Upload
buruniv
View
0
Download
0
Embed Size (px)
Citation preview
ISSN: 2321-2667 Volume 3, Issue 3, May 2014 31
Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)
STREAM CIPHER BASED USER AUTHENTI-CATION
TECHNIQUE IN E-GOVERNANCE TRANSACTIONS Abhishek Roy, Research Scholar, Dept. of Comp. Sc., The University of Burdwan, W.B, INDIA 713104. Email: [email protected]
Sunil Karforma, Assoc. Prof., Dept. of Comp. Sc.,The University of Burdwan, W.B, INDIA 713104. Email: [email protected]
Abstract
Being an Information and Communication Technology (ICT)
based electronic mechanism, E-Governance is very much
susceptible to infringement attempts mounted by the attacker.
In order to make it a Citizen centric good governance
mechanism, the user authentication technique during E-
Governance transactions must be deployed very securely.
With the objective to provide good governance to the
Citizenry, we have already proposed a Citizen centric
multivariate electronic smart card based E-Governance
mechanism. To further validate our proposed mechanism, in
this paper we have performed the user authentication
technique using stream ciphers during C2G type of
transactions in the context of object oriented software
engineering approach.
Keywords: E-Governance, C2G, User Authentication, Stream
cipher.
1. Introduction
Being an Information and Communication Technology (ICT)
based electronic mechanism, E-Governance is very much
susceptible to infringement attempts mounted by the attacker.
In order to make it a Citizen centric good governance
mechanism, the user authentication technique during E-
Governance transactions must be deployed very securely.
With the objective to provide good governance to the
Citizenry, we have already proposed a Citizen centric
multivariate electronic smart card based E-Governance
mechanism. To further validate our proposed mechanism, in
this paper we have performed the user authentication
technique using stream ciphers during C2G type of
transactions in the context of object oriented software
engineering approach.
Section – 2 contains the background of stream ciphers. Section
– 3 contains a brief literature survey on application of stream
ciphers [16] in various electronic mechanisms. Section – 4
discusses the origin of research work which leads to the design
of Citizen centric multivariate electronic smart card based E-
Governance [1, 2, 4, 5, 6, 8, 10, 11, 12, 13, 14, 15] mechanism
and the application of stream ciphers in the context of Object
Oriented Software Engineering (OOSE) approach for user
authentication [3, 7, 9] in our proposed mechanism.
Conclusion drawn from the entire discussion is mentioned in
Section – 5. Finally the references are listed at the last of this
paper.
2. Background of Stream Ciphers.
Stream Cipher is a type of Symmetric Cryptography, whose
features are stated below –
a. In this method, individual bit-wise encryption of the plain
text is done. This is performed by adding a key stream bit with
a plain text bit. The encryption and decryption technique using
stream ciphers may be stated as below –
Each plain text bit xi is encrypted by adding a secret key
stream bit si modulo 2. Let the plain text, cipher text and the
key stream may be represented as individual bits in following
manner : xi, yi, si ∈ {0,1}
i. Encryption : yi = esi (xi) ≡ xi + si mod 2, where e( )
represents encryption function.
ii. Decryption : xi = dsi (yi) ≡ yi + si mod 2, where d( )
represents decryption function.
In the entire process, the encryption function e( ) and
decryption function d( ) are same because they have to
produce the same plain text bit xi ,which is explained as below
From (i) and (ii), we can derive :
dsi (yi) ≡ yi + si mod 2 ≡ (xi + si) + si mod 2 ≡ xi
+ si + si mod 2 ≡ xi + 2si mod 2 ≡ xi + 0 mod 2 ≡ xi
mod 2 Q.E.D.
Thus, the conceptual diagram of the stream cipher based
encryption and decryption process may be shown as below –
Figure 1. Conceptual diagram for encryption and decryption
using Stream Cipher in C2G type of E-Governance transaction
Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)
ISSN: 2321-2667 Volume 3, Issue 3, May 2014 32
Fig – 1 shows that, Citizen encrypts the plain text bit xi using
secret key stream bit si to generate the cipher text bit yi, and
Government decrypts the cipher text bit yi using secret key
stream bit si to retrieve the plain text bit xi. Fig – 1 also shows
that this conversion from plain text to cipher text and vice versa, is done through XOR operations, which is represented
by Modulo 2 addition in (i) and (ii). Thus, in this way the
Citizen and Government can communicate with each other
securely, to transmit classified information using Stream
Ciphers through insecure communication channel like Internet.
b. Stream Ciphers can be further distinguished as Synchronous
Stream Ciphers and Asynchronous Stream Ciphers.
c. In case of Synchronous Steam Ciphers, the key stream bits
depends only on the key.
d. In case of Asynchronous Stream Ciphers, the key stream
bits also depends on the cipher text.
e. Since, this technique is mainly useful for performing fast
encryption and decryption process over applications having
limited computational capacities, we have applied it in our
proposed E-Governance mechanism. That means, in case of
software implementation, this technique uses less processor
instructions, whereas in case of hardware implementation, this
technique uses less logic gates i.e smaller chip area.
Considering the benefits of Stream Ciphers, various
researchers have already used it in their applications, which is
further clarified through the following brief literature survey.
3. Literature survey on Stream Ciphers
The application of Stream Ciphers for implementation of user
authentication is not new approach as researcher have already
used it in their specific applications to propose a secure user
authentication protocol with one time password [17]. This
technique is famous for implementation of user authentication
protocols in the field of wireless communication, like Global
System for Mobile communication (GSM) [18, 19]. Even,
researchers have used these stream ciphers to proposed new
secure algorithm for image encryption for communication
through insecure medium like Internet [20, 22, 23].
Furthermore to increase the security of digital image,
researchers have also combined the block ciphers with the
stream ciphers to propose a hybrid security protocol [21].
Even, the researchers have also made a performance
comparison analysis w.r.t energy efficiency, between the
block ciphers and the stream ciphers to choose the suitable
approach as per the requirements [24], which pave the way for
further enhancements in this field. Apart from this,
comparison have also been done between stream ciphers and
block ciphers w.r.t CPU usage time for implementation of
network security during wireless communication using mobile
devices, which shows stream ciphers perform better than block
ciphers in this aspect [25]. Since no encryption algorithm is
full proof in nature, researchers have also conducted fault
analysis on stream ciphers used for backup encryption purpose
in mobile phone UMTS technology to ensure data
confidentiality [26], which ultimately explores the way for
further enhancements using this symmetric key cryptographic
security protocol.
Encouraged by the above mentioned research works, we have
applied the stream ciphers in our proposed E-Governance
mechanism to impose user authentication technique through
Object Oriented Software Engineering (OOSE) approach
which is discussed in the next section of this paper.
4. Proposed E-Governance mechanism
In this section we have explained the origin of our research
work and presented our proposed Citizen centric electronic
smart card based E-Governance mechanism.
I. Origin of research work.
As the Citizen are the ultimate beneficiaries of the
administration, to design an efficient E-Governance
mechanism, its designers must understand the requirements of
the Citizen. In INDIA, civilians are suffering due to the
menace of hybrid governance, which mostly comprises of
conventional pattern incorporated with electronic pattern in a
very unplanned manner. The situation have become so much
critical that the Citizen are bound to carry various digital
identities to justify their identity during various transactions,
which mostly comprises of common parameters of an
individual. Though Government is spending huge amount of
money to provide unique identity to the Citizen through the
launch of several identity instruments, yet it failed to identify
an individual as a whole with a single identification number
irrespective of its nomenclature. As a result an individual is
having unique identification number with reference to that
particular nomenclature only. Each time Government is
launching a new identity system, it is only adding to the
existing count, with non so ever having the provision for
electronic mode of financial transactions. On the other hand
the Citizen are also forced to carry several smart cards like
Debit Cards, Credit Cards, issued by the banks to its
customers for performing financial transactions. To sum up, in
this present situation Citizen have to carry all the identity
instruments and the smart cards provided by Government,
several banking houses, and other co-realted sectors. Hence,
the attackers have an appropriate platform to materialize their
Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)
ISSN: 2321-2667 Volume 3, Issue 3, May 2014 33
ill-intentions as a Citizen can be addressed by multiple
identification numbers and smart cards for various
governmental transactions.
II. Proposed model.
To get rid of these problems, we have already proposed a
Citizen centric multivariate electronic smart card based E-
Governance mechanism which will perform all transactions
and will provide unique identity to an individual irrespective
of its nomenclature. The schematic diagram of our proposed
Multipurpose Electronic Card (MEC) based E-Governance
mechanism is as follows –
Figure 2. Schematic diagram of proposed smart card based E-
Governance mechanism during C2G type of transactions
Figure – 2 shows that, using this proposed Multipurpose
Electronic Card (MEC), the Citizen can perform various
electronic transactions with banks, education institutions,
health services, employers, etc very efficiently. However, for
successful implementation of our proposed E-Governance
mechanism, its user authentication technique must be installed
very strictly so as to defend the entry of attacker within the
system at the initial stage and reduce the risk of the entire
operations. We have implemented the user authentication
technique in our system using Stream Ciphers in the context
of Object Oriented Software Engineering (OOSE) approach,
which is discussed further in this section.
III. User authentication technique using
Stream Ciphers.
We have used Stream Ciphers to perform user authentication
during C2G type of transactions using our proposed E-
Governance mechanism. In this application we have used
Stream Ciphers to perform encryption of the plain text and
Elliptic Curve Digital Signature Algorithm (ECDSA) to
generate the signatures. Figure – 3 shows that Class CITIZEN
represents the Citizen and Class GOVERNMENT represents
the Government. The Citizen performs the encryption of the
plain text using Stream Cipher and generation of digital
signature using Elliptic Curve Digital Signature Algorithm
(ECDSA).
Figure 3. Class CITIZEN and GOVERNMENT in Object
Oriented Modeling (OOM) of Stream Ciphers
explanation of our application is as follows –
Step 1 – Start.
Step 2 – Citizen initiates the C2G type of E-Governance
transaction and inputs information using INPUT( ) method.
Step 3 – Citizen further encrypts the information using Stream
Ciphers by calling the member method encrypt( ).
Step 4 – Citizen impose digital signature using the Elliptic
Curve Digital Signature Algorithm (ECDSA) by calling the
member methods command_generate( ) and command_sign( ).
Step 5 – Citizen transmit the cipher text to the Government.
Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)
ISSN: 2321-2667 Volume 3, Issue 3, May 2014 34
Step 6 – Government decrypts the cipher text using the
member method decrypt( ).
Step 7 – Government verifies the digital signature of the
transmitted message using the member method
command_verify( ).
Step 7.1 – In case of successful verification of the digital
signature, the message communication is defined as valid, and
program proceeds towards Step – 8.
Step 7.2 – In case of unsuccessful verification of the digital
signature, the message communication is defined as invalid.
Step 8 – Stop.
The role of the important functions within our above
mentioned application is shown further in Figure – 4.
Figure 4. Message passing during Object Oriented Modeling
(OOM) of Stream Ciphers in our proposed model
The sample outputs obtained during our application are shown
in Figure – 5 and Figure – 6 respectively. Figure – 5 shows
successful message communication using valid signature,
whereas Figure – 6 shows unsuccessful message
communication due to tampered signature.
5. Conclusion
In the above discussion we have shown the use of Stream
Ciphers for authentication of users during transactions using
our proposed Citizen centric multivariate electronic smart card
based E-Governance mechanism. The main objective of our software based cryptosystem was to simulate the user
authentication technique in the context of real world scenario.
However, there are huge scope for enhancements in the object
orientation of the application. As the future scope of this
research work, we will consider to improve the object oriented
approach to enhance the security features of this application.
References [1] Abhishek Roy, Sunil Karforma, Coupling and cohesion
analysis for implementation of authentication in E-Governance, ACEEE Conference Proceedings Series 02, Fourth International Joint Conference - Advances in Engineering and Technology (AET) 2013, December 13-14, 2013 (Elsevier), Pp: 544-554, Organized by: The Association of Computer Electronics and Electrical Engineer (ACEEE), The Association of Mechanical and Aeronautical Engineers (AMAE), The Association of Civil and Environmental Engineers (ACEE), Sponsored by : Indian Society for Technical
Education (ISTE), NCR, INDIA. ISBN 978-93-5107-193-8. [2] Abhishek Roy, Sunil Karforma, Object oriented metrics analysis for implementation of authentication in smart card based E-Governance mechanism, Researchers World – Journal of Arts, Science and Commerce, October 2013, Volume – IV Issue – 4(2) Pp: 103 – 109 Print ISSN 2231-4172 Online ISSN 2229-4686. [3] Sumita Sarkar, Abhishek Roy, Survey on Biometric applications for implementation of authentication in smart
Governance, Researchers World – Journal of Arts, Science and Commerce, October 2013, Volume – IV Issue – 4(1) Pp: 103 – 114, Print ISSN 2231-4172 Online ISSN 2229-4686. [4] Abhishek Roy, Sunil Karforma, Subhadeep Banik, Implementation of authentication in E-Governance – An UML Based Approach, Book published by LAP Lambert Academic Publishing 2013 1 Ed, Germany, ISBN 978-3-659-41310-0 [5] Abhishek Roy, Sunil Karforma, UML based modeling of ECDSA for secured and smart E-Governance system, Computer
Science & Information Technology (CS & IT - CSCP 2013), Proceedings of National Conference on Advancement of Computing in Engineering Research (ACER13) organized by Global Institute of Management and Technology, March 22 - 23, 2013, Pp: 207 - 222, ISSN 2231 - 5403, ISBN 978-1-921987-11-3, DOI: 10.5121/csit.2013.3219 [6] Abhishek Roy, Sunil Karforma, Object Oriented approach of Digital certificate based E-Governance mechanism, ACEEE
Conference Proceedings Series 03, International Conference on IPC&ITEeL ACT&CIIT CENT&CSPE 2012 Proceedings, December 03-04, 2012 (Elsevier), Pp: 380-386, Organized by: The Association of Computer Electronics and Electrical Engineer (ACEEE), Chennai, INDIA. ISBN 978-93-5107-194-5. [7] Abhishek Roy, Sunil Karforma, A Survey on digital signatures and its applications, Journal of Computer and Information Technology Vol: 03 No: 1 & 2, August 2012 Pp- 45-69, ISSN 2229-
3531. [8] Anamul Hoda, Abhishek Roy, Sunil Karforma, Application of ECDSA for security of transaction in E-Governance, Proceedings of Second National Conference on Computing and Systems - 2012 (NaCCS - 2012) organized by the Department of Computer Science, The University of Burdwan, March 15 - 16, 2012, 1st Edition - 2012, Pp: 281-286, ISBN 978-93-80813-18-9. [9] Sumita Sarkar, Abhishek Roy, A Study on Biometric based
Authentication, Proceedings of Second National Conference on Computing and Systems - 2012 (NaCCS - 2012) organized by the Department of Computer Science, The University of Burdwan, March 15 - 16, 2012, 1st Edition - 2012, Pp: 263-268, ISBN 978-93-80813-18-9. [10] Abhishek Roy, Sumita Sarkar, Joydeep Mukherjee, Arindom Mukherjee, Biometrics as an authentication technique in E-Governance security, Proceedings of UGC sponsored National
Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)
ISSN: 2321-2667 Volume 3, Issue 3, May 2014 35
Conference on “Research And Higher Education In Computer Science And Information Technology, RHECSIT-2012” organized by the Department of Computer Science, Sammilani Mahavidyalaya in collaboration with Department of Computer Science and Engineering, University of Calcutta, February 21 – 22, 2012, Vol: 1, Pp:153-160, ISBN 978-81-923820-0-5.
[11] Abhishek Roy, Sunil Karforma, Risk and Remedies of E-Governance Systems, Oriental Journal of Computer Science & Technology (OJCST), Vol: 04 No:02, Dec 2011 Pp- 329-339. ISSN 0974-6471. [12] Abhishek Roy, Subhadeep Banik, Sunil Karforma, Object Oriented Modelling of RSA Digital Signature in E-Governance Security, International Journal of Computer Engineering and Information Technology (IJCEIT), Summer Edition 2011, Vol 26
Issue No. 01, Pp: 24-33, ISSN 0974-2034. [13] Abhishek Roy, Sunil Karforma, A Survey on E-Governance Security, International Journal of Computer Engineering and Computer Applications (IJCECA). Fall Edition 2011, Vol 08 Issue No. 01, Pp: 50-62, ISSN 0974-4983. [14] Abhishek Roy, Subhadeep Banik, Sunil Karforma, Jayanta Pattanayak, Object Oriented Modeling of IDEA for E-Governance Security, Proceedings of International Conference on Computing and
Systems 2010 (ICCS 2010), November 19-20, 2010, Pp: 263-269, Organized by: Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 93-80813-01-5. [15]. Chayan Sur, Abhishek Roy, Subhadeep Banik, A Study of the State of E-Governance in India, Proceedings of National Conference on Computing and Systems 2010 (NACCS 2010), January 29, 2010, Pp: a-h, Organized by : Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 8190-77417-4.
[16]. C. Paar, J. Pelzl, Understanding Cryptography, Springer (2010), DOI 10.1007/978-3-642-04101-3_2, http://www.springer.com/cda/content/document/cda_downloaddocument/9783642041006-c1.pdf?SGWID=0-0-45-834114-p173938012 Accessed on : May 12, 2014. [17]. Davaanaym, B.; Young Sil Lee; HoonJae Lee; Sanggon Lee; HyoTeak Lim, "A Ping Pong Based One-Time-Passwords Authentication System," INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on , vol., no., pp.574,579, 25-27 Aug.
2009 doi: 10.1109/NCM.2009.247 [18]. Chi-Chun Lo; Yu-Jen Chen, "Secure communication mechanisms for GSM networks," Consumer Electronics, IEEE Transactions on , vol.45, no.4, pp.1074,1080, Nov 1999 doi: 10.1109/30.809184 [19]. Chi-Chun Lo; Yu-Jen Chen, "A secure communication architecture for GSM networks," Communications, Computers and
Signal Processing, 1999 IEEE Pacific Rim Conference on , vol., no., pp.221,224, 1999 doi: 10.1109/PACRIM.1999.799517 [20]. Ginting, R.U.; Dillak, R.Y., "Digital color image encryption using RC4 stream cipher and chaotic logistic map," Information Technology and Electrical Engineering (ICITEE), 2013 International Conference on , vol., no., pp.101,105, 7-8 Oct.2013,doi: 10.1109/ICITEED.2013.6676220
[21]. Goumidi, D.E.; Hachouf, F., "Hybrid chaos-based image encryption approach using block and stream ciphers," Systems, Signal Processing and their Applications (WoSSPA), 2013 8th International Workshop on , vol., no., pp.139,144, 12-15 May 2013,doi: 10.1109/WoSSPA.2013.6602351 [22]. Aissa, B.; Nadir, D.; Mohamed, R., "Image encryption using stream cipher algorithm with nonlinear filtering function," High Performance Computing and Simulation (HPCS), 2011 International
Conference on , vol., no., pp.830,835, 4-8 July 2011 doi: 10.1109/HPCSim.2011.5999916
[23]. Rengarajaswamy, C.; Rosaline, S.I., "SPIRT compression on encrypted images," Information & Communication Technologies (ICT), 2013 IEEE Conference on , vol., no., pp.336,341, 11-12 April 2013 doi: 10.1109/CICT.2013.6558116 [24]. Xueying Zhang; Heys, H.M.; Cheng Li, "Energy efficiency of
symmetric key cryptographic algorithms in wireless sensor networks," Communications (QBSC), 2010 25th Biennial Symposium on , vol., no., pp.168,172, 12-14 May 2010 doi: 10.1109/BSC.2010.5472979 [25]. Sharif, S.O.; Mansoor, S.P., "Performance analysis of stream and block cipher algorithms," Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on , vol.1, no., pp.V1-522,V1-525, 20-22 Aug. 2010 doi:
10.1109/ICACTE.2010.5578961 [26]. Debraize, B.; Corbella, I.M., "Fault Analysis of the Stream Cipher Snow 3G," Fault Diagnosis and Tolerance in Cryptography (FDTC), 2009 Workshop on , vol., no., pp.103,110, 6-6 Sept. 2009 doi: 10.1109/FDTC.2009.33
Biographies
Abhishek Roy: The author is currently pursuing his Ph.D.
Degree in Computer Science from The University of Burdwan,
W.B, INDIA. His research topic is implementation of
information security in E-Governance. Previously he had
done B.Sc in Information Technology (Hons) and M.Sc in
Computer Technology from The University of Burdwan. He
have more than six years of professional experience in the arena of computer science and have several research paper
publication in various reputed international journals. He is
associated with several research societies as their Life
Member. Apart from this, he is also associated with several
international journals as their Editorial / Reviewer Board
Member. He finds his research interest in Information Security,
Cryptography and E-Governance.
For further details, please visit the following website:
http://abhishekroy.wix.com/home
Email: [email protected]
Dr. Sunil Karforma: The co-author had received his
Bachelor and Master degree in Computer Science &
Engineering from the Jadavpur University and presently
working as an Associate Professor under Dept. of Computer
Science at The University of Burdwan, W.B, INDIA 713104.
He had published several research papers in reputed
international and national platforms. His research interest
includes E-Governance, E-Commerce, Information Security,
etc. For further details please contact at :
Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)
ISSN: 2321-2667 Volume 3, Issue 3, May 2014 36
Figure 5. Valid Signature