1. Rivest et al. [10] proposed public cryptosystem.. Supervisor checks the user to do the processes. We also propose encryption algorithm to encrypt inform ation to [r]
Trang 1VNƯ Journal of Sciencc, N atural Sciences and Technology 24 (2008) 170-178
Security o f information processing based
on grid environment
H uey-M ing L e e'’*, Tsang-Yean L ee', Lily Lin^
^ Department o f Information Management, Chinese Culture University,
55, Hw^a-Kung Road, Yang-Ming-San, Taipei ( I U N ) , Taiwan
^Department o f International Business, China University o f Technology,
56, Sec 3, Hsing-Lung Road, Taipei (ĨỈ6), Taiwan
Received 11 November 2007, received in revised form 20 November 2007
A bstract Grid computing architecture was defined to be a complete physical layer Based on the grid computing architecture, we divided grid nodes into supervisor grid node and execute grid nod
The data transfer in network must be in secure In this study, we propose the encryption and decryption algorithm in each grid node to keep information processing in security We create user information database both in supervisor and execute grid nodes We use them to verify user processing in system When these algorithms install in all grid nodes, we can keep processing be secure in all system
Keywords: Decryption algorithm Encryption algorithm, Grid computing, Security
1 Introduction
The term “G rid” was coined in the mid
1990s to denote a proposed distributed
com puting infrastructure for advanced science
and engineering [1] In grid environm ent, users
m ay access the com putational resources at
m any sites [2] Lee et al [3] proposed a
dynam ic supervising model w hich can utilize
the grid resources, e.g., CPU, storages, etc.,
m ore flexible and optimal Lee et al [4, 5]
proposed a dynamic analyzing resources model
w hich can receive the inform ation about CPU
usages, num ber o f running jo b s o f each grid
C o ư e s p o n d in g a u th o r.
E -m a il: h m le e @ fa c u lty p c c u e d u tw
node resource to achieve load-balancing and make the plans and allocations o f the resources
o f collaborated nodes optimize
In general, the functions o f security system are security, authenticity, integrity, non repudiation, data confidentiality and access
confrol [6-9] Rivest et al [10] proposed public
cryptosystem M cEliece [11] used algebraic coding theor>^ to propose public key M erkle [12] presented “One w ay hash function” and used for digital signature M iyaguchi [13] developed the fast data encipherm ent algorithm (FEAL-8) All o f these are encryption algorithm Lee and Lee [14] used the basic com puter operations, such as insertion, rotation, transposition, shift, com plem ent and pack, to design enciyption and decryption algorithm 170
Trang 2Huey-Ming-Lee et a i ỉ V N U journal of Science, Natural Sciences and Technology 24 (ZOOS) Ĩ70-Ĩ78 171
In this paper, we propose the method to
send inform ation to other execute grid nodes
through supervisor grid node Supervisor
checks the user to do the processes We also
propose encryption algorithm to encrypt
inform ation to produce cipher text and send it
to supervisor Supervisor uses sender format
code to decrypts the cipher text to produce
m fonnation Once supervisor has checked, it
uses received format code to encrypt
inform ation to produce cipher text and sends to
the received execute grid node The received
execute grid node uses decryption algorithm to
produce original infoim ation Via the proposed
algorithm s, we can receive and send
inform ation in secure in netw ork transm ission
2 P ro p o se m eth o d d e sc rip tio n
The inform ation is sent from one execute
grid node to other execute grid node We send
infonnation to supervisor grid node to check
and verify W hen it is correct, we send
inform ation to received executed grid node The
inform ation is encrypted to produce cipher text
and to be sent W hen cipher text has received,
we decrypt to produce original information We
explain the processes as follows
2.1 Execute g rid node
In the execute grid nodes, they have the
following operations to do:
I) Sign on procedure fir s t time
W hen the execute grid node signs on first
time, it uses default fom iat code to encrypt
user-id and passw ord and sends to supervisor
grid node It receives form at code from
s u p e n is o r and saves to create EUIDB (Execute
U ser Inform ation Data Base) The contents o f
EUIDB are as Table 1
T a b le 1 E U ID B (E x e c u te U s e r In fo rm a tio n D a ta
B a se )
U s e r-id P a s s w o rd F o rm a t c o d e
W hen user wants to send inform ation, it uses format code in EƯIDB to encryption u ser
id and passw ord W hen supervisor returns coưect, it can send inform ation to users
2) Request perm ission fro m supef^visor
W hen he wants to send information to other users, he inputs user-id and passw ord to get perm ission from supervisor We use form at code in EƯIDB to enciypt passw ord and send
to supervisor to process
3) Change p assw ord
W hen user w ants to change passw ord, he inputs user-id, old passw ord and new passw ord
W e use form at code in EUIDB to encrypt passw ord and send to supervisor to process
4) D elete user
W hen user w ants to delete entry in supervisor, he inputs user-id and passw ord W e use form at code in EUĨDB to encrypt passw ord and send to supervisor to process and delete the entry in EUIDB
5) Send information to user in other execute
g rid node
W hen he w ants to send infonnation to other user, he types user-id, received-user-id and inform ation W e use fonnat code in EUIDB to encrypt received-user-id and infonnation to produce cipher text and send to supervisor to process
6) Receive information fro m supervisor g rid node
W hen it receives cipher text from supervisor, it uses form at code to deciypt cipher text to get information
Trang 3172 Hueỵ-M ing-Lee et nỉ. / V N U Journal o f Science, Natural Sciences and Technology 24 (2008) Ĩ7 0 - Ĩ 7 8
7) E xit fr o m supervisor g rid node
W hen user wants to log out, it sends user-id
to supervisor
2.2 Supervisor g rid node
In the supervisor grid node, it handles
inform ation processing It has following
operations to do
1) R eceive new user sign on
W hen the new user signs on, it receives
cipher text It uses default format code to
decrypt cipher text to get user-id and password
It uses user-id as key to access supervisor user
inform ation data base If user exists and returns
error code, otherw ise he assigns a format code
to user and creates an entry in the SƯIDB
(supervisor user inform ation data base) as Table
2 and return format code It creates an entry in
the RU ID B (running user inform ation data
base) and inserts access tim e as T ables
T able 2 SƯIDB (Supervisor User Inform ation Data
Base)
U ser-id Password Form at code
Table 3 RƯIDB (Running user infonniition data
base)
U ser-id Password Format Access
2) R eceive user request
It receives the cipher text and uses use-id as
key to find the format code in the SUIDB If the
user does not exist, it returns error code It uses
this format code to decrypt cipher text to get
passw ord W hen the passw ord is not the same
as in SƯIDB, it returns e ư o r code and exits It
creates an enừy in the RUIDB and returns
perm ission to access
3) Receive information
W hen it receives the cipher text o f inform ation, it uses user-id as key to find the form at code in the RƯIDB If the user-id does not exist, it will return error code and exist It uses the format code to decrypt cipher text to find received-user-id and inform ation It uses receive-user-id as key to find the forniat code o f this received-user-id If the user docs not exist,
il will return error code to user o f sender and exit It uses form at code o f received-user-id to encrypt user-id and infom iation to produce cipher text It sends the cipher text to received- user-id We update access time field in RUIDB
4) Receive return m essage fro m receive user
W hen it receives return message from received-user-id, it uses the user-id as key to find the form at code and decrypt to find original user-id and m essage It uses the format code o f original user-id to enciypt message to produce cipher text and return to original user We update access time field in RUIDB
5) F orce to process sign out
W hen user does not process a periodical time, supervisor releases the entry in RUƯ)B
3 F ra m e w o rk o f th e p ro p o se d m odel
In this section, we present the fram ew ork o f the proposed security o f inform ation process model based on grid environm ent Based on the grid com puting architecture, we divide grid nodes into supervisor grid node (SO) and execute grid node (Xi) We also present the supervisor inform ation process m odule (SIPM )
on the supervisor grid node, execute information process m odule (EIPM ) on the execute grid node, as shown in Fig 1
Trang 4híucy-M in^-Lee et a i / V N U journal o f Science, Natural Sciences and Technology 24 (2008) 170-Ĩ78 173
F ig 1 F ra m e w o rk o f the p ro p o s e d m o d e l.
3.1 Supennsor g rid node
W e present the supervisor information
process module (SIPM ) on the supervisor grid
node The com ponents in this module are
shown in Fig 2
The functions o f these com ponents are as
the follows:
com ponent (SRIC):
SRIC receives inform ation from the exccute
grid node It calls inform ation decryption
com ponent (ID C) to decrypt cipher text to get
information C alls SPIC (Supervisor Process
Inform ation C om ponent)
com ponent (SPIC):
SPIC processes the request o f execute grid
nodes W e have the follow ing actions
(1) Type N U se user-id as key to check
SUỈDB (Supervisor U ser Inform ation Data
Base) If user-id exists, it will return error code
and exit If user-id does not exist, it creates an
entry w ith user-id, passw ord and new format
code in SUIDB and returns form at code W e
create an entry in RUIDB (R unning U ser Information Data Base) as Table 3
(2) Type p We check user-id and passw ord
in SƯĨDB If it is not correct, it returns error code and exits W e create an entry in RƯIDB (3) Type u W e check user-id and passw ord
in SUIDB If it is not correct, it will return error code and exit W e change passw ord in SUIDB and store new format code and return format code W e create an entry in RUIDB
(4) Type D W e check user-id and passw ord
in SUIDB If it does not coưect, it will return
e ư o r code and exit We delete user-id in SUIDB and return message
(5) Type E W e delete the entiy in RUIDB (6) Type s W e use received-user-id as key
to check in SƯIDB If it does not exist, it will return error code and exits It uses form at code
o f received-ser-id to call lEC to encrypt inform ation to produce cipher text and send to received-user-id
In each process, we change connect tim e in RUIDB when required and write the text to log file
Trang 5174 Hueỵ-Ming-Lee et a i / V N U Journal o f Science, N atural Sciences and Technology 24 (2008) 170-178
SIPM
Fig 2 A rchitecture o f the SIPM
3) Supervisor check active node component
(SCANC):
SCANC processes periodically If user does
not connect for a period, supervisor deletes the
entry in URIDB
4) Supervisor send inform ation com ponent
(SSIC):
SSIC sends inform ation to grid node
3.2 Execute g rid node
W e present the execute infonnation process
module (EIPM ) on the execute grid node in this
section The com ponents in this m odule are
shown in Fig 3
The functions o f these com ponents are as
the follows:
1) Execute receive inform ation com ponent
(ERIC):
ERIC receives inform ation If it receives
from supervisor, it calls EPSIC (Execute
Process Supervisor Inform ation Com ponent),
otherwise it calls EPUIC (E xecute Process U ser
Information Component)
2) Execute process user information
com ponent (EPUIC):
EPUIC processes to send user infonnation
to supervisor It has the following formats
(1) First time sign on Set code as N and
type user-id and password
(2) R equest perm ission Set code as p and type user-id and passw ord
(3) Change passw ord Set code as Ư and type user-id, old passw ord and new password
(4) Send inform ation Set code as s and type user-id, received-user-id and information
(5) Exit Set code E and type user-id to exit from supervisor
In (1), we use default format code In (2) to (4), we get form at code in EƯIDB (Execute
U ser Inform ation D ata base) W e call lEC (Inform ation Encryption C om ponent) to encryption inform ation to produce cipher text
T hen call ESIC
3) Execute process supervisor information com ponent (EPSIC):
EPSIC calls IDC IDC uses format code to decrypt cipher text to get infom iation From the receive code, it has following process
(1) Code N R eceive form at code and store
to EƯEDB (Execute U ser Inform ation Data
B ase)
Receive permission (2) Code
supervisor
(3) Code supervisor
(4) Code
R Receive return code from
S Receive information from supervisor This inform ation comes from other user and returns m essage to user
Trang 6Hucy-Ming-Lee et aỉ. / V N U loưrnaỊ o f Science, Natural Sciences and Technology 24 (2008) 170-178 175
Fig 3 Architecture of EIPM
4) Execute sen d information com ponent
ESIC):
Execute send inform ation com ponent
ESIC) sends inform ation or return code to
;upervisor
1 Encryption and decryption algorithm
1.1 Encryption algorithm (lE C Inform ation
m crypíỉon component)
The inform ation has the following form at as
fable 4
Table 4 Information
Inform ation has different fields separated
)y comma A fter processes the encryption, we
)roduce the follow ing format as Table 5 to send
)ut
Table 5 Information send out
W e use the basic com puter operations to
ỉesign this algorithm W e explain each
encryption step in Section 4 W e let the length
o f inform ation to be N and it is plaintext
1) Encryption step
The encryption steps are as follows;
(1) B uild the tables The steps are as follows:
Step 1: S tore p la in tex t to sym bol table
From plaintext, we set sym bol table ST as N to store plaintext
Step 2: S et shift count to sc. sc is 1 to 7
W e left shift every byte o f ST to sc places We set SC to SC+32
Step 3: Insert M dum m y sym bol to trail o f
ST. W e get any M (=IN T (N /10)+ l) dummy sym bol and insert to the trail o f symbol table The length o f sym bol table is N+M
Step 4: S et rotate byte and rotate sym bol
table G et any character DDi DD2 Set rotated
byte RBi, as RBi = DDi m ode ((N+M )/2) and
R B 2 = D D 2 m ode ((N+M )/2) We divide ST into
tw o equal parts, saying S P l and SP2, lengths o f
S P l SP2 are equal or length (SPl)=length (SP2)+1 W e rotate SP l to left RBi times and rotate SP2 to right RB2 times Insert RBi, RB2 to the trailer o f com bination o f new SPl and SP2
G et symbol table after rotation (STAR)
Trang 7176 H u c y -M in g -L e e et aỉ Ị V N U Journal o f Science, Natural Sciences and Technology 24 (2008) 170-Ĩ78
S tep 5: C om plem en t the sym bol table after
rotation Set control bit table (CBIT) to all 0
and byte length to L= [(N +M + 2)/8+l] If the
value o f STA R is below the certain value (ex
20i6), we com plem ent the symbol o f STAR to
get sym bol table after com plem ent (STAC) and
set the relative bit o f CBIT to 1
S tep 6: P a c k e d control byte table To form
control byte table (CBT), we take each 7 bits
(as eeeeeee) o f C B IT from left and set control
byte as e e e le e e e The length o f CBT is
K =[(N +M +2)/7] +1
(2) Build background sym bol table (BST)
Step 1: R eserve table
Set s to form at code W e set num ber
L=2*N +S W e reserve table size as L
Step2: S e t value o f table Set above table as
random value betw een 20i6 to F0i6
(3) Build cipher text
W e have STA C (sym bol table after
com plem ent), C B T (control byte table), s c , N,
M ,a n d K
From form at code, we store s c , STAC and
CBT to B ST and B ST is cipher text
2) F orm at code
W e m ay define some value o f form at code
as show ing T able 6
3) M essage fo r m a t
The forniat o f sending m essage has fields as
Code, U ser-id and cipher text
4) Algorithm description
In this algorithm , we have solved the
follow ing items
(1) Data uncertainty;
(2) B rute-force by volum e o f data to send;
(3) C hange contents o f plaintext;
(4) N etw ork ừansm ission;
(5) Sim ple com putation
5) C om bination possibility
T im e s o f
E ncryption Step Com bination (1) Shift the sym bol table 8**(N) (2) Insert dum m y sym bol 256**M (3) Set rotate byte and rotate ( (N +M )/2)**2 (4) C om plem ent the STA R 2**(N+M +2) (5 ) P a c k e d 2 * * 7 * ( I N T (( N + m V i )/7 )+ 1 ) (6) R eserve T able 240**(0.7N)
The total possible com binalions are 8**(N )*256**M *(N +M )*
*2**7*(IN T ((N + M + l)/7)+ l)*240**(0.7N )*240 This num ber is large Il is difficult to decrypt
4.2 D ecryption algorithm (ID C Inform ation
D ecryption C om ponent)
D ecryption is the reversed order o f encryption B efore decryption, we should know the values s o f forniat code in execute user inform ation data base and u (length o f user-id + 1 (C ode)) W e get the L (length o f message)
W e can com pute the length o f tables as follows Table 6 C ontents o f form at code and cipher text Form at C ode C ipher text Content
2 SC, dd, STAC, dd, CBT
>127 Store in reverse order
w here dd is ứie character skipped
The length o f sym bol table N"=1/2*(L-S-U)
Trang 8Hỉíc\/-Mi}ỉsi~Lcc ct nỉ / V N U louruaỉ of Science, Natural Scicỉiccs and TechnoỉOịỊĩ/ 24 (200S) 170-Ĩ78 177
The length o f dum m y sym bol M=
lN T (N nO )+ l
The length o f CBT K -[(N + M + 2 )/7 ] +1
From different format code and above
values, we can get s c , STAC and CBT
I) The step s o f d ecrypt ion a lg o rith m a re as
fo llo w s:
S tep 1: Get fr o m cipher te xt (CT), We get
N, M, K, SC, STAC and CBT
Step 2: P ack control bit table (C B IT ) We
retrieve 7 bits (skip the bit from left o f each
byte) from each CBT We pack above bits to
form the CBIT and length L=[(NH-M +2)/8]+l
Step 3: C om plem ent sym b o l table after
com plem en t (ST A C ) From each bit o f CBIT, if
the value o f relative bit is 1, w e com plem ent the
corresponding byte o f STAC and get symbol
table after rotation (STAR)
Step 4: R otate sym bol table a fter rotation
(ST A R ), Get rotated byte RBi=STARN4Mfi and
RB2 = STARn+m^2 We divide first N+M
symbols o f STA R to two equal parts, saying
SPl and SP2, lengths o f SP l and P2 are equal
or length (S P l) =length (SP2) +1 W e rotate
SP l to right R B| times and rotate SP2 to left
RB2 times We com bine S P l and SP2 to get
symbol table after shift (STAS)
Step 5: S h ift the sym bol table after shift
(ST A S) Set S C -8-(S C -32), W e left shift each
byte o f first N bytes o f STA S and get the
plaintext This is the original plaintext
5 Conclusion and discussion
In this study, we use the basic com puting
operations to design the encryption and
decryption algorithm s It d o e sn ’t need any
special hardw are Finally, we m ake some
comments about this study
a) To do the encryption, w e m ust know
format code to produce cipher text
b) Each cipher text m ay have different
length and format because it has different form at code and the length o f dum m y sym bol table
c) To do decryption, we m ust know form at
code, shift count and different form at to decrypt cipher text to plaintext
d) The proposed algorithm in this study is
more difficult to cryptanalysis, because the following fields o f each transaction have different value in the cipher text
(a) format code, (b) shift count, (c) rotation (d) background table o f random data
e) M essage processes through en cryp tion
and decryption are m ore secure
j) Give perm ission from supervisor and do inform ation process
A c k n o w le d g e m e n ts , This w ork was supported in part by the N ational Science Council, Republic o f China, under G rant N SC - 96-2745-M -034-002-Ư RD
References
[1] I Foster, c Kcssclman, s T ucckc, ‘'G R A M : Key
-unix.globus.org/toolkiư docs/3.2/gram /kcỵ/indcx.htm ỉ, July 3 1 ,1 9 9 8 [2] I Foster, c Kessclm an, "G lobus; A M ctacom puling
Infrastructure Toolkit", ỉniernaíionaỉ Journal o f
Supercom puter Application Vol 11 No 2 (1997)
115.
[3] H.M Lee, c.c Hsu, M.H Hsu, "A Dynam ic Supervising Model Based on Grid E nvironm ent",
Know ledge-Based Intelligent b ifonnation & Engineering Systems, LNCS 3682, Springcr-V erlag,
(2005) 1258.
[4] H.M Lee, T.Y Lee, C.H Yang, M ll Hsu, “ An Optimal Analyzing Resources M odel Based on G rid
Environm ent”, WSEAS Transactions on Information
Science and Applications, Issue 5, Vol 3 (2006) 960.
[5] H.M Lee, T y ! lcc , M.H M su , "A Process Schedule
Analyzing Model Based on Grid E nvironm ent",
K now ledge-Based Intelligent Inform ation &
E ngineering System s, Part III, LNA! 4253, Springcr-
Vcrlag, (2006) 938.
[6] E Biham, A Shamir, "D iffcrcniial C r\p ian aly sis o f
DES-Iike CrvptosN'Slcm*', Advances in
Trang 9Crypiolog}’-178 H u e ỵ -M in g -L e e et aỉ. / V N U Journal o f Science, Natural Sciences and Technologx/ 24 (2008) Ĩ7 0 - Ĩ 7 8
C R YP TO '90 Proceedings, Berlin; Springcr-Vcrlag,
(1 9 9 1 )2
[7] E Biham, A Sham ir, "A D ifferential Cryptanalysis
o f the D ata Encry>ption S ta n d a rd ', springer, Berlin
H eidelberg N ew York, 1993
[8] E Biham, A Sham ir, '"Differential Cryptanalysis o f
D ata Encryption S ta n d a rd ', Berlin: Springer-Verlag,
1993.
[9] w Stallings, C ryptography and N etw ork Security:
Principles a n d P ra ciices'\ International Edition,
Third Edition 2003 by Pearson Education, Inc Upper
Saddle River, NJ 07458.
[10] R.L Rivest, A Sham ir, L A dlcm an, “ A M ethod for
O btaining Digital Signatures and Public -K e y
C ryptosystem s” , C om m unications o f the ACM , Vol
21 No 2 (1978) 120.
[1 1 ]R J M cE liece, "‘A P ublic-K ey System B ased on
A lgebraic C oding Theory’,'" Deep Sace Netw ork
P rogress R eport, 44, Jet Propulsion Laboratory,
C alifornia Institute ofT cch n o io g y (1978) Ị 14.
[12] R c M erklc, “O ne Way Hash Function and DES,”
Proc C r y p to '89, Berlin Springer-V crlag (1990) 428.
[13] S M iyaguchi, “T he FEAL-8 Cryptosystem and Call
for A ttack,” A dvances in C r)'piohgy-C R Y P T O '89
proceed in g s, Springcr-V erlag (1990) 624.
[14] T.Y Lee, H.M Lee, “ Encryption and Decryption
A lgorithm o f D ata Transm ission in Network Security” , W SE A S Transactions on Information Science a n d A pplications, Issue 12, Vol 3 (2006)
2557.