2-IJAEST-Volume-No-2-Issue-No-2-Analysis-of-Information-Security-Algorithm-Based-on-Network-Business by ISERP ISERP

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

Analysis of Information Security Algorithm Based on Network Business Security G. Vennila, Assistant Professor

P. Anitha Lecturer

vennilatg@yahoo.com

preamanitha@yahoo.co.in

R. Karthik Lecturer

karthikrcse@gmail.com

Department of Computer Science & Engineering , Jayaram College of Engineering & Technology, Tamilnadu, India

of computer applications, in particular, the rapid development of network technology, more and more security threat have appeared and information security has become a very important and urgent issue to be solved[9][10].Network information security has become the fifth security field after sea, land, air and space. In recent years, a great deal of theoretical research and technical studies on information security have been done. Currently, information security has developed along the three following directions one is data security, network security and network business security.

Abstract-The business case for information security has never been stronger. Information is the primary commodity in world of E-Commerce. As technology advances and access to markets expand, the need to protect information to ensure its confidentiality, integrity, and availability to those whom need it for making critical personal, business, or government decisions becomes more important. Enterprise Network Information System is not only the plat form for information sharing and information exchanging, but also the platform for Enterprise Production Automation System and Enterprise Management System working together. According to the security of Enterprise Network Information System, this paper proposes the "network business security" concept. The proposal of the "network business security" provides algorithm for Confidentiality and integrity for security defense of enterprise automatic production system and enterprise management information system. Keywords- Information Security, Network Business Security algorithm, Confidentiality, Integrity. INTRODUCTION

Security is generally defined as the freedom from danger or as the condition of safety. Computer security, specifically, is the protection of data in a system against unauthorized disclosure, modification, or destruction and protection of the computer system itself against unauthorized use, modification, or denial of service. Because certain computer security controls inhibit productivity, security is typically a compromise toward which security practitioners, system users, and system operations and administrative personnel work to achieve a satisfactory balance between security and productivity. Computer and network technology provide convenience to the people, but at the same time, security problems have emerged and become more and more serious. With the increasing popularity

ISSN: 2230-7818

1.1 Information Technology Threats While there are a number of different internal and external threats to information, not all information systems are at risk because of their design, or the information that they maintain [3]. The number of vulnerabilities can impact the associated risk of a threat. The following is a list of common threats to most information systems      

Unauthorized access, alteration, or destruction of information. Misuse of authorized access to information. Accidental alteration or destruction of information. Malicious software programs Misconfigured or poorly designed information systems allowing too much access. System or communications disruptions (denial of service, hardware failure).

1.2 Information Security Components There are a number of major components that make up Information Security. Some of the major components of Information Security are  

Risk Management Programs Policies, Procedures, and Standards

Page 124

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

Intrusion Detection Systems Incident Response Programs System Monitoring Access Controls Management Sponsorship Continuous Assessment and re-alignment of the above components on a regular basis to make sure that they are still relevant to the organization or information that is being protected.

II. NETWORK BUSINESS SECURITY

Enterprise Information Network is not only the platform for information sharing and information exchanging, but also the platform for enterprise business running on and collaborative operation. Therefore, the Enterprise Information Network security is not only to protect the security of data in network, but also to protect the security of business running on network[4][5]. The existing theory of information security is based on data security and network security. However, in some special enterprises application environment, the security theory and security model based on data security is opposite to actual requirements of security defense. For example, in power electricity enterprise information security defense applications, one important task is to ensure the absolute security of Dispatching Automation System (which is in the highest security level). At the same time, according to requirements of production command and management in power electricity enterprise, real-time data of power grid running state must be got from dispatching data network[1]. That is, data is transferred from high-level network security to low- level network security , the key issue which leads to this problem is the two different defense objects in the dispatching data network, one is the business of dispatching automation system, and another is data in dispatching automation network. The existing theory of network security does not make a distinction between network business and network data. Therefore, network business security has become the main element in enterprise information system [10]. According to network business security defense in enterprise information network, information security based on network business security is set up, which mainly protect network business on the basis of ensuring network security and data security. Its goal is to establish security defense of network business, confidentiality and integrity constraints between network businesses which in different security level.

access it. Many believe this type of protection is of most importance to military and government organizations that need to keep plans and capabilities secret from potential enemies. However, it can also be significant to businesses that need to protect proprietary trade secrets from competitors or prevent unauthorized persons from accessing the company’s sensitive information (e.g., legal, personnel, or medical information). Privacy issues, which have received an increasing amount of attention in the past few years, place the importance of confidentiality on protecting personal information maintained in automated systems by both government agencies and private-sector organizations. Confidentiality must be well defined, and procedures for maintaining confidentiality and it must be carefully implemented, especially for standalone computers[6]. A crucial aspect of confidentiality is user identification and authentication. Positive identification of each system user is essential to ensuring the effectiveness of policies that specify who is allowed to access which data items [7].

     

III. CONFIDENTIALITY Confidentiality is the protection of information in the system so that unauthorized persons cannot ISSN: 2230-7818

3.1 Threats to Confidentiality Confidentiality can be compromised in several ways. The following are some of the most commonly encountered threats to information confidentiality. • Hackers. • Masqueraders. • Unauthorized user activity. • Unprotected downloaded files. • Local area networks (LANs). • Trojan horses.

Hackers: A hacker is someone who bypasses the system’s access controls by taking advantage of security weaknesses that the systems developers have left in the system. In addition, many hackers are adept at discovering the password of authorized users who fail to choose password that are difficult to guess or not included in the dictionary. Masqueraders: A masquerader is an authorized user of the system who has obtained the password of another user and thus gains access to files available to the other user. Masqueraders are often able to read and copy confidential files. Unauthorized User Activity: This type of activity occurs when authorized system users gain access to files that they are not authorized to access. Weak access controls often enable unauthorized access, which can compromise confidential files. Unprotected Downloaded Files: Downloading can compromise confidential information if, in the process, files are moved from the secure environment of a host computer to an unprotected microcomputer for local processing. While on the microcomputer, unattended

Page 125

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

IV.CONFIDENTIALITY ALGORITHM

4.1 Confidentiality Algorithm-f8

DIRECTION

Frame dependent input COUNT[0]…COUNT[31] Bearer identity BEARER[0]…BEARER[4] Direction of transmission DIRECTION[0] Confidentiality key CK[0]….CK[127] The number of bits to be encrypted /decrypted(1-20000) Input bit stream IBS[0]….IBS[LENGTH-1]

BEARER

LENGTH IBS

Table I- f8 Inputs

OBS

Output bit stream OBS [0]... OBS[LENGTH-1] Table II - f8 Output

4.2 Architecture and Components The key stream generator is based on the KASUM I block cipher For the 64-bit A register, set,

ISSN: 2230-7818

0x55555555555555555555555555555555 The KSB0 (the initial block of key stream produced by the key stream generator) will be set to 0. For the A register we apply one operation KASUMI A= KASUMI [A] CK ⊕KM

4.3 Key Stream Generation

The plaintext/ cipher text to be encrypted/ decrypted consists of LENGTH bits (1-20.000).The key stream generator produces key stream bits in multiples of 64 bits. Let BLOCKS to be equal to LENGTH/64 rounded up to the nearest integer. For any integer n (1≤n≤BLOCKS) Obtain KSBn= KASUMI [A⊕BLKCNT⊕KSBn-1 ]CK

Stream cipher that encrypts/decrypts blocks of data under a confidentiality key CK. The block of data may be between 1 and 20.000 bits long. f8 uses KASUMI algorithm in a form of output feedback mode as a key stream generator COUNT

Then set the counter BLKCNT to 0.The key modifier KM will be set to

Each confidentiality algorithms is based on KASUMI algorithm. KASUMI is a block cipher that produces a 64-bit output from a 64-bit input under the control of a 128-bit key[8].

A=COUNT[0].........COUNT[31]BEARER[0]............ BEARER [4] DIRECTION [0] 0…0

confidential information could be accessed by authorized users. Local Area Networks: LANs present a special confidentiality threat because data flowing through a LAN can be viewed at any node of the network, whether or not the data is addressed to that node. This is particularly significant because the unencrypted user IDs and secret passwords of users logging on to the host are subject to compromise as this data travels from the user’s node through the LAN to the host. Trojan Horses: Trojan horses can be programmed to copy confidential files to unprotected areas of the system when they are unknowingly executed by users who have authorized access to those files. Once executed, the Trojan horse becomes resident on the user’s system and can routinely copy confidential files to unprotected resources.

Where BLKCNT = n-1

The individual bits of the key stream are extracted from KSB1 to KSBBLOCKS. We define KSBn[i] = KS [((n–1)*64) + i]

for any i integer with 0≤ i ≤63 and n=1 to BLOCKS.

4.3 Encryption/Decryption These operations are identical and are performed by the exclusive OR of the input data (IBS) with the generated key stream (KS).For any integer i with 0≤ i ≤ LENGTH–1 we have OBS [i] = IBS [i] ⊕KS [i] V. INTEGRITY Integrity is the protection of system data from intentional or accidental unauthorized changes. The challenge of the security program is to ensure that data is maintained in the state that users expect. Although the security program cannot improve the accuracy of data that is put into the system by users, it can help ensure that any changes are intended and correctly applied[2]. An additional element of integrity is the

Page 126

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

A critical requirement of both commercial and government data processing is to ensure the integrity of data to prevent fraud and errors. It is imperative, therefore, that no user be able to modify data in a way that might corrupt or lose assets or financial records or render decision-making information unreliable. As with the confidentiality policy, identification and authentication of users are key elements of the information integrity policy. Integrity depends on access controls; therefore, it is necessary to positively and uniquely identify all persons who attempt access.

VI. INTEGRITY ALGORITHM-f9 Compute a Message Authentication Code (MAC) for an input message under an integrity key IK. There is no limitation on the input message length of the f9 algorithm. It is based on the block cipher KASUMI[7][8]. COUNT-I FRESH

Frame dependent input COUNTI[0]…COUNT-I[31] Random number FRESH[0]…FRESH[31] Direction of transmission DIRECTION[0] Integrity keyIK[0]…IK[127] The number of bits to be’ MAC’d Input bit stream

DIRECTION IK LENGTH MESSAGE

Protecting Against Threats to Integrity: Like confidentiality, integrity can be compromised by hackers, masqueraders, unauthorized user activity, unprotected downloaded files, LANs, and unauthorized programs (e.g., Trojan horses and viruses), because each of these threats can lead to unauthorized changes to data or programs. For example, authorized users can corrupt data and programs accidentally or intentionally if their activities on the system are not properly controlled. Three basic principles are used to establish integrity controls:

transaction and subvert it for fraudulent purposes. This principle is effective when used in conjunction with a separation of duties.

need to protect the process or program used to manipulate the data from unauthorized modification.

1. Granting access on a need-to-know basis 2. Separation of duties 3. Rotation of duties

Need-to-Know Access: Users should be granted access only to those files and programs that they need in order to perform their assigned job functions. User access to production data or source code should be further restricted through use of well-formed transactions, which ensure that users can change data only in controlled ways that maintain the integrity of data. A common element of well-formed transactions is the recording of data modifications in a log that can be reviewed later to ensure that only authorized and correct changes were made.

Table III- F9 Inputs

MAC-I

Message authentication code MACI[0]…MAC-I[31] Table IV- F9 Output

6.1 Initialization

The integrity function is initialized with the key variables before the calculation commences. The working variable are A=0 and B=0.The modifier KM is set to KM is equal to 0x AAAAAAAAAAAAAAAAAAAAAAAAAAAAA We concatenate COUNT, FRESH, MESSAGE and DIRECTION. The total length of the resulting string PS (padded string) is an integral multiple of 64 bits.

Separation of Duties: To ensure that no single employee has control of a transaction from beginning to end, two or more people should be responsible for performing it — for example, anyone allowed creating or certifying a well-formed transaction should not be allowed to execute it. Thus, a transaction cannot be manipulated for personal gain unless all persons responsible for it participate.

PS=COUNT[0]…………COUNT[31]FRESH[0]…... FRESH[31] MESSAGE[0]………………MESSAGE [LENGTH-1] DIRECTION[0]10*

Rotation of Duties: Job assignments should be changed periodically so that it is more difficult for users to collaborate to exercise complete control of a

We split the padded string PS into 64-bit blocks, Psi

ISSN: 2230-7818

0* -indicates between 0 and 63‖0‖ bits

6.2 Calculation

PS=PS0||PS1||PS2||……||PSBLOCKS-1

Page 127

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

fi(I, RKi) = FL (FO (I, KOi, KIi), KLi)

A = KASUMI [A⊕ PSn]IK B = B⊕A, where 0≤n≤BLOCKS-1 We perform one more application of KASUMI using a modified form of the integrity key IK B=KASUMI [B] IK ⊕KM the 32-bit MAC-I comprises the left most 32 bits of the result MAC-I=left half [B] for each integer i, we have

32-bit sub key KLi. The sub key is split into two 16 bit sub keys, KLi,1 and KLi ,2 where KLi= KLi,1|| KLi,2 the input data is split in two 16-bit halves, L and R, where I = L||R. now we have R' = R ⊕ROL(L ∩ KLi,1) L' = L ⊕ROL(R' U KLi,2)

Block cipher that forms the heart of the confidentiality algorithm f8, and integrity algorithm f9 and decomposes into a number of sub functions (FL, FO, FI) which are used in conjunction with associated sub keys (KL, KO, KI) and block cipher with 8 rounds. It produces a 64-bit output from a 64-bit input I, under the control of 128-bit key K. The input I is divided into two 32-bit strings L0 and R0, where I = L0||R0,for each integer i, we define

Ri= Li-1, i Li=Ri-1⊕(Li-1, RK)

Function FO: Comprises a 32-bit data input, I, and two sets of sub keys, KOi and KIi (both of 48 bits).The 32-bit data input is split in two halves, L0 and R0, where

6.3 KASUMI algorithm

This constitutes the ith round function of KASUMI Fi denotes the round function with Li-1 and round key RKi as inputs. The result output is equal to the 64-bit string (L8||R8) offered at the end of the 8th round.

6.4 Components of KASUMI

Function Fi: This function takes a 32-bit input I, and returns a 32-bit output O, under the control of a round key RKi, where the round key comprises the sub key triplet of (KLi, KOi, KIi).The function itself is constructed from two sub functions: FL and FO with associated sub keys Kli (used with FL) and sub keys Koisi Kii (used with FO). It has two different forms depending on whether it is an even round or an odd round. for rounds1,3,5 and 7 we define fi(I, RKi) = FO (FL (I, KLi), KOi, KIi)

ISSN: 2230-7818

Function FL: Comprises a 32-bit data input I and a

the output value is(L'||R') 32 bits.

MAC-I[i] =B[i] Bit B [32]....B [63] are discarded

for rounds2, 4, 6, and 8 we define

for odd rounds the round data is passed through FL function and then FO function. Even rounds it is passed through FO function and then FL function.

For each integer n, we have

I = L0|| R0

The 48-bit sub keys are subdivided into three 16-bit sub keys. KOi= KOi,1||KOi,2||KOi,3 and KI i= KI i,1||KI i,2||KI i,3

now we define

RJ = FI (LJ-1⊕KOi,J, Ki,J, ) ⊕RJ-1 and LJ = RJ-1, for each integer j, where 1 ≤ j ≤3.finally we obtain the output value. (L3||R3)-32 bits.

Function F1: Takes a 16-bit data input I and 16-bit

sub key KIi-j. The input I is split in two unequal components: L0 (9bits) and R0 (7bits), where I=L0||R0. The key KIi,j is split into a 7-bit component KI i,j,1and a 9-bit component KI i,j,2 where KI i,j= KI i,j,1|| KI i,j,2. , uses two S boxes S7 and S9,S7 transforms a 7-bit input to a 7-bit output, S9 transforms a 9-bit input to a 9-bit output. We have two additional functions: ZE (x) converts a 7-bit value x into a 9-bit value (by adding two 0 bits to the most significant end);-TR (x) converts a 9-bit value x into a 7-bit value (by discarding the two most significant bits).To obtain the output, we apply these operations L1= R0; R1= S9 [L0] ⊕ZE (R0) L2 = R1 ⊕ KI i,j,2; R2= S7[ L1]⊕TR(R1)⊕ KI i,j,1

Page 128

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

The output has this form ( L4|| R4)- 16 bits. S boxes: They may be easily implemented in combinational logic. The input x comprises either 7 or 9 bits with a corresponding number of bits in the output y x= x8||x7||x6||x5||x4||x3||x2||x1||x0

and

y= y8||y7||y6||y5||y4||y3||y2||y1||y0, -the x8, y8 and

x7, y7 only apply to S9, x0 and y0 bits are the least significant bits.

Key Schedule: KASUMI has a 128-bit key K. Each round of KASUMI uses 128 bits of key that are derived from K. before the round keys, are calculated two 16bit arrays Kj and Kj' (j=1to 8) in the following manner 1.

The 128-bit key K is sub divided into eight 16bit values,K1,…,K8, where

K= K1||K2||K3|| ........... ||K8 2.

Cipher text: 110010100000101001100000101101000010100110011 1100110100101010100 110110111111011101101000011011100100011011110 1000100000110010000 110111001000000110110000011101000000010001001 0000001001110110101 000010101011000111111110010001100101100101111 0111010001100111 Hexadecimal Representation

and

Plaintext: 100110000001101110100110100000100100110000011 0111111101100011010 101101001000010101000111001000000010100110110 1110001110110000000 100011001110001100111110001011001100001111000 0001011010111111100 000111110011110111101000101001101101110001100 1101011000111110

L3 = R2; R3= S9[L2]⊕ZE(R2) L4= S7[L3]⊕TR(R3) R4= R3

Second array of sub keys Kj' is derived from Kj by applying

Kj'= Kj⊕Cj, for 1 ≤ j≤ 8Cj

are predefined constants.

VII EXPERIMENTAL RESULT

Test Set 1

Binary Representation

Key= 110100111100010111010101100100100011001001111 1111011000100011100 010000000011010111000110011010000000101011111 0001100011011010001 Count = 00111001100010100101100110110100 Bearer = 10101 Direction = 1 Length = 253 bits ISSN: 2230-7818

Key = D3C5D592327FB11C4035C6680AF8C6D1 Count = 398A59B4 Bearer = 15 Direction = 1 Length = 253 bits Plain text: 981BA6824C1BFB1A B485472029B71D80 8CE33E2CC3C0B5FC 1F3DE8A6DC66B1F0 Cipher text: CA0A60B4299E6954 DBF7686E46F44190 DC81B074044813B5 0AB1FE46597BA338 Integrity The first test set is shown twice, once in binary format, once in hexadecimal format. This is to explicitly show the relationship between the binary data and the hexadecimal presentation. The remainder of the test sets is presented in hexadecimal format only. Test Set 1 Binary Representation Key= 001010111101011001000101100111111000001011000 1011011001100000000 100101010010110001001001000100000100100010000 0011111111101001000 Count

= 00111000101001101111000001010110

Page 129

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

Key = 2BD6459F82C5B300952C49104881FF48 Count = 38A6F056 Fresh = B8AEFDA9 Direction = 0 Length = 88 bits Message: 3332346263393861 373479

001101110011010001111001 Output: 01000110111000000000110101001011

32 KL1

32 16

KO1, KI1

FL1

Output: 46E00D4B

zero-extend

KOi,2

FL2

KL3

FO3

KOi,3

KIi,j,1

ES FO4

S9 zero-extend

KIi,3

FIi3

KL4

KO4, KI4

FL4

KL5

S7 truncate

KO5, KI5

FL5

FO5

FO6

FL6

KL7

KO7, KI7

FL7

FO7

Fig.3: FI Function

KLi,1

KLi,2

KL8

KO8, KI8 FO8

Fig.2: FO Function

KL6

KO6, KI6

truncate

KIi,2

KO3, KI3

FL3

KL2

KO2, KI2

KIi,1

FIi1

FIi2

ISSN: 2230-7818

KOi,1

FO1

FO2

Fresh = 10111000101011101111110110101001 Direction = 0 Length = 88 bits Message: 001100110011001000110100011000100110001100111 0010011100001100001 Hexadecimal Representation

FL8 bitwise AND operation

bitwise OR operation one bit left rotation

C Fig. 1: KASUMI

Fig.4: FL Function

Page 130

KIi,j,2

G. Vennila et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 2, Issue No. 2, 124 - 131

FIi,1

FIi,2

[3] YuanFei Huang, LiYong Ji, LiPing Jin. Investigation of Network Information Security Situation and Hot Issues[J]. Telecommunications Science, 2009. [4] Chao Li. Simple Exploration of Network Information Security [J]. Scientific & Technological Information Development and Economic, 2009. [5] D. E. Bell, L. LaPaDula. Secure Computer Systems: Mathematical Foundations and Model[J]. Technical Report M74 244, Mitre Corp. , Bedford, MA, May 1973.

FIi,3

Fig.6: FO Function

V.CONCLUSION

[7] Guang Qiong Wang. Comprehensive Study of Access Control Based on GFAC[J]. Journal of An Qing Teachers College,2004 .

Fig.5: FI Function

[6] R. Sandhu, V. Bhamidipati, E. Coyne. The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline. In Proceedings of Second ACM Workshop on RoleBased Access Control, Fairfax, Virginia, 1997:41~49.

On the basis of research on actual needs and current application status of enterprise information network system, this paper has proposed the ― network business security‖ algorithm and research on information security, dividing protection object of information security into data security, network security and network business security. New information security concept considers network business security as an important protection object in Enterprise Information Network, well explaining special problems in Enterprise Information Systems. This paper specifically addresses the solution of network business security and gives the formal description of network business security threats, providing practical based for security development and planning of Enterprise Information System.

[8] TS 55.216: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and the GEA3 Encryption Algorithm for GPRS; Document 1: A5/3 and GEA3 Specifications". [9] ISO/IEC 9797-1:1999: "Information technology – Security techniques – Message Authentication Codes.

[10] Wu Kehe, Zhang Tong, Li Wei, Ma Gang[2009] ― Security Model Based on Network Business Security ‖ international conference on computer technology and development.

REFERENCES

[1]] Niemi, V. and Nyberg, K. (2006) Confidentiality and Integrity Algorithms, in Universal Mobile Telecommunications System Security, John Wiley & Sons, Ltd, Chichester, UK. [2]. Kostas Marinis, Nikos K. Moshopoulos, Fotis Karoubalis and Kiamal Z. Pekmestzi ― On the Hardware Implementation of the 3GPP Confidentiality and Integrity Algorithms‖.

ISSN: 2230-7818

Page 131