network Backbone) which                          uses the Discrete Approach, and resolves its
figures out the difficulty of preparing the                   weak point.
realistic structure of active network designs

ISSN: 1109-2742                                         476                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                            Tai-Hoon Kim

3. Wireless Communication                                screte Approach. To authenticate active node
                                                         users, we can restrict the access of hacker who
3.1 Scenario                                             tends to transmit the offensive program code,
                                                         and block the forgery of program code. Also,
3.1.1 The Security of Active Network: The active         we can reduce the deterioration of
network should provide the solution for                  performance that the program reinstallation in
authentication, authorization and integrity to           active node causes through the management of
support the basic security service. In the               frequently using program code. The active
Discrete Approach, the authentication of                 network structure that we propose is shown at
program code sender and the secret and                   Figure 2.
integrity of the program code itself are the
essential security points. If the program code                This study utilizes this scenario and use
is modified on bad purpose or it has the                 the discrete approach for the authentication
potential problem, it will become the                    proposed below.           The active node
unexpected error, so not only low performance            management server authenticates and manages
of the entire active nodes but also a big                program codes, too. The active node server
security problem will be raised. In addition, if         authenticates clients and the clients register
the authentication of program code is not                the program code at the active node
performed, the hacker will modify the                    management server. The proposed system
program code, and it will be a serious security          focuses on the authentication of middle node
problem. Now many projects of active                     and the safe transmission of program code in
network security, such as SANE, Seraphim,                active node. In
PLAN and Safety-Net are ongoing, but they
cannot assure the basis of safety in the active          3.2 Attacks in Wireless Communication
network. Therefore, new security system that                Many reasons are presented why wireless
removes weak points is strongly necessary                internet network are at risk, from a security
                                                         point of view. Wireless Internet networks, do
    A review was done in an existing study,
                                                         not have centralized machinery such as a
the security model that provides the basic
                                                         name server, which if present as a single node
security solutions such as authentication,
                                                         can be a single point of failure. Wireless links
authority, integrity is necessary. If the basic
                                                         between nodes are highly susceptible to link
security problem is ignored, the performance
of the entire active network node will be                attacks, which includes the following listed
lowered, and the privacy violation and                   below [4]
network congestion will be caused.                             • Physical Attack: It gets rid of temper-
                                                               defense-package in chip and then
                                                               explains main information to put on
                                                               prove on IC (Integrated Circuit) chip.
                                                               We analyze electron-wave which emits
                                                               from attacking prove, communication
                                                               devices and computer.
                                                               • Denial of Service: It is a mean of
                                                               attack which emits obstructive wave
                                                               having special frequency for normally
                                                               not to operate.
                                                               • Message loss: It can lose a part of
Figure 2 Active network topology [16]                          communication       method       which
                                                               reciprocates between tag and leader,
    To resolve these security threats, we                      cause by intention of attacker or error
should authenticate active node users on the

ISSN: 1109-2742                                    477                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                             Tai-Hoon Kim

      of system. Spoofing: It is a method                 - Invalidating the route cache in other nodes
      which passes the authentication-process             by advertising incorrect paths.
      that individual which is unfair, deceives           - Refusing to participate in the route discovery
      like to fair.                                       process.
      • Location Tracking: Attacker (invader)             Attack the Routing Mechanism By:
      or leader, who is sinister, perceives               - Modifying the contents of a data packet or
      position of tag. So it is a type which              the route via which that data packet is
      disturbs user's privacy by method which             supposed to travel.
      grips moving path of tag- owner.                    - Behaving normally during the route
      • Traffic Analysis: Attacker (invader)              discovery process but drop data packets
      analyse contents which get from                     causing a loss in throughput.
      eavesdropping and then can predicts
      tag's answer which is about leader's                Launch DoS Attacks By:
      inquiry.                                            - Sending a large number of route requests.
                                                          Due to the mobility aspect of MANET's, other
      • Eavesdropping: Attacker (invader) can             nodes cannot make out whether the large
      hear without big effort because                     numbers of route requests are a consequence
      communication method which is                       of a DoS attack or due to a large number of
      between tag and leader, is wireless.                broken links because of high mobility.
   Attacks      typically       involve      only         - Spoofing its IP and sending route requests
eavesdropping of data whereas active attacks              with a fake ID to the same destination,
involve actions performed by adversaries, for             causing a DoS at that destination.
instance the replication, modification and
deletion of exchanged data. External attacks                   The above discussion makes it clear that
are typically active attacks that are targeted to         wireless networks are inherently insecure,
prevent services from working properly or                 more so than their wire-line counterparts, and
shut them down completely. Intrusion                      need vulnerability diagnosis schemes before it
prevention measures like encryption and                   is too late to counter an attack. If there are
authentication can only prevent external nodes            attacks on a system, one would like to detect
from disrupting traffic, but can do little when           them as soon as possible (ideally in real time)
compromised nodes internal to the network                 and take appropriate action. In this kind of
begin to disrupt traffic. Internal attacks are            communication authentication is necessary a
typically more severe attacks, since malicious            method with different knot of confidence level
insider nodes already belong to the network as            which would satisfy privacy of user’s
an authorized party and are thus protected                position.
with the security mechanisms the network and
its services offer. Thus, such compromised                · Active Scanning / Probing Threat:
nodes, which may even operate in a group,                 The most common threat of wireless networks
may use the standard security means to                    is doing attack by Active software like Net
actually protect their attacks [6, 7, 8].                 Stumber (for Windows) and Dstumber (for
                                                          Unix/ Linux). These software works on the
   As a summary a malicious node can disrupt              method of active scanning. Attacks transmit
the routing mechanism employed by several                 the probe request to find any access point. If
routing protocol in the following ways: [9]               any access point is available, it will transmit
                                                          probe response for that request. This response
                                                          frame consists of SSID, Source/Destination
Attack the Route Discovery Process by:
- Changing the contents of a discovered route.            MAC Address. Once attack captures this
- Modifying a route reply message, causing                response frame, he/she has all the necessary
                                                          information to enter in the network. Hence, if
the packet to be dropped as an invalid packet.

ISSN: 1109-2742                                     478                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                            Tai-Hoon Kim

there is not any strong authentication                   never going to come. Thus they are loaded
mechanism, attackers may easily enter in the             with false authentication/ de-authentication
network.                                                 requests and legitimate entities are put on hold
                                                         for sometime, hence denying services to them.
In another scenario, if access point is using            Air Jack and Void 11 are the tools which are
open system authentication, then also the                used to achieve this effect.
attacker has no problem to join the network.             · Threat from Unauthorized Devices: In case
On the third scenario, if access point is using          of wireless networks, unauthorized access are
‘Shared Key Authentication’, which is based              not only limited to clients, but it is also
on encrypted challenge-response mechanism,               applicable to access points. Sometimes, an
the job of attacker becomes a bit tough, but             authorized person, due to intruder/malicious
not impossible.                                          users does not plant these access points. Once
                                                         planted, this rouge access point is configured
· Spoofing Threat:                                       to operate on higher broadcasting power and
Another major threat in wireless networks is             poses itself as a valid access point.
‘MAC Address Spoofing’ which alters the                  Sometimes, the legitimate users plant access
manufacture assigned MAC address to any                  point to improve their coverage. Attackers use
other value. This is conceptually different than         wireless networks analyzing tools for this
traditional IP address spoofing where an                 purpose. If the access point is established
attacker sends data from any arbitrary source            within firewalled network, it creates a
address and does not expect to see a response            backdoor within that network. Jamming
to their actual source IP address. An attacker           Threat:
may choose ‘MAC Address Altering’ for                    One of the most famous security threats for
several reasons, e.g. to bypass access control           wireless networks is jamming. In this, the
list, to impersonate an already authenticated            attacker operates on the same frequency and
user or disguising his/her presence on the               channel of the target network. He/she operates
network.                                                 at higher power, thus disabling the actual
                                                         access point. Sometimes, the network arrives
· 802.11 Beacon Flood Threat:                            at standstill position and user fears that
This technique requires generating thousands             network is attacked. This may happen because
of counterfeit/fake 802.11 beacon frames and             other equipments use microwave signals, e.g.
then transmits them on the network. Beacon               microwave oven or remote controls, cordless
frame contains the information about SSID of             phones, etc · ‘Man in the Middle’ Threat:
the network. Hence, it becomes difficult for             Wireless networks are also prone to ‘Man in
the client to choose correct SSID to find a              the Middle’ attack. In this, an attacker sends
legitimate AP. There are several tools                   management frames to client and force them
available to generate and transmit the fake              dissociate from valid access point and prompt
beacon frames. The famous tool for such a                them to join another fake access point setup
activity is Fake-AP (for both Windows and                by an attacker posing as valid access point.
                                                         3.3 Malignant code and Worm
· Authentication/ De Authentication Flood
Threat:                                                       Among the various types of system
                                                         threatening codes such as virus, Worm and
In this, the attacker broadcasts the association         Trojan virus, internet worm is the most
or authentication request frames from the fake           dominating system damaging factor. In DOS
addresses to either access point (infrastructure         age, Worm was treated as non harmful code
mode) or to clients (ad-hoc mode). So, access            even though it copy and reproduced by itself
point or client sends reply and keep the                 continuously, it never contaminate the
information about that request for some time             existing other files and system. As the
in memory and wait for response, which is

ISSN: 1109-2742                                    479                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                            Tai-Hoon Kim

development of network and internet, Worm                attached. These methods evoke the PC user's
also evolved to produce damages to system                curiosities to open attached files or e-mail
but its original l characteristics are never             without any doubt. Network Worm is
changed at all. The original worm of DOS                 disseminated by local network system and is
ages is call as just Worm but current worm is            consist of next three steps.
called as I-Worm (Internet Worm).
                                                         • Find a Shared Drive
     Worm of prototype just create so many               • Mapping Drive
useless trash files by copy itself continuously          • Copying Worm and Execute
and it is not so harmful to system but I-Worm
decrease the system speed seriously by                        In general, copied worm is not activated
attempting copy through the network. During              immediately and it is stored at starting folder
past few years, many different types of I-               which can be executed automatically with the
Worm were created. As a result of it, I-Worms            start of Window. So the copied worm can be
are classified by two different types such as            activated automatically at the reboot of
Network Worm and Internet Worm according                 system. Netlog is one of the Network Worm.
to its propagation ways. If it is propagated             Netlog set the IP to search the dissemination
through local network, it is called as Network           target and find out the system which is share
Worm and if it is propagated through global              the entire C drive in whole subnet system.
network like internet, it is called as Internet          Then, set the target drive by J drive and copy
Worm. Internet Worm is classified into three             the worm to Window folder and Window Start
categories according to PC infection method.             folder to make it activated for infection at next
First group of Internet Worm is activated by             start of Windows.
just reading e-mails. Second group is activated
by opening attached files of e-mail. Third                    Window Worm is one of the dominating
group is activated by itself without any PC              Internet Worm nowadays and there are two
user's action. Also E-mail Worm is classified            types of Window Worm depending on which
as Slow mass-mailers and Fast mass-mailers               type of platform they use. Window Worm is
depending on its dissemination speed. Slow               activating at Window system and Non-
mass-mailers Worm is transferred at the same             Window Worm is activating at different
time when the infected PC users send an e-               platform. Window Worm makes use of e-mail,
mail and Fast massmailers Worm is                        newsletter, IRC, MSN Messenger, Gnutella,
disseminated to many e-mail users at once. E-            IIS and other chatting programs. Most well
mail Worm use the email client such as                   know Non-Window Worm of love-letter
Microsoft Outlook and Outlook Express to                 concept is Morris Worm which is activating at
disseminate the worm to other PC users and it            Macintosh and UNIX system such as Linux
is transferred at the same time to all the users         and Solaris. Linux Ramen Worm is first Non-
whose e-mail addresses are listed in specific            Window Worm which produced tremendous
mail client. On that way, if one is infected by          amount of damages. Also the As mind of
e-mail worm then so many other PC users                  Solaris and Simpson of
whose e-mail addresses are stored in an                  Macintosh is other types of Non-Window
infected PC have possibilities of infection.             Worm which can be found recently.
This chain reaction can cause great amount of
PC infections and damages in very short time.            4. Preceding Authentication Method
Current trends of e-mail worm such as
Loveletter and Navidad, use very sensitive                   When looking at privacy concerns in
words which stimulate the PC user or use the             addition to the integrity service, we may
title that lewd photos or video files are                consider that each entity authorized to access
attached. Moreover, recent e-mail worm                   to an information and possibly to change it
disguise that updated virus vaccine files are            must be able to sign the new version of this

ISSN: 1109-2742                                    480                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                            Tai-Hoon Kim

information in such a way that its identity has           authenticated to attacker as normal TAG.
to be indistinguishable from the identities of            Attacker give R that continuous character
all the user entitled to access the database in           string which consists of 0 in the value of (5)
writing.[18]                                              that READER transmits to TAG in the middle
                                                          of session. And then, attacker transmits T
     There is an existing hash based                      instead of Q. Therefore, the TAG can't notice
authentication method Figure 3 which is                   error. When next authentication processing,
proposed by Henrico and Muller[10]. This                  server can find existed ID with h(ID).
method is a protocol which prevents location              However, there is an disadvantage that TAG
tracking by updating ID based on hash.                    can't receive authentication, existing ID about
Manufacturer constructs database which can                LST is not corresponded with saved TAG and
save h(ID), ID, TID, LST, AE and save ID,                 database. There is another method that
TID and LST in TAG. The TAG which                         READER generates random value S with
received query increases 1 of TID and                     Pseudo random number generator and query to
calculates h(ID), T=h(TID xor ID), TID and                TAG previously [5]. However, these methods
transmits to READER. The database searches                have an disadvantage. If the 3rd person send
ID with h(ID) and calculates T' which is added            spoofing query to TAG as READER, the TAG
pertinent TID to ΛTID. In [Fig 1], If T and T'            can't notice normal user or not. Of course,
are same in Behaving of ⑶ , Database                      several advanced methods are proposed to
                                                          solve the disadvantage. But they can't solve
calculates and transmits Q and xor calculates
                                                          original problem.
randomly generated R for updating ID. The
tag which received ⑸ also calculates Q' and               5. Suggested Authentication Method
compares with Q. If both Q' and Q are same,
the tag updates its ID. AE is designed safe                    As suggested in [11] a new authentication
from errors in system or losing messages by               method which is safe against spoofing attack
attacker. Because AE has previous ID                      and reducing hash time that 2 of hash function
information.                                              time reduce one in tag calculation time. This
                                                          is shown in Figure 4. This method is similar
                                                          to ID transformation protocol based on
                                                          advance hash [12]

       Figure 3 Authentication          Protocol
based on hash [11]
                                                          Figure 4 Suggested Authentication Method
     In the perspective of the location tracking          [12]
this method is safe because the ID updates
when authentication process is over. In case                  This is done as of the following, first
of    abnormal     authentication     processing          TAG makes random value R from pseudo
between TAG and database that is attacker                 random number generator and then, creation
send query to TAG for attack, The attacker                A’=h(ID||R) and then, A’ and R transmit to
can do location tracking attack to TAG                    DB through READER. DB is searching ID
because      The     TAG      always      replies         through A’ and R and creating A=h(ID||R).
corresponding h(ID). If the TAG transmit (2)              DB compares A with A’. If both are same,
in session with database before opening                   DB authenticates the right TAG and updating
normal authentication session, database is                XOR calculating ID to A’ then transmit it to

ISSN: 1109-2742                                     481                        Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                             Tai-Hoon Kim

TAG. TAG compares A with A’ and if both                        The key exchange mechanism proposal in
are the same, TAG calculates ID=ID xor A.                 [8][15] has three phases. The first is a
                                                          preliminary setup phase. In this phase, public
The authentication process is summarize in                information and random number matrix of an
                                                          initiator are delivered to its responder. In the
                  A generator created by the              second phase, the initial seed is generated
   g1 (k)         initiator at the k-th time              which is used to create a shared secret key for
   h ()           A cryptographic hash function           the data communication session. The third
                  A random number at the [m,n]            phase performs dual authentication between
                  cell of the random number               communication parties and creates a data
   MX[m,n]        matrix                                  encryption key that are shared.
                  MX[ , ]
   Y1(1),         Initiator’s first and second            6.1 Model and Notation
   Y1(2)Y         public information
                  Initiator’s first and second                 An entity which initiates a key exchange
   X1(1), X1(2)   secret information generated at         mechanism is called an initiator, and an entity
                                                          which responds to the initiator’s request is
   EX (Y)         Encryption Y using X
                                                          called a responder. Both are kinds of user.
                  One-Time-ID generated by                Another type of entity which is not a user but
   OID1 (k)       Initiator at the k-th step
                                                          an attacker is called an adversary.        An
                  Challenge        generated  by
   C1             initiator                               adversary is a Polynomial-Time Machine that
                  Response to the responder’s             attacks the secrecy of key exchange
   R1CR           challenge,       generated  by          mechanism. The following table summarizes
                  initiator                               the notation used in the proposed mechanism
                  Encrypted challenge message             of [15].
   CM1            generated by Initiator
the following:                                            Table 1. Notation

query to TAG
generate R;                             /*Tag*/           6.2 One-Time-ID(OID)
compute A’ = h(ID||R);
send (A’,R) to READER                                          The OID is an identity that can be used
bypass to DB;                                             only once for identifying a user. One-time-ID
        /*Reader*/                                        can be used to protect DOS attacks and man-
search ID using (A’,R)                  /*DB*/            in-the-middle attacks. To prevent DOS and
if ID exist                                               man-in-the-middle attacks, OIDI(i) is attached
        computer A=h(ID||R);                              at every i-th message transmission
        if A’=A
               ID’=ID’ XOR A’;                            OIDI(i) = h([m,n], MX[m,n], j)
               Send A to READER
bypass to TAG;                                                 OIDI(i) is a hash function of [m,n],
        /*Reader*/                                        MX[m,n], and j, where [m,n] is a random
if A=A’ then ID=ID=XOR A;               /*Tag*/           position among the random numbers assigned
                                                          to the initiator within the random number
                                                          matrix, MX[M,N], and j is just a random
6. Proposed Key Exchange                       in         number in i-th message transaction. By using
Authentication Mechanism                                  [m,n], we can detect DOS attacks and also
                                                          decide who the initiator is. Man-in-themiddle
                                                          attacks are detected by checking whether the

ISSN: 1109-2742                                     482                         Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                                Tai-Hoon Kim

transferred hash value is correct or not. For              regenerate the initial seed dynamically
message integrity, we attach the hash value of             depending on the current client environment
all of the parameters transferred together at              or adapting to the change in the security level.
each message transmission.                                 Because the proposed system does not use
                                                           public key cryptography like Deffie-Hellman
6.3 Phases                                                 and RSA, which requires much computing
                                                           power, it can be used for thin clients like
     In the preliminary set up phase,                      mobile or ubiquitous computing devices.
preliminary number are generated and                       Moreover, the proposed system is so efficient
delivered to the opposite side for the next                as to finish within two messages round for
phase. For the Diffie-Hellman key exchange,                authenticated key exchange. Aside from that,
the initiator side generates X1(1), g1 (1),p 1 (1)         the scheme provides more concrete protection
and deliverits public values to the responder.             against DOS attack and Man-in-the middle
Fro the purpose of protecting it from DOS                  attacks.
attack and Man-in-the-middle attacks using
One-time-ID, the responder generates a MxN                 8. Conclusion
random number matrix and assigns them to
the initiator. Be careful, however, that the                        Active Networks architecture is
same cell should not be assigned to different              composed of execution environment.        This
initiator. The responder should save the cell              differ    from     the   traditional   network
assignment information. This information is                architecture which seeks robustness and
used for protecting against DOS attacks.                   stability by attempting to remove complexity
     The authentication and key exchange                   and the ability to change its fundamental
phase is in the sth session. Each party has the            operation      from     underlying     network
same seed that can be used to create the                   component. Active networking allows the
shared secret key. At the first step the                   possibility of highly tailored and rapid "real-
initiator sends OID 1(1) that includes AK 1(S)             time" changes to the underlying network
as a member of hash input. Using this value                operation. This paper proposed an efficient
OID 1(1), the responder can know whether the               dual authentication key exchanged in an active
sender has the correct shared secret key or not,
                                                           network scenario. The proposed system does
authenticating the initiator. The working key
                                                           not require the public key cryptography like
WK S is used as the shared data encryption key
                                                           Diffie-Hellman and RSA and certificates. The
during the sth session.
                                                           scheme protects personal privacy of identity
                                                           information. It also provides an effective
7. Analysis
                                                           method to protect against DOS attacks with
                                                           the scope information of initiator’s random
    A safe authentication method presented in
Section 5 and particularly by using the                    number table sent by the responder.
proposed key-exchange mechanism generates
a scheme that provides exceeding security to               9. References
an unsecure communication.            The key
exchange method [15] was proven to provide                  [1] Gross, Ralph; Acquisti, Alessandro; Heinz, J. H.
                                                           (2005), "Information revelation and privacy in online
dual-authentication key exchange mechanism                 social networks", Workshop On Privacy In The
as well as data integrity and data                         Electronic Society; Proceedings of the 2005 ACM
confidentiality. The existing method IKE and               workshop on Privacy in the electronic society, pp. 71-
P-SIGMA are based on the fixed seed of                     80, doi:10.1145/1102199.1102214
shared key like One-Time –ID and an                        [2] 3. R. Koodli and C. Perkins, "Fast Handover and
                                                           context Relocation in Mobile Networks, "ACM
authentication key. Accordingly, if the culprit            SIGCOMM Comp. Commun. Rev., vol. 31, Oct. 2001.
knows the fixed secret information, one can                [3] M. Balazinska and P. Castro, "Characterizing
impersonate the initiator in the future session..          Mobility and network usage in a Corporate Wireless
in contrast, the proposed scheme can

ISSN: 1109-2742                                      483                           Issue 8, Volume 9, August 2010
WSEAS TRANSACTIONS on COMMUNICATIONS                                                                   Tai-Hoon Kim

Local Area Network, "Int'l. Conf. Mobile Systems,               [20] A Mahfoudhi, W Bouchelligua, M Abed
Apps, and Services, May 2003.                                   M Abid, “Towards a new approach of model-based HCI
[4] Sungho Yoo, Kihyun Kim, Yongho Hwang and                    Conception” 6th WSEAS International Conference
Piljoong Lee, H. "Satus-Based RFID Authentication               on Multimedia, Internet & Video Technologies,
Protocol," Journal of The Korean Institute of                   pages 117-125, September 22-24, 2006
Information Security and Cryptology, Volume 14,
Number 6, pp. 57-67, December 2004.
[5] Wikipedia.org
[6]. S. Pack and Y. Choi, "Pre-Authenticated Fast
Handoff in a public Wireless LAN based on IEEE 802.
1x Model," IFIP TC6 Pers. Wireless Commun., Oct.
[7]. M. Nakhjiri, C. Perkins, and R. Koodli, "Context
Transfer Protocol," Internet Draft: draftietfseamoby-
ctp01.txt, Mar. 2003.
[8]. R. Perlman, "An Algorithm for Distributed
Computation of a Spanning Tree in an Extended LAN,"
1985, pp. 44-53.
[9] Byoung-Muk Min, Sok-Pal Cho, Hong-jin Kim, and
Dong Chun Lee,”System Development of Security
Vulnerability Diagnosis in Wireless Internet Networks”,
Computational Science and Its Applications-ICCSA
[10] Dirk Henrici and Paul Muller, "Hash based
enhancement of location privacy for radio frequency
identification devices using varying identifiers,"
PerSec'04, pp. 149-153, March 2004.
[11] Hoon Ko, Bangyong Sohn, Hayoung Park, and
Yongtae Shin “Safe Authentication          Method for
Security Communication in Ubiquitous” Computational
Science and Its Applications-ICCSA 2005
[12] Youngjoo Hwang, Misoo Lee, Donghoon Lee and
Jongin Lim, "Low-Cost RFID Authentication Protocol
on Ubiquatous." CISC'S04, pp. 120-122, June 2004.
[13] H. Krawczyk, The IKE-SIGMA Protocol, Internet
Draft, 2001
[14] Kenji IMAMOTO, Kouichi SAKURAI, A Design
of Diffie-Hellman Based Key Exchange Using One-
Time ID in Pre-shared Key Model, AINA’04. IEEE,
[15] Yonghwan Lee, Eunmi Choi , and Dugki Min “An
Authenticated Key Exchange Mechanism Using One-
Time Shared Key”, Computational Science and Its
Applications-ICCSA 2005.
[16] Jin-Mook Kim, In-sung Han, and Hwang-bin Ryou
“An Active Node Management System for Secure
Active Networks “Computational Science and Its
Applications-ICCSA 2005
[17] G Oatley, K Mcgarry & B Ewart, “Prioritizing of
Offenders in Networks”, 6th WSEAS International
Conference on Simulation, Modelling and Optimization
2006, pages 144-146, September 22-24, 2006
[18] R Akimana, O Markowitch, Data and Code
Integrity in Grid Environments, WSEAS International
Conference on Simulation, Modelling and Optimization
2006, pages 677-682, September 22-24, 2006
[19] S Pervez, I Ahmad, A Akram, S .U Swati A
Comparative Analysis of Artificial Neural Network
Technologies in Intrusion Detection Systems, WSEAS
2006, pages 84-89, September 22-24, 2006

ISSN: 1109-2742                                           484                         Issue 8, Volume 9, August 2010

Shared By:
Tags: Active, Network
Description: Active Network has two meanings: One is known as ANN network intermediate nodes (such as routers, switches), not only to complete the network functions such as store and forward, and can contain data and code on the so-called active packets and ordinary packets is calculated, with Computing power of the network node receiving data packets from the network device after the implementation of appropriate procedures for processing the packet, and then to send packets to other network nodes. The second is the user according to the requirements of network applications and services, the network can be programmed to complete these calculations.