An Encounter-Based Approach for Improving Security and Privacy in Tor Network

An Encounter-Based Approach for Improving Security and Privacy in Tor Network

B. Suganya1, J. VijiPriya2

1Ratnavel Subramaniam College of Engineering and Technology, RVS Nagar, Dindigul.

2Professor, Ratnavel Subramaniam College of Engineering and Technology, RVS Nagar, Dindigul.

Abstract Mobile social networks are attractive applications which composed of a collection of different users from different countries. On that, the group of users can share personal information and stay connected with the some of the users. Due to the lack of security infrastructure, the eavesdropper may intrude the conversation. In order to provide secure communication on mobile social networks an encounter-based system with Attribute Based Encryption (EBS-ABE) is proposed. The proposed method provides efficient and secure communication with the proper security mechanisms. The Digital Signature Algorithm (DSA) is used for key generation. The key exchange mechanism is used to know about the authenticated users. An attribute-based encryption (ABE) scheme is proposed for providing additional security. Also Tor network is built for enabling online anonymity. The performance of the proposed EBS is tested based on memory usage, execution time and delay rate. The experimental results obviously shows that the proposed method performs well than the existing Encounter Based System (EBS).

Index Terms Attribute-Based Encryption (ABE) Digital Signature Algorithm (DSA), Encounter-based, Key exchange, Mobile Social Networks, and Tor network

1. INTRODUCTION

   Mobile social networking is social networking where individuals with similar interests converse and connect with one another through their mobile phone or tablet. Much like web-based social networking, mobile social networking occurs in virtual communities. Social Network Sites (SNS) allow the users to broadcast the information and digital content across the mobile social networks. These services treat all the social network users contacts equally. Social networking sites like Twitter, LinkedIn, and Twitter etc have been increasingly gaining popularity. Moreover, Face book has been reporting growth rates as high as 3% per week [1]. There are significant security and privacy problems are present in most of the existing mobile social network systems. Because, these systems lack with the security and privacy metrics for secure communication.

   Encounter-based social networks provide a computing infrastructure to allow for construction of varied services such as a some missed connections or real time key distribution to provide secure communication. At first look, encounter-based systems appear similar to the existing social networks. It provides different challenges for security and privacy of users and authenticity of the other user in a conversation. To provide

   a secure environment, public key infrastructure (PKI) is needed. A PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of CA. The PKI role assures the binding is called the registration authority (RA), which ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation. PKI consists of five important concepts. 1. Central authority (CA) that issues and verifies the digital certificates. 2. Registration authority (RA) verifies the identity of users requesting information from the CA. 3. Central directory is a secure location to store and index keys. 4. Central management system and 5. Certificate policy.

   Fig.1 Public key infrastructure for secure communication

   In this paper, an encounter-based system is proposed to provide efficient and secure communication in the mobile social networks. For that, a public key infrastructure is maintained in the conversation between two authenticated users. So that the eavesdropper cant receive the message, instead the eavesdropper may modify the message. But, the authenticated user can identify with the help of security mechanisms. The Digital Signature Algorithm is used for key generation. It computes the public and private keys for each user to initialize the secure conversation. Tor network is incorporated in this proposed method. The Tor network is used

   for enabling online anonymity. Tor directs internet traffic through a free, worldwide, volunteer network consisting of more than four thousand relays to conceal a users location or usage from anyone conducting network surveillance or traffic analysis. Tor indented to protect the personal privacy of users as well their freedom and ability to conduct confidential business by keeping their internet activities from being monitored.

   The rest of the paper is organized as follows. Section II presents a description about the previous research which is relevant to the techniques used on secure social mobile networks. Section III involves the detailed description about the proposed method. Section IV presents the performance analysis. This paper concludes in Section V.

2. RELATED WORK

   Haojin et al proposed a secure friend discovery process as a generalized privacy-preserving interest and profile matching problem. A blind vector transformation technique was used to hide the correlation between the original vector and transformed results. This method allows one party to match its interest with the profile of another without revealing its real interest and profile [2]. Kui et al presented the fundamental and general framework of the PHY-based key generation schemes and categorize them into two classes namely received-signal-strength based and channel-phase-based protocols [3]. Zhang et al presented a security and privacy design challenges which were brought by the core functionalities of the Online Social Networks (OSNs) [4]. Zhang proposed an approach to provide a solution for privacy- preserving collaborative social-network problem [5]. Ying et al proposed an edge-based graph randomization approach to protect the sensitive links. The theoretical studies and empirical evaluations were made with the different similarity measures to improve their confidence and accuracy of predicted sensitive links between nodes [6].

   Wasef et al proposed a complementary security mechanism that can meet the security requirements. Because, the denial of service (DOS) attacks had severe consequences on network availability. Here, the security ,mechanisms was proposed to mitigate the effect of DOS attacks in Vehicular Ad hoc Networks (VANETs) [7]. Rongxing et al proposed a dynamic privacy-preserving key management scheme called DIKE. A privacy-preserving authentication technique was introduced. This technique not only provides the vehicle users anonymous authentication but also enables the double-registration

   the largest possible rate with the cooperation of any remaining terminals [10]. Nagy et al proposed a PeerShare system. It can be used by applications to securely distribute sensitive data to social contacts of a user. A generic framework was incorporated to distribute data among different applications with authenticity and confidentiality. It was designed to be easy for both the end users and the developers of applications [11]. Masoumzadeh et al proposed two methods to enhance perturbing anonymization methods. It is based on the concepts of the structural roles and edges between social networks [12].

   Li et al proposed a technique called FindU. FindU had a set of privacy preserving profile matching shemes for proximity based mobile social networks. An initiating user can find from a group of users to limit the risk of privacy exposure. Here, only the necessary and minimal information about the private attributes of the participating users was exchanged. Also, two increasing levels of user privacy were defined, with reduced amount of revealed profile information. The set of rules were developed to realize each of the user privacy levels, which can also be personalized by the users [13]. Perrig et al proposed a SafeSlinger approach. It leverages the proliferation of smartphones to enable people to securely and privately exchange their public keys. SafeSlinger establishes a secure channel offering secrecy and authenticity to support secure messaging and file exchange. An abstraction was supported to safely sling information from one device to another [14]. Isdal et al presented a design point in tradeoff between privacy and performance technique called OneSwarm. It provides users much better privacy than BitTorrent. The key aspect of this design was users explicitly configure control over the amount of trust. Here, the same data can be shared publicly or with access control with both trusted and untrusted peers [15].

3. ENCOUNTER BASED SYSTEM WITH ATTRIBUTE BASED ENCRYPTION (EBS-ABE)

   An encounter-based system is proposed for efficient and secure communication on the mobile social networks. Tor network with RSA algorithm are used for secure and authenticated communication. The following section describes about the secure conversation process in detail.

   1. Key Generation-DSA

      Key generation is the process of generating keys for secure environment. A generated key is used to encrypt and decrypt the data is being encrypted/decrypted. Here, DSA is used as a key generation algorithm.

      detection. Also, the location based services (LBS) session key

      update procedures were presented [8]. The LBS session was divided into several time slots, each time slot holds a different session key. A dynamic threshold technique was incorporated to achieve the session keys backward secrecy. Ray et al proposed a secure framework that allows interaction of social network information with LBS without compromising uer privacy and security. This framework allows LBS to query its vicinity for relevant information without disclosing under identity [9].

      Nitinawarat et al proposed explicit algorithm for secret key generation which was based on a maximal packing of Steiner trees in a multigraph. The goal of this approach was to generate a secret key shared by a given subset of terminals at

      Algorithm–DSA

      Step1: //Parameter generation steps

      1. Choose san approved cryptographic hash function H.

      2. Decide the key length l and n

      3. Chose n-bit prime b. n must be less than or equal to the hash output length.

      4. Choose n-bit prime modulus a such that a-1 is a multiple of b

      5. Choose d whose multiplicative order modulo a is b

         Here, = ( 1) for some arbitrary h (1<h<a-1). The variables (a, b, d) may be shared between different users Step2: //Public and private key computation

         1. Choose random integer p, where 0 <p < b

            2. Calculate =

            3. Now, the public key is (a, b, d, q) and the private key is p

            Step3: //Signing

            1. Generate a random per-message value l where 0 < l < b

            2. Find =

            3. If x=0 then start again with some other random l

            4. Find = 1 +

            1. If y=0 then start again with some other random l

            2. Return signature (x ,y)

            Step4: //Verifying

            1. Reject the signature if 0 < x < b or 0 < y < b is not satisfied

            2. Find = 1

            3. Find 1 = .

            4. Find 1 = .

            5. Find = 1 2

            1. If u = x

               1. The signature is valid

            The algorithm explains the complete key generation process of DSA algorithm. It incorporates four major steps. i.e parameter generation, public and private key computation, signing and verifying the signatures. With the sender message, additionally

            of the system.

            an image is also converted into hash code to provide a higher level of privacy.

   2. Central Authority

      The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows other parties to depend upon signatures or assertions made by the private key that corresponds to the public key that is certified. The matching private keys are not made available publicly, but kept secret by the end user who generated the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the server or other entity noted on the certificate. After key generation, the keys are exchanged between the sender and the receiver.

      1. Immediate key exchange

         In this key exchange scenario, the user selects the picture based on their willingness. Then compose an encounter key with the public key. The resulting message can be broadcasted. Each user in the vicinity will detect the transmission and try to decrypt it. But, only the targeted user can be able to decrypt the message properly and thus recover the encounter key. Further, this key will be used to exchange the private messages at the rendezvous point. This process avoids the rendezvous server and colluding adversaries from determining which two users are communicating. Also, timed release encryption is used to hide the contents of the message even from its recipient until the encounter is over.

         Sends message with image

         Sender

         Key Generation

         Central Authority

         Key Exchange

         Certificate Verification

         Key Verification

         Attribute Based Encryption

         TOR network

         Receiver

         Fig.2. Flow of the proposed system

      2. Delayed key exchange

      The system will constantly broadcast their certificates, but not require other users to immediately evaluate the information. Later, the user can check the list of collecting public keys and select with the particular user to start the conversation. This process is not suffering from the shortcomings in the immediate pairing scheme. Additionally the system is incorporated with the Tor network for enabling the anonymity.

   3. Attribute based Encryption

   An attribute-based encryption (ABE) scheme is proposed for providing additional security. ABE extends the cipher text- policy attribute-set-based encryption with a hierarchical structure of system users, so as to achieve scalable, flexible and fine-grained access control. In this ABE process, the cipher text is encrypted with policy chosen by an encryptor,

   A. Delay Rate

   70

   60

   Delay

   50

   40

   30

   20

   10

   0

   EBS EBS-ABE

   Packet transmission

   while the corresponding decryption key is created with respect to a set of attributes.

   As long as the set of attributes associated with a decryption key satisfies the policy associated with a given cipher text, the key can be used to decrypt the cipher text. Through ABE, the proposed model achieved much more security for this type of attribute based encryption process. Here the unauthorized user does not retrieve the original information.

   D. The Tor Network

   Fig.4.Delay rate for EBS-ABE (proposed) and EBS (existing)

   Fig.4. shows the comparison of delay rate between the existing Encounter Based System (EBS) with the proposed Encounter-Based System with Attribute Based Encryption (EBS-ABE). It shows that the proposed system EBS-ABE results less delay than the existing EBS method.

   1. Execution time

      It is the time taken to complete the entire process of transmission from the sender to the rceiver. Fig.5 displays the execution time for the existing EBS method and the proposed EBS-ABE. The time taken for the proposed method is lesser than the existing method.

      EBS EBS-ABE

      70

      60

      Time (sec)

      50

      40

      Fig.3. Architecture of Tor network 30

      The Tor network is an overlay network; each anonymous 20

      router runs as a normal user-level process without any special 10

      authorities. Each router maintains TLS connection to every

      other router. Each user runs local software called a proxy to 0

      fetch directories. Each router maintains a long-term identity key and a short-term key. It is essentially used to sign the TLS

      Comparison

      certificates to sign router descriptor. The key is used to decrypt requests from users to set up a circuit and negotiate the keys. The TLS protocol establishes a short-term key when communicating between routers. It is rotated periodically and independently to reduce the impact of key compromise.

4. PERFORMANCE ANALYSIS

   This section presents the performance evaluation of the proposed Encounter Based-System for efficient and secure transmission. The performance is evaluated based on the following measures:

   Fig.5. Execution time for EBS-ABE (proposed) and EBS (existing)

   1. Signature Algorithm

      The EBS-ABE system uses the DSA algorithm for key generation and the existing system uses the RSA algorithm. The proposed DSA algorithm results lesser time to generate the public and private keys for secure communication. It is shown in Fig.6.

      Signature Algorithm

      EBS

      80

      70

      60

      50

      40

      30

      20

      10

      0

      Time (sec)

      Fig.6.Execution time for EBS-ABE and EBS

   2. Memory usage

   Memory (bytes)

   Fig.7 shows the amount of memory is used for the entire transmission from the source to the receiver side to provide secure communication. The proposed system takes reduced memory usage than the existing system.

   EBS

   EBS-ABE

   70

   60

   50

   40

   30

   20

   10

   0

   Comparison

   Fig.7. Memory usage for EBS-ABE and EBS

5. CONCLUSION AND FUTURE WORK

An Encounter-Based System is proposed to provide secure communication with the help of Tor networks. The DSA algorithm is used to generate the public and private keys for the authenticated sender and the receiver. The Tor network monitors throughout the network to check about the presence of the eavesdropper. The key exchange mechanism is used to check about the valid user with the key pair. The performance is evaluated and the result shows that the proposed EBS-ABE results lesser delay and memory usage than the existing EBS method.

In future, Ciphertext-Policy Attribute-Based encryption (CP-ABE) method will be incorporated to provide additional security for end-end security. CP-ABE extends the cipher text- policy with the hierarchical structure of the system users.

REFERENCES

EBS-ABE

1. "Facebook,http://www.facebook.com," 2009.

2. Z. Haojin, D. Suguo, L. Muyuan, and G. Zhaoyu, "Fairness-Aware and Privacy-Preserving Friend Matching Protocol in Mobile Social Networks," Emerging Topics in Computing, IEEE Transactions on, vol. 1, pp. 192-200, 2013.

3. R. Kui, S. Hai, and W. Qian, "Secret key generation exploiting channel characteristics in wireless communications," Wireless Communications, IEEE, vol. 18, pp. 6-12, 2011.

4. C. Zhang, J. Sun, X. Zhu, and Y. Fang, "Privacy and security for online social networks: challenges and opportunities," Network, IEEE, vol. 24, pp. 13-18, 2010.

5. J. Zhan, "Secure Collaborative Social Networks," Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 40, pp. 682- 689, 2010.

6. X. Ying and X. Wu, "On link privacy in randomizing social networks," Knowledge and information systems, vol. 28, pp. 645-663, 2011.

7. A. Wasef, L. Rongxing, L. Xiaodong, and S. Xuemin, "Complementing public key infrastructure to secure vehicular ad hoc networks [Security and Privacy in Emerging Wireless Networks]," Wireless Communications, IEEE, vol. 17, pp. 22-28, 2010.

8. L. Rongxing, L. Xiaodong, L. Xiaohui, and S. Xuemin, "A Dynamic Privacy-Preserving Key Management Scheme for Location-Based Services in VANETs," Intelligent Transportation Systems, IEEE Transactions on, vol. 13, pp. 127-139, 2012.

9. B. Ray and R. Han, "SecureWear: A Framework for Securing Mobile Social Networks," in Advances in Computer Science and Information Technology. Computer Science and Engineering. vol. 85, N. Meghanathan, N. Chaki, and D. Nagamalai, Eds., ed: Springer Berlin Heidelberg, 2012, pp. 515-524.

10. S. Nitinawarat, Y. Chunxuan, A. Barg, P. Narayan, and A. Reznik, "Secret Key Generation for a Pairwise Independent Network Model," Information Theory, IEEE Transactions on, vol. 56, pp. 6482-6489, 2010.

11. M. Nagy, N. Asokan, and J. Ott, "PeerShare: A System Secure Distribution of Sensitive Data among Social Contacts," in Secure IT Systems. vol. 8208, H. Riis Nielson and D. Gollmann, Eds., ed: Springer Berlin Heidelberg, 2013, pp. 154-165.

12. A. Masoumzadeh and J. Joshi, "Preserving Structural Properties in Edge-Perturbing Anonymization Techniques for Social Networks," Dependable and Secure Computing, IEEE Transactions on, vol. 9, pp. 877-889, 2012.

13. M. Li, S. Yu, N. Cao, and W. Lou, "Privacy- Preserving Distributed Profile Matching in Proximity- Based Mobile Social Networks," Wireless Communications, IEEE Transactions on, vol. 12, pp. 2024-2033, 2013.

14. A. Perrig, J. McCune, M. Farb, M. Burman, and G. S. Chandok, "SafeSlinger: An Easy-to-use and Secure Approach for Human Trust Establishment," ed:

    CARNEGIE-MELLON UNIV PITTSBURGH PA CYLAB, 2012.

15. T. Isdal, M. Piatek, A. Krishnamurthy, and T. Anderson, "Privacy-preserving P2P data sharing with OneSwarm," SIGCOMM Comput. Commun. Rev., vol. 40, pp. 111-122, 2010.

16. J. Manweiler, R. Scudellari, and L. P. Cox, "SMILE: Encounter-based trust for mobile social services," in Proceedings of the 16th ACM conference on Computer and communications security, 2009, pp. 246-255.