Available online at www.sciencedirect.com
Procedia Engineering 00 (2011) 000–000
Procedia Engineering 30 (2012) 774 – 781
Procedia Engineering www.elsevier.com/locate/procedia
International Conference on Communication Technology and System Design 2011
Enhanced Information Security in Distributed Mobile System Based on Delegate Object Model N.Shenbagavadivua, S.Usha Savithrib, a* a
Department of Computer Applications, Anna University of Technology, Tiruchirappalli b Anna University of Technology, Tiruchirappalli
Abstract Security is the fundamental requirement of modern computer systems. Today critical information is stored , accessed and passed in all types of applications. Designing secure systems is a challenge due to the distributed nature of modern systems .Network communications are both wired and wireless .Security threats and attacks must be evaluated and handled. Distributed Mobile system has arisen as an evolution of distributed systems mainly focused on the sharing of resources and access information in a synchronized, secure, efficient and reliable manner. M-commerce and M-business have become a vital topic as new generation of wireless networks. The advancement of wireless devices enables users to access business information anywhere and anytime. Security algorithms used for wired networks cannot be applied to wireless systems, since wireless network clients come with limited resources and processing power. . The main objective of this paper is to provide secured transaction in Mobile system based on delegate object model. The model implements security in two instances at object access level and content level. The access privileges are based on a combination of the identity of the user seeking access, its credentials. The content level security is implemented using Tiny Encryption Algorithm. The critical data needs to be secured. . The proposed model uses the client side encryption and de encryption (Mobile Host) and ensures data is secured even from Mobile Support Station.
© 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ICCTSD 2011 Open access under CC BY-NC-ND license. Keywords : Distributed Mobile System, Delegate Object, Security, Mobile Host
1.Introduction Distributed computing architecture plays a major role to bridge the gap between technology and business. In distributed systems, both data and transaction processing are divided between one or more computers connected by a network, each computer playing a specific role in the system. Nowadays, distributed application frameworks support mobile code, multimedia data streams, user and device mobility, and spontaneous networking. A wireless/mobile computing system is a distributed system. Mobile applications and devices play an essential part in many aspects of today’s business world by providing a solid ground for more efficient communications, opportunities for graceful expansion, and overall success of modern business
* N.Shenbagavadivu. Tel.: +91-9789334789. E-mail address:
[email protected].
1877-7058 © 2011 Published by Elsevier Ltd. Open access under CC BY-NC-ND license. doi:10.1016/j.proeng.2012.01.927
N. Shenbagavadivu and S. Usha Savithri Engineering (2012) 774 – 781 N. Shenbagavadivu/ Procedia/ Procedia Engineering 00 (2011)30 000–000
775
Mobile communications has experienced a tremendous explosive growth in the past two decades. Today millions of people around the world use mobile phones. Mobile phones allow a person to make or receive a call from almost anywhere. Likewise, a person is allowed to continue the phone conversation while on the move. Cellular communications is supported by an infrastructure called a cellular network, which integrates cellular phones into the public switched telephone network [Forman 1994].
Mobile computing represents a new paradigm that aims to provide continuous network connectivity to users irrespective of their location. A large number of portable, personal devices have been in the market like PDA’s, Mobile phones, Laptops etc. These devices allow the user to be moving and still maintaining its network connections, remote computers to share resources giving rise to distributed computing [Satyanarayanan 1996].Object oriented technology is widely accepted as a suitable methodology for the construction of distributed applications.
As mobile systems become more pervasive and complex, security factor is increasingly important. The security of such systems greatly is relied on the methods used to manage, establish, and distribute the keys employed by the cryptographic techniques. Even if a cryptographic algorithm is ideal in both theory and implementation, the strength of the algorithm will be considered useless if the relevant keys are poorly managed. In this paper we focus on content level encryption using tiny encryption algorithm. The content is passed by mobile user to mss and stored in the respective distributed mobile delegate object of the mobile user. Advantage of the proposed security model is that the encryption is done on the client side (Mobile phone). Also access level security is implemented to access the content in the object. This ensures that object content is locked and cannot be decrypted without knowledge of access key. Secondly decryption is done on the client side. 2 Distributed Mobile Systems A wireless/mobile computing system is a distributed system which consists of both MH and static MSS nodes. A set of dynamic and wireless communication links can be established between a MH and a MSS, and a set of high speed communication link is assumed between the MSS. The MSS may communicate with a number of MH but a MH at a time communicates with only one MSS [Gupta 2008]. The MH communicates with the rest of the system via its MSS. Distributed computation in mobile computing environment is performed by a set of processes concurrently on MH and MSS in the network [Brown 1998]. Figure 1 shows the system model for distributed mobile systems.
Figure 1 System Model for Distributed Mobile Systems
776
N. Shenbagavadivu and S. Usha Savithri / Procedia 30 (2012) 774 – 781 N. Shenbagavadivu/ Procedia Engineering 00Engineering (2011) 000–000
When an MH roams and moves out of the cell and enters a new cell, a handoff procedure is executed between the two MSS associated with the cells. The communication between MH in the network is through message passing [Alagar 1995]. The MSS maintain separate data structures to identify the list of MH which are within its cell’s regularly broadcast and talk with the MH which are within its cell using a beacon message to keep track of the MH presence within its cell.
2.1 Conventional Communication Model
In the distributed mobile system a mobile device acts as client device as well as a data source for providing relevant information needed for business process. When one mobile host (say MH_Source) needs to communicate with other mobile host (say MH_Dest) for access the business information conventionally there would be direct communication established between the two MH through MSS. The following procedure describes the flow of data between the destination device and source device.
1.
The MH_Source sends a query message to its local Mobile Support Stations (say MSS1).
2.
MSS1 receives the query message and sends a request to the location server for the current location of MH_Dest.
3.
Location server looks up the reference table for the entry ofMH_Dest and returns the current location information (Assume, MH_Dest currently resides in MSS2) to MSS1in the form of a message.
4.
The query message is transferred from MSS1 to MSS2 if the location information is valid otherwise the error message is forwarded to MH_Source.
5.
MSS2 accept the query message and check if MH_Dest is a registered mobile host. If it is a registered mobile host then the message is forwarded to MH_Dest otherwise an error message is returned to MSS1.
6.
MH_Dest receives a query message from MSS2 and returns the requested business data in the form of reply message to MSS2.
7.
MSS2, receives the reply message and forward it to MSS1.
8.
MSS1,receives the message from MSS2 and forward it to MH_Source.
In the above algorithm the destination MSS (MSS2) happens to be the same as the source MSS (MSS1), therefore steps 2, 3, 4 and 7 are not required. As described in the algorithm above, eight packet transmissions over the network are required for the retrieval of a query result, four of those transmissions over the wired portion of the network and another four are over the wireless portion. This represents the average case for the number of packet transfers for this application [Janakiram 2005]. Normally the wireless communication is being unstable; the availability of mobile devices will be much felt during the business transaction. To increase the response time and content availability the delegate object is introduced as a middleware component. 3.Delegate Object Model The delegate object acts as a representative of the MH. This bridges the MH and its support environment. The wireless network is highly unstable. This causes the mobile host to frequently connect and disconnect from the mobile network. Irrespective of the availability of the mobile host, the delegate object remains active and maintains information about the mobile host
N. Shenbagavadivu and S. Usha Savithri / Procedia Engineering (2012) 774 – 781 N. Shenbagavadivu/ Procedia Engineering 00 (2011)30000–000
777
The major advantages of using the delegate object architecture are:
It provides solution to the instability of mobile network in a distributed mobile system. The delegate object model is a customizable approach, meaning that host specific and application specific constraints can be enforced [Anastasi 2001].
Delegate object maintains the current location of MH there by solving the problem of identifying location of MH. It acts as a data source for handling data dissemination to provide mobile data access, in both server-push and client-pull models.
The delegate object can also cache mobile host specific data and reduce the response times for many client queries. It also supports disconnected operations of the MH by buffering client requests or using the cached data to handle them [Janakiram 2005].Delegate object is a representative of the MH. There fore the data structure of the delegate object should be relevant to the MH. The service provider can also provide support services to various m-business applications by using the delegate object. Hence the delegate object is also designed to contain important valuable m-business data. The structure of a distributed mobile system with delegate object is as shown in Figure 2.
Figure .2. Delegate Object Model
3.1 Communication Process
Mobile network involves intercommunication between various mobile devices. When one mobile host (MH_Source) needs to communicate with the other mobile host (MH_Dest) conventionally there would be direct communication established between the two mobile hosts through MSS.
778
N. Shenbagavadivu and S. Procedia Usha Savithri / Procedia 30 (2012) 774 – 781 N. Shenbagavadivu/ Engineering 00 Engineering (2011) 000–000
As discussed earlier to ensure availability in an unstable network the MH_Source communicates with the delegate object corresponding to MH_Dest through MSS. This requires MH_Source to obtain the reference of the delegate object of MH_Dest. To obtain the reference MH_Source communicates with its MSS by providing the destination mobile host (MH_Dest) ID. The MSS uses lookup process to obtain the reference from the naming service
4. Implementing Security in Delegate Object Model
The proposed model implements security in two instances at object access level and content level. The content level security is implemented using Tiny Encryption Algorithm. The Tiny Encryption Algorithm is one of the fastest and most efficient cryptographic algorithms in practice. It was developed by David Wheeler and Roger Needham at the Computer Laboratory of Cambridge University. Tiny Encryption Algorithm is a block cipher notable for its simplicity of description and implementation, typically a few lines of code. TEA operates on 64-bit blocks and uses a 128-bit key.
4.1Object-Access Level Security Object-access level security, which could control access to objects on a system and what type of access they have, is an important part of providing the appropriate level of confidentiality, integrity, and availability [Jeffery 2005]. Object level security provides a low-level, inner layer of protection by implementing access control on individual objects. In this model the two levels of privileges to objects are maintained:
Read -- A user with only this access privilege can see that the object exists and can also view the object's properties. However, the user cannot modify any of the object's information
Write -- A user with this access privilege can see that the object exists, view the object's properties, make changes to the object's information, and also delete the object's metadata.
The significant aspect of this system is that each authenticated and privileged user on a system is authorized to perform certain actions on each object to which the user needs access in order to perform his task. This provides for the implementation of the access control principle termed least privilege. Delegate object model allows data of a mobile user whose mobile is in unreachable state to be accessed by privileged users.
4.2Content Level Security Critical business information and personal information like Credit Card number must be saved in a secured manner. In the distributed mobile system the mobile user information is maintained by delegate object. The delegated object is resides in the Mobile Support Station. Such critical personal information should be stored in a secured manner. Which means only mobile host can access and secure content. Content level security by mss is not an efficient option. For the mobile host to encrypt the content it should have encryption algorithm to be processed. But mobile devices come with limited resources and processing power. Hence an efficient encryption mechanism Tiny Encryption Algorithm is used to encrypt the mobile data in the client side that is the mobile host encrypts and sends the cipher text to MSS. Many encryption algorithms are now available in the market [Kelsey 1997], and the selection of a specific one is dependent on the relatively tight constraints in small devices. The selected algorithm should be small, relatively secure, with a proven history of overcoming possible well known threats and attacks on it. The Tiny Encryption Algorithm (TEA) (Wheeler and Needham 1994), and hence its successor the Extended- TEAs (XTEAs) [Kelsey 1997; Moon 2002] are among the best choices. Other requirements are still of no less important than the issues of performance and power consumption; these include the ease of modifiability, upgradeability and reuse of the designed security components.
N. Shenbagavadivu and S. Usha Savithri / Procedia Engineering (2012) 774 – 781 N. Shenbagavadivu/ Procedia Engineering 00 (2011)30000–000
779
In this proposed model security is provided on demand by the user. The mss provides mobile host with various services to view , update, secure and access the delegate object. To obtain the services the mobile user first registers for various services with mss. When the user needs to store critical content the user requests for the secure updation service from the mss. If the user had registered for the service then mss allows the access to update data in object. The user encrypts the data using tiny encryption algorithm stored on mobile device. TEA has an extremely simple key schedule. The key is 16 bit alphanumeric data which is entered by the user. The user after encryption sends the cipher text to mss. Then the mss stores the cipher text in the corresponding delegate object of the mobile host. The delegate object's security pin generation method is invoked and the generated pin is sent to the mobile host along with the acknowledgement. This allows ensuring authentication of the user next time to access the critical data. When the user needs the data the user provides pin to the mss to access the object. The encrypted data then returned is decrypted by mobile host.
The Figure 3 shows the encrypted data transmission between the client node and MSS. The Figure 4 shows the encrypted data transmission between the MSS and client node. Decryption is performed in the client side..
Figure .3. Overview of Content Encryption
780
N. Shenbagavadivu and S. Usha Savithri / Procedia 30 (2012) 774 – 781 N. Shenbagavadivu/ Procedia Engineering 00Engineering (2011) 000–000
Figure .4. Overview of Content Decryption This content can be retrieved only by the corresponding mobile user using either mobile device or web by providing decryption key and the pin. This ensures critical data of mobile host to be handled in a secured manner. A considerable number of small algorithms have been tried and the selected one is neither the fastest, nor the shortest but is thought to be the best compromise for safety, ease of implementation, lack of specialized tables, and reasonable performance.
5 Conclusions This model ensures that the critical information of the mobile host is secured even from the mobile support station. The model also uses an efficient encryption algorithm which is designed for the purpose of limited resources. Thus data can be secured at client side and in the remote object. This model limits to content level security and access security for the encrypted content. The model majorly focuses on client side encryption and remote storage of encrypted content. Mobile systems face a lot of security issues. Future work would include trust between mobile host and mobile support station , integrity of the encrypted data passed to mobile support station , identity of mobile host and mobile support station .
N. Shenbagavadivu and S. Usha Savithri Engineering (2012) 774 – 781 N. Shenbagavadivu/ Procedia/ Procedia Engineering 00 (2011)30 000–000
781
References : 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.
Alagar, S. Rajagopalan, R. and Venkatesan, S., ―Tolerating Mobile Support Station Failures‖, in Proceedings of the First Conference on Fault Tolerant Systems, 1995, pp. 225–231. Anastasi, G., Bartoli, A. and Spadoni, F., ―A Reliable Multicast Protocol for Distributed Mobile Systems: Design and Evaluations‖, IEEE Transaction on Parallel and Distributed Systems, 2001, Vol. 12, No. 10, pp. 1009–1022. Brown, K. and Singh, S., ― RelM: Reliable Multicast in Mobile Networks‖, Journal of Computer Communications, 1998, Vol. 21, pp. 1379–1400. Gupta, S.K., Chauhan, R.K. and Kumar, P., ―Backward Error Recovery Protocols in Distributed Mobile Systems: A Survey‖, Journal of Theoretical and Applied Information Technology, 2008, Vol. 4, pp. 337–347. Forman, G.H. and Zahorjan, J., ―The Challenges of Mobile Computing‖, IEEE Computer Society Press, 1994, Vol. 27, No. 4, pp. 38– 47. Janakiram, D., Mohamed, M.A.M., Vijay Srinivas, A. and Chakraborty, M., ―Surrogate Object Model: Paradigm for Distributed Mobile System‖, in ACM International Conference on Information Systems Technology and its Applications, 2005, pp. 124–138. Kelsey, J., Schneier, B. and Wagner, D., ―Related Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA‖, in Proceedings of ICICS—Information and Communications Security,1997, pp. 1334. Khedo, K.K. and Subramanian, R.K., ―A Service-Oriented Component-Based Middleware Architecture for Wireless Sensor Networks‖, International Journal of Computer Science and Network Security, 2009, Vol. 9, No. 3, pp. 174–182. Koyama, K., Fujita, S., and Yamanouch, T., ―Mobidget: A Platform for Mobile and Distributed Systems Adaptive to Internet/Intranet‖, NEC Research & Development, 2001, Vol. 42, No. 1, pp. 75–80. Moon, D., Hwang, K., Lee, W., Lee, S. and Lim, J., ―Impossible Differential Cryptanalysis of reduced round XTEA and TEA‖, in Proceedings of the 9th International Workshop on Fast Software Encryption. Lecture Notes in Computer Science, Springer-Verlag: London, UK , 2002, Vol. 2365, pp. 49–60,. Neogy, S., ―WTMR – A New Fault Tolerance Technique for Wireless and Mobile Computing Systems‖, in Proceedings of the 11th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS'07), 2007, pp. 130–137. Ortiz, G. and García De Prado, A., ―Improving Device-Aware Web Services and their Mobile Clients through an Aspect-Oriented, Model-Driven Approach‖, Information and Software Technology, 2010, Vol. 52, pp. 1080–1093. Pimenidisa, E. and Georgiadis, C.K., ―Web Services for Rural Areas—Security Challenges in Development and Use‖, Computers and Electronics in Agriculture, 2010, Vol. 70, pp. 348–354. Saha, S.B. and Neogy, S., ―A Low Overhead Checkpointing Scheme for Mobile Computing Systems‖, in 15th International Conference on Advanced Computing and Communications, 2007, pp. 700–705. Satyanarayanan, M., ―Fundamental Challenges in Mobile Computing‖, in Proceedings of the 15th ACM Symposium on Principles of Distributed Computing, 1996, pp. 1–7. Shepherd, S.J., Wheeler, D.J. and Needham, R.M., ―The Tiny Encryption Algorithm (TEA)‖, Cryptologia, Vol. 31, No. 3, pp. 233– 245, 2007.
