Ticket based Secure Authentication Scheme using ...

International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 2, February 2017

Ticket based Secure Authentication Scheme using NTRU Cryptosystem in Wireless Sensor Network Iqbaldeep Kaur1, Harnain kour 2, Dr. Amit Verma 1* 1

Associate Professor, Computer Science& Engineering, Chandigarh Engineering College, Landran, Punjab, India [email protected] 2 M. Tech. Research Scholar, Computer Science & Engineering, Chandigarh Engineering College, Landran, Punjab, India [email protected] 1* Professor and HOD, Computer Science& Engineering, Chandigarh Engineering College, Landran, Punjab, India [email protected]

Abstract Background/Objectives: From the ancient years, secret information is being shared in military affairs and diplomacy. With the advancements in technology, concept of wireless communication was introduced so that distance communication could be enhanced. As wireless sensor networks are more susceptible to vulnerable attacks, so there is the security concern for wireless communication. Methods/Statistical Analysis: In order to achieve security in Wireless Sensor Networks various protocols have been used to provide authentication and authorization of user nodes. Different studies are described and classified against other researches and results. While some of them focus on the secure encryption of user credentials, others deal with the secure handover process. Findings: In this paper, a security approach which uses AES algorithm and nth degree Truncated Polynomial Ring (NTRU) cryptography has been proposed. This security mechanism efficiently protects network from various attacks and also helps in authentication and authorization of user nodes locally and also even when they roam from one network to another. Encryption of user credentials is described using Advanced Encryption Standard (AES) and generation of tickets is described using NTRU cryptosystem. This proposed paper is developed in order to achieve protection against impersonation attacks and to implement Ticket Based Authentication Scheme with utilization of less time of user authentication during soft handover. Applications/Improvements: The implemented concept of NTRU & AES algorithm is further compared with the Elliptic Curve Cryptography (ECC) algorithm. In ECC approach, there were some security flaws due to which adversary nodes gets easy access to cluster heads through their port numbers and finally gain access to keys. NTRU algorithm which is lattice based alternative to ECC is more secure than ECC due to which it thwarts some known attacks easily. The implemented concept is compared to ECC approach based on the evaluation parameters of ‘Time Cost on gateway’, ‘Energy’ and ‘Transition Time’. Keywords— Advanced Encryption Standard, NTRU Cryptosystem, Wireless Sensor Network, User Authentication, Handover Authentication Protocol, Security Token. power duty etc 2. Wireless network mainly consists of three components namely mobile node, cluster head and main server for the handover communication. Mobile node is the registered user on the network who can access services by connecting to cluster head. Cluster head act as guarantor for assurance of user as an authentic subscriber. Main server is the base station that works as server to deploy cluster head and register agents by permitting keys. For the initialization of mobile communication, initially the mobile nodes and cluster head (CH) get registered on base station (main server). Main server generates a session key for the successful registration of network. While the movement of MN from one CH to another CH, there is always the authentication of MN via session key to ensure to authenticated access. During this

1. Introduction With the growing technology, human interaction is also growing towards the advanced wireless communication gadgets around the globe. Wireless sensor networks allows the wireless nodes to communicate on mobile networks with a sensor to sense, process and communicate without using any physical mean. WSN enables the human connectivity to outer world using these tiny sensors having better communication potential as compare to conventional ways 1. In wireless sensor networks, the number of nodes can vary from tens to thousands of nodes. The unique characteristics of wireless sensor network are dynamic network topology, mobility of nodes, heterogeneity of sensor nodes, redundant data acquisition, limited battery life, power constraints and low

55

https://sites.google.com/site/ijcsis/ ISSN 1947-5500


process, data is in the encrypted format is sent to another channel. The overall structure of wireless communication network 3 is shown in figure 1.

length as that of plaintext. In the similar manner, during decryption that encrypted data is concerted into plain text using the same secret key as used during the encryption. Asymmetric encryption is also known as public key encryption. In this strategy, there is availability of more than one key. Generally these keys are private and public keys. Public key is used during the encryption of plain text and their respective key used for their decryption is private key. Same public key can’t be used for the decryption of data.

Figure 1: Communication Authentication in Wireless Sensor Network

Due to this enhanced usage of wireless sensor network, there are abruptly growing the security attacks over the wireless communication network. As we know WSN has spatially distributed nodes often placed in unfavourable or unsafe environment. Hence, it is very challenging to monitor and defend each individual from physical or logical attacks. Also, nodes cannot securely communicate with a group of huge entities of the network due to its drawback of restricted memory for the storage of huge number of keys 4. Moreover, they are inherently prone to security attacks as nodes can easily be captured by intruder and their stored keys reused. Thus, in associated large networks, there might be network interruption due to partial key distribution. Attacks like impersonation attacks 5 are very common as wireless devices are not at the end of physical cable, it is then very problematic to identify such an attack taking place. Impersonation attack on CH allows client to feel as if it is connected to its own CH, and then easily gets access to client’s authentication related important information.

Figure 2: Symmetric and Asymmetric Key Encryption

As shown in figure 2, there is the existence of two types of encryption, symmetric key encryption and asymmetric key encryption. Further, Symmetric ciphers can be classified as block cipher and stream cipher. Block Cipher methods are Advanced Encryption Standard, Data Encryption Standard and Triple DES encryption. Stream cipher methods are one time PAD and Practical Stream Cipher 8.

To save the user’s important data from intrusion attack, there is the method of cryptography which is used when data is transferred from one communication channel to another 6. Cryptography involves the process of encryption and decryption of information/data. There are mainly two kinds of cryptography as mentioned: symmetric encryption and asymmetric encryption 7. The process of symmetric and asymmetric key encryption is shown in figure 2. Symmetric key encryption is also known as single key encryption. In single key encryption, the secret key is shared key between the sender and receiver. Encryption produces jumbled data for the given message called plaintext using the secret key. The produced encrypted data maintains the same

Figure 3: Different Types of Cryptography

On the other hand, asymmetric key encryption methods are RSA (Rivest, Shamir and Adleman), Diffie-Hellman Key

56



cryptosystems known, as it offers security in both aspects as encryption and digital signatures 15. On comparison of NTRU with RSA and ECC, the speedup is large and the security level of NTRU is much higher. NTRU has a speedup of three orders of magnitude compared to ECC and five orders of magnitude compared to RSA 16. A comparative analysis is shown in table 1.

Exchange, Elliptic Curve Cryptosystem and NTRU cryptosystem approach 9. These different categories of cryptosystem are shown in figure 3. From these types of cryptosystems, DES, AES, RSA, Elliptic curve cryptosystem and NTRU algorithm are most common used cryptosystem approaches. DES was the first cryptographic standard set by NIST for the encryption of data 10. At that time of late 70’s, bit size of 56bit was mentioned as the optimum size. This key size makes a search for all the possible 256 keys impractical. DES process consists of 16 rounds comprising of two operations: substitution and permutation, both of them are carried out under the control of a 56 bit key. The mapping process in DES maps 64 bit input block into a 64 bit output block. There are 8 octets for 64 bit key, but one bit in each of the 8 octets is used for odd parity. Further, competition is performed and AES (Advanced Encryption Standard) has set the place in NIST due to presence of variable length key of 128, 192 and 256 bit 11 .

Table 1: Comparative analysis of NTRU with RSA and ECC

Speed Up

Security

NTRU is 1300 times NTRU is 117 times faster than 2048 bit faster than ECC RSA NIST-224 NTRU adds an extra NTRU adds an extra factor of around 10 factor of around 400 for RSA (k= 256 for ECC (k= 256 bit) bit) Assuming O (N3) operations for RSA and ECC. N = Length of a message block.

AES which is symmetric block cipher is used in proposed work because when compared to RSA asymmetric cipher it is more efficient for communication network. Decryption in RSA on 2 GHz CPU takes 10ms for 2048-bit RSA and throughput 100*248=204,800 bits. So, if one uses large amount of files for encryption it becomes inept for today’s network which results in slow computation speed. Thus, symmetric one is faster by a factor of 1000 or so. The security levels according to different bit lengths 17 are shown in Table 2.

Further, Ron Rivest, Adi Shamir and Leonard Adleman of Massachusetts Institute of Technology have been credited with developing RSA in 1977, the most beautiful implementation of public key cryptography 12. It is a best public key cryptosystem. It is public key encryptions which use two keys i.e. public key and private key. In this encryption of plaintext is done with help of public key and can be undone back to plaintext by decrypting with help of private key. As computing power increases with the development in technology and associated with an unforeseen breakthrough in quantum computing, elliptic curve cryptography is gaining favor as an alternate to RSA for implementing public key Cryptography. Elliptic curves came after RSA and Diffie Hellman in 1985. Elliptic curve cryptosystems (ECC) 13 were invented by Neal Koblitz and Victor Miller in 1985. The study of elliptic curves is a vast subject, which can only be summarized here with brief mathematical consideration. As discrete logarithm problem is analogue to ECC it can be divided into two classes. First class: In this finite field is said to have odd characteristic i.e., a large prime number. Second class: In this the field is said to have characteristic 2.

Table 2: Bit lengths of public-key algorithms for different security levels

Algorithm Family Integer Factorizatio n Discrete Logarithm Elliptic Curves Symmetric Key

Cryptosyste ms RSA DH, DSA, Elgamal ECDH, ECDSA AES, 3DES

80

Security Levels 128 192 256

1024 bit

3072 bit

7680 bit

15360 bit

1024 bit 160 bit 80 bit

3072 bit 256 bit 128 bit

7680 bit 384 bit 192 bit

15360 bit 512 bit 256 bit

Due to above mentioned advantages of AES and NTRU algorithm, these are considered for the authentication handover communication. In WSN, there are two main problems as mentioned: Access Control and Key Establishment. To resolve both these problems, a concept has been proposed having an authentication scheme based on NTRU algorithm and access control scheme (user authentication) based on AES algorithm. In this paper key approach is on security of the nodes from various attacks and

The problem with elliptic curve algorithm is that during the handover authentication protocol, shared key is generated by access point which further gets shared with user because access point IP is visible as it is public and can be bypassed with little knowledge of Network 14. To resolve the issues with ECC, NTRU approach was proposed. NTRU approach is one of the fastest public-key

57



have proposed HashHand protocol by adding the merits of PairHand protocol, eliminating security vulnerability and introducing session key update mechanism. In HashHand protocol, security is maintained by features of key update, server authentication, subscription validation and key establishment. Overall HashHand protocol maintains security and shows efficient results as compare to PairHand protocol.

to afford and implement authentication scheme i.e. Ticket Based Authentication and access control. Rest of the section is described in the following manner: Section 2 describes the work related to handover authentication protocol, cryptosystem in WSN for the transaction of secure data/information. Section 3 discusses about the basic concepts of handover authentication protocol, Advanced Encryption Standard Algorithm and NTRU cryptosystem. Section 4 presents the AES and NTRU based implemented proposed concept. Section 5 describes the evaluated results with comparative analysis of the implemented concept with ECC approach based on the evaluation parameters of ‘Time Cost on gateway’, ‘Energy’ and ‘Transition Time’ and Section 6 concludes the paper.

Lee and Bonnin 23 have proposed a novel authentication approach of handover optimized ticket based authentication scheme. In this protocol, mobile node can reuse the credentials provided by authentication server during the handover access of different access point networks. The reuse of authentication credential simplifies the handover authentication and reduces the handover latency. Mapoka et al. 24 have proposed HOISKA approach for the high mobility mobile multicast. HOISKA is handover optimized authentication scheme based on independent session key per access network. Authors have developed this approach for decentralization of multi-service group key chain management scheme. HOISKA entail the reuse of initial issued access credentials to mobile nodes for the multicast multi-services. Kumar and Om 25 have proposed a fast authentication approach for the wireless local area networks. The considered protocol supports fast handover as it is based on mutual authentication that there is no any requirement of access from authentication server for mobile nodes due to use of two way handshake protocol.

2. Related Work For the successful transmission and authentication of data over the handover communication channels, different authors have implemented the possible approaches. Here security, privacy and efficiency aspects are analysed for the wireless sensor network. Different authors have used different approaches which are presented here. He et al. 18 have proposed a novel PairHand approach based on Handover Authentication Protocol. In PairHand approach, Bilinear Pairing based cryptographic security process is used that shows better efficiency due to incorporation of batch signature verification process. PairHand protocol is also resistance from DoS attacks as it supports light weight verification polynomial based approach. Further, authors 19 have enhanced the existing PairHand protocol in handover authentication method. Authors have identified the weakness in the existing PairHand approach and fixed the security issues without the loss of any other feature. Further in 2013, authors 20 have proposed the Handauth based approach that adds the privacy aspects in existing handover authentication protocol. In privacy terms, Handauth protocol provides session key establishment and user authentication. Authors have used AVISPA tool for the security analysis of proposed Handauth protocol. In 2015, authors 21 have identified the some security challenges in enhanced PairHand protocol. Authors have identified that existing protocol bears the problem of private key compromisation. To overcome this security issue, authors have proposed an ID based signature protocol (IBS). This protocol increases some computational costs but overcomes the security challenges of enhanced PairHand protocol. IBS protocol shows efficient results as compared with PairHand protocol on the basis of security and efficiency aspects. Further, authors 22 have proposed a novel HashHand named handover authentication protocol. Authors

Dongjiang et al. 26 have proposed an optimization algorithm to generate the large prime number. Dongjiang et al. improved pre-screening algorithm to get rid of most of odd composite numbers before the primality test. Authors have introduced the Fermat’s little theorem which can decrease the times of using pre-screening algorithm. At last, to make a final primality test authors have used Miller-Rabin algorithm and found the increase of speed of key generating by 38.2 and with the usage of Fermat’s little theory, the speed of key generation has been increased 66.8% finally. Bruce et al. 27 studied the concept of Mobile nodes which are used to support location-aware and ambient intelligence requirements. Wireless devices authors have used were for monitoring body parameters of patients. Fu et al. 28 have used the concept of Integrated WiMAX and Wi-Fi networks. Authors have presented the issues of seamless and secure handover in wireless networks. They concluded that all this significantly reduces the Handover authentication delay. When compared with the existing HO authentication schemes, there scheme has a simple authentication process which reduces the HO authentication delay and was secure against various attacks.

58



Chatterje et al. 29 described generation of a new session key for each session by using mutual authentication protocol based on timestamp in Wireless Sensor Network (WSN) which was major drawback of Lim et al. and proposed that timestamp based mutual authentication protocol scheme resist the major vulnerable attacks which enhances security during communication in WSN and requires light computational and communicational load. Authors have mentioned that their scheme has properties of the elliptic curve cryptosystems as it is based on ECC which has highest cryptographic strength per bit among the existing public-key cryptosystems. Saxena et al. 30 have used Elliptic Curve Point Multiplication Algorithm based on a binary sequence to build a Cryptographic algorithm with EAC to compute private key efficiently which was the downside of Chattterje et al. work. Authors have presented the main motivation behind Elliptic Curve Cryptography which is to find a Public Key Family which provides the same level of security as Discrete Log Systems or RSA but with shorter operands.

authentication with minimum delay. Handover process is a favourable access control technology in field of WSN 32. It consists of channel navigation process, authentication process, and recombination process. The Parameters for handover are Signal strength of BS it can hear, & one currently using and Capacity of channel & their usage.

3. Basic Concepts

Figure 4: Handover Authentication Protocol

This section describes the basic concepts of Handover Authentication Protocol, Advanced Encryption Standard algorithm and NTRU cryptosystem approach.

B. Advanced Encryption Standard Algorithm

A. Handover Authentication Protocol Authentication in network server ensures the authentic identity of nodes and their data transformation from authentic source. Authentication mechanism feature provide precaution against impression, replay attacks and forgery attacks. As per the security aspects of WSN, there are different challenges & requirements related to freshness, integrity, authorization, availability, non repudiation, data confidentiality and authentication. The key elements of handover authentication protocol are Authentication Server (AS), Access Point (AP) and Mobile Node (MN). Handover authentication protocol 31 ensures the secure transmission of data for registered Mobile Nodes (MN) on Authentication Server (AS) from one Access Point (AP1) to second Access Point (AP2) by establishing a session key between the MN and AP2. Initially, each MN is registered on AS with their identity and generated a secret key. Then, MN can connect with any AP using the authentic secret key and identity. Whenever, MN switch from one AP1 to another AP2, then AP2 authenticate MN and a session key is generated between the MN and AP2. This complete process is known as handover authentication protocol as shown in figure 2. Various researches have been conducted to process authentication prior to handover but they have lot of drawbacks in the authentication process considering handover. In this research work, the main focus on soft handover

59

Advanced Encryption standard is a variable key length based encryption algorithm. It was designed to replace the DES encryption algorithm due to some weakness of DES for the network attacks. AES was set as a standard encryption algorithm in 1997 by NIST during a competition with other available encryption techniques 33. Originally it was known by the name of Rijndael algorithm. AES encryption algorithm is fast and flexible as compare to DES due to its variable key length of 128, 192 and 256 bits. On the other hand, DES algorithm was based on Lucifier algorithm but to fixed key length it was insecure and gets exploited by many network attacks. To improve this 3DES standard was proposed having encryption level enhancement by 3 times. But on later stage that was also found to be much affected by network attacks. So, AES was proposed to enhance the encryption standard with variable key length. The specification of AES algorithm includes the sections of mathematical properties and algorithm specifications that cover the encryption, decryption, key expansion, keying restrictions and key length support. In AES algorithm, all the byte values can be defined as the concatenation of their respective bit values in the specified order of b7, b6…, b0. It can also be represented in the hexadecimal notation format or finite element format. All the bytes in AES algorithm are considered as finite field elements using the polynomial notation 34. Based on this, AES encryption and decryption processes are shown in figure 5 and figure 6.



Encryption involves the process of conversion of plain text into encrypted data. On the other hand, decryption process involves the inverted steps from the encryption process, Sequence of transformation may differ in decryption process as compare to encryption but in AES algorithm most of the sequences remains same as that of encryption.

Input Key

Key Expansion

Input block data Round = 0

C. NTRU Cryptosystem Approach NTRU is the abbreviated form of Nth degree truncated polynomial ring. It was invented in 1996 by three mathematicians J. Pipher, J.H. Silverman and J. Hoffstein 35. Complexity of Polynomial Multiplication is the major characteristics of NTRU approach. In 2009, NTRU approach was approved by IEEE standards. NTRU approach is quick cryptosystem approach as compare to ECC, RSA and El Gamal approaches.

Add Round Key

Round = n

Round = Round +1

No Sub Bytes

Yes

Output Encrypted block data

NTRU cryptosystem 36 approach includes the private key and public key generation process for the successful encryption and decryption of data. To encrypt the message, there is the need of public key ‘h’ and a random variable ‘r’ besides the message m. During the decryption of this ‘m’ message, private key is generated. This private key generation process is known as token/session key generation. This entire process is known as NTRU cryptosystem.

Shift Rows

Mix Columns (Except last round)

In the current work, Advanced Encryption Standard algorithm is used for the encryption of user credentials during data transaction from one user to another and NTRU cryptography has been considered for authentication and authorization of user nodes locally and also even when they roam from one network to another by the generation of session key (Ticket).

Figure 5: AES Encryption Process

Key

Cipher

4. Proposed Algorithm In the current work, a security mechanism is proposed that efficiently protects network from various attacks and also helps in authentication and authorization of user nodes locally and also even when they roam from one network to another. AES is considered for the encryption of user credentials and NTRU approach is used for the authentic handover transactions with the generation of tickets. The overall concept is discussed in three modules of Generation of Authentication Repository, Key Generation Phase and Key Exchange Session.

Key Expansion

Inverse Round Key

Inverse Sub Bytes

Inverse Add Round Key and Mix Columns

The initial phase deals with the generation of authentication repository. This step involves the consideration of authenticated users by registering them on Authentication

Plain Test Figure 6: AES Decryption Process

60



5.

Server. These users are considered as different Access Points for the handover authentication protocol.

6.

The second phase deals with key generation for the encryption and authentication of user nodes. This will embody to implement Key Server with implementation of NTRU to generate ticket. The encryption is implemented using AES algorithm to encrypt user credentials.

7.

8.

Third phase deals with Key exchange phase. The user will be verified based on authorization by matching its details with the details already saved in authentication repository.

9.

Module 1: Generation of Authentication Repository 1. 2. 3. 4. 5. 6. 7. 8. 9.

10.

Start Create the java user interface based key repository platform to register the users. Initially, register all the possible access points and mobile nodes as users in the authentication server. For each user, enter the details like user name, password and IP address as an authenticated user. Store all the entries into the repository so that registered users can be easily verified. Once user gets registered on authentication server, it will issue a token (session key) for each user. This generated list is stored in the repository as an array list with the option to view and delete clusters. Authentication repository list is generated. Stop.

11.

12.

13. 14. 15.

Module 3: Key Exchange Phase After the successful generation of public and private keys using NTRU and AES algorithm, communication is carried out between two users by key exchange phase. The communication between two users X1 and X2 with key exchange steps are defined below:

To store more users into the authentication repository above steps are repeated recursively. This authentication repository list is used to further check the authenticated users. It also helps to reduce the time complexity and eliminates the anonymous users in system.

1. 2.

Module 2: Key Generation Phase

3.

This module involves the generation of public and private key using NTRU algorithm. Private key is the NTRU signature file that user used while sending data to another user. Public key is the symmetric key distribution used to authenticate the user. The key generation steps are defined below: 1. 2. 3. 4.

AS creates the prime number set Pi and selects the largest Pi values with its Primitive root (Y). These values of Pi and Y are sent to user which is stored by mobile user. User creates any random number h and calculates the value of H with the formulation of ‘H = Yh mod Pi’ and sends the information to AS. On the other hand, AS create a random number g and evaluates ‘G = Yg mod Pi’ and sends to user. Mobile user generates the symmetric key using the value of H and g by the formulation of ‘SyKey = Hg mod Pi’. Then user send the SyKey to AS and requests for public and private keys. On the other hand, AS generates the symmetric key using the value of G and h by the formulation of ‘SyKey = Gh mod Pi’. AS generates the public and private keys using NTRU algorithm, encrypts them using AES algorithm and sends the encrypted keys as SyKey to user. User decrypts the SyKey and stores it. AS publishes the public key of mobile user in authentication repository. Stop

Start. User requests for the connection establishment to authentication server. Authentication Server (AS) establishes the mobile user by creating the session key (token) for mobile user. User sends the request for the symmetric key by sending his own information.

4. 5.

6.

7.

61

Start User X1 initiates the key exchange process by adding the X2 user to its possible contact user. Initially, user X1 evaluates the values of random variable ‘A’ by assuming some private key value of ‘a’ with the formulation of “A = g ^ a mod p” where g and p are the secret shared parameters defined by AS. User X1 starts the session with the request value of ‘A’ to user X2. User X2 either rejects the request or will accepts the request by sending the value of B having b as a private key value with the formulation of “B = g ^ b mod p”. During this process, there might be risk of another attacker user X3. To avoid this, user X1 will evaluate the value of another variable ‘K’ if the request of X1 will be accepted by X2. User X3 attacker can’t interrupt the communication as X3 is not aware about the value of private key variable value of ‘a’.



8. 9.

10.

11. 12. 13. 14.

User X1 will evaluates the value of ‘K’ with the formulation of “K = B ^ a mod p”. X1 will send the value of ‘K’ to X2 after encrypting their public key using AES which is registered on Authentication repository. If X1 receives the value from X2 with the formation value of “K = A ^ b mod p”. then it will further authenticate the X2 from authentication repository. X1 will use the secret key of X2 to encrypt the secret key and vice versa. Value of B’s secret key is used to encrypt public key of X2 and A’s secret key for X1. After the entire key exchange process, communication process will be started. Stop.

authentication repository and receives a token (session key) as an ackowlgement for the successful registration. During this end user handover communication, sender needs to generate private and public keys for the secure communiaction. In this approach, private and public keys are generated using NTRU algorithm. Then these keys are encrypted using AES approach and publishes its public key as a secure connection on Authentication repository. While the intiation of communication, sender send a message to receiver and checks its authenticity in the form of symmetric keys matching. If the receiver’s and sender’s key match found, then the process is considered as the authentic process and communication proceed. Else receiver/sender may reject the process.

The complete data flow for the handover communication and authentication is shown in the figure 7 to figure 9 in form of Level 0, Level 1 and Level 2 DFD (Data Flow Diagram).

Figure 7: Level 0 Data Flow Diagram

As shown in figure 7, DFD level 0 diagram has considered the end components as Sender and Receiver of communication process. Intiallialy sender registers itself in


62



Repository and establishes a connection on AS. Then, keys are generated for the communication with other user. Public key is considered as the shared key which is used for the initiation of communication after the successful matching of keys with another user while private encrypted key is generated to check the authenticity of another user. To avoid the intrusion attack in network, encryption of keys is considered. The entire communication process is same for level 0 and level 1 DFD, only difference is the explanation level. In level 1, concept is described in more explanatory manner. Figure 9 shows the DFD level 2, which is more explained format of concept as compare to level 0 and level 1 DFD. As shown in figure 9, Level 2 DFD includes the processes of ‘register itself on authentication server’, ‘session key generation’, ‘generate the public & private keys for secure communication’, ‘encryption of keys’, ‘authenticate the receiver’ and ‘check NTRU private key of receiver’. Sender starts the communication process by register itself on AS, then session key is generated for establishment of user in authentication repository. For the secure communication with other user, there is the need of public key to find the authentic existable user and private key for the secure communication. These keys are generated using NTRU approach and encrypted with AES. Once user gets verified then cluster head send new temporary session key (Ticket to join network) to user to join the network. For communication, matching of session key and public key are the initial parameters, further private encrypted key is used for secure communication with a secrete private key variable. In this way, the secure communication is process is carried out.

5. Experimental Results and Discussion The proposed concept is implemented with Java based Net Beans IDE 8.1 platform on a window based system having configuration of Intel (R) Core (TM) i7 CPU , 1 TB hard drive and 8GB of RAM. Here, the secure handover communication process is implemented with authentication approach using BTRU and AES approach. The performance of the implemented concept is evaluated based on the parameters of ‘Time Cost on gateway’, ‘Energy’ and ‘Transition Time’. A. Evaluation Parameters For the detection of performance of implemented concept, parameters of ‘Time Cost on gateway’, ‘Energy’ and ‘Transition Time’ have been considered. The basic definitions of evaluating parameters are as follows:


Figure 8 shows the DFD level 1. In level 1 DFD, there are the processes of ‘connection establishment on authentication server’, ‘public and private key generation using NTRU’, ‘encryption of keys using AES’ and ‘key exchange with receiver’. Initially, user gets registers on Authentication

1). Time cost on gateway: A wireless gateway is a networking hardware device that can route the packets from one network

63



to another. Packet routing can be in between the wired network connection or wireless network connection. In handover authentication protocol, packet transfer occurs in the mobile nodes. So, time cost on gateway can be defined as the time cost consumed to send the packets from one mobile node to another in wireless network. It depends upon how quickly foreign user registers on authentication repository.

Transition Time (in sec) 4 3 2 1

2). Transition Time: For handover authentication protocol, transition time is the time taken during the state transition. In other words we can say that it is the time taken to acquire the state of node from sleep to idle. It may vary based on the activeness of network.

0 ECC Approach

Implemented Concept

Figure 11: Comparative Analysis based on transition time

3). Energy Consumption: Energy consumption is the amount of energy consumed during the successful authentication and handover consumption. Its value depends upon the transition time. For the implemented concept, energy consumption is evaluated by considering a fixed time for comparative approaches.

Energy Consumption (in 3sec) 76% 74% 72%

In this implemented approach, end user handover communication is secured with NTRU approach and AES algorithm. For the current approach, the evaluated values of Time Cost on gateway, Transition Time and Energy consumption are 2000 ms, 2sec and 75% in 3s respectively.

70% 68% 66% ECC Approach

Implemented Concept

B. Comparative Analysis Figure 12: Comparative Analysis based on energy consumption

To check the efficiency of implemented secure communication protocol, a comparative analysis is presented with existing concept of Elliptic curve algorithm 37. For this comparison, evaluation parameters of Time Cost on gateway, Transition Time and Energy consumption are considered as shown in figure 10 to figure 12 respectively. From the comparative results, we can say that implemented concept is secure enough for handover authentication communication. In this approach, energy consumption is evaluated for the fixed time of 3s in network.

6. Conclusion Handover authentication protocol is the approach of communication between the mobile nodes. Due to wireless network, there might be security attacks from suspicious nodes. To make secure communication between the mobile nodes, there must be registration of access points and mobile nodes n authentication server. Also the connection should be secure and encrypted key based technique can be adapted. In this paper, a security approach using NTRU algorithm and AES algorithm is implemented. Token based NTRU mechanism is adapted to secure user authentication. Further, private nad public keys generated as per the concept of NTRU algorithm. Encryption of user credentials is described using Advanced Encryption Standard (AES). This security mechanism efficiently protects network from various attacks and also helps in authentication and authorization of user nodes locally and also even when they roam from one network to another. The implemented concept is compared to ECC approach based on the evaluation parameters of ‘Time Cost on gateway’, ‘Energy’ and ‘Transition Time’. The problem with elliptic curve algorithm is that during the handover

Time Cost on Gateway (in ms) 15000 10000 5000 0 ECC Approach

Implemented Approach

Figure 10: Comparative Analysis based on time cost on gateway

64



authentication protocol, shared key is generated by access point which further gets shared with user because access point IP is visible as it is public and can be bypassed with little knowledge of Network. The evaluated results show efficiency of the implemented concept for the considered evaluation parameters as compare to ECC approach.

[13]. Brown M, Hankerson D, López J, Menezes A. Software implementation of the NIST elliptic curves over prime fields. InCryptographers’ Track at the RSA Conference 2001 Apr 8 (pp. 250-265). Springer Berlin Heidelberg. [14]. Khurri A. Evaluating IP security and mobility on lightweight hardware. [15]. Gama N, Howgrave-Graham N, Nguyen PQ. Symplectic lattice reduction and NTRU. InAnnual International Conference on the Theory and Applications of Cryptographic Techniques 2006 May 28 (pp. 233-253). Springer Berlin Heidelberg. [16]. Hermans J, Vercauteren F, Preneel B. Speed records for NTRU. InCryptographers’ Track at the RSA Conference 2010 Mar 1 (pp. 73-88). Springer Berlin Heidelberg. [17]. Paar C, Pelzl J. Understanding cryptography: a textbook for students and practitioners. Springer Science & Business Media; 2009 Nov 27. [18]. He D, Chen C, Chan S, Bu J. Secure and efficient handover authentication based on bilinear pairing functions. IEEE Transactions on Wireless Communications. 2012 Jan;11(1):48-53. [19]. He D, Chen C, Chan S, Bu J. Analysis and improvement of a secure and efficient handover authentication for wireless networks. IEEE Communications Letters. 2012 Aug;16(8):1270-3. [20]. He D, Bu J, Chan S, Chen C. Handauth: Efficient handover authentication with conditional privacy for wireless networks. IEEE Transactions on Computers. 2013 Mar;62(3):616-22. [21]. He D, Khan MK, Kumar N. A new handover authentication protocol based on bilinear pairing functions for wireless networks. International Journal of Ad Hoc and Ubiquitous Computing. 2015 Jan 1;18(1-2):67-74. [22]. He D, Chan S, Guizani M. Handover authentication for mobile networks: security and efficiency aspects. IEEE Network. 2015 May;29(3):96-103. [23]. Lee JH, Bonnin JM. HOTA: Handover optimized ticket-based authentication in network-based mobility management. Information Sciences. 2013 May 1;230:64-77. [24]. Mapoka TT, Shepherd SJ, Abd-Alhameed R, Anoh KO. Handover Optimised Authentication Scheme for High Mobility Wireless Multicast. InModelling and Simulation (UKSim), 2015 17th UKSim-AMSS International Conference on 2015 Mar 25 (pp. 526531). IEEE.

REFERENCES [1].

Ortiz AM, Hussein D, Park S, Han SN, Crespi N. The cluster between internet of things and social networks: Review and research challenges. IEEE Internet of Things Journal. 2014 Jun;1(3):206-15. [2]. Rawat P, Singh KD, Chaouchi H, Bonnin JM. Wireless sensor networks: a survey on recent developments and potential synergies. The Journal of supercomputing. 2014 Apr 1;68(1):1-48. [3]. Fu A, Zhang Y, Zhu Z, Liu X. A fast handover authentication mechanism based on ticket for IEEE 802.16 m. IEEE Communications Letters. 2010 Dec;14(12):1134-6. [4]. Hu F, Sharma NK. Security considerations in ad hoc sensor networks. Ad Hoc Networks. 2005 Jan 31;3(1):69-89. [5]. Al Ameen M, Liu J, Kwak K. Security and privacy issues in wireless sensor networks for healthcare applications. Journal of medical systems. 2012 Feb 1;36(1):93-101. [6]. Stallings W. Cryptography and network security: principles and practices. Pearson Education India; 2006. [7]. Menezes AJ, Van Oorschot PC, Vanstone SA. Handbook of applied cryptography. CRC press; 1996 Oct 16. [8]. Singh G. A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications. 2013 Jan 1;67(19). [9]. Nichols RK, Lekkas PC. Wireless security. New York: McGraw-Hill; 2002. [10]. Coppersmith D. The Data Encryption Standard (DES) and its strength against attacks. IBM journal of research and development. 1994 May;38(3):243-50. [11]. Daemen J, Rijmen V. The design of Rijndael: AESthe advanced encryption standard. Springer Science & Business Media; 2013 Mar 9. [12]. Sarker MZ, Parvez MS. A cost effective symmetric key cryptographic algorithm for small amount of data. In9th International Multitopic Conference, IEEE INMIC 2005 2005 Dec 24 (pp. 1-6). IEEE.

65



[25]. Kumar A, Om H. A Secure Seamless Handover Authentication Technique for Wireless LAN. InInformation Technology (ICIT), 2015 International Conference on 2015 Dec 21 (pp. 43-47). IEEE. [26]. Dongjiang L, Yandan W. An Optimization Algorithm Of Rsa Key Generation In Embedded System. Journal of Theoretical & Applied Information Technology. 2012 Dec 15;46(1). [27]. Bruce N, Hwang GH, Lee HJ. A hybrid and fast authentication protocol for handoff support in ehealthcare systems among WSNs. InICT Convergence (ICTC), 2013 International Conference on 2013 Oct 14 (pp. 72-77). IEEE. [28]. Fu A, Zhang G, Zhu Z, Zhang Y. Fast and secure handover authentication scheme based on ticket for WiMAX and WiFi Heterogeneous networks. Wireless personal communications. 2014 Nov 1;79(2):1277-99. [29]. Chatterjee K, De A, Gupta D. A secure and efficient authentication protocol in wireless sensor network. Wireless Personal Communications. 2015 Mar 1;81(1):17-37. [30]. Saxena A, Saxena VP, Mal S, Agarwal K, Andhale M, Aware V, Chikmurge D, Palve A, Tamhane A, Iyer A, Mitkal A. Implementation of Fault Attacks on Elliptic Curve Cryptosystems. Reading.;1(1):0.

[31]. Islam SK, Khan MK. Provably secure and pairing‐free identity‐based handover authentication protocol for wireless mobile networks. International Journal of Communication Systems. 2014 Sep 1. [32]. Chaki N, Meghanathan N, Nagamalai D. Computer Networks & Communications (NetCom). New York, NY: Springer New York; 2013. [33]. Knudsen RA. Serpent: A proposal for the advanced encryption standard. InFirst Advanced Encryption Standard (AES) Conference, Ventura, CA 1998. [34]. Zhang X, Parhi KK. High-speed VLSI architectures for the AES algorithm. IEEE transactions on very large scale integration (VLSI) systems. 2004 Sep;12(9):957-67. [35]. Hoffstein J, Pipher J, Silverman JH. NTRU: A ringbased public key cryptosystem. InInternational Algorithmic Number Theory Symposium 1998 Jun 21 (pp. 267-288). Springer Berlin Heidelberg. [36]. Nayak R, Sastry CV, Pradhan J. A matrix formulation for NTRU cryptosystem. InNetworks, 2008. ICON 2008. 16th IEEE International Conference on 2008 Dec 12 (pp. 1-5). IEEE. [37]. Amin F, Jahangir AH, Rasifard H. Analysis of publickey cryptography for wireless sensor networks security. World Academy of Science, Engineering and Technology. 2014 Jul;41:529-34.

66
