International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Issues & Challenges for Security of Semantic Web Prof. S.L.Arora Gurmeet Kaur Associate Professor Assistant Professor Dyal Singh College, Dyal Singh College, Karnal, India Karnal, India
Abstract- Today Semantic web technologies have several applications because of their expressive and reasoning power. Security is one in all the foremost vital quality attributes in Semantic web. This paper describes issues for security of semantic web and challenges for implementation of security through layers. These layers are presented as a backbone for semantic web architecture and are represented in XML security, RDF security and in an idea of semantic web security standardization/ trustworthy. Semantic web proposes new security requirements; so, previous security mechanisms offer insufficient support for an in-depth treatment of security in trustworthy Semantic web. To make trustworthy Semantic Web, many issues need being handling efficiently.
Keywords: XML, RDF, TCP/IP
1. Introduction The advent of the World Wide Web (WWW) has resulted in even greater demand for managing data, information and knowledge effectively. The web technologies like WSDL facilitate the integration of information from a syntactic point of view; there is still a lot to be done to integrate the semantics of various systems and applications. That is, web technologies WSDL depend a lot on the human-in-the-loop for information integration. There is now so much data on the web that managing it with conventional tools is becoming almost impossible. New tools and techniques are needed to effectively manage this data. Tim Berners Lee, the father of WWW, realized the inadequacies of traditional (WSDL) web technologies and subsequently strived to make the web more intelligent. His goal was to have a web that will essentially alleviate humans from the burden of having to integrate disparate information sources as well as to carry out extensive searches. He then came to the conclusion that one needs machine understandable web pages and the use of ontologies for information integration. This resulted in the notion of the semantic web [1]. Therefore, to provide interoperability as well as warehousing between the multiple data sources and systems, and to extract information from the databases and warehouses on the web, various tools are being developed. The semantic web [1] is a vision of an Internet in which web resources are enriched with machine-process able metadata that describes their meaning. In the semantic web, a web resource‘s metadata makes it possible to evaluate its appropriateness for a given query, which in turn will lead to greater efficiency of web resource allocation, despite the daily expansion of web space. A semantic web can be thought as a web that is highly intelligent and sophisticated and one needs little or no human. Intervention to carry out tasks such as scheduling appointments, coordinating activities or nearby devices, searching for complex documents as well as integrating disparate databases and information systems. While much progress has been made toward developing such an intelligent. Web there is still a lot to be done. For example, technologies such as ontology matching, intelligent agents, trustful information, and markup languages are contributing a lot toward developing the semantic web. Nevertheless one still needs the human to make decisions and take actions. There have been many developments on the semantic web [2][3]. The World Wide Web Consortium (W3C) has specified several standards for the semantic web [4], organized into different layers (i.e., the semantic web layers cake). These standards include XML and XML Schema for representing the data, RDF and RDF Schema for describing the data by means of vocabularies, and OWL a language for defining and instantiating web Ontology. In this paper, we focus on one of the topics and that is securing the semantic web. As the web evolves into the semantic web, there are more and more possibilities for security breaches as we introduce new technologies. Therefore, it is critical that security is considered right from the beginning of expansion of the semantic web. For the semantic web to be secure we need to ensure that all of the layers of the semantic web are secure. This includes secure XML, secure RDF, secure ontology‘s, and ensure the secure interoperation of all these technologies. In this paper we are describing an overview of the semantic web security standards. First of all we are describing layered framework of the semantic web along with security issues proposed by Tim Berners Lee. Next we are describing challenges for implementation of security for semantic web.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 1 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 2. Issues for Security standards of the Semantic web 2.1. Overview We first provide an overview of security issues for the semantic web and then discuss some details on XML security, RDF security and secure information integration, which are components of the secure semantic web. As more progress is made on investigating these various issues, we hope that appropriate standards might be developed for securing the Semantic web. As stated earlier, logic, proof and trust are at the highest layers of the semantic web. That is, how can we trust the information that the web gives us? Closely related to trust is security. However security cannot be considered in isolation. Security cuts across all layers and this is a challenge. That is, we need security for each of the layers and we must also ensure secure interoperability as illustrated in Fig. 1. For example, consider the lowest layer. One needs secure TCP/IP, secure sockets, and secure HTTP. There are now security protocols for these various lower layer protocols. One needs end-to-end security. That is, one cannot just have secure TCP/IP built on entrusted communication layers. That is, we need network security. Next layer is XML and XML schemas. One needs secure XML. That is, access must be controlled to various portions of the document for reading, browsing and modifications. There is research on securing XML and XML schemas. The next step is securing RDF. Now with RDF not only do we need secure XML, we also need security for the interpretations and semantics. For example under certain context, portions of the document may be Unclassified while under certain other context the document may be classified. As an example one could declassify an RDF document, once the war is over. Lot of work has been carried out on security constraints processing for relational databases. One needs to determine whether these results could be applied for the semantic web (see Ref. [5]). Once XML and RDF have been secured the next step is to examine security for ontology‘s and interoperation. That is, ontology‘s may have security levels attached to them. Certain parts of the ontology‘s could be Secret while certain other parts may be Unclassified. The challenge is how does one use these ontology‘s for secure information integration? Researchers have done some work on the secure interoperability of databases. We need to revisit this research and then determine what else needs to be done so that the information on the web can be managed, integrated and exchanged securely. Security should not be an afterthought. We have often heard that one needs to insert security into the system right from the beginning. Similarly security cannot be an afterthought for the semantic web. However, we cannot also make the system inefficient if we must guarantee one hundred percent security at all times. What is needed is a flexible security policy. During some situations we may need 100% security while during some other situations say 40% security (whatever that means) may be sufficient.
2.2 XML Security Numerous analysis efforts are reported on XML security (see for example, [6]). We tend to discuss a number of key points. The main challenge is whether to offer access to entire XML documents or elements of the documents. Bertino et al have developed authorization models for XML [7]. They have targeted on access management policies as well as on dissemination policies. They conjointly thought of push and pull architectures. They specified the policies in XML [7]. The policy specification contains data regarding which users can access those parts of the documents. In [6] algorithms for access control as well as computing views of the results are presented. Additionally, architectures for securing XML documents also are mentioned. W3C (World Wide Web Consortium) is specifying standards for XML security.
2.3 RDF security RDF is the foundations of the semantic web. While XML is limited in providing machine understandable documents, RDF handles this limitation. As a result, RDF provides better support for interoperability as well as searching and Cataloging. It also describes contents of documents as well as relationships between various entities in the document. While XML provides syntax and notations, RDF supplements this by providing semantic information in a standardized way. The basic RDF model has three types: they are resources, properties and statements. Resource is anything described by RDF expressions. It could be a web page or a collection of pages. Property is a specific attribute used to describe a resource. RDF statements are resources together with a named property plus the value of the property. Statement components are subject, predicate and object. There are RDF diagrams very much like say ER diagrams or object diagrams to represent statements. More advanced concepts in RDF include the container model and statements about statements. The container model has three types of container objects and they are Bag, Sequence, and Alternative. A bag is an unordered list of resources or literals. It is used to mean that a property has multiple values but the order is not
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 2 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 important. A sequence is a list of ordered resources. Here the order is important. Alternative is a list of resources that represent alternatives for the value of a property. Various tutorials in RDF describe the syntax of containers in more detail. Again one can use object-like diagrams to represent containers and statements about statements. RDF also has a formal model associated with it. This formal model has a formal grammar. For further information on RDF we refer to the work of W3C reports (see Ref. [8]). As in the case of any language or model, RDF will continue to evolve. However with RDF we also need to ensure that security is preserved at the semantic level. The issues include the security implications of the concepts resource, properties and statements. That is, how is access control ensured? How can properties and statements be protected? What are the security properties of the container model? How can bags, lists and alternatives be protected? How can we express security constraints in RDF? What are the security implications of statements about statements? How can we protect RDF schemas? Can we specify security policies in RDF? How can we resolve semantic inconsistencies for the policies? These are difficult questions and we need to start research to provide answers. XML security is just the beginning. Securing RDF is much more challenging.
2.5 Ontology’s / Interoperability Security Information is everywhere on the web. Information is essentially data that makes sense. The database community has been working on database integration for some decades. They encountered many challenges including interoperability of heterogeneous data sources. They used schemas to integrate the various databases. Schemas are essentially data describing the data in the databases (see Ref. [9]). Now with the web, one needs to integrate the diverse and disparate data sources. The data may not be in databases. It could be in files both structured and unstructured. Data could be in the form of tables or in the form of text, images, audio and video. One needs to come up with technologies to integrate the diverse information sources on the web. Essentially one needs the semantic web services to integrate the information on the web. Now RDF is only a specification language for expressing syntax and semantics. The question is what entities do we need to specify? How can the community accept common definitions? To solve this issue, various communities such as the medical community, financial community, defense community, and even the entertainment community have come up with what are called ontology. Next layer is the Ontology‘s and Interoperability layer. One could use ontology to describe the various wines of the world or the different types of aircraft used by the United States Air Force. Ontology‘s can also be used to specify various diseases or financial entities. Once a community has developed ontology‘s, the community has to publish these ontology‘s on the web. The challenge for security researchers is how does one integrate the information securely? Ontology‘s are playing a major role in information integration on the web. How can ontology‘s play a role in secure information integration? How do we provide access control for ontology‘s? Should ontology‘s incorporate security policies? Do we have ontology‘s for specifying the security policies? How can we use some of the ideas discussed in [2] to Integrate information securely on the web? That is, what sort of encryption schemes do we need? How do we minimize the trust placed on information integrators on the web? We have posed several questions. We need a research program to address many of these challenges. 2.6 Trust, Logic & Proof for Security
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 3 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 One of the layers of the semantic web is Logic, Proof and Trust. Essentially this layer deals with trust management and negotiation between different agents and examining the foundations and developing logics for trust management. The final layer is logic, proof and trust. The idea here is how do you trust the information on the web? Obviously it depends on whom it comes from. How do you carry out trust negotiation? That is, interested parties have to communicate with each other and determine how to trust each other and how to trust the information obtained on the web. Closely related to trust issues is security and will be discussed later on. Logic-based approaches and proof theories are being examined for enforcing trust on the semantic web. Note that the layers as evolving as progress is made on the semantic web. For example, more recently a layer in query and rules has been included to support query and rule processing capability. Therefore for more up-to-date information we refer to the work of W3C. The challenges include how do you trust the information on the web? How do you trust the sources? What are the semantics for trust management? How do you negotiate between different parties and develop contracts? How do you incorporate constructs for trust management and negotiation into XML and RDF? Researchers are working on protocols for trust management. Languages for specifying trust management constructs are also being developed. Also there is research on the foundations of trust management. How do you share the data and information on the semantic web and still maintain autonomy. How do you propagate trust? For example, if A trusts B at say 45% of the time and B trusts C 35% of the time, then what value do you assign for A trusting C? How do you incorporate trust into semantic interoperability? What are the quality of service primitives for trust and negotiation? That is, for certain situations one may need 100% trust while for certain other situations 45% trust may suffice. Much research still needs to be done here. When we compare with other emerging technologies, the research progress for the trusted semantic web is very slow and the results are scarce [10] [11]. Trusted semantic web defined as well-defined trust ontology‘s and trust rules in the agent interaction protocols so that agent‘s access control services, such as authentication, authorization, and delegation can be achieved. This approach not only solves the agent‘s authenticity and authority problems but also provides the possible capacity to resolve information propagation authenticity, ontology and rule integrity issues in the future.
3. Challehges for Secure Semantic Web Information assurance, security, and privacy have moved from narrow topics of interest to information system designers to become critical issues of fundamental importance to society. As such, they also play an important rule in web-based applications and newer technology such as semantic web applications. These applications need the capability for agents, devices and services to seamlessly interact while preserving appropriate security, privacy and trust. Meeting this challenge requires realizing three high-level objectives: 1. To advance the theory and practice of security, privacy, and trust of web based interactions by providing technology for trust in the semantic web and trustworthy, semantically annotated web services; 2. To provide declarative policy representation languages, ontology‘s, and inference algorithms for security, trust and privacy management, enforcement, and negotiation; and 3. To prototype software tools allowing system designers and end users to both specify and verify policies for trust and privacy. We discussed some aspects of security in earlier sections. First of all the technologies that form up the semantic web have to be secure. These embody XML, RDF, agents, the infrastructures as well as the data management and information management technologies. We need to make sure that security is preserved when integrating the technologies. For example, there exists a significant body of standardization efforts for security of XML-based web services, such as WS-Security [12], -Trust [13], and -Policy [14] at W3C, or SAML of the OASIS Security Services Technical Committee, and the Security Specifications of the Liberty Alliance Project. WS-Security provides a layer of security over SOAP, which is an XML-, based protocol for exchanging information primarily used for web services. WS-Security describes how to attach signature and encryption headers or security tokens to SOAP messages. For instance, one desires proper access to the XML documents. Furthermore, these documents should be encrypted for the applications. Numerous security technologies for the net do exist at the present. These technologies should be evaluated for the semantic web. There is the need to incorporate security semantics into semantic interoperability. The varied logics being developed for the semantic web should be examined and security properties should be incorporated. One example is logic for secure data and knowledge based systems known as NTML (Non-monotonic Typed Multilevel Logic) mentioned in [15]. A broad range of security-related notions, such as authentication, authorization, access control, confidentiality, data integrity, and privacy are relevant for semantic web technology. Low-level encryption, digital signature mechanisms, certification, and public key infrastructures provide a good security infrastructure for web-based
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 4 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 interactions. However, providing higher-level security, especially without prior trust relations in dynamic interactions, relies on a variety of ad hoc mechanisms. This heterogeneity of mechanisms leaves security holes with deleterious effects. Because of the opportunities for unauthorized inferences through data mining tools, the semantic web may exacerbate the inference issues. We need to look at this issue for the semantic web. We conjointly need to examine the inference problem for the semantic web as inference is embedded into the descriptive logics for the semantic web. Inference is the method of posing queries and deducing new data. It becomes a problem when the deduced data is something the user is unauthorized to understand. A discussion of the inference problem for the semantic web is given in [16], [17], and [18]. While XML, RDF and OWL documents have to be secure, we can conjointly use these specification languages (e.g., XML, RDF, OWL) to specify policies. There has been plenty of work on specifying policies in XML. For instance, Bertino et al have used XPath expressions to specify policies [19]. These policies are then applied to secure XML documents. In addition to handling confidentiality policies, their work is also specializing in specifying privacy policies as well as trust policies in XML [20]. Standards play an important role in the development of the semantic web. W3C has been very effective in specifying standards for XML, RDF and the semantic web. We need to continue with the developments and try as much as possible to transfer the research to the standards efforts. The standards support low-level security or policy markups that concern formats of credentials or supported character sets for encoding. They do not address semantic user- or application-specific trust tokens and their relations, nor do they allow for expressive policies. The standards deliver to the needs of B2B applications where trusted partners and business relationships have already been established in advance of operation and transactions. However, in a world where more and more public and private services are becoming available online and the vision of cyber-societies is becoming reality, assumptions about pre-established trust relationships do not hold true. The standards are not extensible to more dynamic environments in which simple authentication is not enough, but authentication on user-defined attributes needs to be considered as „foreign― or unknown entities will interoperate with each other across heterogeneous domains and applications using delegation mechanisms. 4. Conclusion & Further work In this paper, we have presented a variety of problems with implementation challenges for security of semantic web .We first described the layered framework of the semantic web proposed by Tim Berners Lee. We discuss that security must cut across all the layers. Furthermore, we need to integrate the information across the layers securely. To do this we described some more details on XML-Security, RDF-Security, Ontology‘s / Interoperablity security & Trust, Logic and Proof for security of semantic web. Several efforts are under way to develop ontology‘s and mark-up languages for various information sorts and applications. However, security has not received much attention apart. Therefore, as we discuss the assorted standards, we might like to ensure that security problems are addressed totally. Furthermore, we would like to still develop ontology‘s in order that organizations can integration and share data to hold out effective collaboration in a very secure manner. Security cuts across every layer of the semantic web. One wants secure XML. That is, access should be controlled to numerous parts of the document for reading, browsing and modifications.There is analysis on securing XML and XML schemas. The succeeding step is securing RDF. We also need to transfer the Research and standards to commercial products. The next step for the semantic web standards efforts is to examine security, privacy, quality of service, integrity, proof of information, trust and other features such as multimedia processing and query services. As we have discussed security and privacy are critical and must be investigated while the standards are being developed. In final words of this paper it must be told that main consideration is how obtain trusted information. And research in ―trust area‖ in semantic web poses new challenges that can be significant body of work in a way to trust in computer science. But, it is also highly considered that security of information is on a high level and that is proof for well based security model and it is starting point for modeling trust.
References [1] T. Berners Lee, J. Hendler, O. Lassila, The semantic web,Scientific American; May 2001, 34 – 43 [2] B. Thuraisingham, XML, Databases and the semantic web, CRC Press, Florida, 2001. [3] B. Thuraisingham, The semantic web, in: W. Bainbridge (Ed.), Encyclopedia of Human Computer Interaction, Berkshire Publishers, 2003. [4] www.w3c.org [5] B. Thuraisingham, W. Ford, Security constraint processing in a distributed database management system, IEEE Transactions on Knowledge and Data Engineering (1995) 274–293.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 5 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [6] Bertino, E. et al, Secure Third Party Publication of XML Documents, To appear in IEEE Transactions on Knowledge and Data Engineering, 2004. [7] E. Bertino et al, Secure Knowledge Management, IEEE Transactions on Systems, Man and Cybernetics, May 2006. [8] Resource Description Framework, www.w3c.org. [9] A. Sheth, J. Larson, Federated database systems, ACM Computing Surveys (1990 September) 183–236. [10] G. Jennifer, J. Hendler, and B. Parsia, Trust Networks on the semantic web. World Wide Web Conference, Budapest, Hungary, May 20-26 2003. [11] Y. Gil and V. Ratnakar, Trusting Information Sources One Citizen at a Time. The semantic web - ISWC 2002, (2002), 162-176. [12] B. Atkinson, et al. web services security (WS-Security), http://www.106.ibm.com/developerworks/webservices/library/ws-secure/O; 2002. [13] G. Della-Libera, et al. web services trust language (WS- Trust).http://www.106.ibm.com/developerworks/library/ws-trust/O, 2003. [14] D. Box, et al. web services policy framework (WS-PoIicy), http://www- 106.ibm.com/developerworks/library/ws-polfram/O; [15] Thuraisingham B., ―NTML: Nonmonotonic Typed Multilevel Logic for Secure Data and Knowledge Base Management Systems‖, Proceedings of theComputer Security Foundations Workshop, Franconia, NH, 1991. [16] Farkas, C. and A. Stoica, Correlated Data Inference, Proceedings data and Applications Security Conference, 2003. [17] Thuraisingham B., ―Security Standards for the Semantic Web‖, Computer Standards and Interface Journal, 2005 [18] Nathalie Tsybulnik and Bhavani Thuraisingham, ―Administering the semantic web: cpt: confidentiality, privacy and trust management‖, Technical Report UTDCS-06-06 Department of Computer Science, The University of Texas at Dallas, February 2006, pp. 1-19. [19] Bertino, E. et al, Secure Third Party Publication of XML Documents, To appear in IEEE Transactions on Knowledge and Data Engineering, 2004. [20] E. Bertino et al, Secure Knowledge Management, IEEE Transactions on Systems, Man and Cybernetics, May 2006.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 6 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Linux Networking with Single Packet Authorization Sunil Kumar 1, Kuwar Adesh2, Narender Kumar3 Shri Krishan Polytechnic, Kurukshetra Kurukshetra, India
Abstract- With the increasing Security vulnerabilities, more and more malicious network behaviors occurs such as port scan attacks, replay attacks and predominantly IP Spoofing attack targeting services on the host such as SSH Daemon which maintains security of the services. Vulnerabilities have been discovered in all sorts of security softwares from firewalls to implementation of Secure Shell (SSH) Protocol. The security mechanism of SSH Daemon thus becomes an important as far as network vulnerabilities are concerned. Consequently, a mostly familiar problem such as attack on sshd is faced. In this paper to improve the network security and enhance Secure Shell Daemon protection we have discussed the potentialities of technologies such as port knocking and SPA (Single Packet Authorization).
Keywords: SSH Daemon, Network Security, Port knock, vulnerability, Encryption algorithms, IP Spoofing, Key- Exchange, Symmetric Cryptography, Cryptographic Hash.
I. Introduction Security is a crucial research area in the computer network .The problem occurs when a miscreant steals your ID and password and then hacks your network for remote login, even when the encrypted data is transmitted. echnologies are prevalent in the current scenario with their strong security enhancement when encrypted data is transmitted such as secure shell (SSH), port knocking and SPA [1] . SSH is a software-based approach for network security. This protocol allows user to log into another computer over a network, to execute commands on that remote host or user, and to move files from one machine to another safely. This provides authentication and encrypted communication over insecure channels and is meant to replace remote tools such as rsh and rcp ,which perform without encryption and thus introduce security risks such as transmitting passwords in clear text .
SSH uses either RSA or DSA authentication. SSH uses strong encryption methods. Currently SSH deal with the following kinds of attacks: [1] 1. IP Spoofing, where remote host sends out packets that pretend to come from another, trusted host. 2. IP source routing, where a host can pretend an IP packet comes from another, trusted host. 3. DNS spoofing, where an attacker forges name server records. 4. Interception of clear text passwords and other data by intermediate hosts.
2. Security Mechanism With SSH To protect the integrity of SSH communication between two hosts following events take place: First, a secure transport layer is created so that the client knows that it is communicating with the correct server. Then, the communication is encrypted between the client and server using a symmetric cipher. With a secure connection to the server in place, the client authenticates itself to the server without worrying that the authentication information may be compromised. Finally, with the client authenticated to the server, several different services can be having safely and securely used through the connection, such as an interactive shell session, X11 applications, and tunneled TCP/IP ports. This process can be better understood if we know what is Cryptography and how does it works. 3. Role of Cryptography Cryptography can be defines as the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. Until modern times cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (plaintext) into unintelligible gibberish (i.e., ciphertext). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms that create the encryption and the reversing decryption. Further this technique works in two different modes Symmetric Cryptography Symmetric cryptography refers to algorithms which use the same key to encrypt and decrypt data (fig.1 ). These keys usually represent a ‗shared secret‘ between all users who may need to communicate using the same algorithm. An example of a symmetric algorithm is the Data Encryption Standard (DES) which was selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976 [2] © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 7 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 1 : Symmetric Cryptography Encryption and Decryption
Asymmetric Cryptography Asymmetric cryptography, also known as Public Key Cryptography (PKC), refers to the fact that different keys are used in the encryption and decryption processes. These keys are mathematically related, but the private key cannot be derived from the public key. In public key cryptography, the private key is kept secret, whilst the public key can be distributed freely. In such a way, anyone can use a user‘s public key in order to encrypt a message to them, but only the user holding the corresponding private key can decrypt that message [3] As depicted in figure 2 below:
Figure 2 : Asymmetric Cryptography
4. Layers of SSH Security The SSH protocol allows any client and server programs built to the protocol's specifications to communicate securely and to be used interchangeably. Now we are clear to discuss how does SSH protocol adds layers of security with each of these layers providing its own type of protection. [7, 8, 9]
The Transport- Layer Protocol [SSH-TRANS]: It provides server authentication, confidentiality, and integrity. It may optionally also provide compression. The transport layer will typically be run over a TCP/IP connection, but might also be used on top of any other reliable data stream . A User Authentication Protocol [SSH-USERAUTH]: This authenticates the client-side user to the server. It runs over the transport layer protocol. The Connection Protocol [SSH-CONNECT]: It multiplexes the encrypted tunnel into several logical channels. It runs over the user authentication protocol. Once an SSH client contacts a server, key information is exchanged so that the two systems can correctly construct the transport layer[1-6]
4(i). SSH Setup The Steps needed for setting up the SSH Server and client account (refers to figure 4 ) can be explained with the help of an example: 1. Suppose George wants to communicate with Cecelia. He should have his public and private key along with passphrase for authentication. 2. George Distributes his public key to Cecelia‘s accounts he wants to access, placing it in cecelia‘s account in 3. ssh/authorized_keys or .ssh/authorized_keys2 file. 4. George also needs to know other account‘s passphrase to access it.
When a user on a client machine tries to establish a secure channel with a remote machine using the SSH protocol, at least four entities are involved, which are explained below - The SSH client on the client machine, - The SSH Daemon (SSH server) running on the remote server host (sshd), - The user on the client machine and - The administrator on the remote server host. The user can use various client machines to log in to a specific server. The administrator is mainly responsible for configuring the security parameters on an sshd and ascertaining that the sshd is running properly. The Open SSH client, which is an open source client using the SSH2 protocol, manages the key pairs as follows [10]. There are many threats that came forward in this scenario.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 8 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 In general, these threats can be categorized as below: Interception of communication between two systems — In this scenario, a third party exists somewhere on the network between communicating entities and makes a copy of the information being passed between them. The intercepting party may intercept and keep the information, or it may alter the information and send it on to the intended recipient. Impersonation of a particular host — using this strategy, an intercepting system pretends to be the intended recipient of a message. If the strategy works, the client remains unaware of the deception and continues to communicate with the interceptor as if its traffic had successfully reached its destination. e.g IP Spoofing attack where an intruder sends network packets that falsely appear to be from a trusted host on the network. and Port Scan Attacks described in .[4,5,6,12,13,14] 5. SSH Security Limitations Limitations have been discovered in all sort of Security Soft -wares from Linux based Iptables to implementations of the Secure Shell (SSH) Protocols. For example, OpenSSH has been developed by some of the most security – conscious developers in the world, and yet it occasionally contains a remotely exploitable vulnerability. To exploit a vulnerability in server software (as opposed to client software), the first step is that; the attacker needs to locate a target. This process is brilliantly automated by Nmap, so it is easy to construct a list of target systems which may be ripe for hacking [16] However, the SSH authentication model is weak as explained below:- 1. When the server sends its public key and its signature, since they are not signed by a third party, it is trivial for an attacker to sit in the middle and intercept the connection, and send his own public key and signature instead; 2. When the user sends his own password, to the attacker thinking that he is the server, the username and password are compromised by the attacker. 3. If it is the first time the user is connecting to a host and hence does not have the server's public key stored locally, he will be none the wiser. The attacker can send his public key to be stored instead of the real server. If the user does have the server's public key, when the attacker sends his own public key instead, the user will generally receive a warning like ―Warning: server's key has changed. Continue? Most users typically hit ―Yes‖ and do not realize the risk that someone might be trying to compromise the security of his connection by putting the attackers own public key in use instead of the real server‘s public key. Unless both parties have some pre-established shared data, any authentication system will probably be susceptible to a man-in-the-middle attack. SSHD (SSH Daemon) is the main target in this scenario.
6. POSSIBLE SOLUTIONS The solutions are based on port knocking and Single Packet authorization (SPA) protocols using authentication and authorization packages with symmetric crypto-systems [18] Port Knocking Security Using Knock Sequences (PK) In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s) [19, 20]. The primary purpose of port knocking is to prevent an attacker from scanning a system for potentially
Figure 3 : SSH Setup and access © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 9 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 exploitable services by doing a port scan, because unless the attacker sends the correct knock sequence, the protected ports will appear closed. Because of port knocking ‗s stateful behaviour ,several users from different source IP addresses can simultaneously be at varying levels of port knock. Security, and more precisely in this case ‗network security‘, can be thought of as an onion - where each layer of the onion ( figure 4 ) provides an extra layer of Protection[19]
Figure 4 : Port Knocking as an additional layer in the Defense in Depth ‗onion‘.
So in essence, SSH and FTP are layers which exist to protect the system and authenticate users before some kind of access is granted. The problem with networked services is that they are potentially vulnerable to attack. This is usually implemented by configuring a daemon to watch the firewall log file for said connection attempts then modify the firewall configuration accordingly (figure 5). It can also be performed by a process examining packets at a higher level (using packet capture interfaces such as Pcap), allowing the use of already "open" TCP ports to be used within the knock sequence[19,20,22].
Figure 5 Port knocking in Action
A portknock daemon on the firewall machine listens for packets on certain ports (either via the firewall log or by packet capture). Benefits of port knocking Port knocking is ideally suitable, in the case of remote administration provided by a latent, on-demand SSH service. When a port knock is successfully used to open a port, the firewall rules are generally only opened to the IP address which supplied the correct knock in port knocking to avert above scanning. Thus it is possible to have a genuine user with the correct knock let through the firewall even in the middle of a port attack from multiple IP's (assuming the bandwidth of the firewall is not completely swamped). Using cryptographic hashes inside the port knock sequence can mean that even sniffing the network traffic in and out of the source and target machines is ineffective against discovering the port knock sequence or using traffic replay attacks to repeat prior port knock sequences. Port security mechanism still remain in place,in case sniffing by attacker taken place successfully. With a portknock system in place on ports such as the SSH port, it can prevent brute force password attacks on logins. The SSH daemon need not even wake up as any attempt that is made without the correct portknock. Because the ports appear closed at all times until a user knowing the correct knock uses it, port knocking can help cut down not only on brute force password attacks and their associated log spam but also protocol vulnerability exploits. If an exploit was discovered which could compromise SSH daemons in their default configuration, having a port knock on that SSH port it could mean that the SSH daemon may not be compromised in
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 10 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 the time before it was updated. Only authorised users would have the knock and therefore only authorised users would be able to contact the SSH server in any way. Disadvantages of port knocking The best of modern portknock systems are much more complex, some using highly secure cryptographic hashes in order to defeat the most common attacks (such as packet sniffing and packet replay). , the port knocking software can introduce a new security problem or lower security due to risk compensation. Port knocking, as with any network authentication protocol, is potentially vulnerable to various kinds of attacks from a number of different vectors. It is important to design an authentication mechanism with the assumption that an attacker could potentially place himself anywhere on the network ( fig. 6 ) . Most attackers will not have access to any network traffic, such as Trudy, and will have to resort to simpler methods such as brute force in order to bypass strong authentication mechanisms. It is essential, however, to assume that all attackers have the knowledge and capabilities of a user such as Mallory, with the ability to watch and modify all network traffic between the client and the server[13].
Figure 6 : Network-view of threats against Port Knocking
Having a limited ability to transmit data introduces another limitation in port knocking schemes. It is difficult to guard against a replay attack [11] effectively. The problem with networked services is that they are potentially vulnerable to attack. for example, by exploiting bugs in their code, or to simple dictionary attacks. An additional port knocking limitation is that it is extremely easy for malicious third party to bust a knock sequence as it is sent over the wire by the client, just by spoofing an additional packet into the port sequence. The main issue is that such an attack is so trivially easy to perform. This has important implications for port knocking. Spoofing attacks does not remain under the radar of IDS‘s that are monitoring networks for port scan [11,13].
Single Packet Authorization (SPA) Port knocking provides some real benefits which enhance security, but some serious limitations also need to be addressed. Single packet authorization provides similar security benefits to port knocking services with a packet filter that is configured in a default – drop stance. Anyone scanning for a target service which is protected in this way will be unable to detect that such a service is listening and this makes even the zero day vulnerabilities much more difficult. SPA packet authorization offers elegant solutions to many limitations in port knocking implementations. SPA mandates a similar architecture to port knocking. Both have client and server components, the server maintains control of a default drop packet filter, and the server monitors packets passively. However, this is where the architectural similarities between port knocking and SPA diverge. In Single Packet Authorization (SPA). we use fwknop (Firewall knock Operator) which provides authentication and authorization services. Fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called SPA This method of authorization is based around a default-drop packet filter. Fwknop defines the following packet format at the application layer: 1. 16 bytes random data 2. Client username 3. fwknop version 4. Mode(access or command) 5. Access(or command string ) 6. MD5 sum
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 11 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Once the fwknop client builds the packet format above, the entire packet is encrypted using one of two encryption Algorithms: the Rijindael symmetric block cipher with a 128-bit shared key or the asymmetric ElGamal algorithms with up to a 2,048 –bit public / private key pair generated by GnuPG. By default, the fwknop client sends SPA packets over UDP port 62201, but this easily can be changed from the command line. [21] Advantages of SPA First, the 16 bytes of random data allow one of the highest priority drawbacks in port knocking to be solved – the replay problem. Every SPA packet is pre-pended with 16 bytes of random data before being encrypted, and then upon a successful decrypt by the fwknop server, the MD5 sum of the entire packet is cached. The random data allows every SPA packet to be different (even if the same directive is sent), so the MD5 sum of every packet also has a high probability of being different. If the MD5 sum of any new packet matches the sum of a previous packet, the fwknop sever takes no action and writes a warning message to syslog. Hence, any SPA packet that is intercepted by a third party can‘t be replayed on the network in an effort to get access through the default drop packet filter The basic network depicted in Figure 8 illustrates typical setup. The fwknop client is executed on the host labeled spa_client (15.1.1.1), and the fwknop server (along with iptables) runs on the system labeled spa_server (16.2.2.2). A malicious system is labeled attacker (18.3.3.3), which is able to sniff all traffic between the spa_client and spa_server systems.
Figure 7 Sample Scenario Where We Use SPA to Protect SSH Communications
With this setup on a Linux system, no one will be able to tell that SSHD is even listening under an nmap scan, and only authenticated and authorized clients will be able to communicate with SSHD. SPA offers solutions to solve replay problem ,achieve a data transmission rate that makes the use of ssymmetric encryption possible ,thrwart simple spoofing attacks and remain under the radar of intrusion detection systems that are monitoring networks for port scans[21,22]. Acknowledgement The authors are grateful to Dr. I.M Talwar Prof. and Chairman Department of Computer Engg. And IT , Shri Krishan Institute of Engg. and Technology (SKIET) , Kurukshetra for suggesting the problem and time to time guidance.
References: [1] Richard L . Peterson ― The Complete Reference Linux Fifth Edition‖, Tata Mc Grath Hills,2006 [2] National Institute of Standards and Technology (1999) FIPS PUB 46-3. ‗Data Encryption Standard (DES)‘. National Institute of Standards and Technology, 100 Bureau Dr. Stop 8900, Gaithersburg, MD 20899-8900. Available at: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf [3] Schneier B. (1996) Applied Cryptography: Protocols, Algorithms, and Source Code in C (Second Edition). John Wiley & Sons. [4] Aron Hsiao ―Linux Security Basics ― Sams Publishing ,2001 . [5] http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/ch-ssh.html/Introduction [6] http://www.ietf.org/rfc/rfc4251.txt,january 2006 [7] T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, ―SSH Protocol Architecture‖, Network Working group, Internet Draft, January 31, 2002. [8] ―SSH Connection Protocol‖, Network Working group, Internet Draft, January 31, 2002. ―SSH Transport Layer Protocol‖, Network Working group, Internet Draft, January 31, 2002. [9] . ―Authentication Protocol‖, Network Working group, Internet Draft, February 28, 2002.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 12 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [10] www.SSH.com [11]. www.OpenSSH.org [12] http://www.faws.org/rfc793.html,Sept 1981 [13] A Network Safety-Defence Mechanism with the LSM ,Jichiang Tsai,Chuyuan Tsai N.C.H University, Taichung,40227 Taiwan,2006 [14] S.McClure,J.Scambray,and G.Kurtz,Hacking exposed:Network Security Secrets and solutions,McGraw- Hill,1999 [15] J.Chirrilo,Hack attacks revealed :A complete reference for UNIX,Windows and Linux with custom security toolkits,2nd ed,Wiley,2002 [16] www.linuxforu.com ,April 2007 Single Packet Authorisation Michael Rash , Linux Journal [17] Krzywinski,M.2003.‖Port Knocking Network Authentication Across Closed Ports‖.SysAdmin Magazine 12: 12-17 [18] www.cipherdyne.com,2007 [19] Sebastien Jeanquier (2006). An Analysis of Port Knocking and Single Packet Authorization. Master‘s thesis, University of London.] [20] http:// en.wikipedia.org/wiki/Port_knocking [21] http:// www.cipherdyne.org/fwknop/docs,2010 [22] Linux Journal : Critique of Port Knocking(2004)
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 13 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Trust based Routing for Secure Wireless Networking Solutions Dr. Rajiv Mahajan[1] , Dr. Surender Singh[2] , Akhilesh Kumar Bhardwaj[3], Parveen Sharma[4] [1]Professor, GIMET, PUNJAB, [2]Associate Professor, HIET, HARYANA, [3,4]Research Scholar, PTU, PUNJAB, India
Abstract-- Presently, network security is measured as one of the most momentous factor for the acknowledgment of several wireless networking technology. Yet, security in wireless mesh network and in hybrid topology networks is still in its formative years as modest consideration has been rendered to this area by the research population. The complete security of the network must be well-built in a way so that the presence of even weakest component(s) and integration of security mechanisms in the open wireless network surroundings cannot disturb the security significance factor. In this paper, we examine the security associated characteristics, requirements and potential security attacks of wireless network. We also look forward to wireless network integration commencement along with trust based secure routing solutions.
Key-words — network security, WMN, attacks, network integration, trust and reputation, secure routing, trusted third party
I. Introduction Wireless mesh networking has evolved as encouraged wireless networking environment for next generation wireless networks. It provides speedy and straightforward extension of local area networks into a large-scale wide area networks. Idiosyncratic wireless mesh networks (WMNs) consist of mesh routers and mesh clients [1]. Mesh routers are static and power-enabled. They form a wireless backbone and interact with the wired networks to provide multi- hop wireless Internet connectivity to the mesh clients. The mesh clients access the network through mesh routers. They can also straightforwardly mesh with each other. Nothing like mesh routers, the mesh clients can be battery- operated mobile nodes. The work in [2] stated that WMNs are anticipated to resolve the limitations and to significantly improve the performance of other wireless networks. The state-of-the-art work is still insufficient for deploying sizable wireless mesh networks because important aspects such as network radio range, network capacity, scalability, manageability, and security still remain open problems [3]. For any wireless networking technology, security is considered one of the most critical factors to gain greater acceptance. Nevertheless, how to design and implement security schemes for intrusion detection is still a challenging task which needs further investigation. Most of the research in WMNs has been focused around various protocols for multi-hop routing leaving the area of security mostly unexplored [1], [2]. Besides to this, the emergence of new applications of WMNs necessitates the need for strong privacy protection and security mechanisms of WMNs.
II. Wireless Mesh Network and Its Characteristics The work in [1] defines WMN as a wireless co-operative communication infrastructure between huge amounts of individual wireless transceivers. The coverage area of the WMN radio nodes working as a single network is sometimes called a mesh cloud [4]. Wireless mesh architecture is constructed from peer radio devices that do not have to be cabled to a wired port. With watchful design, such architecture may provide high bandwidth, efficiency, and economic advantage over the coverage area. One of the measures for performance of a network is the reliability issue. The topology of WMN is tremendously very reliable and offer redundancy as each node is connected to several other nodes. In WMNs, the multi-hopping communication makes the routing aspect a very important and necessary functionality of the network. When the number of devices in WMN becomes more, then the more bandwidth will be available. As described in [2]. WMNs are undergoing speedy commercialization in numerous application scenarios like broadband home networking, community networking, building automation, high-speed metropolitan area networks, intelligent transport system networks and enterprise networking. Undoubtedly, security in a WMN is tremendously significant for effective utilization of these application domains. One main advantage of WMNs is that it enables us to join together a variety of existing networks through the gateways. Conversely, this advantage also brings associated weakness to security attacks. This leads to the need for superior attention to be given to the security issues of WMNs. Therefore, this work will attempt to survey a range of probable security attacks of WMNs and to prevent those attacks by using trust based routing. In addition to this, one of the major issues in WMNs is the security integration of heterogeneous networks. The effort in [5] point toward the open research issue concerning security solutions tailored for the dissimilar security requirements of more challenging handling scenarios. Consequently, dealing with the security
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 14 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 requirements and the security integration of mesh network with other wireless networks is essential to move toward better functionality of WMNs.
Figure 1: Infrastructure of Wireless Mesh Network
III. Security Parameters A. Confidentiality It means that definite information is accessible only to those who have been authorized to access it. In other words, it ensures that certain information is never disclosed to unauthorized entities. It is also one of the design goals for many cryptosystems. B. Integrity Integrity guarantees that a message being transferred is never corrupted. C. Availability Availability ensures the survivability of network services despite denial of service (DoS) attacks. D. Authenticity Authenticity is essentially assurance that participants in communication are genuine. It is necessary for the communication participants to ensure their identities using some techniques of authentication. E. Non-repudiation Non- repudiation ensures that the sender and the receiver of a message cannot deny that they have ever sent or received such a message. It is useful for detection and isolation of a node with some abnormal behavior. F. Authorization Authorization is a process in which an entity is issued a credential by the trusted certificate authority. G. Anonymity Anonymity means that all the information that can be used to identify the owner or the current user entity should be kept private and not distributed to other communicating parties.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 15 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
IV. ATTACKS 1. Denial of Service attack The DoS attack is encountered either by accidental failure in the system or a malicious action. The conventional way to create a DoS attack is to flood any centralized resource so that it no longer operates correctly or stop working. 2. Impersonation attack This attack creates a serious security risk in WMNs. If proper authentication of parties is not supported, compromised nodes may be able to join the network, send false routing information, and masquerade as some other trusted nodes. 3. Routing table overflow attack An attacker attempts to create routes to nonexistent nodes with intention to create enough routes to prevent new routes from being created or to overwhelm the protocol implementation. 4. Wormhole attack An attacker receives packets at one location in the network and tunnels them selectively to another location in the network. Then, the packets are resent into the network, and the tunnel between two colluding attackers is referred to as a wormhole. 5. Black hole or sinkhole attack A malicious node uses the routing protocol to advertize itself as having the shortest path to the node. In this situation, the malicious node advertize itself to a node that it wants to intercept the packet. 6. Byzantine attack This attack is an invalid operation of the network initiated by malicious nodes where the presence of compromised nodes and the compromised routing are not detected. 7. Location disclosure attack This attack reveals something about the structure of the network or the locations of nodes such as which other nodes are adjacent to the target, or the physical location of a node. Thus the routing mechanisms of WMN must be secured. The usual mechanism, to ensure integrity of data, is using hash functions and message digest [3].
V. Security of Wireless Networks A. Wireless Adhoc Networks In wireless adhoc network, each node is enthusiastic to forward data for other nodes, and so the determination of which nodes forward data is made dynamically based on the network connectivity. Minimal configuration and quick deployment make adhoc networks suitable for emergency situations like natural disasters or military conflicts. Wireless adhoc networks can be further classified by their application [4] as mobile ad hoc networks (MANETs), wireless mesh networks (WMNs) and wireless sensor networks (WSNs).
B. MANET MANET is a collection of wireless mobile nodes, communicating among themselves over possibly multi-hop paths, without the help of any infrastructure such as base stations or access points. For secure nodes communication, management of key plays important role. As described in [6] MANETs are more vulnerable to malicious attacks than the traditional wired networks. This is because of the facts such as the low degree of physical security of mobile nodes, an open medium features, a dynamic topology, a limited power supply, and the absence of a central management point.
C. Wireless Sensor Networks A wireless sensor network is a multi-hop routed and infrastructure-less network consisting of spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion or pollutants, at different locations [7][8]. In order to provide security, security challenges such as key establishment, secrecy, privacy, robustness to DoS attack, and secure routing needs critical consideration.
D. Cellular Networks A cellular network is a single-hop and infrastructure based network using base stations and provides radio coverage over a wide area. The security mechanisms of cellular network consists of functions like user privacy based on identities, mutual authentication based on challenge-response handshake authentication protocol, session key agreement during a mutual authentication process and secure communication with a session key that enables confidential communication and message integrity [9]. In cellular networks, all the security aspects can be
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 16 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 successfully handled by the base station. Centralizing all security operations at one point would delay attack detection and treatment, and therefore give the adversary an undeniable advantage [10]. E. Wireless LAN A WLAN is a single-hop and infrastructure-based wireless local area network that uses access points (AP) to connect wireless users to a local wired network. Several wireless APs can link together to form a larger network that allows roaming services. Roaming is a general term in wireless telecommunications that refers to the extending of connectivity service in a location that is different from the home location where the service was registered [9]. Concerning the security issue, roaming is technically supported by mobility management, authentication, authorization and accounting. The security mechanisms of WLAN are based on the authentication and confidentiality features.
VI. Network Integration and Vulnerabilities In the previous sub-sections, we discussed some of the relevant features of the heterogeneous wireless networks. The interoperation of these wireless networks with the wireless mesh network and one another is shown in the network integration scheme in the given figure.
Figure 2: Network Integration Example
Here the flow of traffic could be from the mesh network to other wireless client networks and vice-versa. Traffic can flow from mesh subscriber stations to mesh base stations, then out of the mesh network and vice-versa [11]. Potential vulnerabilities in the integration of wireless networks are the following.
A. Lack of Secure Boundaries Each of the heterogeneous wireless networks can form connection with the mesh backbone through the Mesh gateway interface. When these networks communicate with the Mesh cloud, they pass through the gateway routers of the mesh backbone. When passing through the mesh cloud, each of these heterogeneous networks need the mesh infrastructure to fulfill their own individual security requirements. Accordingly a security module that integrates the security technologies of each of these various and different networks should be incorporated in the gateway routers of the Mesh backbone which in turn will ascertain the security interoperability. This module then should provide security according to the applications and users requirements of each one of these heterogeneous networks. In addition to the above wireless network-to-router gateway security issue, the vulnerabilities such as possible security attacks at the boundaries between the wireless heterogeneous networks also necessitates a separate study. This happens when we use the hybrid wireless mesh network since the mesh clients can perform mesh functions with other mesh clients despite accessing the network. One possible attack is DoS attack made by malicious intruders to flood the network with a large volume of traffic and thereby make the system inaccessible to the real users. As stated in [7], an integrated security mechanism is one of the key challenges in the open wireless network architecture because of the diversity of wireless networks and the unique security mechanism used in each of these networks.
B. Intra-security threats In the integration state [12], the intra-security vulnerabilities are obvious. For instance, there is no such clear secure boundary in the mobile ad hoc network, which can be compared with the clear line of defense in the traditional
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 17 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 wired network. This vulnerability originates from the nature of the mobile ad-hoc network such as freedom to join, leave and move inside the network [13].
VIII. Trust and Security Trust and security should go hand in hand. The level of trust has an impact on the level of security. Heterogeneous wireless networks involve various types of security domains and security implementation mechanisms. A trust relationship which considers the heterogeneousness of these networks security procedures is essential. This can be accomplished by specifying the levels of security requirements and security mechanisms such as encryption, digital signature, authentication at the boundaries of each integrated networks. In other words, each of the integrated networks should contain their own security requirements along with the levels of trust (and even reputation) they are willing to provide to other networks or nodes.
IX. Problem Identification and Solution In general, the most challenging issue in wireless networking is secure routing, but there are only limited works in literature and no complete solution for secure routing is proposed yet. A reputation based metric for secure routing is proposed in [15] which uses reputation values in order to provide secure routing in wireless mesh network or any other hybrid topology system. In this mechanism, the reputation values of nodes are essential for selection of optimum routing, but these values are not authenticated before it reaches the destination. In addition to this, it does not guarantee the integrity of the reputation values. CSROR [16] selects an optimum route on the basis of route security taking in consideration the different cross layer parameters. Though CSROR is resource aware, but it is resilient to only packet dropping attacks. To rectify the above mentioned problems, we propose a new trust based authentication mechanism for secure routing in Wireless Mesh Networks (WMNs) and in hybrid topology networks or integrated networks. This mechanism has two phases, 1. Trust initialization and updation 2. Trust protection
Thus, the above-proposed mechanism provides secure routing in Wireless Networks using trust tables and trust key management schemes. In our architecture, there is Trusted Third Party (TTP) server. The network can request for wireless internet access by subscribing to the TTP which has a mutual agreement with each AP. The TTP also serves as a trusted Certificate Authority (CA) server to issue certificates to both APs and the network. 1. Trust Initialization In our mechanism, each node in the network consists of a trust table, which contains trust counter value of neighboring nodes. Initially, we assign initial trust counter values for its neighbors because initially nodes do not have knowledge about its neighbor nodes. Each node keeps track of the number of packets forwarded through a route using a packet counter (PC). 2. Trust Protection Every node in the network has two types of keys as general key and Pair wise secret key obtained from its certificate issued by the TTP, for its neighbor nodes. Pair wise secret key is secretly shared with each pair of the neighbor nodes whereas general key is commonly shared with all neighbors. Whenever a node moves due to mobility, its Pair wise secret key has to be regenerated. Both the keys will be refreshed periodically. We implement two steps here. In the first step, packet received value is concatenated with general key and using this value the hash is generated using MD5 or SHA. In the second step, a new hash value is again created for the previous hash value using secret key of the destination. The initial trust counter value (TC) is then calculated and TC values of all intermediate nodes are accessed. In the end, the path trust value (PTV) is calculated as the sum of the TC values of the nodes along the route. The source then selects the route with highest path trust value.
X. Conclusion The characteristics and major security parameters for the wireless mesh network are discussed. The security related features of heterogeneous wireless networks are briefly explained. In the end, the trust based solution has been proposed for secure routing in wireless networks.
References [1] Muhammad S. Siddiqui and Choong Seon Hong, ―Security Issues in Wireless Mesh Networks,‖ IEEE International Conference on Multimedia and Ubiquitous Engineering (MUE'07), 2007 [2] Ian F. Akyildiz, Xudong Wang and Weilin Wang, ―wireless mesh networks: a survey,‖ Computer Networks, vol. 47, pp. 445-487, Jan. 2005.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 18 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [3] Maria Striki, John S. Baras and Kyriakos Manousakis, ―A Robust, Distributed TGDH-based Scheme for Secure Group Communications in MANET,‖ IEEE International Conference on Communications (ICC ‘06), vol. 5, pp. 2249-2255, June 2006 [4] Xudong Wang, Sunghyun Cho and Jean-Pierre Hubaux, ―Wireless Mesh Networking: Theories, Protocols and Systems,‖ IEEE Wireless communication, vol. 13, no. 2, pp. 8-9, April 2006 [5] W. Zhang, Z. Wang, S. K. Das, and M. Hassan, ―Security Issues in Wireless Mesh Networks,‖ In Book Wireless Mesh Networks: Architectures and protocols. New York: Springer, 2008 [6] Bo Sun, Lawrence Osborne, Yang Xiao and Sghaier Guizani. ―Intrusion detection techniques in mobile ad hoc and wireless sensor networks,‖ IEEE Wireless communication, vol. 14, no. 5, pp. 56-63, 2007 [7] Jongmin Jeong and Zygmunt J. Hass. ―An Integrated Security Framework for Open Wireless Networking Architecture,‖ IEEE Wireless communication, vol. 14, no. 2, pp. 10-18, April 2007 [8] Kay Romer and Friedemann Mattern, ―Design Space of Wireless Sensor Networks,‖ IEEE Wireless Communication, vol. 11, no. 6, pp. 54-61, December 2006 [9] G. M. Koien, ―An Introduction to Access Security in UMTS,‖ IEEE Wireless Communication, vol. 11, no. 1, pp.8-18, Feb.2004 [10] Adrian Perrig, John Stankovic and David Wagner, ―Security in Wireless Sensor Networks,‖ Communications of the ACM, vol. 47, no. 6, June 2004 [11] IEEE Standard for Local and Metropolitan Area Networks Part 16: ―Air Interface for Fixed Broadband Wireless Access Systems‖, IEEE Std 802.16-2004 (Revision of IEEE Std 802.16-2001), pp. 1-857, 2004. [12] Hassen Redwan and Ki-Hyung Kim, ―Survey of Security Requirements, Attacks and Network Integration in Wireless Mesh Networks,‖ Workshop on Frontier of Computer Science and Technology, 978-0-7695-3540, IEEE, 2008 [13] B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato, and A. Jamalipour, ―A survey of routing attacks in mobile ad hoc networks,‖ IEEE Wireless Communication, vol. 14, no. 5, pp.85-91, Oct 2007 [14] Christian Tchepnda and Michel Riguidel, ―Distributed Trust Infrastructure and Trust-Security Articulation: Application to Heterogeneous Networks,‖ In Proceedings of the International Conference on Advanced Information Networking and Applications (AINA‘06), vol. 2, pp. 33- 38, April 2006 [15] Francesco Oliviero and Simon Pietro Romano, ―A Reputation Based Metric for Secure Routing in Wireless Mesh Network‖, IEEE GLOBECOM, 2008. [16] Shafiullah Khan and Jonathan Loo, ―Cross Layer Secure and Resource Aware On Demand Routing Protocol for Hybrid Wireless Mesh Networks‖, Springer, 2010
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 19 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Study of Wormhole Attack and Detection Technique for Wireless Sensor Network Ajay Jangra1, Bhavana2 1 Asst. Prof. CSE Department, 2M.Tech. Scholars, CSE Department, University Institute of Engineering &Technology, University Institute of Engineering &Technology, Kurukshetra, India Kurukshetra, India Abstract: A wireless sensor network consists of large number of sensor nodes which sense, process and monitor the environmental data. Wireless sensor network is a growing technology that is used in different application areas such as in defense, traffic control, environment, commercial application at home and industry and healthcare. All these applications require that the sensor network must be secure, work efficiently and error free. Therefore if a sensor network is compromised by a security attack it does not affect the functioning of the whole network. When sensor network are deployed in hostile environment like in military battle field, habitat monitoring, target tracking, they are subject to various types of attacks then security becomes more important for sensor networks. One of the most challenging security attacks to defend in sensor network is wormhole attack which occurs at the network layer and in which the adversaries get the transmission at one end in the network and forwarded them to another location in the network through their private wormhole link. After that the adversary selectively forward data or manipulate the data to disrupt the functions of the network.
Keywords: WSN, Attacks, Wormhole attack, models, affects, techniques.
I. Introduction Sensor networks are distributed networks that consist of large number of sensor nodes which are deployed in large numbers to monitor the environment and these sensor nodes are small in size with wireless communication sensing and data processing capabilities. These sensor nodes cooperatively monitor different condition such as temperature, sound, speed, vibration, motion and pressure at different locations and collect the data from it and send it to the sink node or base station. That data can be used by different applications for managing and monitoring the network such as studying the natural environment, a danger zone, in medical industry, for battlefield surveillance. As sensor devices are restricted in terms of battery power, storage capacity so security in sensor network becomes a challenging task and the networks exposed to various kinds of attacks.
Fig. 1 Wireless Sensor network
Wormhole attack is most severe security threats in wireless sensor networks in which the attacker forward the packets between distant locations in the network through a direct low latency communication link. This wormhole link gives the illusion to other nodes in the network that these two distant nodes are close to each other (neighbor nodes). Thus other nodes forward data through this tunnel and the attacker can manipulate this network traffic. Architecture of Sensor Node Architecture of sensor node focuses to reduced cost, increase reliability and flexibility, conserves energy and provide fault tolerance. Each Sensor node consists of four modules. Sensor module WSN consists of large number of sensor nodes and these nodes corporately monitor the environment such as pressure, motion, temperature, speed and collect the data from it and transfer these data from analog to digital form using analog to digital converter. Sensors can be active or passive. Sensors are also used in cars, medicines, machines. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 20 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Processor Module The processor module controls the operation of sensor node such as storage and processing of data. For example, microcontroller processor is used for processing and RAM is used as internal memory for storing data in microcontroller.
Fig. 2 Structure of Sensor Node
Communication Module The communication module controls the communication between sensor nodes and sending and receiving of the data. Communication is performed through communication channels. A transceiver receives information from the processor module and passes it to other node of the network. Power Module The power module supplies energy for operation of sensor nodes; it uses micro batteries. Life time of sensor node depends upon the battery which is limited resource in WSN.
II. Attacks in Wsn Due to the open nature of the wireless communication channels and due to lack of infrastructure of WSN makes them more prone to security attacks. The attacks such as Sinkhole, wormhole and replay can cause an existing route to be broken or prevent from establishing the new route. Sinkhole attack A malicious node shows to other nodes that it has low costs or shortest path from source to destination so that all information is routed through it. The attacker tempt all the network traffic from a particular area through this compromised node and after that this compromised node selectively forward the packets or randomly dropped the packets or acts as a destination node. Verification mechanism which verifies the identity of each node in the network can be used to prevent from the sinkhole attack [1]. Sybil attack In Sybil attack a single node present as a multiple identities in the network. Sybil attacker degrades the performance of the data aggregation and resource allocation sechemes. The Sybil attack can be prevented using the authentication mechanism which verifies the node identities [2]. Hello flood attack Hello flood attack launched at the network layer. A node floods HELLO message in the network to announce their presence to other nodes and the nodes that received such HELLO packet assume that this node is within radio range of the sender. This compromised node advertises the low cost and shortest routes to other nodes and convinces them that the adversary is its neighbor node then the node forwards their messages to the attacker. The attacker can manipulate those messages. Authentication mechanism and bidirectional verification of the communication links are used to detect the Hello flood attack in the network. Jamming Attack Jamming attack is a denial of service attack which occurred at the physical layer of the network in which the attacker blocks the communications occurred between the sensor nodes. The attacker launched this attack by sending a signal that interferes with the radio frequency of the sensor network. There are two types of jamming attack. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 21 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Constant jamming The attacker stops the functioning of the whole network because there is no communication occurred between the sensor nodes.
Intermittent jamming Sensor nodes exchange data packets at regular interval but not at a consistent rate. Jamming attack is handled by defining the distinct boundaries around the area that is under the influence of the attack [3]. Selective Forwarding Attack Selective forwarding attack occurs when certain nodes receives the messages but later refuse to forward those messages to other nodes in the network that they receive. If the attacker dropped all messages a black hole is created. A more subtle form of selective forwarding attack is that when an attacker selectively forwards packets or dropped the other packets. III. Wormhole Attack in Wsn All attacks that are explained above can be detected by using authentication mechanisms and bidirectional verification which verify the identity of each sensor node in the network. Among these attacks wormhole attack is difficult to detect because wormhole attacker does not inject abnormal traffic into the network; it simply forward the packets from one end to other in the network through their direct wormhole link. In WSN a malicious node can join the network discretely and compromised network security from the inside of the network as in the wormhole attack. A wormhole is a direct communication link between two malicious nodes which are distant from each other and wormhole node forward transmission through this link and replay them to other location in the network. To achieve its harmful attack the wormhole attacker does not need to get access on any node in the network or does not need to decrypt any code in the network ; therefore detecting or removing wormhole attack in the sensor network is a method to improve network security. In wormhole attack the attacker provide the illusion that they are close to each other but actually they are far from each other. So other nodes forward data through this node. Transmitting packets through this link enables that the packet is arrived with fewer hops or with less delay as compared to if the packet is traversed through a normal path from source to destination [4]. Here X and Y are the two end points of the wormhole link. Transmission generated by a node in the neighborhood of X is also heard by any node in the neighborhood of Y.
Fig. 3 Wormhole attack in WSN
For example, node X captures the transmission generated by the node a. Now X can forward this transmission to other location in the network through the wormhole link [5].
IV. Models of Wormhole Attack There are three kinds of models based on the packet forwarding behavior of end points of the wormhole link. Here S and D are source and destination nodes and M1 and M2 are malicious nodes [8]. Open Wormhole In open wormhole, identities of all the sensor nodes A, B, C are kept hidden and the identities of malicious nodes are kept visible on the traversed path. So the path from source to destination is S-M1-M2-D. Half-Open Wormhole In half open wormhole, the identity of malicious node M1 is kept visible and the identity of other malicious node M2 is kept hidden. So the path from source to destination is S- M1-D. Close Wormhole
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 22 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 In closed wormhole, identities of all nodes M1, A, B, C and M2 on traversed path from source to destination are kept hidden. In this source and destination nodes assume that they are one hop away from each other. Thus fake neighbors are created in it.
Fig. 5 Open, Half-Open and Closed Wormhole V. Affects of Wormhole Attack in Wireless Sensor Network The wormhole attack will attract a large amount of traffic between source and destination. Once the traffic is routed through the wormhole, the attacker can manipulate all this traffic. Why the wormhole attack is difficult to detect Independent of MAC layer protocols A wormhole attack is difficult to detect because the attackers does not need to understand the MAC layer protocol. So the attacker can create the wormhole without depending on the medium access control protocols.
Need not to compromise cryptographic quantities In wireless sensor network the attackers do not need to hold any network identity; hence the attackers do not need to decrypt any code or infect nodes in order to perform the wormhole attack. What the wormhole attacker does Selectively dropped the packets Wormhole attackers can discard the data packets rather than forwarding all the data packets. This will create a permanent or partial denial of service attack, where Base station or destination n ode cannot receive any information from the domain area. Modifying Data packets Attackers can modify the packets or deletes some information and forward that manipulated packets to other nodes in the network. Generate unnecessary routing activities Attackers can generate unnecessary routing activities in the network and cause extra overhead in the network which decreases the performance of the whole network.
VI. Wormhole Detection and Removal Techniques Various techniques have been developed used to defense against the wormhole attack in wireless sensor network. Some techniques used special hardware such as the directional antenna and the precise synchronized clock to defend the network against wormhole attacks. Using Packet Leashes Y. C. Hu et. al. 2003[9], proposed a mechanism ―packet leashes‖, for detecting and defending against the wormhole attacks. Packet Leash is an information that is included into the packets that restrict the packet maximum travel distance. There are two types of leashes: temporal leash and geographical leash. In temporal leash all nodes requires tightly synchronized clocks and sender puts the upper bound on the packets that limits the packets maximum transmission distance. It also includes digital signatures that are used for authentication. In geographical leash, all n odes know about its position and all these nodes require loosely synchronized clocks. In which the receiver bound the distance between the sender and itself. If the packet travelled further from this bounded distance then the wormhole is detected. A digital signature can also be used for authentication of the packets. Both types of leash can prevent from the wormhole attack in the network. Disadvantage of packet leach is that it depends on the location information or clock synchronization. Using Mutual Authentication Distance Bounding S. Capkun et. al. 2003 [10] gives an authenticated distance bounding technique called MAD which prevent from the wormhole attack without requiring any location information or clock synchronization. Brands and chaum [11]
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 23 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 proposed a technique in which the sender node sends a bit to the other node and this node immediately sends a one bit response. Sending node compute an upper bound on the distance between these two nodes by measuring the distance between sending out the bit and getting response from the receiver. S. Capkun modified this technique in which each pair of parties who are interested in communicating shared a symmetric key. This key is used to generate the message authentication code (MAC) which proves the authenticity of the message. Using Directional Antennas L. Hu, D. Evans, 2004[12] Explains the method that uses Directional Antennas. In this each node is equipped with directional antennas. Directional antennas allow the transmission in a particular direction so it has less collision. Directional transmissions are more energy efficient because of its longer transmission range. For detecting the wormhole attack nodes have to maintain the accurate neighbor‘s sets. Attacker cannot create wormhole in the network if the wormhole transmitter is recognized as a false neighbor and its message is ignored. There are two types of antennas system. Steered antennas are more expensive but they provide a high degree of accuracy. Switched antennas have less precise directional control but much cheaper as compared to steered antennas. A disadvantage of this method is that each node requires the special hardware i.e. directional antenna which causes the extra overhead of maintaining the hardware‘s. Directional antenna provides the better efficiency and capacity of wireless networks and can provide the better transmission range. Using Beacon Nodes He Ronghui et. al. 2009[13], proposed a method in which Beacon nodes are used to find wormhole in network. Beacon nodes are those nodes that known their location and have high transmission power as compared to other sensor nodes. Beacon nodes broadcast a message that contain their ID, coordinators and hop count. Hop count is initialized with zero. Each node which receives the packet increases the hop count by one and obtained the information from it and calculates their hop distance and straight line distance. An alarm message is send immediately to the base station if an abnormally is occurred and if a straight line distance is larger than a hop distance by a threshold value, then a wormhole attack is present in the network. A disadvantage of this method is beacon nodes use the GPS system for their localization which is very costly and consume more energy. Using Local Neighbor Verification Jin Guo et. al. 2011[14] presented a kind of wormhole attack defense strategy of WSN based on neighbor nodes verification. A sensor node broadcast Hello message throughout the network. Nodes which receive this message obtain the information from it and established the neighbor node table and routing table. Neighbor node table contains neighbor node information such as medium access control. Routing table contains the routing information such as sequence number. Each node send control packets such as route request, route reply, acknowledge message and DATA, these packets also contains the characterization information. After each node received control and data packets, they obtain the characterization information from these packets to determine where these packets come from either from normal nodes or malicious node by comparing the characterization information with the information stored in the neighbor node table. If so, further processing will be done, otherwise discard these packets or stop communication. Using Secure Routing Sebastian Terence. J 2011[15] present a Secure Routing protocol against a Wormhole Attack for sensor networks (SeRWA) for discover secure route in sensor network, but it has a disadvantage of false positive. SeRWA protocol consists of four steps: One-hop neighbor discovery, Initial route discovery, Data dissemination and wormhole detection and secure route discovery against a wormhole attack. These four steps finds a set of nodes which does not affected by the wormhole. Due to false positive the close nodes are treated as remote node that is they are far from each other. So SeRWA cannot select close neighbor nodes for routing. Mobile agents are used to avoid false positive. A mobile agent migrates autonomously from node to node and performs computation on behalf of the user.
VII. Problem Formation on The Basis of Survived Techinques Wormhole attack and its survived techniques have some disadvantages which are described as follows. Hardware dependent Most of the techniques require some special hardware such as directional antennas and clock synchronization to detect wormhole attacks which are more costly and cause high overhead in each sensor nodes Location information Techniques based on location information put the upper bound on the packet lifetime that restricts the packet maximum travel distance. GPS based solution Some techniques based on GPS system for their location information, which is very costly in wireless sensor network and consumed more energy which is limited source in the sensor network.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 24 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 False Positive In false positive close nodes are treated as remote nodes and they are mistakenly connected by the wormhole. Range-Based Localization Schemes Time of Arrival technology is used for obtaining range information via signal propagation time [16]. The most basic localization system that uses TOA is GPS. Due to hardware limitations and energy constraints of sensor network these technologies provide a costly solution for localization. Range based localization schemes have more device constraints and consume more energy [17].
VIII. Conclusion Wireless networks are more prone to various types of attacks than wired networks due to the broadcast behavior of the transmission medium and due to lack of infrastructure. Wireless sensor networks have an additional vulnerability when nodes are placed in a hostile or dangerous environment where they are not physically protected. So Security in WSN becomes more important. Malicious nodes can join the network discretely and compromise network security from the inside as in the wormhole attack. This kind of attack does not need to decrypt any code or infect any node in the network to achieve its harmful objective; therefore detecting wormhole attack is a way to improve network security. All techniques discussed in this paper detect the wormhole attack efficiently and have some issues. Based on these issues find a new technique that does not requires any special hardware and are cost efficient and can detect the wormhole attack efficiently.
References [1] Hasan Tahir and Syed Asim Ali Shah ―Wireless Sensor Networks – A Security Perspective ―, 12th IEEE International Multitopic Conference, 2008. [2] N. Sastry, U. Shankar, D. Wagner ―Secure verification of location claims‖, ACM Workshop Wireless Security, 2003. [3] Anthony D.Wood, John A. Stankovic, Sang H. Son. ―JAM: A jammed area mapping service for sensor networks‖. [4] Sebastian Terence.J in paper ―Secure Route Discovery against Wormhole Attacks in Sensor Networks using Mobile Agents‖, 2011. [5] Ritesh Maheshwari, JieGao and Samir R Das ―Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information‖ IEEE Communications Society subject matter experts for publication in the IEEE INFOCOM 2007 proceedings, 2007. [6] Ali Modirkhazeni, S. Aghamahmoodi, A. Modirkhazeni ―Distributed Approach to Mitigate Wormhole Attack in Wireless Sensor Networks‖,2011. [7] Zubair Ahmed Khan, M. Hasan Islam ―Wormhole Attack: A new detection technique‖, IEEE 2012. [8] Dhara Buch and Devesh Jinwala,‖Prevention of wormhole attack in Wireless Sensor network‖, International Journal of Network Security & Its Applications, 2011. [9] Y. C. Hu, A. Perrig, and D. Johnson, ―Packet leashes: a defense against wormhole attacks in wireless networks,‖ in Proceedings of the Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), IEEE ,2003. [10] S. Capkun, L. Buttyn, and J. P. Hubaux, ―SECTOR: Secure tracking of node encounters in multi-hop wireless networks,‖ 2003. [11] S. Brands and D. Chaum,‖ Distance-bounding protocols In Theory and Application of Cryptographic Techniques‖, 1993. [12] L. Hu, D. Evans, "Using directional antennas to prevent wormhole attacks", in Proceedings of the IEEE Symposium on Network and Distributed System Security (NDSS),2004. [13] He Ronghui, Ma Guoqing, Wang Chunlei, and Fang Lan "Detecting and Locating Wormhole Attacks in Wireless Sensor Networks Using Beacon Nodes‖, 2009. [14] Jin Guo, Zhi-yong Lei ―A Kind of Wormhole Attack Defense Strategy of WSN Based on Neighbor Nodes Verification‖, IEEE 2011. [15] Sebastian Terence.J ―Secure Route Discovery against Wormhole Attacks in Sensor Networks using Mobile Agents‖, IEEE 2011. [16] B. H. Wellenhoff, H. Lichtenegger and J. Collins, Global Positions System: Theory and Practice, Fourth Edition, Springer. [17] LI Nian-qiang, LI Ping, ―A Range-Free Localization Scheme in Wireless Sensor Networks‖IEEE 2008.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 25 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Improve and Enhance Diffie-Hellman Algorithm for Network Security Vishal Garg1, Ashutosh dhamija2 Sangeeta Kamboj3 Assistant Professor , Assistant Professor , Research Scholar , Department of CSE., Department of ECE, JMIT Radaur, JMIT Radaur, Yamunanagar, JMIT Radaur, Yamunanagar, Yamunanagar, Haryana, Haryana, India Haryana, India India
Abstract: Communication is the important part in any type of network for making it possible to transfer data from one node to another. Communication needs quality and security for better performance and for acceptance of users and client companies. Quality is dependent on size and some other factors of network but security is very concern parameter in network as it is independent of network size and complexity. Security has become more important to personal computer users, organizations, and the military. Security became a major concern with the advent of internet and the history of security allows a better understanding of the emergence of security technology. The internet structure itself allowed for many security threats to occur. The modified architecture of the internet can reduce the possible attacks that can be sent across the network. Knowing the attack methods, allows for the appropriate security to emerge. Data integrity is quite a issue in security and to maintain that integrity we tends to improve as to provides the better encryption processes for security. In our proposed work we provide harder encryption with enhanced public key encryption protocol for security and proposed work can be implemented into any network to provide better security. We have enhanced the hardness in security by improving the Diffie-Hellman encryption algorithm by adding some more security codes in current algorithm.
Keywords: Diffie-Hellman, Private Key, Public Key, Cipher.
1. Introduction The entire field of network security is vast and in an evolutionary stage. The range of study encompasses a brief history dating back to internet‘s beginnings and the current development in network security. In order to understand the research being performed today, background knowledge of the internet, its vulnerabilities, attack methods through the internet, and security technology is important and therefore they are reviewed.
Diffie-Hellman in SSL Secure Sockets Layer (SSL) is a cryptographic protocol developed by Netscape in 1995. SSL V3.0 has since become the predominant method and de-facto standard for securing information flow between web users and web servers. This is most commonly done for business/financial traffic, e.g. credit card transactions. Specifically, ―securing information‖ in this context, means to ensure confidentiality (prevent eavesdropping), authenticity (the sender is really who he says he is), and integrity (the message has not been changed en route). Users may not know they are using SSL, but they probably will notice the padlock.
Diffie-Hellman in SSH Secure Shell (SSH) is a both a protocol and a program used to encrypt traffic between two computers. This is most commonly done as a secure replacement for tools like telnet, ftp and the Berkeley ―r‖ commands (rlogin, rsh, etc.). These older tools do not encrypt any of their traffic, including the authentication process, so account names and passwords are transmitted in plaintext. This is a bad thing!
SSH was authored by Tatu Ylonen in 1995 and has since spread quickly throughout the UNIX world, and has become available for other platforms. There are both commercial [8] and free implementations available [9], and a SSH Working Group [17] sponsored by the IETF that is working to formalize and standardize the protocol. Besides providing a secure interactive shell, SSH also includes other functionality, for example, tunneling X11connections over an established SSH session.
The Diffie-Hellman Key Exchange Algorithm: 1. Global Public Elements: Prime number q; α < q and α is a primitive root of q.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 26 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 2. User A Key Generation: User B Key Generation:
3. Select private XA XA < q
Select private XB XB < q
XA 4. Calculate public YA YA = α mod q
XB Calculate public YB YB = α mod q
5. Calculation of Secret Key by User A:
XA K = (YB) mod q
Calculation of Secret Key by User B:
XB K= (YA) mod q
The result is that the two sides have exchanged a secret value. Furthermore, because XA and XB are private, an adversary only has the following ingredients to work with: q, a, YA, and YB. Thus, the adversary is forced to take a discrete logarithm to determine the key. For example, to determine the private key of user B, an adversary must compute XB = dloga, q (YB). The adversary can then calculate the key K in the same manner as user B calculates it. The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo q prime, it is very difficult to calculate discrete logarithms. For large primes, the latter task is considered infeasible.
Our Research proceeds with following algorithm
Sender Side
1. Xa < q (user can select any random number less than q)
Xa 2. Ya = a mod q (Ya is a public key of sender)
Xa 3. K = Yb mod q (where Yb is a public key of receiver and K is a private key) 4. pow = 2K
5. pow = pow + q
Encrypt every letter of plain text using pow.
Receiver Side
1. Xb < q (user can select any random number less than q)
2. Yb = a Xb mod q (Yb is a public key of receiver)
3. K = Ya Xb mod q (where Ya is a public key of sender and K is a private key)
4. pow = 2K
5. pow = pow + q
Decrypt every letter of Cipher text using pow.
Figure 1 shows a simple protocol that makes use of the Diffie-Hellman calculation and exchange. Suppose that user A wishes to set up a connection with user B and use a secret key to encrypt messages on that connection. User A can generate a one-time private key XA, calculate YA, and send that to user B. User B responds by generating a private
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 27 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 value XB calculating YB, and sending YB to user A. Both users can now calculate the key. The necessary public values q and α would need to be known ahead of time. Alternatively, user A could pick values for q and α and include those in the first message. The protocol depicted in Figure 1
Figure 1.Diffie Hellman Algorithm is insecure against a man-in-the-middle attack. The key exchange protocol is vulnerable to such an attack because it does not authenticate the participants. This vulnerability can be overcome with the use of digital signatures and public-key certificates.
2. Literature Survey From different papers studied Encryption: Eun-Jun Yoon et al. [1] proposed an efficient Diffie-Hellman-MAC key exchange scheme providing same securities as proposed by Jeong et al. who proposed a strong Diffie-Hellman- DSA key exchange scheme providing security against session state reveal attacks as well as forward secrecy and key independence. The proposed scheme is based on the keyed MAC hash function to provide efficiency. Then, they proposed a strong Diffie-Hellman-DSA key exchange scheme providing security against session state reveal attacks as well as forward secrecy and key independence. Emmanuel Bresson et al. [2] has investigated the Group Diffie-Hellman protocols for authenticated key exchange (AKE) are designed to provide a pool of players with a shared secret key which may later be used, for example, to achieve multicast message integrity. Over the years, several schemes have been offered. F. Lynn Mcnulty [7] has drawn attention to the national and societal view of the role of encryption will be one of the defining issues for our culture in the twenty-first century. Encryption is cited by Michael Baum, chairman of the Information Security Committee of the American Bar Association, as ―an enabling technology that provides companies, their business partners, customers and end users with the capabilities to fetch the information required and service what they need as much faster rate and more securely and safely.‖1 Ubiquitous digital communications will result in either a secure environment to conduct personal affairs and electronic commerce or a Kafkaesque world laid bare by digital fingerprints indicating our every transaction and thoughts. SANS Institute Info Sec Reading Room [10] has investigated the overview of the Diffie-Hellman Key Exchange algorithm and review several common cryptographic techniques in use on the Internet today that incorporate diffie-Hellman. The privacy requirements for users normally described in the traditional paper document world are increasingly expected in Internet transactions today. Secure and safe digital communications are very much necessary part for web-based e-commerce, mandated privacy for medical information, etc. In simple scenario, secure and safe connections between different parties which are communicating over the Internet are now a requirement. Whitfield Diffie and Martin Hellman founded the protocol which can provide secure connection which gain popularity as ―Diffie-Hellman (DH)‖ algorithm in 1976. It is an amazing and ubiquitous algorithm found in many secure connectivity protocols on the Internet. In an era when the lifetime of ―old‖ technology can sometimes be measured in months, this algorithm is now celebrating its 25th anniversary while it is still playing an active role in important Internet protocols. DH is a method for securely exchanging a shared secret between two parties, in real- © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 28 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 time, over an untrusted network. A shared secret is important between two parties who may not have ever communicated previously, so that they can encrypt their communications. As such, it is used by several protocols for security purposes mainly, including Secure Sockets Layer (SSL), Secure Shell (SSH), and Internet Protocol Security (IPSec).
Michel Abdalla [18] discussed a Diffie-Hellman based encryption scheme, DHIES (formerly named DHES and DHAES), which is now in several (draft) standards. The scheme is as efficient as ElGamal encryption, but has stronger security properties. Furthermore, these security properties are proven to hold under appropriate assumptions on the underlying primitive. DHIES is a Diffie-Hellman based scheme that combines a symmetric encryption method, a message authentication code, and a hash function, in addition to number-theoretic operations, in a way which is intended to provide security against chosen cipher text attacks. The proofs of security are based on the assumption that the underlying symmetric primitives are secure and on appropriate assumptions about the Diffie- Hellman problem. The latter are interesting variants of the customary assumptions on the Diffie-Hellman problem, and we investigate relationships among them, and provide security lower bounds. Their proofs are in the standard model; no random-oracle assumption is required.
3. Problem Formulation As Encryption became a vital tool for preventing the threats to data sharing and tool to preserve the data integrity so we focused on security enhancing by enhancing the hardness of encryption process in different network. For required research we worked on well known encryption algorithm ―Diffie-Hellman‖. There are some drawbacks in Diffie- Hellman that the value of private key K is smaller which can be easily decoded like if we add A letter with +5 then it become E which can easily understood . Therefore we have proposed the enhanced for Diffie-Hellman Algorithm after studying the issues of Diffie-Hellman.
4. Research Methodology To achieve the set objectives, we have done the research in following steps
Step 1: Deep study of the security flaws in network has been done and encryption prospective has taken in account.
Step 2: Study of Diffie-Hellman Algorithm to sense the security in key exchange process has be done.
Step 3: Study and proposed Algorithm with enhancement have come into shape in form of algorithm.
Step 4: After shaping up of proposed algorithm, implementation of proposed algorithm has been tested on C compiler with c language.
Step 5: Encryption have shown with Demonstration in form of encrypted data and Decrypted Data.
Step 6: Comparison of enhanced Diffie-Hellman algorithm with classical Diffie-Hellman algorithm using CrypTool.
5. Comparison Of Proposed and Classical Diffie-Hellman Algorithm We have compared the proposed and classical Diffie-Hellman algorithm by using the CrypTool. We analyse the secret key generated by both classical and proposed Diffie-Hellman algorithm by using various parameters of this tool like entropy, autocorrelation etc. We observe that entropy has been increased and autocorrelation decreases which means we have generated the much more secure key which is difficult to breach. As a result by using this approach we enhance the security in network as it now becomes more difficult to decrypt the private key generated by the enhanced Diffie-Hellman algorithm. 6. Conclusion The purpose of this Research is to provide some solution to better encryption algorithms and try to provide better security to email services and to other web services etc. The Encryption and Decryption software available all time. This utility is helpful for sending secure email or any kind of message on internet. Our research could provides great solutions for web services like email transmission as we have enhance the encryption process and if any case someone broke into those email services, will only have a better hard encrypted copy of file which containing data which is very difficult to decrypt without information or implementation of our new research algorithm. Our algorithm could prove to be the vision for both online and offline email security services. However our research lacks little in providing solutions to attacks like man in middle attack. But to cover up those types of issues, we develop our algorithm in such a way so that it can provide security to vendors even if they do hacked. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 29 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Reference [1] Eun-Jun Yoon and Kee-Young Yoo, ―An Efficient Diffie-Hellman-MAC Key Exchange Scheme‖, 2009 Fourth International Conference on Innovative Computing, Information and Control. [2] Emmanuel Bresson, Olivier Chevassut, David Pointcheva, Jean- Jacques Quisquater, ―Authenticated Group Diffie-Hellman Key Exchange‖, Computer and Communication Security- proc of ACM CSS‘01, Philadelphia, Pennsylvania, USA, Pages 255-264, ACM Press, November 5-8, 2001. [3] Mario Cagaljm, Srdjan Capkun and Jean-Pierre Hubaux,‖ Key agreement in peer-to-peer wireless networks‖, Ecole Polytechnique F´ed´erale de Lausanne (EPFL), CH-1015 Lausanne. [4] Michel Abdalla, Mihir Bellare, Phillip Rogaway,‖ DHIES: An encryption scheme based on the Diffie-Hellman Problem‖, September 18, 2001. [5] Jean-Fran¸cois Raymond, Anton Stiglic,‖ Security Issues in the Diffie-Hellman Key Agreement Protocol‖. [6] Whitfield Diffie and Martin E. Hellman,‖ New Directions in Cryptography‖, invited paper. [7] F. Lynn Mcnulty,‖ Encryption‘s importance to economic and infrastructure security‖ in 2002. [8] SSH Communications Security Home Page, http://www.ssh.com/. [9] OpenSSH Home Page, http://www.openssh.com/. [10] SANS Institute Info Sec Reading Room,‖ A Review of the Diffie-Hellman Algorithm and its use in Secure Internet Protocols‖. [11] Paul C. Kocher, ―Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems‖, Cryptography Research, Inc. 607 Market Street, 5th Floor, San Francisco, CA 94105, USA. [12] Brita Vesterås,‖ Analysis of Key Agreement Protocols‖, Mtech Thesis, Department of Computer Science and Media Technology, Gjovik University College, 2006 [13] (2006) The YouTube website [online]. Available: http://www.youtube.com/watch?v=40i9ujVJ040 [14] (2008) The YouTube website [online]. Available: http://www.youtube.com/watch?v=3QnD2c4Xovk. [15] (2011) The Wikipedia website [online]. Available: http://en.wikipedia.org/wiki/Key-agreement_protocol. [16] (2009) The Wikipedia website [online]. Available: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exch ange. [17] Secure Shell IETF Working Group Home Page, http://www.ietf.org/html.charters/secsh-charter.html. [18] Michel Abdalla, Mihir Bellare, and Phillip Rogaway, ― DHIES: An encryption scheme based on the Diffie- Hellman Problem‖, In Proc.of ACM CCS ‘01, ACM Press September18,2001.
Analysing Malicious URL Behaviour Based on Active Honeypot Sanjeev Kumar1 Savitri Insan2 Deepika3
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 30 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Cyber Security Division Lecturer in I.T. Department M.Tech. (I.T.) CDAC, Mohali SKIET, Kurukshetra(Haryana) SSIET, Derabassi (Punjab) India India India
Abstract—The size and volume of applications running over internet is growing day by day as internet is becoming global but how these applications are secured to the end user who is browsing the websites. Malicious executables or any malcode integrated with websites can harm the end user’s system that is actively browsing those websites. Particularly Drive by download kind of malwares is classical examples which drop on user’s system without their knowledge. In this paper, we have presented the detailed behaviour analysis of malicious URL using the framework of our developed honeyclient system. We are ensuring that we have used CaptureHPC open source high interaction honeyclient as base reference and re-use that in the context of our Virtual box environment. We have observed that malicious URL performed number of activities on the victim machine such as file system changes, process changes as well registry changes. After that it is taking the control of the machine by overriding the firewall and anti-viruses. We have presented the good example of drive-by-download attack, in which a malicious iframe was embedded in legitimate website and when a user of the website tries to visit that website malicious software’s get installed on the user machine without its awareness and consent.
Keywords—Computer Security, Network Security, Server Honeypot, Client Honeypot. IDS.
1. INTRODUCTION The online world is a highly interconnected network of organizations, educational institutions, private LANs, home users and mobile devices. A large number of new users are connecting to the Internet to access online resources and communicate with the rest of the world. Maintaining security of this interconnected network is costly and requires constant monitoring. The security of most networks is manages by utilizing Firewalls, Intrusion Detection Systems (IDS) and Honeypots. Firewalls are the first measure of protection and highly effective in managing access in and out of a network. Intrusion detection systems are alternatively able to monitor connections, inspect packets and match them against database of known attacks or examine them for anomalies. Intrusion detection systems were once thought as the ―one answer for all‖ security tool. There are inherent design issues in both firewall and intrusion detection system. They produce a large set of logs that need to be analysed and require constant monitoring and administrative attendance. Anomaly based intrusion detection systems are also prone to false positive and false negatives which cause denial of service and attack detection failure respectively. Development of intrusion detection systems faces new challenges by introduction of high speed networks. Tremendous increase in the speed of the data communication and the growth of the networks requires significant processing powers to allow intrusion detection systems to perform Deep Packet Inspection (DPI). The biggest challenge facing intrusion detection system however comes from utilization of IPv6 protocol for online communication. IPv6 utilizes IPSec as encryption mechanism which allows hosts to encrypt packets before transmission thus making deploying IDS impractical, as they rely on packet content inspection to detect threats. Honeypots were developed to solve these issues. Client side attacks are those attacks which are targeting the vulnerabilities of client applications such as web browsers, email client and other software running on client system whereas Server-side attacks, such as attacks using Windows RPC service vulnerabilities, aim at the servers that provide services clients can interact with. Generally in a small or enterprise organizations, there are various network security devices such as firewalls, routers, hardware based intrusions detection system etc are placed to protect the users or enterprise data from these kinds of attacks and these devices are generally based on pre-defined rule sets called signatures to detect the attacks occurred on network. But what happened when there are attacks generated by black hat community and signatures corresponding to those attacks are not in the database of placed security devices. These classes of attacks are known as unclassified or zero-day attacks. And these classes of attacks may harm the end user system as well as the complete enterprise organizational data. Therefore honeypot technology comes into picture, which is a resource or system whose values are being probed or attacked by the attackers. With the help of honeypots and proper placement of honeypots in a organizational network, we can detect the unknown attacks. The appearance of honeypot can detect and obtain metamorphic and unknown malware. There are two kinds of honeypot, server-side honeypot and client-side honeypot. Server-side honeypot is the traditional honeypot. This kind of honeypot must have some vulnerable service, and attacker can detect them, so they are passive honeypots. The concept of client- side honeypot [1] was brought forward by Lance Spitzner. Client-side honeypot aims at vulnerabilities of client applications. It needs a data source, and visits the data source actively, and detects all activities to judge if it is safe.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 31 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Client-side honeypot actively "requests" to accept attack. This kind of honeypot actively acquires malware spreading through client application software which traditional honeypot can‘t get [2]. In this paper, we are presenting the detailed analysis of URL which is executed in our developed honeyclient solutions. We have developed virtual box based honeyclient system which visits the URLs using different applications and all the activities are being monitored in honeyclient environment. A malicious URL http://kundu.in, is analyzed with the help of developed honeyclient, it is observed that the malicious URL performs a number of activities on the victim machine. After deep analysis of URL, we have noticed that malware dropped on the system is taking full control of the system by overriding the firewalls and anti-viruses installed on the victim machine. The format of the remaining paper is: section 2, defines and explains the technology that has been employed and discusses the client honeypots in brief and other detection approaches. Section 3 deliberates the framework design and discusses our detailed analysis with screenshots. Section 4 discusses conclusion and future work of the research problem.
2. BACKGROUND AND MOTIVATION A Malware Types Malware can be defined as ―a set of instructions that run on your computer and make your system do something that an attacker wants it to do‖ [3]. Once a malicious web page attacks the user‘s system, then it is able to download malware including the following, as described by Provos, et al. [4] and [5]: o Virus o Worm o Trojans o Spyware o Adware o Rootkits
B. Malicious URL Detection Approaches Figure 1 depicts the approaches used in detection of malicious websites such as in-built browser protection based detection; applying some heuristic based detection and client honeypot based detection approaches. By applying Google safe browsing we can detect malicious URL as well as on the basis of in-built browser plug-ins. We can also detect malicious URL by applying static analysis or some machine learning approaches like pattern-matching or java script features. Client Honeypot based detection of malicious URLs is widely used for analysis of malicious URL which uses the web based propagation medium to infect the end users.
Honeypot Usually Honeypots are very different than other network security devices because they are not directly providing any kind of security to the organizational network but they give us the useful information to study the behavior of attackers so that we can take the remedial actions further.
Built in Broswer Heuristic Based Honeyclient Based protection Detection Detection •Plug-ins [6] •Static •Low •Google safe Detection[8] Interaction[10] browsing [7] •Machine Learning •High Based Interaction[10] Detection[9]
Figure 1. Malicious URL Detection Approaches
Honeypots can be classified as per the attack classes and targeted attacks such as server side attacks and client side attacks. Classification of Honeypots can be as server honeypots and client honeypots. Server Honeypots which provide us the deep knowledge of server side attacks, which are a kind of passive honeypots. In contrast to server honeypots, client honeypots provide us the deep knowledge of client side attacks; therefore they are also called as active Honeypots or Honeyclient. Both of the Honeypot Technology has emerged as a widely research areas in the field of cyber security.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 32 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Client Honeypot In recent times, black hat community has mainly targeting client side applications such internet browser, pdf, media player etc. The client honeypot is new concept and is quite different than server honeypots. In case of active honeypot, client honeypot acts as client and actively visit the website to see whether the attack has happened or not. Following diagram depicts high interaction and low interaction client honeypots.
Low Interaction High Interaction Client Honeypot Honeyclient
Real system Simulation of with real application applications
Can detect zero-day Easy to deploy attacks
Figure 2: Client Honeypot Classifications
Low interaction client honeypot provide the simulated environment whereas in case of high interaction honeyclient real environment including OS, applications are provided to attackers. High interaction honeyclient are very resource intensive as compared to low interaction but we cannot be able to detect the zero day attacks.
Low High Interaction Interaction Honeyclient Honeyclient HoneyC[11] CaptureHPC[15] Honeyware[12] HoneyMonkey[16]
Monkey-Spider[13] SHELIA[17] SpyEye[14] UW Spycrawler[18]
Figure 2: Honeyclient Tools
3. SYSTEM FRAMEWORK DESIGN Here we present the detailed behavior analysis of malicious URL by using framework based on honeyclient technology with different layers of analysis. In case of client honeypots, we actively visit the URLs to get the client machine gets infected by the malwares dropped on the system. Here we are presenting the detailed analysis of URL which is declared malicious by our designed system and we observed that many activities are being performed by that URL and all the activities are being logged into our honeyclient solution. For honeyclient, we have taken CaptureHPC[11] as base reference which is open source high interaction honeyclient solution and re-modified that in our context to use in Virtual box[19] enabled environment. We have also used other analysis components such as snort-inline [20], [21] for signature based detection, out-of-band analysis for analyzing raw PCAP data. In case of CaptureHPC, we need to extract the list of URL from main website first and then visit them in VMware based virtual environment, but in our case do not need to extract the URL and still we are able to detect redirected or lending URLs from which malware dropped on client machine. All the honeypots are running in virtualized environment using open source Virtual Box. URL lists to the client honeypots are provided by the server called active honeypot controller. In proposed system, there are basically six functional components: URL data source, Virtual Honeypots, Anti-Virus Engine, Central database, Web interface and management and analysis servers.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 33 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 URL data source o Internet Cyber Space { Google safe browsing) o Spam Mails o Typo squatting URLs Virtual Client Honeypots o High interaction client honeypot Database o Mysql database Signature Based analysis o Integrated snort inline Behavior based analysis o Dynamic execution monitoring Out of Band analysis o Extraction of malwares from PCAP data o Offline analysis of PCAP raw data Web Interface o User interface for Online URL submission o Report generation and download
Figure 4 System Components
Experimental Analysis: Observation Following observations were recorded while visiting website http://kundu.in, Following listing displays the output of file system changes
Figure 5: File system changes
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 34 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 The log line displayed in figure 5 show that the creation of a new executable files name sysevwx.exe.The first few lines show that iexplore.exe process.exe) Internet explorer application is writing to this file and the last line represents the final creation of this file. In the next step the file sysevwx.exe is executed and more modifications to the client system are monitored.
Figure 6 : Executables dropped on system Figure 6 shows creation of process for the malicious file which is downloaded on the victim system
Figure 7: Registry changes
Figure 7 Show the changes that were done to the Microsoft windows registry that honeyclient monitors as well, as soon as the malicious binary SYSEVWX.exe is executed, it sets a number of registry entry for example disable firewall settings that otherwise would block further action taken by malware.
Then it makes changes to system.ini for making the above changes permanent after startup.
Figure 8: Changes to system.ini
Then a TCP connection was made to IP address 208.x.x.70:80, further we identified that TCP connection made to IP 208.x.x.70 is a webhosting server which has a website http://www.aachristmas.com Further we identified that few more files are created C:\1.txt A file is created in temporary internet folder of IE6 hg[1].htm. Deleted file C:\122F36
We observed that during actively browsing of the URL, few file prcesses has been created on client honeypot, file system modifications has occured and some registry changes has been occured. As we cann‘t detect the iframes embedded into URL, therefore we performed second level of investigation using open source tool known as wireshark and malzila.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 35 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 9: TCP connection to 208.x..x.70 File created C:\sysykeh.exe Then a file is deleted uorw1.exe Then again same registry changes took place which include proxy bypass, firewall disable etc. In brief, we can the following steps observed during actively visitation of URL. We are able to detect the malware dropped on system, actually malicious URL from which those malwares dropped on system.
URL Execution Malware URL Redirection dropped
• Actively • File system • Disabling Anti Browse URL changes Virus and using • Process Firewall Honeyclient creation • Taking full • Reg changes control of the victim machine
Figure 10: Observation in URL execution
The url is executed 2nd time on honeyclient and it is found that same types of files are downloaded but with different names. Table 1. Malwares Downloaded
Malware Name MD5 Microsoft Symantec sysevwx.exe D687BCD7CC2A90FF63C9A5CB1B Virus:Win32/Sality. W32.Sality.AE DE122A AT sysykeh.exe D687BCD7CC2A90FF63C9A5CB1B Virus:Win32/Sality. W32.Sality.AE DE122A AT uorw1.exe 38E1A938330AA5F84BA93B8E0FE - - 74C20 122F36.exe D41D8CD98F00B204E9800998ECF8 - - 427E When Same URL executed 2nd time Malware Name MD5 Microsoft Symantec Sysasvr.exe D687BCD7CC2A90FF63C9A5CB1B Virus:Win32/Sality. W32.Sality.AE DE122A AT Sysbnde.exe D687BCD7CC2A90FF63C9A5CB1B Virus:Win32/Sality. W32.Sality.AE DE122A AT Dcmdei 088E6CC06A228FD98D342CEFB50 3407D
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 36 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Table 1 depicts the malware dropped on the system and their first level investigation by few most popular anti- viruses. We can see that dropped malware uorw1.exe & Dcmdei are not identified by these most popular anti- viruses. Hence there is requirement of further analysis of those dropped malwares.
Figure 11: PCAP offline analysis Iframe in the html code of the web page http://kundu.in
Figure 12: Obfuscated Script Obfuscated Script on the page of http://kundu.in, © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 37 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 It is observed that the iframe is hidden in the obfuscated script and this script was placed on the home page, the contents of this obfuscated script cannot be read without deobfuscation of script.
Further Analysis of http://kundu.in Our honeyclient solution cannot detect the iframe attacks so we have further analyzed this URL with an open source tool malzilla.
Figure 13: Decoding the Obfuscated Script
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 38 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 14: iframe detected
On decoding the obfuscated script it is observed that it has an Iframe which points to malicious url http://aversbonko.com
Confirming and Evaluation of the suspicious URLs in Script
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 39 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 16: Google safe browsing result
Google Advisory also tags aversbonko.com as suspicious malicious Iframe found when all the links of malicious webpage http://kundu.in is parsed
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 40 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Figure 17: All embedded URLs
Figure 17 shows all the embedded URLS in the website http://kundu.in it also have the malicious url http://kundu.in/vaap.htm 4. Conclusion and Future Work The above discussed case is a classical example of drive by download attack, in which a malicious iframe was embedded in legitimate website and when a user of the website tries to visit that website malicious software‘s get installed on the user machine without its awareness and consent. The malicious software installed on the victim machine can damage the operating system of the machine and also can steal precious data of user. We have presented one classical example of drive by download attacks, in future we can think to detect other class of malwares and behavior based detection by applying clustering algorithms.
Acknowledgment We would like to thank Cyber Security Technology team at CDAC, Mohali to provide the useful help in collecting the malwares to make them available for further analysis. We also very thankful to Executive Director of CDAC, Mohali to provide us full support.
References [1] Ren Liu. China virus status & Internet Security Report in 2006.2007-02- 01.http://www.donews.com/Content/200702/eda7daf7970448608b2881d97c9a1868.shtm. [2] Jian Bao and Chang-peng Ji, and Mo Gao, ―Research on network security of defense based on Honeypot‖, IEEE International [3] Skoudis, E., and Zeltser, L., "Malware: Fighting Malicious Code", Prentice Hall,2003, Page 3, ISBN = 978- 0131014053. [4] Provos, N., McNamee, D., Mavrommatis, D. W., K and Modadugu, N., The Ghost In The Browser Analysis of Web-based Malware. 2007. [Online]. Available at:http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf [ Accessed 11 Feb 2009] [5] Harris, S., Harper, A., Eagle, C., and Ness, J., ―Gray Hat Hacking, Second Edition:The Ethical Hacker's Handbook‖. 2008, McGraw-Hill Osborne, Page 523, ISBN = 978-0071495684. [6] Secure Browsing | Malware Protection | Trustwave https://www.trustwave.com/securebrowsing/ [7] Google Safe Browsing www.google.com/tools/firefox/safebrowsing/ [8] Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code www.cs.ucsb.edu/~vigna/.../2010_cova_kruegel_vigna_Wepawet. pdf [9] Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages www.cs.ucsb.edu/.../2011_canali_cova_kruegel_vigna_Prophiler.pdf [10] Xiaoyan Sun, Yang Wang, Jie Ren, Yuefei Zhu and Shengli Liu, ―Collecting Internet Malware Based on Client-side Honeypot‖, 9th IEEE International Conference for Young Computer Scientists (ICVCS 2008), pp. 1493 – 1498, 2008. [11] Seifert, C., Welch, I., Komisarczuk, P., HoneyC - The Low-Interaction Client Honeypot,2006.URL http://www.mcs.vuw.ac.nz/~cseifert/blog/images/seiferthoneyc. Pdf [12] Alosefer, Y., Rana, O., "Honeyware: A Web-Based Low Interaction Client Honeypot", 2010 Third International Conference on Software Testing, Verification, and Validation Workshops (ICSTW), pp.410- 417, 6-10 April 2010. [13] Ikinci, A., Holz, T., Freiling, F., Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients. In: Proceedings of Sicherheit 2008 (2008). Available at: [http://pi1.informatik.uni- mannheim.de/filepool/publications/monkey-spider.pdf]. [14] Provos, N., SpyBye.[ http://code.google.com/p/spybye]. Last accessed; 11 Feb 2011 [15] Capture-HPC, 2008. [Online] Available at: [https://projects.honeynet.org/capture-hpc] [16] Wang, Y.M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., and King, S., Automated Web Patrol with Strider HoneyMonkeys. 2006. In Symposium on Network and Distributed System Security (NDSS). . Available at: [ftp://ftp.research.microsoft.com/pub/tr/TR-2005-72.pdf]. [17] Shelia: a client-side honeypot for attack detection http://www.cs.vu.nl/~herbertb/misc/shelia/ [18] Moshchuk, A., Bragin, T., Gribble, S.D., and Levy, H.M., A Crawler-based Study of Spyware on the Web. In Proceedings of the 13th Annual Network and Distributed Systems Security Symposium (NDSS 2006), San Diego, CA, February 2006. [19]. VirtualBox. (2004). Sun VirtualBox® User Manual. Available: Last accessed 20 July 2008. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 41 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [20] Snort, 2006, SNORT - The de facto standard on Intrusion Detection and Prevention, www.Snort.org. [21] Snort user manual 2.8.3, www.Snort.org [22] Wireshark: www.wireshark.org [23]. Know Your Enemy: Sebek, A kernel based data Capture tool, The Honeynet Project, http://www.honeynet.org, Last Modified: 17 November 2003 [24]. Experiences with a Generation III virtual Honeynet Abbasi, F.H.;Harris,R.J.; Telecommunication Network and Applications Conference (ATNAC), 2009 [025]. V. N. Padmanabban and L. Subramanian. Determining the geographic location of Internet hosts. In SIGMETRICS/Performance, pages 324– 325, 2001. [26] Honeynet Based Botnet Detection Using Command Signatures, WiMoA 2011/ICCSEA 2011, CCIS 154, pp. 69–78, 2011.© Springer-Verlag Berlin Heidelberg 2011. [27] Hybrid Honeypot Framework for Malware Collection and Analysis, 7th International conference on Industrial and Information system, 2012, IIT, Chennai, India
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 42 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Data Protection and Security Challenges in Cloud Computing Manoj Verma1, Abhishek Aggarwal2 1Assistant Professor in CSE Department, 2Assistant Prof. in Computer Sc. & IT Department, RPIIT Technical Campus, Karnal, India SKIET, Kurukshetra, India
Abstract: There are certain common misconceptions about cloud computing; people sometimes think that it is an answer to all their business problems while making the private data public. Although truth that cloud computing offers thousands of benefits like better and easy access to the files, better collaboration with surrounding applications, infrastructure and platforms as well as less maintenance and cost and the list goes on. Not to deny that it is a game changer in terms of how the world works today, but just to get an approachable hand to the most of the business problems doesn’t mean that it’s always going to be safe from any harmful effects. There are certain data protection and security issues specific to the cloud that we must know about before we get a dive in. This paper will throw a light on those security issues which are vital for the epic growth of any business consuming large amount of the data.
Keywords: SmartCloud, Botnet, SLA, XML, SOAP etc.
1. INTRODUCTION Cloud computing is a branch of Information Technology which provides low initial investment platform to the business clients. Applications and Services can be accessed over the network through internet connectivity irrespective of the platform used at both of the ends. An immediate access to the common information resources (e.g. software applications, hardware infrastructure, network resources and informational services etc.) can be offered to the clients under an agreement process [3]. Simply putting, cloud computing provides a variety of computing resources, from servers to storage, enterprise applications such as email, security, backup/DR, voice, all delivered over the Internet. The Cloud delivers a hosting environment that is immediate, flexible, scalable, secure, and available – while saving corporations money, time and resources. To understand the importance of cloud computing and its adoption, we must understand its principal and important characteristics, its delivery and deployment models, how customers use these services, and how to safeguard them. The five key characteristics of cloud computing include on-demand self-service, ubiquitous network access, location-independent resource pooling, rapid elasticity, and measured service, all of which are geared toward using clouds seamlessly and transparently. On-demand self-access [1] is a unilateral provision of computing resources without requiring human intervention. Ubiquitous access [1] means that the cloud provider's capabilities are available over the network and can be accessed through standard mechanisms by both thick and thin clients. Location-independent resource pooling refers to dynamically allocating the available physical and virtual resources [1] to consumers on demand using a multi-tenant model. Rapid elasticity [2] lets us quickly scale up (or down) resources. Measured services [2] are primarily derived from business model properties and indicate that cloud service providers control and optimize the use of computing resources through automated resource allocation, load balancing, and metering tools. Applications running on or being developed for cloud computing platforms pose various security and privacy challenges depending on the underlying delivery and deployment models. The three key cloud delivery models are software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) as shown in Figure 1.1 below. In IaaS, the cloud provider supplies a set of virtualized infrastructural components such as virtual machines (VMs) and storage on which customers can build and run applications [2]. The application will eventually reside on the VM and the virtual operating system. Issues such as trusting the VM image, hardening hosts, and securing inter-host communication are critical areas in IaaS. Examples of IaaS [4] are Amazon, Go-Grid, and 3- Tera etc. PaaS enables programming environments to access and utilize additional application building blocks. Such programming environments have a visible impact on the application architecture, such as constraints on which services the application can request from an OS [2]. For example, a PaaS environment might limit access to well- defined parts of the file system, thus requiring a fine-grained authorization service. To meet manageability and scalability requirements of the applications [4], PaaS providers offer a predefined combination of operating systems and application servers, such as LAMP (Linux, Apache, MySql and PHP) platform, restricted J2EE, Ruby etc. Examples of PaaS are Google‘s App Engine, and Force.com, etc. Finally, in SaaS, the cloud providers [2] enable and provide application software as on-demand services. Because clients acquire and use software components from different providers, crucial issues include securely composing them and ensuring that information handled by these composed services is well protected.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 43 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 1.1: An abstract schema of cloud computing [3] Currently [4], SaaS is offered by companies such as Google, Salesforce, Microsoft, and Zoho etc.
2. PRIMARY DEPLOYMENT MODELS OF CLOUD COMPUTING With most organizations focusing on leveraging the cloud in order to cut capital expenditure and control operating costs, there is an aggressive growth in business for cloud adoption. However, the cloud can bring security risks and challenges for IT Management, which can be more expensive for the organization to deal with, even considering the cost saving achieved by moving to the cloud. Therefore, it is very important for businesses to understand their requirements before opting for various deployment models available on the cloud [5]. There are 4 primary cloud computing deployment models as described as under: A) Public Cloud Most commonly, it is known as cloud computing [6]. Here, all of the physical resources are owned and operated by a third party cloud computing provider. The provider services multiple clients that may consist of individuals or corporations utilizing these resources through the public Internet. Services can be dynamically provisioned and are billed based on usage alone. This model provides the highest degree of cost savings while requiring the least amount of overhead. Examples [7] of public cloud are Google App Engine, Microsoft Windows Azure, IBM Smart Cloud, Amazon EC2. B) Private Cloud A private cloud offers many of the benefits of a public cloud computing environment, such as being elastic and service based [8]. In addition, data and processes are managed within the organization without the restrictions of network bandwidth, security exposures and legal requirements that using public cloud services might entail. This offers greater control of the cloud infrastructure, improving security and resiliency. Data stored in the private cloud can only be shared amongst users of an organization and third party sharing depends upon trust they build with them [9]. Popular examples of private cloud include Amazon Virtual Private Cloud (Amazon VPC), Eucalyptus Cloud Platform, IBM SmartCloud Foundation and Microsoft Private Cloud. C) Hybrid Cloud The hybrid cloud computing model employs aspects of all of the other cloud models and it is the most common method of cloud deployment within a large organization [6]. A company may use internal resources in a private cloud maintain total control over its proprietary data. It can then use a public cloud storage provider for backing up less sensitive information. At the same time, it might share computing resources with other organizations that have similar needs. By combining the advantages of the other models, the hybrid model offers organizations the most © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 44 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 flexibility. Examples [7] of hybrid cloud are Windows Azure and VMware vCloud. Below is the model figure of hybrid cloud:
Figure 2.1: Defining Hybrid Cloud [10]
D) COMMUNITY CLOUD The cloud infrastructure is shared between the organizations with similar interests and requirements whether managed internally or by a third-party and hosted internally or externally. The costs are spread over fewer users than a public cloud (but more than a private cloud), so only some of the cost savings potential of cloud computing are realized. This may help to limit the capital expenditure costs for its establishment as the costs are shared among the organizations. One of the above deployment models may be selected on the basis of factors like requirements, scalability, level and type of the organization. Other parameters of concern [11] may be Efficiency, Availability, Economy, Manageability, Quality, Application Integration and Security. The most prominent issues of discussion in the remaining sections of this paper are related to security and data protection which further leads to the introduction to fault tolerance capability, data migration & control and data confidentiality and integrity as described here.
3. SECURITY ISSUES ASSOCIATED WITH CLOUD It is clear that the security issue has played the most important role in hindering cloud computing acceptance [13]. Without doubt, putting your data, running your software on someone else's hard disk using someone else's CPU appears daunting to many. Well-known security issues such as data loss, phishing, botnet (collection of internet- connected programs communicating with other similar programs in order to perform tasks) [14] pose serious threats to organization's data and software. Moreover, the multi-tenancy model and the pooled computing resources in cloud computing has introduced new security challenges that require novel techniques to tackle with. For example, hackers can use cloud to organize botnet as cloud often provides more reliable infrastructure services at a relatively cheaper price for them to start an attack. There are numerous security issues for cloud computing [15] as it encompasses many technologies including networks, databases, operating systems, virtualization, resource scheduling, transaction management, load balancing, concurrency control and memory management. Technologies, concepts and frameworks has been designed and developed to secure the cloud for virtual machines, storage resources, data and the virtual
Fig. 3.1 Security Parameters in Cloud Computing
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 45 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 network monitors. In addition to the above discussed, other security issues [16] deal with preservation of confidentiality and integrity, Trust between the customer and service provider, Legal and regulatory issues, Data authenticity, Data encryption & key management, Data splitting and Virtual machine attacks. Cloud vendors use different service models (IaaS, PaaS and SaaS) and deployment models (Private, Public and Hybrid). The security associated with the cloud computing falls in two broad categories: Security issues faced by the cloud vendors and Security issues faced by its customers [12]. In general and most of the cases vendors takes the responsibility to provide the secure infrastructure and ensures data and application protection to their customers while customers must verify that their cloud vendors has been taken sufficient measures to provide the above protection to their information. 3.1 Service Providers Issues in Cloud Computing Security In the cloud environment, the service provider must ensure that the agreement must fulfill the security and privacy requirements of their client organizations. The cloud provider has to provision the safety measures towards organization‘s information and applications [19] to transfer them over the cloud effectively. Data Security in Transmission: Data can be transferred in encrypted form over the cloud network to ensure the data integrity, privacy and authentication on transmission lines. There are issues from hackers or attackers where they might get access to the base system by a communication channel and loss of data may happen [18]. Chances of releasing a Trojan horse or virus are also higher over the unsecured transmission lines to get the information leaked to the system. Secure data transmission can be achieved by using the protocols like IPSec, SSL/TLS over web can be used for secure data transmission but certain issues like throughput and complexity in coding comes into action. Modern encryption techniques [17] like RC6, AES, DES and Blow-fish can be used to secure the data transfers over the network in the cloud environment. Data Privacy: Generally Accepted Privacy Principles (GAPP) states privacy as ―The rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information‖. Widely speaking, privacy is the breach or destruction of personal data or personally identifiable information (PII). Identification of private information depends on the specific application scenario and the law, and is the primary task of privacy protection [21]. Areas around notification of the breach, management of the breach and responsibilities should be clearly covered in the privacy policy [20] of the service providers. An effective assessment strategy [19] must cover data protection, compliance, privacy, identity management, secure operations, and other related security and legal issues. Figure 3.2 is showing various stages of data life cycle which may be found useful in protection and
Fig. 3.2 Stages of Data Life Cycle privacy issues in general context to cloud computing. User Identity Management: The ability to share services and information [22] with various organizations, departments, partners, customers and other parts of the business ecosystem is a major advantage of cloud computing. As a result, successful cloud deployments hinge on securely and efficiently managing individuals‘ access to resources, and protecting data from loss or corruption. From a legal and regulatory perspective, one must be able to control, monitor and report on who is accessing what cloud-based resources, and for what purpose. IBM proposes an automated identity and access management (IAM) solution that can address these challenges, and encompass both cloud and traditional computing environments, so, you do not have to manage different sets of credentials. IBM identity and access management solutions for the cloud address several challenges and business requirements, including a broad user base, varied requirements and access controls, limited resources and comprehensive security to prevent costly and reputation-damaging system breaches.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 46 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 PRIME, Windows CardSpace, Open-ID, Higgens, and Liberty Alliance are special tools used [23] as a solution to preserve the privacy using proven security credentials. Downtime expectations and SLA: Cloud providers have to get customers more comfortable with downtime [24]. Inevitably, there may be some downtime in the cloud, as customers experience in their on-premises environments as well. Cloud providers have to better manage expectations and have service-level agreements (SLAs) in place to provide service credits for customers that do experience downtime. SLAs can be expanded to its different categories like Customer based, Service based, Multi-level and Corporate-level etc. Service level agreements can contain various service performance metrics with corresponding service level objectives. Cost and Accountability: Cost and Accountability is a main driver behind the operation of a cloud computing service charging its customers according to their actual usage and another flooding attack on a Cloud service is drastically increasing the bills. The costs of cloud computing are normally based on a usage model, with payments being charged on a time usage basis or an occurrence basis. Cost concerns are proved to be the biggest worries for the IT leaders [25] and are mentioned as: Loss of revenue due to poor availability, performance or troubleshooting cloud services; Poor user experience due to performance bottlenecks; The effect of poor performance on brand perception and customer loyalty. Many tools are available in the market to analyze the cost of cloud usage and to reduce the effect of revenue losses in the business. IBM‘s SmartCloud [26] is such a tool which provides visibility into the usage and the cost of infrastructure and other IT resources. 3.2 End User Issues in Cloud Computing Security The most important Cloud entity, and the principal quality driver and constraining influence is, of course, the user. The value of a solution depends very much on the view it has of its end-user requirements and user categories. Cloud Computing can be considered as a sum of SaaS (Software as a Service) and utility computing. Figure 3.3 shows the roles of users or providers in the Cloud Computing under the concept.
Fig. 3.3 Cloud users and providers
User Authentication: Users in the Cloud Computing environment have to complete the user authentication process required by the service provider whenever they use a Cloud service [27]. Generally a user registers with offering personal information and a service provider provides a user‘s own ID (identification) and an authentication method for user authentication after a registration is done. Then the user uses that ID and authentication method to operate further. Unfortunately, there is a possibility that the characteristics and safety of authentication method can be invaded by an attack during the process of authentication, and then it could cause severe damages. Hence, there must be not only security but also interoperability for user authentication of Cloud Computing. Trusted Platform Module (TPM) [19] is a widely available and stronger authentication than username and passwords. Trusted Computing Groups (TCG‘s) is IF-MAP standard about authorized users and other security issue in real-time communication between the cloud provider and the customer. Browser Security: In a Cloud environment, remote servers are used for computation. The client nodes are used for input/output operations only, and for authorization and authentication of information to the Cloud [19]. A standard Web browser is platform independent client software useful for all users throughout the world. This can be categorized into different types: Software-as-a-Service (SaaS), Web applications, or Web 2.0. TLS is used for data encryption and host authentication. As a client sends the request to the server the web browser has to make use of SSL to encrypt the credentials for the user authentication [28]. SSL support point to point communication that means if there is a third party, intermediary host can decrypt the data. If hacker installs sniffing packages on
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 47 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 intermediary host, the attacker may get the credentials of the user and use in these credentials in the cloud system as a valid user. Counter measure for this attack is Vendor should use WS-security concept on web browsers because WS-security works in message level that use XML encryption for continuous encryption of SOAP messages which does not have to be decrypted at mediator hosts. User Trust: The term ―trust‖ is often loosely used in the literature on cloud trust, frequently as a general term for ―security‖ and ―privacy‖. Trust [29] is a complex social phenomenon. Based on the concepts of trust developed in social sciences, we use the following terms to evaluate trust: expectancy, belief and willing to take risk. Unique mechanisms of trust judgment are described as: a) Reputation based trust b) SLA verification based trust c) Transparency & Accountability based trust d) Policy based trust e) Evidence based trust, and f) Trust as a service Trust judgment may be done by end users on the basis of various evidences collected from several sources dependent on user‘s trust policies. For example [29], to decide whether to trust a cloud service provider, a cloud user may simply just check whether the provider passed the formal audit of a widely accepted cloud service policy, conducted by a trusted auditor. 4. CONCLUSION In this paper, we explored the provider and the end user cloud security threats along with data protection issues. Organizations that are willing to implement cloud computing by expanding their existing infrastructure should be aware of the security challenges faced by both of the ends to protect against the compromise of the compliance integrity, security and control of their applications and data. Various architectures has been proposed to tackle the existing and emerging issues and further modified with the advancements in security technologies used for implementing the cost effective and efficient cloud security.
REFERENCES [1] Security Guidance for Critical Areas of Focus in Cloud Computing. Cloud Security Alliance. V2.1. December 2009. [2] Takabi H., James B.D. & Joshi. Security and privacy challenges in cloud computing environments. IEEE. December 2012. www.computer.org /security.html [3] Personal data protection and cloud computing. Cloud Computing Alliance Slovenia Chapter. V1.0. June 2012 [4] Sen J. (2013). Security and Privacy Issues in Cloud Computing. ARXIV. eprint arXiv:1303.4814 [5] The 4 Primary Cloud Deployment Models. cloudtweaks. July 2013. http://www.cloudtweaks.com/2012/07/the-4-primary-cloud-deployment-models/. Latest Access: 10-Aug- 2013 [6] Cloud Deployment Models. (2011). CloudConsultancy. http://www.cloudconsulting.com /deployment- methods/. Latest Access: 10-Aug-2013 [7] Cloud Deployment Models. (2011). http://www.techno-pulse.com/2011/10/cloud-deployment-private- public-example.html. Latest Access: 08-Aug-2011 [8] Cloud Computing-Strategic considerations for Banking & Financial Services Institutions. (2010). http://www.tcs.com/SiteCollectionDocuments/White%20Papers/Bfs_whitepaper_Cloud-Computing-Strat egic-Consi 10-Aug-2013derations-for-Banking-and-Financial-Institutions-03_2010.pdf. Latest Access: 08- Aug-2013 [9] Parsi K. & Laharika M. (2013). A Comparative Study of Different Deployment Models in a Cloud. International Journal of Advanced Research in Computer Science and Software Engineering. Vol(5). Pages 512-515. ISSN: 2277 128X [10] Beaver S. (2013). How Do You Define a Hybrid Cloud?. http://www.virtualizationpractice. com/how-do- you-define-a-hybrid-cloud-21146/. Latest Access: 10-Aug-2013 [11] Demarest G. & Wang R. (2010). Oracle Cloud Computing. http://www.oracle.com/us/techno logies/cloud/ oracle-cloud-computing-wp-076373. pdf. Latest Access: 10-Aug-2013 [12] Cloud computing security. http://en.wikipedia .org/wiki/Cloud_computingsecurity#cite_note-2. Latest Access: 12-Aug-2013 [13] Kuyoro S. O., Ibikunle F. & Awodele O. (2011). International Journal of Computer Networks (IJCN). Volume (3) : Issue (5). pp. 247(9). [14] http://en.wikipedia.org/wiki/Botnet. Latest Access: 12-Aug-2013 © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 48 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [15] Hamlen K., Kantarcioglu M., Khan L. & Thuraisingham B. (2010). Security Issues for cloud computing. International Journal of Information Security and Privacy. University of Texas, USA. 4(2). pp. 39-51 [16] JoshuaKissoon. (2013). Cloud Computing Security Issues and Solutions. Clever Logics. http://www.cleverlogic.net/articles/cloud-computing-security-issues-and-solutions. Latest Access: 13-Aug- 2013 [17] El-etriby S., Mohamed E. M. & Abdul-kader H. S. (2012). Modern Encryption Techniques for Cloud Computing. ICCIT-2012, pp. 800-805 [18] Porwal A., Maheshwari R., Pal B. L. & Kakhani G. (2012). An Approach for Secure Data Transmission in Private Cloud. International Journal of Soft Computing and Engineering (IJSCE). ISSN: 2231-2307. Volume-2. Issue-1 [19] Sreedharan S. & G. Kalpana. (2013). Security Issues and Solutions for Cloud Computing. International Journal of Computer Trends and Technology (IJCTT). volume-4. Issue-4. [20] Magalhaes R. M. (2012). Key Cloud Privacy Concerns in 2012. http://www.windowsecurity .com/articles- tutorials/Cloud_computing/Key-Cloud-Privacy-Concerns-2012.html. Latest Access: 13-Aug-2013 [21] Chen D. & Zhao H. (2012). Data Security and Privacy Protection Issues in Cloud Computing. International Conference on Computer Science and Electronics Engineering. DOI 10.1109/ICCSEE.2012.193. pp. 647- 651 [22] IBM. Manage user identities and access in the cloud. http://public.dhe.ibm.com/common /ssi/ecm/en/wge03016 usen/WGE03016USEN.PDF. USA (December-2011). Latest Access: 13-Aug-2013 [23] Gunjan K., Sahoo G. & Tiwari R. K. (2012). Identity Management in Cloud Computing. International Journal of Engineering Research & Technology (IJERT). ISSN: 2278-0181. Volume-1. Issue-4. pp. 1-4 [24] Sahazad S. (2013). dinCloud. http://searchcloudprovider.techtarget.com/tip/Providers-must-address-top- cloud-computing-issues-to-succeed-in-2013. Latest Access: 13-Aug-2013 [25] Venkataraman A. (2013). Hidden cost of cloud computing is CIOs‘ biggest concern. http://www.computerweekly.com/news/2240188240/Hidden-cost-of-cloud-computing-is-CIOs-biggest- concern. Latest Access: 13-Aug-2013 [26] IBM SmartCloud Cost Management. http://www-03.ibm.com/software/products/us/en/smartcloud-cost- mana gement/. Latest Access: 13-Aug-2013 [27] Ahn H., Chang H., Jang C. & Choi E. (2011). User Authentication Platform using Provisioning in Cloud Computing Environment. Advanced Communication and Networking. Korea. pp. 132-138 [28] Qaisar s. & Khawaja K. F., (2012). Cloud computing: network/security threats and countermeasures. Interdisciplinary journal of contemporary research in business. Volume-3. Issue-9. pp. 1323-1329 [29] Huang J. & Nicol D. M. (2013). Trust mechanisms for cloud computing. Journal of Cloud Computing: Advances, Systems and Applications 2013. Springer. doi:10.1186/2192-113X-2-9
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 49 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 ANN Based Crop Prediction System for Farmer 1Surendr Jangra 2Arvind Selwal 3Jai 1Associate Prof. & Hod, of CSE, 2Ph.D Research Schollar, PTU, 3Deptt. of Chemistry, HCTM Technical Campus, Jalander(Pb.), HCTM, Kaithal, HIET, Kaithal-136027, India India India
Abstract: In this paper an attempt has been made to use data mining technique to design a prediction system for farmers.Data Mining, also popularly known as Knowledge Discovery in Databases (KDD), refers to the nontrivial extraction of implicit, previously unknown and potentially usefulinformation from data in database. We can predict the type of crop that may be grown on a particular land based upon physical and chemical properties of soil using artificial neural network, a data mining technique. Neural networks provide a very general way of approaching problems. When the output of the network is continuous, it is performing prediction and when the output has discrete values, and then it is doing classification.
Keyword: ANN, KDD, Data Mining
I. Introduction Information packaged in sizeable databases about all kinds of characteristics and facets are accessible these days. Extracting new and interesting knowledge through interpreting the collected data is cumbersome since more data potentially contains more information. To analyze these databases, immense efforts are being deployed. Understanding the hidden are implicit relationship between attributes in these Knowledge Discovery Databases (KDD) requires data mining techniques, as it has been proven as an effective tool. Data mining in nutshell is, pattern finding. Data mining‘s the process of discovering previously unknown and potentially interesting patterns in large dataset. The modal of the semantic structure of the dataset is obtained and represented from the ‗mined‘information tasks such as prediction or classification utilizes this model. Finding patterns and elucidating those patterns clearly are the two primary activities of data mining. Facilitating to make profitable predictions through offering insights into the data and providing proper explanations about the data is the mark of efficient data mining tool. The primary intent of this research is to find a solution that could provide a near precise information on the suitability of crop(s) for a given soil type. Agriculture and allied activities constitute the single largest component of India‘s gross domestic product, and contributed nearly 25% of the total and nearly 60%of Indian population depends on this profession. Neural networks, despite the presence of considerable noise in the training set, have the ability to trace the hidden and strongly non-linear dependencies and once the training is completed, is an appropriate tool when it comes to prediction. An artificial neural network (ANN), usually called neural network is a mathematical model or computational model that is inspired by the structure and/or functional aspects of biological neural networks. A neural network consists of an interconnected group of artificial neurons, and it processes information using a connectionist approach to computation. Modern neural networks are non-linearstatistical data tools. They are usually used to model complex relationships between inputs and outputs or to find patterns in data.
II. Literature Survey Literature analysis reveals a pervasive application of feed forward neural network, from among the diverse categories of connections for artificial neuron. In feed-forward neural networks the neurons of the first layer drive their output to the neurons of the second layer, in a unidirectional manner, means the neurons are not received from the reverse direction. Multilayer Perception Neural Networks (MLPNN) or Multilayer Feed-forward Neural Network (MFNN) is one such feed-forward neural network mechanism. Incorporating three layers, input, output and intermediate, the MLPNN designates distinct roles for each. Input layer maintains equal number of neurons corresponding to that of the variables in the problem.The output layer comprises a number of neurons equal to the preferred number of quantities, computed from the input and makes accessible the perception responses. The intermediate/hidden layer takes care of approximating non-linear problems. Processing linearproblems necessitate the presence of only the inputand output layer of the MLPNN.Data having discontinuities like saw tooth wave pattern necessitate the presence of two hidden layers for prototyping. The risk of congregating to local minima is greater while using two hidden layers and it seldom refines the model. Hypothetical rationale behind implementing more than two hidden layers is also void [2]. Separate weights are applied to the sums forwarded to each layer while the output from the first hidden layer is fed to the input of the next hidden layer, in scenarios where more than one hidden layers are deployed. The approach fostered by us employs a network with two hidden layers. A general structure of MLPNN comprising three layers is shown in Fig1. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 50 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 The only task of the neurons in the input layer is to distribute the input signal xi to neurons in the hidden layer. Each neuron j in the hidden layer sums up its input signals xi after weighting them with the strengths of the respective connections wji from the input layer and computes its output yj as a function f of the sum, given by:
Yj = f (ΣWji Xi )
Where, f can be a simple threshold function such as asigmoid, or a hyperbolic tangent function. The outputofneurons in the output layer is computed in the same manner. Following this calculation, a learningalgorithm is used to adjust the strengths of the connections in order to allow a network to achievea desired overall behavior. There are many types oflearning algorithms in the literature
Fig1
III. Problem Formulation Farmers face lot of problems in agriculture,one of which is what type of crop must be grown on a given field which yields maximum productivity.Study on characteristics of soil(physical and chemical properties) to determine the types of crops suitable for cultivation in a particular region can increase the yield to greater extent, which minimizes the expenditures involved in irrigation and application of fertilizers. A Dataset of n crops, D={c1,c2,c3,…….ck} Where C are various crops S={s1,s2,s3,……..sm} Where smS are various types of Soils PP={p1, p2, p3,…..pr} Where pr PP is Physical properties of soil CP={c1,c2,c3,……cq} Where cq CP is chemical properties of soil PP Artificial CROP K Neural S Where CP Network k k ismaximum
S
IV. Proposed System
Data set
Training multilayer perception model yer perceptron neural network
Trained neural network
Predicted crop/remedial slutions Fig. 2: Training system architecture © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 51 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Prediction of crops growth using multi-layer perception neural networks (MLPNN)
Predicting is a process of conceiving something as it might happen in future, based fundamentally, on knowledge gathered from past experiences and from present scenario. For prediction and simulation in engineering applications, tools ofartificial intelligence have been found to be strong. Trained system architecture is shown in fig 2.
V. Decision Parameters Following are the tables showing various decision parameters which will be used to predict the suitability of the soil for a particular crop. Our proposed artificial neural network will be trained for prediction.
Table 1: Typical soil physical decision parameters.
S.NO. NAME VALUE/TYPE 1 Particle size < 2 mm 3 2 Bulk Densities Db » 0.8 Mg/m
3 Soil structure Granular,platy,co lumnar,prismatic 4 Textural classes Sandy, loamy, silty 5 Color Red, yellow or Brown
6 Particle shape Spherical to angular 7 Plasticity and Varies with soil Cohesion 8 Soil temperature and Varies with soil heat
Table 2: Typical soil chemical decision parameters.
S.NO. NAME VALUE 1 Nitrogen 2.5to 4.0% 2 Sulfur 0.15 to 0.45% 3 Potassium 1 to 2% 4 Acidity ph 0-7 5 Humus 5-50%
VI. Conclusion and Future Scope Our proposed system will facilitate farmers to know the crop which may give best production in the given land. The System will also give remedial solutions to the farmers if there is any deficiency in the soil in question and further performance of the system may be improved by taking in to account various other factors like climate, rainfall and etc. MLPNN, having the adaptability to accommodate multiple intermediate layers became the preferred option of neural network algorithms available. Performance of the system may be improved and further various data mining algorithms may be applied by studying climatic conditions affecting soil.
References 1. E.T. Venkatesh and Dr. P. Thangaraj Tamilnadu, India ―Self-Organizing Map and Multi-Layer Perceptron Neural Network Based Data Mining toEnvisage Agriculture Cultivation‖Journal of Computer Science 4 (6): 494-502, 2008 ISSN 1549-3636 © 2008 Science Publications 2. Phillip H. Sherrod, ―Multilayer Perceptron NeuralNetworks‖,DTRsEG-Predictive Modelling Software ,
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 52 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 2008, http:/ww.dtreg.com/mlfn.htm. 3.J. Han and M. Chamber. ―DataMining: Concepts and Techniques‖. Morgan Kaufmann, 2000 4. M-S. Chen, Jiawei Han, and Philip S. Yu, ―Data Mining: An Overview from a Database Perspective‖, IEEE Transactions on Knowledge and Data Engineering, 8(6): 866-883,1996. 5. Nyle C. Brady, Ph.D. (Emeritus Professor of Soil Science) Cornell UniversityIthaca, New York Ray R. Weil, Ph.D. (Professor of Soil Science ) University of Maryland College Park, Maryland, ―Elements of the Nature andProperties of Soils‖ Third Edition 6. Indian Council of agriculture research,‖Handbook ofAgriculture‖ 25-45,april 1997,New Delhi. 7. Mandic, D. and Chambers, J. (2001) ―Recurrent Neural Networks for Prediction: Learning Algorithms,Architectures and Stability‖, John Wiley & Sons, New York. 8. Nirkhi, S.Computer and Automation Engineeri(ICCAE), 2010 ―Potential use of Artificial Neural Network in Data Mining‖ Institute of Electrical and Electronics Engineers, USA. 2010 , Page(s): 339 – 343 9. Seek Won Lee; Kerschberg, L. ―A methodology and life cycle model for data mining and knowledge discovery in precision agriculture‖ Institute of Electrical and Electronics Engineers, USA 1999 ,Page(s): 2882 - 2887 vol.3 10. Pokrajac,D.;Lazarevic, ―Applicationsofunsupervised neural networks in datamining‖ Institute of Electrical andElectronics Engineers, USA 2004 Page(s):17 - 20
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 53 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Web Crawler – A Review Ravi Bhushan1, Dr. Rajender Nath2 SKIET, Kurukshetra DCSA, Kurukshetra University, Kurukshetra, India Kurukshetra, India
Abstract- The World Wide Web consists of billions of web pages and huge amount of information available within pages. To retrieve the required information, web search engines perform a number of tasks based on their respective architectures. Every search engine process goes from crawling, indexing, searching till filtering and sorting/ranking of information. Ironically the very size of this collection has become an obstacle for information retrieval. The user has to sift through scores of pages to come upon the information he/she desires. Web crawlers are the heart of search engines. Web crawlers continuously keep on crawling the web and find any new web pages that have been added to the web, pages that have been removed from the web. Due to growing and dynamic nature of the web; it has become a challenge to traverse all URLs in the web documents and to handle these URLs.
Keywords:- World wide web, URL, Web crawler, etc.
I. Introduction The World Wide Web consists of billions of web pages and huge amount of information available within pages. Majority of the users use information retrieval tools like search engines to find information from the World Wide Web. A large number of search engines are available and some commonly used search engines are Google, Yahoo, Msn, Babylon etc. They download, index and store hundreds of millions of web pages. They answer tens of millions of queries every day. They act like content aggregators (Fig. 1) as they keep a record of every information available on the WWW.
Search Engine
www Content Consumer
Fig.1- Search Engine Concept
The World Wide Web [1] is a global, read-write information space. Text documents, images, multimedia and many other items of information, referred to as resources, are identified by short, unique, global identifiers called Uniform Resource Identifiers so that each can be found, accessed and cross-referenced in the simplest possible way. It is a vast reservoir of information, provides an unrestricted access to large inexhaustible pool of information, present in the form of hypertext documents. It is an interlinked collection of documents formatted using Hyper Text Markup Language (HTML)[8]. These documents contain hyperlinks to other documents. It is a client-server based architecture that allows a user to initiate search by providing a keyword and some optional additional information to a search engine, which in turn collects and returns the required web pages from the Internet. Web Crawlers also known as robots, spiders, worms, walkers, wanderers. A crawler is a program that downloads and stores Web pages, often for a Web search engine[6]. Roughly, a crawler starts off by placing an initial set of URLs, in a queue, where all URLs to be retrieved are kept and prioritized. From this queue, the crawler gets a URL (in some order), downloads the page, extracts any URLs in the downloaded page, and puts the new URLs in the queue. This process is repeated. Collected pages are later used for other applications, such as a Web search engine or a Web cache. Most crawlers follow the Robots Exclusion Principle[4].
II. How Web Crawler Works The process of downloading the pages and indexing the contents is very difficult. For instance, if the system downloaded one page at a time, covering the Internet would take several years, as there are typically "bottlenecks" or slow-downs between the web crawler and the various sites it wants to analyze. Also, when indexing the pages and saving the contents for future searches, this must be done very quickly, and the information must be saved such that future searches don't take huge amounts of time. Web crawling strives to cover as much of the Internet as possible, but some paths through the Internet are not complete and will frequently lead to dead ends. Let's say that you create © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 54 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 a web page and one other page on the Internet does not reference it. Unless you submit your page to search engines to be indexed, no one will even know it exists. There are quite a few pages like this that may contain very useful information but are not indexed or searchable because they are not referenced by many (if any) pages. Web crawling is also a very time-consuming task. Some search engines brag that their crawlers completely recheck their searched pages at least once a month. This isn't very useful if you're expecting to find current information via that crawler. The problem is one of sheer volume - search engines have to go through billions of pages of information and this takes a huge amount of time and perform a number of tasks based on their respective architectures. These general steps describe how web crawlers work, although they are typically much more complex.
Get next URL in Queue
No Contact web server
Robot Allowed
Yes
Fetch Page
Process Page
Extract URL and Extract Index Contents update Queue summery
Fig. 2 How Crawler Works
III. Algorithm A main idea behind any crawler design is to leave the actual Spider doing as little processing as possible, thus leaving it free to download documents faster. So URL resolution is left to mapper processes and the crawler processes use the resolved IP addresses. Roughly a crawler follows the following algorithm:
Crawler () Begin While (URL set is not empty) Begin Take a URL from the set of seed URLs;
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 55 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Determine the IP address for the host name; Download the Robot.txt file, which carries downloading permissions and also specifies the files to be excluded by the crawler; Determine the protocol of underlying host like http, ftp, gopher etc.; Based on the protocol of the host, download the document; Identify the document format like doc, html, or pdf etc.; Check whether the document has already been downloaded or not; If the document is fresh one Then Read it and extract the links or references to the other cites from that documents; Else Continue; Convert the URL links into their absolute URL equivalents; Add the URLs to set of seed URLs; End; End; Algorithm for basic crawler The Crawler Manager takes a set of URLs from the URL Queue, it then sends each document to the DNS Cache to get the IP address, and this saves a vast amount of time, as the Crawler doesn't have to send a request to a DNS Server every time it goes to download a document. The IP Address is then used to download the robots.txt file. The robots.txt file is downloaded if it exists. If it doesn't exist, full permissions are assumed. If it is downloaded, it is parsed to determine what permissions are set to each file on the server. Most crawlers store links in 2 queues: a) Links within the site are stored in a Local queue b) Links external to the site are stored in an External queue. Links within the pages are ignored. The crawler iterates through the documents in the Local queue adding new links to the queues. If it is permitted to download the document it is stored locally. When the Local queue is exhausted it takes the next URL from the External queue.
IV. Conclusion Scalable web crawlers are an important component of many web services. Building a scalable crawler is a non- trivial endeavor because the data manipulated by the crawler is too big to fit entirely in memory, so there are performance issues relating to how to balance the use of disk and memory.
References [1] Junghoo Cho, Narayanan Shivakumar, Hector Garcia-Molina "Finding replicated Web collections." In Proceedings of 2000 ACM International Conference on Management of Data (SIGMOD), May 2000. [2] Douglas E. Comer, ―The Internet Book‖, Prentice Hall of India, New Delhi, 2001. [3] A. K. Sharma, J. P. Gupta, D. P. Agarwal, ―A novel approach towards efficient Volatile Information Management‖, Proc. Of National Conference on Quantum Computing, 5-6 Oct.‘ 2002, Gwalior. [4] AltaVista, ―AltaVista Search Engine,‖ WWW, http://www.altavista.com. [5] Shaw Green, Leon Hurst , Brenda Nangle , Dr. Pádraig Cunningham, Fergal Somers, Dr. Richard Evans, ―Sofware Agents : A Review‖, May 1997. [6] Cho, J., Garcia-Molina, H., Page, L., ―Efficient Crawling Through URL Ordering,‖ Computer Science Department, Stanford University, Stanford, CA, USA, 1997. [7] S.Brin, L.Page, ―The Anatomy of a Large-Scale Hyper textual Web Search Engine‖, Proceedings of the 7th International World-wide-web Conference, Brisbane, Australia, 1998. [8] G.Michael YoungBlood, ―Web Hunting: Design of a Simple Intelligent Web Search Agent‖, www.acm.org/crossroads/xrds5-4/webhunting.html. [9] Chau Michael, Chen Hsinchun, ―Personalized and Focused Crawlers‖, Department of Management Information Systems, University of Arizona. [10] A.K. Sharma, J.P. Gupta, D. P. Aggarwal, PARCAHYDE: An Architecture of a Parallel Crawler based on Augmented Hypertext Documents.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 56 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [11] L. Page and S. Brin, ―The anatomy of a search engine‖, Proc. of the 7th International WWW Conference, Brisbane, Australia, April 14-18, 1998. [12] Y. Yang, S. Slattery, and R. Ghani, ―A study of approaches to hypertext categorization‖, Journal of Intelligent Information Systems. Kluwer Academic Press. [13] S. Chakrabarti, M. van den Berg, and B. Dom, ―Distributed hypertext resource discovery through examples‖, Proceedings of the 25th International Conference on Very Large Databases (VLDB), pages 375-386, 1999. [14] Alexandros Ntoulas, Junghoo Cho, Christopher Olston "What's New on the Web?The Evolution of the Web from a Search Engine Perspective." In Proceedings of the World-Wide Web Conference (WWW), May 2004.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 57 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Encryption Through A Substitution Technique Mobi-Substitution Amit Gupta1 , Neeraj Kumar2 SKIET, Kurukshetra1 , MM University Mullana2 Kurukshetra, India Mullana, India
Abstract: As the information grows dramatically, Well it's getting even feel the need to increase the information security level,. The reason behind the enhancement of the information security is that some of our information needs to be protected against unauthorized disclosure for legal and competitive reasons. All of the information we use, store and transfer must be protected against unauthorized access and other accidental modification and must be easily available when ever necessary. We must also establish and maintain the characteristics for security such as authenticity of documents, we create, send and receive or used during any transaction. Finally, if the poor security practices allow , it can be cause to damage our systems and even lead to more severe legal problems. In this paper we proposed a encryption technique which can be implemented to encrypt the data with a little bit knowledge of the encryption rules to securely transfer the information or to store the information.
I. INTRODUCTION At this time of competition, Security is the main concern while we maintain the security by a suitable and efficient method. Most probably the data can be made secure by just to prevent the unauthorized access to the information i.e made the data inaccessible to only authorized persons; either make use of the passwords and second one is to use the data in unreadable form while storing or transferring the data. Unix deals with passwords by not storing the actual password anywhere on the system. When a password is set, what's stored is a value generated by taking the password that was typed in and using it to encrypt a block of zeros. When a user logs in /bin/login takes the password the user types in and uses it encrypt another block of zeros. This is then compared with the stored block of zeros. If the two match the user is permitted to log in. The algorithm that Unix uses for encryption is based on the Data Encryption Standard (DES). So encryption and decryption of data are main task during the secure transfer of information. Encryption is basically to convert your original and readable data into unreadable form.
II. ENCRYPTION AND DECRYPTION What is encryption and decryption? Encryption and decryption are the mirror processes of each other. To make the information unreadable to the unauthorized users the text used for information are basically characterized into two types. First one is the Plain Text which we used normally and can be easily understandable by any person if put in front of them. Second one is the Cipher Text which is not easily understandable by everyone. Normally it is a collection of alphabets, special characters and other symbols. The main purpose to use all of above symbols in cipher text is to make them unreadable to the unauthorized persons. The cipher text also can be unreadable for the authorized persons if that cipher text is not be converted in to the plain text using suitable method. There are some Terminology used during the encryption. Encryption: Process of encoding a message so that its meaning is not obvious. Decryption: The reverse process of Encryption – transforming an encrypted message into its normal, plaintext form. Cryptosystem: A system for Encryption and Decryption. Cryptanalysts: May be a hacker used to determine the encryption techniques by analyzes the similarities between the plain text and the cipher text.
• Stream and Block Ciphers: Stream Cipher: Encrypts a digital data stream one byte at a time. Block Cipher: Encrypts blocks of plaintext, treated as a whole and used to produce a ciphertext block of equal length . For increased password security why not just use a different encryption program, one that can't be decrypted? There are no such encryption programs. Decryption isn't the problem. All this means that even encrypted passwords are not secure if kept in a world-readable file like /etc/passwd. /etc/passwd needs to be world-readable for a number of reasons, including the user's ability to and change their own passwords.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 58 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 You are a consultant working for a larger private-sector client. Your team is responsible for managing a network that supports a CRM (Customer Relationship Management) application, which often contains highly sensitive, often encrypted, financial information. A Hacker figures out the algorithm your client is using to encrypt outgoing emails and internal, sensitive information, and may posts the algorithm on the Internet.
A General Model of Conventional Encryption Process An encryption scheme has 5 major components:
(1) Plaintext Input (2) Encryption Algorithm (3) Secret Key (4) Transmitted Ciphertext (5) Decryption Algorithm
Simplified Model of Encryption and Decryption
Unconditional and Computational Security • Unconditionally Secure: An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext.
• Computationally Secure: An encryption is said to be computationally secure if: - The cost of breaking the cipher exceeds the value of the encrypted information. - The time required to break the cipher exceeds the useful lifetime of the information.
III. PROPOSED TECHNIQUE Classical Techniques are based on two building blocks: Substitution: The letters of plaintext are replaced by other letters or by numbers or symbols. The plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns. Like replace the each character by another one at nth position downwards in the alphabetical order etc. etc.
Transposition: Some sort of permutation is performed on the letters of plaintext. Transposition techniques are differed from substitution techniques in the way that they do not simply replace one alphabet with another one, also they perform some permutations over the plain text alphabets. Like a popular technique named simple columnar technique in which the alphabets are arranged row by row and collected column by column randomly to produce a cipher text.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 59 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 There are a lots of substitution and transposition techniques are proposed till now. Each have its own advantages and disadvantages. By using some properties of the above techniques I proposed a new one named mobi-substitution technique to convert the plain text into cipher text. My technique is basically a substitution technique. In our previous techniques we replace the each character of the plain text by the other some character to produce cipher text. Each with some disadvantages but the main and possibly the general problem with them is that the to implement the above substitution technique we have a little bit knowledge of the rules of that technique, if we wan to use that one. For example if we want to store the information or want to transfer the information, any mobile numbers then how a normal person have zero knowledge about the encryption techniques defined by an expert. In this technique we use the characters on mobile keys to replace the original character of the plain text for encryption. Means a technique of encryption through mobile keys e.g. an integer ―2‖ can be replaced by either a or b or c and vice-versa can be possible. As {2,a,b,c} belongs to same set as they are at the same and single key. e.g. amit 9897673584------ 26480zvzsosflvi Plain Text encryption Cipher Text through Mobii-Substitution
As in the above example the contact no is encrypted. The character replaced by original one is predefined and agreed by both sender and receiver. The main advantage of this substitution technique is its simplicity and it is easy to implement without a lots of hardware or software requirements. The other advantage is that it is easy to separate the each word of cipher text as the space can be indicated using the zero (―0‖) symbol.
The one disadvantage of this encryption technique the probability to decrypt the cipher text is not much but also not less, as the length of the cipher text corresponding to plain text is increased the problems for the cryptanalysts to decrypt that one will also increased.
IV. Conclusion This technique of encryption and security method to make the information secure is very useful technique and easy to implement as compared to other technique for encryption because of lack of time and also lack of knowledge, it is difficult for a normal person in real life to use a large and typical techniques to encrypt the information. Also It is obvious that it is believe that encryption is the future security method of all Internet business and other network users. Also, it seems that the net user does not know of all the available security methods offered. It is clear that the Internet has unforeseeable potential. However, in order for the Internet users to be able to tap into that wealth, they must make sure they educate their customers.
V. Future Work The main disadvantage of the above substitution encryption technique is that there is more possibility to break this technique means it is easy to decrypt the cipher text back into plain text if proper crypta-analysis is done. The future work is to minimize the possibility to break the cipher text by cryptanalysts.
References 1. Chen, K, Lee, H and Mayer, B ―The Impact of Security Control on Business-to-Consumer Electronic Commerce,‖ Human Systems Management, vol. 20, 2001, p.139-147. 2. Chen, K, Lee, H, Yang, J. and Mayer, B. ―An Investigation of College Students‘ Perception of Business-to- Consumer E-Commerce,‖ Communications of the ICISA, Vol. III, No.1, 2000. 3. Panko, R. Business Data Communications and Networking (3rd edition), Upper Saddle River, New Jersey: Prentice Hall, Inc, 2000. 4. Cryptography and network security by Atul kahate 5. www.wikipedia.com 6. R. Anderson, E. Biham, and L. Knudsen, Serpent: A proposal for the advanced encryption standard, Available at http://www.cl.cam.ac.uk/˜rja4/serpent.html, August 1998. 7. in a simulatable Dolev-Yao style cryptographic library, Journal of Information Security 4 (2005), no. 3, 135–154.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 60 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 8. C. Burwick, D. Coppersmith, E. D‘Avignon, R. Gennaro, S. Halevi, C. Jutla, S. Mathas Jr., L. O‘Connor, M. Peyravian, D. Safford, and N. Zunic, MARSa candidate cipher for AES, Available at http://www.research.ibm.com/security/ mars.pdf, September 1999. 9. Joan Daemen and Vincent Rijmen, The design of Rijndael: AES - the Advanced Encryption Standard, Information Security and Cryptography, no. 17, Springer- Verlag, 2002. 10. Morris Dworkin, Recommendation for block cipher modes of operation: Methods and techniques, Tech. Report SP 800-38A, National Institute of Standards and Technology, 2001. 11. X. Lai, J.L. Massey, and S. Murphy, Markov ciphers and differential cryptanalysis,Advances in Cryptology - Eurocrypt ‘91 (Donald W. Davies, ed.), LNCS, vol. 547,Springer Verlag, 1991, pp. 17–38. 12. B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, The Twofish encryption algorithm, John Wiley and Sons, 2003. 13. David Wheeler and Roger Needham, TEA, a tiny encryption algorithm, Fast SoftwareEncryption: Second International Workshop, Lecture Notes in Computer Science,vol. 1008, Springer Verlag, 1999, pp. 363– 366.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 61 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Modified Genetic Algorithm for Solving TSP Parveen Sharma Neha Khurana Asst. Professor SKIET, Kurukshetra Pursuing M.Tech , SKIET, Kurukshetra Kurukshetra, India Kurukshetra, India
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 62 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Abstract: Travelling salesman problem (TSP) is the most famous and difficult combinationary optimization problem. It is really challenging to design an effective algorithm, which can give optimal solutions to TSP with large dimensions. There are already many different techniques like greedy, local search, simulated annealing used for solving combinationary problems. TSP is solved very easily when there are less number of cities, but as the number of cities increases it is very hard to solve, as large amount of computation time is required. Genetic Algorithm is one of the best methods which is used to solve various NP-hard problem such as TSP. The natural evolution process is always used by genetic algorithm to solve the problems. There are many genetic operators are used to solve TSP problem. This paper proposed a modified Genetic Algorithm to solve TSP problem. The algorithm introduces new concepts, like the selection probability of a chromosome for parenthood, the one-point crossover operator to exchange bit strings, and the mutation operator to introduce random perturbations in the search process. In this paper, the comparisons with other existing techniques are also shown.
Keywords: TSP, GA, IGA.
I. Introduction The travelling salesman problem (TSP) is a problem that is not deterministic and known in combinatorial optimization. TSP can be applicable to find solution of many practical problems in our daily lives. The travelling salesman problem is a classical problem which belongs to the class of np-hard problems. The various applications of TSP in our day to day life can include a person trying to find the most optimal route to deliver mails, finding bus routes to pick up children in school. TSP can be represented by a complete weighted graph G = (N, A) where N is a number of nodes (cities), A being the sets of arc fully connecting the nodes i.e path. Each edge(x, y) Є A is assigned a weight which represents the distance between cities x and y. Travelling salesman has to be visited in n number of cities, each city visited exactly once and returns back by travelling the shortest distance between all the cities. However, it is very hard, if not impossible, to find the shortest path for a travelling salesman because the number of different routes that can be taken increases exponentially as the number of cities increases. Genetic Algorithm (GA) is a special kind of search algorithm that depicts the biological evolution as the problem solving technique. GA works on the search space called population. Each element in the population is called as chromosome. GA begins with randomly selecting set of feasible solution from population [2]. Each chromosome is evaluated for fitness and this fitness defines the quality of solution. GA uses adaptive heuristic search technique which finds the set of best solution from the population. New offsprings are generated from the chromosomes using operators like selection, crossover and mutation. Most fit chromosomes are moved to next generation. The weaker has a less chance to move. This process repeats until the chromosomes have best fit solution to the given problem. The genetic algorithm process consists of the following steps: 1. Evaluation 2. Cross over 3. Mutation 1. Evaluation: The evaluation function is an important part in genetic algorithm. In this, we use a fittest function to decide how good a chromosome is. It also helps us in the selection of better chromosomes for the next crossover step, if we have a large number of initial population. 2. Crossover: After the completion of the selection process, the chromosomes chosen to be parents for the next generation are recombined to form children that are new chromosomes. This combination can take many forms. 3. Mutation: Mutation is performed after crossover by randomly choosing a chromosome in the new generation to mutate. We randomly choose a point to mutate and switch that point. Many types of mutation operators exist i.e. bit flip, swapping, inversion. II. Related Work Adewole Philip, Akinwale Adio Taofiki, Otunbanowo Kehinde ―A Genetic Algorithm for Solving Travelling Salesman Problem‖[3], They present a genetic algorithm for solving the Travelling Salesman problem (TSP). Genetic Algorithm which is a very good local search algorithm is employed to solve the TSP by generating a preset number of random tours and then improving the population until a stop condition is satisfied and the best chromosome which is a tour is returned as the solution. Analysis of the algorithmic parameters was done so as to know how to tune the algorithm for various problem instances. Genetic algorithm is a technique used for estimating computer models based on methods adapted from the field of genetics in biology. To use this technique, one encodes possible model behaviors into ''genes". After each generation, the current models are rated and allowed to mate and breed based on their fitness. In the process of mating, the genes are exchanged, crossovers and mutations can occur. The current population is discarded and its offspring forms the next generation. Kylie Bryant ―Genetic Algorithms and the Traveling Salesman Problem‖[4] says Genetic algorithms are an evolutionary technique that use crossover and mutation operators to solve optimization problems using a survival of © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 63 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 the fittest idea. They have been used successfully in a variety of different problems, including the travelling salesman problem. In the travelling salesman problem we wish to find a tour of all nodes in a weighted graph so that the total weight is minimized. The travelling salesman problem is NP-hard but has many real world applications so a good solution would be useful. Many different crossover and mutation operators have been devised for the travelling salesman problem and each give different results. We compare these results and find that operators that use heuristic information or a matrix representation of the graph give the best results. Tsai, Huai-Kuang et al proposes an evolutionary algorithm, called the heterogeneous selection evolutionary algorithm [5], for solving large travelling salesman problems. The strengths and limitations of numerous well- known genetic operators are first analyzed, along with local search methods for TSPs from their solution qualities and mechanisms for preserving and adding edge based on this analysis, a new approach, HeSEA is proposed which integrates edge assembly crossover (EAX) and Lin–Kernighan (LK) local search, through family competition and heterogeneous pairing selection. Family competition and heterogeneous pairing selections are used to maintain the diversity of the population, which is especially useful for evolutionary algorithms in solving large TSPs. Omar M.Sallabi ―An Improved Genetic Algorithm to Solve the Travelling salesman problem‖[6] profound The Genetic Algorithm (GA) is one of the most important methods used to solve many combinatorial optimization problems. Therefore, many researchers have tried to improve the GA by using different methods and operations in order to find the optimal solution within reasonable time. He proposes an improved GA (IGA), where the new crossover operation, population reformulates operation, multi mutation operation, partial local optimal mutation operation, and rearrangement operation are used to solve the Travelling Salesman Problem. Crossover is the most important operation of a GA because in this operation, characteristics are exchanged between the individuals of the population. Jin, Da-Jiang & Zhang, Ji-Ye states that the deficiency of the traditional crossover operator of Genetic Algorithms in global searching, the partheno-crossover operator is proposed [7]. The individual of the population doesn‘t cross over the individual of the same population but the individual of the completely different with it. When these two individuals have many offspring, only the fittest offspring can replace his father‘s position in the population. So this offspring either inherits the father‘s good gene fragments or have a better gene fragments. The improved Genetic Algorithm used the partheno-crossover operator allows better stability of global convergence. Mutoh, Atsuko et al propose a new crossover method and apply it to the conventional generation-alternation model [8]. We expect it to provide more efficient searching with real-coded GAs. They used multi-step crossover (MSX) and discusses preliminary experiments with MSX and lists its disadvantages. They introduces flexible-step crossover (FSX), an extended version designed to overcome the disadvantages found from the preliminary experimental results. In these experiments, the number of children generated by one crossover is limited because of calculation costs. Therefore, they tried generate better individuals within a limited number of children and again purposed a new crossover method that accelerates the local search efficiency.
III. Proposed Algorithm The fitness function for TSP is the total distance to be travelled starting from a starting city and ending up in another city after touching all cities only once in a tour. The return distance from the end city to the starting city can also be considered in the fitness function. We take this fitness function in locating the tour with minimal distance. The present proposed algorithm is a motivated search technique. A genetic algorithm can be used to find a solution in much less time. It can find a near perfect solution for a 100 city tour in less than a minute. To solve the travelling salesman problem, we need a list of city locations and distances, or cost, between each of them.
The following steps are used to solve the problem of TSP: Step1:- Create an initial population of P chromosomes (Generation 0). Step2:- Evaluate the fitness of each chromosome. Step3:- Select P parents from the current population via proportional selection (i.e. the selection probability is proportional to the fitness). Step4:- Choose at random a pair of parents for mating. Exchange bit strings with the one-point crossover to create two offspring. Step5:-Process each offspring by the mutation operator, and insert the resulting offspring in the new population. Step6:-Repeat Steps 4 and 5 until all parents are selected and mated (P offspring are created). Step7:- Replace the old population of chromosomes by the new one. Step8:- Evaluate the fitness of each chromosome in the new population.
Step9:-Go back to Step 3 if the number of generations is less than some upper bound. Otherwise, the final result is the best chromosome created during the search. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 64 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 The algorithm introduces new concepts, like the selection probability of a chromosome for parenthood, the one-point crossover operator to exchange bit strings, and the mutation operator to introduce random perturbations in the search process.
IV. Experimental Results Taken a tour of 30 cities in which a salesman has to visit all the cities exactly once and returns back to the city from he starts. The following figure shows the result of travelling salesman problem. The first figure shows the locations of 30 random cities in a search space for travelling salesman problem and second figure represents the optimal path for a person to visit to the cities. The last figure shows the comparison with other existing techniques.
Fig. 1. Location of 30 Cities in Search Space
Fig. 2. Optimal Path
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 65 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 5000 4500 4000 3500 Genetic 3000 Algorithm 2500 greedy 2000 1500 simulated 1000 annealing 500 0 30 50 100
Fig. 3.Comparisions of TSP Algorithms Length
IV. Conclusion The travelling salesman problem is a combinatorial optimization problem that it is difficult to solve. Genetic algorithms appear to find good solutions for the travelling salesman problem, however it depends very much on the way the problem is encoded and which crossover and mutation methods are used. It seems that the methods that use heuristic information or encode the edges of the tour such as the matrix representation and mutation perform the best. Overall, genetic algorithms have proved suitable for solving the travelling salesman problem and in results a near optimal path in a less amount of a time. I presented a comparative study among greedy algorithm, genetic algorithm and simulated annealing algorithms. The proposed GA approach shows superior performance compared to the other algorithms. Solving a larger size problem, the proposed GA approach generated best solutions.
REFERENCES [1] Misba Shaikh1, Prof. Mahesh Panchal,―Solving Asymmetric Travelling Salesman Problem Using Memetic Algorithm‖, International Journal of Emerging Technology and Advanced Engineering, Volume 2, Issue 11, November 2012. [2] Dr. Rakesh Kumar, Mahesh Kumar ―Exploring Genetic Algorithm for Shortest Path Optimization in Data Networks‖, Global Journal of Computer Science and Technology, Page 8, Vol. 10, Issue 11 (Ver. 1.0), October 2010. [3] Adewole Philip, Akinwale Adio Taofiki, Otunbanowo Kehinde ―A Genetic Algorithm for Solving Travelling Salesman Problem‖, (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 2, No.1, January 2011. [4] Kylie Bryant, Arthur Benjamin, Advisor, ―Genetic Algorithms and the Travelling Salesman Problem‖, Department of Mathematics, December 2000 [5] Tsai, Huai-Kuang et al ―An Evolutionary Algorithm For Large Traveling Salesman Problems‖, IEEE Systems, Man, and Cybernetics Society, 2004 [6] Omar M.Sallabi, ―An Improved Genetic Algorithm to Solve the Travelling Salesman Problem‖, World Academy of Science, Engineering and Technology 2009. [7] Jin, Da-Jiang,& Zhang, Ji-Ye―A New Crossover Operator For Improving Ability Of Global Searching‖, China: Traction Power State Key Laboratory, Southwest, Jiaotong University, Chengdu, 2007. [8] Mutoh, Atsuko et al―Efficient real-coded genetic algorithms with flexible-step crossover‖, Evolutionary Computation, IEEE Congress on 2005.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 66 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 A Modified Approach to Analysis and Design of Firewall Technique Neeraj Gandhi1, Kapil Kumar2, Neeraj Sharma3 Research Scholar, Research Scholar, Institute of Vertex Technology, Global Research Institute of Geeta Institute of Management Radaur (Yamuna Nagar) Management & Technology, & Technology, Haryana, Radaur (Yamuna Nagar) India1 Kanipala, Kurukshetra, India2 India3
Abstract: With increasing vulnerabilities, caused by port scan attacks, replay attacks and predominantly IP Spoofing, targeting services, the network behavior is getting malicious. But there is a lack of any clear threat model .The authors have endeavored to consider this problem in order to improve the network security and enhance Secure Shell Daemon protection. A mechanism, QUICKKNOCK improving upon the potentialities of technologies such as port knocking and SPA (Single Packet Authorization), has been proposed .
Keywords: QUICKKNOCK, SSH Daemon, Network Security, Port knock, Encryption algorithms, IP Spoofing, Key- Exchange, Symmetric Cryptography, Single Packet Authorization, Fwknop.
1. Introduction In the computing world, security is a crucial research area. This is because the computing world as we know has largely become a collection of technologies. A problem is caused when one of the users wants to connect to our network with bad intention. With the increasing security vulnerabilities, more and more malicious network behaviors such as replay attack Dictionary attack, IP Spoofing etc. [1]. Security attack is an action which compromised the security of information owned by an organization. If a server runs no vulnerable software, a port scan is not a serious threat, but software security is a sufficiently hard problem that this cannot be seen as an immediate solution. A popular method of protecting against such network attacks is the firewall, which simply blocks all connection attempts to ―internal‖ network hosts from ―external‖ ones. Since there are many reasons why it might be desirable for a given service to be externally accessible for instance, users may access a network service from a priori unknown network addresses depending on their physical location this solution is not always satisfactory. One class of proposed solutions to this problem is ―port knocking‖ wherein a firewall is deployed to protect a server, and before allowing a client connection to a particular port, that client must transmit a special ―knock‖ that authenticates it. This knock may be either common to all authorized users of the system, or may be unique to a given user. Attempts to connect that are not associated with the correct knock will be dropped; thus to an unauthorized user it should appear as if no network services are running on the server. A variety of knocking methods, such as a sequence of (dropped) connection attempts inclusion of a cryptographic authenticator in the initial connection request packet [2, 3] have been conjectured. Given that the goal of a port knocking scheme to conceal the set of services running on a network host, all existing implementations have a serious flaw[3]. Under relatively weak attack models, these schemes fail to conceal that a port knocking service itself is running. Moreover, on most currently deployed operating systems, exploiting a code injection attack in a port knocking service would lead to a total compromise of the host. Since the port knocking service is such a high-value target, it is that the presence of port knocking itself should be undetectable. Port knocking schemes generally use the port number within the TCP or UDP header to transmit information from the knock client to the knock server, whereas its successor Single packet authorization (SPA) scheme uses messages to be sent over any IP protocol; not just those that provide a port over which data is communicated. Improving Fwknop currently supports sending SPA messages over ICMP or TCP. We use Port Knocking and SPA interchangeably. In this paper, we have developed a formal security model that captures above notion. A formal security model is critically important in order to be certain that a given protocol, even one that seems secure at a glance, is secure in true sense. Examples of such ―apparently secure‖ protocols, developed without formally stated security goals, are numerous [4,5], and some of them have been in operation for years (and have even become industry standards). So much so all those protocols were originally designed for security, and even used well-known cryptographic primitives, but the protocols were not secure. 1.1 Formal Definition of Port Knocking A Port Knocking (PK) protocol is a TCP implementation , P in which both Client and Server take as additional input a secret key. We let PK (C) denote the result of the standard interaction between Client and Server where the key input to both is K. We say that P extends TCP implementation W if for every command sequence C, there is an efficiently computable command sequence C‘ such that PK (C‘) and W (C) are computationally indistinguishable, for uniformly chosen
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 67 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 K. This requirement states that a port knocking protocol, in which the client and server share a secret key, should allow any communication that is allowed by the TCP implementation it extends. It has been observed that a TCP implementation is trivially port knocking protocol (insecure) with null keyspace: every TCP session is initiated when the client ―knocks‖ at the server port he wishes to connect to. The Figure 1(a),(b) below describes the process of accessing PK Daemon from Client on closed Ports through UDP and TCP , the Client uses Secure Shell for communication to PK Daemon which maintains the Security of Services that resides on Server . There is also the inclusion of Firewall to check the Malicious User (Attacker) on the ServerSide .
Figure 1(a) Port Knocking Figure 1(b) Port Knocking Authentication
2. System Design In this section we introduce and discuss QUICKKNOCK, we shall show implementation of a secure port knocking scheme, and discuss how this enhanced security model implementation to avert a number of limitations of previous system which only attempt to authenticate the start of a connection [6], but provides no guarantee that connections stay authentic. In other words, previous implementations does not protect against such as connection hijacking (a well-known problem in TCP security ) IP Spoofing attack protection, client/server synchronization, and indistinguishability [7]. Next, we analyze a number of possible attacks on our implementation. Finally, we present results showing our system in action. 2.1 Universal Compatibility We provide ease-of-use (for end-users, system administrators, and programmers) by choosing an application-agnostic design. The Kernel Module part gives increased speed and efficiency over the user-space part. This approach allows any application to transparently use QUICKKNOCK provided that the network protocol used by the application has a steganographic embedding/extraction method supported by QUICKKNOCK. We note that for certain protocols, such as TCP, with many implementations that may have subtle differences; each implementation may require a different steganographic embedding routine to preserve indistinguishability. Our goal is to support as many transport protocol implementations as possible, although currently only TCP under RHEL 5.4 is supported. 2.2 Design Choices Our implementation is designed to run on the Linux operating system with a 2.6.18.164.el5 kernel. We chose Linux 2.6.18.164.el5 due to our familiarity with the system and the availability of the netfilter/libIPQ API[8] which allowed us to implement our system entirely in user space instead of modifying the operating system. We use Poly1305- AES [9] as our MAC function since it is optimized specifically for network packets and has very fast implementations available for most processor types.
3. Protocol The QUICKKNOCK Pseudo Code is outlined in Figure 2. Which has the enhanced capability to the previous Implementations [1,6]. A QUICKKNOCK client initiates a connection (composes a TCP SYN packet) to a QUICKKNOCK-enabled server and steganographically embeds an authentication token into the packet. The embedding algorithm and resulting packet header structure are described in Figures 3 and 4, respectively. The server receives a SYN packet and extracts the authenticator. If verification is successful, the server allows the connection to continue, otherwise the packet is dropped. The client and server share a key, as well as a counter which is incremented for every client connection attempt. The counter prevents IP Spoofing attacks by ensuring that every SYN packet sent by the client is different from any packets sent previously, and is also used as the nonce required by our MAC function. The key, initial counter, and resynchronization interval are exchanged out of band, since negotiation is impossible in case of one-way communication.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 68 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 3.1 MAC A Message Authentication Code (MAC) is a short piece of information, similar to a hash code which provides both origin authentication and integrity protection of a message. MACs are generated by block ciphers and use symmetric secret keys to ensure that only those who know the key can modify, or verify the message. MACs on their own, however, do not provide any confidentiality. As the data must be sent together along with its corresponding MAC. A popular MAC algorithm is the CBC-MAC based on the CBC mode of operation. Instead of an additional sequence of knocks, we use a keyed MAC for client authentication, applying it to the source and destination (IP, port) tuples as well as the counter, so every connection attempt is guaranteed to contain a unique MAC. We employ Poly1305-AES [9] for our MAC function since it is designed specifically to work on small bits of data such as network packets and is implemented in optimized assembly for a number of popular platforms. The connection counter serves as the nonce required by Poly1305-AES. Assuming that AES is a pseudorandom permutation, an adversary should not be able to compose a valid MAC, or even distinguish one from random bits, for the next SYN packet without knowing the key even if we timestamp fields of the TCP SYN packet to embed our MAC information . 3.2 Steganography and Indistinguishability. We use the TCP sequence number and timestamp fields of the TCP
SYN packet to embed our Information. Where X is the server Y is the client req is a request for authentication NA is a nonce chosen by A Kreq is a secret key shared by A and B IDA is the IP address of A ctrP is a per-IP- address counter maintained by principal P k is a value derived from Y‘s IP address and a symmetric key shared between X and Y l is a TCP flow identifier ft is a failure-tolerance parameter. MAC is a cryptographic message authentication function , (a comma) represents concatenation Figure 2: The Pseudo Code for QUICKKNOCK
One issue that arises when using the TCP timestamp field (rather than just the ISN) to encode MAC data is the possibility of lost SYN packets. For instance, if a client generates a SYN packet but a SYN-ACK from the server does not arrive, the client must re-transmit the SYN packet. However, TCP requires that re-transmitted SYN packets have the same sequence number but different timestamp [10], so we can no longer encode stegotext in the timestamp: if the SYN packet was lost due to a malicious host, or if an adversary is observing all SYN packets, that adversary would detect that the least significant byte of the timestamp in the original and re-transmitted SYN packets are identical. The probability of this is only 1/256, so the adversary could conclude that QUICKKNOCK was in use.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 69 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 To solve this problem, we ensure that the last byte of the timestamp looks random to our adversary, even when we are trying to re-transmit the same MAC. We can use two existing properties of our system to help us, the first having originally caused this problem: the higher order bytes of the new timestamp must be different from the one in the original SYN packet5. Secondly, we do not transmit the entire MAC S : TCP SYN packet Sseq = {P1, P2 , P3 , P4 } : Sequence number of packet (4 bytes) Stp = {T1 , T2 , T3 , T4 } : Timestamp of packet S (4 bytes) l = (IPY , source port, IPX , destination port) : Authenticator MACK,ctr (l) = {L1 , L2 , . . . , Ln} : n byte MAC P2 = L1 , P3 = L2 , P4 = L3 T4 = hl ({T2 ||T3 }) : n-Universal hash function
Figure. 3. The steganographic encoding protocol. Decoding is performed by reversing the operations in this protocol.
We implement Murdoch and Lewis‘ system for embedding steganographic information into TCP initial sequence numbers (ISNs) and use the TCP timestamp option (enabled by default in Linux Kernal) to embed an additional byte of information into the timestamp, delaying packets when needed [11] 3.3 Counter management Scenario To protect against IP Spoofing attacks, we employ a per-user counter, incremented after every connection attempt. If a given user has never before accessed a QUICKKNOCK-protected server, the counter is initialized to 0 by both the client and the server. The counter poses additional challenges, such as what happens when the client and server counters become desynchronized. Desynchronization can occur in two ways: either the client‘s SYN packet never reaches at the server, leading to the client having a counter higher than the server‘s, or the server‘s SYN-ACK can be lost, meaning the client and server are actually in sync, but the client does not know this. The Packet Header Structure has been from the Source Port to Packet Destination Port which has been adjusted with Internal Consistency which handles the synchronizations of Packets with reliable and efficient manner as well as Timestamp Scenario has been properly been synchronized. As Given below Packet From Source Port Packet to Destination Port Adjusted for Internal Consistency Sequence No. MAC bytes 1-3
Acknowledgement Number Offset Reserved Window Flag Checksum Urgent Pointer Timestamp Scenario Encoded MAC bytes 4 Timestamp Echo Response Figure. 4. The TCP SYN packet after steganographic embedding.
A client would have a hard time attempting to resynchronize after a failed connection, since the client does not know whether the server received the SYN packet and verification failed, or whether the server received and verified the SYN packet but the SYN-ACK was lost, or whether the SYN never arrived at the server[6]. We allow an enhanced approach for and automatic in-protocol resynchronization after a certain time period. Figure 5 and 6 shows the synchronization and authentication as well authorization of Packets between client and server vice-versa,
Figure. 5 Synchronization from Server to Client Figure.6 Synchronization from Client to Server
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 70 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 For this purpose, we enforce the equation ctrserver ( qknockd ) ≤ ctrclient ( knockSquid) by having the client always increment its counter when sending a SYN packet. The server, however, will only increment its counter upon successful MAC validation, to prevent malicious de- synchronization by sending bogus packets to the server. In the na¨ıve scheme of insisting the counter be exactly right, the server and client may never again get into sync once desynchronized, since the client will increment its counter on each connection attempt, but the server‘s counter remains the same.
1. System Architecture The QUICKKNOCK system is composed of two separate programs - ― qkknockd‖ (run- ning on the server), and ― knockSquid‖ (running on the client). Connections are authenticated on a per-flow instead of per-source (IP address) basis. While knockSquid actively modifies packets as they leave and enter the client machine, qkknockd(on the server side) does not do any packet modification. Combined with the very low verification overhead of our chosen MAC function, this should minimize the load on the server. We use the libIPQ API to register interest in packets with certain flags and (IP, port) tuples with the kernel, and those packets are rerouted by the netfilter system to user- space. On both client and server side, we only send packets we are potentially interested in to user space, to avoid excess context switching between user-space and kernel-space. Both qkknockd and knockSquid currently detect closed connections
by listening to FIN and RST packets, and timeout support (in case the FIN or RST packets are never received due to packet loss) will be added 4.1 Knock Daemon. qkknockd, the server side of the QUICKKNOCK system, listens for connections on a port it reads from its configuration file (the port offering the protected service, i.e. SSH on port 22), and examines incoming SYN packets on those ports before the TCP/IP stack sees them. When a packet is received, qkknockd checks the source IP address of the packet and retrieves the secret key as well as the counter for that IP address from its configuration file (per-user shared keys are also supported). Using the TCP steganographic algorithm, qkknockd extracts stegotext from the packet, treats it as a MAC, and attempts to verify it. If verification succeeds the packet is accepted, and passed on to the TCP/IP stack, otherwise the packet is dropped. Qkknockd then increments the per-IP connection counter (CTR). This is the extent of qkknockd‘s involvement with the connection — all other packets are processed directly by the network stack in the kernel, and are not seen by qkknockd(except for detection of connection closing). Since the SYN packet is copied only once (from kernel to user space) and not modified (does not have to be copied back), and since our chosen MAC is very fast, the entire operation is very efficient. 4.2 Knock Squid. Knock Squid reads a configuration file to find out which servers sup-port QUICKKNOCK, and for which services (listed by destination (IP, port) pairs). The configuration file also includes the key shared with the server, and the last value of the connection counter (if this is the first time connecting to that server, the counter is initialized to 0). KnockSquid registers interest for all SYN packets going from localhost to that (IP, port) pair. When it receives such a SYN packet (generated by the local TCP/IP stack), it computes a MAC using the server shared key and steganographically encodes the information in the TCP initial sequence number and timestamp. Likewise, we must continue to modify all future outgoing packets for that connection, otherwise the remote host will reset the connection when it detects a sequence number mismatch. Once the connection is closed, Knock Squid deregisters interest in that tuple (connection closure is detected the same way for both qkknockd and Knock Squid).
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 71 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 The number of initial netfilter rules is linear in the number of QUICKKNOCK-protected services that might be contacted, Future rules scale linearly in the number of active port knocked connections.
5. SPA with PSAD and IPTABLES based Secure Packet Synchonization Good network security begins with a properly configured firewall that is only as permissive as absolutely necessary in order to allow basic network connectivity and services. In its current incarnation, psad can detect various types of suspicious traffic, such as port scans generated by tools like Nmap Figure 7 shows for various backdoor programs, Distributed Denial of Service (DDoS) tools, and efforts to abuse networking protocols.
Figure 8: Nmap with IP address scanning
5.1 Visualization of Malicious Packets using iptables Policy Configuration Port scans are an important technique for interrogating remote targets, and psad was developed primarily with the goal of providing advanced portscan detection for Linux systems. Fundamentally, psad is a log analyzer. It assumes that the iptables policy on the system where psad is deployed is configured in a log-and-drop stance. This ensures that iptables only accepts those packets that are strictly necessary for the network to function; all other packets are logged and dropped. Port scans, probes for backdoor programs, subversive application commands, so iptables logs derived from such a policy can commonly provide a valuable supplement to a dedicated intrusion detection system.Because psad is strongly tied to the iptables firewall, it has not yet been ported to oper ating systems other than Linux. We deploy it on a syslog server that is running a different operating system and that is accepting iptables log messages. What we need to see is the distribution of byte values across each byte position in a large sampling of SPA packets. That is, for the first byte in each packet across our sample, can we find a relation to any of the other first bytes in the other packets? This process needs to be repeated across all bytes in every packet We use Gnuplot to visualize the byte distribution across two sets of 20,000 encrypted packets in the script below using 3D visualization. The shell script below shows us malicious packet movement. If Gnuplot shows any recognizable features or relationships across our sample sets, then we know that we have more work to do: [spaclient]$ for ((i=1;i<=20000;i+=1)); do fwknop -A tcp/22 -a 192.168.100.1 -D 192.168.100.1 --Save-packet -- Save-packet-file spa_artifacts.pkts --Save-packet-append --get-key spa.pw --Include-salted --Include-equals > /dev/null;echo $i;done [spaclient] $head –n 2 spa_artifacts.pkts U2FsdGVkX1/s7OmvQtYk9UnQuGg8htJ+19pru9NdhflmGhS9d/9fFET7jnPKWsk3/lnd CbGprkkUBkEYXNORP8RU8ZhkCS+pexZ2J+FbQzmwiuD7/9nA1DAmBGnUQi7mLyZYtOGm iCa8yL9IaP43DVhMflAEf+tQGaPw5xUd2/0= U2FsdGVkX18NuTMq50ef6hjD0t16ZUnKrVYjirVW81UIRNDfclS812vZAWTdcio8t3GC QVxZz/uwrJsjkzevD0OhxJhba+CQVeKuJpfUOhskDQMtYDcH2hkGeDRK9Oc6AfLjO5Fd JXxBJuf8pmxfLC2iWkfAfooCJpjkOm+afH4= [spaclient]$ ./base64_byte_frequency.pl spa_artifacts.pkts [+] Parsing SPA packets from: spa_artifacts.pkts...
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 72 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [+] Writing 2D results to: spa_artifacts.pkts.2d... [spaclient]$ cat > spa_artifacts_2d.gnu GNUPLOT reset set title "2D SPA packet randomness (artifacts included)" set terminal png transparent nocrop enhanced set output "spa_artifacts_2d.png" set xlabel "Time interval" set ylabel "Packet Frequency" plot 'spa_artifacts.pkts.2d' using 1:2 with lines title '(Time interval l,Packet Frequency)' [spaclient]$ gnuplot spa_artifacts_2d.gnu [spaclient]$ ls -atlr *png -rw-r--r-- 1 mbr mbr 5977 2008-09-14 09:31 spa_artifacts_2d.png We will perform our own analysis of the cipher data sets (20,000 packets each),We need two capabilities: 1) the ability to automatically generate 20,000 encrypted packets with the fwknop client and store them in a file (one packet to a line), and 2) the ability to parse the file and count the number of different characters in each byte position across all 20,000 encrypted packets and print this data to a file so that it can be graphed. Each packet is encrypted in this case with the Rijndael cipher, and we use the --Include-salted and --Include-equals command line arguments to produce encrypted packets that are compatible with fwknopd servers.
6. CONCLUSION AND FUTURE RESEARCH The schemes used in the existing PK/SPA implementation were flawed and vulnerable to password search and MITM connection hijacking as well as IP spoofing. On top of that, there is no guarantee of backward and forward secrecy since the same keys are used. By utilizing machine-generated QUICKKNOCK communication ,we have designed a more secure SPA authentication scheme that withstands those attacks and capable of recovering from packet loss differentiating Port Scans and Port Knocks .
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 73 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 However, Our scheme does have drawbacks. Our scheme is unable to ignore IP address that have flooded fwknop with bogus packets and there is need to Develop a benchmarking to find the current bottlenecks in the fwknopd Server as well as there is no current capability to generating large number of valid SPA packets in order to benchmark the fwknopd deamon. Our scheme is more rigorous as compared to existing implementations .We need yet to address and sort out above mentioned three security issues . Our future work is to be focused on Mobile communication network using technologies such as One Time Knocking using SPA and IPsec ( IPv6).
References 1. Sebastian Janquier (2006) ―An Analysis of Port Knocking and Single Packet Authorization‖ : Master‘s Thesis University of London . 2. Barham, P., Hand, S., Isaacs, R., Jardetzky, P., Mortier, R., Roscoe, T.: Techniques for lightweight concealment and authentication in IP networks. Technical Report IRB-TR-02-009, Intel Research Berkeley (July 2002). 3. Krzywinski, M.: Port knocking: Network authentication across closed ports. SysAdmin Magazine 12(6), 12–17 (2003)], 4. Fluhrer, S., Mantin, I., Shamir, A.: Attacks on RC4 and WEP. RSA Laboratories, Crypto- bytes 5(2) (2002). 5. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998). 6. Eugene Y. Vasserman , Nicholas Hopper , John Laxson , and James Tyra ―SILENTKNOCK: Practical, Provably Undetectable Authentication J. Biskup and J. Lopez (Eds.): ESORICS 2007, LNCS 4734, pp. 122– 138, 2007. Springer-Verlag Berlin Heidelberg 2007. 7. Bellovin, S.M.: Security problems in the TCP/IP protocol suite. SIGCOMM Comput. Com- mun. Rev. 19(2), 32–48 (1989). 8. Welte, H., Kadlecsik, J., Josefsson, M., McHardy, P., Kozakai, Y., Morris, J., Boucher, M., Russell, R.: The netfilter.org project, http://www.netfilter.org/. 9. Bernstein, D.J.: The Poly1305-AES message authentication code. In: Gilbert, H., Hand- schuh, H. (eds.) FSE 2005. LNCS, vol. 3557, Springer, Heidelberg (2005). 10. Postel, J. (ed.): Transmission control protocol (1981), http://www.ietf.org/rfc/rfc0793.txt. 11. Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera- Joancomart´ı, J., Katzenbeisser, S., P´erez-Gonz´alez, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005).
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 74 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Network Security Using Visualization Techniques [1]Rajesh Kumar, [2]N. S Tiwana,[3] Kapil Kumar [1]Research Scholar , Dept. of Computer Science and Application, NIMS University Rajasthan, Jaipur , India [2]Principal,BPR Polytechnic, Masana,Kurukshetra, India [3]Research Scholar, Department of Computer Science & Engineering,Geeta Institute of Management & Technology Kanipala, Kurukshetra, India
Abstract: The network Security has been the most debated topic in the current research scenario. The information security is really threatened by obnoxious users . With increasing vulnerabilities, caused by port scan attacks, replay attacks and predominantly IP Spoofing , targeting services, the network behavior is getting malevolent. But there is a lack of any clear threat model. The authors have endeavored to consider this problem in order to improve the network security and enhance secure shell daemon protection . A mechanism , QUICKKNOCK, improving upon the potentialities of technologies such as port knocking and SPA (Single Packet Authorization), using Firewall and Cryptography , has been proposed .
Keywords: QUICKKNOCK, SSH Daemon, Network Security, Port knock, Encryption algorithms, IP Spoofing, Key-Exchange, Symmetric Cryptography, Single Packet Authorization, Fwknop, AfterGlow, Gnuplot.
1. Introduction Security in communication is a crucial research area because of the complex technical nature involved in data transmission. The problem creeps in when the intention of the one of the users connecting with the network becomes bad .The increased vulnerabilities, cause replay attack dictionary attack , IP Spoofing and packet crafting etc [1,2,3]. Security attack is an action which compromised the security of information owned by an organization. If a server runs on non-vulnerable software, a port scan is not a serious threat, but in case of non-patched and 0-day exploit software it becomes big threat. A popular method of protecting against such network attacks is the firewall, which simply blocks all connection attempts to ―internal‖ network hosts from ―external‖ ones. One class of proposed solutions to this problem is ―port knocking‖ wherein a firewall is deployed to protect a server, but before allowing a client connection to a particular service( e.g ssh,imap,pop) , the client must transmit an authenticated knock. But the goal of a port knocking scheme to conceal the set of services running on a network host, through existing implementations have serious flaws[4, 5, 6].
Port knocking schemes generally use the port number within the TCP or UDP header to transmit information from the client to the server, whereas its successor Single packet authorization (SPA) scheme uses messages to be sent over any IP protocol; not just those that provide a port over which data is communicated. Improving upon Fwknop(Firewall Knock Operator) currently supports sending SPA messages over ICMP or TCP. The technique Port Knocking and SPA has been used interchangeably. The above issues has been addressed and tried to be sorted out with modified enhanced approach [7].
In this paper, we have developed a formal security model QUICKKNOCK which captures above notion. A formal security model is critically important in order to be certain that a given protocol, even one that seems secure at a glance, is secure in true sense. Examples of such ―apparently secure‖ protocols, developed without formally stated security goals, are numerous [8, 9, 10] and some of them have been in operation for years (and have even become industry standards). So much so all those protocols were originally designed for security, and even used well-known cryptographic primitives, but the protocols were not secure[1,14].
1.1 Formal Definition of Single Packet Authorization (SPA) SPA is a method of limiting access to server and network resources by cryptographically authenticating legitimate users before any type of TCP/IP stack access is allowed. The predominant researcher Michael Rash has given authenticated and effective solution to this security issue using fwknop [11]. In the figure 1 below the client with IP address 14.4.4.4 through which an authenticated single packet has been sent to access services(daemons) that resides on the servers with IP address range 192.168.2.0/24 . The firewall is reconfigured in such a way that only authenticated packet from legitimate IP address is received by the server in a default-drop stance.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 75 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 1.2 Role of Cryptography
In Cryptography, encryption is the hiding of information while decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher is a pair of algorithms which create the encryption and the reversing is decryption. This technique works in two different modes Symmetric(via Rijndael) and Asymmetric (via GnuPG )keys in current scenario . Both of these keys has been used in this research as well as previous implementations [12, 13].
2. System Design
In this section ,the new modified scheme QUICKKNOCK, has been introduced and implemented, displaying secure port knocking scheme, and discuss how this enhanced security model implementation averts number of limitations of previous systems which only attempt to authenticate the start of a connection [14, 15], but provides no guarantee that connections stay authentic. In other words, previous implementations does not protect against attacks such as connection hijacking , IP spoofing , packet crafting, client/server synchronization, and indistinguishability [16]. Next comes the analysis of number of possible attacks on these implementations. Finally, the results are graphically shown using AfterGlow . QUICKKNOCK is designed to be an application-agnostic transport-level authentication layer. It prevents forgery and IP spoofing ,packet crafting while hiding the presence of authentication scheme. The kernel hooks has been used to ensure that applications do not need to explicitly support the system in order to benefit from it. The keyed MACs are used as secure authenticators to stop forgery attacks and a two-part counter to counteract IP spoofing and packet crafting . These MAC‘s ensures that client and server counters stay synchronized even in the presence of packet loss. This is an implementation of a previously proposed operating system-specific steganographic embedding scheme for TCP/IP [17] and use it to insert authentication information into TCP headers.
Single Authenticated Packet
LAN 192.168.2.0/24
Client 14.4.4.4 Servers 192.168.2.2 192.168.2.3 192.168.2.4 192.168.2.5
Figure 1: Authentication and Authorization Technique using Single Packet (SPA)
2.1 Universal Compatibility This is a user friendly scheme by choosing an application-agnostic design. By using hooks directly into the operating system kernel, avoids modifying any of the network kernel or library calls made by application software or requiring supports for SOCKS-type proxies. This allows any application to transparently use QUICKKNOCK(without application awareness or modification), provided that the network protocol used by the the kernel module part gives increased speed and efficiency over the user-space part . This approach allows any application to transparently use QUICKKNOCK provided that the network protocol used by the application has a steganographic embedding/extraction method supported by QUICKKNOCK . It is to be noted that for certain
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 76 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 protocols, such as TCP, with many implementations which may have minute differences; each implementation may require a different steganographic embedding routine to preserve indistinguishability. The goal is to support as many transport protocol implementations as possible, although currently only TCP under RHEL 2.6.18.164.el5 is supported. 2.2 Design Choices This proposed implementation is designed to run on the linux operating system with a 2.6.18.164.el5 kernel. The choice of Redhat linux 2.6.18.164.el5 is due to familiarity with the system and the availability of the netfilter API[18]. which allowed us to implement the system entirely in user space instead of modifying the operating system. The encryption uses Poly1305- AES [19] as the MAC function since it is optimized specifically for network packets and has very fast implementations available for various types of machines. Here Murdoch and Lewis‘ system for embedding steganographic information into TCP initial sequence numbers (ISNs) [17] is used and the TCP timestamp option (enabled by default in current Linux Kernel) to embed an additional byte of information into the timestamp, delaying packets when needed. 3. Protocol Used The QUICKKNOCK Pseudo Code is outlined in Figure 2. which has addressed the vulnerabilities of previous Implementations [10,14,20,21]. A QUICKKNOCK client starts a connection which is composed of a TCP SYN packet to a QUICKKNOCK-enabled server and steganographically embeds an authentication token into the packet. The embedding algorithm and resulting packet header structure has been described in Figures 3 and 4, respectively. The server receives a SYN packet and extracts the authenticator. If verification is successful, the server allows the connection to continue, otherwise the packet is dropped. The client and server share a key, as well as a counter which is incremented for every client connection attempt. The counter prevents IP spoofing, packet crafting by ensuring that every SYN packet sent by the client is different from any packets sent previously, and is also used as the nonce required by the MAC function. The key, initial counter, and resynchronization interval are exchanged out of band, since negotiation is impossible in case of single-way communication. 3.1 MAC A Message Authentication Code (MAC) is a short piece of information, similar to a hash code . It provides both original authentication and integrity protection of a message .The use of keyed MAC is preferred to additional series of knocks , applying it to the source and destination (IP, port) tuples as well as the counter, so every connection attempt is guaranteed to contain a unique MAC. The algorithm Poly1305-AES is deployed , for MAC function since it is designed specifically to work on small bits of data such as network packets and is implemented in optimized assembly for a number of popular platforms. The connection counter serves as the nonce required by Poly1305-AES. Considering that AES is a pseudorandom permutation, an attacker should not be able to compose a valid MAC, or even identify one from random bits, for the next SYN packet without knowing the key ,keeping in view its visibility to outer world. MACs are generated by block ciphers and use symmetric secret keys to ensure that only those who know the key can modify, or verify the message [12]. 3.2 Steganography and Indistinguishability The Pseudo Code for QUICKKNOCK has been developed in figure 2.This method uses the TCP sequence number and timestamp fields of the TCP SYN packet to embed the MAC information . Due to limitation of embedding only 32 bits ,it is impossible to include the complete MAC, in current implementations[14]. (24 bits in the sequence number and 8 bits — the least significant byte — in the timestamp), assuming Linux sequence number (see Figure 4). Since we must not allow distinguishability based on discrepancy between the observed packet dispatch time and the packet timestamp, we delay packet transmission, but only use the last timestamp byte to minimize delay times. Although 32 bits is a relatively short MAC, keeping in view, an attacker can generate, on average, 232 packets to break the authentication (requiring, for example, 6 weeks to transmit over a T1 link). It is clear that standard methods to deal with online guessing attacks can also be applied here, such as account freezing or processing delays. The Pseudo Code for QUICKKNOCK is as under 1. Y X : Ny, MACkreq (NY, NX, IDX, req) 2. X Y: MACkreq (Nx , Ny, IDy, req) 3. Y X: MACk,ctrY(l) ; encoded in TCP/IP headers of SYN Packets 4. X : Set ctrx ctrx+1 for i=0 to ft if ((MACk,ctry -1 + i (l) =MACk, ctr(l)) Set ctrx ctrx + i +1 ; resynchronizes counter if © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 77 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 client is ahead X Y : SYN-ACK goto 7 5 : Y : If ( SYN – ACK received ) then Set ctry ctry + 1 , goto 7; connection successful 6 : Y : if (SYN-ACK) not received ) then Set ctry ctry + 1; considering server recieves SYN, but SYN-ACK was lost goto 5 7: X,Y : proceed with TCP connection if (FIN or RST received) then goto 1 Where X is the server, Y is the client, req is a request for authentication, Nx is a nonce chosen by X, kreq is a secret key shared by X and Y, IDx is the IP address of X, ctrP is a per-IP- address counter maintained by principal P, k is a value derived from Y‘s IP address and a symmetric key shared between X and Y, l is a TCP flow identifier, ft is a failure-tolerance parameter, MAC is a cryptographic message authentication function, (a comma) represents concatenation Figure 2: The Pseudo Code for Proposed QUICKKNOCK
In this scenario the main issue is concerned with the lost SYN packets. However, TCP requires that re-transmitted SYN packets have the same sequence number but different timestamp [22] , so there is no encoding of stegotext in the timestamp: if the SYN packet was lost due to a malicious host, or if an attacker is observing all SYN packets, then the attacker would detect that the least significant byte of the timestamp in the original and re- transmitted SYN packets are same. The probability of this is only 1/256, so the attacker could guess existence of scheme[14]. To sort out this issue, we ensure that the last byte of the timestamp be ambiguous to the attacker, even when trying to re-transmit the same MAC. As in Figure 3 below S : TCP SYN packet Sseq = {P1, P2 , P3 , P4 } : Sequence number of packet (4 bytes) Stp = {T1 , T2 , T3 , T4 } : Timestamp of packet S (4 bytes) l = (IPY , source port, IPX , destination port) : Authenticator MACK,ctr (l) = {L1 , L2 , . . . , Ln} : n byte MAC P2 = L1 , P3 = L2 , P4 = L3 T4 = hl ({T2 ||T3 }) : n-Universal hash function Figure. 3.The steganographic encoding protocol. Decoding is done by reversing the operations in this protocol.
The current implementation use Murdoch and Lewis‘ system for embedding steganographic information into TCP initial sequence numbers (ISNs) and use the TCP timestamp option (enabled by default in Linux Kernal) to embed an additional byte of information into the timestamp, delaying packets when needed [14].
3.3 Counter Management Scenario To protect against IP spoofing, packet crafting , per-user counter is employed, incrementing every connection attempt. If a given user has never before accessed a QUICKKNOCK-protected server, the counter is started from 0 on both sides. The counter process get disturbed when the client and server face desynchronization. Desynchronization is possible in two cases: either the client‘s SYN packet never reaches at the server, leading to the client having a counter higher than the server‘s, or the server‘s SYN-ACK can be lost, meaning the client and server are actually in sync, but the client is unknown to this. The packet header as shown in the figure 4 shows the source and destination port of the packet followed by sequence number and first three MAC byes in second layer ,keeping timestamp intact and cipher MAC byte 4 in the same layer is concluded by the timestamp echo reply .
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 78 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Packet From Packet to Source Port Destination Port Adjusted for Internal Sequence No. MAC Consistency bytes 1-3
Acknowledgement Number Offset Reserved Window Flag Checksum Urgent Pointer Timestamp Scenario Encoded MAC bytes 4 Timestamp Echo Response
Figure. 4. The TCP SYN packet after steganographic embedding.
Further, It becomes difficult for the client to resynchronize connection if it fails to continue or whether the server received and verified the SYN packet but the SYN-ACK was lost, or whether the SYN never arrived at the server in previous implementation[14]. The permission is given by enhanced approach for an automatic in-protocol resynchronization after a certain time period. The figures 5 to 10 show the process of authentication and authorization of packets between client and server using cryptographyand making use of the relationship
Figure. 5 Synchronization from Server to Client
Figure.6 Synchronization from Client to Server
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 79 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 7 : Key Exchange
Figure 8: Asymmetric Key Scenario
Figure 9: Encryption on Server Side
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 80 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 10 : Public Key Authentication the following equation has been used ctrserver ( qkknockd ) ≤ ctrclient ( knockSquid) showing that by having the client always increment its counter when sending a SYN packet. The server, however, will only increment its counter upon successful MAC validation, to prevent malicious desynchronization by sending bogus packets to the server. In this scheme of insisting the counter to be exactly right, in sending the packet the server and client may never again get into sync once desynchronized, since the client will increment its counter on each connection attempt, but the server‘s counter remains the same. This scheme easily depicts the vulnerable access by malicious user.
4. System Architecture The QUICKKNOCK system is composed of two separate programs - ― qkknockd‖ (server side), and ― knock squid‖ (client side). Connections are authenticated on a per-flow instead of per-source (IP address) basis. The synchronization of packets at client is modified whereas on server side it remains unchanged. On both client and server side, only sent packets are there into user space, to avoid excess context switching between user-space and kernel-space. Both qkknockd and knock squid currently detect closed connections as far as the Port knocking based potentialities are concerned. 4.1 Knock Daemon (Server) qkknockd, is the server side daemon of the QUICKKNOCK system, listens for connections on a port it reads from its configuration file (the port offering the protected service, i.e. SSH on port 22), and examines incoming SYN packets on those ports before the TCP/IP stack sees them(figure 11). When a packet is received, qkknockd checks the source IP address of the packet and picks up the secret key as well as the counter for that IP address from its configuration file (per-user shared keys are also supported)[14]. Using the TCP steganographic algorithm, qkknockd extracts stegotext from the packet, treats it as a MAC, and attempts to verify it. If verification is successful the packet is accepted . 4.2 Knock Squid (Client) Knock Squid reads a configuration file to find out which server supports QUICKKNOCK, and for which services e.g IMAP,POP,SSH etc. The configuration file also includes the key shared with the server, and the last value of the connection counter (if this is the first time connecting to that server, the counter is started from 0). The number of initial firewall rules is linear in the number of QUICKKNOCK-protected services which might be contacted.
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 81 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013
Figure 11: The Architecture of QUICKKNOCK.
In the Figure 11 the client communicates with server . The kernel creates a SYN Packet , Knock Squid recieves packet before its departure embedding a MAC into the ISN and timestamp fields . Further, the server receives packet and its daemon gives it to the kernel . After successful picking up and verification of MAC by knock daemon , the packet is sent to application via kernel otherwise it is dropped. The qkknockd after recieving of SYN Packet does not examine other packets . However, knock squid rewrites every incoming and outgoing packet preventing client TCP Stack from getting disturbed due to sequence number mismatch.
5. SPA using PSAD and IPTABLES Network Security is started with a properly configured firewall which allow basic network connectivity and services. In current technique, PSAD (Port Scan Detector) detects various types of suspicious traffic, such as port scans generated using Nmap and to address above issues fwknop[23] has been used. 5.1 Visualization of Malicious Packets using iptables Policy Configuration Port scanning using NMAP is a malicious activity for interrogating remote targets. In the present work syslog data is supplied to AfterGlow which facilitates the process of generating graphs showing malicious data. Figure 12 below displays a link graph produced by AfterGlow using iptables log messages which are indicative of malicious packets. In order to keep packets together, this script tells how to generate a graph (gif file) from a saved pcap (tcpdump) file,reproduced below , tcpdump -vttttnnelr /home/rajesh/defcon.tcpdump | ./tcpdump2csv.pl "sip dip dport" | perl afterglow.pl -c color.properties | neato -Tgif -o test.gif Calling afterglow.pl and specifying a color property file,this file is used by AfterGlow to determine the colors of the edges and nodes in the graph. Here we run AfterGlow using following shell script . Configuration File ( Shell Script ) AfterGlow is shown by the color.properties file that is used to configure the color output. As given below # AfterGlow Color Property Fill # @fields is the array containing the parsed values # color.source is the color for source nodes # color.event is the color for event nodes # color.target is the color for target nodes # The first match wins color.source="yellow" if ($fields[0]=~/^192\.168\..*/); color.source="lightblue" if ($fields[0]=~/^10\..*/); color.source="light blue" if ($fields[0]=~/^172\.16\..*/); color.source="red" color.event="red" if ($fields[1]=~/^192\.168\..*/) color.event="red" if ($fields[1]=~/^10\..*/)
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 82 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 color.event="red" if ($fields[1]=~/^172\.16\..*/) color.event="red" color.target="blue" if ($fields[2]<1024) color.target="lightblue"
Figure 12: Visualizing Malicious Packet Movement using AfterGlow and PCAP
Table 1 : COMPARISON BETWEEN EXISTING SCHEMES AND QUICKKNOCK Protection Against Existing QUICKKNOCK Attacks Schemes Replay Attack No Yes Dictionary Attack No Yes
Brute-Force No Yes Search Stolen-Verifier No Yes Attack Connection No Yes Hijacking IP Spoofing No Yes Packet Crafting No Yes
Consequently, table 1 shows the comparative analysis between existing schemes [1,7,14] and QUICKKNOCK, a modified enhanced approach to network security.
6 Conclusion and Future Research The schemes used in the existing PK/SPA implementation were flawed and vulnerable to attacks such as IP spoofing , packet crafting , connection hijacking , DDos, No guarantee of backward and forward secrecy since © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 83 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 the same keys were used. In addition to this, other issues which are such as unablity to differentiate between port scans and port knocks, ignore IP address which have flooded firewall with bogus packets, code complexities for embedded port knocking techniques using symmetric and asymmetric ciphers , limited packet loss while authenticating packets . By utilizing only single packet as in the figure 1, we have designed a more secure SPA based authentication scheme QUICKKNOCK which withstands some of these attacks. The current scheme is capable for recovery from packet loss while authenticating ,differentiates port scans and port knocks. There is also an improvement avoiding code complexity in existing implementations for embedded port knocking techniques such as symmetric and asymmetric ciphers. However, current scheme does have issues which are to be addressed,such as,the scheme is unable to ignore IP address that have flooded fwknop with bogus packets . There is also need to develop a benchmarking to find the current bottlenecks in the fwknopd server. Consequently, there is no current capability to generate large number of valid SPA packets in order to benchmark the fwknopd deamon. So, there is need to address above issues on wired and wireless communication networks. Acknowledgement We are thankful to predominant researcher Michael Rash from Columbia who has been concerned with University of Maryland ,USA, and G2, Inc(Technical Council Chair) for giving us from time to time valuable suggestions. Further he was generous enough to provide appropriate linux security based packages utilized to develop various security issues and strengthen the systems .
References [1] Sebastian Janquier (2006) ―An Analysis of Port Knocking and Single Packet Authorization‖ : Master‘s Thesis University of London. [2] Feng T., Wang S., Yuan Z.-T.UC secure network coding against pollution attacks(2012) Information Technology Journal, 11 (9), pp. 1175-1183. [3] http://www.linuxforu.com/2012/05/cyber-attacks-explained-packet-crafting/ [4] Barham, P., Hand, S., Isaacs, R., Jardetzky, P., Mortier, R., Roscoe, T.: Techniques for lightweight concealment and authentication in IP networks. Technical Report IRB-TR-02-009, Intel Research Berkeley (July 2002). [5] Rash Michael (2007) Available at Website http://www.cipherdyne.org/fwknop/docs/SPA.htm, [6] Jaggi, S., Langberg, M., Katti, S., Ho, T., Katabi, D., Medard, M., Effros, M.Resilient network coding in the presence of byzantine adversaries (2008) IEEE Trans. Inform. Theor., 54, pp. 2596-2603. [7] Kumar Rajesh,Talwar I.M,Kumar Kapil , ― A Modified Approach to Analysis and Design of Port Knocking Technique‖, International Journal of Computational Intelligence and Information Security(September 2012) Vol 3 (7), pp (28-39) [8] Fluhrer,S.,Mantin,I.,Shamir,A.:Attacks on RC4 and WEP. RSA Laboratories ,Crypto-bytes 5(2)(2002) [9] Bleichenbacher,D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1.In :Krawczyk,H.(ed.)CRYPTO 1998LNCS,vol.1462,pp.1-12.Springer, Heidelberg(1998) . [10] Smits R., Jain D., Pidcock S., Goldberg I., Hengartner U. ―Bridge SPA: Improving tor bridges with single packet authorization‖ (2011)Proceedings of the ACM Conference on Computer and Communications Security, pp. 93-101. [11] M. Rash ―Single Packet Authorization with fwknop‖ The USENIX Magazine,vol 31,no1,Feb 2006.pp63- 69[Online]Available http://www.usenix.org/publications/login/200602/pdfs/rash.pdf. [12] Agrawal S., Boneh , D. Homomorphic MAC‘s: MAC based integrity for network coding(2009) Applied Cryptography Network Security,5536,pp.292-305. [13] http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html#4.2 ( October 2012) [14] Eugene Y. Vasserman,Nicholas Hopper,John Laxson,and James Tyra ―SILENTKNOCK:Practical, Provably Undetectable Authentication Vol.8, pp. 121-135 (2009).Available at http://sclab.cs.umn.edu/node/151 [15] Wang, Y.Insecure "Provably secure network coding" and homomorphic authentication schemes for network coding (2010) IACR Eprint Archive. [16] Bellovin, S.M.: Security problems in the TCP/IP protocol suite. SIGCOMM Comput. Com- mun. Rev. 19(2), 32–48 (1989). [17] Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera- Joancomart´ı, J., Katzenbeisser, S., P´erez-Gonz´alez, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005) [18] Welte,H.,Kadlecsik,J.,Josefsson,M.,McHardy,P., Kozakai,Y.,Morris,J.,Boucher,M.,Russell,R.:The netfilter.org project, Available at Website http://www.netfilter.org/
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 84 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [19] Bernstein,D.J.: The Poly1305-AES message authentication code.In:Gilbert,H.,Hand-schuh,H.(eds.)FSE 2005. LNCS,vol.3557,Springer,Heidelberg(2005) [20] Juin-Hau Liew ― One-Time Knocking Framework using SPA and IP Sec‖,ICETC,vol 5,pp 209- 213(June2010)Available at http://ieeexplore.ieee.og/xpl/login. [21] Li, Y., Yao, H., Chen, M., Jaggi, S., Rosen, A. Ripple authentication for network coding (2010) Proceedings of the 29th Conference on Information Communications, pp. 14-19., March 15-19, 2010, San Diego. [22] Postel, J. (ed.): Transmission control protocol (1981), http://www.ietf.org/rfc/rfc0793.txt. [23] http://www.cipherdyne.org/LinuxFirewalls/ch06
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 85 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Comparison of a New Sorting Algorithm with Existing Algorithms Ravi Bhushan, Sumati Jaggi Deptt. of Computer Sicence & Engg. SKIET, Kurukshetra, India Abstract- Most of the present day applications are database dependent. Some of the examples are telephone directory, list of students, list of employees in an organization, database in doctor’sclinic etc. The users of these applications want the data in some specified order that may be numerical or lexicographical. Sorting algorithms in computer science sort the data in some order(increasing or decreasing). These algorithms sort the data stored in database on its primary key or any other key value. The order may be numerical or lexicographical. This paper presents a new sorting algorithm that is easy to implement and well efficient. We have introduced, analyzed, implemented and compared this new algorithm with bubble sort, insertion sort, selection sort and the outcome is positive.
Keywords: Recursion, Pseodocode
I. Introduction Information is stored in form of data. Symmetrical form of data is always better than asymmetrical one. We always want to arrange information in some order so that manipulation and searching of this information is easy and efficient. But what to do if the data is not in any specified order. One answer is sorting the data. Sorting is very common problems handled by computers[3]. Computers performs sorting(arranging in a specific order) of data by using sorting algorithms. For example, most graphical email programs allow users to sort their email messages in several ways: date received, subject line, sender, priority, etc. Each time you reorder your email messages, the computer uses a sorting algorithm to sort them. Since computers can compare a large number of items quickly, they are quite good at sorting[3]. There are many sorting algorithms available that puts the input data in a specified order. Most used orders are numerical order and lexicographical order. . Efficient sorting is important for optimizing the use of other algorithms (such as search and merge algorithms) that require sorted lists to work correctly.It is also often useful for canonicalizing data and for producing human-readable output. More formally, the output must satisfy two conditions: 1. The output is in no decreasing order (each element is no smaller than the previous element according to the desired total order); 2. The output is a permutation, or reordering, of the input. As given in [4] since the dawn of computing, the sorting problem has attracted a great deal of research, perhaps due to the complexity of solving it efficiently despite its simple, familiar statement. For example, bubble sort was analyzed as early as 1956. Sorting algorithms have become center of researcher‘s attractions because:- Most database based applications use sorting algorithms to provide information to their users in a pattern in which searching & manipulation of information is easy. Many algorithms use sorting algorithms that require sorted lists to work correctly.
There are many sorting algorithms available to solve a problem and one has to choose the efficient one based on some criteria. In [2] they are classified by:- computational complexity (worst, average and best behavior) :-computational complexityof element comparisons in terms of the size of the list (n). For typical sorting algorithms good behavior is o(n log n) and bad behavior is o(n2).Ideal behavior for a sort is o(n), but this is not possible in the average case. Comparison-based sorting algorithms, which evaluate the elements of the list via an abstract key comparison operation, need at least o(n log n) comparisons for most inputs. Computational complexity of swaps (for "in place" algorithms). Memory usage (and use of other computer resources):-. In particular, some sorting algorithms are "in place". Strictly, an in place sort needs only o(1) or o(log(n)) memory beyond the items being sorted; sometimes o(log(n)) additional memory is considered "in place". Recursion:-. Some algorithms are either recursive or non-recursive, while others may be both (e.g., merge sort).
© Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 86 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Stability: -stable sorting algorithms maintain the relative order of records with equal keys (i.e., values). Comparison sort.:- a comparison sort examines the data only by comparing two elements with a comparison operator. General method: - insertion, exchange, selection, merging, etc.. Exchange sorts include bubble sort and quicksort. Selection sorts include shaker sort and heap-sort. Adaptability: -whether or not the pre-sortedness of the input affects the running time. Algorithms that take this into account are known to be adaptive. In this paper a new sorting algorithm is presented. It is very easy to implement & efficient. It is compared to bubble sort, insertion sort, selection sort & results shows that it is easier to implement than insertion sort, selection sort and efficient than bubble sort and insertion sort. The concept of the algorithm is explained in section 2. The 3rd Section represents the steps of algorithm. This paper also presents a derivation for running time in section 4. An example implementation is given in section V. A comparison of compare algorithm with other sorting algorithms(insertion sort, selection sort, bubble sort) is presented in section 6. Section 7 concludes the study followed by references.
II. Concept This section explains the concept behind the algorithm ―comparison sort‖. Elements are inserted and then sorted in the same array without using any extra space(except element temp which is used in swapping). In this algorithm two adjacent elements are compared and then swapped on if second one is smaller than first one(for sorting in increasing order). If array has n elements then it will be sorted in n-1 passes.
This concept makes sorting easier than selection sort and insertion sort algorithms and reduces number of swaps, comparisons than selection sort and bubble sort algorithm as discussed in following sections.
III. Algorithm COMPARE SORT(A,N) THIS ALGORITHM SORTS N ELEMENTS OF ARRAY A. STEP 1:- SET A[0]= -∞ STEP2:-REPEAT STEPS 3 TO 4 FOR K=2,3….N STEP3:-PTR=K-1; STEP4:-REPEAT WHILE (A[K] CODE COST TIME 1. FOR J-> 2TO INDEX DO C1 n {BEGINE FOR} 2.PTR->N-1 C2 n-1 3.WHILE(A(PTR)>A(J) C3 ∑tJ {BEGIN WHILE} 4.TEMP=A(J) C4 tj-1 5.A(J)=A(PTR) C5 tj-1 6.A(PTR)=TEMP C6 tj-1 7.J=PTR C7 tj-1 8.PTR=PTR-1 C8 tj-1 {END WHILE} {END FOR} © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 87 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 HERE tj=Number of times while loop executes for j T(N)=C1N+(C2 – C4 – C5 – C6 - C7 - C8)(n-1) +(C3+ C4 + C5 + C6 + C7 + C8)(∑tJ)………….eq.(1) For calculating running time we should: First consider only leading terms and ignore lower order terms because they become insignificant for large N. Secondly ignore constant factor cost because it is also less significant than rate. Running time for average case:- If the input array is unsorted then:- If j=2 then 2 comparisons takes place, if j=3 then 3 comparisons takes place. So, for each j the number of comparisons is equal to J + 1 2 Total number of expected comparison:- 푛 j+1 1 푛 = (j + 1) 푗 =2 푗 =2 2 2 1 푛 = ( 푛 j + 1) 2 푗 =2 푗 =2 1 푛−1 = ( 푛 j) + 2 푗 =2 2 N n+1 −2 푛−1 = + 4 2 푛2+3n−4 = 2 By using above expression in equation we get running timeT(n)=o(n2) Best case:- In this case the input array is already sorted. So we need only one key comparison for each j. In this case:- 푛 푛 푗 =2 tj= 푗 =2 1=n-1 By using above expression in equation we get running time:-T(n)=o(n) Worst case:- In this case the input array is sorted in reverse order. So we need j number of key comparison for each j. In this case 푛 푛 푗 =2 tj= 푗 =2 j 푛2+n−2 = 2 By using above expression in equation we get running timeT(n)=o(n2). The following time table shows the run-time summary of compare sort algorithm:- Criteria Run-time Best case O(n). Average case O(n2). Worst case O(n2). EXAMPLE IMPLEMENTATION OF COMPARE SORT:- In following example the two adjacent underlined elements show a comparison and there will be a swap if later element is smaller than former one. INPUTE ARRAY IS 30,20,40,41,19,18 STEP-1(I) : - ∞,30,20,40.41,19,18 STEP-1(II): - ∞,20,30,40,41,19,18 STEP-2: - ∞,20,30,40,41,19,18 STEP-3: - ∞,20,30,40,41,19,18 STEP-4(i): - ∞,20,30,40,41,19,18 STEP-4(ii): - ∞,20,30,40,19,41,18 STEP-4(ii): - ∞,20,30,19,40,41,18 © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 88 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 STEP-4(ii): - ∞,20,19,30,40,41,18 STEP-4(ii): - ∞,19,20,30,40,41,18 STEP-5 (i) : - ∞,19,20,30,40,41,18 STEP-5(ii) : - ∞,19,20,30,40,18,41 STEP-5(ii) : - ∞,19,20,30,18,40,41 STEP-5(ii) : - ∞,19,20,18,30,40,41 STEP-5(ii) : - ∞,19,18,20,30,40,41 STEP-5(ii) : - ∞,18,19,20,30,40,41 At the end of step 5 we get a sorted array(in increasing order) 18, 19, 20, 30, 40, 41 V. Comparison with Some Sorting Algorithms Following table shows the comparison of comparison sort, selection sort and bubble sort Name of algo. Average case Best case Worst case Memory Comparison sort O(n2) O(n) O(n2) O(1) Bubble sort O(n2) O(n2) O(n2) O(1) Selection sort O(n2) O(n2) O(n2) O(1) Insertion sort O(n2) O(n) O(n2) O(1) Although the running time of comparison sort is same as that of insertion sort but implementation of comparison sort is easier then insertion sort as because: In insertion sort we have to shift the elements for making the right place of element j in jthiteration but in comparison sort we just have to compare two elements and then swap them if necessary. Swapping after comparison is easier than making the track of element at proper place by shifting elements(forward or backward according to condition) Following table shows the comparison with bubble sort and selection sort in terms of swaps and comparisons on following array:- 20,30,29,28,50,14,13,12,21,11,22,9,33,32,34,36,35,38,39,37,31,40,41,49,48,47,2,3,46,4,42,43,45,44,8,7,10,15,6,16, 17,15,18,19,24,23,25,27,26 Name Criteria Elements Comparison Swaps Comparison Average 50 654 631 sort Best 50 49 0 Worst 50 1274 1225 Bubble sort Average 50 1225 629 Best 50 1225 0 Worst 50 1225 1225 Selection Average 50 1270 45 sort Best 50 1250 0 Worst 50 1250 25 Insertion sort Average 50 696 647 Best 50 49 0 Worst 50 1274 1225 VI. Conclusion In this paper a new sorting algorithm has been presented. Comparison sort has complexity o(n2) but it requires less number of comparisons than bubble sort, selection sort. Mainly it bridges the gap between easiness and complexity, and improves number of comparisons and swaps. References [1] http://webspace.ship.edu/cawell/Sorting/main.htm [2] Aho A., Hopcroft J., and Ullman J., The Designand Analysis of Computer Algorithms, AddisonWesley, 1974.(paper me used) [3] http://www.aihorizon.com/essays/basiccs/lists/sorting/index.htm © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 89 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [4] http://courses.cs.vt.edu/csonline/Algorithms/Lessons/index.html [5] www.ccis2k.org/iajit/PDF/vol.7,no.1/9.pdf [6] Astrachanm O., Bubble Sort: An ArchaeologicalAlgorithmic Analysis, Duk University, 2003. [7] http://www.cs.ucc.ie/~dgb/courses/toc/hand out23.pdf © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 90 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Optimization of Vertical Handover Algorithms in Next Generation Heterogeneous Wireless Networks Renu Sharma , M.Tech Scholar SBIET, Pundri, India Abstract: The growing development of wireless technology with such a fast extent is increases the user’s desires for perfection. when the mobile user moves from one cell to another cell within a different type of network is called vertical handover, there are many problems such as handover failure probability, unnecessary handovers, connection breakdown etc. which degrade the vertical handover performance. In this paper, review on handover necessity estimation (HNE) is presented to reduce handover probability. These methods improve the vertical handover performance upto 80% as compared to other methods. The HTCE scheme used to determine the right moment to initiate a handover. This method is used to minimize the connection breakdown and maintains the user’s satisfaction at high levels. The analysis is stimulated with MATLAB. Keywords: VHO, HNE, HTCE 1. Introduction In last few years, very wireless technology has become popular in all around the world. Cellular phones, garbage openers, cordless telephones, remote control, pagers, radio, and satellite TV are all examples of wireless communication systems used in our daily lives. The importance of wireless communication is increasing day by day throughout the world due to cellular and broadband technologies. Everyone around the world would like to be connected seamlessly anytime anywhere through the best network. Wireless networks like 2G and 3G (GSM, GPRS, and CDMA2000 etc.) provide ubiquitous coverage area but suffer from low data rates and on the other side 4G which combines all previous wireless technologies has ability to provide high data rates without dropping calls. Mobility is the important feature in wireless networks. When the person moves from one cell to another within call duration and the call is transfer to the new cell‘s base-station without any interruption. This process of changing the point of attachment is termed as handover. The 4G wireless system must have the capability to provide high data transfer rates, quality of services and seamless mobility. Revolutionary drivers for 4G include a push toward universal wireless access and ubiquitous computing through seamless personal and terminal mobility. 2. Vertical Handover Processes The VHD scheme presented in this dissertation consists of four VHD modules : 1. Handover Necessity Estimation (HNE), 2. Handover Target Network Selection (HTNS) 3. Handover Triggering Condition Estimation (HTCE) 4. Handover Performance Parameter Estimation (HPPE) Vertical handover refers to a network node changing the type of connectivity it uses to access a supporting infrastructure, usually to support node mobility. For example, a suitably equipped laptop might be able to use both a high speed wireless LAN and a cellular technology for Internet access. 2.1 Vertical Handover Algorithms The authors presented a framework to compare the performance of different vertical handover algorithms on system resource utilization and Quality of Service (QoS) perceived by users, but only included the evaluation of two VHD algorithms. A subsequent survey‘s focus was on various mathematical models used in vertical handover decisions. RSS based VHD algorithms compare the RSS of the current point of attachment against the others to make handover decisions. 2.1.1 Algorithm 1: Adaptive Lifetime based Vertical Handover Algorithm Zahran et al. proposed algorithm for handover between 3G Networks and WLAN by combining the RSS with an estimated life time (duration over which the current access technology remains beneficial to the active applications). ALIVE-HO (Adaptive Lifetime based Vertical Handover Algorithm) always uses an uncongested network whenever available. It continues using the preferred network (i.e. WLAN) as long as it satisfies the QoS requirements of the application. 2.1.2 Algorithm 2: Algorithm on Adaptive RSS Threshold Mohanty and Akyildiz in paper ―A cross-layer (Layer 2 + 3) Handover Management Protocol‖ proposed a WLAN to 3G handover decision method. In this method, RSS of current network is compared with dynamic RSS threshold © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 91 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 when MT is connected to a WLAN access point. We observe that a handover from current network network (AP) referred as WLAN, to the future network (BS), referrered as 3G. 2.1.3 Algorithm 3: A Travelling Distance Prediction Based Algorithm Yan et al. developed a VHD algorithm that takes into consideration the time the mobile terminal is expected to spend within a WLAN cell. The method relies on the estimation of WLAN travelling time (i.e. time that the mobile terminal is expected to spend within the WLAN cell) and the calculation of a time threshold. A handover to a WLAN is triggered if the WLAN coverage is available and the estimated inside the WLAN cell is larger than the time threshold. 2.1.4 Algorithm 4: A wrong decision probability (WDP) prediction based algorithm In Chi et al. proposed a VHD heuristic based on the wrong decision probability (WDP) prediction. The WDP is calculated by combining the probability of unnecessary and missing handovers. Assume that there are two networks і and j with overlapping coverage, and their available bandwidth. An unnecessary handover occurs when the mobile terminal is in network i and decides to handover to j,but is less than after the decision. 3. Handover Necessity Estimation A method which estimates the necessity of a handover is proposed. HNE includes two VHD algorithms. The first algorithm predicts the user‘s travelling time within a network coverage area, and the averaged Received Signal Strength (RSS) samples and the MT‘s velocity information are used in the travelling time prediction in a mathematical model. The second algorithm calculates a time threshold based on various network parameters and the handover failure or unnecessary handover probability information. The predicted travelling time is compared against the time threshold and a handover is necessary only if the travelling time is longer than the threshold. This method leads to a reduction of handover failures of up to 80% and unnecessary handovers of up to 70% the steps involved in HNE are shown in figure 1. Fig 1.steps involved in HNE The handover necessity estimation (HNE) unit determines the necessity of making a handover to an available network. HNE takes various network parameters as its inputs and generates a binary value as its output. The inputs include: the AP power level, RSS samples, the radius of the network, the velocity of the MT, the handover latency, and the handover failure and unnecessary handover probability requirements. An output of ‗1‘ means a handover is necessary, and an output of ‗0‘ means the handover is not necessary.The block diagram of HNE is shown in Fig. 2. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 92 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Fig 2:Block diagram of HNE 4. Handover Triggering Condition Estimation (HTCE) A handover triggering condition estimation method is presented which helps to find the appropriate handover triggering condition when the RSS of the current serving network is fading. HTCE offers flexibility to either maximize WLAN usage or exert tight control on handover breakdowns to suit user‘s application requirements. The algorithm takes a parameter called ―connection breakdown tolerance‖ as input, and estimates handover triggering time through statistical analysis of the probability of connection breakdown based on the MT speed and expected handover delay. HTCE is able to keep the connection breakdown probability below desirable limits, and provides the user with control over the trade off between connection breakdown probability and WLAN usage. The handover triggering condition estimation (HTCE) determines a right time to initiate a handover to a new network to prevent connection breakdown as well as to maximize the usage of the preferable network. HTCE takes inputs as RSS samples, AP power level. The radius of the current connected network, the velocity of the mobile terminal, the handover latency and the connection breakdown probability requirements, and generates the handover triggering condition as its output. A block diagram of HTCE is shown in figure 3. Fig 3: Block diagram of HTCE © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 93 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 5. Conclusion The focus of the research project presented in this dissertation report was to develop a vertical handover decision mechanism for 4G heterogeneous wireless networks. The main aim of the scheme is to minimize communication interruptions due to handovers whilst maximizing the utilization of network resources in a cost effective way. Efficient VHD algorithms need to be designed to provide the required QoS to a wide range of applications while allowing seamless roaming among a multitude of access network technologies. A survey of the VHD algorithms designed to satisfy these requirements is presented. In order to maintain seamless user roaming and optimize network resource usage, it is desirable to minimize handover failures and unnecessary handovers. A handover necessity estimation method is introduced. This method is devised for minimizing handover failures and unnecessary handovers from cellular networks to WLANs, by estimating the necessity of a handover. This method is able to reduce the number of handover failures and unnecessary handovers up to 80% and 70%, comparing with the conventional RSS threshold based method. HTCE (Handover Triggering Condition Estimation) module was proposed. HTCE determines the timing to initiate a handover from the currently connected WLAN, when the MT is leaving the WLAN cell‘s coverage area. This method radius of the WLAN cell, handover latency, speed of the MT and connection breakdown tolerance. HTCE is able to provide the user with control over the trade off between connection breakdowns and WLAN usage. calculates a RSS threshold for triggering a handover based on the estimated 6. Future Work The proposed handover approach can meet the following requirements of handover in heterogeneous wireless network (a) Number of handover failures is minimized, which avoids degradation in signal quality and additional loads of the network (b) Handover procedure is reliable and successful (c) Handover algorithm is simple and has less computational complexity etc. This handover scheme can be extended further to optimize the QoS for different types of multimedia applications in heterogeneous wireless environment. We can also eliminate the assumption that the MTs speed remains fixed inside the WLAN cell. Different mobility models and propagation models could be applied representing various user scenarios such as pedestrians in a campus,bicycle rider in a urban area and motorists in suburban area. References [1] I. F. Akyildiz, J. McNair, H. Uzunalioglu, and W. Wang, ―Mobility Management in Next Generation Wireless Systems‖, Proceedings of the IEEE, vol. 87, no. 8, pp. 1347– 84, Aug. 1999. [2] J. McNair & F. Zhu, ―Vertical Handoffs in Fourth-generation Multi-network Environments‖, IEEE Wireless Communications, Vol. 11, No. 3, pp 8–15, , June 2004. [3] I. H Abdaulaziz, L. Renfa, and Z. Fanzi, (2012) ―Handover Necessity Estimation for 4G Heterogeneous Networks‖, In proc. of the international journal of information sciences and techniques (IJIST) vol.2, No.1, January 2012. [4] S. Abrar1, R. Hussain1, R. A. Riaz, S. A. Malik, S. A. Khan, G. Shafiq, and S.Ahmed, ―A new method for handover triggering condition estimation‖, IEICE Electronics Express, Vol.9, pp. 1–7, Feb 2012. [5] A. Hasswa, N. Nasser, H. Hassanein, ―A context-aware cross-layer architecture for next generation heterogeneous wireless networks‖, In the Proceedings of the IEEE International Conference on Communications (ICC‘06), Istanbul, Turkey, pp. 240–245, June 2006. [6] R. Tawil, G. Pujolle, O. Salazar, ―A vertical handoff decision scheme in heterogeneous wireless systems‖, In the Proceedings of the 67th Vehicular Technology Conference (VTC‘08 – Spring), Marina Bay, Singapore, pp. 2626–2630, April 2008. [7] W. Zhang, ―Handover decision using fuzzy MADM in heterogeneous networks‖, In the Proceedings of the 2004 IEEE Wireless Communications and Networking Conference (WCNC‘04), Atlanta, Georgia, USA, pp. 653–658, March 2004. [8] K. Pahlavan, P. Krishnamurthy, A. Hatami, M. Ylianttila, J.P. Makela, R. Pichna, J. Vallstron, ―Handoff in hybrid mobile data networks‖, IEEE Personal Communications, pp.34–47, 2000. [9] X. Yan, ―Optimization of Vertical Handover Decision Processes for Fourth Generation Heterogeneous Wireless Networks‖, Monash University, Australia, September 2010. [10] Mrs. Chandralekha, P.K.Behera, ―Optimization of vertical handover performance parameters in heterogeneous wireless networks‖, In the proceedings of modern engineering research (IJMER), vol.1, Issue 2, pp. 597-601, 2010. [11] Yue Chen, ― Soft Handover Issues in Radio Resource Management for 3G W CDMA Networks‖ Queen Mary University of London, 2003. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 94 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [12] Cavalcanti and D. Agrawal, ―Issues in integrating Cellular Networks, WLANs, And MANETS: A Futuristic Heterogeneous Wireless Network‖, University of Louisvelle, 2005. [13] Mark. Younge, ―Feasibility study on 3GPP system to Wireless Local Area Network (WLAN) interworking‖, vol. 6, 2002. [14] Shiao-Li Tsao, Chia-Ching Lin, ―Design and Evaluation of UMTS-WLAN Interwork- ing Strategies", Computer & Communications Research Laboratories, Industrial Technology Research Institute, Hsinchu, Taiwan, R.O.C, 2002. [15] K. Taniuchi, Y. ohba, V. Fajardo, ―Media Independent Handover Services‖, Sept. 2008. [16] M. Aamir Latif, M. Aziz Khan, ―Quality of service during vertical handover in 3G/4G wireless networks‖, Blekinge Institute of Technology, Feb 2009. [17] N. Ekiz, T. Salih, K. Fidanboylu; ―An Overview of Handoff Techniques in Cellular Networks‖, World Academy of Science, Engineering and Technology, vol. 2, 2005. [18] W.-T. Chen, J.-C. Liu, and H.-K. Huang, ―An adaptive scheme for vertical handoff in wireless overlay networks‖, In Proceedings of the Tenth International Conference on Parallel and Distributed Systems (ICPADS‘04), Newport Beach, California, USA, July 2004. [19] Pramod Goyal & S. K. Saxena, ―A Dynamic Decision Model for Vertical Handoffs across Heterogeneous Wireless Networks‖, World Academy of Science, Engineering and Technology, pp 676-682, 2008. [20] A. H. Zahran and B. Liang, ―ALIVE-HO: Adaptive lifetime vertical handoff for heterogeneous wireless networks‖, Technical Report, University of Toronto, 2005. [21] M. Z. A. Syuhada, I. Mahamod, ―Performance Evaluation of Vertical Handoff in Fourth Generation (4G) Networks Model‖,pp.392-398,August-2008 [22] Y. Xiaohuan, N. Mani, and Y. A. Cekercioglu, "A Traveling Distance Prediction Based Method to Minimize Unnecessary Handovers from Cellular Networks to WLANs,", pp. 14-16, 2008. [23] C. Chi, X. Cai, R. Hao, F. Liu ―Modeling and analysis of handover algorithms‖, In the Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM‘07), Washington, DC, USA, pp. 4473–4477, November 2007. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 95 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Software Based Framework for Handling Grid Process Automatically Surender Jangra Associate Professor & Head, Department of CSE, HCTM Technical Campus, HIET, Ambala Road, Kaithal-136027, India Abstract—Grid computing is the federation of computer resources from multiple administrative domains to reach a common goal. The grid can be thought of as a distributed system with non-interactive workloads that involve a large number of files [9]. Grids are often constructed with general-purpose grid middleware software libraries. The main drawback is in grid Processes worked manually after grid setup. There is no efficient software mechanism which can handle the grid Processes automatically. Research paper provides an automatic Software Based Framework which will able to handle grid Processes automatically. The development of efficient mechanism will convert manual way into automatic way. It will automatically reduce the time to handle the grid Processes. Keywords-- Cross-Platform Manager, security controls I. Introduction "Distributed" or "grid" computing in general is a special type of parallel computing which relies on complete computers (with onboard CPU, storage, power supply, network interface, etc.) connected to a network (private, public or the Internet) by a conventional network interface, such as Ethernet[1],[2]. This is in contrast to the traditional notion of a supercomputer, which has many processors connected by a local high-speed computer bus.Grid systems are classified as Computational, Data and Service grids. Computational Grid [9], category denotes the systems that have a higher aggregate Computational capacity available for single applications than the capacity of any Constituent machine in the system. This research paper related to automatic computational grid by automatic framework. Data Grids [9], the resource management system manages data distributed over Geographical locations. Data Grid is for systems that provide an infrastructure for Synthesizing new information from data repositories such as digital libraries or Data Warehouses that are distributed in a wide area network. Service Grid [9], category is for the systems that provide services that are not provided by any single machine. This category is further subdivided in On Demand, Collaborative and Multimedia Grid Systems. II. Alchemi Alchemi is an open source framework that allows setting up a computational desktop grid to painlessly aggregate the computing power of networked machines into a virtual supercomputer (desktop grid) and to develop applications to run on the grid[5],[6]. It has been designed with the primary goal of being easy to use without sacrificing power and flexibility. Alchemi includes: a) The runtime machinery (Windows executables) to construct computational grids. b) .NET API and tools to develop .NET grid applications and grid-enable legacy applications. By using alchemi to set up a computational grid environment where to test the frame work.There are four types of distributed components (nodes) involved in the construction of Alchemi grids and execution of grid applications: Manager, Executor, and User & Cross-Platform Manager [6]. A grid is created by installing Executors on each machine that is to be part of the grid and linking them to a central Manager component. The Windows installer setup that comes with the Alchemi distribution and minimal configuration makes it very easy to set up a grid. An Executor can be configured to be dedicated (meaning the Manager initiates thread execution directly) or non dedicated (meaning thread execution initiated by executor).Non dedicated executors can work through firewall and Nat servers since there is only one way communication between executor and manger. Dedicated execution is more suited for intranet environment and non dedicated for internet environment. III. Security Factors Physical security is an important component of an information systems overall security. An enterprise grid, like any information system, needs to protect against physical threats from humans (either malicious or accidental) as well as man-made and natural disasters [4]. Having one enterprise grid system instead of multiple silo-ed systems may lead © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 96 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 to some efficiency in addressing physical security threats. Social engineering describes how an unauthorized user cons an authorized user into providing information needed to access a system. An enterprise grid does not necessarily introduce new forms of social engineering threats, and may even reduce these threats if an enterprise grid is rolled out with a strong set of security controls (e.g. a clear admin model, processes, and policy)[3]. Regulatory Compliance ensures that the functions being performed by the grid and its users are not violating any government or industry laws. The security requirements that are within the regulations should be incorporated to grid policies, procedures, processes. IV. Objective Currently, the main focus of the most widely deployed automatic solutions in grid. Many solutions to this problem are provided in past research, but limitation is that solution worked manually not automatically. We required a effective solution which should works automatically instead of manually. So in these papers we are going describe such type of method which works totally automatic way (nothing is manually).so we are going to provide automatic attachment of executing process. The development of a usable lightweight framework (c#.net) that can be deployed in existing grid environments. The main objective is our work to make system fully automatic by removal of manual system by using framework (c#.net). V. Modules Constrution Module for checking the Process on remote side & checking main node running status. This module deals with checking of main node and process on main node. Module for automatically shut down main node. Shut down Process is not permanent, it will upto time until main node start its work again. Module for change the ip address Now ip of main node will now ip address of remote node. Because executing process can attached by IP address of main node[7]. So grid can handle automatically in few seconds without any interruption. In past work we handle this process manually. Now this framework provides way for automatic handling. Which is useful for secure and regular execution without any interruption. All steps points to automatic handling even after grid down for some time due to unknown Reason? VI. Testing Of Modules First test is performed by switched off main running node, as its find main node down after 30 seconds it will change the IP address of recovery node. After changing address it creates a new process in node. So executors attached to new node. VII. Flow Chart (Automatic Framework) Start OFF Checking main node Running ON OFF Check process Shut down main node Exit Change ip of remote node. Generate alert of starting of node Make Automatic linking to node. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 97 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Second test is performed by making interrupt main process. As framework finds that main process is not running.. It down main node, change the IP of node, create new process on remote node on LAN. so process automatically attached . Third case is performed by making a comparison time taken by manual way as well as automatic way. We performed above two cases manually it takes more time (more than one min) as compared to proposed automatic method (in 30 seconds). Same cases are tested by framework it takes 5 seconds is first case and 30 seconds in second case test. Time noted in manual handling is more than one min in both cases .so framework takes less time. So framework quickly performed which will helps to make a grid automatic[8]. VIII. Results Proposed technique totally handles computational Grid automatically. Automatic handling will completely remove manual way of handling computational grid. It will minimize recovery time. Our framework will automatically handles in few seconds which is less than in comparison of manual It will reduce load of administrator cause each task handled by frame work Our framework act as automatic path in GRID environment We can automatically save the grid from of parent node as well as child process down. IX. Conclusion This research work aims to add functionality to the computational grid environment using automatic framework. In the field of computational grid automatic technique provide a efficient way instead of manual .When a running grid become disturb So such efficient techniques which can transfer control to automatically where process can again started after few seconds is better option for computational grid as compared to manual way. Framework performs each & every task automatically instead of manually. It reduces the recovery time as compared to manual way. We conclude that framework is helpful the overall performance of running grid. References [1] Akshay Luther, Rajkumar Buyya, Rajiv Ranjan, and Srikumar Venugopal, X, Wiley Press, New Jersey, USA, June 2005. [2] Agus Setiawan, David Adiutama, Julius Liman, Akshay Luther and Rajkumar Buyya, GridCrypt: High Performance Symmetric Key using Enterprise Grids, Proceedings of the 5th International Conference on Parallel and Distributed Computing, [3] http://www.ogf.org/documents/ega-grid_security_requirements-v1Approved.pdf [4] Akshay Luther, Rajkumar Buyya, Rajiv Ranjan, and Srikumar Venugopal, Alchemi: A .NET-Based Enterprise Grid Computing System, Proceedings of the 6th International Conference on Internet Computing [5] http://www.alchemi.net [6] http://www.gridbus.org/~alchemi/files/1.0.beta/docs/AlchemiManualv.1.0.htm [7] Paul Townend and Jei Xu, ―Fault Tolerance within a Grid Environment‖Proceedings of AHM2003 [8] http://en.wikipedia.org/wiki/Grid_computing [9] Yuuki Horita, Kenjiro Taura, Takashi Chikayama, ―A Scalable and Efficient Self-Organizing Failure Detector for Grid Applications‖ 6th IEEE/ACM International Workshop on Grid Computing, Grid 2005 © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 98 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 A Tool to Cluster Design Components Sunil Kumar1, Prof Rajesh Kumar Bhatia2 Research Scholar Thapar University Patiala, India1 PEC Chandigarh, India2 Abstract― Clustering is a technique to assemble data objects on the basis of similarity and dissimilarity. Proposed approach is concerned with the clustering of design components. These components are extracted from model description language (MDL) file which is created by default when a modeling diagram is drawn in Rational Rose modeling tool. MDL file contain all the information of a software design model in textual form. For software reuse, MDL files should be available and then retrieved. For this, a tool is developed called MDL management tool. The tool manages the storage of MDL files according to a predefined criterion that helps in easy retrieval of MDL file. Keywords: MDL file, CRUD I. Introduction Software reuse is a major issue in front of software professional in order to increase the software productivity and software quality. One possible solution for this is to reuse the software, but its success depends upon some factors one of these is the availability of software. Software reuse is highly dependent upon the storage and retrieval methods within a software repository. Mili has described the storage and retrieval method as a specialized form of information storage and retrieval [1]. As per Ricardo A. Falbo et al software reuse is one of the promising techniques to improve the quality and productivity of the software. There is a need to bind and develop the software components using a software process that really facilitate software reuse. This process has two perspectives: 1. Developing reusable components. 2. Development with reusable components. The school of computer science and information science at Fairlay Diekinson University define software reuse as the process of integration and use of software assets from a previously developed system. The school had clearly defined types of software assets as code, requirements, architecture/ design documents, test plans, manuals, templates for any asset and design decision.A software component is an independent unit of the software that does a useful function. [2]. A reusable software component can be defined as the software that can be used gain and again. It may be the design, code or some other product of the software development process. Reusable software components are sometimes called as software assets. Most of the activities in the design and development phase belong to the component properties and composition issues [2]. Component based software engineering states that software should be developed by gluing prefabricated components like in the field of electronics or mechanics. Component based systems require some more activities than normal application and should also include the traceability and portability. [3]. In proposed approach we have clustered the MDL file component. This file is another way to represent the design hence this can also be called as the design clustering. The structure of the file has been shown below in figure 1. Fig 1 MDL structure © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 99 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 II. Literature Review Soo Dong Kim and Soo Ho Chang proposed a systematic UML based technique to identify the components. In this the availability of object oriented model is a necessary condition. It deals with the use case model, object model and dynamic model. The proposed method utilise these artifacts and resulted into software components [5]. Lee et al proposed a method that measure the relationships between classes to define terms like create, retrieve update, and delete (CRUD). Shifting of rows and columns has been done by applying a clustering algorithm for making clusters. On the basis of data dependency and interclass relationships among the classes, clusters were formed [6]. Jain, H. and Chalimedia, N., proposed an approach for the grouping of classes into components. The static and dynamic relationships between classes were used. Static relationships measure the relationship strength and dynamic relationships measures the frequency of message exchanges at the time of execution. Combination of these two relationships evaluated the resulting strength of relationships between classes [7]. Soo Ho Chang et al further proposed a technique to identify the components having high cohesion and low coupling. To ease the clustering process a tool was developed in .net framework to automate the clustering and component identification [8]. This method has been related to their previous work [9]. Zhenchang Xing and Eleni Stroulia proposed an algorithm UML diff, to detect the structural changes between the subsequent versions of object oriented softwares. Class model in the form of an input was taken for the two versions of the software. This results into a change tree to indicate the difference between two design versions. Their proposed tool provided a report of the design evolution of the system software [10]. Alexander Egyed proposed a tool called as UML analyzer. This abstracted the class diagrams and object diagrams in UML. It extracted the classifiers, relations and semantics. It was an automated abstraction technique and had in built abstraction rules for class and object diagrams. Rational Corporation adopted this tool and implemented it on the Rational Rose [17]. L.C Briand et al had developed a tool IACMT that analyzed the two versions of UML models and outputs an impact analysis report and a consistency verification report. It was implemented on class, sequence and state-chart diagrams [12]. Rosziati Ibrahim and Noraini Ibrahim developed a tool to check the syntax, rules and notations imposed by the UML specifications [13]. Noraida Haji Ali et al proposed an assessment system for UML class diagram called as UML class diagram assessor UCDA. The tool got an input in the form of Rational Rose petal files. The tool analyzed the class diagram on the basis of three aspects: structure, correctness and language used. The output of the tool was a list of comments on the diagram that were used in understanding the requirements. The naming convention for the class and its attributes were based upon the Malay language [14]. The author proposed an extraction technique that extracted the notation information from the Rational Rose Petal files and were kept in the tables for further assessment. III. Methodology Proposed methodology is based upon the clustering of design based components. The components are extracted from the design phase of the software development life cycle. Two techniques are implemented, one is extraction and other is clustering. Clustering enhances the retrieval effectiveness. Our approach makes use of MDL file of UML diagrams drawn using Rational Rose. MDL file is a textual description of various modeling diagrams. It is an unstructured text file showing all the design components and their relationships. The format of MDL file is shown in Figure 1.The format of MDL file looks like a LISP data structure having several nested levels enclosed in parentheses forming a tree of nodes [15]. The software design may belong to domains like academics, application etc. It means that the MDL file corresponds to different domains of software design. MDL should be clustered in a way that makes it easily available. The tool described in the next subsection is developed for the availability of MDL file. MDL is a textual representation of the design of software. The file can be clustered so that the information in one software component can be used or shared in some other software design. Here we have described a software tool to cluster and retrieve these MDL files. The name of the tool is MDL Management tool. A. MDL Management: Tool Repository Management is a static tool used for searching a Design Component. Figure 2 shows the main interface of the tool. On the main interface screen we have the three types of categories Broad Category Sub Category Sub-Sub category The above mentioned are the dropdowns consisting of BC1, BC2, BC3 for the Broad Category.SC1, SC2, SC3 for the Sub Category and SSC1, SSC2, SSC3 for the Sub-Sub Category. The tool uses the keyword search technique. In the tool we can search for the components by providing keyword if the keyword matches in the MDL file, then we obtain the component id and the physical address of that component as the resultant. We can add the components © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 100 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 and also a brief description about the same. The MDL file is then uploaded as shown in Figure 5. The output is generated if a keyword is matched as shown in Figure 7. If there is no such keyword found in that case the output comes out to be ―No records found‖ as shown in Figure 3. So it provides a way to search through the MDL file and retrieve all the results on the basis of the keyword search. The tool is Java based.[16].Various modeling diagrams can be drawn in Rational Rose [17], for example Class Diagram, Use-Case Diagram, Activity Diagram, Sequence Diagram etc. Then corresponding to the diagram used the MDL file is generated and the same MDL file has been used in the tool. Fig 2 Main Interface Figure 3 Search Result Interface I © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 101 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Figure 4 Search Result Interface II Figure 5 Uploading MDL File © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 102 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Figure 6 Component Storage Interface Figure 7 Result Interface The tool is developed in Java and MS Access is used as database. IV CONCLUSION AND FUTURE SCOPE Proposed approach defines a mechanism for the clustering and retrieval of MDL files. MDL files are managed by the tool by describing some categories that helps in efficient retrieval. Since the tool is a static tool hence for future scope the tool can be made dynamic so that the storage of MDL files can be made dynamically. References [1] A.Mili., R.Mili and R.T.Mitterweir ― A survey of software reuse libraries‖ Volume 5 , Pages: 349 – 414, 1998. [2] Crnkovic, I and Larsson, M, ―Building reliable component based software system‖, Artech House, 2002. [3] Heineman, g.T., Councill, W. T., ―component based software engineering‖ Addison Wesley, 2001. [4] P.S Grover, Rajesh Kumar and Arun Sharma ― Few useful considerations for maintaining the software components and component based systems‖ ACM SIGSOFT, Vol 32, No 5, September 2007. [5] Soo Dong Kim and Soo Ho Chang ―A systematic method to Annals of Software Engineering,identify software components‖., proceedings of 11th Asia Pacific software Engineering Conference APSEC-2004. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 103 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [6] Lee, S., Yang, Y., Cho, E., Kim, S., and Rhew, S ., ― COMO: A UML based component based methodology‖, Proceedings of the IEEE Sixth Asia Pacific Software Engineering Conference, Dec. 1999. [7] Jain, H. and Chalimedia, N., ― Buissness component identification- A formal approach‖ proceedings of the IEEE fifth international Enterprise Distributed Object Computing Conference, 2001. [8] Soo Ho Chang., Man Jib Han., and Soo Dong Kim ― A tool to automate component clustering and identification‖ M. Cerioli (Ed.): FASE 2005, LNCS 3442, pp. 141-144, 2005. [9] Hanen Ben Khalifa., Qualid Khayati., Henda Hajjami and Ben Ghezala ―A behavioral and structural component retrieval technique for software reuse‖ Advanced Software Engineering & Its Applications, IEEE, 2008. [10] Zhenchang Xing and Eleni Stroulia ―UML Diff: An algorithm for Object Oriented Design Differenecing‖ ASE-05, November 7-11, 2005, Long Beach, California, USA, 2005. [11] Alexander Egyed ― Semantic abstraction rules for class diagrams‖ Proceedings of 15th international conference on Automated software engineering ASE-2000. [12] L.C Briand., Y. Labiche., and L. O‘Sullivan ― impact analysis and change management of UML Models‖ proceedings of the Internatonal Conference on Software Maintainance ICSM-2003. [13] Rosziati Ibrahim and Noraini Ibrahim ―A tool for checking the conformance of UML specification‖, www.waset.org/journals/waset/v51/v51-45.pdf. [14] Noraida Haji Ali, Zarina Shukur and Sufian Idris ―A Design of an Assessment System for UML Class Diagram‖ Fifth International Conference on Computational Science and Applications, 2007. [15] M. Dahm "Grammar and API for Rational Rose Petal Files", Version l. l., July (2001) [16] Java 2 complete reference 5th Ed. – Herbert Schildt. [17] http://www.rational.com. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 104 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Attacks and Trust -Reputation Based Security in WSNs Dr. Rajiv Mahajan[1] , Dr. Surender Singh[2], Akhilesh Kumar Bhardwaj[3] , Parveen Sharma [4] P.T.U., PUNJAB India Abstract: Network Security in these days becomes the front line of network supervision and realization. The attempt in the security concern is to hit upon a realistic situation between the need of developing the network and the need to protect the information. The types of potential threats to network are continuously embryonic and must be at least theoretical known in order to fight them back. In this regard, wireless sensor networks are attracting the researchers in special ways. Wireless Sensor network (WSN) is an emerging technology and have great potential to be employed in critical situations. One of the major challenges wireless sensor networks face today is security. Here in this paper, we have a discussion about the major security attacks for wireless sensor networks and proposes a trust based way out. Keywords: Wireless Sensor Network, security, attacks, DSR, trust I. Introduction As a consequence of the expansion of networks, the network attack tools and methods have greatly evolved. Various terms have been introduced to illustrate the involvements. Some of the most common terms [1] are White hat It is an individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. Hacker This term is frequently used in an unconstructive way to describe an individual that attempts to gain unauthorized access to network resources with malicious target. Spammer An entity that sends huge quantities of unwanted e- mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. Phisher It uses e-mail or other resources to trick others into providing sensitive information, such as credit card numbers or passwords. Black hat One more term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. Cracker A term to illustrate someone who tries to gain unauthorized access to network resources with malicious goal. Phreaker Phreaker is an individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is to make free long distance calls. II. Security Goals for Sensor Networks The security goals for sensor networks are classified as primary and secondary [1] [2]. The primary goals are known as standard security goals such as Authentication, Confidentiality, Integrity and Availability. The secondary goals are Data Freshness, Self-Organization, Time Synchronization and Secure Localization. A. Authentication Authentication ensures the reliability of the message by identifying its origin. Data authentication verifies the identity of the senders and receivers. Due to the wireless nature of the media and the unattended nature of sensor networks, it is extremely challenging to ensure authentication. B. Confidentiality Confidentiality is the ability to conceal messages from a passive attacker so that any message communicated via the sensor network remains confidential. C. Integrity Integrity in sensor networks is needed to ensure the reliability of the data and refers to the ability to confirm that a © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 105 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 message has not been tampered with, altered or changed. The integrity of the network will be in trouble when: 1. A malicious node present in the network introduces false data. 2. Unstable conditions due to wireless channel cause damage or loss of data. D. Availability Availability determines whether a node has the ability to use the resources and whether the network is available for the messages to communicate. Therefore availability is of primary importance for maintaining an operational network. E. Data Freshness Even if confidentiality and data integrity are assured, there is a need to ensure the freshness of each message. Informally, data freshness [4] suggests that the data is recent, and it ensures that no old messages have been replayed. F. Self-Organization A wireless sensor network is typically an ad hoc network, which requires every sensor node be independent and flexible enough to be self-organizing and self-healing according to different situations. If self-organization is deficient in a sensor network, the damage resulting from an attack or even the risky situation may be demoralizing. G. Time Synchronization Most sensor network applications rely on some form of time synchronization. Furthermore, sensors may wish to compute the end-to-end delay of a packet as it travels between two pair wise sensors. A more collaborative sensor network may require group synchronization for tracking applications. H. Secure Localization A sensor network designed to locate faults will need accurate location information in order to pinpoint the location of a fault. Unfortunately, an attacker can easily manipulate non-secured location information by reporting false signal strengths, replaying signals. This Section has discussed about the security goals [3] that are widely available for wireless sensor networks and the next section explains about the attacks that commonly occur on wireless sensor networks. III. Passive, Active and Layered Attacks in Sensor Networks A. Passive and active attacks When it is referred to a passive attack it is said that the attack obtain data exchanged in the network without interrupting the communication [2]. When it is referred to an active attack it can be affirmed that the attack implies the interference in the normal functionality of the network by means of information interruption, modification or fabrication [2] [4]. Traffic analysis Traffic analysis is the process of intercepting and examining messages in order to figure out information from patterns in communication. Denial-of-service (DoS attack) A Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Replay attack A replay attack is a fall foul of security in which information is stored without authorization and then retransmitted to trick the receiver into unauthorized operations such as false identification or authentication or a duplicate transaction. It is also known as a "man-in-the middle attack". Internal vs. external attacks External attacks are carried out by nodes that do not belong to the domain of the network. Internal attacks are from compromised nodes, which are actually part of the network. LAYERED ATTACKS There are different attacks or threats that can disturb security at different layers [2] [5] [6] [7] [8]. They are © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 106 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 discussed below: B. Physical layer attacks Wireless communication is broadcast by nature. A common radio signal is easy to jam or intercept. An attacker could eavesdrop or disturb the service of a wireless network physically [2] [5]. Eavesdropping Eavesdropping is the intercepting and reading of messages and conversations by unintended receivers. Thus, messages transmitted can be overheard, and fake messages can be injected into network. Interference and Jamming Radio signals can be jammed or interfered with, which causes the message to be corrupted or lost. If the attacker has a powerful transmitter, a signal can be generated that will be strong enough to overpower the targeted signals and dislocate communications. The most general types of this form of signal jamming are random noise and pulse. C. Link layer attacks Attacks may target the link layer by disrupting the cooperation of the layer‘s protocols. Wireless medium access control (MAC) protocols have to coordinate the transmissions of the nodes on the common transmission medium. In the link layer, a selfish or malicious node could interrupt either contention-based or reservation-based MAC protocols. A malicious neighbor of either the sender or the receiver could intentionally not follow the protocol specifications. For example, the attacker may corrupt the frames easily by introducing some bits or ignoring the ongoing transmission. It could also just wait to launch DoS attacks in IEEE 802.11 MAC. An attacker may also overhear the network allocation information and then intentionally corrupt the link layer frame by interfering with the ongoing transmission. D. Network layer attacks By attacking the routing protocols, attackers can absorb network traffic, infuse themselves into the path between the source and destination, and thus control the network traffic flow. The traffic packets could be forwarded to a non- optimal path, which could introduce significant delay. In addition, the packets could be forwarded to a nonexistent path and get lost. The attackers can create routing loops, introduce severe network congestion, and channel contention into certain areas. Routing table overflow attack A malicious node advertises routes that go to non- existent nodes to the authorized nodes present in the network. Routing cache poisoning attack In this attack, the attackers take advantage of the promiscuous mode of routing table updating, where a node overhearing any packet may add the routing information contained in that packet header to its own route cache, even if that node is not on the path. Wormhole attack An attacker records packets at one location in the network and tunnels them to another location. Routing can be disrupted when routing control messages are tunneled. This tunnel between two colluding attackers is referred as a wormhole. Wormhole attacks are severe threats to WSN routing protocols. For example, when a wormhole attack is used against an on-demand routing protocol such as DSR, the attack could prevent the discovery of any routes other than through the wormhole. Resource consumption attack This is also known as the sleep deprivation attack. An attacker or a compromised node can attempt to consume battery life by requesting excessive route discovery, or by forwarding unnecessary packets to the victim node. Location disclosure attack An attacker reveals information regarding the location of nodes or the structure of the network. It gathers the node location information, such as a route map, and then plans further attack scenarios. Attacks at the routing maintenance phase There are attacks that target the route maintenance phase by broadcasting false control messages. For example, DSR implement path maintenance procedures to recover broken paths when nodes move. If the destination node or an intermediate node along an active path moves, the upstream node of the broken link broadcasts a route error © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 107 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 message to all active upstream neighbors. The node also invalidates the route for this destination in its routing table. Attacks at data forwarding phase Some attacks also target data packet forwarding functionality in the network layer. In this development, the malicious nodes chip in cooperatively in the routing protocol routing discovery and maintenance phases, but in the data forwarding phase they do not forward data packets consistently according to the routing table. Malicious nodes simply drop data packets quietly, modify data content, replay, or flood data packets; they can also delay forwarding time-sensitive data packets selectively or introduce junk packets. Attacks on DSR routing protocol There are attacks that target some particular routing protocols. In DSR, the attacker may modify the source route listed in the RREQ or RREP packets. It can delete a node from the list, switch the order, or append a new node into the list. E. Transport layer attacks The objectives of Transport layer protocols in WSN include setting up of end-to-end connection, end-to-end reliable delivery of packets, flow control, congestion control, and clearing of end-to- end connection. However, a WSN has a higher channel error rate when compared with wired networks. Because TCP does not have any mechanism to distinguish whether a loss was caused by congestion, random error, or malicious attacks, SYN flooding attack The SYN flooding attack is a denial-of-service attack. The attacker creates a large number of TCP connections with a victim node, but never completes the handshake to fully open the connection. Session hijacking In the TCP session hijacking attack, the attacker spoofs the victim‘s IP address, determines the correct sequence number that is expected by the target, and then performs a DoS attack on the victim. F. Application layer attacks The application layer attacks are eye-catching to attackers because the information they seek ultimately resides within the application and it is direct for them to make an impact and reach their goals. Malicious code attacks Malicious code, such as viruses, worms and spywares can attack both operating systems and user applications. These malicious programs usually can spread them-selves through the network and cause the computer system and networks to slow down or even damaged. Repudiation attacks Repudiation refers to a denial of participation in all or part of the communication. G. Multi-layer attacks Some security attacks can be launched from multiple layers instead of a particular layer. Examples of multi-layer attacks are denial of service (DoS), man-in-the-middle, and impersonation attacks [2] [9]. Denial of service (DoS) attack Denial of service (DoS) attacks could be launched from several layers. An attacker can employ signal jamming at the physical layer, which disrupts normal communications. At the link layer, malicious nodes can occupy channels. At the network layer, the routing process can be interrupted through routing control packet modification, selective dropping, table overflow or poisoning. At the transport and application layers, SYN flooding, session hijacking, and malicious programs can cause DoS attacks. Man-in-the -middle attacks An attacker sits between the sender and the receiver and sniffs any information being sent between two ends. Impersonation attacks Impersonation attacks are launched by using other node‘s identity, such as MAC address or IP address. Impersonation attacks sometimes are the opening step for most of the attacks, and are used to launch additional © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 108 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 complicated attacks. IV. Trust Based Mechanism We put forward a new trust and reputation based validation mechanism for secure routing and to put off attacks [8] [10] [11]. In our architecture, there is Trusted Third Party server. It also serves as a trusted Certificate Authority. In our method, each node in the network consists of a trust table, which contains trust counter. Each node keeps track of the number of packets forwarded through a route using a packet counter. The finishing productivity is yet to be explored at reasonable stage. V. Conclusion The key terms for attacks, threats and major attacks for the wireless sensor networks are discussed. The individual layer based security attacks as well as cross layer or multi layer attacks are also briefly explained to explore the greater research enthusiasm for secure networking solutions. The trust based solution is also introduced. References [1] Types of Attacks in Wireless Sensor Networks, T.G. LUPU ―Recent Advances in Signals and Systems ―ISSN: 1790-5109 [2] A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks International Journal of Computer Science and Information Security, Vol. 4, No. 1 & 2, 2009 [3] Hralambos Mouratidis, Paolo Giorgini, Gordon Manson, Using Security Attack scenarios to Analyse Security During Information System Design, in the 6th International Conference on Enterprise Information Systems, 2004 [4] Ehab Al-Shaer, ―Network Security Attacks I: DDOS‖, DePaul University, 2007. [5] William Stallings, Cryptography and Network Security Principles and Practices, Fourth Edition, Prentice Hall, 2005. [6] Adrian Perrig, John Stankovic, David Wagner, ―Security in Wireless Sensor Networks‖ Communications of the ACM, Page53-57, 2004 [7] Al-Sakib Khan Pathan, Hyung-Woo Lee, Choong Seon Hong, ―Security in Wireless Sensor Networks: Issues and Challenges‖, International conference on Advanced Computing Technologies, Page1043-1045, 2006 [8] Chris Karlof, David Wagner, ―Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures‖, AdHoc Networks (elsevier), Page: 299-302, year 2003 [9] Zia, T.; Zomaya, A., ―Security Issues in Wireless Sensor Networks‖, Systems and Networks Communications (ICSNC) Page(s):40 – 40, 2006 [10] Xiangqian Chen, Kia Makki, Kang Yen, and Niki Pissinou, Sensor Network Security: A Survey, IEEE Communications Surveys & Tutorials, vol. 11, no. 2, page(s): 52-62, 2009 [11] Francesco Oliviero and Simon Pietro Romano,―A Reputation Based Metric for Secure Routing ―, IEEE GLOBECOM, 2008. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 109 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Research on Energy Efficient Clustered Routing Protocol for Wireless Sensor Networks Ajay jangra1, Amisha Dhiman2 1Asst. Prof. CSE department, University Institute of Engineering & Technology, KUK,INDIA. 2M.Tech. Scholar, CSE department, University Institute of Engineering & Technology, KUK, INDIA Abstract: Compared to traditional networks, Wireless sensor networks received much attention as they provide an advantage of monitoring the various kind of environment by sensing the physical phenomenon. The number of these networks related with sensors has been increasing and WSN has become an active research area for researcher now days. Energy efficiency is a major concern in designing a protocol for WSN. Clustering sensor nodes is an effective way of achieving this goal. LEACH is a suitable and best method of preserving energy in a network via clustering which uses TDM/CDMA MAC which is held responsible for low inter and intra cluster collisions. In LEACH a small number of clusters are made up in a self-organized manner. In this paper we have analyzed routing techniques, design constraint for routing techniques in WSN, and formulated problems based on the analysis of LEACH which proves to be major drawbacks for LEACH. Keywords: WSN, energy efficiency, reliability, cluster head, LEACH. I. Introduction Wireless sensor network is defined as a network of sensor nodes which are deployed in a random hostile environment for monitoring the physical and environmental conditions for variety of applications like inventory management, habitat monitoring, military applications, event detection, patient diagnosis, fire detection in forests and many more. In WSN sensor nodes collect information from its surrounding environment and passes that collected data to sink via a routing path. For working of these sensor networks correctly we need to select an efficient, reliable and secure path for transmitting of data from sensor nodes to sink. To accomplish this task we need to design energy efficient routing protocols which can maximize the network lifetime and provides a reliable and secure path for data transmission. BS Sensor field Internet and satellite Sensor nodes User BS Base station Task manager node Fig.1 A network of sensor nodes In Section II a brief taxonomy is provided for the basic routing strategies used to keep a balance between responsiveness and energy efficiency. LEACH protocol is one of the examples of energy efficient routing protocol supporting clustered architecture. II. ROUTING TECHNIQUES IN WSN As compared to traditional networks wireless sensor network have distinguished features which makes the routing problem a very challenging task in WSN. As data in WSN have to pass from different sensors to sink, nodes are mobile and deployment of sensors are large which results in a challenge in designing routing protocols for WSN. We cannot use the same global addressing scheme of traditional networks as numbers of nodes are huge in count. And moreover sensors have low processing capacity and scare power resources. Different routing protocols have © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 110 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 been developed for overcoming all these design issues for which several routing strategies for WSNs have been proposed. These routing protocols are classified based upon flat network architecture, clustered network architecture and location based network architecture. Routing techniques in WSN Clustered Location based Flat network network network architecture architecture architecture Fig 2 Routing Techniques in WSN Flat Network Architecture or data centric network architecture One class of routing protocols adopts flat network architecture. Here all nodes are act as peers. Flat routing provides equal functionality for all nodes in terms of transmitting and receiving data [8]. This approach of routing techniques is also known as data centric as number of nodes are huge and we cannot apply global address scheme to assign each node a global identifier therefore BS have to send queries for each part of field and then have to wait for results for that queries. So BS act as center for receiving all data. Direct diffusion (DD) and sensors protocols for information via negotiation (SPIN) are two of the suitable example for flat network architecture or data centric network architecture for routing. Clustered or hierarchy based Network Architecture A second class of routing protocols follows clustered way of organizing nodes in a network in which a node with greater residual energy assumes the role of a cluster head and all the nodes with less residual energy is assumed as simple sensor nodes. The cluster head duty is to coordinate activities for simple sensor nodes within the cluster and forwarding information between clusters. Here CH is responsible for collecting data from sensor nodes which they sense from their surrounding environment Clustering is a primary and best way of reducing energy consumption and provides energy efficient and reliable network. This type of architecture provides different functionality for a number of nodes [8]. We may call clustered network architecture as two layered network architecture as one layer is responsible for selection of cluster head for each cluster and other layers performs the routing functions like communication in between each cluster head and Base station. LEACH (Low energy adaptive clustered hierarchy) is the best example of clustered based architecture routing protocol. Location Based Approach A 3rd class of routing protocol follows the principle of using nodes location address for computation of routing path selection. In this approach data is routed depending upon the node‘s position [8]. Here a GPS (global positioning system) device is attached to each node for obtaining the node‘s position. GEAR (Geographic and energy aware routing). GAF( Geographic adaptive fidelity) and MBR( a mesh based routing protocol for wireless ad-hoc sensor network) are some of the example for location based approach. III. DESIGN CHALLENGES FOR ROUTING TECHNIQUES IN WSN WSN have scarce resources like battery power, radio resources which results in challenges in designing routing protocols for WSN. For making a routing protocol efficient, reliable and secure we must accomplish following design challenges [12]. Absence of centralized entity When compared to traditional network there is no centralized entity in wireless sensor networks for controlling the routing resources and for establish routing paths. WSN are formed out of multiple numbers of nodes so it is difficult to maintain the routing path for all the nodes via a single centralized entity. Moreover for a security purpose if a centralized entity is attacked or compromised; the entire network will face the damage of that attack as network may © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 111 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 die or corrupted totally. So for wireless sensor networks each node is responsible for their own path selection and for routing procedure. Flexibility in network As sensors nodes are deployed in a hostile environment for example like in military applications; it may happen that network may stop working due to such environment or due to battery failure of nodes. In such case routing protocols should cooperate with this eventuality so when a current-in-use node dies, an alternative route could be discovered and providing flexibility to network Prolonged network lifetime Routing protocols must have longer network lifetime so they can operate over long time period. Power resources are limited in wireless networks due to random deployments of nodes as battery is irreplaceable once it gets down. For making network lifetime prolonged a routing protocol must be designed in a way that energy dissipation must be reduced whatever may be the situation. Hence prolonging network lifetime is one of the major design issues in designing of routing protocols. Mobility Adaptability In WSN there may be hundreds and thousands of nodes deployed in a network and to be mobile are their feature. Depending upon diversity in application area of WSN there may arise the need of coping with the mobility of sensor nodes, with mobility of base station or with mobility of event detection in sensor field. Routing protocols must be able to cope with this mobility feature of nodes in order to design a better routing technique. Device diversity Device diversity is other major issue in designing a routing protocol. We use same type of nodes in civil application of sensor networks but in military application use of different functional nodes may give better results and provides benefit to network. Nodes having different radio and battery resources, different transceivers and receivers could result in a better energy efficient routing protocol. Among other, the network scalability, the energy drainage or the bandwidth is potential candidates to benefit from the heterogeneity of nodes [13]. QoS factor QoS is defined as a set of service requirement to be fulfilled when a packet stream is to be transmitted from source to sink. Moreover it is defined as the capability to confirm resource assurance and service differentiation in a wireless network [14]. QoS factors may include the packet delivery within bounded time, operating resources for long time period and reliability in network in terms of data transportation weather all the packets have been reached to sink or not. This requirement is essential to fulfill in energy aware routing protocols. [9]. Scalability As wireless sensor networks are composed of multiple numbers of nodes deployed in any hostile or random environment so routing protocols must be able to work efficiently and reliably with this large amount of nodes. Security Security is another major design issue for routing protocol because nodes are deployed in an hostile and random environment. As wireless sensor network is an open network; and a node may join and leave network anytime which may result in easy way of diminishing security of network because attack may occur anywhere in the network.. So routing protocols must be secure from malicious and false attacks. IV. LEACH: A CLUSTERED ROUTING PROTOCOL Clustered based routing technique is a key approach for increasing network lifetime of a network. LEACH is suitable example for this A. Pravin Renold et al. [2] presents that the routing protocol performs an important role in transmitting the data from source by forming a route to the destination via intermediate nodes and also helps for the effective usage of the power of the nodes when not in the mode of transmission. M. Bala Krishna et al. [3] presents that Energy efficient and energy aware protocols in sensor networks are based on the following characteristics [15]: Data Aggregation Collects data samples from a set of sensor nodes Data acquisition Collects data samples periodically or event based Duty cycle © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 112 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Enables the radio-receiver of a sensor node in sleep or idle state to increase the node life cycle Cluster Set of nodes with similar attributes like node distance and signal strength which are grouped together Mobility Static sensor nodes save more energy as compared to dynamic sensor nodes. Mobile sensor nodes are used if the energy levels of nodes are uneven and enhance the data delivery rate [3]. The LEACH (Low Energy Adaptive Clustering Hierarchy) protocol is a self-organizing adaptive energy efficient routing protocol based upon clustered network architecture. We may also call LEACH an example of two layer network architecture where one layer is responsible for selection of CH whose duty is to co-ordinate activities in between cluster and other layer is responsible for communication in between each CH and sink. V. WORKING METHODOLOGY FOR LEACH LEACH was proposed by Heinzelman, Chandrakasan and Balakrishnan. It is the best and suitable example of clustered based network architecture which uses TDMA/CDMA based scheduling to reduce intra cluster collision as well as inter cluster collision. Cluster C BS BS – Base station - Cluster head - Data flow Fig, 3 Architecture of leach The protocol partitions the network nodes in to clusters LEACH randomly selects nodes as cluster-heads (CH) and performs periodic reelection. And the remaining nodes are cluster members. The operation of leach protocol is split into two phases: set up and steady. Two Phases of Leach LEACH is divided into rounds; and each round is of two phase, set-up phase and steady phase Fig 4 The set up and steady state data transmission [11] © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 113 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Set-Up Phase First step is set-up phase where clusters are organized in a random manner having sensor nodes fitted in it and a head is selected for each cluster known as cluster head (CH) based upon threshold value. A sensor nodes have to choose r; a random number between o to 1. And after comparing this chosen random number with threshold value if the chosen number is less than threshold value T(n); the node is declared as cluster head. The threshold T(n) is finded by the formula given in fig. 5 After selection of cluster head, it advertises his selection to all remaining nodes. All nodes choose their nearest cluster head when they receive advertisement message based on the received signal strength. Then TDMA schedule is assigned by the CH for their cluster members or nodes so that each node can get his own time slot when it can transmit the data to CH. And algorithm will enter into a stable phase. Duration of set-up phase is less as compared to steady phase because it works for only selection of CH. Steady Phase: The steady state phase is the data transmission step which takes longer time than set-up phase. During this phase, nodes in each cluster send their data based on the allocated transmission time to their local cluster heads. To reduce the energy dissipation, the receiver of all non-cluster head nodes would be turned off until the nodes‘ defined allocated time. After receiving all the data from the nodes, the cluster head aggregates all the data sent from the member nodes into a single signal and transfers it to the base station VI. ANALYSIS OF LEACH PROTOCOL Although LEACH is a best example of clustered architecture still it suffers from some serious drawbacks. Based on analysis of LEACH some of the advantages and disadvantaged of protocol is found. Qing Bian et al. also present some of them in [5]. Merits The LEACH protocol as a typical sub-cluster routing protocol has the following advantages: In leach protocol the hierarchy, selection of path and routing information is relatively simple, and the sensor nodes do not need to store large amounts of routing information, and do not need complex functions. Second advantage is the cluster head node is randomly selected, the opportunity of each node is equal, and the load of whole network is balance. So that nodes, which have no energy, can be randomly distributed. And the LEACH algorithm uses hierarchical structure; due to data fusion mechanism cluster head reduces the energy consumption of data transmission, and therefore compared to the general multi-hop routing protocols and static clustering algorithm, LEACH protocol minimizes energy dissipation in sensor networks. LEACH can extend the network life-cycle of 15%.[6]. Demerits: Shijin Dai Xiaorong Jing et al [7] provides some problems of LEACH. They says that in spite of providing good feature it suffers from the following problems discussed below. It can't be applied 'to time critical applications. Nodes may loose their complete battery power when data transmitted during routing paths. Qing Bian et al. [5] presents that there are a number of deficiencies in LEACH algorithm. In selection of CH LEACH does not count the residual energy of each node rather CH is selected based upon threshold value only. As the CH in LEACH protocol are randomly generated, energy consumption can be evenly distributed in the network; however, it ignores residual energy of nodes, geographic location and other information in the election of cluster head node. So it can easily lead to exhaust the energy quickly in CH nodes. LEACH assumes that all the nodes can be directly communicate with the CH node and the BS node, the actual network of BSs are usually far away from the sensing area, this would make the CH which is far from the base station is easier to fail[15]. Therefore, expansion of the network is not strong, and not suitable for large networks. Because the distribution of CH is totally dependent on the random number, so the number of the CHs can be big at a regional, and the number of the CHs will be little at other regional. In the CHs centralized regional, the number of the general node is very © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 114 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 little, and this can have lost the meaning of hierarchical routing; in CHs sparse region, CH node is responsible for too much data, and the distance from the CH is far, transmitted signal energy consumption is too large. VII. VALUABLE FINDINGS OF LEACH Energy efficiency is primary concern which must be taken into consideration in any routing protocol. In spite of being best protocol in amongst all the routing protocols of WSN still LEACH protocol suffers from many problems which must be improved in future. Some of problems are as follows: More Energy Loss in Cluster Head Nodes Cluster head in LEACH protocol are randomly generated and energy consumption can be evenly distributed in the network; but, it ignores residual energy of nodes, geographic location and other information in the election of cluster head node. Due to this reason it can easily lead to exhaust the energy quickly in cluster head nodes. It is quite essential to design energy-efficient communication strategies for data gathering operation because considerable amount of communication in WSN involves how to collect data from target field. [10] Easy Failure of cluster head LEACH assumes that all the nodes can be directly communicate with the cluster head node and the base station node, the actual network of base stations are usually far away from the sensing area, this would make the cluster head which is far from the base station is easier to fail. Therefore, expansion of the network is not strong, and is not suitable for large networks. Because the distribution of cluster head is totally dependent on the random number, so the number of the cluster-heads can be big at a regional, and the number of the cluster heads will be little at other regional. In the cluster-heads centralized regional, the number of the general node is very little, and this can have lost the meaning of hierarchical routing; in cluster-heads sparse region, cluster head node is responsible for too much data, and the distance from the cluster head is far, transmitted signal energy consumption is too large. No Deployment for Large Region LEACH doesn‘t work reliably for large region. Nodes always have data to send. We don‘t even sure about the uniform distribution of CH nodes throughout the network. It may be possible that elected CH may be concentrated only in one part of network. Hence, few nodes will not have any CHs in their vicinity which shows that it doesn‘t work suitable for large network area Dynamic clustering a tough approach As LEACH network is dynamic network. This feature of network brings more overhead, overhead occurs in terms of change of CH for each round, so with that change new advertisements get created with each new round which may held responsible for energy dissipation in network. The protocol should be scaled to account for non-uniform energy sensor nodes, i.e., use energy-based threshold. No guarantee of real load balancing in case of sensor nodes with different amount of energy LEACH however performs the CH rotation for achieving real load balancing. But during the CH election we don‘t consider their residual energy so it cannot guarantee real load balancing in terms of different amount of initial energy for each node. If a node with less residual energy is selected as CH it may die early because data aggregation takes place at CH only which could lead to the energy holes and coverage problems. Reliability in terms of data transportation from CH to sink Data reliability is major concern in LEACH. As sink is located far from each cluster head so more transmission energy is required to send aggregated data to sink. it may happen that packets may get lost during this transmission phase when packets are transmitting from each CH to sink. And delay occurs because packet loss ratio is calculated at sink itself. Packet loss ratio is the ratio of how many packets broadcasted from CH and how many packets have been received by sink during the communication of each cluster to sink. VIII. Conclusion In this paper we present an energy efficient clustered routing protocol named LEACH. Increasing development and advancement in technology of sensors has made it feasible to have extremely tiny, and low powered sensing devices which are equipped with programmable computing, various parameter sensing and wireless communication capability. Routing protocols has become a very active research topic now days. A major challenge in designing an energy efficient protocol for wireless sensor networks is maximizing its network lifetime. Through this paper we © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 115 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 have analyzed LEACH protocol on the bases of network lifetime, stability period of protocol and the network throughput. This paper covers technical issues like routing techniques and design constraints for those routing techniques. The focus of this article was to find the valuable findings of LEACH based on its analysis which must be overcome for making LEACH more reliable and more energy efficient. Refrences [1] Wendi B. Heinzelman, Anathan P. Chandraskan, and Hari Blakrisshnan, ―An Application-Specific Protocol Architecture for Wireless Microsensor Networks‖, IEEE Trans. on Wireless Communications, 1 (4): 660-670, OCT 2002 [2] A.PravinRenold, R.Poongothai, R.Parthasarathy, ―Performance Analysis of LEACH with Gray Hole Attack in Wireless Sensor Networks‖, IEEE 2012. [3] M. Bala Krishna1 and M. N. Doja, ―Self-Organized Energy Conscious Clustering Protocol for Wireless Sensor Networks‖ ICACT 2012. [4] Heewook Shin, SangmanMoh, and Ilyong Chung,―Energy-Efficient Clustering with One Time Setup for Wireless Sensor Networks‖, 2012 Fourth International Conference on Computational Intelligence, Communication Systems and Networks, IEEE 2012. [5] Qing Bian, Yan Zhang, Yanjuan Zhao, ―Research on Clustering Routing Algorithms in Wireless Sensor Networks‖2010 International Conference on Intelligent Computation Technology and Automation IEEE 2010. [6] K. Romer and F. Mattern, ―The design space of wireless sensor networks,‖ Wireless Communications, IEEE,Dec. 2004. [7] Shijin Dai, Xiaorong Jing, Lemin Li ―Research and Analysis on Routing Protocols for Wireless Sensor Networks‖, IEEE 2005. [8] Rachid Ennaji, Mohammed Boulmalf, ―Routing in Wireless Sensor Networks‖ IEEE 2009 [9] G.H. Raghunandan, B.N. Lakshmi, ‖A Comparative Analysis of Routing Techniques for Wireless Sensor Networks‖ in Proceedings of the National Conference on Innovations in Emerging Technology-2011, IEEE 2011. [10] Yang Yu, Bhaskar Krishnamachari, and Viktor K. Prasanna ―Energy-Latency Tradeoffs for Data Gathering in Wireless Sensor Networks,‖ proceedings of International journal of Sensor Networks, July 2008. [11] M.Shankar, Dr.M.Sridar, Dr.M.Rajani, “Performance Evaluation of LEACH Protocol in Wireless Network”, International Journal of Scientific & Engineering Research, Volume 3, Issue 1, January- 2012. [12] Akkaya, K.; Younis, M. A Survey on Routing Protocols for Wireless Sensor Networks. Ad Hoc Netw. 2005, 3, 325–349 [13] Karl, H.; Willig, A. Protocols and Architectures for Wireless Sensor Networks. John Wiley & Sons: Chichester, West Sussex, UK, 2005 [14] Mohamed A. el-Gendy, Abhijit Bose, Kang G.Shin, ―Evolution of the Internet QoS and Support for Soft Real- Time Applications‖, In proceedings of IEEE, 2003 [15] Ajay jangra, Amisha Dhiman, ―A review on low energy adaptive clustering hierarchy (LEACH) routing protocol in WSN, ―International journal of advanced research in computer science and software engineering‖, Vol 3 issue 6 june 2013 © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 116 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Signature Based Detection of Web Application Attacks Ashish Verma1, Deepika2 Savitri Insan3 Shri Sukhmani College Of Engg. & Tech. Shree Krishan Innstitute Of Engg. & Tech Derabassi, Punjab, India Kurukshetra(Haryana), India Abstract : The web based application attacks are severe and therefore, detection techniques of the attacks are gaining popularity because of the crucial role that web based applications are playing. Web applications are used by almost everyone who is using a computer system. So attacks on these applications needs to be protected at the very moment. Several types of web application attacks are identified which are classified in different categories. Some work has been done in this direction to identify and neutralize the attacks but much more needs to be done. This paper presents the system for detecting the attacks related to web application attacks with the proposed solution in the form of signature based detection in the environment of Honeypots. Honeypot technology is in infant state but is growing very rapidly due to advantages of trapping the intruders very easily without being detected. Keywords : web applications, malware attacks, signature based detection, honeypot’s use to provide web application security. 1. Introduction and background work Any web based application is a software package that can be approached by using the web browser. These applications renders excellent advantages of today‘s technology to enhance organizational productivity and efficiency[1]. Online banking, web search engine , email applications and social network are just few examples of web based applications. The operations performed by web application depends on the input given. This scheme is indeed fantastic and has been proven very successful to support the information exchange on the Internet. On the other hand, cyber – crooks or attackers submit unexpected -well-crafted- inputs to remotely gain confidential data or perform unauthorized operations. An attacker or hacker or intruder or blackhat is somebody attempting to break into the existing system[19 ]. Since web services are becoming even more complex and ubiquitous, it is very difficult to come across all possible exceptions to the expected behavior of web servers and web applications. This explains why server-side web security is currently one of the key problems of the Internet[2] . These days attacks on the web based application services have become severe. The security is primarily related with people and processes rather than techniques. Web security is specifically related to internet and web systems.[3].There are mainly two types of users : Legitimate users that employ the expected web services and Malicious users which are cyber criminals. The legitimate users are always higher in number than the malicious users. So most of the requests to the web server are of licit demeanor. But due to ad hoc nature of web application requests , the malicious attacks are difficult to identify[2]. Web based application are often developed without a effectual security attacks that exploit web servers or server extensions represent a substantial portion of the total number of vulnerabilities. To detect web-based attacks, intrusion detection systems (IDSs) are configured with a number of signatures that support the detection of known attacks. Unfortunately, it is hard to keep intrusion detection signature sets updated with respect to the large numbers of continuously discovered vulnerabilities. In addition, vulnerabilities maybe introduced by custom web-based applications developed in-house. Developing ad hoc signatures to detect attacks against these applications is a time- intensive and error-prone activity that requires substantial security expertise[4]. There are some techniques available to detect the web application attacks but most of them need to be accompanied by the anomaly detection techniques. For the detection purpose , some systems analyze the client queries while some other refer server side programs. Some anomaly detection techniques take s as input the log format files of web server that conforms to some common log format. Then based on the particular structure of HTTP request, an anomaly score is produced for each web request and is compared with established profiles that are in accordance with specific program being referred. Anomaly based detection is based on the analysis of user‘s and application‘s behavior. The deviations from the normal behavior are interpreted as evidence of malicious activity [5,6,7,8,9]. These differences or deviations are expressed either quantitatively or qualitatively. There are some cases in which ―signature ― or ―policies‖ are used to specify the expected behavior of users and applications. Also statistical analysis can be used to characterize malicious activity and develop signature of attacks. Data mining technique is also available to characterize malicious attacks . This technique comes under learning based anomaly detection techniques. [see for example 10] . Detection of attacks in web applications can be deployed if sequence analysis is applied to system calls produced by particular application so as to identify normal call sequence for that specific application. [11] and [12]. These application specific attacks are used to identify previously unseen sequences also. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 117 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 As one more example , packet header information(e.g. source or destination ports, packet length, header length , network route version information etc.) and contents of application protocols can also be used to find out statistical analysis of the network traffic.[see for example 13 ]. By using multiple models of attack detection, it is possible to reduce the vulnerability of mimicry attacks.[14] in [16], the authors portrays a system that examine and analyzes the web logs of applications for the patterns of known attacks. There is another type of analysis scheme in which detection process is integrated with web application server itself [17]. But all these techniques suffer from a great problem that if all the attacks are not properly modeled, it becomes difficult to identify them. 2. Threats to Web Applications Based on Imperva‘s Web Application Attack Report , by carefully analyzing and observing the traffic of 40 websites during a period of 6 months(June- December 2011), traffic security attacks on these websites have been extracted and had been categorized into several categories , based on attack methods , identified patterns and trends. This report categorizes the technical web application attacks into following categorizes: 2.1. Remote File Inclusion: These kind of attacks allows the intruder to include a remote file , usually through a script , to a web server. These attacks contribute to data stealing and manipulation by executing malicious code on web server or on applicant‘s client side. If user supplied inputs are used without proper substantiation, the vulnerability of these attacks boost up. 2.2. SQL injection: The attack which exploits a security vulnerability in the database layer of any web application comes under this category. By using SQL injection the intruder can extract or manipulate the web application data. Incorrectly filtered user input SQL statements may lead to SQL injection attacks. 2.3. Local File Inclusion: Local file inclusion attacks include files on a server into the web server. These attacks may lead to malicious code execution on the web server. This vulnerability occurs if the web page to be included is not properly sanitized. 2.4. Cross site scripting: cross site scripting attacks allows the attacker to execute such scripts in victim‘s browser so as to hijack user session , steal his credentials, blemish his websites, inserting uncongenial content and redirecting the user. 2.5. Discovery Traversal: This attack orders the application to access a file on the web server which is not intended to be accessible and divulges its content to the attacker. The loopholes like insufficient security validation and insufficient sanitization of user supplied input file names may lead to directory traversal attacks. Out of these identified attacks, cross site scripting and directory traversal are the most dominant types. Automated attacks are preferred by attackers because these enable the attacker to attack more application simultaneously and exploit more vulnerability in comparison to any manual method. This impervia‘s report of web application attack actually shows large scale automated threats towards web applications. Millions of web applications are scanned by adversaries every day for vulnerabilities. Even a single successful infection can enhance their courage for doing more damage. These attackers do not have a specific target but they leverage automated tools and search engine‘s information aggregation service to find their victims, identify the vulnerabilities and launch the attacks. Honeypots can be used to detect these kinds of attacks. A honeypot is like a legitimate host used to collect information about threats existing in the network. These threats are probably not collected by the network intruder detection system. Honeypots come in many varieties, ranging from high interaction Honeypots (HIH), which can be deployed in real time systems like operating systems, servers and applications etc. to Low interaction systems which generally consist of emulating services mimicking the IT services. Intrusion detection is a challenging process. The challenge includes actively monitoring all the systems as well as reacting to different events quickly. The security integrity checkers are running on computers which are used on daily basis. large number of connections and data transfers result in huge log files and also make it difficult to differentiate between normal traffic and intrusion attempt accurately. Database App IDS Firewall Web Servers Application Servers User/Attacker Figure 1. Web application attacks detection system in the form of block diagram. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 118 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Honeypots are used to detect and analyze the attacks performed by the attackers. Honeypot can be a program, machine or system on a network, as bait to the attackers. Honeypots are basically virtual machines which are seemed as legitimate hosts by the intruders. Theses virtual machines emulate real machines by feigning running services and open ports. They attract the attention of attacker so that they spend valuable time and resources will be used to try to exploit the system while the activities of the attackers are monitored and recorded by the honeypots. With the help of these systems, attacking techniques can be learned and they also can be viewed as a decoy to distract the attention of hackers from real systems and services. So honeypots are basically classified as deceive systems. These systems should not be used as a solution to network security but as ad aid to it. 3. Proposed signature based of web application attacks This section introduces the detection of web based application attacks by using signature employed in honeynets. The systems are attacked by intruders in different manners. Their behavior is analyzed and monitored. There are several techniques available for detecting the nature of attacks. Signature based detection is one of the newest technology employed. Working of Honeynet networks : Web application Honeypot is a web server having an attack surface. The attack surface is basically HTML content which has been indexed by search engine. These contents are linked to files with known vulnerabilities. The attackers are attracted towards these vulnerable files and these files are classified according to request. The classification process is simplified by the Honeypots by seeing little legitimate traffic. For example if attacker tries to exploit the SQL injection vulnerability which discloses the database information, then classifier should recognize the SQL injection and emulator will return the error message. Web application Honeypots also contain the reporting capabilities which allows the defender to analyze and collect the related data. The web application Honeypots which have been previously developed (Google Hack Honeypot [29], HIHAT [30] etc.) are able to handle the attacks that targets the specific set of known vulnerabilities. Figure 2. Typical Honeypot block diagram The web detection intrusion systems are equipped with large no. of signatures. The application layer knowledge of data as well as signatures is necessary to detect common web attacks. Bro IDS scripting language is used to implement these attacks. Bro IDS is an open source, Unix based Network Intrusion detection system(NIDS), which passively monitors network traffic and look for suspicious activities. Network traffic is parsed into application level semantics and then event oriented analysis is executed that compare activities with known patterns. This analysis includes detection of specific attacks including the category identify by signature and also in terms of events or unusual activities. Bro identifies these kinds of attacks. If something interesting is detected, it is instructed to generate either log entry, alert the operation in real time, execute operating system commands etc. Bro log files can be used for forensic purpose also. Bro works on the principal of using signature. An important feature of Bro is that Bro scripts could be written to understand application semantics and can be trained to look for anomalies which can effectively eliminate the attacks compared to other pattern oriented detection systems. SNORT is signature based intrusion detection system which is based on the availability of good signature to detect intrusion. A pattern could be similar to HTTP request containing c:\boot.ini to a windows web server or etc\passwd for a linux web server. In any signature based © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 119 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 detection system, the observed packets are matched using available signature using regular expression. Thus the quality of detection is based on the quality of the signature base whereas Bro is an anomaly based intrusion detection system that matches the observed packets with the desired application profile. Most of the attacks sneak through the signature based detection systems. For example, if XSS attacks are considered, the IDS looks for the presence of script characters. The intruder can be easily fooled by using different encoding schemes. 4. Conclusion Web application threat detection is an area with immense possibilities. There are some techniques which have been developed to discover the presence of attacks but a modern way is to analyze the behavior of the attacker which is possible with the help of honeypots. Web application are used by numerous computer users and therefore a luring target for the intruders. We have discussed some of the approaches towards web based application‘s threat detection with the implementation of honeypots but a lot is to be done. Acknowledgment We would like to thank both the institute, Shri sukhmani Institute of engg. and tech. as well as Shri Krishan institute of engg. and tech. for providing the collaboration among staff members and environment for a common workplace with our sincere thanks to all the work in concerned area to provide the useful help in collecting the available facts for further analysis. References [1] http://www.netsity.com/webbasedapplication.htm [2] Tom Diethe, Nello Cristianini, John Shawe-Taylor, Detection of Server-side Web Attacks, in proceedings of Workshop on Applications of Pattern Analysis, University of Cagliari, Italy, vol (2010) 1-7 [3] http://en.wikipedia.org/wiki/Web_application_security [4] Christopher Kruegel , Giovanni Vigna , A multi-model approach to the detection of web-based attacks, William Robertson Reliable Software Group, University of California, Santa Barbara, USA [5] ] D.E. Denning, An intrusion detection model, IEEE Transactions on Software Engineering 13 (2) (1987) 222– 232., [6] H.S. Javitz, A. Valdes, The SRI IDES statistical anomaly detector, in: Proceedings of the IEEE Symposium on Securityand Privacy, Oakland, CA, May1991. [7] A.K. Ghosh, J. Wanken, F. Charron, Detecting anomalous and unknown intrusions against programs, in: Proceedings of the Annual Computer Security Application Conference (ACSAC 98), Scottsdale, AZ, December 1998, pp. 267. [8] T. Lane, C.E. Brodley, Temporal sequence learning and data reduction for anomalydetection, in: Proceedings of the ACM Conference on Computer and Communications Security, San Francisco, CA, ACM Press, New York, 1998, pp. 150–158. [9] H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, B. Miller, Formalizing sensitivity in static analysis for intrusion detection, in: Proceedings of the IEEE Symposium on Securityand Privacy, Oakland, CA, May2004. [10] L. Portnoy, E. Eskin, S. Stolfo, Intrusion detection with unlabeled data using clustering, in: Proceedings of ACM CSS Workshop on Data Mining Applied to Security, Philadelphia, PA, November 2001. [11] S. Forrest, A sense of self for UNIX processes, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1996, pp. 120–128 [12] C. Warrender, S. Forrest, B.A. Pearlmutter, Detecting intrusions using system calls: alternative data models, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1999, pp. 133–145. [13] M. Mahoney, P. Chan, Learning nonstationary models of normal network traffic for detecting novel attacks, in: Proceedings of the 8th International Conference on Knowledge Discoveryand Data Mining, Edmonton, Alberta, Canada, 2002, pp. 376–385 [14] D. Wagner, P. Soto, Mimicry attacks on host-based intrusion detection systems, in: Proceedings of the ACM Conference on Computer and Communications Security, Washington, DC, November 2002, pp. 255–264. [15] K.M.C. Tan, K.S. Killourhy, R.A. Maxion, Undermining an anomaly-based intrusion detection system using common exploits, in: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID), Zurich, Switzerland, October 2002, pp. 54–73. [16] M. Almgren, H. Debar, M. Dacier, A lightweight tool for detecting web server attacks, in: Proceedings of the ISOC Symposium on Network and Distributed Systems Security, San Diego, CA, February2000. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 120 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [17] M. Almgren, U. Lindqvist, Application-integrated data collection for securitymonitoring, in: Proceedings of Recent Advances in Intrusion Detection (RAID), Davis, CA, October 2001, LNCS, Springer, 2001, pp. 22– 36. [18] http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed2.pdf [19] Sanjeev kumar, Deepika Thardak, Ashish Verma,Distributed honeynet based secure network, in proceedings of Role of ICT in societal application and industrial development, in March 2012. [20] Cyber Fast Track: Web Application Honeypot Final Report Author: Honeynet Project Date: July 27, 2012 [21] http://www.honeynet.org/node/7 [22] http://www.honeynet.org/node/185 [23] http://www.scmagazine.com/signature-based-or-anomaly-based-intrusion-detection-the-practice-and- pitfalls/article/30471/ [24] http://en.wikipedia.org/wiki/Intrusion_detection_system [25] http://www.ibm.com/developerworks/library/wa-appsecurity/ [26] Lanoy, A. ,Romney, G.W. A Virtual Honey Net as a Teaching Resource , Information Technology Based Higher Education and Training, 2006. ITHET '06. 7th International Conference , July 2006 [27] IT security education is enhanced by analyzing Honeynet data Romney, G.W. Inf. Technol., Brigham Young Univ., Provo, UT, USA [28] Jones, J.K. ; Rogers, B.L. ; MacCabe, P. Information Technology Based Higher Education and Training, 2005. ITHET 2005. 6th International Conference, July 2005 [29] Increasing Overall Network Security by Integrating Signature-Based NIDS with Packet Filtering Firewall Artificial Intelligence, 2009. JCAI '09. International Joint Conference on April 2009 [30] http://ghh.sourceforge.net/ [31] http://hihat.sourceforge.net/ © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 121 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Secure Wireless Sensor Networks: Issues and Solution Rakesh Sharma Pinki Sharma, Sunil Kumar Kaushik, Dr. Anil Jakhar Research Scholar Computer Science & Engineering Punjab Technical University HCTM Technical Campus Jalandhar, Punjab, India Kaithal, Haryana, India Abstract: As device networks edge nearer towards wide-spread preparation, security problems become a central concern. So far, the most analysis focus has been on creating device networks possible and helpful and less stress was placed on security. This paper analyzes security challenges in wireless device networks and summarizes key problems that ought to be resolved for achieving the unplanned security. It offers a summary of this state of solutions on such key problems as secure routing, hindrance of denial-of-service and key management service. We tend to additionally gift some secure ways to realize security in wireless device networks. Finally we tend to gift our integrated approach to securing device networks. Keywords: device networks, wireless networks, security 1. INTRODUCTION Terribly energy-efficient, scalable, and robust security services together with confidentiality, integrity, and group- level authentication of device knowledge and routing management traffic area unit required. Though important progress has been shown in developing Wireless device Networks (WSN) in several aspects together with topology management, routing formula, Macintosh protocol and device knowledge management (please discuss with a comprehensive review on WSN in [1]), little or no work is completed on securing WSN. Analysis into authentication and confidentiality mechanisms designed specifically for WSN is required. To know the intense limitations of current security mechanisms, it's necessary to comprehend the salient variations between WSN and general ad-hoc networks1 since some proposals were already raised for securing ad-hoc networks [7-9]. The options of WSN like low-memory; low energy and large-scale nodes build it impractical to use the bulk of this secure algorithm that was designed for powerful workstations. As an example, the remembering of a device node is light to even hold the variables (of decent length to make sure security) that area unit needed in uneven crypto logical algorithms [4]. The primary challenges of security in device networks consists the conflicting interest between minimizing resource consumption and maximizing security. Thus the quality of a possible answer depends however smart the compromise it achieves is. The resource during this context includes energy likewise as procedure resource like hardware cycles, memory, and communication information measure. As expressed within the Introduction section, any security mechanisms for WSN ought to take the subsequent has 5 major resource constraints into consideration: (1) restricted energy, (2) restricted memory, (3) restricted computing power, (4) restricted communication information measure, (5) restricted communication range; a lot of or less in descendent order of acuteness. Secondly, the capabilities and constraints of device node hardware can influence the kind of security mechanisms that may be hosted on a device node platform. Since the number of extra energy consumed for safeguarding every message is comparatively little, the best shopper of energy within the security realm is essential institution [3]. Thirdly, the ad-hoc networking topology renders a WSN at risk of link attacks starting from passive eavesdropping to active busy bodied. In contrast to fastened hardwired networks with physical defense at firewalls and gateways, attacks on a WSN will come back from all directions and target at any node. Injury will embody unseaworthy secret info, busy bodied message and impersonating nodes, therefore violating the higher than security goals. Fourthly, the wireless communication characteristics of WSN render ancient wired-based security schemes impractical. Table a pair of lists salient networking options of WSN and their corresponding impacts on security style. Supported the higher than analysis on the protection challenges, challenges and potential attacks in WSN, we tend to more summarize 3 key problems for achieving the protection of unplanned networks: (1)Key Management in WSN Confidentiality, integrity, associate degreed authentication services area unit vital to preventing an antagonist from compromising the protection of a WSN. Key management is likewise vital to establishing the keys necessary to supply this protection in WSN. However, providing key management is tough because of the unplanned nature, intermittent property, and resource limitations of the device network setting. Ancient key management service relies on a trustworthy entity referred to as a certificate authority (CA) to issue public key certificate of each node. The trustworthy CA is needed to be on-line in several cases to support public key revocation and renewal. However it's dangerous to line up a key management service employing a single CA during a device network. The one CA is the © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 122 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 vulnerable purpose of the network. If the CA is compromised, the protection of the whole network is crashed. A way to found out a trustworthy key management service for the WSN may be a huge issue. (2) Securing routing of WSN There are unit two sorts of threats to unplanned routing protocols [15]: (1) External attackers. The attacks embody injecting incorrect routing info, replaying recent routing info, and distorting routing info. Exploitation these ways that, the attackers will with success partition a network or introduce excessive traffic load into the network, thus cause retransmission and ineffective routing. Exploitation crypto logical schemes, like secret writing and digital signature will defend against the external attacks. (2) Internal compromised nodes. They might send malicious routing info to different nodes. It‘s a lot of severe as a result of it's terribly tough to observe such malicious info as a result of compromised node may also generate valid signature. Existing routing protocols cope well with the dynamic topology, however sometimes supply very little or no security measures [8]. An additional challenge here is that the implementation of the secured routing protocol during a network setting with dynamic topology, vulnerable nodes, restricted procedure skills and strict power constrains. (3)Hindrance of Denial-of-service Strictly speaking, though we tend to sometimes use the term Denial-of-service (DoS) to discuss with associate degree adversary‘s decide to disrupt, subvert, or destroy a network, a DoS attack is any event that diminishes or eliminates a network‘s capability to perform its expected perform. Hardware failures, software system bugs, resource exhaustion, environmental conditions, or any difficult interaction between these factors will cause DoS. Associate degree antagonist could possess a broad vary of DoS attack capabilities in WSN. As an example, wireless device networks are often via aircraft deployed in enemy territory. If the enemy already includes a wired network and installation obtainable and might act with the new deployed device network, it will apply powerful back-end resources to subvert or disrupt the new network. The subsequent three sections can more discuss the above mentioned three problems from three aspects: downside description, current analysis standing and our advised approach. In section half-dozen we'll gift our integrated approach to secure WSN. 2. Key Management in WSN 2.1 Downside description Most of the protection mechanisms need the employment of some quite cytological keys that require to be shared between the human action parties. The aim of key management is to [31]: • Initialize system users at intervals a website. • Generate, distribute and install keying material. • Management the employment of keying material. • Update, revoke and destroy keying material. • Store, backup/recover and archive keying material. But key management is associate degree unresolved downside in WSN. Ancient web vogue key management protocols supported infrastructures exploitation trustworthy third parties area unit impractical for big scale WSNs thanks to the unknown configuration before preparation and high node constraints like restricted power and restricted transmission vary. At the extremes, there's network-wide pre-deployed keying and node-specific pre- deployed keying in device networks [36]. Typically speaking, the matters of key management in WSN are often rotten into the subsequent sub-problems: • Key Pre-distribution: To date, the sole sensible choices for the distribution of keys to device nodes in WSN whose topology is unknown before preparation can have to be compelled to deem key pre-distribution [37]. Keys have to be compelled to be put in device nodes to secure communications. However, ancient key-distribution schemes have the subsequent shortcoming: either one mission key or a group of separate n-1 keys, every being pair-wise in private shared with another node, have to be compelled to be put in each device node. In key pre-distribution, an enormous issue is a way to load a group of keys (called key ring) into the restricted memory of every device. Different issues embody the saving of the key symbol of a hoop and associating device symbol with a trustworthy controller node. • Neighbor discovery: Every node has to discover its neighbors in wireless communication vary with that its shares keys. Therefore neighbor discovery is additionally referred to as shared-key discovery that establishes the topology of the device array as seen by the routing layer of the WSN. A ‗link‘ exists between two device nodes provided that they share a key. Smart neighbor discovery theme won't offer associate degree wrongdoer any chance to get the shared keys and therefore the wrongdoer will solely do traffic analysis. • End-to-end path-key establishment: © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 123 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 For any combine of nodes that don't share a key however area unit connected by multiple hops ought to be allotted a path key for end-to-end secure communication. Path-key can't be the one already utilized by the shared keys between neighbor nodes. • Uninflected aberrant nodes: An aberrant node is one that's not functioning as such as. Distinctive and uninflected aberrant nodes that area unit serving as intermediate nodes is very important to the continuing operation of the device network. A node could stop to perform evidently for the subsequent reasons [6]: It has exhausted its supply of power. • It‘s broken by associate degree wrongdoer. • It dependent upon associate degree intermediate node and is being deliberately blocked as a result of the intermediate node has been compromised. • Associate degree intermediate node has been compromised and it's corrupting the communication by modifying knowledge before forwarding it. • A node has been compromised and it communicates fictitious info to the bottom station. • Re-keying: Although it's anticipated that in most WSNs the life of a key shared between two nodes exceeds that of the two nodes, its potential that in some cases the life of keys expires and re-keying should occur. Re-keying may be a challenge issue since new keys has to be generated in associate degree energy-efficient approach and therefore the re- keying amount ought to be determined supported the protection level to be achieved. Re-keying is equivalent with a self revocation of a key by a node. • Key-establishment latency: Recent investigation reveals that latency is probably a big impediment to secure network formatting [42]. Like energy consumption, latency because of communications may be a lot of larger issue than procedure latency. Therefore any key management theme ought to take latency reduction as an important issue. 2.2 Solutions Currently there is a unit some key management schemes that may be partly used for securing WSN environments despite the fact that most of these schemes area unit projected for general unplanned networks. Hybrid key-based protocols: An obvious conclusion from current analysis results is that one keying protocol won't be best for all device network topologies, densities, sizes, and situations. Protocols like Identity-Based even Keying and wealthy Uncle have restricted application till the network‘s routing infrastructure has been sufficiently well established. Separately different protocols like the public-key cluster and combine wise keying protocols consume an excessive amount of energy. For important device networks, a combination of public key-based protocols, together with combine wise, cluster keying, and distribution keying, offer associate degree energy potency superior to exploitation simply one protocol [3]. Threshold cryptography: A solution to handle key management generally unplanned networks is projected by Zhou dynasty and Hass in [8] and will be borrowed to WSN environments. It uses a (k, n) threshold theme to distribute the services of the certificate authority to a group of specialized server nodes. Every of those nodes are capable of generating a partial certificate exploitation their share of the certificate language key sk CA, however solely by combining k such partial certificates will a legitimate certificate be obtained. The answer is appropriate for planned, long-run unplanned networks. However, it should not be applicable for WSN as a result of device networks will lose some nodes whose energy is run out of. Additionally, [8] relies on public key secret writing and therefore needs that the all the nodes area unit capable of playacting the required computations, which cannot be possible for energy-limited device nodes. Certificate repository: Hubaux et al. [35] go a step any than [8], by requiring every node to keep up its own certificate repository. These repositories store the general public certificates that the node themselves issue, and a specific set of certificates issued by the others. The performance is outlined by the likelihood that any node will get and verify the general public key of the other user, exploitation solely the native certificate repositories of the two users. The perplexity is: too several certificates during a device node would simply exceed their capability, however too few may greatly impact the performance (as antecedently defined) of the complete network. Fully Distributed Certificate Authority Fully Distributed Certificate Authority is initially represented by Nilotic and atomic number 71 in [32] and later analyzed by Nilotic et al in [9] and [33]. Its uses a (k, n) threshold theme to distribute AN RSA certificate language key to any or all nodes within the network. It additionally uses verifiable and proactive secret sharing mechanisms to © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 124 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 guard against denial of service attacks and compromise of the certificate language key. Since the service is distributed among all the nodes after they be a part of the network, there's no got to elect or opt for any specialized server nodes. almost like the answer conferred in [8], this resolution is aimed towards planned, long impromptu networks with nodes capable of public key encoding and so couldn't adapt the routing dynamical of device networks. Pebblenets: Secure Pebblenets planned by Basagni et al [5] provides a distributed key management system supported isobilateral encoding. The answer provides cluster authentication, message integrity and confidentiality. This resolution is appropriate for planned and distributed, long impromptu networks consisting of low performance nodes that are unable to perform public key encoding. We have a tendency to hold an equivalent opinion as [34] and believe that this resolution will give a lot of sensible security theme for device networks. Pebblenets use solely isobilateral cryptography. The disadvantage is that after a node is compromised, forward secrecy is broken; so tamper- resistance becomes crucial. Of threshold cryptography [45, p. 71]. Additionally, in Pebblenets a key management server not solely needs to store its own key combine, however additionally the general public keys of all the nodes within the network. the problem includes the storage demand exerted on the servers that should doubtless be specialized nodes within the network, and therefore the overhead in language and substantiating routing message each in terms of computation and of communication. 3. SECURE ROUTING IN WSN 3.1 Downside description There are several new routing protocols planned for impromptu networks and a few of them will be employed in WSN [38]. Among those routing protocols, the impromptu On-demand Distance Vector (AODV) protocol [39] and therefore the Dynamic supply Routing (DSR) protocol [40] have recorded excellent performance [41]. Sadly security problems arise with these protocols, as a result of security measures aren't designed constitutional [49]. We are able to any formulate the secure WSN routing downside as follows: Denote A, B as principals, like human activity nodes; and KAB and KBA denote the key raincoat keys shared between A and B (one key for every direction of communication). Raincoat KAB (M) denotes the computation of the message authentication code (MAC) of message M with the MAC key KAB. We‘d like to resolve the subsequent issues for secure WSN routing protocols: (1) An authentication mechanism with low computation and communication overhead is required to stop a wrongdoer from playacting a Denial-of-Service (DoS) attack by flooding nodes with malicious messages, overwhelming them with the value of substantiating authentication. As an example, for point-to-point authentication of a message, we have a tendency to could use a message authentication code (MAC) and a shared key between the two parties [50]. (2) Secure Route Discovery. Assume that the instigator A performs a Route Discovery for target B, which they share the key keys KAB and KBA, severally, for message authentication in every direction. Route Discovery mechanism ought to modify the target to verify the genuineness of the Route Requestor; It additionally has to attest information in route request messages and route reply messages through the exploitation of KAB and KBA. Malicious nodes could also be avoided throughout Route Discovery. for instance, every Route Request Message will embrace a listing of nodes to avoid, and therefore the raincoat that forms the initial hash chain part is then computed over that list of nodes. Malicious nodes cannot add or take away nodes from this list while not being detected by the target. (3) Route Maintenance. A node forwarding a packet to following hop on the supply route returns a route error message to the initial sender of the packet if it's unable to deliver the packet to following hop when a restricted range of retransmission tries. It‘s an enormous issue to secure those route error messages and forestall unauthorized nodes from causation those messages. (4) Defensive from Routing Misbehavior: we'd like a way of determinative whether or not intermediate nodes are indeed forwarding packets that they need been requested to forward. For instance, Watchdog and Path rater [18] plan to solve this downside by distinguishing the assaultive nodes and avoiding them within the routes used. (5) Defensive from flooding attack: an energetic wrongdoer will plan to degrade the performance of DSR or alternative on-demand routing protocols by repeatedly initiating Route Discovery. During this attack, a wrongdoer sends Route Request packets that the routing protocol floods throughout the network. To guard the routing protocols from a flood of Route Request packets, we'd like a mechanism that allows nodes to instantly attest ROUTE Requests, therefore nodes will filtrate cast or excessive Request packets. In [50] the authors introduce Route Discovery chains, a mechanism for authenticating Route Discoveries, permitting every node to rate-limit Discoveries initiated by any node. 3.2 Solutions © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 125 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Some analysis work is finished so as to secure impromptu routing formula. As an example, a security-enhanced version of AODV referred to as Security-aware AODV (SAODV) is introduced in [43]. It‘s claimed that SAODV achieves a satisfactory performance-overhead trade-off. But the very fact that it's a metric-centric approach that depends on a user-defined, application dependent parameter for evaluating trust level, doesn't solve the premise of the protection downside and leaves plenty of inquiries to be answered. There are alternative approaches wherever route redundancy is that the property that's largely taken advantage of [44-45]. Besides security performance, energy consumption raises concern concerning the practicable-ness of a specific protocol since energy is that the most vital think about WSN. The on top of approaches to securing routing is most applicable to general impromptu networks. However, their ideas will be part wont to secure WSN routing. Up to now there are solely a number of proposals that are raised specifically for securing routing of device networks. We have a tendency to summarize their options as follows: (1) SPINS SPINS (Security Protocols for device Networks) is one in every of the exceptions wherever routing is AN application of security framework [4]. SPINS comprised of device Network encoding Protocol (SNEP) and μTESLA. The performance of SNEP is to produce confidentiality (privacy), two-party information authentication, integrity and freshness. μTESLA is to produce authentication to information broadcasts. (2) Ariadne Ariadne [46, 50] absorbs the ideas of SPINS and came out with a hardened version of DSR. One in every of the wants is that each node needs to be able to generate a unidirectional key chain. Since the memory of a device node is proscribed, it cannot afford to come up with a protracted key chain, so needs to pay plenty of your time generating keys. By imposing genuineness alone, Greek deity doesn't guard against attacks by multiple colluding nodes. (3) INSENS A recent resolution referred to as INSENS (INtrusiontolerant routing protocol for wireless device NetworkS) for securing WSN routing is planned in [48]. A vital property of INSENS is that whereas a malicious node could also be able to compromise a little range of nodes in its locality, it cannot cause widespread injury within the network. 4. Hindrance of Denial-of-Service attacks in WSN In Denial-of-Service (DoS) attacks, the hacker‘s objective is to render target machines inaccessible by legitimate users. WSN while not spare protection from DoS attacks might not be deployable in several areas. Except for special cases whereby a priori trust exists altogether nodes, the nodes of a commercial hoc device network can't be sure for the proper execution of important network functions. Essential network operations that assure basic property will be heavily jeopardized by nodes that don't properly execute their share of the network operations like routing, packet forwarding, name-to address mapping, and so on. Node misdeed that affects these operations could vary from easy stinginess or lack of collaboration owing to the requirement for power saving to active attacks aiming at denial of service (DoS) and subversion of traffic. There are two sorts of DoS attacks [16]: • Passive attacks: egotistic nodes use the network however don't collaborate, saving battery life for his or her own communications: they are doing not shall directly injury alternative nodes. • Active attacks: Malicious nodes injury alternative nodes by inflicting network outage by partitioning whereas saving battery life isn't a priority. DoS attacks will happen in multiple WSN protocol layers [11]. There is little work done on the hindrance of DoS attacks. Tries to feature DoS resistance to existing protocols typically specialize in cryptographic-authentication mechanisms. Except for the restricted resources that build digital-signature schemes impractical, authentication in device networks poses serious complications. Currently there are four mechanisms that might be useful to beat DoS attacks in WSN: • Watchdog scheme: Based on the on top of analysis, we are able to see that a necessary operation to beat DoS attacks is to spot and circumvent the misbehaving nodes. Watchdog theme tries to realize this purpose through the exploitation of two concepts: watchdog and path-rater [18]. • Rating scheme: Watchdog theme was any investigated and extended to rating theme [19-21]. In rating theme the neighbors of any single node collaborate in rating the node, consistent with however well the node executes the functions requested from it. • Virtual currency: This theme conceptualized the motivation for nodes to not be egotistic as nuglets, a form of virtual currency additionally referred to as nuglets) [22, 23]. • Route DoS prevention: This theme tries to stop DoS within the routing layer through the cooperation of multiple nodes. In [24] the authors introduce a mechanism to assure routing security, fairness and lustiness targeted to mobile impromptu networks. In © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 126 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [25], the authors planned levels of protection as a negotiable metric in route discovery. During this approach, a combine of nodes establishes an exact application specific level of protection before any security-sensitive traffic begins. The explanations that we recommend the on top of security steps are as follows: 5. Our planned approach Our planned device network security theme includes four phases (see Figure 1). 1. Key pre-distribution 2. Topology forming/routing algorithms 3. Cluster-based Re-keying 4. Hierarchical Authentication Fig. 1 Integration security with routing (1) Phase one principle (key pre-distribution): to realize security, communication ought to be encrypted and attested. The open downside is a way to bootstrap secure communications between device nodes, i.e. key agreement downside. There are presently three sorts of general key agreement schemes: trusted-server schemes, self-enforcing schemes, and key pre-distribution schemes. Trusted-server schemes rely upon a sure server for key agreement between nodes; that isn't appropriate for device networks as a result of in a commercial hoc network situation one cannot typically assume any sure infrastructure. Self-enforcing schemes rely upon uneven cryptography; AN example is AN attested key agreement protocol exploitation public-key certificates. However, as acknowledged in [72], the restricted computation and energy resources of device nodes typically build it undesirable to use public-key algorithms. The third kind of key agreement theme is vital pre-distribution, wherever key info is distributed to any or all device nodes before preparation. The third theme is approved to be the sole possible one to bootstrap device network security transmission [76]. (2) Section two combine of principle (cluster-based routing forming): though some key management schemes were planned to come up with pair wise keys [76] or world keys (key shared between base station and every sensor) [72], they unheeded the particular design characteristics of device networks as follows: • The biggest concern in device networks is energy. Most energy is consumed in communication rather than native procession [72]. To avoid wasting communication overhead, information aggregations in some immediate sensors are necessary. So every device shouldn't solely share a world key with the bottom station (sink) however additionally share ―link‖ keys with the aggregation sensors. A way to opt for aggregation devices during a large- scale and dynamic sensor network? a way to generate ―link‖ keys periodically? Current security schemes don't address these issues. • We argue that a sensible security theme ought to be supported AN energy-efficient routing theme. We have a tendency to so propose a cluster-based routing design when key pre-distribution and device preparation. Our cluster- based theme is completely different from current routing algorithms like ZRP [78] and LEACH [77]. To avoid wasting energy, we recommend a minimum spanning tree topology organization in every cluster. Between clusters we have a tendency to adopt con-centric cost-level design to seek out a reliable information forwarding path. For our detail routing formula please talk to [79]. (3) Section three principle (re-keying): several device networks have dynamic topology like piece of land observance, control and animal surroundings study. The enemies could capture some sensors. New sensors will be further to AN existing network for compensating the dead sensors that run out-of-power. So sporadically we'd like to update the keys. Most security themes ignore the importance of re-keying scheme. We have a tendency to propose the change procedure of two sorts of keys in device networks: cluster key and combine wise key. We have a tendency to additionally calculate the re-keying amount consistent with sensors‘ quality feature. (4) Section four principle (Hierarchical Authentication): one in every of the foremost necessary issues in device networks is ―broadcast authentication‖ downside. That is, if a wrongdoer declares itself as a legal base station and broadcast false commands to the sensors; however can we establish such phony packets? In [72], a low-energy © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 127 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 broadcast authentication theme is planned. However, it doesn't adapt to the subsequent situation: if the time period of a device network is far larger than every authentication interval, we are going to have a protracted key chain and intense key calculations. 5.1 Section one: Key pre-distribution: The first step of our integrated security theme is vital pre-distribution. We have a tendency to already provide the explanation of this introduce last section. Suppose we have a tendency to drop a bunch of sensors from the plane to a piece of land, however will we have a tendency to check that any of 2 sensors will notice a shared key to encrypt/decrypt their messages, i.e. they need a pair-wise key? Please notice we have a tendency to cannot use public key (Asymmetric approach) theme to secure transmission since the restricted memory of a device cannot even hold a public key that's generally a number of thousand bytes [72]. Presently 2 schemes are planned to handle key pre-distribution downside in device networks: key-pool approach [73] and probabilistic approach [76]. we have a tendency to like the latter approach since it desires an excessive amount of memory and calculation overhead of we have a tendency to build a key chain in every device and check that any two sensors share a key at (at least) five hundredth likelihood. We have a tendency to additionally counsel the exploitation of Blom theme [75, 80] to come up with a brief matrix once two sensors got to build a secure channel. Blom theme simply desires a ‗seed‘ (it will be the device ID) pre-stored in every device. Every seed will generate a matrix over a finite field. If there's a typical area between two matrixes, a shared key will be got wind [80]. 5.2 Section a pair of: self-organizing sensors to a cluster based mostly topology and routing design After sensors are deployed every which way in a region, to cut back key generation overhead (a flat topology will lead an exponential increase of pair-wise key generation frequency with the rise of network density [68]), we decide some sensors to become cluster heads supported ―Voronoi Tessellation theory‖ [79]. The selecting likelihood decreases with the rise of device density (Fig.2). When some sensors declare themselves as cluster heads, they send ‗hello‘ messages to the neighboring sensors to make clusters. Within every cluster, we have a tendency to adopt Minimum Spanning Tree (MST) formula to keep up a connected intra-cluster topology. Detail Mountain Standard Time formula is in [79]. Between completely different clusters, to seek out low-energy secure path, we have a tendency to propose a con-centric topology forming design [79], every cluster head maintains a value level that's determined by the hop range and needed communication energy consumption between itself and base station. Figure four clearly shows that our cluster-based routing theme will greatly save communication overhead compared to alternative device network routing schemes like LEACH and ZRP. Fig. 2: cluster-head choosing probability~ sensor © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 128 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Fig.3:re-keying period~speed Fig.4 Cluster topology saves energy 5.3 Section three: Re-keying To adapt to the dynamic topology of device networks, we have a tendency to update keys (re-keying) sporadically. The re-keying amount is calculated supported the quality issue [79] (see Fig.3). In our re-keying theme, we are going to update two keys: (1) Cluster keys that are shared between every cluster head and everyone its cluster members. So information aggregation security will be achieved through cluster keys; (2) Pair-wise keys that are shared solely between any two sensors themselves. Pair-wise keys will be wont to generate cluster keys in every cluster; the cluster head broadcasts a ‗hello‘ message as well as its ID and a ‗nonce‘ (a sequence range used one time within the whole device network lifetime) to any or all the neighboring sensors. Once a neighboring device receives this message, it feedbacks a Message attested Code (MAC) encrypted by a pair-wise key to the cluster head. So the cluster head will use a pseudo-random perform to regenerate a brand new pair-wise key between itself and this device (Fig.5). Once all the ‗pair-wise keys‘ during a cluster are updated, the new ‗cluster key‘ will be transmitted to every cluster member through the corresponding pair-wise key. Re-keying (for combine wise keys) u→ * : u, Nonce u. v → u : v, M AC( Kv , Nonceu | v) Kuv = ƒ Kv(u) Fig. 5 Re-keying (for pair wise keys) 5.4 Section four: gradable Authentication The last section of our integrated security theme could be a new broadcast authentication theme that addresses the subsequent problem: if the time period of a device network is far larger than the interval of a μTESLA [72], however will we have a tendency to cut back the pseudo-random calculation overhead and key chain length within the whole broadcast authentication procedure. We have a tendency to can‘t simply merely enlarge every authentication interval since it brings an excessive amount of buffer area in every device. As shown in Fig.6, we have a tendency to adapt a gradable broadcast authentication theme. Initial we have a tendency to divide the full time period into success © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 129 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 frames. Every frame incorporates a ‗frame key‘ and a pseudo-random performs. Within every ‗frame‘, we have a tendency to any divide it into sub-intervals. We have a tendency to use μTESLA in every ‗frame‘. The sub-intervals have corresponding authentication keys and a typical pseudo-random perform. The high-level keys will generate low-level Fig.6 6. Conclusions Security is that the linchpin of fine device network style. This paper analyzed security challenges in wireless device networks and summarized key problems that ought to be resolved for achieving the WSN security. It additionally gave a summary of the present state of solutions on three key problems as well as the hindrance of Denial-of service detection; secure routing and key management service. We have a tendency to additionally summarize our integrated wireless security theme that thought-about the particular routing characteristics of device networks: large- scale, dynamic topology and low-energy. References: [1] Akyildiz, I., Su, W., Sankarasubramaniam, Y., and Cayirci, E., ―A Survey on Sensor Networks‖, IEEE Communications Magazine, August 2002. [2] Balenson, D., et al, ―Communications Security Architecture for Army Sensor Networks‖, NAI Labs T.R. #00-016, September 30, 2000. [3] Carman, D., Kruus, P., Matt, B., ―Constraints and Approaches for Distributed Sensor Network Security‖, NAI Labs T.R. #00-010, June 1, 2000. [4] A. Perrig, R. Szewczyk, V. Wen, D. culler, and J. Tygar. ―SPINS: Security Protocols for Sensor Networks.‖ In Seventh Annual ACM International Conference on Mobile Computing and Networks(Mobicom 2001), Rome Italy, July 2001. [5] S. Basagni, K. Herrin, D. Bruschi, and E. Rosti. ―Secure pebblenets.‖ In Proceedings of the 2001 ACM International Symposium on Mobile Ad Hoc Networking and Computing, pages 156-163. ACM Press, October 2001. [6] Jeffery Undercoffer, Sasikanth Avancha, Anupam Joshi and John Pinkston, ―Security for Sensor Networks,‖ 2002 CADIP Research Symposium, http://www.csee.umbc.edu/cadip/2002Symposium/. [7] N. Asokan and P. Ginzboorg, ―Key Agreement in Ad Hoc Networks‖, Computer Communications, Volume 23, Pages 1627-1637 [8] L. Zhou and Z. J. Haas, ―Securing Ad Hoc Networks‖, IEEE Networks, Volume 13, Issue 6 1999 [9] J. Kong, P. Zerfos, H. Luo, S. Lu and L. Zhang, ―Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks, IEEE ICNP 2001. [10] C. Perkins, ―Ad Hoc Networks‖, Addison-Wesley, Reading, MA, 2000. [11] A. D. Wood and J. A. Stankovic. ―Denial of Service in Sensor Networks‖. IEEE Computer, October 2002, pp 54-62. [12] C. Gehrmann. ―BluetoothTM Security White Paper‖. White paper, Bluetooth SIG Security Expert Group, Apr 2002. [13] Y. W. Law, S. Dulman, S. Etalle and P. Havinga. ―Assessing Security-Critical Energy-Efficient Sensor Networks‖, Department of Computer Science, University of Twente, Technical Report TR-CTIT- 02-18, Jul 2002. [14] Y.-C. Hu, A. Perrig, and D. B. Johnson. Ariadne: ―A Secure On-Demand Routing Protocol for Ad Hoc Networks.‖ Technical Report TR01-383, Department of Computer Science, Rice University, 2001. [15] Zheng Yan, (Networking Laboratory, Helsinki University of Technology), ―Security in Ad Hoc Networks,‖ available from http://citeseer.nj.nec.com/536945.html. [16] Pietro Michiardi and Refik Molva, ―Prevention of Denial of Service attacks and Selfishness in Mobile Ad Hoc Networks.‖ Research Report N° RR-02-063, January 2002. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 130 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [17] T. Aura, P. Nikander, and J. Leiwo, ―DOS-Resistant Authentication with Client Puzzles,‖ Proc. Security Protocols Workshop 2000, Springer-Verlag, New York, 2000, pp. 170-177. [18] S. Marti, T. Giuli, K. Lai, and M. Baker. ―Mitigating routing misbehavior in mobile ad hoc networks. ‖ In Proceedings of MOBICOM, 2000. [19] P. Michiardi and R. Molva. ―Core: A Collaborative Reputation mechanism to enforce node cooperation in Mobile Ad Hoc Networks.‖ In Communications and Multimedia Security Conference, 2002. [20] P. Michiardi and R. Molva. ―Prevention of denial of service attacks and selfishness in mobile ad hoc networks‖. Research Report RR-02-063, Institut Eur´ecom, France, 2002. [21] P. Michiardi and R. Molva. ―Simulation-based analysis of security exposures in mobile ad hoc networks‖. In European Wireless 2002: Next Generation Wireless Networks: Technologies, Protocols, Services and Applications, February 25- 28, 2002, Florence, Italy, 2002. [22] L. Blazevic, L. Buttyan, S. Capkun, S. Giordano, J.- P. Hubaux, and J.-Y. Le Boudec. ―Self-organization in mobile ad hoc networks: the approach of terminodes.‖ IEEE Communications Magazine, 39(6):164–174, June 2001. [23] L. Butty´an and J.-P. Hubaux. Nuglets: ―A Virtual Currency to Stimulate Cooperation in Self- Organized Mobile Ad Hoc Networks.‖ Technical Report DSC/2001/001, Department of Communication Systems, Swiss Federal Institute of Technology, 2001. [24] S. Buchegger, J.-Y. Le Boudec. ―Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks.‖ In Proceedings of the 10th Euromicro Workshop on Parallel, Distributed and Network-based Processing, Canary Islands, Spain, January 2002. [25] S. Yi, P. Naldurg, and R. Kravets. ―Security-aware ad hoc routing for wireless networks.‖ In Proceedings of the 2001 ACM International Symposium on Mobile Ad Hoc Networking and Computing, pages 299–302. ACM Press, 2001. [26] R. Wattenhofer, L. Li, P. Bahl, and Y. M. Wang. ―Distributed topology control for power efficient operation in multihop wireless ad hoc networks.‖ In Proc. IEEE Infocom, 2001 [27] Haas, Z. & Pearlman, M., ―Determining the Optimal Configuration for the Zone Routing Protocol.‖ IEEE Journal on Selected Areas in Communications, Special issue on Wireless Ad Hoc Networks, June 1999. [28] B. Awerbuch and D. Peleg, ―Sparse Partitions,‖ Proceedings of the 31st Annual Symposium on Foundations of Computer Science, 1990, pp. 503- 513, [29] D. J. Baker, A. Ephremides, and J. A. Flynn, ―The Design and Simulation of a Mobile Radio Network with Distributed Control,‖ IEEE Journal on Selected Areas in Communications, Vol. SAC-2, pp. 226-237, Jan. 1984. [30] D. Peleg and E. Upfal, ―A Trade-Off Between Space and Efficiency for Routing Tables,‖ Journal of the ACM, Vol. 36, No. 3, pp. 510-530, July 1989. [31] A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press 1997, ISBN 0849385237 [32] H. Luo and S. Lu, ―Ubiquitous and Robust Authentication Services for Ad Hoc Wireless Networks‖, Technical Report 200030, UCLA Computer Science Department 2000. [33] H. Luo, P. Zerfos, J. Kong, S. Lu and L. Zhang, ―Self-securing Ad Hoc Wireless Networks‖, IEEE ISCC 2002. [34] Klas Fokine. ―Key Management in Ad Hoc Networks. ‖ (Master Thesis). Available from: http://www.ep.liu.se/exjobb/isy/2002/3322/. [35] J. P. Hubaux, L. Buttyan, and S. Capkun. ―The quest for security in mobile ad hoc networks.‖ In Proceedings of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC), Long Beach, CA, USA, October 2001. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 131 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Time and Space Efficient Load Balancing Algorithm in Computational Grid 1Anuj Aggarwal, 2Sanjna Kalyan , 3Anu Department of CSE ,Kurukshetra Institute of Tech. & Management, Kurukshetra, India 2Department of CSE, G.B.N Government Polytechnic, Nilokheri, karnal 3Department of CSE, Shri Krishan Institute of Engg & Technology, Kurukshetra Abstract: Abstract - In today’s competitive environment theobjectives and goals of the producers (also called resource owners) and consumers (also called end users) are different. Computational grid has been considered as the best paradigm for handling large scale distributed system having geographically allocated resources. Load balancing algorithms are important in the research of network applications. In this paper we present an algorithm which reduces the average execution time and cost of the tasks.This method considers both cost and time constraints. The proposed algorithm is implementedwith Gridsim toolkit which can simulate a decentralized module. The GridSim toolkit abstracts the features and behaviour of complex fundamental grid elementssuch as grid tasks, grid resources and grid users.This algorithm provides services like resource discovery. For evaluation purpose a comparison of execution times and cost of proposed algorithm and the other similaralgorithm is also provided in this paper. Results support the proposed approach. Keywords -Grid, load balancing, heuristic Load balancing algorithm, Gridsim, computation time. 1. INTRODUCTION Grid computing was introduced by Poster and Kesselman. They explain it as a way to utilize the geographically distributedavailable idle workstation‘s computation power to remote grid users for the execution of their computation requiring jobs or tasks or processes. It involves the runtime aggregation of these resources in the form of virtual organization, [3,8], according to the need of the jobs submitted by the grid users. The user essentially interacts with a resource broker that hides the complexities of Grid computing [4,5]. The broker discovers resources that the user can access using information services, negotiates for access costs using trading services, maps tasks to resources (scheduling), stages the application and data for processing (deployment), starts job execution, and finally gathers the results. It is also responsible for monitoring and tracking application execution progress along with adapting to the changes in Grid runtime environment conditions and resource failuresas the grid resource utilization is gaining significance various scheduling methods or load balancing across the grid is required in order to improve the performance of the grid system.While balancing the load, certain type of information such as the number of jobs waiting in queue, job arrival rate, CPUprocessing rate,and so forth at each processor, as well as at neighbouringprocessors, may be exchanged among the processors forimproving the overall performance. Based on the informationthat can be used, load-balancing algorithms areclassified as static, dynamicor adaptive [7,10].Static approach assumes that a prior information about all the characteristics of the jobs, the computing devices and the communication network are known and provided. Load balancing decisions are made deterministically or probabilistically at compile time and remain constant during runtime. Dynamic load balancing algorithm attempts to use the runtime state information to make more informative decision in sharing the system load. However, dynamic scheme is used a lot in modern load balancing method due to their robustness and flexibility.Dynamic algorithm is characterised by parameters such as i) Centralized vs. Decentralized. An algorithm is centralized if the parametersnecessary for making the load balancing decision are collected at, and used by, a single device. In decentralized approach all thedevices are involved in making the load balancing decision. Decentralized algorithms are more scalable and have better fault tolerance. ii) Cooperative vs. Non-cooperative. An algorithm is said to be cooperative if the distributed components that constitute the system cooperate in the decision-making process. Otherwise, it is non-cooperative.and iii) Adaptive vs. Non-adaptive. If the parameters of the algorithm can change when the algorithm is being run, the algorithm is said to be adaptive (to the changes in the environment in which it is running). Otherwise, it is non-adaptive.The characteristicof grid makes resource scheduling even more challenging in the computational grid environment.In this paper we propose a new load balancing algorithm which is heuristic in nature. Unlike previousalgorithms which considered the system load of grid nodes or the completion time for a job but donot take into account job personal resource requirements (such as cost , QOS of a node) . In this paper we present an algorithm which considers the job size and wemainly focussed on formulating a decentralized heuristic based load balancing algorithm for resource scheduling.The rest of the paper is organised as follows:Section II gives © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 132 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 a detailed Literature review.Section III deals with the system model of the Grid.Section IV will describe the proposed algorithm concept and design.Section V will show the simulation experiment and results, and finally Section VI will conclude the whole paper. II. Related Work Numerous researchers have proposed scheduling algorithms for parallel and distributed systems as well as Grid computing environment. For a dynamic load balancing algorithm, it is unacceptable to exchange state information frequently because of the high communication overhead.In order to reduce the communication overhead Martin et al.[18] studied the effect of communication latency, overhead and bandwidth in cluster architecture for application performance.Distributed network computing environments have become a cost effective and popular choice toachieve high performance and to solve large scale computation problems. There are many types of algorithms that have been used in resource balancing in Grid computing system. Martino and Mililottiaddresses the use ofGenetic Algorithm(GA) and Tabu Search(TS) to solve the grid load balancing problem in the dynamic environment [5]. These algorithms have their limitations like these algorithms require extra storage and processing requirement at the scheduling nodes. Grid computing involves coupled and coordinated use of geographically distributed resources for purposes such as large scale computation and distributed data analysis [17]. A new hybrid load balancing policy can be integrated in static and dynamic load balancing techniques with the objective to allocate effective node, identify the system imbalance immediately when a node becomes unable to participate in task processing. Ibarra and Kim in [15] used a combination of intelligent agents and multi-agent that work in grid load balancing area. In static grid load balancing, the iterative heuristic algorithm is better than the FCFS algorithm. Grid infrastructures are dynamic in nature in the sense of resource availability and hence a changing network topology. Resource heterogeneity and network heterogeneity also exits in Grid environment. Scheduling jobs onto resources is NP hard problem. So, we need an algorithm that consider optimization in terms of time and cost for efficient scheduling and execution. Current grid resource scheduling algorithms are mainly based on User- Directed Assignment (UDA), Minimum Completion Time (MCT), Minimum Execution Time (MET), Min-Min [5],Max-Min, heuristic algorithm, genetic algorithm (GA)[5], Ant Algorithm (AA) [6], multi-Agent, computational economy model [7].In [19] authors proposed a dynamic load balancing algorithm which considers CPU length, CPU and memory utilization and network traffic as load metric. Although [6][14] presented scheduling algorithms based on antalgorithm, but the authors just analyzedant algorithm based classified task scheduling method and ACAbased scheduling without considering about the price attribute. In this paper, price factor and time factor are taken into consideration,and the objective is to save total executiontime and cost. III. System Model of The Grid Grid system consists of sharing ofheterogeneous resources (like different capacity processors,memory,networks etc) [2].In order to maximize the performance of computational Grid environment, it is essential to distribute the load on different grid nodes.In grid computing environment, there exists more than one resource to process jobs. One of the main challenges is to find the best or optimal resources to process a particular job in term of minimizing the job computational time. Optimal resources refer to resources having high CPU speeds and large memory spaces. Computational time is a measure of how long that resource takes to complete the job. In order to maximize the performance of computational Grid environment, it is essential to distribute the load on different grid nodes. Following are the members of Grid system:- GridResource Broker: It is an important entity of a grid. A grid resource broker is connected to an instance of the user.Each grid job (composed of gridlets or tasks) is first submitted to the broker, which then schedule the grid job according to the user scheduling policy. GIS: Grid resource is a member of grid. All the available resources register themselves to the GIS (Grid information Service).GIS contains all information about all available resources with their computing capacity and cost at which they offer their services to grid users. All Grid resources that join and leave the grid are monitored by GIS. Whenever a Grid broker has jobs to execute, it consults GIS to give information about available grid resources. Grid Use: They register themselves to the GIS by specifying the QOS requirement such as cost of computation, deadline to complete the execution, the number of processors, speed of processing of internal scheduling policy and time zone. Task Agent: TA, by deploying Ant algorithm, select a resource for next task assignment and dispatch the task to selected resource through RMA. After task execution, results are received from resources and are returned to user by TA. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 133 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Resource discovery Agent: RDA queries GIS regarding resources. It send query to registered resources for their availability status and gets the status information and makes it available to TA. Every task is dispatched through RDA. Fig.1. Grid Portal Since in a Grid environment, the network topology is varying, our model captures this constraint as well by considering an arbitrary topology. The data transfer rate is not fixed and varies from link to link. The aim of This paper is to present load-balancing algorithms adapted to the heterogeneous Grid computing environment. In this paper, we attempt to formulate an adaptive decentralized sender-initiated load- balancing algorithms for computational Grid environments. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 134 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Interaction among the entities is shown in the Fig.1. IV. Heuristic Load Balancing Algorithm An algorithm for load balancing is successful, ifthe task executes within the deadline.All the tasks in this algorithm are distributed according to Ant Colony Algorithm. HLBA is inspired on an analogy with real life behaviour of a colony of ants when looking for food, and is effective algorithm for the solution of many combinatorial optimization problems. Investigations show that: Ant has the ability of finding an optimal path from nest to food. On the way of ants moving, they lay some pheromone on the ground. While an isolated ant moves essentially at random, an ant encountering a previously laid trail can detect it and decide with high probability to follow it, thus reinforcing the trail with its own pheromone. The probability of ant chooses a way is proportion to the concentration of a way‘s pheromone. In HLBA, the pheromone is associated with resources rather than path. The increase or decrease of pheromone depends on task status at resources. The main objective of algorithm is reduction in total cost and execution time. Theprocess of Heuristic based Load Balancing Algorithm is shown below: Let the number of tasks (ants) in task set T maintained by task agent is P and the number of registered resources is Q. When a new resource i R is registered to GIS, then it will initialize its pheromone based on: τi(0) = N x M where Nrepresent the number of processing elements and M corresponds to MIPS rating of processing element. Whenever a new task is assigned to or some task is returned from Ri, then the pheromone of Riis changed as: new old iτi = ρ*τi + Δτi whereΔiis pheromone variance and ρ, 0 < ρ <1 is a pheromone decay parameter. When a task is assigned to Ri, its pheromone is reduced i.e. Δi = − C, whereCrepresents the computational complexity of assigned task.When a task is successfully returnedfrom Ri, Δi=Φ* C , where Φ is the encouragement argument. Pheromone increases when task execution at a resource is successful.The possibility of next task assignment to resource Rjis computed as: α β [τj (t) ] * [ηj] pj (t) = ______α β ∑r[τ j (t) ] * [ηj] wherej, r ∈available resources. τj (t) denotes the current pheromone of resource Rjand ηjrepresents the initial pheromone of Rji.e.ηj =τj(0). αis the parameter on relative performance of current pheromone trail intensity , β is the parameter on relative importance of initial performance attributes. So the algorithm is designed in order to influence the performance of the system which depends upon several factors and these factors could be simplified for reducing the complexities of the method to be used.Heuristic Load Balancing Algorithm is presented below: Phase 1 (Initialization Phase) Begin Initialise all parameters including resources(processing elements, MIPS rating), pheromone intensity,Task set etc. Phase 2 (Operational Phase) While (Task setT !=Φ) Begin Select the next task‗t‘ from Task set T. Determine next resource Rifor task assignment having high transition probability (or pheromone intensity). pi (t) = max pl(t) l € q Phase 3 (Result Phase) Schedule task ‗t‘ to Ri and update Task set by T = T - {t}. If any node fails or complete its executionpart update its pheromone intensity of that corresponding resource. END While END All tasks are allocated to the resources depending on the value of pheromone or transition probability, which varies according to the status of the task at a particular resource. Resource having highest pheromone intensity would get the task before any other resource having lower than that intensity value. The algorithm is further elaborated by flowchart as given in Fig.2: © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 135 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 start Initializeparameter like resources, MIPS rating of PEs, task set and pheromone intensity Y N Task set T!=Φ Select next task‘t‘ from T End Allocate task to resource having high transitionprobability. . Schedule task t to Ri. Update Node fails pheromone Count(Taskset)--- or mplete its task Y intensity N Fig.2. Flowchart for Heuristic Load Balancing Algorithm V. Simulation Results To compare the performance of the proposed approach and earlier developed approach simulation results are used. For simulation GridSim simulatoris used which is a toolkit for the modelling and simulation of distributed resource management and scheduling for Grid computing [11]. In order to test the efficiency of the improved load balancing approach a comparison is done for the execution time (time utilized by PE for processing a task) of heuristic load balancing algorithm and non-heuristic load balancing algorithm. Two experiments have been conducted to evaluate the performance of the proposed algorithm in terms of their processing time. First experiment processed 50-200 jobs with fixed number of resources taken as 10 while the second experiment processed 10 jobs with varying number of resources from 5-20. Details of the scheduling parameters are shown in the Table1. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 136 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Table 1 Scheduling Parameters for the Experiments Experiment Ist 2nd No. of machines per 1 1 resource No. of Processing 1-5 1-5 Elements(PEs) per machine MIPS rating 10 or 50 MIPS 10 or 50 MIPS for PEs Bandwidth 1000 or 5000 1000 0r 5000 Average computation time (in seconds) has been used to compare the performance of algorithms. Fig. 3 depicts the comparison between the average computation times of the algorithms for the first experiment. In this number of resources remain fixed as 10 and the number of tasks varied from 50 to 200. It can be seen that the proposed algorithm labelled as Heuristic based load balancing algorithm has the lower execution time as compared to Non- Heuristic based load balancing algorithm at different instants. A comparison between the computation times for the second experiment is shown in Fig. 4. Heuristic load balancing algorithm still performs better than non-heuristic load balancing algorithm. The performance of Heuristic approach is better becausethe communication that occur when each ant taking a step for searching the best resource is less when processing a large amount of jobs. Each ant will carry the history of visited node and will refer to it to find the best resource to process the job. 2000000 1877790 Heusristic 1500000 1634146 based Execution Time 1000000 1059675 924363 Non 473950 500000 Heuristic 120725 415452 based execution 107476 0 time 50 100 150 200 Fig. 3. Comparison Among the Execution Times of Heuristic and Non-Heuristic Algorithms. In the second experiment the number of task remain fixed as 10 and number of resources varied from 5 to 20 and again compute the total execution time(in seconds) for different number of resources. Result supports the use of HLBA for time efficient execution of tasks thenNHLBA. Fig. 3 and Fig. 4 depict the result of the total execution time for two different scenarios. Results support the proposed approach by reducing the total execution time of jobs. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 137 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 45000 41760 40000 Heusristic 35000 based 30000 Execution 25000 22555 Time 20000 Non 15000 9615 18753 Heuristic 10000 11037 based 5000 2300 5356 execution 0 1683 time 5 10 15 20 Fig. 4. Comparison Among the Execution times of Heuristic and Non-heuristic Load Balancing Algorithms for Experiment 2. VI. Conclusion Multitasking and multiprocessing systems allow concurrently running tasks to share system resources such as processors, memory, storage, I/O, and network by scheduling their use for very short time intervals. In this paper analgorithm that is adaptive, decentralizedand distributed for load balancing among the aggregated resources in the grid has proposed. Through a series of simulations by varying the number of tasks and resources we obtain the results. It is found out that computation decreases until it reaches the optimal level i.e resources with maximum computation capability.When the numberof users competingfor the same set of resources increases,there will be proportional impact on others dependingon each user‘s strategies and constraints. Apart from complementing and strengthening the results of the proposed method, the simulations demonstrate the capability of GridSim and the ease with which it can be used for evaluating performance of new scheduling algorithms.Resultof the simulation shows thatHLBA enhances the performance of the system by reducing theexecution time of the jobs. Refrences [1] I. Foster, and C. Kesselman, ‖Globus: a metacomputing infrastructure toolkit‖, International Journal of High Performance Computing Applications, vol. 11, no. 2, pp. 115-128, 1997. [2] I. Foster, and C. Kesselman(editors), The Grid 2: Blueprint for a New Computing Infrastructure, Morgan Kaufmann, USA, 2003. [3] I. Foster, C. Kesselman, and S. Tuecke, ―The anatomy of the grid: enabling scalable virtual organizations‖, International Journal of High Performance Computing Applications, vol. 15, no. 3, pp. 200-222, 2001. [4] X.S. He, X.H. Sun, and G.V. Laszewski, ‖QoS guided min-min heuristicfor grid task scheduling‖, Journal of Computer Science & Technology, vol.18, no. 4, pp. 442-451, 2003. [5] V.D. Martino, and M. Mililotti, ‖Scheduling in a grid computing environmentusing genetic algorithms‖, Proceedings of the 16th InternationalSymposium on Parallel and Distributed Processing, pp. 235-239, 2002. [6] Z.H. Xu, X.D. Hou, and J.Z. Sun, ‖Ant algorithm-based task schedulingin grid computing‖, Proceedings of 2003 IEEE Canadian Conference onElectrical and Computer Engineering, vol. 2, no. 3, pp. 1107-1110, 2003. [7] R. Buyya, D. Abramson, J. Giddy, and H. Stockinger, ‖Economicmodels for resource management and scheduling in Grid computing‖,Concurrency and Computation: Practice and Experience, vol. 14, no. 2, pp.1507-1542, 2002. [8] R. Buyya, D. Abramson, and S. Venugopal, ‖The Grid Economy‖,Proceedings of the IEEE, 3, vol. 93, no. 3, pp. 698-714, 2005. [9] O.O. Sonmez, and A. Gursoy, ‖A novel economic-based schedulingheuristic for computational grids‖, International Journal of High PerformanceComputing Applications, vol.21, no. 1, pp. 21-29, 2007. [10] R.Buyya, and ManzurMurshed, ‖GridSim: A Toolkit for theModeling, and Simulation of Distributed Resource Management, andScheduling for Grid Computing‖, Concurrency and Computation: Practiceand Experience, vol. 14, no. 1, pp. 1175-1220, 2002. [11] Li Hao,―Implement of Computational Grid Application SchedulingSimulation with GridSim Toolkit‖, Journal of Jilin Normal University(Nature Science Edition), vol. 3, no. 1, pp. 63-64, 2003. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 138 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [12] Wang yue, and Tao Hongjiu, ‖Application in TSP Based on Ant ColonyOptimization‖, Journal of Wuhan University of Technology (Informationand Managing EngineeringEdition),vol. 28, no. 11,pp. 24-26, 2006. [13] Marco Dorigo, and Luca Maria Gambardella, ‖Ant colonies for thetraveling salesman problem‖, BioSystems, vol. 43, no. 2, pp. 73-81, 1997. [14] Chen Ye, ‖Ant Colony System for Continuous Function Optimization‖,Journal of Sichuan University (Engineering Science Edition), vol. 36, no. 4, pp. 117-120, 2004. [15] O. Ibarra and C. Kim, ‖Heuristic algorithms for scheduling independent tasks on nonidentical processors‖,Journal of the ACM (JACM), vol. 24, no. 2, pp. 280-289, 1977. [16] C. Sosa, and A.S. Grimshaw,‖Bringing the Grid Home‖, Proceedings of 9th IEEE/ACM International Conference on Grid Computing, pp. 152-159, 2008. [17] Casey, L.M., ‖Decentralized Scheduling‖, The Australian Computer Journal, vol. 13, no. 2, pp. 58- 63, 1981. [18] R. Martin, A.Vahdat, D. Culler, and T. Anderson, ‖Effects of Communication Latency, Overhead, and Bandwidth in a Cluster Architecture‖. Proceedings of 24th Annual International Symposium Computer Architecture (ISCA ‘97), pp. 85-97, 2007. [19] XuZhihong, and GuJunhua, ‖Research on Ant Algorithm Based Classified Task Scheduling in Grid Computing‖, Journal of Hebei University of Technology, vol. 35, no. 3, pp. 68-71, 2006. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 139 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Compares Source Based Multicasting Protocols with Mesh Based Multicasting Protocols Neeraj Gandhi Kapil Kumar Research Scholar, Department of CSE Research Scholar, Department of CSE Global Research Institute of Management & Technology , Geeta Institute of Management & Technology, Kanipala, Kurukshetra, India Radaur (Yamuna Nagar) India Abstract- The purpose of this paper is to Compares Source Based Multicasting Protocols with Mesh Based Multicasting Protocols by utilizing the Network Simulator2.Wireless mesh networks are a new networking paradigm that allows the formation of a temporary network of wireless nodes without relying on the existing infrastructure. They are basically traditional wireless access networks with multi-hop connections through fixed wireless mesh routers. Due to their cost effectiveness, ease of expansion and ability to provide reliable Internet connectivity, WMNs have received attention of the research community in academia and industry. WMNs provide broadband wireless connectivity without the costly wired network infrastructure. Key words: - Mesh Networks, NS2, ADMR, ODMRP, Source Based and Mesh based multicasting. 1. Introduction WMN stands next in the list of technologies which have the capacity to influence the way we communicate today. It has the capacity to change our work style and enhance our productivity. Although derived from military research into mobile networks, WMNs have their greatest potential in the commercial marketplace. Though WMNs can be based upon a number of technologies, their practical commercial evolution is primarily occurring through the use of wireless LAN communications. There are two basic types of wireless LAN networking structures, referred to as peer to peer and infrastructure. In a peer to peer networking structure, each node can directly communicate with the other. While in an infrastructure LAN networking environment, all traffic flows through an access point. A wireless mesh network represents a series of peer to peer transmissions where each node functions as a router and a repeater. This wireless peer to peer network structure is also referred to as an ad hoc network. Compared with their single-hop counterpart, wireless LANs, the WMNs are self-organized with the nodes automatically establishing ad hoc networks and maintaining their connectivity. This provides more reliability, larger coverage and reduces equipment cost. [1]. Mesh networks implement the notion of multiple channels and multiple interfaces to improve the system performance. Lately, there has been a lot of research on how these channels are allotted to different wireless interfaces in uncast routing. However multicast routing has not been researched adequately in the field of WMNs. Multicasting has emerged as one of the most focused areas in the field of networking. With the growth of the Internet, applications that need multicasting (e.g., streaming multimedia, replicated database, information distribution, resource discovery, shared white boards, video conferencing, online games, webcast and distance learning among a group of users) are also growing at a rapid pace. Now with the emergence of wireless ad hoc networks, multicast plays an important role in the routing of such networks. They present the idea of groups among these dynamically reconfigurable wireless networks to be able to share data among the nodes as a group. IP router to router multicast protocols like PIM (Protocol Independent Multicast), DVMRP (Distance Vector Multicast Routing Protocol) and MOSPF (Multicast Open Shortest Path First) used in the Internet are not suitable for ad hoc networks due to the high overhead they require for continuous topological changes. They are not able to deal with mobility of end hosts. Also creating and maintaining upstream and downstream link status for such protocols in a wireless network is not efficient. 2. Overview of The Multicast Routing Protocols ADMR The Adaptive Demand-Driven Multicast Routing protocol (ADMR) is a new on-demand ad-hoc network multicast routing protocol which discovers multi-hop routes between multicast receivers and senders. Like other tree based multicast routing protocols, it builds a source based tree to form a multicast group but unlike others, it does not utilize any periodic control packet transmissions such as periodic flooding or neighbor sensing. It performs both its route discovery and route maintenance functions on demand, and automatically prunes unneeded multicast forwarding state, and expires its multicast mesh when it detects that the multicast application has become inactive. It conforms to the standard IP multicast API where any node can send data to any multicast group without explicitly announcing its intention to send or stop data. Any node can leave the multicast group at any time. The protocol does © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 140 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 not require an existing infrastructure or preconfiguration to work. In the event of a broken connection, ADMR maintains connectivity between the end parties of this broken link. ADMR consists of 3 phases: 1. Multicast State Setup 2. Multicast Packet Forwarding 3. Multicast State Maintenance ODMRP ODMRP is an on-demand protocol i.e. group membership and multicast routes are established and updated by the source ―on demand‖. ODMRP is a mesh based approach to multicasting in Wireless Mesh Networks. The source based approach to multicasting has issues like intermittent connectivity, traffic congestion, and non-shortest path in a shared tree, etc. When the node connectivity changes, the tree structure also changes with it. Multicast trees require a global routing substructure involving excessive channel and processing overhead. By maintaining and using a mesh instead of a tree, the drawbacks of multicast trees are avoided. Such kind of an approach is useful in case of change in topology or if a link fails. Here only a subset of nodes forwards packets via scoped flooding. A soft-state approach is taken to maintain multicast group members. No explicit control message is required to leave the group. This makes ODMRP an attractive option with networks with high mobility. 3. NS2- NETWORK SIMULATOR NS2 is a discrete event simulator and object oriented network simulator targeted at networking research. It provides substantial support for simulating multi-hop wireless networks complete with physical and IEEE 802.11 MAC layer models. NS is primarily useful for simulating local and wide area networks. It supports TCP, routing, and multicast protocols over wired and wireless (local and satellite) networks. NS2 began as a variant of the REAL network simulator in 1989 and has evolved substantially over the past few years. In 1995 NS2 development was supported by DARPA through the VINT project at LBL, Xerox PARC, UCB, and USC/ISI. Currently NS development is supported through DARPA with SAMAN and through NSF with CONSER, both in collaboration with other researchers including ACIRI [14]. In NS2, the user defines arbitrary network topologies, composed of routers, links and shared media. Protocol instances can then be attached to nodes. NS2 does not by itself support any wireless multicasting protocols but there have been a few multicast implementations in NS2. A good computing platform provides both system programming languages (C++, JAVA) and scripting languages. The programming language is required for the detailed simulation of protocols for the calculation of byte transfers, packet headers and other algorithms on large data sets. The speed of executing is more important than the time required to run these simulations, finding the bugs in these simulations, fixing them, recompiling and re-running the simulations. C++ is fast to run but slower to change making it a good programming language for this purpose. [7]. NS-2: Directory Structure Ns-allinone allinone Tcl8 TK8 OTcl Tclcl Ns- Nam- 2 1 tcl ... C++ code ex tes lib mcas ... t t Example Validation tests OTcl code Fig 1. NS-2: Directory Structure 4. Simulation Environment One protocol from each type of multicasting protocols was chosen for comparison. The implementation of ADMR (tree based multicasting protocol) and ODMRP (mesh based multicasting protocol) from the Monarch Project [5] is used for analyses. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 141 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Experimental Setup The simulated environment consists of 100 wireless mobile nodes roaming in a 1200 meters x 800 meters area for 200 seconds of simulated time. The scenario containing all movement behavior of the ad-hoc network nodes is generated in advance so that it can be replaced identically for both the protocols. Similar mobility and traffic scenarios are used for both the protocols. Hence the workload is identical for both the protocols. A multicast member node joins the multicast group at the beginning of the simulation (first 30 seconds) and remains as a member throughout the entire simulation. Performance Metrics ADMR and ODMRP‘s performance was compared on the basis of the following metrics. [6] Packet Delivery Ratio: The ratio of the multicast data packets received by the destinations to the total number of packets originally sent by the senders. This ratio presents the effectiveness of the protocol in delivering data packets to intended receivers. Number of data packets transmitted per data packet delivered: ―Data packets transmitted‖ is the count of every individual transmission of data by each node over the entire network. This count includes transmissions of packets that are eventually dropped and retransmitted by intermediate nodes. Number of control packets transmitted per data packet delivered: This measure shows the efficiency overhead in control packets expended in delivering a data packet to an intended receiver. Number of control packets and data packets transmitted per data packet delivered: This measure tries to capture a protocol‘s channel access efficiency, as the cost of channel access is high in contention-based link layers. 5. Results The trace files generated from executing the tcl (script) files in NS2 are parsed by the mcast_totals.pl Perl Script [5] to generate the MATLAB ready output files. These graphs are generated on MATLAB. MATLAB is a high-level language and interactive environment that enables performing computationally intensive tasks. Varying the number of multicast receivers 20 ADMR 18 ODMRP 16 14 12 10 8 6 4 2 Data PacketsData Transmitteddata packet per delivered 0 1 2 3 4 5 6 7 8 9 10 Number of Receivers Graph 1 – Number of data packets transmitted per data packet. The number of re-transmissions (packets transmitted per data packet delivered) observed for AMDR is much lower than that for ODMRP. So even though the PDR of ODDMRP is better than ADMR (varying multicast receivers), ODMRP has a much higher re-transmission ratio than ADMR. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 142 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Varying the number of multicast sources 0.99 ADMR 0.98 ODMRP 0.97 0.96 0.95 0.94 Packet Delivery Ratio 0.93 0.92 0.91 0.9 1 2 3 4 5 6 7 8 9 10 Number of Sources Graph 1 – Packet Delivery Ratio Varying the size of the network 1 ADMR ODMRP 0.9 0.8 0.7 Packet Delivery Ratio 0.6 0.5 0.4 1 2 3 4 5 6 7 8 9 10 Number of Groups (Size) Graph 1 – Packet Delivery Ratio Single Source Vs Multi Source Groups 0.98 ADMR ODMRP 0.96 0.94 0.92 0.9 Packet Delivery Ratio 0.88 0.86 0.84 1 1.5 2 2.5 3 3.5 4 4.5 5 Single Source vs Multiple Source Graph 1 – Packet Delivery Ratio © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 143 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 6. Conclusion In this paper, we have investigated the performance, control overheads generated, access channel efficiency and the retransmissions required to deliver packets for ODMRP (mesh based multicasting approach) and ADMR (tree based multicasting approach). The mesh based approach has a better packet delivery ratio (PDR) than source based routing protocols for all the metrics employed above. But in the mesh based multicasting approach more data packet transmissions fail to reach the destination and hence need re-transmissions. Also, due to their periodic source floods and response cycles, they are found to generate a higher control packet overhead. On the other hand, tree based multicasting protocols utilize the channel better, minimize control overheads and need less data packet retransmissions to deliver the same data packets as the mesh based approach. References [1] Guokai Zeng, Bo Wang, Yong Ding, Li Xiao, Matt Mutka, Multicast Algorithms for Multi-Channel Wireless Mesh Networks [2] Thomas Kunz and Ed Cheng, Multicasting in As Hoc Networks: Comparing MAODV and ODMRP, Proceedings of International Conference on Distributed Computing Systems (ICDCS), 2002 [3] Jorjeta G. Jetcheva and David B. Johnson, Adaptive Demand Driven Multicast Routing in MultiHop Wireless Ad Hoc Networks [4] E. Royer, and C. E. Perkins, Multicast operation of the ad-hoc on-demand distance vector routing protocol, Proc. of the 5th ACM/IEEE Annual Conf. on Mobile Computing and Networking, Aug. 1999, pages 207-218. [5] Multicast Implementations for NS2-1.b8, Monarch Project, [6] S. Corson and J. Macker. Mobile ad hoc networking (MANET): Routing protocol performance issues and evaluation considerations, RFC 2501, January 1999. [7] John Ousterhout. Scripting: Higher-level programming for the 21st century. IEEE Computer, March 1998. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 144 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Empirical Ant Algorithm using Time Shared Resource Allotment Policy in Grid Computing Amit Jain [1], Rishabh Parashar[2],Komal Sharma[3] Shri Krishan Institute of Engineering and Technology Kurukshetra, India Abstract -- Grid is an infrastructure that involves the integrated and collaborative use of computers, networks, databases and scientific instruments owned and managed by multiple organizations. The primary concern associated with the grid computing is efficient scheduling of resources, which is a challenging assignment due to distributed and heterogeneous nature of the resources. Resource scheduling is to select the appropriate resource for a particular task in such a way that overall efficiency can be achieved. Resource scheduling problem is NP- hard in nature .So many heuristic algorithms have been designed for scheduling of task in grid environment, some of which are widely accepted but have some downsides also. This paper proposed a heuristic resource scheduling technique based on ant algorithm that can perform resource allocation efficiently and effectively in terms of minimizing the total execution time and cost using the TIME_SHARED resource allocation policy. The proposed algorithm is simulated using GridSim and results show that the proposed algorithm is capable of reducing the total execution time and cost of the using the resource in comparison of random resource scheduling algorithm. Keywords— Grid Computing, Load Balancing, Resource management, Execution time, Execution Cost, Ant Colony Algorithm, Random Algorithm. I. Introduction Grid Computing enables sharing, selection, aggregation of geographically distributed resources dynamically at run time depending on their accessibility, ability and users Quality of Service requirements [1]. The main objective of the grid technology is to maximize the utilization of the organization‘s computing resources by making them as shareable entities, and provide computing on demand to the users. Balancing the load of all available resources is another important issue in the grid [2]. Unlike scheduling problems in conventional distributed systems, scheduling problem in grid system is much more complex as new features of grid systems such as its dynamic nature and the high degree of heterogeneity of jobs and resources must be undertaken [3]. Scheduling is mainly classified into two types, static and dynamic scheduling. Static scheduling allocates the task to suitable resource before starting the execution. In case of static scheduler all the details of tasks should be known well before starting the process. Dynamic scheduling allocates the resource during the execution time i.e. the scheduler can take decision during job execution [4]. Online mode and batch modes are available in dynamic scheduling. In online mode the scheduler will be always in ready state, so when a job arrives, it allocates the resource immediately. In batch mode the jobs are grouped as set of tasks, known as metatask and the mapping is done in a prescheduled time. Scheduling can aim to provide- two objectives namely high performance computing and high throughput computing. High performance computing decreases the execution time whereas high throughput computing increases the processing capacity of the system. Scheduler has the following three main phases [5]. In phase one all the available resource will be collected. This is known as resource discovery. Second phase collects the information about the resources and choose the best suitable resource to the task. Third phase executes the job in the selected machine. By harmonizing and distributing the grid resources efficiently, an advanced resource allocation strategy can reduce total run time and total expenses greatly and bring an optimal performance [6] [7]. Resource scheduling is an NP-Hard problem [8]. Heuristic approaches help to solve such type of problems effectively. Opportunistic Load Balancing (OLB), Min-Min, Fast Greedy, Tabu-Search, Max-Min, Minimum Execution Time (MET) and Minimum Completion Time (MCT) Ant Colony Optimization are some of the heuristic approaches which help to solve the grid scheduling problem. The proposed algorithm is based on Ant Colony Optimization (ACO) algorithm which uses batch mode heuristic mapping. In this ant colony algorithm each job is considered as an ant and optimal solution is provided with the help of pheromone detail. Heuristic based ant colony algorithm is used in the second phase of the scheduler. In the TIME_SHARED when jobs arrive, the systems start their execution immediately and share resources among all jobs. Whenever a new Gridlet job arrives, we update the processing time of existing Gridlet and then add this newly arrived job to the execution set. We schedule an internal event to be delivered at the earliest completion time of smallest job in the execution set. It then waits for the arrival © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 145 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 of events. It can be considered as Round-Robin allocation policy. The organization of the paper further is as follows. The motivation works are discussed in Section II, Literature review is analyzed in Section III, Section IV describe the problem ,section V deals with proposed algorithm, Implementation and experimental results are discussed in Section VI and conclusion with future work is presented in Section VII. II. Motivation The Last decade has seen a substantial change in the way we perceive and use computing resources. Even through the computational capability and network performance has gone to a great extent but these computing networks are still not fully capable to deal with current complex and resource intensive problems [9]. With the evolution of grid computing many issues has been raised viz. designing, building, deploying and scheduling of various heterogeneous resources in grid environment [10]. To achieve the promising potentials of tremendous distributed resources in grid environment effective and efficient resource scheduling and load balancing algorithms are fundamentally important. Unfortunately scheduling algorithms in traditional parallel and distributed systems, which usually run on homogeneous and dedicated resources can‘t work well in grid environment. The motivation of the paper can be summarized as: 1. To aggregate the power of widely distributed resources and provide the non-trivial services to users. 2. Use of the largely unused computing resources. 3. Proper utilization of greatly increased in the CPU speed in the recent years. 4. To improve the efficiency and usability of networks in grid computing environment with high Communication demands. 5. To spread the load equally among the available resources, so as to reduce the waiting time of the tasks and increase the throughput of the resources. 6. To utilize widespread availability of fast, universal network connection. III. Literature Review Thorough research has been done in the area of resource scheduling and load balancing in grid computing and it is found that scheduling problems are NP-hard in nature, which can be better solved by the heuristic technique. Many heuristic algorithms have been designed for scheduling of task in grid environment. But all these algorithms have some drawbacks and still there is a scope to optimize the scheduling process, so as to maximum utilize the resources and increasing the throughput of the resources and the waiting time of the tasks. Some of the popular heuristic resources scheduling algorithms are [11]: Opportunistic load balancing (OLB): Without considering the job‘s execution time, it assigns a job to the earliest free machine. If more than one machine is free then it assigns the job in arbitrary order to the processor. This scheduling mechanism runs faster. The advantage of this method is that it keeps almost all machines busy. Yet it does not assure load balance. Minimum Execution time (MET): The minimum execution time or MET assigns each job to the machine that has the minimum expected execution time. It does not consider the availability of the machine and the current load of the machine. The resources in grid system have different computing power. Allocating all the smallest tasks to the same fastest resource redundantly creates an imbalance condition among machines. Hence solution is static. Minimum Completion Time (MCT): The algorithm calculates the completion time for a job on all machines by adding the machine‘s availability time and the expected execution time of the job on the machine. The machine with the minimum completion time for the job is selected. The MCT considers only one job at a time. This causes that particular machine may have the best expected execution time for any other job. The drawback of MCT is that it takes long time to calculate minimum completion time for a job Max-min Max-min begins with a set of all unmapped tasks. The completion time for each job on each machine is calculated. The machine that has the minimum completion time for each job is selected. From the set, the algorithm maps the job with the overall maximum completion time to the machine. Again the above process is repeated with the remaining unmapped tasks. Similar to Min-min, Max min also considers all unmapped tasks at a time. Min-Min Min-min algorithm starts with a set of all unmapped tasks. The completion time for each job on each machine is calculated. The machine that has the minimum completion time for each job is selected. Then the job with the overall minimum completion time is selected and mapped to the machine. Again, this process is repeated with the © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 146 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 remaining unmapped tasks. Compared to MCT, Min-Min considers all unmapped tasks at a time. The drawback of Min-Min is that, too many jobs are assigned to a single node .This leads to overloading and response time of the job is not assured. Ant Colony Optimization Algorithm Ant colony optimization (ACO)[12] was first introduced by Marco Dorigo as his Ph.D. thesis and was used to solve the TSP problem .ACO was inspired by ants behavior in finding the shortest path between their nests to food source. Many varieties of ants deposit a chemical pheromone trail as they move about their environment, and they are also able to detect and follow pheromone trails that they may encounter. With time, as the amount of pheromone in the shortest path between the nest and food source increases, the number of ants attracted to the shortest path also increases. This cycle continues until most of the ants choose the shortest path. Various types of ACO algorithm are presented. Each of them has some special properties, i.e., Ant Colony System (ACS), Max-Min Ant System (MMAS). Fast Ant System (FANTS). In paper [13], they have proposed a simple grid simulation architecture using ACO. They have used response time and average utilization of resources as the evaluation index. In the paper [14] and [15], they have proposed ACO algorithms, which could improve the performance like job finishing ratio. In paper [16], the job is moved from one machine to another machine, so that the traffic in the grid system will be automatically increased. In paper [17], six different ant agents are used. To solve the grid scheduling problem, ACO is one of the best algorithms. IV. Problem Description Scheduling a task to a particular resource in such a way so as to improve the execution time and cost is the foremost problem in the grid computing environment. Heterogeneous and dynamic nature of the resources makes it a challenging assignment. For mapping a task to a resource there is a grid scheduler that receives the applications from the grid users, selects the feasible resources for the applications according to acquired information from the grid information service module and submits the resource to the selected resource. The grid scheduler does not have control over the resources and also on the submitted jobs. Any machine can execute the any job, but the execution time differs. As compared with the expected execution time, the actual time may be varied at the time of running the jobs to allocated resource. The grid scheduler‘s aim is to allocate the jobs to the available nodes. The best match must be found from the list of available jobs to the list of available resources. The selection is based on the predictions of the computing power of the resource. The grid scheduler must allocate the job to the resources efficiently. The efficiency depends on two parameters one is execution time of the job and second is cost of using the resource. To minimize these parameters the workload has to be evenly distributed over all nodes which are based on their processing capabilities. This arises the new issue called load balancing. The main objective of a load balancing consists primarily to optimize the average response time of applications by equal distribution of the load among available resources. So we can the state the problem as ―Map the best resource to a task so that overall execution time and cost of the resource can be minimized.‖ V. Proposed Algorithm Proposed algorithm is based on Ant colony optimization .Ant algorithm is inspired on an analogy with real life behavior of a colony of ants when looking for food, and is effective algorithm for the solution of many combinatorial optimization problems. In proposed algorithm the pheromone is associated with resources rather than path. The increase or decrease of pheromone depends on task status at resources. The main objective of algorithm is reduction in total cost and execution time Algorithm_ACO_Scheduling Let the number of tasks (ants) in task set T maintained by task agent is A and the number of registered resources (pheromone) is Q. Step 1: [Initialization] For every new resource Ri registered to Grid Information Server, the pheromone value is initialized as: Ip (0) = (N × M) + Communication speed © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 147 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Where Ip (0) is the initial pheromone value. N is the number of processing elements. M is the MIPS rating of processing element. Step 2: Repeat 3 to 6 While (T ≠ Ф) Step 3: Select task t from task set T. Step 4: Determine the resource Rj for task t having higher transitions probability P (high pheromone intensity) Such as: a b [Cpj (t)] × [Ipj] Pj (t) =Max a b (∑ r [Cpj (t)] × [Ipj] )*rc Where j, r are available resources. rc is cost of using resource. Cp (t) denotes the current pheromone of resource Rj. Ipj represents the initial pheromone of Rj i.e. Ipj =Ipj (0). a is the parameter on relative performance of current pheromone trail intensity. b is the parameter on relative importance of initial performance attributes. Step 5: Schedule task t to Rj and remove it from T i.e. T=T-{t} Step 6: [Update Pheromone] For every resource Rj assigned a task pheromone is new old Cpj = pd *Cpj + Δj, Δj = − C If (Task_Status= Succesful_Complete) Δ =Φ* C [pheromone increases] where Φ is the encouragement argument. If (Task_Status= Failure) [Pheromone decreases] Δ = Θ*C, where Θ is the punishment argument. Where pd = Pheromone decay parameter 0< pd<1 1- pd pheromone permanence C= Computational complexity of task Δ j= Pheromone variance Step 7: Exit. VI. Implementation with GridSim GridSim [18] toolkit is used to conduct the simulations based on the developed scheduling algorithm. Grid resources information and Grid user‘s information will be given as input to start the simulation. Then the simulation starts by resource creation followed by the creation of user tasks. The user tasks are created based on user specified parameters (total number of jobs, average MI of each job. Then, the system starts the GridSim simulation. It first gathers the characteristics of the available Grid resources created in the resource creation section in the system. The scheduler maintains the pheromone value of each resource (from schedule center) and will compute the possibilities of the current resources available in the Grid every time when a job is to be scheduled. Then, the scheduler selects a resource based on the developed algorithm and schedules the job. The simulation will be completed when all the user tasks get executed on the grid resources and get back the results. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 148 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 A. Simulation parameters Following simulation parameters are used to conduct the simulation Table 1: Parameters for Simulation Parameter Value 1 Number of User Number of Resources 10-50 Number of PE per 4-16 Resource MIPS of PE 300-900 Resource Cost 5-55 G$ Total Number of 25 Tasks(Ants) Length of Task 100-2500 MI Communication Speed 25-150 IPS Allocation Policy TIME_SHARED Relative performance of current pheromone trail 0.5 intensity (a) Relative importance of initial performance 0.5 attributes (b) Pheromone decay 0.8 parameter (pd) Pheromone encouragement argument 1.1 (Φ) Pheromone punishment 0.8 argument ( Θ ) VII. Experimental Results The proposed algorithm is compared with the random resource allocation algorithm already used in GridSim. This algorithm selects the next resource for task assignment in a random fashion. Experiment 1 Execution cost of the proposed algorithm and random resource allocation algorithm is compared with varying number of resources (10-50) and constant number of the tasks (25). © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 149 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 No. of Resources Vs. Execution Cost 4000 3200 2400 HR 1600 SA RR 800 Execution Cost(G$)Execution SA 0 10 20 30 40 50 No. of Resources Fig: 1 No. of resources Vs. Execution Cost Experiment 2 Execution time of the proposed algorithm and random resource allocation algorithm is compared with varying number of resources (25) and constant number of the tasks (25). No. of Resources Vs. Execution Time 70000 60000 50000 40000 HRS 30000 A 20000 RRSA 10000 Execution Time (Sec.) Time Execution 0 10 20 30 40 50 No. of Resources Fig: 2 No of Resources Vs. Execution Time For selected set of parameters the proposed algorithm shows the improvement in comparisons of random scheduling of a task to a resource. The growth of both the curves in both graphs is approximately same, which shows that there is uniform improvement in the total execution time and cost. The following table shows percentage of improvement in the Average execution time and cost. Table 2: Performance Comparison Average Average Performance Execution Execution Comparison Time (Sec.) Cost (G$) Proposed 2498.31 131.4 Algorithm Random Resource 4299.48 186.49 Selection Algorithm Improvement % 72.09 41.92 VIII. Conclusion and future work The proposed scheduling strategy results in increased performance in terms of low processing time and low processing cost if it is applied to a Grid application with a large number of coarse granularity tasks. This works effectively in minimizing both the processing time of the tasks as well as the processing cost of the tasks depending © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 150 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 upon the value chosen by the grid user who submits the task. Future work would involve developing a more comprehensive distributive scheduling system that takes into account the hierarchy of clusters of resources. And also to reduce the transmission costs and delays in the applications with large number of light weight jobs, job grouping can be done before load balancing the jobs on to the resources. References [1] L.M. Nithya, A.Shanmugam ―Scheduling in Computational Grid with a new hybrid Ant Colony Optimazation Algorithm‖, European Journal of Scientific Research Vol.62 No. 2 (2011) pp.273-281. [2] Salehi, M.A., Deldari, H., Dorri, B.M., 2008. ―Balancing Load in a Computational Grid Applying Adaptive, Intelligent Colonies of Ants‖, Informatics, Vol. 32, pp.327-335. [3] Foster, I., Kesselman, C., Tuecke, S., 2001. ―The Anatomy of the Grid: Enabling Scalable Virtual Organizations‖, International Journal of High Performance Computing Applications, Vol. 15(3), pp. 200-222. [4] Chtepen, M., 2005. ―Dynamic Scheduling in grid systems‖, Sixth Firw. PhD Symposium.Faculty of Engineering, Ghent University, 110, pp.1-2. [5] Schopf, J.M., 2002. ―A General Architecture for Scheduling on the Grid‖, Special issue of JPDC on Grid Computing. [6] Chapman, C., Musolesi, M., Emmerich, W., Mascolo, C., 2007. ―Predictive Resource Scheduling in Computational Grids‖, IEEE Parallel and Distributed Processing Symposium, 2007 (IPDPS 2007), pp. 1-10. [7] Krauter, K., Buyya, R., Maheswaran, M. (2002), ―A Taxonomy and survey of Grid Resource Management Systems for Distributed Computing‖, Software: Practice and Experience (SPE) Journal, Wiley Press, USA, Vol.32 (2), pp. 135-164. [8] Baca, D.F., 1989. ―Allocating Modules to Processors in a Distributed System‖, IEEETransactions on Software Engineering, pp.1427–1436. [9] Kuppani Sathish, A Rama Mohan Reddy, ―ENHANCED ANT ALGORITHM BASED LOAD BALANCED TASK SCHEDULING IN GRID COMPUTING.‖ IJCSNS VOL.8 No.10, October 2008. [10] David De Roure, Mark A. Baker, Nicholas R. Jennings and Nigel R. Shadbolt, Department of Electronics and Computer Science, University of Southampton, Southampton SO17 1BJ, UK “ The Evolution of the Grid”. [11] Kousalya.K and Balasubramanie.P,” An Enhanced Ant Algorithm for Grid Scheduling Problem” IJCSNS VOL.8 No.4, April 2008. [12] M. Dorigo and T. Stützle, Ant colony optimization, Cambridge, Massachusetts, London, England: MIT Press, 2004. [13] Z. Xu, X. Hou and J. Sun, ―Ant Algorithm-Based Task Scheduling in Grid Computing‖, Electrical and Computer Engineering, IEEE CCECE 2003, Canadian Conference, 2003. [14] E. Lu, Z. Xu and J. Sun, ―An Extendable Grid Simulation Environment Based on GridSim‖, Second International Workshop, GCC 2003, volume LNCS 3032, pages 205–208, 2004. [15] H. Yan, X. Shen, X. Li and M. Wu, ―An Improved Ant Algorithm for Job Scheduling in Grid Computing‖, In Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, 18-21 August 2005. [16] Li Liu, Yi Yang, Lian Li and Wanbin Shi, ― Using Ant Optimization for super scheduling in Computational Grid, IEEE proceedings of the 2006 IEEE Asia-pacific Conference on Services Computing (APSCC‘ 06) [17] R. Armstrong, D. Hensgen, and T. Kidd, ―The relative performance of various mapping algorithms is independent of sizable variances in run-time predictions,‖ in 7th IEEE Heterogeneous Computing Workshop, pp. 79–87, Mar. 1998. [18] Rajkumar Buyya, and Manzur Murshed, GridSim: A Toolkit for the Modeling, and Simulation of Distributed Resource Management, and Scheduling for Grid Computing, The Journal of Concurrency, and Computation: Practice, and Experience (CCPE), Volume 14, Issue 13-15, Pages: 1175-1220, Wiley Press, USA, November- December 2002. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 151 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Improvement in Mobile Ad-hoc Routing Protocol Parveen Sharma, Gorav Sharma Dept. of Computer Science SKIET, Kurukshetra, India Abstract- An ad hoc network is a wireless network without fixed access point or infrastructure. Each node in the network functions as a mobile router of data packets for other nodes. Node mobility or node movement link broken in such networks are very often and render certain standard protocols inefficient resulting in wastage of power and loss in throughput. MANET supports multi hop routing in which nodes other than the source and destination nodes take part in packet forwarding from end to end. This results in the energy consumption of intermediate nodes though they are not the actual sender or receiver of the data. It is essential that routing protocol for ad hoc network considers the reasons for link failure to improve routing performance. Link failure systems from node mobility and lack of network resources both resides in wireless medium and in nodes. Therefore it is essential to capture the characteristics to identify the quality of nodes and hence the quality of links[7]. Keywords-NLF, CMMBCR. I. INTRODUCTION A mobile ad hoc network is a dynamically self-organizing network without any central administrator or any infrastructure. If two nodes are not within the range of each other, other nodes are needed to serve as intermediate routers for the communication between the two nodes [1]. Moreover, mobile devices wander autonomously and communicate via dynamically changing network. Thus, frequent change of network topology is a tough challenge for many important issues, such as routing protocol robustness, and performance degradation resiliency[2]. Proactive routing protocols[8] require nodes to exchange routing information periodically and compute routes continuously between any nodes in the network , regardless of using the routes or not. This means a lot of network resources such as energy and bandwidth may be wasted, which is not desirable in MANETs where the resources are constrained [1][3]. On the other hand, on-demand routing protocols [8][9][10] don‘t exchange routing information periodically. Instead, they discover a route only when it is needed for the communication between two nodes. Due to dynamic change of net- work on ad hoc networks, links between nodes are not permanent. In occasions, a node cannot send packets to the intended next hop node and as a result packets may be lost. Loss of packets may affect on route performance in different ways. Among these packet losses, loss of route reply brings much more problems, because source node needs to re-initiate route discovery procedure. In this study we propose a power aware routing protocol which has a new aspect to find out path between source to destination according to to available power of node. II. Related Work In recent time there was various protocol proposed that was used to improve the problem the problem of link failure due to power or reliability reasons in mobile ad hoc network. The one that have proposed is The Dynamic Link failure and Power Aware Reliable Routing in Mobile Ad Hoc Networks[4]. In this method we denote two notations to define the reliable route ,NLF (Normalized Link Failure) and NNF (Normalized Node Failure). Also we addressed the necessity of reliability and related protocols providing redundancy with multiple path. Instead of establishing multiple path, we develop a new reliable single path routing protocol based on node's link failure frequency and battery drain used to forward packet. It can significantly reduce the path maintenance overhead and control message due to the most stable single route instead of multiple routes. And the 2nd method that have proposed is Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks[5]. This method discover that if nodes in an ad hoc wireless network expend most of their power on communication-related applications, power aware routing protocols, like minimum battery cost and min-max battery cost schemes, can prevent nodes from being overused. This extends or increase the time until the first node powers down and increases the operation time before the network is partitioned. However, these power-aware routing protocols tend to select longer paths, which increases the average relaying load for each node and therefore reduces the lifetime of most nodes. This investigations reveal that these two goals (to use each node fairly and extend their lifetimes) are not compatible. A trade-off between them is needed. Our proposed conditional max-min battery capacity routing (CMMBCR) scheme chooses a shortest path if all nodes in all possible routes have sufficient battery capacity. When the battery capacity for some nodes goes below a predefined threshold (g), routes going © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 152 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 through these nodes will be ignored, and therefore the time until the first node power-down is increased. This method select longer path for communication which increase the average relaying load for each node and therefore reduce lifetime of most nodes. The another method that have proposed is ESAR - An Energy Saving Ad Hoc Routing Algorithm for MANET[6].ESAR is an on demand routing algorithm where the routes between the source and destination are determined and maintained when they require sending data among each other. The aim of this algorithm is to achieve minimum routing delay like AODV or maximum network lifetime like EEAODR(Energy Efficient Ad Hoc On Demand Routing). In this algorithm the actual distance between the source to destination as well as the minimum available battery power of a node in the path is considered to find the best path for packet routing. Backup paths are also stored for the purpose of routing when the best path is found suitable no more. These all methods have some disadvantages also so we proposed the new algorithm or protocol to improve the problem of Link Failure in MANET. The aim of this work is to improve the network failure by improving the Node information to utilization the power of node by using routing mechanism in MANETs. Link stability are assigned according to the transmission power needed to reach the destination node, along with the battery status of the sending and intermediate nodes. Our Objective is that choosing routes with maximum battery backup, will lead to better utilization of the power sources of the communicating devices. III. PROBLEM DEFINITION If source A want to send data to the destination D then first of all source A must have a path between source to destination. If source have a path between source A to destination D then source does not knew how match amount of time this path remain alive. When source a send data packet to D then it may be deliver to destination or may be not deliver due to link failure and this link failure occur due to lake of power of the node.So we are proposing a power aware routing protocol that provides accurate power information of current path used by source for communication. IV. PROPOSED WORK Previously the works done on MANETs focused on various methods to remove the problem of Link failure with the energy saving methods and Improve the reliability of AODV protocol Or another several methods. This paper improve the problem of Link Failure in Mobile Ad Hoc Network with the minimum power respectively in nature. The proposed algorithm is an efficient routing algorithm that improves the efficiency of link failure which improves the quality of services. Proposed scheme is an extended version of Link failure based on power failure. In this routing protocol, there are some parameters is use like TTL and minimum required power for communication. Route request packet can be send to the neighbor node based on the maximum required power. This protocol is use to improve the packet delivery ratio from source to destination because it provide the optimal and shortest path in terms of power, that improve the quality of service of this protocol. This approach provides solution of flooding and reduces the power conception. This proposed algorithm use AODV protocol to find out routes from source to destination with minimum available power. In this algorithm following terms are used for calculation. I. Broadcast ID: The broadcast id is a number stored in packet header which is incremented before a new request is disseminated. II. Source Address: Source address is address of source node which is used to send the request between source and intermediate node. III. Destination Address: Destination Address is address of destination node which is used to receive the reply from the source or intermediate nodes. IV. Available Power list: This field contains the available power of the node which is used in current path for communication. MINIMUM AVAILABLE BANDWIDTH Minimum available bandwidth list is the parameters of packet header that contain all the available bandwidth value of current path. By using available bandwidth list this protocol calculate the minimum available bandwidth for communication on current path between sources to destination. PHASES OF ILFRP There are three phase in this protocol I. Route discovery II. Route Reply III. Route maintenance © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 153 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 1. ROUTE DISCOVERY S is the source node which want to communicate with destination D with the help of intermediate nodes. Source node S initiate the RREQ request that packet contain the information like TTL, min_Power, broadcast id, source address, and destination address. All information is collected by source node before sending the RREQ packet to his neighbors. When source node neighbors receive the RREQ packet then first of all it check the destination address of RREQ, if destination address is the address of any one of the neighbor node and check it lies within the range of the network then it consume the packet and send RREP packet to the source node. If destination address is not equal to the neighbor node address then it check the value of TTL, if TTL is less than or equal to zero the node discard the RREQ, else the node calculate the minimum power from the source node. Then it check that node power is greater than or equal to the minimum power require for communication of source node or not. If node power is greater than or equal to minimum power then attach its own address to list of visited node and forward the RREQ packet to its neighbor nodes. If the route cannot find the minimum power, then node discard the RREQ packet. This process is follows by every node which receive the RREQ packet until the RREQ receive the by destination node. Above figure is an example of route discovery process of ILFRP which find the path between source need S and destination node D. 2. ROUTE REPLY PHASE In route reply phase if destination receives the RREQ packet then it check the packet header destination address. If destination address is the address of node then it check the power of the node. If power is greater than or equal to the minimum power the destination consume the RREQ packet and sent RREP packet to source node via same path which path is use to receive RREQ packet from source to destination. Otherwise discard the RREQ packet. In Route Reply Phase reply is sent back from Destination to Source node. 3. ROUTE MAINTENANCE In Ad-hoc network there is high mobility of nodes, links between nodes are likely to break. Thus, we need to maintain the routing path. When the node move outside to the reach of its neighbor then route from source to destination is break i.e RERR is occurred. In this case route maintenance process is use to maintain the route from source to destination. In this phase when a node does not receive a RREP packet it will break the path. In this case, the node sends a route error (RERR) packet to the source node. When the source node receives the packet, it will reconstruct a new path to the destination node.. Algorithm For ILFRP IV. SIMULATION IF ( TTL > 0) { IF(Node_Id==Destination_Id) { Consume the RREQ packet; Calculate the Power for all remaining nodes Choose the node with Min Power ; Send RREP to source node; } Else IF(Node_Id!=Destination_Id) { Enter remaining power into PL; Enter Node_Id into visited node list; Flood RREQ; } } Else { In order to validate the proposed protocol and show its efficiency we present simulations using NS2. NS2 is a very popular network simulation tool. NS2 Drop is anthe interactive Packet; software package which was developed to perform numerical calculations on vectors and matrices.} © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 154 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 The simulation environment settings used in the experiments are shown in Table4.1. The network area is 150 pixels x 150 pixels that include variable number of mobile nodes ranging from 15 to 35. The radio transmission range is assumed to be 20 pixels. The scenario of nodes mobility is generated randomly based on random way point model where a mobile node moves to a new position and pauses there for time period between 0 to 3 seconds, then it move to another position. Simulation Results For Packet Delivery Ratio With Number Of Nodes Figure 4.1 shows the packet delivery ratio with different number of node. It suggests that when the number of node increases then packet delivery ratio is also increases. ILFRP 100 80 60 40 20 0 15 20 25 30 35 40 No of node Packet Delevery Delevery Packet ratio(%) Fig 4.1 Chart between packet delivery rate and number of node Simulation Result For Average Number Of Path With Number Of Mobile Nodes Figure 4.2 shows the Mobility of nodes is increases then the average number of path increase. When mobile node reaches the maximum value then the path between the sources to destination is found for all nodes. But when no of node is increase then the average number of path is increase continuously. ILFRP 100 50 0 15 20 25 30 35 40 AVG PathAVG found(%) No of node Fig 4.2 chart between Average path and number of node Simulation Result For Packet Delivery Ratio With Number Of Nodes Between ILFRP And Shortest Path Protocol © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 155 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Figure 4.3 show the compression between ILFRP and shortest path protocol in terms of packet delivery ratio (%) and different number of mobile nodes. When number of node increase then packet delivery ratio is increases in both the protocol but ILFRP provide more better packet delivery ratio than shortest path protocol. 100 80 60 ELFRP 40 20 Shortest Avg Path found(%) Avg 0 Path 15 20 25 30 35 40 No fo nodes Fig 4.3 chart between average path found and number of node . V. Conclusion & Future Work In this thesis we outline the characteristics of ad hoc mobile networks and present previous work on different methods to resolve the problem of broken link in MANET. Most of the protocols have concentrated on how to quickly reorganize the ad hoc network during times of mobility and how to find the best route without increasing control overhead. However, since mobile hosts have limited battery resources, ad hoc mobile networks should consume battery power more carefully and efficiently to prolong network operation lifetime. In this thesis, I propose routing protocol is use to improve the link failure prediction in terms of power between source to destination. This routing protocol determine the minimum available power between source to destination. Then source node decided the path which has maximum available power between source node to destination node. By using the ILFRP protocol, improve the link failure problem due to power in between source to destination. VI. Future Perspective: Our ILFRP(Improvement of Link Failure Routing Protocol) protocol only provides service in terms of link failure improvement due to power. But link failure is also occur due to transmission range and movement of nodes and congestion etc . So in future our proposed protocol can be reconstruct to generate new protocol in terms of transmission range and movement of nodes that will improve the problem of link failure in Mobile Ad Hoc Network. References [1]. J. Mackar and S. Corson, RFC 2501, ―Mobile Ad hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations‖, IETF 1999 [2]. Y.B. Ko and N. H. Vaidya, "Location-Aided Routing in Mobile Ad Hoc-Scale for Ad Hoc Networks," Proceedings of the second ACM international symposium on Mobile ad hoc networking & computing, Long Beach, CA, USA, pp. 22-32, October 2001 [3]. D. D. Perkins and H. D. Hughes, ―A survey on quality-of-service support for mobile ad hoc networks,‖ Wireless Communications and Mobile Computing, 2002. [4]. Sang-Hee Han and Sang-Ha Kim ―The Dynamic Link failure and Power Aware Reliable Routing in Mobile Ad Hoc Networks‖,2004. [5]. C.-K. Toh, Georgia Institute of Technology, ―Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks‖,IEEE,June2001. [6]. Utkarsh1, Mukesh Mishra2 and Suchismita Chinara3 ―ESAR: An Energy Saving Ad Hoc Routing Algorithm for MANET‖,2012. [7]. Navid Nikaein and Christian Bonnet Institute Eur´ecom Sophia Antipolis, France , ―Improving Routing and Network Performance in Mobile Ad Hoc Networks Using Quality of Nodes‖. [8]. S. Murthy, ―An Efficient Routing Protocol for Wireless Networks," October 1996. [9]. J. Mackar and S. Corson, RFC 2501, ―Mobile Ad hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations‖, IETF 1999. [10]. C.S. Murthy, B.S. Manoj, "AdHoc Wireless Networks",Pearson, 2004 pp. 336-338 and 627. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 156 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Encoding Scheme Used for Genetic Algorithm Ravi Bhushan, Sumati Jaggi Deptt. Of Computer Engg., SKIET Kurukshetra, India Abstract-Genetic algorithm are optimization and robust searching technique that is used to find the best search result. It is an evolutionary approach that has been used in number of NP- hard optimization problems like travelling sales man problem, Dejong’ s function, knapsack problem etc. Genetic Algorithm depends upon a various parameters as like type and probability of crossover and mutation operator, replacement operator etc. The main focus is how to represent the gene in a chromosome. Choosing the right scheme of encoding the gene is a crucial task. Encoding mainly depends on the type of problem. In this paper, a number of encoding schemes like binary encoding, value encoding, permutation encoding, tree encoding etc. have been discussed and their applicability has been identified. A through survey of the encoding schemes was carried out and it is opined that the work performed will help the researchers in selecting a proper encoding scheme while solving any optimization problem using Genetic Algorithm. Keywords- chromosome, crossover , encoding, genetic algorithm, etc. I. Introduction Genetic algorithms are inspired by Darwin‘s theory of natural evolution. Genetic algorithm start with a set of solutions (represented by chromosomes) which called initial population [2]. Solutions from one population are taken and used to form a new population. The main operators of GA are selection, crossover, mutation and replacement. It is motivated by a hope that new population will be better than the old one. Selection of chromosome is inspired by the principal of survival of the fittest- better solutions have more chances to survive. Encoding is a process of representing individual genes or one can say Encoding means to encode a solution of a problem into chromosome. Encoding is the way how genes are represented. Representation can also be termed as encoding [1]. A representation assigns genotypes to corresponding phenotypes. In genetic algorithms, genetic operators work on the level of genotype and evaluation of individuals is performed on the level of phenotype [4]. So, certain mapping or coding function between the phenotypic space and the genotypic space is needed. This can be done by designing the representation as close as possible to characteristics of phenotypic space. The mapping of the object variables to a string code is achieved through an encoding function and the mapping of a string code to its corresponding object variable is achieved through a decoding function. In simple words Encoding means representing genotype to phenotype[3]. Decoding Evaluati Genetic on and Operatio Selection ns Encoding Coding space Solution Space Fig. 1- Encoding-Decoding method II. Types Of Encoding II.I) Binary Encoding scheme It is the simplest way to represent chromosomes. Binary Encoding means encoding using binary strings. A Binary String is a sequence of characters from { 0, 1 }.Thus in Genetic Algorithm Solutions are represented in Binary Encoding as string of 0s and 1s. This encoding type mainly used in problems like knapsack problem. This is one of the popular encoding scheme as earlier GA work used this type of encoding. Table 1: Binary encoding Chromosome 1 00110010 Fitness= 50 Chromosome 2 01010101 Fitness= 84 a) Single Point Crossover- In this one cross point is generated between 1 and chromosome size. Then genes before cross site are copied from 1st parent and genes after cross site from 2nd parent are copied to 1st child same way is applied to the second child. In below figure the crossover point is 2. As shown in below figure © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 157 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 that the first offspring is formed by taking the values before the crossover point from the first parent i.e. 0 1 and rest part is formed by taking the values after the crossover point from the second parent i.e. 1 0 0 1 1 and in case of second offspring formation taking before part from second and after part from first, as shown:- Fig 2- single point crossover In figure 2, the arrows indicate the crossover points. Thus, the contents between these points are exchanged between the parents to produce new children for mating in the next generation. b) Two Point Crossover- Many different crossover algorithms have been devised, often involving more than one cut point, unlike Single point Crossover. It should be noted that adding further crossover points reduces the performance of the GA. The problem with adding additional crossover points is that building blocks are more likely to be disrupted. However, an advantage of having more crossover points is that the problem space may be searched more thoroughly. In two-point crossover (TPC), two crossover points are chosen and the contents between these points are exchanged between two mated parents. In figure, the arrows indicate the crossover points. Fig 3: Two point crossover c) N-point Crossover- This crossover is generalization of single point crossover. N random points are selected. Split the chromosome along these points. A new child is created by gluing parts alternating between parents as shown in Table 2. As this is generalization of single point crossover in the sense that it is highly exploratory and when population size is small then this crossover is recommend. Table 2: N point Crossover Parent 1 000 000 000 000 Parent 2 111 111 111 111 Offspring 1 000111000111 Offspring 2 111000111000 d) Coding in matlab for representation of binary encoding schemes:- x=input(‗enter number of individual‘); y=input(‗enter size of individual‘); geno=round(rand(x,y)); x is no of individual , n is size of individual & geno is x*y matrix in binary encoding scheme fitness depends on value and order: f(v,o). e) Mutation Operator In mutation, one bit is selected & selected bit is inverted. Altering one or more gene value in a chromosome is called mutation and the Mutation operator changes the values of genes. Let mutation site is 5. Table 3- Mutation operator Chromosome 11001101 Offspring 11000101 © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 158 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 II.II) Permutation Encoding Permutation encoding can be used in ordering problems, because binary encoding scheme cannot be able to solve ordering problems such as traveling salesman problem or task ordering problem. In permutation encoding, every chromosome is a string of numbers that represent a position in a sequence. In TSP there are N cities starting from first city and tries to shorten the distance. In other words, find a minimal Hamiltonian circuit in complete graph of N nodes. To represent order of cities we cannot use binary encoding. Chromosome is represented as sequence of integers, where each integer represents a different city and order represents the time at which city is visited. So, in this case we cannot use binary encoding scheme. a) Partially Matched Crossover (PMX):- The PMX technique builds offspring by choosing a subsequence of a tour from one parent and preserving the order and positions of as many cities as possible. In it, two strings are aligned, and two crossover points are selected uniformly at random along the length of the strings, and that points acts as boundaries for the swap operation.. In below Table Two crossover points were selected at random, and PMX proceeds by position wise exchanges. In-between the crossover points the genes get exchanged i.e., the 3 and the 2, the 6 and the 7, the 5 and the 9 exchange places. This is by mapping parent B to parent A. Now mapping parent A to parent B, the 7 and the 6, the 9 and the 5, the 2 and the 3 exchange places. Thus after PMX, the offspring produced as follows. Consider two strings: Table 4: PMX Parent A 4 8 7 3 6 5 1 10 9 2 Parent B 3 1 4 2 7 9 10 8 6 5 Child A 4 8 6 2 7 9 1 10 5 3 Child B 3 1 4 3 6 5 10 8 7 9 where each offspring contains ordering information partially determined by each of its parents. PMX can be applied to problems with permutation representation. b) Order Crossover (OX) - The order crossover begins in a manner similar to PMX. But instead of using point by point exchanges as PMX does, order crossover applies sliding motion. One important point about PMX and OX is that PMX preserves absolute order while OX preserves relative order. In order to create an offspring the String between the two cut points in first parent is first copied to the offspring. Then the remaining positions are filled by considering the sequence in the second parent, starting after the second cut point(when the end of chromosome is reached, the sequence continues at position 1) . this is shows in the below table as:- Table 5: OX Parent A 4 8 7 3 6 5 1 10 9 2 Parent B 3 1 4 2 7 9 10 8 6 5 Child A 3 6 5 2 7 9 1 1 0 4 8 Child B 2 7 9 3 6 5 1 0 8 1 4 From the examples, it can be noted that PMX tends to respect absolute positions While OX tends to respect relative positions. c) Swap mutation- As swap meaning changing the values of selected element. Same in swap mutation means change the elements in selected position such as:- 8 2 3 6 7 9 5 4 Swap mutation 8 5 3 6 7 9 2 4 Fig 4: swap mutation © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 159 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 II.III) Value Encoding In some problems where some more complicated values such as real numbers are used use of binary encoding is difficult, so Direct value encoding can be used for these type of problems . In this encoding, every chromosome is a sequence of some values. Values can be anything related with the problem, such as (real) numbers, chars or any objects. Table 6: value encoding Chromosome 1.2324 5.3243 0.4556 2.3293 2.4545 A Chromosome ABDJEIFJDHDIERJFDLDFLFEGT B Chromosome (back), (back), (right), (forward), (left) C a) Coding in matlab for representation of value encoding(real value) schemes:- x= input(‗enter number of individuals‘); y=input(‗enter size of individuals‘); geno= Rands(x,y); Here x is number of individuals & y is size of individual. Operator in value encoding scheme:- Arithmetic crossover:- This operator combine two chromosome & produce 2 offspring by formula. Offspring1= a * parent 1+(1-a) * parent 2 Offspring 2=(1-a) * parent 1+ a * parent 2 II.IV) Tree Encoding Tree encoding is two dimensional encoding scheme. The special use of tree encoding is that it is used for evolving programs or expressions, i.e. for genetic programming. Genetic programming is specialized part of GA. In the tree encoding every chromosome is a tree of some objects, such as all leafs are values or variables and internal nodes represent functions / * 6 8 4 Fig:5- Tree encoding III. Conclusion :- After study of existing encoding schemes, it has been found that encoding scheme used for representation of chromosome and this representation should follow two principals, that increases the survival rate of individuals i.e. principal of meaningful building blocks and principle of minimal alphabets. In some encoding schemes, as in various types the fitness depends on order of genes while in other it depends on value. Different encoding schemes require different crossover and mutation operators. There is possibility that an operator applicable in one may or may not be applicable in others. Encoding schemes applicability has lot to do with the problem specification. References [1] D.E.Goldeberg, Genetic algorithm search, optimization and machine learning. Addition Wesley Longman, Inc, ISBN0-201-15767-5, 1989. [2] S. N. Shivanandam, S.N.Deepa, Introduction to Genetic Algorithms, ISBN 978-3-540-73189-4 Springer Berlin Heidelberg New York. [3] Rakesh Kumar, Jyotishree, Novel Encoding Scheme in Genetic Algorithms for Better Fitness [4] Anit kumar, Encoding Schemes In Genetic Algorithm, ISSN: 2278-6244, Vol. 2 | No. 3 | March 2013 © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 160 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [5] N. cahiyarataiia, A.M.S Zalzala ,Recent Developments In Evolutionary And Genetic Algorithms Theory And ApplicationsGenetic algoruithm in engering systems:Innovations and applications,2-4 septemeber 1997,Confrence Publication No. 446,IEEE,1997 © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 161 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Emerging Biometric Techniques Parbhat Verma1 Ashpreet Kaur2 A.P. in CSE Department M.Tech Scholar Modern Institute Of Engg. & Tech. Modern Institute Of Engg. & Tech. Mohri(Kurukshetra), Haryana, India Mohri(Kurukshetra), Haryana, India Abstract :Biometric recognition is the task of identifying an individual on the basis of his/her physiological or behavioral traits. Necessity of developing full-proof security systems has provided biometric research much needed impetus. Over the last three decades there has been a lot of work done on development of systems based on fingerprint, face, iris, voice etc., but in the recent past some new biometric measures have emerged which have shown prospect of enhancing the performance of the traditional biometrics by fusing these new biometric modalities with established ones. Some of these biometric measures have shown tremendous potential in forensic applications. In this paper a review of four of these emerging biometric techniques is presented. Keywords: Biometric, Traditional Biometric Techniques, ECG, Lip-print, EEG, Mouse Dynamics 1. Introduction In an era where people demand flawless security measures that are simple, convenient and user friendly Biometric based systems have has carved a niche for itself.. Biometrics (Bio-Life and metrics-measure) deals with automatic authentication of people based on their physiological and behavioral characteristics. These systems provide security based on ―what you own‖ rather than ―what you know‖ (password/PIN) or ―what you have‖ (smart-card). Therefore, such systems are convenient as one need not to memorize anything like incase of passwords and is always with you unlike smart-card etc. while ensuring full-proof security because no third party can use it [1]. A number of systems based on various physiological and behavioral traits have been developed which include fingerprint [2], face [3], iris [4], retina [5], voice [6], ear [7], hand geometry [8], and signature [9].Table 1 presents a summary of these traditional biometric measures mentioning the standard approaches adopted in systems based on them and their pros and cons. However none of these biometric measures provide a full–proof solution with total population coverage. In order to overcome the problem of these traditional biometric measures some new biometric measures have been proposed like ECG [10], EEG [11], lip-print [12], mouse dynamics [13], dental radiograph [14], tongue print [15], skin spectroscopy etc. Some of these have been already used in forensic applications. In this paper an overview of ECG,EEG, lip-print and mouse dynamics based person identification system has been presented which if used in conjunction with traditional biometric measures as a part of multimodal system may go on to improve the system performance. An emerging biometric is a biometric that is in the infancy stages of proven technological maturation. Once proven, an emerging biometric will evolve in to that of an established biometric. Table 1. A summary of Traditional Biometric Techniques S.No. Biometric Approaches adopted Pros Cons Technology Iris Scan [4] I. Complex valued 2-D Potential for high Accuracy Intrusive 1. Gabor Wavelets[16]. Long term stability Some II. Laplacian of Gaussian Fast processing people filters [17]. think the state of health can be detected High cost Retinal Scan Feature Based – Retinal High accuracy Difficult 2. [5] vein pattern Long-term stability to use Fast verification Intrusive Limited application s © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 162 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Fingerprint I. Minutiae-based Mature technology Inability to 3. [2] methods [18] Easy to use enrol II. Image based High accuracy some methods. Long-term stability . users Affected by skin condition Sensor may get dirty Face [3] I. Image Based Non-intrusive Affected 4. Statistical Low cost by methods[19] Ability to operate II. Feature based covertly environment methods[20] High false non-match rates Potential for privacy abuse Voice [6] Low level features Use of existing telephony Pre- 5. I. Pitch infrastructure or simple recorded II. MFCC microphones attack High level features Easy to use/ hands free Variabilit y of the voice (ill or drunk) Affected by backgroun d noise Signature [9] Feature based methods Resistance to forgery Signature 6. Widely accepted inconsiste No record of the ncies signature Difficult to use Problem with trivial signatures Ear [7] Methods using Useful for partial face Ears 7. I. Pictures images never stop II. Earmarks growing © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 163 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Hand Feature Based : Not affected by Low 8. Geometry Finger length, width, environment accuracy [8] thickness curvatures Mature Technology High cost and relative location of Relatively features large readers 2. ElectroCardioGram (ECG) Human heart is a muscle which can be thought of as a two stage pump that ensures circulation of blood in our body. The heart serves as a pump because of its ability to contract under an electrical stimulus provided by the SA node (pacemaker of heart). The pulse produced by the SA node results in contraction of atria. The action potential generated propagates through atria on reaching AV node is delayed before being transmitted to the ventricles. This entire process involves one cardiac cycle. The contraction of so many cells at one time creates a mass electrical signal that can be detected by electrodes placed on the surface of person‘s chest or his extremities. The electrocardiogram (ECG or EKG) is a graphic recording or display of these time–varying voltages produced by heart during cardiac cycle. The different parts of ECG waveform are designated by letters as shown in Fig. 1. The P- wave indicates arterial contraction; ventricular systole occurs immediately following the QRS complex, and a refractory period (resting for depolarization) is indicated by the T-wave. ECG has been Fig. 1. ECG waveform and its various components. extensively used for detection of various abnormalities of the heart. In most of these diagnosis the time duration and the amplitude of the various waves is used. Of late there has been growing interest in using ECG as a biometric measure. The ECG from person to person varies due to the differences in position size and anatomy of the heart, age, sex, relative body weight , chest configuration and various other factors. Beil and et al [21] had in their work concluded that it is possible to identify individuals on the basis of an ECG signal. A single lead ECG is one dimensional low frequency signal which can be recorded with three electrodes (two active electrodes and a ground electrode). 2.1. Advantages of ECG based biometric A physiological or behavioral characteristic to be used as a biometric measure should possess universality, distinctiveness, permanence, ease in collectability, robust, acceptable to users and immune to spoofing. Universality is required so as to ensure that entire population is covered. However some of the physiological and behavioral characteristics may not be present in all individuals due to some diseased state or work environment conditions e.g. fingerprints of a small fraction of the population may be unsuitable for automatic identification because of genetic factors, aging, environmental, or occupational reasons (e.g., manual workers may have a large number of cuts and bruises on their fingerprints that keep changing). This problem of universality can be easily overcome by the use of ECG as it is present in all living beings. Another problem with the existing systems is that they are vulnerable to direct attacks by use of some artificial template e.g. gummy fingerprints. ECG based system will also overcome this problem as liveness is inherent characteristic of an ECG signal. This characteristic property will be useful in fusion of ECG signal with other robust biometric measures so as to provide a biometric system which is resistant to direct attacks from fake users by use of synthetic biometric sample (e.g. speech, fingerprints or face images). © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 164 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 3. Lip-print The study of lip prints is known as cheiloscopy. The lip prints are unique to one person except in monozygotic twins. Santos in 1967 was the first one to classify lip grooves into four types namely: i. Straight line ii. Curved Line iii. Angled line iv. Sine-shaped curve Fig 2. Various Lip print patterns In general the lip features can be divided into three different categories: Lips texture features, Lips shape features and Lips motion features. The lip motion features have been employed in speaker recognition tasks. Moreover lip motion and lip–print have been manually employed in forensic applications. One may feel that any one person will have only one of the above mentioned types but it is not so. In fact a person can have a combination of these types. In order to simplify this lips are divided into quadrants which are studied separately. This is done manually in dental forensics for quiet sometime. With the recent development in imaging systems and cameras the idea is to use lip print images for person authentication. 3.1. Advantages of Lip-print based biometric Lip print based system offer the advantage of being used in conjunction with face and voice based systems so as to enhance their performance. In addition to this development of lip based authentication system will also be beneficial in forensic applications. 4. ElectroEncephaloGram (EEG) During more than 100 years of its history, encephalography has undergone massive progress.The existence of electrical currents in the brain was discovered in 1875 by an English physician Richard Caton. Caton observed the EEG from the exposed brains of rabbits and monkeys. In 1924 Hans Berger, a German neurologist, used his ordinary radio equipment to amplify the brain's electrical activity measured on the human scalp. He announced that weak electric currents generated in the brain can be recorded without opening the skull, and depicted graphically on a strip of paper. The activity that he observed changed according to the functional status of the brain, such as in sleep, anesthesia, lack of oxygen and in certain neural diseases, such as in epilepsy. Berger laid the foundations for many of the present applications of electroencephalography. He also used the word electroencephalogram as the first for describing brain electric potentials in humans. He was right with his suggestion that brain activity changes in a consistent and recognizable way when the general status of the subject changes, as from relaxation to alertness [22]. Later in 1934 Adrian and Matthews published the paper verifying concept of ―human brain waves‖ and identified regular oscillations around 10 to 12 Hz which they termed ―alpha rhythm‖ [22]. 4.1. Brain waves classification For obtaining basic brain patterns of individuals, subjects are instructed to close their eyes and relax. Brain patterns form wave shapes that are commonly sinusoidal. Usually, they are measured from peak to peak and normally range from 0.5 to 100 μV in amplitude, which is about 100 times lower than ECG signals. By means of Fourier transform © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 165 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 power spectrum from the raw EEG signal is derived. In power spectrum contribution of sine waves with different frequencies are visible. Although the spectrum is continuous, ranging from 0 Hz up to one half of sampling frequency, the brain state of the individual may make certain frequencies more dominant. Brain waves have been categorized into four basic groups (Figure 3): - beta (>13 Hz), - alpha (8-13 Hz), - theta (4-8 Hz), - delta (0.5-4 Hz). Figure 3. Brain wave samples with dominant frequencies belonging to beta, alpha, theta, and delta band. The best known and most extensively studied rhythm of the human brain is the normal alpha rhythm. Alpha can be usually observed better in the posterior and occipital regions with typical amplitude about 50µV.According to our experiences alpha were also significant between posterior and central regions in comparison to other regions. Alpha activity is induced by closing the eyes and by relaxation, and abolished by eye opening or alerting by any mechanism (thinking, calculating). Most of the people are remarkably sensitive to the phenomenon of ―eye closing‖, i.e. when they close their eyes their wave pattern significantly changes from beta into alpha waves. The precise origin of the alpha rhythm is still not known. Alpha waves are usually attributed to summated dendrite potentials. Evoked potentials often consist of fiber potentials and synaptic components[23]. EEG is sensitive to a continuum of states ranging from stress state, alertness to resting state, hypnosis, and sleep. During normal state of wakefulness with open eyes beta waves are dominant. In relaxation or drowsiness alpha activity rises and if sleep appears power of lower frequency bands increase. 4.2. Advantages of EEG based biometric The greatest advantage of EEG is speed. Complex patterns of neural activity can be recorded occurring within fractions of a second after a stimulus has been administered. EEG provides less spatial resolution compared to MRI and PET. Thus for better allocation within the brain, EEG images are often combined with MRI scans. EEG can determine the relative strengths and positions of electrical activity in different brain regions. 5. Mouse Dynamics Mouse dynamics describe an individual's behavior with a computer-based pointing device, such as a mouse or a touch- pad. Recently, mouse dynamics have been proposed as a behavioral biometric, under the premise that mouse behavior is relatively unique among different people. Mouse dynamics are not the only behavioral biometric to be proposed that is based on one's behavior with a human computer interface (HCI) device. Keystroke dynamics, which measure an individual's unique typing rhythms, have been the subject of considerable research over the past few decades and their use for authentication has shown promising results [24]. Given that much of the interaction between humans and computers these days involves the use of a pointing device, using mouse dynamics for authentication was an obvious next step. In the context of authentication, biometrics have several advantages over traditional authentication techniques that verify identity based on something one knows (e.g. a password) or something one has (e.g. a hardware token). In particular, biometrics cannot be forgotten, stolen, or misplaced. Additionally, HCI-based behavioral biometrics have the advantage that they are less obtrusive than other biometrics © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 166 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 and do not require special hardware in order to capture the necessary biometric data. While authentication with keystroke dynamics has been studied extensively over the past three decades, mouse dynamics has just recently begun to gain interest over the last decade. In general, mouse dynamics seems to hold promise as an authentication technique, with some recently proposed approaches reporting error rates better or comparable to other well- established biometrics such as voice and face recognition. However, we believe that this may be an overly optimistic assessment of the state of the art due to limitations in the experimental evaluations that have appeared in the literature. More specifically, we have observed that many of the existing approaches require an impractical amount of mouse data to be collected before an authentication decision can be made with reasonable accuracy. 5.1. Advantages of Mouse Dynamics Mouse dynamics presents a number of advantages: The system builds on already familiar user skills, like mouse movements and users can reliably reproduce complex mouse based signatures. The system based on neural networks, can learn over time to incorporate changes of the users typing and mouse signature characteristics. The specific modality is mostly proposed as an on-line biometric verification solution. On-line banking, internet shopping, or accessing web based e-mail, could be a few of its possible applications. However, mouse dynamics can be applied only on those applications where a computer founds a natural match [25]. 6. Conclusion The current research trends have shown the prospect of using ECG and lip print as measure for human identification. ECG has advantage of being immune to direct attack by use of a synthetic template and will provide entire population coverage. The ECG based biometric systems are still in their infancy and there are some open issues which have to be addressed before commercially deploying such systems in unimodal form. The results have been reported for a population of few hundred and needs to be verified for a larger population, Moreover the stability of features extracted from ECG with reference to change in emotional and physiological state of person needs to be studied. Similarly some authors believe that the study has to be carried over a wider class of individuals in order to establish the individuality of the lip prints. However ECG can be clubbed with other robust biometrics like fingerprint and iris to provide a reliable multi modal biometric system and lip print can combined with face and voice to develop a user friendly biometric system. Methods that use more advanced human features and sophisticated electronic devices have been proposed. Most of the emerging biometric systems have not been tested on large databases.An issue for the following years would be the independent performance analysis on multimodal data bases that would be essential to assess performance and compare modalities to each other. However, the remarkable variety as well as the promptness of the new biometric methods and modalities development, predisposes us for the amazing developments that we will meet in the near future. References: [1] Jain Anil K., Ross Arun, Prabhakar Salil, ―An introduction to biometric recognition,‖ IEEE Transactions on Circuits and Systems for Video Technology, Vol. 14, No.1, Jan. 2004, pp 4-20. [2] Maltoni, D., D. Maio, A.K. Jain and S. Prabhakar, ―Handbook of fingerprint recognition‖, Springer, New York, 2003. [3] Chellapa, Rama, Wilson, Charles L, and Sirohey, Saad, ―Human and machine recognition of faces: a survey‖ Proc. IEEE, Vol. 83, No 5, May 1995, pp-705-740. [4] Bowyer, K. W. Hollingsworth, K. and Flynn. P J. ―Image understanding for iris biometrics: a survey‖ Computer Vision and Image Understanding 110 (2),May 2008, pp. 281-307. [5] H. Tabatabaee, A. Milani-Fard, and H. Jafariani, "A Novel Human Identifier System Using Retina Image and Fuzzy Clustering Approach," in Proceedings of the 2nd IEEE International Conference on Information and Communication Technologies (ICTTA 06), Damascus, Syria, April 2006, pp. 1031-1036. [6] Kinnunen, T. and Li, H. ―An overview of text-independent speaker recognition: from features to supervectors‖, Speech Communication, Vol. 52, Issue 1, January 2010, pp. 12-40. [7] Choras, M. ―Image feature extraction methods for ear biometrics--a survey‖ Proceedings of International Conference on Computer Information Systems and Industrial Management Applications, 2007. [8] Reillo, R. S., Avilla, C. S. and Marcos, A. G., ―Biometric Identification through Hand Geometry Measurements‖, IEEE Transactions on Pattern Analysis and Machine Intelligence Vol. 22, no. 10, October 2000, pp. 1168-1171. [9] Zanuy, M. F., ―Signature recognition state-of-the-art‖ IEEE A&E Systems Magazine, July 2005, pp. 28-32. [10] T.W. Shen, ‖Biometric identity verification based on electrocardiogram(ECG)‖,Ph.D Dissertation,University of Wisconsin, Madison, 2005. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 167 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 [11] A. Riera, M. Soria-Frisch, C. Caparrini, C. Grau and G. Ruffini, ―Unobtrusive biometric system based on electroencephalogram analysis,‖ EURASIP Journal on Advances in Signal Processing, Vol. 1 pp. 18-25, January 2008. [12] Baik, K. S. , Kim, J. O. ,Chung, C. H., and Hwang, J. ―On a Lip Print Recognition by the Pattern Kernels with Multiresolution Architecture‖ Proc of International Conference on Image Processing, Vol. 3, pp. 246-249. [13] Ahmed Awad E. Ahmed and Issa Traore ―A new biometric technology based on mouse dynamics‖ IEEE Transactions on Dependable and Secure Computing, Vol. 4, no. 3, 2007,pp. 165-179. [14] Jain Anil K and H. Chen, ―Dental biometrics: alignment and matching of dental radiographs,‖ IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 27, no. 8, pp. 1319–1326, August 2005. [15] David Zhang, Zhi Liu , Jing-QiYan ―Dynamic tongueprint: a novel biometric identifier ―Pattern Recognition, Vol.43,issue,3, March 2010. [16] Daugman, J. G. ―High confidence visual recognition of persons by a test of statistical independence,‖ IEEE Transaction on Pattern Analysis and Machine Intelligence Vol. 15, 1993, pp.1148–1161. [17] Wildes,.R., Asmuth, J., Green, G., Hsu, S. , Kolczynski, R. , Matey, J. , McBride, J. ― A machine-vision system for iris recognition,‖ Machine Vision and Applications Vol. 9 (1996) 1-8. [18] N. Yager and A. Amin, ―Fingerprint verification based on minutiae features: a review‖, Pattern Analysis Application, Vol. 7, pp. 94–113, 2004. [19] Turk,M. and Pentland , A. ―Eigenfaces for Recognition,‖ Journal of Cognitive Neuro Science, Vol. 3, No,1, pp-71-86,1991. [20] Brunelli,, R. and Poggio, T., ―Face recognition: Features versus Templates‖ IEEE Transaction on Pattern Analysis And Machine Intelligence, Vol. 15, No. 10, October 1993, pp. 1042-1052. [21] Biel, L., Pettersson, O., Philipson, L., Wide, P., ―ECG Analysis: A New Approach in Human Identification‖, IEEE Transactions on Instrumentation Measurement, Vol.50, 2001, pp. 808–812. [22] J. D. Bronzino. 1995. ―Principles of Electroencephalography.‖ In: J.D. Bronzino ed., The Biomedical Engineering Handbook, pp. 201-212, CRC Press, Florida.. [23] R.D. Bickford. 1987. ―Electroencephalography‖. In: Adelman G. ed. Encyclopedia of Neuroscience,Birkhauser, Cambridge (USA), 371-373. [24] F. Monrose and A. D. Rubin. ―Keystroke dynamics as a biometric for authentication‖, Future Generation Computer Systems, 1:351{359, 2000.} [25] Revett K, Jahankhani H, Magalhaes ST, Santos HMD (2008) ―A survey of user authentication based on mouse dynamics:, In: Communications in computer and information science, vol 12. Springer, Berlin, Heidelberg, pp 210–219. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 168 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Information Retrieval Using Web Mining Techniques Ravi Bhushan1, Mohit Vats2 SKIET, Kurukshetra1 VTI Infotech, Kurukshetra2 India India Abstract -With the huge amount of information available on internet, the World Wide Web is a fertile area for data mining research. The web mining is an application of data mining. The web mining research is an active search area for several research communities such as database, information retrieval, AI, especially the sub area of machine learning and natural language processing. However, there are a lot of confusions when comparing research efforts from different point of views. In this paper, we survey the research in the area of web mining, point out some confusions regarding the usage of the term web mining and suggest three web mining categories. Keywords- Web, Web mining, data mining, information retrieval, information extraction I. Introduction The World Wide Web consists of billions of web pages and huge amount of information available within pages[1]. To retrieve the required information, web search engines perform a number of tasks based on their respective architectures. The World Wide Web is a popular and interactive medium to disseminate information today. The web is huge, diverse and dynamic and thus raises the scalability, multimedia data and temporal issue. There are a number of problems associated with information retrieval and those are:- a) Finding relevant information: People either browse or use the search when they want to find specific information on the web. When a user uses search service, the result is the list of pages ranked based on their similarity to the query. The problem is low precision[3], which is due to irrelevance of many of the search results. This results in a difficulty finding the relevant information. b) Creating new knowledge out of the information available on the web: Actually this problem could be regarded as a sub problem of the problem above. While the problem above is usually a query triggered process, this problem is a data triggered process that presumes that we already have a collection of web data and we want to extract potentially useful knowledge out of it. c) Personalization of the information: This problem is often associated with the type and presentation of information, since it is likely that people differ in the contents and presentations they prefer while interacting with the web. d) Learning about consumers or individual users: This problem is about knowing what the customers do and want. Inside this problem, there are sub problems such as mass customizing the information to the intended consumers or even to personalize it to individual user, problem related to effective web site design and management, problems related to marketing etc. II. Web Mining Web Mining is the use of data mining techniques to automatically discover and extract information from web documents and services. This area of research is so huge today partly due to interests of various research communities, the tremendous growth of information sources available on the web and recent interest in e-commerce. A number of subtasks under this are:- a) Resource Finding: We mean the process of retrieving the data is either online or offline from the text sources available on the web such as electronic newsletters, electronics newswire, newsgroups, the text contents of HTML documents obtained by removing HTML tags and also the manual selection of web resources. b) Information selection and pre-processing: Automatically selecting and pre-processing specific information from retrieved web resources. c) Generalization: automatically discovers general patterns at individual web sites as well as across multiple sites. d) Analysis: validation and (or) interpretation of the mined patterns. III. Web mining Techniques We categorize web mining techniques into three areas of interest based on which part of the web to mine[6]. Web content mining, web structure mining, and web usage mining. The taxonomy is given in fig. 1. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 169 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 Web Mining Web Web Web Content Structure Usage Mining Mining Mining Web Page Web Search General Access Customized Usage Tracking Content Mining Result Mining Pattern Tracking Agent Database Agent Database Based Approach Based Approach Approach Approach Fig.1-Taxonomy of Web Mining a) Web Content Mining:- describes the discovery of useful information from the web contents/data/documents. However, what consist of the web contents could encompass a very broad range of data. Previously the internet consists of different type of services and data sources such as Gopher, FTP, and UseNet. It can be applied on web pages itself or on the result pages obtained from a search engine. Web content mining can be differentiated from two different views: Information Retrieval (IR) View and Database (DB) View. In IR view, almost all the researches use bag of words to represent unstructured text, while for the semi- structured data, the HTML structure inside the documents can be used. Intelligent web agents can be used here for web mining purpose. The main goal of web content mining from the IR view is mainly to assist or to improve the information finding and filtering the information to the users. In DB view, a web site can be transformed to represent a multi-level database and web mining tries to infer the structure of the web site from this database. b) Web Structure Mining:- tries to discover the model underlying the link structures of the web. The model is based on the topology of the hyperlinks with or without the description of the links. This model can be used to categorize web pages and is useful to generate information such as the similarity and relationship between different websites. Web structure mining could be used to discover authority sites for the subjects and overview sites for the subjects that point to many authorities. According to the type of web structural data, web structure mining can be divided a into two kinds: 1. Extracting patterns from hyperlinks in the web: a hyperlink is a structural component that connects the web page to a different location. 2. Mining the document structure: analysis of the tree-like structure of page structures to describe HTML or XML tag usage. c) Web Usage Mining:- tries to make sense of the data generated by the web surfer‘s sessions or behaviors. While web content and structure mining utilize the real or primary data on the web, Web usage mining mines the secondary data derived from the interactions of the users while interacting with the web. The web usage data includes the data from web server access logs, proxy server logs, browser logs, user profile, registration data, user sessions or transactions, cookies, user queries bookmarks data, mouse clicks and scrolls and any © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 170 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 other data as results of interactions. Web usage mining itself can be classified further depending on the kind of usage data considered: Web Server Data: The user logs are collected by the Web server. Typical data includes IP address, page reference and access time. Application Server Data: Commercial application servers have significant features to enable e-commerce applications to be built on top of them with little effort. A key feature is the ability to track various kinds of business events and log them in application server logs. Application Level Data: New kinds of events can be defined in an application, and logging can be turned on for them thus generating histories of these specially defined events. It must be noted, however, that many end applications require a combination of one or more of the techniques applied in the categories above. IV Conclusion In this paper, a study is done in the area of web mining. We study different categories of web mining like web content mining, web structure mining and web usage mining. We point out some confusion regarding the usage of the term web mining then situate some of the research with respect to these categories. The problems associated with information retrieval from web also discussed. References [1] S. Brin and L. Page. The Anatomy of a Large-Scale Hyper textual Web Search Engine. Proceedings of 7th International World Wide Web Conference, pages 107–117, 1998. [2] Zdravko Markov and Daniel T. Larose, ―Mining the Web: Uncovering Patterns in Web Content, Structure, and Usage Data‖. Copyright 2007 John Wiley & Sons, Inc. [3] Wenpu Xing and Ali Ghorbani, ―Weighted PageRank Algorithm‖, Proc. of the 2nd Annual Conference on Communication Networks & Services Research, 2004. [4] L. Page, S. Brin, R. Motwani, and T. Winograd, ―The Pagerank Citation Ranking: Bringing order to the Web‖. Technical report, Stanford Digital Libraries SIDL-WP-1999- 0120, 1999 ACM SIGIR Conference on Research and Development in Information Retrieval, 1998. [5] R. Lempel and S. Moran, ―SALSA: The Stochastic Approach for Link-Structure Analysis‖. ACM Transactions on Information Systems, 19(2), Apr 2001, pp: 131–160. [6] R.Cooley, B.Mobasher and J.Srivastava, ―Web Mining: Information and Pattern Discovery on the World Wide Web‖. Proceedings of the 9th IEEE International Conference on Tools with Artificial Intelligence (ICTAI‘97), 1997. [7] L. Page, S. Brin, R. Motwani, and T. Winograd, ―The Pagerank Citation Ranking: Bringing order to the Web‖. Technical report, Stanford Digital Libraries SIDL-WP-1999- 0120, 1999 ACM SIGIR Conference on Research and Development in Information Retrieval, 1998. [8] Google Technology: http://www.google.com/technology/index.html. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 171 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 HTML5 Client-side Stored XSS in Web SQL Database HTML5 Security 1Shubhamoy Chakrabarty, 2Akhilesh Kumar Bhardwaj 1Director, Kalakhatta Networks Pvt. Ltd., Dwarka, New Delhi 2Computer Sc & Engg, SKIET, Kurukshetra Abstract— This paper demonstrates the method of exploiting the Web SQL Database to execute Stored XSS. Index Terms—XSS Attacks, HTML5 Security, Web SQL Database, Persistent XSS I. Introduction HTML5 is an emerging stack for next generation applications. It is enhancing browser capabilities and allows executing Rich Internet Applications in the context of modern browser architecture. Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is not a single technology stack but combination of various components like XMLHttpRequest (XHR), Document Object Model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser Rendering. It brings several new technologies to the browser like localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to compromise. It increases the client side attacks. II. Top 10 Web Application Security Risks CORS Attacks and CSRF Same Origin Policy (SOP) dictates cross domain calls and allows establishment of cross domain connections. SOP bypass allows a CSRF attack vector to be deployed; an attacker can inject a payload on a cross domain page that initiates a request to the target domain without the consent or knowledge of the victim. HTML5 has one more method in place called CORS (Cross Origin Resource Sharing). CORS is a ―blind response‖ technique and is controlled by an extra HTTP header ―origin‖, which when added, allows the request to hit the target. ClickJacking, CORJacking and UI Exploits ClickJacking is becoming a popular attack vector in current applications. A number of social networking sites allow reloading into an iframe. This opens up an opportunity for successfully initiating ClickJacking attacks on these sites. Also, HTML 5 allows iframe with sandbox; sandboxes have interesting attributes such as allow-scripts that help in breaking frame- bursting code implementation by not allowing script execution within the frame. XSS with HTML5 (tags, attributes and events) HTML 5 has some interesting additional tags, these tags allows dynamic loading of audio and video. These tags have some interesting attributes like poster, onerror, formaction, oninput, etc. All these attributes allows JavaScript execution. These tags can be abused both for XSS and CSRF. Web Storage and DOM Information Extraction HTML 5 supports LocalStorage, wherein a developer can create LocalStorage for the application and can store some information. This storage can be accessed from anywhere in the application. This feature of HTML 5 offers great flexibility on the client side. LocalStorage can be accessed through JavaScript. This allows an attacker to steal information via XSS, if the application is vulnerable to an XSS attack. SQLi & Blind Enumeration HTML 5 allows offline databases in the form of WebSQL. This feature enhances performance. We have seen SQL injections on the server side but this mechanism can open up client side SQL injections. If the application is vulnerable to XSS then an attacker can steal information from WebSQL and transfer it across domains. Imagine a bank or trading portal storing the last 20 transactions on WebSQL being the target of an XSS attack. Web Messaging and Web Workers Injections WebWorker and Web Messaging is the newly added vector in HTML 5. It allows threading using JavaScript. WebWorker can help in payload delivery and exploitation to typical Web 2.0 applications. Web 2.0 applications run © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 172 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 in single DOM, in this case, if the application is vulnerable to DOM-based XSS, then it is possible to inject a stealth thread in the background, which would allow an attacker to monitor all activities going on in that particular DOM. DOM based XSS with HTML5 and Messaging DOM-based XSS attacks are on the rise. This can be attributed to the fact that large applications are built using single DOM and XHR/AJAX along with Web Messaging. Several HTML 5 tags and attributes are controlled by DOM calls. Poorly implemented DOM calls like eval() or document.*() within Web Messaging and Workers can cause a ―cocktail‖ attack vector where both DOM and HTML5 can be leveraged simultaneously. This expands the attack surface allowing more entry points for attackers. Third Party/Offline HTML Widgets and Gadgets HTML5 supports caching pages for offline usage and it can cause a security issues within the application framework. Browser‘s cache can be poisoned and attacker can inject a script and then keep an eye on particular domain. Web Sockets and Attacks HTML 5 supports WebSocket – a feature that allows browsers to open sockets to target ports on certain IPs. There are some restrictions on the list of ports that can be used. This can be used by an attacker to craft a vector which communicates with web ports and even with non-webports with restrictions Protocol/Schema/APIs attacks with HTML5 HTML 5 also allows thick client like features inside a browser‘s UI. These features can be leveraged by an attacker to craft attack vectors. An attacker can leverage drag-drop thick client APIs which can help in exploiting self XSS, forcing data on the fields, content/session extraction, etc. It can be linked with iframe-driven ClickJacking or UI redressing issues. III. TECHNICAL INTRODUCTION Cross Site Scripting (XSS). Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user‘s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page. Types of XSS 1. Non-Persistent XSS: The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type. These holes show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to generate a page of results for that user, without properly sanitizing the request. 2. Persistent XSS: The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read. IV. STORED XSS VULNERABILITY IN ACTION Imagine a website trying to support offline browsing and storing the values in the local WebSQL database. The moment user gets disconnected, all the data is stored in the local DB. The moment our user connects back all the data is synced to the server. Now if the data isn‘t validated then malicious data can be sent in the form of malicious code. The demonstration of stored XSS in Web SQL Database mainly requires a simple web application which © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 173 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 stores the user input without any filtering. So we now we need the attack vectors to see the live action as well as the ways by which we can mitigate these kinds of attack. The above screenshot shows an interface which simply stores the uses inputs in the local database which can be exploited by various types of attack vectors. In the upcoming screenshots, we have tried various attack vectors in javscript and HTML to exploit the vulnerability. Output on the following attack vectors: 1. 2. © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 174 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 3. 4. 5. V. MITIGATING THE VULNERABILITY OWASP ESAPI is a free and open collection of security methods needed to build secure web applications which allows in mitigating various types of attacks on a web application. The purpose of ESAPI is to provide a simple interface that provides all the security functions a developer is likely to need in a clear, consistent, and easy to use way. The ESAPI architecture is very simple, just a collection of classes that encapsulate the key security operations most applications need. Secured Demo © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 175 International Journal of Advanced Research in Computer Science and Software Engineering(IJARCSSE), ISSN: 2277 128X;ISBN: 2277 6451 Volume-3, Issue-8 (2013) www.ijarcsse.com All India Seminar on Emerging Trends in Cryptography(ETC-2013), August – 2013 This library provides good security but the client-side protection can be easily bypassed so we must always filter the values whether passed by the browser or the user since tampering can take place. Normally we developers don‘t filter the data submitted by the browser and this leads to serious vulnerabilities. Applying Attack Vectors After using ESAPI, all the code is outputted as it is rather then executing they are rendered as plain text. Thus provides better security. 1. 2. Acknowledgment 1. Gunwant Singh – Information Security Analyst, WIPRO 2. Sachin Kumar – Lead Web Developer, ProProfs.com References 1. OWASP HTML5 Security: owasp.org/index.php/HTML5_Security_Cheat_Sheet 2. HTML5Sec Security Cheat Sheet: html5sec.org 3. WebSQL Database Security code.google.com/p/html5security/wiki/WebSQLDatabaseSecurity 4. RSnake‘s XSS Cheat Sheet ha.ckers.org/xss2.html © Shri Krishan Institute of Engineering & Technology, Kurukshetra (www.skiet.org) Page | 176