A Project Report on

Efficient Authentication For Mobile And Pervasive Computing

Project Report Submitted to
Shri Guru Gobind Singhji Institute of Engineering and Technology, Vishnupuri,

Nanded.

For the partial fulfillment of the requirements of award of the degree of

Bachelor of Technology
In

Computer Science and Engineering

Submitted by

Mr. MANJOTSINGH CHUG (2013BCS154)

Mr. FAIZAN AHMED (2014BCS602)

Under Guidance Of

Ms. P.B.BHOSALE
Department of Computer Science and Engineering
Shri Guru Gobind Singhji Institute of Engineering & Technology,
Vishnupuri, Nanded-431606 (M.S) India
(May, 2017) Nanded-431 606
 SGGS Institute of Engineering and Technology, Vishnupuri, Nanded

CERTIFICATE
This is to certify that the report entitled Efficient Authentication For Mobile And
Pervasive Computing submitted by Mr. Chug Manjotsingh(2013BCS154) and Mr.
Faizan Ahmed (2013BCS602) in the partial fulfillment of the requirement for the award of
degree of Bachelor of Technology in Electrical Engineering of Shri Guru Gobind Singhji
Institute of Engineering & Technology Nanded, affiliated to the Swami Ramanand Teerth
Marathwada University, is a record of their own work.

Ms. P.B.Bhosale Prof. P. S. Nalwade

Project Guide Head of Dept.

Department of Computer Department of Computer

Science and Engineering Science and Engineering

External Examiners:

____________________

____________________

Date:15/05/ 2017
Place: Nanded
 DECLARATION

We hereby declare that this written submission or report entitled Efficient

Authentication For Mobile And Pervasive Computing represents our ideas in our own
words and where others' ideas or words have been included, we have adequately cited and
referenced the original sources. We also declare that we have adhered to all principles of
academic honesty and integrity and have not misrepresented or fabricated or falsified any
idea/data/fact/source in our submission. We understand that any violation of the above will be
cause for disciplinary action by the Institute and can also evoke penal action from the sources
which have thus not been properly cited or from whom proper permission has not been taken
when needed.

Date: 15/05/ 2017

Place: Nanded

Mr. Chug Manjotsingh (2013BCS154)

Mr. Faizan Ahmed (2013BCS602)
 ACKNOWLEDGEMENT

The guidance and final outcome of the project Efficient Authentication For Mobile
And Pervasive Computing required a lot of guidance and assistance from many people and
we are extremely fortunate to have got this all along the completion of our project work.
Whatever we have done, is only due to such guidance and assistance and we would not forget
to thank them.
We respect and thank Prof. P.S.Nalwade, Head, Department of Computer Science
and Engineering for giving us opportunity to select project topics of our interest and providing
us support and suggestions during this project work.
We owe profound gratitude to Ms. P.B.Bhosale, our Project Guide, who took keen
interest in our project work and guided us all along, till the completion of our project by
providing all the necessary information for developing a good system despite of his busy
schedule.
We are thankful to and fortunate enough to get constant encouragement, support and
guidance from all Teaching staff of Department of Computer Science and Engineering which
helped us in successfully completing our project work. Also, we would like to extend our
sincere regards to all the non-teaching staff of Department of Computer Science and
Engineering for their timely support.We would also like to extend our gratitude to our friends,
whose knowledge and help was the pioneer reason for us to be successful during experimental
work, despite of our skeptic attitude.

Mr. Chug Manjotsingh

Mr. Faizan Ahmed
 ABSTRACT

With todays technology, many applications rely on the existence of small devices that can
exchange information and form communication networks. In a significant portion of such
applications, the confidentiality and integrity of the communicated messages are of particular
interest. In this project, we will use a novel technique for authenticating short encrypted
messages that are directed to meet the requirements of mobile and pervasive applications. By
taking advantage of the fact that the message to be authenticated must also be encrypted, we
will use provably secure authentication codes that are more efficient than any message
authentication code in the literature. The key idea behind this technique is to append a short
random string to the plaintext message before encryption to facilitate a more efficient
authentication.
Chapter 1
Introduction

The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system
resources (includes hardware, software, firmware, information/ data, and telecommunications.
The common vulnerability that exists in both wired and wireless networks is an unauthorized
access to a network. An attacker can connect his device to a network though unsecure
hub/switch port. In this regard, wireless network are considered less secure than wired
network, because wireless network can be easily accessed without any physical connection.
After accessing, an attacker can exploit this vulnerability to launch attacks such as: Sniffing
the packet data to steal valuable information. Denial of service to legitimate users on a
network by flooding the network medium with spurious packets. Spoofing physical identities
(MAC) of legitimate hosts and then stealing data or further launching a man-in-the-middle
attack.

Message Authentication

In information security, message authentication or data origin authentication is a property that

a message has not been modified while in transit (data integrity) and that the receiving party
can verify the source of the message. Message authentication does not necessarily include the
property of non-repudiation.

Message authentication is typically achieved by using message authentication

codes (MACs), authenticated encryption (AE) or digital signatures. Some cryptographers
distinguish between "message authentication without secrecy" systems -- which allow the
intended receiver to verify the source of the message, but don't bother hiding the plaintext
contents of the message -- from authenticated encryption systems. A few cryptographers have
researched subliminal channel systems that send messages that appear to use a "message
authentication without secrecy" system, but in fact also transmit a secret message.

1
 Data Integrity

Integrity of information refers to protecting information from being modified by unauthorized

parties. The validity of a transmitted message. It deals with methods that ensure that the
contents of a message have not been tampered with and altered. The most common approach
is to use a one-way hash function that combines all the bytes in the message with a secret key
and produces a message digest that is impossible to reverse. Integrity checking is one
component of an information security program. Several aspects of integrity are illustrated by
the example of a hospital patients allergy information stored in a database .The doctor should
be able to trust that the information is correct and current.
Now suppose that an employee (e.g., a nurse) who is authorized to view and update this
information deliberately falsifies the data to cause harm to the hospital. The database needs to
be restored to a trusted basis quickly, and it should be possible to trace the error back to the
person responsible. Patient allergy information is an example of an asset with a high
requirement for integrity. Inaccurate information could result in serious harm or death to a
patient and expose the hospital to massive liability.

Message Confidentiality

Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure

confidentiality are designed to prevent sensitive information from reaching the wrong people,
while making sure that the right people can in fact get it: Access must be restricted to those
authorized to view the data in question. It is common, as well, for data to be categorized
according to the amount and type of damage that could be done should it fall into unintended
hands. More or less stringent measures can then be implemented according to those
categories.

Sometimes safeguarding data confidentiality may involve special training for those privy to
such documents. Such training would typically include security risks that could threaten this
information. Training can help familiarize authorized people with risk factors and how to
guard against them. Further aspects of training can include strong passwords and password-

related best practices and information about social engineering methods, to prevent them
from bending data-handling rules with good intentions and potentially disastrous results.A
good example of methods used to ensure confidentiality is an account number or routing
number when banking online. Data encryption is a common method of ensuring
confidentiality. User IDs and passwords constitute a standard procedure; two-
factor authentication is becoming the norm. Other options include biometric
verification and security tokens, key fobs or soft tokens. In addition, users can take
precautions to minimize the number of places where the information appears and the number
of times it is actually transmitted to complete a required transaction. Extra measures might be
taken in the case of extremely sensitive documents, precautions such as storing only on air
gapped computers, disconnected storage devices or, for highly sensitive information, in hard
copy form only.

Security Attacks:

A useful means of classifying security attacks, used both in X.800 and RFC 4949, is in terms
of passive attacks and active attacks (Figure 1.1). A passive attack attempts to learn or make
use of information from the system but does not affect system resources. An active attacks
attempts to alter system resources or affect their operation.

Passive Attacks

Passive attacks (Figure 1.1) are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are the release of message contents and traffic analysis.
The release of message contents is easily understood. A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive orconfidential information. We
would like to prevent an opponent from learning the contents of these transmissions.A second
type of passive attack, traffic analysis, is subtler. Suppose that we had a way of masking the
contents of messages or other information traffic so that opponents, even if they captured the
message, could not extract the information from the message. The common technique for
masking contents is encryption. If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages. The opponent could determine the
location and identity of communicating hosts and could observe the frequency and length of
messages being exchanged. This information might be useful in guessing the nature of the

communication that was taking place.

Passive attacks are very difficult to detect, because they do not involve any alteration of the
data. Typically, the message traffic is sent and received in an apparently normal fashion, and
neither the sender nor receiver is aware that a third party has read the messages or observed
the traffic pattern. However, it is feasible to prevent the success of these attacks, usually by
means of encryption. Thus, the emphasis in dealing with passive attacks is on prevention
rather than detection.
Active Attacks

Active attacks (Figure 1.1b) involve some modification of the data stream or the creation of a
false stream and can be subdivided into four categories: masquerade, replay, modification of
messages, and denial of service. A masquerade takes place when one entity pretends to be a
different entity (path 2 of Figure 1.1b is active). A masquerade attack usually includes one of
the other forms of active attack. For example, authentication sequences can be captured and
replayed after a valid authentication sequence has taken place, thus enabling an authorized
entity with few privileges to obtain extra privileges by impersonating an entity that has those
privileges.

Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect (paths 1, 2, and 3 active). Modification of messages simply
means that some portion of a legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect (paths 1 and 2 active). For example, a message
meaning Allow John Smith to read confidential file accounts is modified to mean Allow
Fred Brown to read confidential file accounts.

The denial of service prevents or inhibits the normal use or management of communications
facilities (path 3 active). This attack may have a specific target; for example, an entity may
suppress all messages directed to a particular destination (e.g., the security audit service).
Another form of service denial is the disruption of an entire network, either by disabling the
network or by overloading it with messages so as to degrade performance.

Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks
are difficult to detect, measures are available to prevent their success. On the other hand, it is
quite difficult to prevent active attacks absolutely because of the wide variety of potential
physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and
to recover from any disruption or delays caused by them. If the detection has a deterrent
effect, it may also contribute to prevention.
Chapter 2

DES

Overview

DES is a block cipher, as shown in Fig. 6.1.

At the encryption site, DES takes a 64-bit plaintext and creates a 64-bit ciphertext; at the
decryption site, DES takes a 64-bit ciphertext and creates a 64-bit block of plaintext. The
same 56-bit cipher key is used for both encryption and decryption.

DES STRUCTURE

Let us concentrate on encryption; later we will discuss decryption. The encryption process is
made of

two permutations (P-boxes), which we call initial and fi nal permutations, and sixteen Feistel
rounds.

Each round uses a different 48-bit round key generated from the cipher key according to a
predefi ned

algorithm described later in the chapter. Figure 6.2 shows the elements of DES cipher at the
encryption

site.
Initial and Final Permutations

Figure 6.3 shows the initial and fi nal permutations (P-boxes). Each of these permutations
takes a 64-bit

input and permutes them according to a predefi ned rule. We have shown only a few input
ports and the

corresponding output ports. These permutations are keyless straight permutations that are the
inverse of

each other. For example, in the initial permutation, the 58th bit in the input becomes the fi rst
bit in the

output. Similarly, in the fi nal permutation, the fi rst bit in the input becomes the 58th bit in
the output. In

other words, if the rounds between these two permutations do not exist, the 58th bit entering
the initial

permutation is the same as the 58th bit leaving the fi nal permutation.
The permutation rules for these P-boxes are shown in Table 6.1. Each side of the table can be
thought

of as a 64-element array. Note that, as with any permutation table we have discussed so far,
the value

of each element defi nes the input port number, and the order (index) of the element defi nes
the output

port number.

Rounds

DES uses 16 rounds. Each round of DES is a Feistel cipher, as shown in Fig. 6.4.
The round takes LI1 and RI1 from previous round (or the initial permutation box) and
creates LI and

RI, which go to the next round (or fi nal permutation box). As we discussed in Chapter 5, we
can assume

that each round has two cipher elements (mixer and swapper). Each of these elements is
invertible.

The swapper is obviously invertible. It swaps the left half of the text with the right half. The
mixer is

invertible because of the XOR operation. All noninvertible elements are collected inside the
function f (RI1, KI).

DES Function:

The heart of DES is the DES function. The DES

function applies a 48-bit key to the rightmost 32 bits

(RI1) to produce a 32-bit output. This function is

made up of four sections: an expansion D-box, a

whitener (that adds key), a group of S-boxes, and a

straight D-box as shown in Fig. 6.5.

Expansion D-box Since RI1 is a 32-bit input and

KI is a 48-bit key, we fi rst need to expand RI1 to

48 bits. RI1 is divided into 8 4-bit sections. Each 4-bit

section is then expanded to 6 bits. This expansion

permutation follows a predetermined rule. For each

section, input bits 1, 2, 3, and 4 are copied to output

bits 2, 3, 4, and 5, respectively. Output bit 1 comes

from bit 4 of the previous section; output bit 6 comes

from bit 1 of the next section. If sections 1 and 8 can be considered adjacent sections, the
same rule applies

to bits 1 and 32. Fig. 6.6 shows the input and output in the expansion permutation.
KEYGEN:

Key Generation The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher
key.

However, the cipher key is normally given as a 64-bit key in which 8 extra bits are the parity
bits, which

are dropped before the actual key-generation process, as shown in Fig. 6.10.

Cipher and Reverse Cipher

Using mixers and swappers, we can create the cipher and reverse cipher, each having 16
rounds. The

cipher is used at the encryption site; the reverse cipher is used at the decryption site. The
whole idea is

to make the cipher and the reverse cipher algorithms similar.

First Approach To achieve this goal, one approach is to make the last round (round 16)
different

from the others; it has only a mixer and no swapper. This is done in Figure 6.9.

Although the rounds are not aligned, the elements (mixer or swapper) are aligned. We proved
in

Chapter 5 that a mixer is a self-inverse; so is a swapper. The fi nal and initial permutations are
also

inverses of each other. The left section of the plaintext at the encryption site, L0, is enciphered
as L16 at

the encryption site; L16 at the decryption is deciphered as L0 at the decryption site. The
situation is the

same with R0 and R16.

A very important point we need to remember about the ciphers is that the round keys (K1 to
K16)

should be applied in the reverse order. At the encryption site, round 1 uses K1 and round 16
uses K16; at

the decryption site, round 1 uses K16 and round 16 uses K1.
Alternative Approach In the fi rst approach, round 16 is different from other rounds; there is
no

swapper in this round. This is needed to make the last mixer in the cipher and the fi rst mixer
in the reverse

cipher aligned. We can make all 16 rounds the same by including one swapper to the 16th
round

and add an extra swapper after that (two swappers cancel the effect of each other).

SECURITY OF DES:

DES, as the fi rst important block cipher, has gone through much scrutiny. Among the
attempted attacks,

three are of interest: brute-force, differential cryptanalysis, and linear cryptanalysis.

Brute-Force Attack

We have discussed the weakness of short cipher key in DES. Combining this weakness with
the key

complement weakness, it is clear that DES can be broken using 255 encryptions. However,
today most

applications use either 3DES with two keys (key size of 112) or 3DES with three keys (key
size of 168).

These two multiple-DES versions make DES resistant to brute-force attacks.

Differential Cryptanalysis

We discussed the technique of differential cryptanalysis on modern block ciphers in Chapter

5. DES

is not immune to that kind of attack. However, it has been revealed that the designers of DES
already

knew about this type of attack and designed S-boxes and chose 16 as the number of rounds to
make

DES specifi cally resistant to this type of attack. Today, it has been shown that DES can be
broken

using differential cryptanalysis if we have 247 chosen plaintexts or 255 known plaintexts.
Although this

looks more effi cient than a brute-force attack, fi nding 247 chosen plaintexts or 255 know
plaintexts is

impractical. Therefore, we can say that DES is resistant to differential cryptanalysis. It has
also been

shown that increasing the number of rounds to 20 require more than 264 chosen plaintexts for
this attack,

which is impossible because the possible number of plaintext blocks in DES is only 264.

Linear Cryptanalysis

We discussed the technique of linear cryptanalysis on modern block ciphers in Chapter 5.

Linear

cryptanalysis is newer than differential cryptanalysis. DES is more vulnerable to linear

cryptanalysis

than to differential cryptanalysis, probably because this type of attack was not known to the
designers of
DES. S-boxes are not very resistant to linear cryptanalysis. It has been shown that DES can be
broken

using 243 pairs of known plaintexts. However, from the practical point of view, fi nding so
many pairs

is very unlikely.