7/28/2019 Artificial Intelligence Based Authentication Scheme
1/27
Artificial Intelligence Based Authentication Scheme
for
Mobile Adhoc Networkse-mail {barani,a0r2878}@cs.tamu.edu
Baranidharan Raman Anu Ramanathan
Dept.of.Computer Science Dept. of Electrical Engg.
Texas A&M University Texas A&M Univeristy
Abstract
Our security protocol derives inspiration from the MIT-Kerberos authentication scheme in which a client
who wants to communicate with some service server, needs a session key and ticket for that particular
session. The principles of key distribution is used to provide authentication. Security of transmitted data isachieved using encryption and decryption algorithms. Here we propose to use the RSA algorithm to
generate the public and private keys for each session inorder to fulfil the needs of secure transmission.
In this project, we aim at developing a security protocol independent of the routing protocol for Mobile
Adhoc Networks with added infrastructure to facilitate the key distribution. Here, apart from the issues in
traditional wired networks, we take into consideration few more criteria like mobility of the nodes andincreased vulnerability to attacks by malicious intruders owing to a single communication channel.
The work described achieves secure initial contact between the mobile node and Key Distribution Center.
Another achievement of the proposed protocol is that the mobile nodes paying for security are assigned
authentication keys dynamically thus, overcoming the problems associated with static passwords intraditional schemes. For this purpose we use Artificial Intelligence puzzles to provide improved
authentication.
1.Introduction
Data transmission across any network is highly insecure and this necessitates the
development of a system that can authenticate communication between entities.
Authentication is not an end in itself, but rather a tool to support both integrity andauthorization. Its basic objective is to prevent fraudulent connection requests.
Ad-hoc networks, which are on the fly networks hence, are purpose specific,
autonomous, dynamic and transient. Adhoc networks support mobility of nodes andhave properties such as dynamic topologies, bandwidth-constrained variable capacity
link, power constrained operations and limited security[1]. The last property is the issueof this research project.
Survivability is a key issue to be taken into consideration in designing a security protocol.
The main problem in using traditional techniques of a centralized architecture to achievenetwork security could lead to a highly susceptible design architecture owing to the fact
that if the centralized entity is compromised, it would result in a security failure
for the entire network. Therefore, we should aim at a distributed architecture[4] .
7/28/2019 Artificial Intelligence Based Authentication Scheme
2/27
2.Related Work
The traditional wired network routing protocols in the wired networks like RIP, OSPF
provide minimal security guarantees but the internet protocol on which the they operatenamely ipV4, ipV6 which have IPSEC(IPSecurity) as an integral feature. But when it
comes to routing protocols in the MANET like DSR, AODV, TORA assumes that the
nodes have no malicious content. So there in a lot of security concern when it comes to
comes to authenticating MANETs.
The security issues of confidentiality, availability and authentication hold well in
MANETS too. However apart from passive attacks involving eavesdropping we need totackle the problem of Denial of Service (DOS) and Distributed DOS (DDOS) and
compromised nodes. In environments where there is a centralized services are managed
by individual or replicated nodes, compromised nodes are the major threats.
Sufatrio and Lam [2] introduce a Minimal Public- Key based Authentication (Min-PKA)
for Mobile-IP which secures the registration process and makes use of Authentication-Authorization- Accounting (AAA) server nodes. This scheme uses secret
And public key based encryption and advocates necessity of multiple protocols in
securing these networks.
Fasbender et al.[3] introduce the Non-Disclosure Method(NDM) in which every Secure
Agent (SA) (node) has a public-private key pair. Suppose a source SRC wants to send its
messages to DEST it first encrypts the message using encrypts the message usingDESTs public key and then that information with SA1s public key and forwards the
packet to SA1 and the packet traverses the network through route SRC-SA1-SA2--
SAn- DEST. SA1 knows it has to forward the packet to SA2 but has no idea of location
of DEST and SAn knows the location of DEST but not SRC. This way the messages aswell as the Location information are secured.
Key Management Service introduced by Zhou and Haas [4] introduce a distributes keymanagement service to be applied to MANET. The propasal requires the knowledge of
multiple routes to destination (Routing protocols like TORA maintains such information).
The ZH proposal as it is called uses a public key- private key pairs of which the publickey is certified by the server and the private key is kept secret. The ZH also uses the
shared secret keys for establishing secure sessions. The ZH also authenticates and
encryption of sessions keys using asymmetric key pairs. In query modeThe node requests the publis key of the other nodes and in update mode it advertises its
public key.
Armando Fox and Steven Gribble [5] have implemented a security protocol based on
Kerberos called Charon where all interaction with the KDC is displaced from the client to
a proxy. Therefore, the authentication mechanism is implemented as a two-phasehandshake where the client uses Charon as a smart router to obtain information from the
7/28/2019 Artificial Intelligence Based Authentication Scheme
3/27
KDC in the first handshake, while communication between Charon as a client from the
point of view of the KDC occurs in the second handshake.
We derive inspiration for our authentication scheme from the Kerberos authentication
scheme[6] in which a client who wants to communicate with some service server, needs
a session key and ticket for that particular session. The client obtains these from the KDC(Key Distribution Center) by sending the information (Authentication Request) about
itself, the service server it wants to communicate with, the time stamp and a random
number. The KDC responds (Authentication Response) by sending the session key,random number and time stamp, all encrypted with the public key and which can be
decrypted by the client and some more similar information (which is the servers session
private key encrypted using servers public key) which should be forwarded to theservice server and can only be decrypted with service servers public key. The client then
sends the ticket to the service center and the service server decrypts the information to get
the session key and it can use that key to communicate with the client afterwards. TheAuthentication Request and Response along with the Application Request and Response
constitute the basic Kerberos Authentication Protocol.
RSA[7] is a public-key cryptosystem developed by MIT professors: Ronald L. Rivest,Adi Shamir, and Leonard M. Adleman in 1977 in an effort to help ensure internet
security. A cryptosystem is an algorithm that converts input data into an unrecognizable
(encrypted) form and then converts it back to the original (decrypted) form. Theencryption and decryption algorithms may be in accordance with several mathematical
formulae or may be random. The challenge of public-key cryptography is developing a
system in which it is impossible to determine the private key. This is accomplishedthrough the use of a one-way function. With a one-way function, it is relatively easy to
compute a result given some input values. However, it is extremely difficult, nearlyimpossible, to determine the original values if you start with the result. In mathematical
terms, given x, computing f(x) is easy, but given f(x), computing x is nearly impossible.
The one-way function used in RSA is multiplication of prime numbers. It is easy tomultiply two big prime numbers, but for most very large primes, it is extremely time-
consuming to factor them. Public-key cryptography uses this function by building a
cryptosystem which uses two large primes to build the private key and the product of
those primes to build the public key.
In this research project we are dealing with the confidentiality of information between
sender and the receiver and scalability of the Authentication mechanism to large numberof independent Mobile Adhoc Networks
3.Protocol Design
The issue of security in Mobile Ad Hoc Networks needs to be handled more carefully as
opposed to wired networks primarily due to most nodes operating on the promiscuous
mode. The performance of a network security protocol lies in its ability to avert denial ofservice attacks. We aim to develop a reactive protocol which maintains an authenticator
7/28/2019 Artificial Intelligence Based Authentication Scheme
4/27
key distribution center which is kept as invisible as possible to the nodes in the
MANET. We refer to this approach as Invisible KDC.
3.1 Security Goals
To provide a hierarchical security service that permits a certain category of nodes
which will be provided the secure network provision. To provide secure distribution of public and private keys.
To ensure secure communication between the nodes.
We assume that there is a Service Provider who authenticates the users who need to use
the secure network by providing a puzzle solving mechanism to each node requiring
security and also gives it a universally accepted solution which is used for encryption ofthe initial authentication requests.
3.2 Protocol Layers
We aim to develop a security protocol which is built on top of a routing protocol whichis used in Mobile Ad Hoc networks.
Fi
PHSICAL LAYER
DATA LINK LAYER
NETWORK LAYER
TRANSPORT LAYER
SECURITY LAYER
APPLICATION LAYER
Fig 1. PROTOCOL STACK
7/28/2019 Artificial Intelligence Based Authentication Scheme
5/27
3.3 Protocol Details
The protocol employs three stages of authentication in a sequential manner which is
discussed below:
Authentication of the node Securing the Public Key
Secure communication between nodes over the MANET
3.3.1 Hierarchical Architecture of nodes in MANET
There is a 3 level hierarchy of nodes in our secure network domain. Since security comeswith a cost, it makes sense to make the willing clients pay for it while the others need not.
Depending on the security requirements we have a 2 level hierarchy of mobile nodes in
our MANET
Insecure Node
Secure Node
One of the secure nodes will be placed at a higher level in the hierarchy by becoming theKey Distribution Center (KDC). The current protocol implemented assumes that the Key
Distribution Center does not leave the MANET which is not always the case. Our future
work intends to accommodate the leave of the Key Distribution Center from theMANET. All the transactions involving secure nodes are encrypted.
3.3.2 Authentication of the node
Initially when a node requires to initiate a secure transmission, it needs to obtain a publickey from the Key Distribution Center. The KDC replies back with an Artificial
Intelligence puzzle which has multiple solutions. The puzzle is sent encrypted using auniversally distributed key which is distributed to all the secure nodes. The node who is
already authorized by the Service Provider decrypts the puzzle and solves it using the
functions provided to it and returns the computed solution which is encrypted using thesame universal encryption key. This prevents the intermediate nodes from being able to
track a puzzle and its solution.
3.3.2.1 Artificial Intelligence Puzzle
The most prominent AI puzzles like the Rubiks Cube[8], 8 Puzzle problem, 16 puzzleproblem have a specific property that there are multiple paths to the solution, through thestate space using same state space search functions. So a single puzzle solving heuristic
approach can take us to the solution through different paths across the state space. This
property is what we are exploiting in our authentication approach.
7/28/2019 Artificial Intelligence Based Authentication Scheme
6/27
In traditional networks where security is required, every lawful user is given a login name
and password. Though the entry into the network is protected using the password, there isno efficient method to prevent this password from being hacked.
So the KDC gives the puzzle with different initial states and waits for the secure nodes to
give it the mapping function which can be used to generate the encryption key for thenode. If, by faint probability the secure node generates a key which is already in use, then
the KDC does not reply to this message, hence making the secure node send an another
mapping function.
There are several advantages to this approach. We enumerate them all of them here.
Most of the hacking that has been recorded so far in network services is through misuse
of passwords wherein, the malicious user gets to know the lawful users passwords and
uses that to gain entry into the network. In this scheme, though the mobile nodes pay forsecurity service, it does not know the encryption keys assigned to it. This takes place
dynamically.
Another advantage of this approach is that the KDC need not maintain the database ofthe keys required for secure communication thereby, as they can be obtained as when
required from the Key Distribution Center. This can enable the easy leave of the secure
node acting as KDC as no state information is maintained. However the method offinding the leave of KDC is beyond the scope of this paper.
The AI puzzle approach allows the encryption of initial authentication request messagessent to the KDC which enhances the security offered by this authentication scheme
making it more robust.
3.4 Authenticating Control Messages
There are 4 messages specific to our authentication protocol. They are
Authentication Request
Authentication Puzzle Reply
Authentication Message
Authenticating Key.
When a secure node want to send a packet to another node in the network it broadcasts an
Authentication Request Message to the KDC and waits for the KDC to process its request
with the Authentication Reply. In traditional authenticating schemes including protocolslike Kerberos[6] and Charon[5] the initial contact for authentication between the mobile
node and the Key Distribution Center is insecure, which might be acceptable for network
environments where the packets are not monitored in promiscous mode . Also the routediscovery between a node wishing to authenticate itself with the KDC is broadcast which
enables any malicious node to enter into promiscous mode and sniff the reply from the
KDC to the node requesting the encryption keys, which defeats the entire purpose of
7/28/2019 Artificial Intelligence Based Authentication Scheme
7/27
security. So there must be some means of providing this security for the first transaction
between a node wishing authentication and the KDC i.e they must be encrypted.
Our scheme achieves this by encrypting all the messages used for authentication service
using a general solution which is made available to all the secure nodes.
Authentication Request
This is the message sent by the secure node inorder to authenticate itself with the KDC.
Authentication Reply
This is the message that comes from the KDC and contains the Authenticating Puzzle .
Fig2: Authentication of Node
Authentication Message
This is the message that is being sent by the secure node wishing to authenticate itself to
the KDC. It contains the encrypted solution to the puzzle.
Authentication Keys
Acknowledgement of the secure nodes authentication by the KDC along with the keys.
Fig 3. Securing the public and Private key
S1
N1
N3 S2
KD
C
N2Req1
Req1
Rep1Rep1
S1
N1
N3 S2
KD
C
N2Req2
Req2
Rep2Rep2
7/28/2019 Artificial Intelligence Based Authentication Scheme
8/27
3.5 Securing the public and private key
The KDC on receiving the solution from the node, verifies if it is the correct one and
returns back the public and private keys of the node which is encrypted using the solution
sent by the node. The possibility of an intermediate node being able to snoop the public
key based on the solution is lower here due the presence of multiple solutions for acertain puzzle. This public key which is obtained by the node is used for further
communication.
3.6 Invisible KDC
The most common security threat to a centralized scheme of service as we have here isthe Denial of Service (DoS) attack. This can occur if the malicious node knows about the
whereabouts of the centralized service. So it is necessary to protect the location
information of the KDC. So we do not send the authenticating packet to address of thenode acting as KDC as it is not made available. Only the node acting as KDC knows that
it is the KDC and this information is hidden from all nodes in the network including theneighbours. The KDC identifies the broadcast packet sent to it by means of special
information added to the standard DSR Header.
3.7 Secure Communication between nodes over the MANET
Inorder to communicate with another node (B) securely, the node (A) which has been
authenticated with the Key Distribution Center will contact it to obtain the session key. If
the node (B) has not yet authorized itself with the KDC, then the KDC uses a pushmechanism to send its keys using the puzzle solving method described above. The public
key of node B is sent by the KDC to node A encrypted using As public key. This can bedecrypted by using As private key. The public key of B is in turn used to encrypt the
information which needs to be sent to node B. This can be decrypted only using the
private key of node B which is not accessible to the other nodes. The encryption anddecryption mechanism is carried out using the RSA algorithm which is discussed in the
appendix.
Fig 4: Secure Communication between nodes
S1
N1
N3 S2
KD
C
N2
EncryptedPacket
Encrypted
Packet
7/28/2019 Artificial Intelligence Based Authentication Scheme
9/27
3.8 Handling Mobility of the KDC
We assume that initially there is a node which is elected as the KDC among the group of
nodes which require security in the network. In addition to this, all the nodes in the secure
network will run the KDC software, but will not reply to any of the AuthenticationRequests sent by incoming nodes unless it has been elected as the KDC. The present
protocol assumes that the KDC does not leave the MANET.
4. Optimizations
There are 2 optimizations that will make our protocol more efficient.
Optimization 1
We have joined the 2 phases of route request and authentication by sending a single
broadcast packet to achieve the same. This is being achieved by making both thedestination as well as the KDC reply to this broadcast.
Optimization 2
Since the initiation of the packet transfer can be delayed due to the authentication
process, we make a slight modification to traditional security schemes. We start
transmitting the packets as soon as we have a route to the destination and start encryptinga packet as soon as we get the keys. This is based on the assumption that a part of the
data transfer cannot make any sense to anyone who snoops in-between.
5. Simulation
To evaluate the performance of the security protocol, we simulated it using the Network
Simulator provided by University of California, Berkeley. The simplified version of theprotocol was implemented in Java inorder to compute the overhead involved in the
encryption scheme used in the protocol. It was observed that the average overhead due to
the RSA algorithm used for encryption and decryption of the packets sent was 3.2 timesthe size of a normal data packet. The security protocol has been implemented over DSR
as the routing protocol, though it can be built on any other routing protocol.
Our simulations were run for increasing number of nodes in the MANET for 20 seconds.
We simulate a network with N nodes where N/2 of them generate packets using a CBRsource. The odd numbered nodes send packets to the even numbered ones. The nodesinitially complete the process of authentication before they begin the transmission of
packets.
The parameters which are of interest to us to evaluate the performance of our proposed
scheme are :
7/28/2019 Artificial Intelligence Based Authentication Scheme
10/27
(i) The increase in the packet size due to the RSA algorithm used for encryption and
decryption.(ii) The aggregate throughput of the secure network as the number of nodes is
increased.
(iii) The aggregate throughput of the network as we increase the number of nodes that
require secure data transmission while keeping the total number of nodes aconstant.
(iv) The control overhead incurred by implementing the new protocol.
As we increase the number of nodes from 4 to 50 in the network, the throughput of the
scheme drastically falls, which is shown in fig 5.
Fig 5.
The throughput obtained in packets/s for the new scheme is compared with various
schemes to understand the overhead incurred to achieve a high level of security in the
network. Table 1 shows the aggregate throughput achieved for a completely secure
network which requires all nodes to be authenticated.
NO: OF NODES DSR ENCRYPTION KERBEROS NEW SCHEME
0 0 0 0 0
4 316.2 126.2 125.5 127.5
8 318 140.5 137.85 102.7
10 319.25 156.8 143.05 77.55
12 317.55 145.65 136.07 54.8
16 312 139.7 143.2 36.75
20 283.05 120.6 112.25 27.2
30 288.35 78.3 52.95 14.05
40 252.4 56.7 29.5 8.7
50 253.55 46.3 21.1 7.15
Table 1:Comparison of Aggregate Throughput (in packets/s) of Various protocols as
the no: of nodes increases for a Completely Secure Network
Aggregate Throughput vs. No: of nodes for a
Completely Secure Network
0
100
200
300
400
0 20 40 60
No: of nodes
Aggregate
Throughputin
Packets/s
DSR
Encryption
Kerberos
New Scheme
7/28/2019 Artificial Intelligence Based Authentication Scheme
11/27
It is expected that the throughput would be highest for the case without any
authentication and security requirements as opposed to the other schemes whichintroduce additional overhead in the form of authentication requests, replies and bigger
packet sizes owing to encryption of data. The simple encryption scheme employs mere
encryption and decryption of the packets that are sent which results in an increase in the
packet size and leads to an increase in the contention in the network, thereby causing adrop in throughput as opposed to DSR. The next scheme which we implemented was
Kerberos which uses the concept of public and private keys to authenticate nodes in a
network. This has an additional broadcast to obtain the keys from the Key DistributionCenter followed by a reply from the KDC with the keys in addition to the increase in
packet size observed in the Simple Encryption scheme. The additional broadcast and
reply increase the contention still further, which increases the number of packets droppedand throughput is expected to be lower than the Simple Encryption scheme. The main
disadvantage of this scheme is that the KDC is known to all nodes in the network and the
transmission of keys is done in an insecure manner. We overcome the problem oflocating the KDC using the concept of invisible KDC by broadcasting the authentication
request and using an invalid source address field while sending the replies from the KDC.The problem of insecure transmission is overcome in our new scheme that employs client
puzzle authentication to initially authenticate a node in the network and then sends thekeys to it. In addition to the overhead introduced in the Kerberos scheme, we have an
additional broadcast for the node which sends the puzzles solution and the final reply
with the keys for the secure session. This further adds to the contention and increase inpacket drops results which is responsible for the lower throughput.
We observe that the throughput initially increases when the no: of nodes is increased asthe link bandwidth utilization increases. But when the no: of nodes is increased still
further, the contention increases between the nodes and the throughput falls as expectedfrom IEEE 802.11. It is also observed that the new scheme has the lowest throughput
owing to the overhead involved in providing the security, while the simple encryption
scheme performs better in terms of throughput owing to a lower overhead. Therefore, thegreater the degree of security we aim to provide, the higher is the overhead incurred and
poorer is the performance in terms of throughput. So there is a trade off between the
achievable level of security and the aggregate throughput.
The next set of simulations were run for the same network with the total number of nodes
fixed at 30 and the performance was evaluated as we increase the no: of secure nodes in
the network i.e those nodes which require authentication. The results observed are shownin Fig 6 and Table 2.
7/28/2019 Artificial Intelligence Based Authentication Scheme
12/27
Fig 6
NO: OF SECURE NODES KERBEROS NEW SCHEME
1 75.2 27.1
2 70.35 26.55
4 65.4 23.8
8 60.75 19.35
12 55.6 15.4
15 52.95 14.05
Table 2:Comparison of Aggregate Throughput (in packets/s) of Kerberos and New
Scheme as the no: of secure nodes increases
As the number of secure nodes is increased, there will be an increase in the number ofcontrol messages sent owing the broadcasts of authentication requests and replies to
client puzzles. This increases the contention for bandwidth and thereby increases the no:
of packet drops which in effect is responsible for a drop in throughput. This is observedin fig 6.
Fig 7.
Aggregate Throughput vs. No: of authenticated
nodes
0
20
40
60
80
0 5 10 15 20
No: of authenticated nodes
AggregateThrouput
inPackets/s
Kerberos
New Scheme
No: of broadcasts vs. No: of nodes for a Completely
Secure Network
0
20
40
60
80
100120
140
160
0 4 8 10 12 16 20 30 40 50
No: of nodes
No:ofbroadca
sts
Kerberos
New Scheme
7/28/2019 Artificial Intelligence Based Authentication Scheme
13/27
Then, the control overhead incurred by the protocol is measured for the Kerberos scheme
and the New scheme. There is a significant increase in the number of broadcasts in ournew scheme as opposed to Kerberos owing to the Client Puzzle Authentication which we
have added.
6. Conclusions and Future Work
The scheme implemented here has a distinct advantage over Kerberos as it ensures that
the keys used for authentication are also delivered in a secure manner to the nodes toavoid malicious nodes from spoofing it. It is also routing protocol independent. We
observe that increasing the levels of authentication in a network is obtained at cost of
decrease in throughput. There exists a trade off between the level of security and thethroughput obtained. In this protocol, we have assumed that the KDC does not leave.
This can be improved by incorporating a leader election mechanism which can elect a
new node as the KDC when the existing one leaves and still maintain the invisibility ofthe KDC.
References
1. Signalling and Routing Security in Mobile and Ad Hoc Networks Vesa Karpijokihttp://www.hut.fi/~vkarpijo/iwork00/
2. Sufatrio & Lam, K.-Y., Scalable Authentication Framework for Mobile-IP (SAFe IP),
Internet draft, IETF, November 1999. [referred 24.3.2000]
3. Fasbender, A. et al., Variable and Scalable Security: Protection of Location
Information in Mobile IP., Mobile Technology for the Human Race,IEEE 46th Vehicular Technology Conference, 1996
4. Zhou, L. & Haas, Z., Securing Ad Hoc Networks., 1998. [referred 13.2.2000]
< http://www.ee.cornell.edu/~haas/Publications/network99.ps
5. Security On the Move: Indirect Authentication Using Kerberos Armanda Fox andSteven Gribble.
6. http://web.mit.edu/kerberos/www/
7. http://www.cyberlaw.com/rsa.html
8. R. Korf. Finding optimal solutions to Rubik's Cube using pattern databases. In AAAINational Conference, pages 700-705, 1997.
7/28/2019 Artificial Intelligence Based Authentication Scheme
14/27
Appendix A
RSA Algorithm
The challenge of public-key cryptography is developing a system in which it isimpossible to determine the private key. This is accomplished through the use of a one-
way function. With a one-way function, it is relatively easy to compute a result given
some input values. However, it is extremely difficult, nearly impossible, to determine theoriginal values if you start with the result. In mathematical terms, given x, computing f(x)
is easy, but given f(x), computing x is nearly impossible. The one-way function used inRSA is multiplication of prime numbers. It is easy to multiply two big prime numbers,
but for most very large primes, it is extremely time-consuming to factor them. Public-key
cryptography uses this function by building a cryptosystem which uses two large primes
to build the private key and the product of those primes to build the public key.
The RSA Algorithm consists of the following steps:
The first step involved in this is the generation of two large p,q which are
relatively prime. This is used to compute the values of N ,E ,D ,PHI which are defined as
follows:
N= pq
PHI = (p-1)(q-1)
Next we find a number E (public exponent), D using the Extended Euclidean Algorithm
such that it is relatively prime to PHI and D satisfies the condition
E*D = 1 mod PHI.
The pair (N,E) is called the public key and D is called the private key. Here it is essentialthat the primes p,q are kept a secret or are destroyed. Once the keys are generated, the
next step is to compute the cipher text from the plain text message m which is done as
follows:
C = ME
mod N
The original message is recovered using the private key D
M = CD
mod N
Therefore, since only the service server has the value of D, none but the service servercan decrypt the message. Since we know that D, E are related, the algorithm will
correctly recover the original message, which happens as follows:
CD
mod n = (( ME
mod N )D
) mod N = M.
Now for an attacker to be able to find the message, it would be required to compute thevalue of p,q once N is got. But since multiplication of big prime numbers is a one-way
7/28/2019 Artificial Intelligence Based Authentication Scheme
15/27
function, it is nearly impossible to get the private key. This algorithm reduces to
generation of the primes p,q and this is done using random numbers generated which are
tested using Fermats test for their primeness.
7/28/2019 Artificial Intelligence Based Authentication Scheme
16/27
Appendix B
Java Simulator
A Java simulator was written to implement a simplified version of our security protocolinorder to gain a better understanding of the Encryption-Decryption mechanism and to
estimate the overhead incurred. The class files used are given below.
// Generation of Prime Numbers used to generate the Public and Private Keys
import java.io.*;import java.lang.*;
import java.util.*;
public class primeDetect
{
public static long generatePrime(){
long primesList[] = {3, 5, 7, 11, 13, 17, 19, 23, 29,
31,37,41,43,47,53,59,61,67,71,73,79,83,89,97};long primeNum=0; // The Prime Number Generated
int i;
boolean primeGen =true; // Flag that determines whether or not PrimeNumber hasbeen Generated
boolean testSucc = false;while (primeGen == true)
{
primeNum =1993+(long)( Math.random()*1997);System.out.println("Math.random()= "+Math.random());
if (primeNum % 2 ==0 )
primeNum++;
for (i=0;i
7/28/2019 Artificial Intelligence Based Authentication Scheme
17/27
return primeNum; // Generated Prime Number
}
// Fermats Test for Prime Numbers
public static boolean fermatTest(long primeNum,long[] primesList)
{for(int i = 0;i < 24;i++)
{
if(modulus(primesList[i],primeNum-1,primeNum) != 1)return true;
}
return false;}
// Computes Large exponential computations
public static long modulus(long a, long b, long n)
{
long temp[] = new long[64];for(int i = 0; i < 64; i++)
temp[i] = 0;
temp[0] = a % n;for(int i = 1; i < 64; i++)
temp[i] = (temp[i-1] * temp[i-1]) % n;long bTemp = b;
long product = 1;
for(int i = 0; i < 64; i++){
if((bTemp & 1) == 1)
product = (product * temp[i]) % n;
bTemp = bTemp >> 1;}
return product;
}
//Computes the GCD of the 2 Numbers
public static long GCD(long u, long v)
{
long tempGCD=1,temp,rem;if(u
7/28/2019 Artificial Intelligence Based Authentication Scheme
18/27
u=v;
v=temp;}
rem = u % v;
if(rem==0)
tempGCD=v;else
GCD(v,tempGCD);
return tempGCD;}
}
// Encrypts the Character to be sent
import java.io.*;import java.util.*;
import java.lang.*;
public class encryption{
static long n,e;
static long encrypt;
public static int encrypt(long m,long n,long e)
{encrypt=primeDetect.modulus(m,e,n);
return (int)encrypt; // Encrypted Value}
}
// Decrypts the encryted value of the character that is received
import java.io.*;
import java.lang.*;
public class decryption
{
static long n,d;
static long decrypt;
public static long decrypt(long m,long n,long d)
{decrypt=primeDetect.modulus(m,d,n);
return decrypt; //Decrypted Value
}}
7/28/2019 Artificial Intelligence Based Authentication Scheme
19/27
Appendix C
Modifications to DSR source code (in Network simulator)
The following files in ns-2 were modified to implement the protocol: dsragent.cc
hdr_sr.h
packet.h
mobilenode.h
mobilenode.cc
Modifications made to dsragent.cc
Method : recv(
SRPacket p2(packet, srh);p2.dest = ID((Address::instance().get_nodeaddr(iph->daddr())),::IP);
p2.src = ID((Address::instance().get_nodeaddr(iph->saddr())),::IP);
//if( (srh->KDC_req_rep_==4) && (p2.dest==net_id) ){
cout
7/28/2019 Artificial Intelligence Based Authentication Scheme
20/27
iph1->saddr() = Address::instance().create_ipaddr(net_id.getNSAddr_t(),RT_PORT);
iph1->sport() = RT_PORT;cmnh1->ptype() = PT_DSR;
cmnh1->size() = size_ + IP_HDR_LEN; // add in IP header
cmnh1->num_forwards() = 0;
srh1->init();
srh->route_KDC() = 3;
srh->route_request()=1;sendOutRtReq(rrp,4);
}
// if( (srh->route_KDC()==3) && (p2.dest==net_id) ){
if( (srh->KDC_req_rep_==3) && (p2.dest==net_id) ){
cout
7/28/2019 Artificial Intelligence Based Authentication Scheme
21/27
p1.dest = ID((Address::instance().get_nodeaddr(iph-
>daddr())),::IP);p1.src = ID((Address::instance().get_nodeaddr(iph->saddr())),::IP);
cout
7/28/2019 Artificial Intelligence Based Authentication Scheme
22/27
{
if (p.dest == net_id || p.dest == IP_broadcast){ // this packet is intended for us
/* if(cmh->next_hop_ == IP_BROADCAST) {
cout route_reply())
cout next_hop() = MAC_BROADCAST;cmnh->addr_type() = NS_AF_ILINK;
// if(srh->KDC_req_rep_ == 1)
// srh->route_request() = 0;
7/28/2019 Artificial Intelligence Based Authentication Scheme
23/27
// cmnh->encrypted_ = sh1.packet_encrypted(); // encrypting the packets.
cout encrypted_ = sh1.packet_encrypted();
if(cmnh->encrypted_)cmnh->size_=(int)(cmnh->size_ * 3.2); // 3.2 times the
// unencrypted value
}
else
{ // forward according to source routecmnh->xmit_failure_ = XmitFailureCallback;
cmnh->xmit_failure_data_ = (void *) this;
cmnh->next_hop() = srh->get_next_addr();
cmnh->addr_type() = srh->get_next_type();srh->cur_addr() = srh->cur_addr() + 1;
// cmnh->encrypted_ = sh1.packet_encrypted(); // encrypting the packets.if(node_->is_secureNode())
cmnh->encrypted_ = sh1.packet_encrypted();
if(cmnh->encrypted_)cmnh->size_=(int)(cmnh->size_ * 3.2); // 3.2 times the
// unencrypted value
}
Method: getRouteForPacket()
//------------------------ Authentication Packet ----------------------------------
SRPacket auth_req;
//-----------------------------------
/*
Source Request Packet Generation*/
//------------------------ Authentication Packet ----------------------------------
auth_req = rrp;
// cmnh->route_KDC()=1;
7/28/2019 Artificial Intelligence Based Authentication Scheme
24/27
if(node_->is_secureNode())
if(node_->has_authenticated() == -1) {sendOutRtReq(auth_req,4);
// node_->set_authentication();
// cout route_KDC() = 1;
//---------------------------------------------------------------------
Method:returnSrcRteForOutsideDomainToRequestor()
/------------------------ Authentication Packet ----------------------------------
// cmnh->route_KDC()=1;
cout is_KDC() == 1) {
// auth_rep = p_copy;
// hdr_sr *auth_srh = (hdr_sr*)auth_rep.pkt->access(off_sr_);new_srh->route_KDC() = 2;
cout
7/28/2019 Artificial Intelligence Based Authentication Scheme
25/27
// hdr_sr *auth_srh = (hdr_sr*)auth_rep.pkt->access(off_sr_);
new_srh->route_KDC() = 4;cout
7/28/2019 Artificial Intelligence Based Authentication Scheme
26/27
inline int& packet_encrypted() { return encrypted_;}
// --------------------------------------------------------------------------
}
Modification to packet.h
struct hdr_cmn {
/*
other Parameters*/
//------------------------- Modified for Kerberos ------------------------
int KDC_req_rep_;// KDC_req_rep_ = 1 for requesting Authenticating
// & getting Public Key & Private Key// KDC_req_rep_ = 2 for reply from KDC
int encrypted_;// set to 1 to indicate encrypted
//--------------------- end of Modifications.------------------------------
/*other methods
*/
//-------------------added ----------------------inline int& route_KDC(){ return (KDC_req_rep_); }
//--------------------------------------------------
}
Modifications made to Mobile Node.cc
// -------------- KDC -------------------------
else if (strcmp(argv[1],"kdcNODE") == 0) {
//base_stn_ = (MobileNode*)
//TclObject::lookup(argv[2]);kdc_node_ = atoi(argv[2]);
return TCL_OK;
}
7/28/2019 Artificial Intelligence Based Authentication Scheme
27/27
else if (strcmp(argv[1],"secureNODE") == 0) {//base_stn_ = (MobileNode*)
//TclObject::lookup(argv[2]);
is_secure_node_ = atoi(argv[2]);
return TCL_OK;}
// --------------------------------------------------------
Modifications to Mobile Node .h
class MobileNode : public Node
{
// -------------------- KDC ---------------------inline int is_secureNode() {return is_secure_node_; }
inline void set_kdc() {kdc_node_ =1;}inline void set_secure_node() { is_secure_node_ =1; }
inline void set_authentication() { has_authenticated_ =1;}
inline int is_KDC() {return kdc_node_; }inline int has_authenticated() {return has_authenticated_; }
// --------------------------------------------------------
/*other Methods
*/
// ------------------ KDC ------------------------
int kdc_node_;int is_secure_node_;
int has_authenticated_;
// ----------------------------------------------------
};