2009 IEEE International Advance Computing Conference (IACC 2009) Patiala, India, 6-7 March 2009

Security and Network Performance Evaluation of KK' Cryptographic Technique in Mobile Adhoc Networks
Yudhvir Singh, Lecturer, Deptt. ofCSE, GJUST, Hisar. yudhvirsingh@rediffmail.com Dr. Yogesh Chaba, Reader, Deptt. of CSE, GJUST, Hisar. yogeshchaba@yahoo.com
Abstract - In this paper, we analyze the performance, security and attack aspects of cryptographic techniques and also investigate the performance-security tradeoff for mobile adhoc networks. We propose KK' cryptographic technique and analyze the dominant issues of security, attack and various information theory characteristics of cipher texts for DES, Substitution and proposed KK' cryptographic technique. It is found that the security and information theory characteristics of proposed KK' Cryptographic and DES algorithms is much better then substitution algorithm. The performance packet delivery fraction for KK' and substitution algorithms is much better than DES algorithm. The end-to-end delay for normal AODV protocol is very less, for substitution and KK' algorithms it is moderate and for DES algorithm it is quite high. The security aspect for KK' algorithm is almost equal to DES and network performance is almost equal to substitution algorithm. Finally, we benchmark proposed KK' cryptographic algorithms in search for the better cryptographic algorithm for security in MANET.
is without fixed boundaries. As a result, the boundary that separates the inside network from the outside world becomes blurred. A malicious attacker can readily become a router and disrupt network operations by intentionally disobeying the protocol specifications [11]. Mainly, the difficulties of dealing with security issues in an ad hoc network come from the key management and trust relationship management. These characteristics place a new demand on secure ad hoc networks. In such networks severe vulnerabilities come from the

Yudhvir Singh, Dr. Yogesh Chaba

Cryptography, Networks, Security Protocols.


~ -'takAayi, rporpy Adhoc seuiygas'n ~ Evaluation, Mobile K Performance
Networks, Security Protocols.

An ad hoc network is an infrastructure less network in which each node acts as a host and router. Each node is responsible for forwarding packets to other nodes. Security has become a primary concern in order to provide protected communication between nodes in a hostile environment [1]. Although security has long been an active research topic in wire-line networks, the unique characteristics of MANETs present a new set of nontrivial challenges to security design [2]. These challenges include open network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology. Consequently, the existing security solutions for wired networks do not directly apply to the MANET domain. Unlike wired networks that have dedicated routers, each mobile node in an ad-hoc network may function as a router and forward packets for other peer nodes. The wireless channel is accessible to both legitimate network users and malicious attackers. There is no well-defined place where traffic monitoring or access control mechanisms can be deployed. The communication through multi-hop patterns, this



physical security of the mobile nodes, for example, theft of nodes, which can be compromised or tampered [3]. Furthermore, due to limited battery power, a mobile node is limited by the computational power, which means if a security mechanism causes much computation we cannot use it. The f from a source to a destination could be flow o i of information f attacked. The following categories point out the generic types of attack behaviors and the security targets from an angle by looking at the transmitted information are Interception, Fabrication, Modification and Interruption. Computer network and information security has three aspects: security attacks, security goals, and security mechanisms. The objective of the euiymcaim.Teojcieo h security service is to achieve confidentiality, authentication, integrity, non-repudiation, access control, and availability. Cryptographic mechanisms include algorithms and keys[9]. Cryptographic algorithms consist of secret key algorithms and public key algorithms. In secret key algorithms, also called symmetric algorithms, the same secret key is used by the sender and the receiver eg. Substitution cipher algorithm and Data Encryption Standards Algorithm etc. Public key algorithms, called asymmetric algorithms, use a related key pair, namely, a secret key and a public key eg. RSA etc. The sender uses one from a key pair of a secret key and a public key, and the receiver uses another from the key pair. In public key algorithms only a specific person (a sender or a receiver) knows a private key. On the other hand, persons in the networks may know more than one person's public key.

D.. c.=E.km_

Figure 1: Basic Encryption System

978-1-4244-1888-6/08/f$25.00 Q 2008 IEEE

1 152

Figure 1 shows the brief overview of all parts of an It considers classical symmetric encryption system. encryption only, i.e., both the sender and the receiver of a secret message share a common secret key K. An efficient algorithm E, called encryption (algorithm), takes the key and a plaintext and outputs a ciphertext, and an efficient algorithm D, called decryption (algorithm), takes the key and a ciphertext and outputs a plaintext. It requires that the decryption of a ciphertext yield the original message again. This property is called correctness of the encryption scheme. Usually it denotes symmr keys by K; Kb1 'K2;: :K,,-. symmetric K,

secret key encryption the sender transmits confidential messages to the receiver by encrypting them using the key shared by both the sender and the receiver. Only the other person, who is the receiver, can decrypt the messages using the same key, that is, their shared key. In this scheme, there is no reason to keep the algorithm secret. Therefore it is more important to manage the key securely.

messageslby ine;os :m, ascipher messagesm;iint M2' by m'Ml;
and c

e texts by c; Cl; C2; ts by c c


In the literature there are many cryptographic algorithm for MANET. Nitesh Saxena[14] has discussed the public key cryptography and certificates in ad hoc networks, with theoretical securiity issues. Dijiang Huang[15] describes the for Pseudonym-based cryptography anonymous communications in mobile ad hoc networks. Cordasco et.al[16] compares the security issues of cryptographic and Trust-based Methods for MANET Routing Security. Ching et.al.[7] investigated an identity-based broadcast encryption scheme for mobile ad hoc networks. Sheng et.al[8] focused on the enhanced security design for threshold cryptography in ad hoc network. Toh et.al.[6] has investigated the communication performance of wireless adhoc networks and shown the throughput and end-to-end delay of the networks. Santos et.al. [10] have analyzed the performance parameter throughput, average end-to-end- delay and collision with respect to mobility for vehicular mechanism adhoc networks. Woon et.al.[12] evaluates the performance of wireless 802.15.4 using simulation and test bed approach. Karyotis et.al[13] have designed a noval framework mobile attach strategy modeling and vulnerability analysis in wireless adhoc networks. None of the authors described about the trade-off between performance and security. In literature some of the authors have concentrated on the routing performance and some on securing the mobile adhoc networks, but no one has considered them simultaneously in MANETs. In this paper, we have implemented our proposed KK' cryptographic algorithm[5], and we find the performance of MANET is least affected and security is quite high. This paper is divided in to five sections, Section I is the introduction of our paper, section II discussed the proposed algorithm, section III focus on the implementation environment and section IV reports the results and finally the conclusion is given in section V and then references.

* n.

Formal Definition of Ciphers Definition (Symmetric Encryption Scheme): A symmetric encryption scheme over (M, C, K) is a tuple (E, D) where E, D are efficiently computable algorithms and computing them as E: k X m - C, and D: k X C - m, such that for all k e K and for all me M: D (k; E (k; m)) = m. Here E is called the encryption function, D is called the decryption function, M is a set called the message space. It contains all possible plaintexts, with typical examples being {a;: : ; z}j (all words over the alphabet a;: : : ; z of finite length), or {0; 1 }* (bit strings of finite length). C is a finite set called the cipher text space. It contains all encryptions that might occur in the scheme. K is a finite set called the key space. For symmetric encryption keys are drawn uniformly random from key K. We have seen for example K =N26, K (N26)*, and K = Perm ({a;:::; z}) = {p : {a;:::; z} - {a; :; z} p is bijective}.

Proposed KK' Cryptographic technique broken by trying all possible keys in sequence, except Onetime Pad. The security of a symmetric cryptosystem is a function of two things: the strength of the algorithm and the length of the key, i.e. the size of the key-space. Modem ciphers like DES algorithm operates on blocks of plain-text and cipher-text, with key 64 or 128 bits with 8 to 16 cycles and generates a cipher text. The cipher text can be generated by XORing some value with plaintext and plaintext can be extracted by XORing some value with cipher text. Here we are concentrating on the value or key that can be ex-or with plaintext or cipher text. We have to get distinct keys for every plaintext with some key stream. Key K is XORed with either the cipher-text or plaintext; it is fast and has no known attacks. We need to be careful how we use it. A key stream is designed as outputs of bits: kl, k2, ... ki, The key stream is XORed with plaintext bits p1, p2, ... pi and Cipher-text bits are produced: ci = ki G pi, G denotes the XOR operation and pi = ci G ki. The security depends entirely on the key stream, if we get repeating bits values; it is a simple XOR cipher that is very easy to break. If we get a true random key stream, we have a One-time Pad and perfect security. For this motive, we propose the 1(KK' cryptographic algorithm, which is based on
All modem algorithms use keys to control encryption and decryption. Any cryptographic method with a key can be

Usually secret key algorithms are faster than public key algorithms. On the other hand, public key algorithms are easier to distribute than secret key algorithms. Based on these

characteristics, secret key algorithms are used as a solution for handling the actual data. In the secret key cryptography, it is assumed that both the sender and receiver share the secret key and that they must agree on a specific secret key encryption algorithm to use. From the point of view of confidentiality, in

2009 IEEE Inxternational Advanxce Computing Conference (IACC 2009)


the changing of key continuously to get perfect secrecy and security. Conceptualization of KIK' iS based on varying keyC as its complement for subsequent steps. Such as the original key .is , , ke K, but it act as in stepl1 key=k, in step 2 key =k' and in step 3 key=k and so on up to last step as shown in figure 2.
a ny


perfect secrecy. Even if the proof is rather simple, it constituted a major step in crypto history since it was the first actual proof of security of a cryptographic scheme. It is directly applicable to KK' ciphers as subsequent characters of message text with key are not generating same cipher text, eg M(aa) with key KK', it may be C(gx).
Proposition: The KK'provides secrecy

K &K,



lipertext ncryptionIC

mo, ml E M and c E C be arbitrary and let UK denote the uniform distribution on K. For i E {0; 1}, it holds that

Proof: Let


c';K RK; c' -E (K, mi)] K




= Y Puk(K). P E(K;mi)(C ) K,c c=c =L PUk(K) PE(K;mi)(C)

Figure 2: KK' Cryptographic Algorithm


{ 1 ifc =K { 0 elseK { Ki+±=K'i

mi Y 1/ IK

Take Inputs PT- plaintext, K-key, Other Variables L - length of plaintext, 1I calculate from PT I - incrementer, CT- ciphertext Processing
For ( 1=0; I<L; I++) 1I Repeat steps { CT[I]= PT[I] ® K 1I EX-OR PT & K K= K' H K' as K Complement } Output CT- cipher text



This holds for both i, i+1, so the claim follows. In this algorithm the concentration is on the key changing for subsequent steps and it is found that K' is the operation having minimum processing overhead. In this algorithm, we has concentrated on the outline processing for encryption and decryption process, so it has lesser degradation on the performance, while implementing in mobile adhoc networks.

Secrecy of KK' The first definition of security for encryption schemes was the definition of perfect secrecy given by Claude Shannon [1]. Intuitively it says that any message is encrypted to a specific cipher text with the same probability. This essentially means that, given a cipher text, no adversary gains any information which plaintext was encrypted.
Definition (Perfect Secrecy): Let (E, D) be an encryption scheme on (M, C, K). The encryption scheme provides perfect secrecy if and only if, for all mo, mle M and for all c E C, the following holds:
Pr [c = c'; K R K; c' e- E (K, mo)] K <-RK; c e- E (K, mi)]

Pr [c = c';

Different equivalent variants of this definition exist based on statistical independence and entropy. Shannon [1] also proved that the one time pad cipher satisfies this notion of

The simulation of the proposed method is done in Glomosim (Global Mobile Information System Simulator). With Glomosim simulator we can build a scalable simulation environment for wireless network systems. It is being designed using the parallel discrete-event simulation capability provided by Parsec. We can view different entity initializations as being separate logical processes in the system. Hence each entity initialization requires its own stack space in the runtime. In Glomosim, each entity represents a geographical area of the simulation. Hence the network nodes that a particular entity represents are determined by the physical position of the nodes. The details about the simulation parameters are finalized in the configuration file as given in tablel. In our simulation we have taken the output parameter statistic related to the packet delivery fraction & average end-to-end delay corresponding to the varying percentage of malicious nodes. The detail of the statistics is taken in the various *.stat files. And finally by considering these statistics the performance analysis of the proposed method is done with respect to the varying percentage of the malicious nodes. Here some of nodes worked as malicious nodes; the malicious blocks all communications. The basic routing protocol for this is taken for communication is AODV supporting IP protocol and addressing. The parameters partial delivery fraction ratio


1 154

2009 IEEE InternaftionaflAdvalnce Computing Conference (IACC 2009)

(throughput) and average end-to-end delay are considered for performance measurement of AODV, Substitution, DES and KK' Cryptographic Algorithms over number of malicious nodes. TABLEI: SIMULATIONS PARAMETER FOR MANET IN GLOMOSIM

as key dimensions generated, derived keys, superposition analysis, correlation of distribution of the cipher texts and language texts, comparing cipher text with English text and plaintext etc.

A Attack Analysis



Number of Nodes Terrain range Powerrange Bandwidth


Network Nodes



Sim Time


The simulator CrypTool is used to analyze the attacks. This tool contains some in-built mechanisms for attack and analysis. The attack mechanisms for cryptographic techniques X,Y Dimension of motion are Cipher-text, Known Plaintext and Manual attack in m. mechanisms. The Cipher text attack mechanism contains the Node's power range Caesar, Vignere, ADFGVX, Substitution, Solitaire, Addition and XOR methods. The Known Plaintext attack mechanism Node's Bandwidth the Hill method. The Simulatio I SimlatinDucontains the Substitution, Play-fairManual attack mechanism contains 2 indicates the results obtained by applying attacks and Solitaire methods[4]. Table

placement Mobility
Mobility Traffic Model Pause Time Routing Protocol




Woint Motion
0-25m/s CBR


Change Direction
Mobility of Nodes Constant bit rate protocol


Non-mobility time at the terrain boundary Base routing protocol for MANET

different algorithms. When the substitution algorithm is analyzed with substitution attack method, there is up to 25% probability that it deduces the information, while other attack methods are able to deduce hardly 5% about key and data. It was found that the Substitution around 8.5%, KK' crypto technique around 1.2% and DES algorithm is broken in around 1% cases hardly. It has been found that traditional substitution cryptographic algorithms are more prone to attack with similar type of simulation attack. While others such as DES and KK' Crypto Technique seems to be safer with these attacks.

The attacker's main goal is to break the cryptographic system in every possible way, with his existing knowledge and available infrastructure. Apart from this an adversary pursues, there are different possibilities an attacker might exploit for attacking an encryption scheme, e.g., cipher text-only attacks, or attacks where one assumes that certain plaintexts/cipher text pairs are already known to the adversary. There are different possibilities a cryptanalyst might exploit for different information from an encryption scheme, and e.g. information theory tests and randomness analysis test. The simulator CrypTool is used to analyze attacks, information theory tests CrypTool and randomness analysis test[4]. This tool contains some inbuilt mechanisms for these test and analysis. In this paper CrypTool is used as a simulator to conduct the security related experiments on cipher methods and to get the result. Only alphanumeric and special characters are used for analysis of cryptographic techniques. These specifications are selected in the CrypTool option menu of option menu and visual results are set in window option of the CrypTool. For the input plaintext, around 50-sample text are taken and encrypted with various algorithms. The output of above plaintext is cipher text, analyzed with analysis option in CrypTool. Proposed KK' algorithm is implemented in C, and their output is taken as cipher text, which is then copied in some text file and that text file is used for the analysis with CrypTool. The parameters of above automatic analysis techniques are assigned or selected manually as per the requirements of techniques. In this paper results are interpreted on the basis of various parameters such

Method -

Attack (Success

ubstitution Encryption lgorithm 5 o

Data Encryption Standard

KK' Cryptographic Algorithm

Cipher-text attack ~~~~~~~~~~~~~~~~only

only attack vignpere xt only attack Substitution

Caesar Cipher-text





only attack


5 3

text only ~~~~~~~~~~~~~~attack
Sattack Manualattack
Solitaire Manulatake

only attack XOR Cipher-


Hill Known Plaintext



Play-fair Manual attack



1 1 5________1_______1 ___

2009 IEEE Inxternational Advanxce Computing Conference (IACC 2009)


B Information Theory Tests The information theory tests mechanisms for cryptographic techniques are Entropy, Floating Frequency, Histogram, N-Gram, Autocorrelation and Periodicity. These parameters are evaluated with simulator CrypTool, these standard traditional techniques are directly implemented with CrypTool. The substitution cipher is the weak with these types of attacks. Values of information theory test parameters are used for interpretation of test, e.g. the value of entropy should be as high as possible, floating frequency has wide range of values, the autocorrelation has none correlating or wide range with different zigzag patterns, and no periodicity or no offset or no cycles are preferred. Values of histogram test parameters are used to interpretation of test, e.g. the value of histogram parameters should be as wide range, but patterns should be least repeating frequencies. least repeating frequencies.

tests on different algorithms. When ciphers are analyzed KK' and DES are difficult to analyzed then Substitution ciphers.

qethod Random




Encryption Crypto ution Encryption landard graphic lgorithm DES) Algorithm 35.88, Fail 73.53,



s=0.05 3.841


32.58 Fail 37.63










Run Test MTV=


14.04 Fail 33.98 Fail

31.96, Fail





ethod -

[nformation rheory Test

Plain Text

ubstitution ncryption lgorithm
4.33 4

Data Encryption Standard
Algorithm Algorithm

KK' Crypto graphic


9.488 Serial


40.20, Fail

1.85, Pass

2.66, Pass

5.08 2





5.34 2

iun est



kuto correlation Periodicity








These are the results of implementing various tests on different cipher texts generated with various cryptographic algorithms and it has been found that traditional substitution cryptographic algorithm are more prone to information theory analysis. While others DES and KK' cipher is difficult to analyze with these tests. D Network Performance Finally we have considered the parameters for security / confidently are interpretation of attack analysis, statistical (information theory and random tests), while for mobile adhoc networks performance are throughput and average end-to-enddelays. The outputs of these techniques are taken from .stat files and graphs were drawn for network performance.














Table 3 indicates the results obtained by applying information theory tests on different algorithms. When the entropy of cipher text is analyzed DES and KK' Crypto Techniques are better then substitution encryption algorithms. Based on frequency analysis DES and KK' Crypto Technique is better and Substitution. When Correlation is analyzed DES and KK' Crypto Techniques are more effective and Substitution cipher is the worst ciphers. Based on periodicity the DES and KK' ciphers are better then substitution cipher.
C Randomness Analysis Tests The Randomness analysis contains the Frequency Test, Poker Test, Runs Test and Serial Test. The parameters of above automatic analysis techniques are assigned or selected as per the requirements of techniques. In this paper results are interpreted on the basis of various parameters such as key dimensions generated, derived keys, superposition analysis, correlation of distribution of the cipher texts and language texts, comparing cipher text with English text and plaintext etc. Values of randomness test parameters are used to interpretation of test e.g. the value of such tests should be pass and not more than the MTV of that test. Further siuato is reeae fo RadnesTssaesoni table 4 indicates the results obtained by applying randonmess



B 0.08 D 0.06 0.0402

Crypto KK' Crypto
DES Algo
0 5 10 15 20 25
No. of Malicious Nodes


Graph 1: Graph for End-to-End Delay in MANET

partial delivery fractional ratio iS 0.82, 0.76, 0.39 and average end-to-end delay is 0.018, 0.032 and 0.085 for Substitution,

Grp 1, 2 Substitution, DES niaetentokpromneo and KK' Cryptographic algorithms. The


2009 IEEE Internactionacl Advance Computing Conference (IACC 2009)

KK' and DES algorithm respectively. These graphs indicate that KK' Cryptographic and Substitution algorithm have better network performance as compare to DES algorithm. So KK' Cryptography Technique is providing better security without compromising the network performance in MANET.

algorithms in search for the better cryptographic algorithm in MANET. REFERENCES
[2] C. E. Shannon, "A Mathematical Theory of Communication Reprinted with corrections", The Bell System Technical Journal, Vol. 27, pp. 379-423, 623-656, July, October, 1948. V Pritida, Jani, "Security within Ad Hoc Networks", Pampas Workshop, September, 16/17, 2002. Z Lidong, J H Zygnumt, "Securing Ad Hoc Networks", Cornell University, IEEE Networks, December 1999. Cryptography, Bernhard Esslinger, "The CrypTool Script: Mathematics and more", 8th edition - distributed with CrypTool version 1.4. 10, Germiany, July 25, 2007. Yudhvir Singh, Yogesh Chaba, analysis of KKI' Cryptographic Technique", IEEE National conference on AIS, March 2008. C.K. Toh, M. Delwar, D. Allen, "Evaluating the communication performance of an ad hoc wireless network", IEEE Transactions on Wireless Communications 1 (3) (2002), pp 402-414. Ching Yu Ng, Yi Mu, and Willy Susilo, "An identity-based broadcast encryption scheme for mobile ad hoc networks", Journal of Telecommunication and Information Technology, 1/2006, pp 23-29. Sheng-Ti Li, Xiong Wang, "Enhanced Security Design for Threshold Cryptography in Ad Hoc Network", NEW2AN 2004, St.Petersburg, Russia, pp27-31. Izhak Rubin, Runhe Zhang, "Adhoc Robust throughput and routing for mobile ad hoc wireless networks", Ad Hoc Networks Elsevier Volume 7, Issue 2, March 2008, Pages 265-280.


[3] [4]

>~ 8O

1 0 S Crypto 0.8 S1 111 HSCyt _ .2 0.6 KK' Crypto m 0.4 0.2 DES AIgo 0 0 5 10 15 20 25 Malicious Nodes



[7] [8]

Graph 2: Graph for Partial Delivery Fraction Ratio in MANET (Throughput)


The objective of this research was to investigate MANET issues when crptoraphc prcesing elay. are performance issus whn cryptographic processing delays ar applied at the application layer. We analyzed the performance, security and attack aspects of cryptographic techniques and also investigated the performance-security tradeoff for mobile h adhoc networks. We ave proposed KK' cryptographic technique and analyzed the dominant issues of security, attack and various information theory characteristics of cipher texts for DES, Substitution and proposed KK' cryptographic technique. t.Simulation experiment results show that network S1mulahon exper1ment results snow tnat networK performance in MANETs is highly sensitive to the cryptographic overhead. It is found that the security and information theory characteristics of proposed KK' Cryptographic DES algorithms are much oetter tnen Cryptographic and DES algor1thms are mucn better then and substitution algorithm. However from performance packet delivery fraction and end to end delay point of view KK' and substitution algorithms are better than DES algorithm. Finally it was concluded that proposed KK' algorithm provides better security without compromising network performance and so we have benchmarked proposed KK' cryptographic

[10] A. Santos, A. Edwards, R.M. Edwards, N.L. Seed, "Performance

[11] Joengmin Hwang, Tian He, Yongdae Kim, "Secure localization with phantom node detection", Ad Hoc Networks, Elsevier, Volume 6, Issue 7, Pages 1031-1050, Pages 985-1182 (September2008). [12] Wilson T.H. Woon, Tat-Chee Wan, "Performance evaluation of IEEE

routing protocols in vehicular ad-hoc networks",and Ubiquitous Computing 2005 Vol. 1, No.1/2 pp. 80 - 91
evaluation of

International Journal of Ad Hoc

802.15.4 wireless multi-hop networks: simulation and testbed approach", International Journal of Ad Hoc and Ubiquitous Computing (IJAHUC) Volume 3 - Issue 1 - 2008, pp57 - 66. [13] VasileiosMaglaris, "A Symeonframework for mobile attack strategy Vasilis Karyotis, novel Papavassiliou, Mary Grammatikou, modelling and vulnerability analysis in wireless ad hoc networks", International Journal of Security and Networks 2006 - Vol. 1, No.3/4 pp. 255 - 265. Nitesh Saxena, "Public Key Cryptography [14] Networks", ACNS 2006, LNCS 3989, pp. Sans Certificates in Ad Hoc

[15] Dijiang Huang, "Pseudonym-based cryptography for anonymous communications in mobile ad hoc networks", Int. J. Security and
[16] Methods for MANET Routing Security", Electronic Trust-based Jared Cordasco, Susanne Wetzel, "Cryptographic vs. Notes in


Networks, Vol. 2, Nos. 3/4, 2007 pp272-283

Theoretical Computer Science TM 2007.

2009 IEEE Inxternational Advanxce Computing Conference (IACC 2009)


Sign up to vote on this title
UsefulNot useful