stream cipher based user authenti-cation technique in ...

19 downloads 5013 Views 997KB Size Report
May 12, 2014 - plain text using Stream Cipher and generation of digital signature using Elliptic Curve Digital Signature Algorithm. (ECDSA). Figure 3. Class ...
Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)

STREAM CIPHER BASED USER AUTHENTI-CATION TECHNIQUE IN E-GOVERNANCE TRANSACTIONS Abhishek Roy, Research Scholar, Dept. of Comp. Sc., The University of Burdwan, W.B, INDIA 713104. Email: [email protected] Sunil Karforma, Assoc. Prof., Dept. of Comp. Sc.,The University of Burdwan, W.B, INDIA 713104. Email: [email protected]

Abstract Being an Information and Communication Technology (ICT) based electronic mechanism, E-Governance is very much susceptible to infringement attempts mounted by the attacker. In order to make it a Citizen centric good governance mechanism, the user authentication technique during EGovernance transactions must be deployed very securely. With the objective to provide good governance to the Citizenry, we have already proposed a Citizen centric multivariate electronic smart card based E-Governance mechanism. To further validate our proposed mechanism, in this paper we have performed the user authentication technique using stream ciphers during C2G type of transactions in the context of object oriented software engineering approach. Keywords: E-Governance, C2G, User Authentication, Stream cipher.

1. Introduction

Oriented Software Engineering (OOSE) approach for user authentication [3, 7, 9] in our proposed mechanism. Conclusion drawn from the entire discussion is mentioned in Section – 5. Finally the references are listed at the last of this paper.

2. Background of Stream Ciphers. Stream Cipher is a type of Symmetric Cryptography, whose features are stated below – a. In this method, individual bit-wise encryption of the plain text is done. This is performed by adding a key stream bit with a plain text bit. The encryption and decryption technique using stream ciphers may be stated as below – Each plain text bit xi is encrypted by adding a secret key stream bit si modulo 2. Let the plain text, cipher text and the key stream may be represented as individual bits in following manner : xi, yi, si ∈ {0,1} i. Encryption : yi = esi (xi ) ≡ xi + si mod 2, where e( ) represents encryption function. ii. Decryption : xi = dsi (yi ) ≡ yi + si mod 2, where d( ) represents decryption function. In the entire process, the encryption function e( ) and decryption function d( ) are same because they have to produce the same plain text bit xi ,which is explained as below From (i) and (ii), we can derive : dsi (yi ) ≡ yi + si mod 2 ≡ (xi + si ) + si mod 2 ≡ xi + si + si mod 2 ≡ xi + 2si mod 2 ≡ xi + 0 mod 2 ≡ xi mod 2 Q.E.D. Thus, the conceptual diagram of the stream cipher based encryption and decryption process may be shown as below –

Being an Information and Communication Technology (ICT) based electronic mechanism, E-Governance is very much susceptible to infringement attempts mounted by the attacker. In order to make it a Citizen centric good governance mechanism, the user authentication technique during EGovernance transactions must be deployed very securely. With the objective to provide good governance to the Citizenry, we have already proposed a Citizen centric multivariate electronic smart card based E-Governance mechanism. To further validate our proposed mechanism, in this paper we have performed the user authentication technique using stream ciphers during C2G type of transactions in the context of object oriented software engineering approach. Section – 2 contains the background of stream ciphers. Section – 3 contains a brief literature survey on application of stream ciphers [16] in various electronic mechanisms. Section – 4 discusses the origin of research work which leads to the design of Citizen centric multivariate electronic smart card based EFigure 1. Conceptual diagram for encryption and decryption Governance [1, 2, 4, 5, 6, 8, 10, 11, 12, 13, 14, 15] mechanism using Stream Cipher in C2G type of E-Governance transaction and the application of stream ciphers in the context of Object ISSN: 2321-2667 Volume 3, Issue 3, May 2014 31

Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE) Fig – 1 shows that, Citizen encrypts the plain text bit xi using secret key stream bit si to generate the cipher text bit yi, and Government decrypts the cipher text bit yi using secret key stream bit si to retrieve the plain text bit xi. Fig – 1 also shows that this conversion from plain text to cipher text and vice versa, is done through XOR operations, which is represented by Modulo 2 addition in (i) and (ii). Thus, in this way the Citizen and Government can communicate with each other securely, to transmit classified information using Stream Ciphers through insecure communication channel like Internet.

devices, which shows stream ciphers perform better than block ciphers in this aspect [25]. Since no encryption algorithm is full proof in nature, researchers have also conducted fault analysis on stream ciphers used for backup encryption purpose in mobile phone UMTS technology to ensure data confidentiality [26], which ultimately explores the way for further enhancements using this symmetric key cryptographic security protocol.

c. In case of Synchronous Steam Ciphers, the key stream bits depends only on the key.

Encouraged by the above mentioned research works, we have applied the stream ciphers in our proposed E-Governance mechanism to impose user authentication technique through Object Oriented Software Engineering (OOSE) approach which is discussed in the next section of this paper.

d. In case of Asynchronous Stream Ciphers, the key stream bits also depends on the cipher text.

4. Proposed E-Governance mechanism

e. Since, this technique is mainly useful for performing fast encryption and decryption process over applications having limited computational capacities, we have applied it in our proposed E-Governance mechanism. That means, in case of software implementation, this technique uses less processor instructions, whereas in case of hardware implementation, this technique uses less logic gates i.e smaller chip area.

In this section we have explained the origin of our research work and presented our proposed Citizen centric electronic smart card based E-Governance mechanism.

Considering the benefits of Stream Ciphers, various researchers have already used it in their applications, which is further clarified through the following brief literature survey.

As the Citizen are the ultimate beneficiaries of the administration, to design an efficient E-Governance mechanism, its designers must understand the requirements of the Citizen. In INDIA, civilians are suffering due to the menace of hybrid governance, which mostly comprises of conventional pattern incorporated with electronic pattern in a very unplanned manner. The situation have become so much critical that the Citizen are bound to carry various digital identities to justify their identity during various transactions, which mostly comprises of common parameters of an individual. Though Government is spending huge amount of money to provide unique identity to the Citizen through the launch of several identity instruments, yet it failed to identify an individual as a whole with a single identification number irrespective of its nomenclature. As a result an individual is having unique identification number with reference to that particular nomenclature only. Each time Government is launching a new identity system, it is only adding to the existing count, with non so ever having the provision for electronic mode of financial transactions. On the other hand the Citizen are also forced to carry several smart cards like Debit Cards, Credit Cards, issued by the banks to its customers for performing financial transactions. To sum up, in this present situation Citizen have to carry all the identity instruments and the smart cards provided by Government, several banking houses, and other co-realted sectors. Hence, the attackers have an appropriate platform to materialize their

b. Stream Ciphers can be further distinguished as Synchronous Stream Ciphers and Asynchronous Stream Ciphers.

3. Literature survey on Stream Ciphers The application of Stream Ciphers for implementation of user authentication is not new approach as researcher have already used it in their specific applications to propose a secure user authentication protocol with one time password [17]. This technique is famous for implementation of user authentication protocols in the field of wireless communication, like Global System for Mobile communication (GSM) [18, 19]. Even, researchers have used these stream ciphers to proposed new secure algorithm for image encryption for communication through insecure medium like Internet [20, 22, 23]. Furthermore to increase the security of digital image, researchers have also combined the block ciphers with the stream ciphers to propose a hybrid security protocol [21]. Even, the researchers have also made a performance comparison analysis w.r.t energy efficiency, between the block ciphers and the stream ciphers to choose the suitable approach as per the requirements [24], which pave the way for further enhancements in this field. Apart from this, comparison have also been done between stream ciphers and block ciphers w.r.t CPU usage time for implementation of network security during wireless communication using mobile ISSN: 2321-2667

I. Origin of research work.

Volume 3, Issue 3, May 2014

32

Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE) ill-intentions as a Citizen can be addressed by multiple identification numbers and smart cards for various governmental transactions.

III. User authentication technique using Stream Ciphers.

II. Proposed model.

We have used Stream Ciphers to perform user authentication during C2G type of transactions using our proposed EGovernance mechanism. In this application we have used Stream Ciphers to perform encryption of the plain text and Elliptic Curve Digital Signature Algorithm (ECDSA) to generate the signatures. Figure – 3 shows that Class CITIZEN represents the Citizen and Class GOVERNMENT represents the Government. The Citizen performs the encryption of the plain text using Stream Cipher and generation of digital signature using Elliptic Curve Digital Signature Algorithm (ECDSA).

To get rid of these problems, we have already proposed a Citizen centric multivariate electronic smart card based EGovernance mechanism which will perform all transactions and will provide unique identity to an individual irrespective of its nomenclature. The schematic diagram of our proposed Multipurpose Electronic Card (MEC) based E-Governance mechanism is as follows –

Figure 2. Schematic diagram of proposed smart card based EGovernance mechanism during C2G type of transactions

Figure – 2 shows that, using this proposed Multipurpose Electronic Card (MEC), the Citizen can perform various electronic transactions with banks, education institutions, health services, employers, etc very efficiently. However, for successful implementation of our proposed E-Governance mechanism, its user authentication technique must be installed very strictly so as to defend the entry of attacker within the system at the initial stage and reduce the risk of the entire operations. We have implemented the user authentication technique in our system using Stream Ciphers in the context of Object Oriented Software Engineering (OOSE) approach, which is discussed further in this section.

ISSN: 2321-2667

Figure 3. Class CITIZEN and GOVERNMENT in Object Oriented Modeling (OOM) of Stream Ciphers

explanation of our application is as follows –

Step 1 – Start. Step 2 – Citizen initiates the C2G type of E-Governance transaction and inputs information using INPUT( ) method. Step 3 – Citizen further encrypts the information using Stream Ciphers by calling the member method encrypt( ). Step 4 – Citizen impose digital signature using the Elliptic Curve Digital Signature Algorithm (ECDSA) by calling the member methods command_generate( ) and command_sign( ). Step 5 – Citizen transmit the cipher text to the Government.

Volume 3, Issue 3, May 2014

33

Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE) Step 6 – Government decrypts the cipher text using the member method decrypt( ). Step 7 – Government verifies the digital signature of the transmitted message using the member method command_verify( ). Step 7.1 – In case of successful verification of the digital signature, the message communication is defined as valid, and program proceeds towards Step – 8. Step 7.2 – In case of unsuccessful verification of the digital signature, the message communication is defined as invalid. Step 8 – Stop. The role of the important functions within our above mentioned application is shown further in Figure – 4.

Figure 4. Message passing during Object Oriented Modeling (OOM) of Stream Ciphers in our proposed model

The sample outputs obtained during our application are shown in Figure – 5 and Figure – 6 respectively. Figure – 5 shows successful message communication using valid signature, whereas Figure – 6 shows unsuccessful message communication due to tampered signature.

5. Conclusion In the above discussion we have shown the use of Stream Ciphers for authentication of users during transactions using our proposed Citizen centric multivariate electronic smart card based E-Governance mechanism. The main objective of our software based cryptosystem was to simulate the user authentication technique in the context of real world scenario. However, there are huge scope for enhancements in the object orientation of the application. As the future scope of this ISSN: 2321-2667

research work, we will consider to improve the object oriented approach to enhance the security features of this application.

References [1] Abhishek Roy, Sunil Karforma, Coupling and cohesion analysis for implementation of authentication in E-Governance, ACEEE Conference Proceedings Series 02, Fourth International Joint Conference - Advances in Engineering and Technology (AET) 2013, December 13-14, 2013 (Elsevier), Pp: 544-554, Organized by: The Association of Computer Electronics and Electrical Engineer (ACEEE), The Association of Mechanical and Aeronautical Engineers (AMAE), The Association of Civil and Environmental Engineers (ACEE), Sponsored by : Indian Society for Technical Education (ISTE), NCR, INDIA. ISBN 978-93-5107-193-8. [2] Abhishek Roy, Sunil Karforma, Object oriented metrics analysis for implementation of authentication in smart card based EGovernance mechanism, Researchers World – Journal of Arts, Science and Commerce, October 2013, Volume – IV Issue – 4(2) Pp: 103 – 109 Print ISSN 2231-4172 Online ISSN 2229-4686. [3] Sumita Sarkar, Abhishek Roy, Survey on Biometric applications for implementation of authentication in smart Governance, Researchers World – Journal of Arts, Science and Commerce, October 2013, Volume – IV Issue – 4(1) Pp: 103 – 114, Print ISSN 2231-4172 Online ISSN 2229-4686. [4] Abhishek Roy, Sunil Karforma, Subhadeep Banik, Implementation of authentication in E-Governance – An UML Based Approach, Book published by LAP Lambert Academic Publishing 2013 1 Ed, Germany, ISBN 978-3-659-41310-0 [5] Abhishek Roy, Sunil Karforma, UML based modeling of ECDSA for secured and smart E-Governance system, Computer Science & Information Technology (CS & IT - CSCP 2013), Proceedings of National Conference on Advancement of Computing in Engineering Research (ACER13) organized by Global Institute of Management and Technology, March 22 - 23, 2013, Pp: 207 - 222, ISSN 2231 - 5403, ISBN 978-1-921987-11-3, DOI: 10.5121/csit.2013.3219 [6] Abhishek Roy, Sunil Karforma, Object Oriented approach of Digital certificate based E-Governance mechanism, ACEEE Conference Proceedings Series 03, International Conference on IPC&ITEeL ACT&CIIT CENT&CSPE 2012 Proceedings, December 03-04, 2012 (Elsevier), Pp: 380-386, Organized by: The Association of Computer Electronics and Electrical Engineer (ACEEE), Chennai, INDIA. ISBN 978-93-5107-194-5. [7] Abhishek Roy, Sunil Karforma, A Survey on digital signatures and its applications, Journal of Computer and Information Technology Vol: 03 No: 1 & 2, August 2012 Pp- 45-69, ISSN 22293531. [8] Anamul Hoda, Abhishek Roy, Sunil Karforma, Application of ECDSA for security of transaction in E-Governance, Proceedings of Second National Conference on Computing and Systems - 2012 (NaCCS - 2012) organized by the Department of Computer Science, The University of Burdwan, March 15 - 16, 2012, 1st Edition - 2012, Pp: 281-286, ISBN 978-93-80813-18-9. [9] Sumita Sarkar, Abhishek Roy, A Study on Biometric based Authentication, Proceedings of Second National Conference on Computing and Systems - 2012 (NaCCS - 2012) organized by the Department of Computer Science, The University of Burdwan, March 15 - 16, 2012, 1st Edition - 2012, Pp: 263-268, ISBN 978-9380813-18-9. [10] Abhishek Roy, Sumita Sarkar, Joydeep Mukherjee, Arindom Mukherjee, Biometrics as an authentication technique in EGovernance security, Proceedings of UGC sponsored National

Volume 3, Issue 3, May 2014

34

Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE) Conference on “Research And Higher Education In Computer Science And Information Technology, RHECSIT-2012” organized by the Department of Computer Science, Sammilani Mahavidyalaya in collaboration with Department of Computer Science and Engineering, University of Calcutta, February 21 – 22, 2012, Vol: 1, Pp:153-160, ISBN 978-81-923820-0-5. [11] Abhishek Roy, Sunil Karforma, Risk and Remedies of EGovernance Systems, Oriental Journal of Computer Science & Technology (OJCST), Vol: 04 No:02, Dec 2011 Pp- 329-339. ISSN 0974-6471. [12] Abhishek Roy, Subhadeep Banik, Sunil Karforma, Object Oriented Modelling of RSA Digital Signature in E-Governance Security, International Journal of Computer Engineering and Information Technology (IJCEIT), Summer Edition 2011, Vol 26 Issue No. 01, Pp: 24-33, ISSN 0974-2034. [13] Abhishek Roy, Sunil Karforma, A Survey on EGovernance Security, International Journal of Computer Engineering and Computer Applications (IJCECA). Fall Edition 2011, Vol 08 Issue No. 01, Pp: 50-62, ISSN 0974-4983. [14] Abhishek Roy, Subhadeep Banik, Sunil Karforma, Jayanta Pattanayak, Object Oriented Modeling of IDEA for E-Governance Security, Proceedings of International Conference on Computing and Systems 2010 (ICCS 2010), November 19-20, 2010, Pp: 263-269, Organized by: Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 93-80813-01-5. [15]. Chayan Sur, Abhishek Roy, Subhadeep Banik, A Study of the State of E-Governance in India, Proceedings of National Conference on Computing and Systems 2010 (NACCS 2010), January 29, 2010, Pp: a-h, Organized by : Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 8190-77417-4. [16]. C. Paar, J. Pelzl, Understanding Cryptography, Springer (2010), DOI 10.1007/978-3-642-04101-3_2, http://www.springer.com/cda/content/document/cda_downloaddocum ent/9783642041006-c1.pdf?SGWID=0-0-45-834114-p173938012 Accessed on : May 12, 2014. [17]. Davaanaym, B.; Young Sil Lee; HoonJae Lee; Sanggon Lee; HyoTeak Lim, "A Ping Pong Based One-Time-Passwords Authentication System," INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on , vol., no., pp.574,579, 25-27 Aug. 2009 doi: 10.1109/NCM.2009.247 [18]. Chi-Chun Lo; Yu-Jen Chen, "Secure communication mechanisms for GSM networks," Consumer Electronics, IEEE Transactions on , vol.45, no.4, pp.1074,1080, Nov 1999 doi: 10.1109/30.809184 [19]. Chi-Chun Lo; Yu-Jen Chen, "A secure communication architecture for GSM networks," Communications, Computers and Signal Processing, 1999 IEEE Pacific Rim Conference on , vol., no., pp.221,224, 1999 doi: 10.1109/PACRIM.1999.799517 [20]. Ginting, R.U.; Dillak, R.Y., "Digital color image encryption using RC4 stream cipher and chaotic logistic map," Information Technology and Electrical Engineering (ICITEE), 2013 International Conference on , vol., no., pp.101,105, 7-8 Oct.2013,doi: 10.1109/ICITEED.2013.6676220 [21]. Goumidi, D.E.; Hachouf, F., "Hybrid chaos-based image encryption approach using block and stream ciphers," Systems, Signal Processing and their Applications (WoSSPA), 2013 8th International Workshop on , vol., no., pp.139,144, 12-15 May 2013,doi: 10.1109/WoSSPA.2013.6602351 [22]. Aissa, B.; Nadir, D.; Mohamed, R., "Image encryption using stream cipher algorithm with nonlinear filtering function," High Performance Computing and Simulation (HPCS), 2011 International Conference on , vol., no., pp.830,835, 4-8 July 2011 doi: 10.1109/HPCSim.2011.5999916

ISSN: 2321-2667

[23]. Rengarajaswamy, C.; Rosaline, S.I., "SPIRT compression on encrypted images," Information & Communication Technologies (ICT), 2013 IEEE Conference on , vol., no., pp.336,341, 11-12 April 2013 doi: 10.1109/CICT.2013.6558116 [24]. Xueying Zhang; Heys, H.M.; Cheng Li, "Energy efficiency of symmetric key cryptographic algorithms in wireless sensor networks," Communications (QBSC), 2010 25th Biennial Symposium on , vol., no., pp.168,172, 12-14 May 2010 doi: 10.1109/BSC.2010.5472979 [25]. Sharif, S.O.; Mansoor, S.P., "Performance analysis of stream and block cipher algorithms," Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on , vol.1, no., pp.V1-522,V1-525, 20-22 Aug. 2010 doi: 10.1109/ICACTE.2010.5578961 [26]. Debraize, B.; Corbella, I.M., "Fault Analysis of the Stream Cipher Snow 3G," Fault Diagnosis and Tolerance in Cryptography (FDTC), 2009 Workshop on , vol., no., pp.103,110, 6-6 Sept. 2009 doi: 10.1109/FDTC.2009.33

Biographies Abhishek Roy: The author is currently pursuing his Ph.D. Degree in Computer Science from The University of Burdwan, W.B, INDIA. His research topic is implementation of information security in E-Governance. Previously he had done B.Sc in Information Technology (Hons) and M.Sc in Computer Technology from The University of Burdwan. He have more than six years of professional experience in the arena of computer science and have several research paper publication in various reputed international journals. He is associated with several research societies as their Life Member. Apart from this, he is also associated with several international journals as their Editorial / Reviewer Board Member. He finds his research interest in Information Security, Cryptography and E-Governance. For further details, please visit the following website: http://abhishekroy.wix.com/home Email: [email protected] Dr. Sunil Karforma: The co-author had received his Bachelor and Master degree in Computer Science & Engineering from the Jadavpur University and presently working as an Associate Professor under Dept. of Computer Science at The University of Burdwan, W.B, INDIA 713104. He had published several research papers in reputed international and national platforms. His research interest includes E-Governance, E-Commerce, Information Security, etc. For further details please contact at : [email protected]

Volume 3, Issue 3, May 2014

35

Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)

Figure 5. Valid Signature

ISSN: 2321-2667

Volume 3, Issue 3, May 2014

36

Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)

Figure 6. Inalid Signature

ISSN: 2321-2667

Volume 3, Issue 3, May 2014

37