A Message Passing Interface with Enhancement Security for Untrusted Network

A Message Passing Interface with Enhancement Security for Untrusted Network

A Message Passing Interface with Enhancement Security for Untrusted Network

Sharanabasava Potaraj Girish G.S

M.Tech Student Associate Professor

Department of CSE Department of ISE

VTU, BNM Institute of Technology VTU, BNM Institute of Technology

Bangalore, India Bangalore, India

sharanu.061@gmail.com girisha_gs@yahoo.com

Abstract

An increasing number of clusters are connected to each other by internet, which creates a potential threat for security over unsecured network. The paper addresses this kind of security issue. To solve this security issue, the system concentrating on message passing interface(MPI). Which is the most popular protocol for parallel computation. The system integrated symmetric and asymmetric algorithms with encryption/decryption in to the MPICH2 library with MPI standard. The library performs key generation, key exchange and data transfer without using any additional codes. The overhead incurred by the confidentiality services in ES-MPICH2 is marginal for small messages. The security overhead in ES-MPICH2 becomes more pronounced with larger messages.

Keywords-Symmetric algorithm, Asymmetric algorithm, Encryption, Decryption, TCP/IP protocol, MPICH2(Message Passing Interface Channel-2), OS(Output stream), IS(Input stream).

1. Since there is a fast improvement of the internet, an increasing number of organizations and companies are connecting their computing systems over public network for the better accessibility. Those computing nodes connecting to the public network can be accessed by anyone from anywhere. Data processed in a public network is accessed among a group of users by the virtue of message passing protocols (e.g., message passing interface-MPI) or secured data transmitted among computing nodes[1].

   Preserving data confidentiality in a message passing environment over an untrusted network is critical for a wide spectrum of security-aware MPI applications, because unauthorized access to the security-sensitive

   messages by untrusted processes can lead to serious security breaches. It is a nontrivial and challenging problem to offer confidentiality services for large- scale distributed clusters, because there is an open accessible nature of the open networks. Hence, it is imperative to protect confidentiality of messages exchanged among a group of trusted processes. Maintaining data security in a message passing over an unsecured network is critical for a wide spectrum of security-aware MPI applications, because unauthorized access to the security-sensitive messages by unsecured network can lead to serious security threats. Therefore, it is necessary to protect confidentiality of messages exchanged among a group of trusted processes. It is a difficult and challenging problem to offer security services for wide scale shared computing nodes, since there is an open accessible nature of the networks. To handle this issue, we enhanced the security of the MPI protocol by encrypting and decrypting messages sent and received among nodes connecting to the public network. The system concentrated on MPI protocol, since MPI is one of the well known communication protocols for cluster computing environments. More Number of scientific and other applications are running on public network were developed using the MPI protocol. Over most of MPI design, MPICH2 developed by the Argonne National Laboratory[2]. The design goal of MPICH2 is to combine portability with high performance. The system incorporated encryption algorithms into the MPICH2 library. Therefore, the data confidentiality of MPI can be readily preserved without the change of the source codes of the MPI applications. The communications of a conventional MPI program can be secured without altering the corresponding version, since it provides a security enhanced MPI-library with the standard MPI interface.

2. EXISTING SYSTEM:

   At present system the socket is connected from input stream of server to the out put stream of the client

   and input stream of client to the output stream of server. The data which is to be sent at the input stream of server is reached to the out put stream of client and vice versa. There is no security for the data. The data transmission is happened through the port numbers. The present system does not provide any security to TCP/IP layer. Since it does not incorporate symmetric and asymmetric encryption/decryption algorithm. The TCP/IP channel simply forward the data from server to client. Hence it is prone to threats.

   The existing system of a data exchange between server and destination is shown in the figure 1.

   Fig 1. Block diagram of Existing System

3. The proposed system implements MPI (Message Passing Interface) to offer data confidentiality for secure network communications in message passing environments. The security technique incorporated in the MPICH library can be very useful for protecting data transmitted in open networks like the Internet. It provides safe and secure transmission with security by the library functions.

   The MPICH mechanism allows application programmers to easily write secure MPI applications

   without additional code for data confidentiality protection. It seeks a channel level solution in which encryption and decryption functions are included into the MPICH library. The MPICH maintains a standard MPI interface to exchange messages while preserving data confidentiality. The existing system does not provide security for the TCP/IP protocol in socket level. The proposed system we are binding TCP/IP link by using symmetric and asymmetric encryption/decryption algorithms. The MPI APIs are used as interface to transfer the data between source and destination as shown in the figure 2.

   The symmetric algorithm uses three types of algorithms such as AES, DES and 3DES. The user can select any of the algorithms for encryption. The data is encrypted in the source side and transferred the data in to cipher text and again in the receiver side it is decrypted into the plain text by using the same algorithm. The symmetric algorithm uses three types of algorithms such as AES, DES and 3DES. The user can select any of the algorithms for encryption. The data is encrypted in the source side and transferred the data in to cipher text and again in the receiver side it is decrypted into the plain text by using the same algorithm. The symmetric algorithm provides both private and public key.

   Fig 2. Block diagram of Proposed System

   If the user wish to send the data by using the asymmetric algorithm, the system provides asymmetric algorithms too. The user can use asymmetric algorithms such as RSA algorithm and RSA with padding for encryption and decryption. The asymmetric algorithm provides only secrete key rather than private and public key.

4. Fig. 3 Architecture of the proposed system.

   The TCP/IP layer is bounded by security layer. Which performs symmetric and asymmetric encryption and decryption. This symmetric layer cover a wrapper over TCP/IP layer. Hence it provides security to the data. The APIs(Application Programming Interfaces) provides set of predefined instructions. These instructions are built in library functions. These library functions only performs the all set of operations such as encryption, decryption, key generation, key exchange and data transfer as explained above.

5. The symmetric and asymmetric algorithms such as AES, DES, 3DES, RSA and RSA with padding are so fexible so these algorithms can be used as general pupose. This is shown in the figure 4.

   The client is waiting for request from the server, when server send the request to the client, it receive the request and sends back the acknowledgement to the server. Later performs the data transmission between client and server. After completion of the data transmission data sends the disconnection message to the client. When the client sends the ackowledgement for link disconnection. The link get disconnected. Further no more ccommunication occurred.

   Fig 4. Working of the proposed system.

   The proposed system built with a message passing interface that encapsulates the unsecured TPC/IP Layer with a secure layer that involves both symmetric and asymmetric crypto security to TCP/IP Protocol. The implemented MPICH2 frame work provides an APIs that enables application programmers to selectively choose any crypto graphical algorithm and symmetric key in MPICH2. This feature makes it possible for programmers to easily and fully control the security services incorporated in the MPICH library. To demonstrate this feature, It is incorporated AES, DES Symmetric Key Encryption/Decryption and RSA Asymmetric Encryption/Decryption in MPICH2. The APIs that is free from key generation, key exchange and provides both symmetric/asymmetric encryption/decryption. This allows users to readily include these APIs for secure message passing system. To demonstrate the working of these APIs, we can show the library that adds a security layer over TCP/IP APIs and to show the working of the library we build a secure file transfer application that include hashing for integrity. The application demonstrates the file transfer that includes both symmetric cryptography and asymmetric cryptography. We also enhance of work to include hashing algorithm for data corruption

   check while transfer. The System provides all these feature via MPI.

6. There are four important results has been observed. They are

   1. Security is provided at the socket level.

   2. MPI APIs replaced large number of codes.

   3. Working of MPI library functions are confirmed.

   4. Library functions performed all the operations such as encryption, decryption, key generation, key exchange and data transmisiion.

The existing methode does not provide security in the socket level. It requires many modules to provide the security. That is, it requires different modules for each operation such as key generation, key exchange and data ransfer. The present present system doesnot provide encryption and decryption. The proposed system built with the library functions. Which performs enccryption, decryption, key generation, key exchange and data transfer only by using library functions through APIs. APIs are the single line of code which performs the all the above operations using library functions. In this way the system securing the data in socket level. In the present paper we have concentrated only on TCP/IP link. It can be extended to the UDP also. And any one can build further libraries for other features by using these library functions. Those are the aspects of future enhancement.

1. Xiaojun Ruan, Qing Yang, Mohammed I. Alghamdi, Shu Yin, and Xiao Qin, ES-MPICH2: A Message Passing Interface, IEEE Transactions On Dependable And Secure Computing, Vol. 9, No. 3, May/June 2012

2. W. Gropp, E. Lusk, N. Doss, and A. Skjellum, A High-Performance, Portable Implementation of the Mpi Message Passing Interface Standard,Parallel Computing, vol. 22, no. 6, pp. 789-828, 1996.

3. D.S. Wong, H.H. Fuentes, and A.H. Chan, The Performance Measurement of Cryptographic Primitives on Palm Devices,Proc. 17th Ann.

   Computer Security Applications Conf. (ACSAC), pp. 92-101, 2001.

4. I. Foster, N.T. Karonis, C. Kesselman, G. Koenig, and S.Tuecke, A Secure Communications Infrastructure for High-Performance Distributed Computing,Proc. IEEE Sixth Symp. High Performance Distributed Computing,pp. 125-136, 1996.

5. R. Grabner, F. Mietke, and W. Rehm, Implementing an mpich-2 Channel Device over Vapi on Infiniband,Proc. 18th Intl Parallel and Distributed Processing Symp.,p. 184, Apr. 2004.

6. M. Lee and E.J. Kim, A Comprehensive Framework for Enhancing Security in Infiniband Architecture, IEEE Trans. Parallel Distributed Systems,vol. 18, no. 10, pp. 1393-1406, Oct. 2007.