Modified Elliptic Curve Digital Signature Algorithm (MECDSA) for ...

Download PDF
51 downloads 180108 Views 746KB Size Report
Comment
Official Full-Text Paper (PDF): Modified Elliptic Curve Digital Signature Algorithm (MECDSA) for Network Coding.
Modified Elliptic Curve Digital Signature Algorithm (MECDSA) for Network Coding Ninni Singh, Ashutosh Soni, Ankit Mundra and Ravideep Singh Department of Computer Science, Jaypee University of Information and Technology 173 234, India. e-mail: [email protected]

Abstract. In Computer networks environment communication plays a vital role. When two systems connected via internet communicate with each other by sending some messages, security becomes an important challenge. There are numbers of possible attacks have been identified i.e. pollution attacks, modification, impersonation, concrete attack etc. In literature several approaches have been proposed to resolve these security attacks. Although these approaches provide a mechanism to resolve the security attacks but have some drawbacks such as high communication and computation overhead, high bandwidth utilization, require more storage space. In order to overwhelm these drawbacks we have proposed a homomorphic signature based scheme which incorporate the elliptic curve digital signature algorithm with some modifications. Our Proposed approach provides the robust mechanism to resolve the possible security threats. We have evaluated the performance of our approach and shown a mathematical expression that shows how our proposed approach guards against various types of attack. Keywords: ECDSA, Pollution attack, Signature generation, Signature verification, Homomorphic signature, Elliptic curve; Domain parameter.

1. Introduction In computer network communication environment several security challenges are exists. In past years several approaches have proposed to overwhelm attacks like Pollution, modification, impersonation, packet drop, eavesdropping, and concrete (Jing Dong, Curtmola, R, Sethi, R and Nita-Rotaru 2008) [1]. In pollution attack the intruders intentionally injects corrupted packet in to the network and the intermediate node unknowingly forward this message. Intruder only inject one corrupted packet and it exploits other encoded packet. (Ahlswede R., Cai N., Li S. and Yeung R. 2000) [2] Suggest Network Coding which render high efficiency, improved throughput, scalability, security by introducing some intelligent mechanism i.e. it allows intermediate nodes to perform encoding operation on the received packet and then forward it. Network coding is proposed to achieve high data rate and throughput in a multicast network (S. Li, R. Yeung, and N. Cai 2003) [3]. This technique is quite different as compare to the traditional technique. In which only sender can encode the message and the other intermediate node create a copy of that message and forward it to the next intermediate node. However new techniques render many advantages but it also suffers from several security attacks. Traditionally cryptographic approach((Jing Dong, Curtmola, R, Sethi, R and Nita-Rotaru 2008) [1] is used in which packet size is increased by adding some verification code which ensure the legitimacy of the packet when it verified at receiver but this approach consume large bandwidth. (Christos Gkantsidis and Pablo Rodriguez Rodriguez 2003) [4]. M. Krohn et al., have [5] proposed homomorphic hash based scheme in which a secure channel is built between source and the intermediate node and through this channel source send hashed packet in the network. S. Jaggi, M. Langberg, S. Katti, T. Ho, D. Katabi, and M. M’eard 2007) [6,7] proposed a hash based authentication approach but both are not able to successfully detect the corrupted packets. Further, PARM which is a new homomorphic signature based scheme(Zhen Yu; Yawen Wei; Yong Guan 2008) [8] has been proposed which overcome the drawback of Ho and Jaggi i.e. intermediate nodes can able to detect corrupted packet and resilience against pollution attack. This approach has certain drawbacks i.e. they used RSA algorithm for key generation. The key size of RSA algorithm is large, large bandwidth and high computational efficiency. © Elsevier Publications 2014.

787

Ninni Singh, et al.

In our proposed approach we have incorporated the modified ECDSA scheme for encryption and signature. It is a homomorphic signature based scheme. In which source firstly generate key pair and with the help of its private key it not only generate signature using DSA algorithm but it also create a cipher text and send it to the next node. Intermediate nodes decode the packet using source public key and perform signature verification operation. If the incoming packet is successfully authenticated then this packet is further transmitted otherwise packet will be dropped. This paper is classified into five sections. In first section we have introduced the security challenges in network coding and the recent approaches to overcome those security challenges. In section second we have elaborated the ECDSA algorithm and our proposed approach which is modification of ECDSA. In section third we have shown the step wise execution of MECDSA on a butterfly network and mathematical expression of operations. Further, in section four we have shown the performance of MECDSA against several security attacks. Finally in section five we have conclude our paper along with future work. 2. Proposed Approach In our proposed approach we are using ECDSA [9–11] cryptographic signature based algorithm with some modification. This algorithm utilizes the advantage of both elliptic curve and digital signature algorithm. We have modified the ECDSA algorithm by adding encryption technique. Before going through our approach we have first elaborated the ECDSA algorithm. The entire process of ECDSA is performed in three phase i.e. • key generation • signature generation • signature verification 2.1 MECDSA Now we have elaborated the modified ECDSA algorithm i.e. MECDSA which also incorporates the encryption mechanism. Further, we have shown the step by step operation of our proposed approach. Step 1: Firstly source node generates its key pair i.e. public key and private key and also identified the domain parameters.

Step 2: after key generation source encrypt the message with the help of private key.

Step 3: After this source perform signature operation by passing the message to a hash function i.e. secure hash function 1 (SHA-1) and create a message digest. 788

© Elsevier Publications 2014.

Modified Elliptic Curve Digital Signature Algorithm (MECDSA) for Network Coding

Step 4: Then source node apply digital signature algorithm and with the private key source digitally sign the message packet. After this source concatenate the encrypted message with the signature generated and sends it to the next neighbour node. Step 5: After receiving the incoming packet receiver node retrieve the copy of the domain parameter that is set by the source and public key of the sender. Step 6: Then receiver node pass the received message from the hash function to authenticate the message packet.

Step 7: if there is a match of generated hash with the old hash value then the packet will be consider valid otherwise packet has drooped.

Step 8: Forwarder node receive packet from both the source after validation it perform EXOR operation on the received packet and then above operation is performed. 3. Execution of MECDSA In this section we have shown the step by step execution in MECDSA. Here we have considered a butterfly network of six nodes (shown in figure 1) and explain the proposed approach. Step 1: Let us assume source A contain message M and source B contain Message N. According to algorithm we first perform the encryption operation with help of private key of the source. When source A encrypts the message and generates cipher text C M . While source B encrypt the message and generate cipher text C N . © Elsevier Publications 2014.

789

Ninni Singh, et al.

Step 2: After encryption source generate the signature. It is generated by SHA-1 algorithm. When source generate the signature it produce S A and S B for source A and source B respectively. Then A and B transmit the encrypted digitally signed packet to the intermediate node C, E, F. Step 3: After received the incoming packet Node C verify the signature. After verification of S A and S B (during signature verification known as VS A , VS B ) it decrypt the received message D A , D B with the help of public key of node A and B and generate the messages A M and B N . Step 4: After decryption it perform EXOR operation on the received messages and encrypt the resultant message by its own private key and generate cipher message C M+N . And digitally signed the packet by signature SC and send it to the next forwarder i.e. D. Step 5: Now, node D receives the encrypted message and verifies the signature (VSC ) and decrypt the message using public key of node C. Step 6: After this Dencrypts the message using its own private key and generate the cipher message D M+N and digitally sign with signature S D and send it to the destination E and F. Step 7: After receiving message E and F first verify the signature VS D and after verification decrypt the message C M , D M+N , C N , D M+N respectively and generate (EXORED message of node A and B) AB M+N , (message of node A) M and (message of node) N. Then E and F perform the EXOR operation on the decrypted received message. And finally E and F receive the original message which is send by source A and B i.e. N and M at both nodes. 3.1 Mathematical expression Let assume there is only two node named A and C. Source A contain message m and willing to send to a node C then in that case the following whole scenario is performed. Now let assume a network of six nodes (figure 1) Step 1: Node A and B willing to send a message to the destination F and E respectively. To do this firstly they follow above Encryption and Signature generation phase.

Figure 1. Example of MECDSA.

790

© Elsevier Publications 2014.

Modified Elliptic Curve Digital Signature Algorithm (MECDSA) for Network Coding Table 1. Mathematical expression of operation perform on nodes.

Step 2: After receiving packets from node A and B. Node C undergo Signature verification. If the validity of the packet is true then it Undergo Decryption phase i.e. It decrypt the message that it received from node A and B. Step 3: Now After decryption it Perform EXOR operation on both the messages. (M A ⊕ M B ) E K C (M A ⊕ M B ) + SigC And repeat step 1 and 2 and send packets to node D. Step 4: At Node D it also undergo verification and decryption phase and sends the packet to node E and F by performing encryption and signing the packets. E K D (M A ⊕ M B ) + Sig D Step 5: At node E and F verification and decryption phase is performed. Since node E and F is the destination node both the node received message from A and B respectively and also from node D. Now they perform EXOR operation. Node E (M A ⊕ (M A ⊕ M B )) M A (M A ⊕ M B ) + M A (M A ⊕ M B ) M A (M A M B + M A M B ) + M A (M A ⊕ M B ) M A M B + M A (M A M B + M A M B ) M A M B + M A M B M B (M A + M A ) MB Node F similar operation is performed and it receives message M A . 4. Performance of MECDSA against Security Attack In this section we have consider the different test cases and shown how our proposed approach guard against various type of attacks. © Elsevier Publications 2014.

791

Ninni Singh, et al. Table 2. Performance of MECDSA against security attacks.

5. Conclusion In this paper we have shown the several possible attacks in network communication environment. We have proposed robust mechanism (MECDSA) which provides guard against those security attacks. Further, we have shown the execution of our proposed approach on a butterfly network and shown the performance of MECDSA against security attacks. We have shown that our approach provides high security. In future we will study our approach on real time scenario of network communication. References [1] Jing Dong, R. Curtmola, R. Sethi and Nita-Rotaru, “Toward secure network coding in wireless networks: Threats and challenges”, (Secure Network Protocols, 2008. NPSec 2008. 4th Workshop), 19 October (2008). [2] R. Ahlswede, N. Cai, S. Li and R. Yeung, “Network information flow”, (IEEE Transactions on Information Theory), vol. 46, issue 4, July (2000). [3] S. Li, R. Yeung and N. Cai, “Linear network coding” (In IEEE Transactions on Information Theory), vol. 49, issue 2, (2003). [4] Christos Gkantsidis and Pablo Rodriguez Rodriguez, “Cooperative security for network coding file distribution”, (In Proc IEEE INFOCOM), (2006). [5] M. Krohn, M. Freeman and D. Mazieres, “On-the-fly verification of rateless erase codes for efficient content distribution”, (IEEE Symposium on Security and Privacy), (2004). [6] T. Ho, B. Leong, R. Koetter, M. M’eard, M. Effros and D. Karger, “Byzantine modification detection in multicast networks using randomized network coding”, (IEEE International Symposium on Information Theory (ISIT)), (2004). [7] S. Jaggi, M. Langberg, S. Katti, T. Ho, D. Katabi and M. M’eard, “Resilient network coding in the presence of by zantine adversaries”, (IEEE INFOCOM), (2007). [8] Zhen Yu, Yawen Wei and Yong Guan, “An efficient signature based scheme for securing network coding against pollution attack”, (IEEE INFOCOM), (2008). [9] Aqeel Khalique, Kuldeep Singh and Sandeep Sood, ”Implementation of elliptic curve digital signature algorithm”, (International Journal of Computer Applications), vol. 2, issue 2, May (2010). [10] D. B. Johnson, and A. J. Menezes, “Elliptic curve DSA (ECDSA) an enhanced DSA”, (Scientific Commons), (2007). [11] Ankit Mundra, Nitin Rakesh and Vipin Tyagi, “Query centric CPS (QCPS) approach for multiple heterogeneous systems”, arXiv preprint arXiv:1306.6397, (2013).

792

© Elsevier Publications 2014.