Stream cipher based user authentication technique in E-Governance transactions

ISSN: 2321-2667 Volume 3, Issue 3, May 2014 31

Journal of Research in Electrical and Electronics Engineering (ISTP-JREEE)

STREAM CIPHER BASED USER AUTHENTI-CATION

TECHNIQUE IN E-GOVERNANCE TRANSACTIONS Abhishek Roy, Research Scholar, Dept. of Comp. Sc., The University of Burdwan, W.B, INDIA 713104. Email: [email protected]

Sunil Karforma, Assoc. Prof., Dept. of Comp. Sc.,The University of Burdwan, W.B, INDIA 713104. Email: [email protected]

Abstract

Being an Information and Communication Technology (ICT)

based electronic mechanism, E-Governance is very much

susceptible to infringement attempts mounted by the attacker.

In order to make it a Citizen centric good governance

mechanism, the user authentication technique during E-

Governance transactions must be deployed very securely.

With the objective to provide good governance to the

Citizenry, we have already proposed a Citizen centric

multivariate electronic smart card based E-Governance

mechanism. To further validate our proposed mechanism, in

this paper we have performed the user authentication

technique using stream ciphers during C2G type of

transactions in the context of object oriented software

engineering approach.

Keywords: E-Governance, C2G, User Authentication, Stream

cipher.

1. Introduction

Being an Information and Communication Technology (ICT)

based electronic mechanism, E-Governance is very much

susceptible to infringement attempts mounted by the attacker.

In order to make it a Citizen centric good governance

mechanism, the user authentication technique during E-

Governance transactions must be deployed very securely.

With the objective to provide good governance to the

Citizenry, we have already proposed a Citizen centric

multivariate electronic smart card based E-Governance

mechanism. To further validate our proposed mechanism, in

this paper we have performed the user authentication

technique using stream ciphers during C2G type of

transactions in the context of object oriented software

engineering approach.

Section – 2 contains the background of stream ciphers. Section

– 3 contains a brief literature survey on application of stream

ciphers [16] in various electronic mechanisms. Section – 4

discusses the origin of research work which leads to the design

of Citizen centric multivariate electronic smart card based E-

Governance [1, 2, 4, 5, 6, 8, 10, 11, 12, 13, 14, 15] mechanism

and the application of stream ciphers in the context of Object

Oriented Software Engineering (OOSE) approach for user

authentication [3, 7, 9] in our proposed mechanism.

Conclusion drawn from the entire discussion is mentioned in

Section – 5. Finally the references are listed at the last of this

paper.

2. Background of Stream Ciphers.

Stream Cipher is a type of Symmetric Cryptography, whose

features are stated below –

a. In this method, individual bit-wise encryption of the plain

text is done. This is performed by adding a key stream bit with

a plain text bit. The encryption and decryption technique using

stream ciphers may be stated as below –

Each plain text bit xi is encrypted by adding a secret key

stream bit si modulo 2. Let the plain text, cipher text and the

key stream may be represented as individual bits in following

manner : xi, yi, si ∈ {0,1}

i. Encryption : yi = esi (xi) ≡ xi + si mod 2, where e( )

represents encryption function.

ii. Decryption : xi = dsi (yi) ≡ yi + si mod 2, where d( )

represents decryption function.

In the entire process, the encryption function e( ) and

decryption function d( ) are same because they have to

produce the same plain text bit xi ,which is explained as below

From (i) and (ii), we can derive :

dsi (yi) ≡ yi + si mod 2 ≡ (xi + si) + si mod 2 ≡ xi

+ si + si mod 2 ≡ xi + 2si mod 2 ≡ xi + 0 mod 2 ≡ xi

mod 2 Q.E.D.

Thus, the conceptual diagram of the stream cipher based

encryption and decryption process may be shown as below –

Figure 1. Conceptual diagram for encryption and decryption

using Stream Cipher in C2G type of E-Governance transaction

mailto:[email protected]



Fig – 1 shows that, Citizen encrypts the plain text bit xi using

secret key stream bit si to generate the cipher text bit yi, and

Government decrypts the cipher text bit yi using secret key

stream bit si to retrieve the plain text bit xi. Fig – 1 also shows

that this conversion from plain text to cipher text and vice versa, is done through XOR operations, which is represented

by Modulo 2 addition in (i) and (ii). Thus, in this way the

Citizen and Government can communicate with each other

securely, to transmit classified information using Stream

Ciphers through insecure communication channel like Internet.

b. Stream Ciphers can be further distinguished as Synchronous

Stream Ciphers and Asynchronous Stream Ciphers.

c. In case of Synchronous Steam Ciphers, the key stream bits

depends only on the key.

d. In case of Asynchronous Stream Ciphers, the key stream

bits also depends on the cipher text.

e. Since, this technique is mainly useful for performing fast

encryption and decryption process over applications having

limited computational capacities, we have applied it in our

proposed E-Governance mechanism. That means, in case of

software implementation, this technique uses less processor

instructions, whereas in case of hardware implementation, this

technique uses less logic gates i.e smaller chip area.

Considering the benefits of Stream Ciphers, various

researchers have already used it in their applications, which is

further clarified through the following brief literature survey.

3. Literature survey on Stream Ciphers

The application of Stream Ciphers for implementation of user

authentication is not new approach as researcher have already

used it in their specific applications to propose a secure user

authentication protocol with one time password [17]. This

technique is famous for implementation of user authentication

protocols in the field of wireless communication, like Global

System for Mobile communication (GSM) [18, 19]. Even,

researchers have used these stream ciphers to proposed new

secure algorithm for image encryption for communication

through insecure medium like Internet [20, 22, 23].

Furthermore to increase the security of digital image,

researchers have also combined the block ciphers with the

stream ciphers to propose a hybrid security protocol [21].

Even, the researchers have also made a performance

comparison analysis w.r.t energy efficiency, between the

block ciphers and the stream ciphers to choose the suitable

approach as per the requirements [24], which pave the way for

further enhancements in this field. Apart from this,

comparison have also been done between stream ciphers and

block ciphers w.r.t CPU usage time for implementation of

network security during wireless communication using mobile

devices, which shows stream ciphers perform better than block

ciphers in this aspect [25]. Since no encryption algorithm is

full proof in nature, researchers have also conducted fault

analysis on stream ciphers used for backup encryption purpose

in mobile phone UMTS technology to ensure data

confidentiality [26], which ultimately explores the way for

further enhancements using this symmetric key cryptographic

security protocol.

Encouraged by the above mentioned research works, we have

applied the stream ciphers in our proposed E-Governance

mechanism to impose user authentication technique through

Object Oriented Software Engineering (OOSE) approach

which is discussed in the next section of this paper.

4. Proposed E-Governance mechanism

In this section we have explained the origin of our research

work and presented our proposed Citizen centric electronic

smart card based E-Governance mechanism.

I. Origin of research work.

As the Citizen are the ultimate beneficiaries of the

administration, to design an efficient E-Governance

mechanism, its designers must understand the requirements of

the Citizen. In INDIA, civilians are suffering due to the

menace of hybrid governance, which mostly comprises of

conventional pattern incorporated with electronic pattern in a

very unplanned manner. The situation have become so much

critical that the Citizen are bound to carry various digital

identities to justify their identity during various transactions,

which mostly comprises of common parameters of an

individual. Though Government is spending huge amount of

money to provide unique identity to the Citizen through the

launch of several identity instruments, yet it failed to identify

an individual as a whole with a single identification number

irrespective of its nomenclature. As a result an individual is

having unique identification number with reference to that

particular nomenclature only. Each time Government is

launching a new identity system, it is only adding to the

existing count, with non so ever having the provision for

electronic mode of financial transactions. On the other hand

the Citizen are also forced to carry several smart cards like

Debit Cards, Credit Cards, issued by the banks to its

customers for performing financial transactions. To sum up, in

this present situation Citizen have to carry all the identity

instruments and the smart cards provided by Government,

several banking houses, and other co-realted sectors. Hence,

the attackers have an appropriate platform to materialize their



ill-intentions as a Citizen can be addressed by multiple

identification numbers and smart cards for various

governmental transactions.

II. Proposed model.

To get rid of these problems, we have already proposed a

Citizen centric multivariate electronic smart card based E-

Governance mechanism which will perform all transactions

and will provide unique identity to an individual irrespective

of its nomenclature. The schematic diagram of our proposed

Multipurpose Electronic Card (MEC) based E-Governance

mechanism is as follows –

Figure 2. Schematic diagram of proposed smart card based E-

Governance mechanism during C2G type of transactions

Figure – 2 shows that, using this proposed Multipurpose

Electronic Card (MEC), the Citizen can perform various

electronic transactions with banks, education institutions,

health services, employers, etc very efficiently. However, for

successful implementation of our proposed E-Governance

mechanism, its user authentication technique must be installed

very strictly so as to defend the entry of attacker within the

system at the initial stage and reduce the risk of the entire

operations. We have implemented the user authentication

technique in our system using Stream Ciphers in the context

of Object Oriented Software Engineering (OOSE) approach,

which is discussed further in this section.

III. User authentication technique using

Stream Ciphers.

We have used Stream Ciphers to perform user authentication

during C2G type of transactions using our proposed E-

Governance mechanism. In this application we have used

Stream Ciphers to perform encryption of the plain text and

Elliptic Curve Digital Signature Algorithm (ECDSA) to

generate the signatures. Figure – 3 shows that Class CITIZEN

represents the Citizen and Class GOVERNMENT represents

the Government. The Citizen performs the encryption of the

plain text using Stream Cipher and generation of digital

signature using Elliptic Curve Digital Signature Algorithm

(ECDSA).

Figure 3. Class CITIZEN and GOVERNMENT in Object

Oriented Modeling (OOM) of Stream Ciphers

explanation of our application is as follows –

Step 1 – Start.

Step 2 – Citizen initiates the C2G type of E-Governance

transaction and inputs information using INPUT( ) method.

Step 3 – Citizen further encrypts the information using Stream

Ciphers by calling the member method encrypt( ).

Step 4 – Citizen impose digital signature using the Elliptic

Curve Digital Signature Algorithm (ECDSA) by calling the

member methods command_generate( ) and command_sign( ).

Step 5 – Citizen transmit the cipher text to the Government.



Step 6 – Government decrypts the cipher text using the

member method decrypt( ).

Step 7 – Government verifies the digital signature of the

transmitted message using the member method

command_verify( ).

Step 7.1 – In case of successful verification of the digital

signature, the message communication is defined as valid, and

program proceeds towards Step – 8.

Step 7.2 – In case of unsuccessful verification of the digital

signature, the message communication is defined as invalid.

Step 8 – Stop.

The role of the important functions within our above

mentioned application is shown further in Figure – 4.

Figure 4. Message passing during Object Oriented Modeling

(OOM) of Stream Ciphers in our proposed model

The sample outputs obtained during our application are shown

in Figure – 5 and Figure – 6 respectively. Figure – 5 shows

successful message communication using valid signature,

whereas Figure – 6 shows unsuccessful message

communication due to tampered signature.

5. Conclusion

In the above discussion we have shown the use of Stream

Ciphers for authentication of users during transactions using

our proposed Citizen centric multivariate electronic smart card

based E-Governance mechanism. The main objective of our software based cryptosystem was to simulate the user

authentication technique in the context of real world scenario.

However, there are huge scope for enhancements in the object

orientation of the application. As the future scope of this

research work, we will consider to improve the object oriented

approach to enhance the security features of this application.

References [1] Abhishek Roy, Sunil Karforma, Coupling and cohesion

analysis for implementation of authentication in E-Governance, ACEEE Conference Proceedings Series 02, Fourth International Joint Conference - Advances in Engineering and Technology (AET) 2013, December 13-14, 2013 (Elsevier), Pp: 544-554, Organized by: The Association of Computer Electronics and Electrical Engineer (ACEEE), The Association of Mechanical and Aeronautical Engineers (AMAE), The Association of Civil and Environmental Engineers (ACEE), Sponsored by : Indian Society for Technical

Education (ISTE), NCR, INDIA. ISBN 978-93-5107-193-8. [2] Abhishek Roy, Sunil Karforma, Object oriented metrics analysis for implementation of authentication in smart card based E-Governance mechanism, Researchers World – Journal of Arts, Science and Commerce, October 2013, Volume – IV Issue – 4(2) Pp: 103 – 109 Print ISSN 2231-4172 Online ISSN 2229-4686. [3] Sumita Sarkar, Abhishek Roy, Survey on Biometric applications for implementation of authentication in smart

Governance, Researchers World – Journal of Arts, Science and Commerce, October 2013, Volume – IV Issue – 4(1) Pp: 103 – 114, Print ISSN 2231-4172 Online ISSN 2229-4686. [4] Abhishek Roy, Sunil Karforma, Subhadeep Banik, Implementation of authentication in E-Governance – An UML Based Approach, Book published by LAP Lambert Academic Publishing 2013 1 Ed, Germany, ISBN 978-3-659-41310-0 [5] Abhishek Roy, Sunil Karforma, UML based modeling of ECDSA for secured and smart E-Governance system, Computer

Science & Information Technology (CS & IT - CSCP 2013), Proceedings of National Conference on Advancement of Computing in Engineering Research (ACER13) organized by Global Institute of Management and Technology, March 22 - 23, 2013, Pp: 207 - 222, ISSN 2231 - 5403, ISBN 978-1-921987-11-3, DOI: 10.5121/csit.2013.3219 [6] Abhishek Roy, Sunil Karforma, Object Oriented approach of Digital certificate based E-Governance mechanism, ACEEE

Conference Proceedings Series 03, International Conference on IPC&ITEeL ACT&CIIT CENT&CSPE 2012 Proceedings, December 03-04, 2012 (Elsevier), Pp: 380-386, Organized by: The Association of Computer Electronics and Electrical Engineer (ACEEE), Chennai, INDIA. ISBN 978-93-5107-194-5. [7] Abhishek Roy, Sunil Karforma, A Survey on digital signatures and its applications, Journal of Computer and Information Technology Vol: 03 No: 1 & 2, August 2012 Pp- 45-69, ISSN 2229-

3531. [8] Anamul Hoda, Abhishek Roy, Sunil Karforma, Application of ECDSA for security of transaction in E-Governance, Proceedings of Second National Conference on Computing and Systems - 2012 (NaCCS - 2012) organized by the Department of Computer Science, The University of Burdwan, March 15 - 16, 2012, 1st Edition - 2012, Pp: 281-286, ISBN 978-93-80813-18-9. [9] Sumita Sarkar, Abhishek Roy, A Study on Biometric based

Authentication, Proceedings of Second National Conference on Computing and Systems - 2012 (NaCCS - 2012) organized by the Department of Computer Science, The University of Burdwan, March 15 - 16, 2012, 1st Edition - 2012, Pp: 263-268, ISBN 978-93-80813-18-9. [10] Abhishek Roy, Sumita Sarkar, Joydeep Mukherjee, Arindom Mukherjee, Biometrics as an authentication technique in E-Governance security, Proceedings of UGC sponsored National



Conference on “Research And Higher Education In Computer Science And Information Technology, RHECSIT-2012” organized by the Department of Computer Science, Sammilani Mahavidyalaya in collaboration with Department of Computer Science and Engineering, University of Calcutta, February 21 – 22, 2012, Vol: 1, Pp:153-160, ISBN 978-81-923820-0-5.

[11] Abhishek Roy, Sunil Karforma, Risk and Remedies of E-Governance Systems, Oriental Journal of Computer Science & Technology (OJCST), Vol: 04 No:02, Dec 2011 Pp- 329-339. ISSN 0974-6471. [12] Abhishek Roy, Subhadeep Banik, Sunil Karforma, Object Oriented Modelling of RSA Digital Signature in E-Governance Security, International Journal of Computer Engineering and Information Technology (IJCEIT), Summer Edition 2011, Vol 26

Issue No. 01, Pp: 24-33, ISSN 0974-2034. [13] Abhishek Roy, Sunil Karforma, A Survey on E-Governance Security, International Journal of Computer Engineering and Computer Applications (IJCECA). Fall Edition 2011, Vol 08 Issue No. 01, Pp: 50-62, ISSN 0974-4983. [14] Abhishek Roy, Subhadeep Banik, Sunil Karforma, Jayanta Pattanayak, Object Oriented Modeling of IDEA for E-Governance Security, Proceedings of International Conference on Computing and

Systems 2010 (ICCS 2010), November 19-20, 2010, Pp: 263-269, Organized by: Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 93-80813-01-5. [15]. Chayan Sur, Abhishek Roy, Subhadeep Banik, A Study of the State of E-Governance in India, Proceedings of National Conference on Computing and Systems 2010 (NACCS 2010), January 29, 2010, Pp: a-h, Organized by : Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 8190-77417-4.

[16]. C. Paar, J. Pelzl, Understanding Cryptography, Springer (2010), DOI 10.1007/978-3-642-04101-3_2, http://www.springer.com/cda/content/document/cda_downloaddocument/9783642041006-c1.pdf?SGWID=0-0-45-834114-p173938012 Accessed on : May 12, 2014. [17]. Davaanaym, B.; Young Sil Lee; HoonJae Lee; Sanggon Lee; HyoTeak Lim, "A Ping Pong Based One-Time-Passwords Authentication System," INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on , vol., no., pp.574,579, 25-27 Aug.

2009 doi: 10.1109/NCM.2009.247 [18]. Chi-Chun Lo; Yu-Jen Chen, "Secure communication mechanisms for GSM networks," Consumer Electronics, IEEE Transactions on , vol.45, no.4, pp.1074,1080, Nov 1999 doi: 10.1109/30.809184 [19]. Chi-Chun Lo; Yu-Jen Chen, "A secure communication architecture for GSM networks," Communications, Computers and

Signal Processing, 1999 IEEE Pacific Rim Conference on , vol., no., pp.221,224, 1999 doi: 10.1109/PACRIM.1999.799517 [20]. Ginting, R.U.; Dillak, R.Y., "Digital color image encryption using RC4 stream cipher and chaotic logistic map," Information Technology and Electrical Engineering (ICITEE), 2013 International Conference on , vol., no., pp.101,105, 7-8 Oct.2013,doi: 10.1109/ICITEED.2013.6676220

[21]. Goumidi, D.E.; Hachouf, F., "Hybrid chaos-based image encryption approach using block and stream ciphers," Systems, Signal Processing and their Applications (WoSSPA), 2013 8th International Workshop on , vol., no., pp.139,144, 12-15 May 2013,doi: 10.1109/WoSSPA.2013.6602351 [22]. Aissa, B.; Nadir, D.; Mohamed, R., "Image encryption using stream cipher algorithm with nonlinear filtering function," High Performance Computing and Simulation (HPCS), 2011 International

Conference on , vol., no., pp.830,835, 4-8 July 2011 doi: 10.1109/HPCSim.2011.5999916

[23]. Rengarajaswamy, C.; Rosaline, S.I., "SPIRT compression on encrypted images," Information & Communication Technologies (ICT), 2013 IEEE Conference on , vol., no., pp.336,341, 11-12 April 2013 doi: 10.1109/CICT.2013.6558116 [24]. Xueying Zhang; Heys, H.M.; Cheng Li, "Energy efficiency of

symmetric key cryptographic algorithms in wireless sensor networks," Communications (QBSC), 2010 25th Biennial Symposium on , vol., no., pp.168,172, 12-14 May 2010 doi: 10.1109/BSC.2010.5472979 [25]. Sharif, S.O.; Mansoor, S.P., "Performance analysis of stream and block cipher algorithms," Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on , vol.1, no., pp.V1-522,V1-525, 20-22 Aug. 2010 doi:

10.1109/ICACTE.2010.5578961 [26]. Debraize, B.; Corbella, I.M., "Fault Analysis of the Stream Cipher Snow 3G," Fault Diagnosis and Tolerance in Cryptography (FDTC), 2009 Workshop on , vol., no., pp.103,110, 6-6 Sept. 2009 doi: 10.1109/FDTC.2009.33

Biographies

Abhishek Roy: The author is currently pursuing his Ph.D.

Degree in Computer Science from The University of Burdwan,

W.B, INDIA. His research topic is implementation of

information security in E-Governance. Previously he had

done B.Sc in Information Technology (Hons) and M.Sc in

Computer Technology from The University of Burdwan. He

have more than six years of professional experience in the arena of computer science and have several research paper

publication in various reputed international journals. He is

associated with several research societies as their Life

Member. Apart from this, he is also associated with several

international journals as their Editorial / Reviewer Board

Member. He finds his research interest in Information Security,

Cryptography and E-Governance.

For further details, please visit the following website:

http://abhishekroy.wix.com/home

Email: [email protected]

Dr. Sunil Karforma: The co-author had received his

Bachelor and Master degree in Computer Science &

Engineering from the Jadavpur University and presently

working as an Associate Professor under Dept. of Computer

Science at The University of Burdwan, W.B, INDIA 713104.

He had published several research papers in reputed

international and national platforms. His research interest

includes E-Governance, E-Commerce, Information Security,

etc. For further details please contact at :

[email protected]



Figure 5. Valid Signature



Figure 6. Inalid Signature

Documents

Stream cipher based user authentication technique in E-Governance transactions