International Journal of Engineering and Advanced Technology (IJEAT)

ISSN: 2249 – 8958, Volume-3, Issue-3, February 2014

Data Reliance Surveillance

Tushar Bedke, Dhanashree Kutre

Abstract— Network Security and Data protection is a very The composition and makeup of the endpoint is as important
important approach in which the users should be encouraged to to the overall security of the system as is the communications
turn on the module in order to practically make use of trusted protocol. The design endpoints are minimally comprised of
computing against well known data security problems. The best
way to deal with such problems is to use this technology that has
symmetric key (i.e., the motherboard number), key storage
been found to provide very real benefits in terms of assuring trust and processing that protects protocol data items. Classic
between systems and effectively protecting, through hardware message exchange based on symmetric cryptography suggests
based encryption, critical information .Moreover the results that messages intended for one and only one individual
should necessary satisfy the requirements of the users in respect of system in loss of security. Thus aids in improving security by
access rights, privacy and interoperability. This paper outlines a providing both key management and configuration
client-server system utilizing a Data Reliance Surveillance management features (e.g. Protected Storage, Message
Module (DRS)-enabled computer to hinder forensic examination. exchange, Binding, Signing and Reporting).
We have explored in detail the entire process from the encryption
to the reverse process decryption on different file formats mainly
image, audio and text files. We describe and implement an II. MOTIVATION AND CHALLENGES
approach on data protection and network security by utilizing Network security is generally taken as providing protection at
trusted computing technology. The system allows for data
confidentiality, plausible deniability, and hiding of traces that
the boundaries of an organization by keeping out intruders.
incriminating data was present on the client. Network security starts from authenticating the user,
commonly with a username and a password. Since this
I. INTRODUCTION requires just one thing besides the user name, i.e., the
password. The networks are comprised of "nodes", which are
Electronic records such as word processing files, image and "client" terminals (individual user PCs), and one or more
audio files increasingly provide essential and important "servers" and/or "host" computers. They are linked by
evidence in solving criminal cases. As a result, electronic communication systems, some of which might be private,
evidence processing had been established to ensure that such as within a company, and others which might be open to
evidences seized from electronic sources adhere to the public access. The obvious example of a network system that
standards of evidence that are admissible in courts of law. In is open to public access is the Internet, but many private
order to obtain these records, law enforcement agents resort to networks also utilize publicly-accessible communications.
forensic examination of seized electronic sources. While thus Today, most companies host computers can be accessed by
far forensics have proven useful in extracting incriminating their employees whether in their offices over a private
data, it is possible to develop a system that hinders this effort. communications network, or from their homes or hotel rooms
The outlines the concept of trusted computing, which while on the road through normal telephone lines. Network
essentially ensures that a system will consistently behave in security involves all activities that organizations, enterprises,
specific, prearranged ways verifiable by a remote machine and institutions undertake to protect the value and ongoing
using a combination of hardware and software support. usability of assets and the integrity and continuity of
Basically is a secure crypto-processor that can generate and operations. An effective network security strategy requires
store secured information such as keys and passwords. It identifying threats and then choosing the most effective set of
typically access the motherboard number of a tools to combat them.
computer(Client), and use this as a key for encryption. The
client’s state can always be established by proper III. SYSTEM OBJECTIVES
authentication, and the data cannot be tampered by fake
attestation by using some out of bound device (Memory Card As security is necessarily the primary goal of most computer
or Pen Drive). At the Server side, the data is decrypted, only applications, there are various strategies and techniques used
by using particular client’s motherboard number. The above to design security systems. The following are the
operation (Encryption and Decryption) is performed using anti-forensics objectives of the system:
Rijndael Algorithm. Confidentiality: The system must protect the confidentiality
The Design of secure distributed systems, when of incriminating data, and only reveal it when the system is in
considering exchange of information between systems, must a trusted state.
identify the endpoints of communication. Information / Action hiding: The system should provide no
concrete evidence that any incriminating data has been
manipulated.
Manuscript received February, 2014. Plausible deniability: The system should provide capabilities
Tushar Bedke, Electronics and Communication Department, to plausibly deny existence of incriminating data.
Visvesvaraya Technological University/ Maratha Mandal Engineering
College/ Organization-Maratha Mandal Engineering College, Belgaum, A. Confidentiality
India.
Dhanashree Kutre, Electronics and Communication Department, Security experts argue that it is impossible to prove the
Visvesvaraya Technological University/ Maratha Mandal Engineering identity of a computer user with absolute certainty. It is only
College/ Organization-Maratha Mandal Engineering College, Belgaum, possible to apply one or more tests which, if passed, have
India.

Published By:
138 Blue Eyes Intelligence Engineering
& Sciences Publication Pvt. Ltd.
 Data Reliance Surveillance

been previously declared to be sufficient to proceed. The transmitter of a file is indistinguishable from those who are
problem is to determine which tests are sufficient, and many merely relaying it. In this way, the person who first
such are inadequate. Any given test can be spoofed one way transmitted the file can claim that his computer had merely
or another, with varying degrees of difficulty. Confidentiality relayed it from elsewhere, and this claim cannot be dis-proven
is the term used to prevent the disclosure of information to without a complete decrypted log of all network connections
unauthorized individuals or systems. Breaches of to and from that person's computer. Plausibility Deniability is
confidentiality take many forms. If a laptop computer achieved by proper Socket Programming of the Client and
containing sensitive information about a company's Server.
employees is stolen or sold, it could result in a breach of
confidentiality. Giving out confidential information over the IV. IMPLEMENTATION DETAILS
telephone is a breach of confidentiality if the caller is not A. Architecture Overview of DRSM
authorized to have the information. Thus, Confidentiality is A Data Reliance Surveillance (), is a secure crypto-processor
necessary for maintaining the privacy of the people whose that can generate, store and share secure information
personal information a system holds. If your authentication between the two entities (Client and Server). The complete
request is approved, you become authorized to access the system consists of a Client, Server, and Out-of-Bound (OOB)
accounts of that account holder, but no others. Authorization, device, as shown in Fig 1. The client is where all data
on the other hand, involves verifying that an authenticated manipulation takes place, while the server is used to store data
subject has permission to perform certain operations or access after manipulation. The core of the system is a -enabled client.
specific resources. Authentication, therefore, must precede To be in a trusted state, the OOB device must be detected by
authorization. Confidentiality have been achieved by using a the client and builds a chain of trust of every individual code
OOB device. The OOB device acts as an authentication of a executed on the system. The Out-Of-Bound device serves as
user for the particular client machine. OOB device authentication function for the particular user and Client
authenticates the user by the correct password and allows to Machine. As a consequence, the client’s state can be
read and write the data. established at any time by using OOB device and detection of
B. Information/Action hiding mother board number. The server on the other hand
Cryptography is the study of means of converting authenticate and attest the client based on the stored
information from its normal comprehensible form into motherboard number of the client. The server terminates
incomprehensible format, rendering it unreadable without immediately the transaction if authentication fails (e.g.,
secret knowledge. Thus, Cryptography is used to hide incorrect mother board number of client). The above
information and ensure secrecy in important communications, operation of sharing the information between two entities
for those used by spies and also for other uses such as phone, (Client and Server) is performed by using a Local Area
fax and e-mail communication, bank transactions, bank Network (LAN).
account security, pins and passwords. It is also used for
electronic signatures which are used to prove who sent a
message. Information hiding means protecting information
and information systems from unauthorized access, use,
disclosure, disruption, modification, inspection, recording or
destruction of data. Computer security can focus on ensuring
the availability and correct operation of a computer system
without concern for the information stored or processed by
the computer. Access to protected information must be
restricted to people who are authorized to access the
information. The computer programs, and in many cases the
computers that process the information, must also be
authorized. This requires that mechanisms be in place to
control the access to protected information. Information
hiding is achieved by using Encryption techniques such as Fig 1: Architecture of Data Reliance Security Module
Rijndael algorithm and maintaining security of system is
achieved by proper authentication (using a OOB device). B. Flow Process
The flow process of working starts from authentication and
C. Plausible Deniability attestation till the end of data transmission and reception.
Plausible deniability refers to lack of evidence proving an With reference to Fig 2 the exact idea can be drawn on how
allegation. If your opponent lacks incontrovertible proof the flow takes place from Client and Server side.
(evidence) of their allegation, you can "plausibly deny" the A complete client-server transaction is divided into 2
allegation even though it may be true. However, the public sections, namely
might well disbelieve the denial, particularly if there is strong • Authentication and Attestation
circumstantial evidence, or if the action is believed to be so • Data transfer
unlikely that the only possible explanation is that the denial is Attestation and authentication ensures the correct client is
false. In computer networks, deniability often refers to a communicating with the server (authentication) and that the
situation where a person can deny transmitting a file, even client configuration is in a known trusted state (attestation).
when it is proven to come from his computer. Normally, this is C. Authentication and Attestation
done by setting the computer to relay certain types of Authentication means maintaining the integrity of the
broadcasts automatically, in such a way that the original individual systems. The way in which someone may be

Published By:
139 Blue Eyes Intelligence Engineering
& Sciences Publication Pvt. Ltd.
 International Journal of Engineering and Advanced Technology (IJEAT)
ISSN: 2249 – 8958, Volume-3, Issue-3, February 2014

authenticated can be based on The Knowledge factor – Client is transmitted to the Server on a Local Area Network
Something the user knows such as password, pass phrase, or (LAN) using a LAN cable. Since main goal is to achieve high
personal identification number (PIN), challenge response (the level Network Security, a proper network is to be constructed
user must answer a question). However, authentication is the between the intended Client-Server pair. This can be achieved
process of verifying a claim made by a subject that it should by Socket Programming. Data Transfer should be protective
be allowed to act on behalf of a given principal (person, and integrity between the Client and Server is achieved on a
computer, process, etc.). Local Area Network.

V. SECURITY ANALYSIS
A. Encryption
In cryptography, encryption is the process of transforming
information (referred to as plaintext) using an algorithm
(called cipher) to make it unreadable to anyone except those
possessing special knowledge, usually referred to as a key.
The result of the process is encrypted information (referred to
as cipher text). Encryption is used to protect data in transit, for
example data being transferred via networks (e.g. the Internet,
e-commerce), mobile telephones, wireless microphones,
wireless intercom systems. Encrypting data in transit also
helps to secure it as it is often difficult to physically secure all
access to networks. Thus, Encryption, by itself, can protect
the confidentiality of messages.
In this paper, Encryption of Data is achieved by using
Rijndael algorithm. In Rijndael Algorithm, we have taken the
mother board number of Client as a key for Encrypting the
data. The same key (i.e., the client’s motherboard number) is
stored in Server’s database which is used for Decryption on
Server Side. By implementing Rijndael, we have successfully
encrypted different forms of data such as text files, image files
and audio files.
B. Decryption
Decryption is the opposite of Encryption. It is the process of
converting a Cipher text to the Plain text. Decryption helps us
to regain the original form of message by using an algorithm
(called cipher). Decryption is an very important process and
Fig 2: Flow Diagram of Data Reliance Security Module. performed using the correct key shared between the two
One familiar use of authentication is access control. A entities. As the data has to be successfully recovered to its
computer system that is supposed to be used only by those original form, confidentiality has to be achieved between the
authorized, must attempt to detect and exclude the two entities.
unauthorized. Access to it is therefore usually controlled by In this paper, Decryption of Data is achieved by performing
insisting on an authentication procedure to establish with reverse steps as that used in Encryption using the Rijndael
some degree of confidence the identity of the user, granting Algorithm. While performing decryption, we should take care
privileges established for that identity. Attestation, on the that key stored in database of Server matches with that key
other hand, involves verifying that an authenticated subject sent by the Client.
has permission to perform certain operations or access
specific resources. VI. ANTI – FORENSIC
In this paper, we have achieved authentication by using a
Out-Of-Bound device (Pen drive). The user must insert pen Criminal law deals with offenses against the state - the
drive in client machine. Inside the Pen drive, the user must prosecution of a person accused of breaking a law. Such
enter the correct password in the notepad file. Whenever the offenses may of course include crimes against a person. A
user wants to access the module for encryption of data, the government body, or the representative of a government body
login section checks whether the password entered in Pen accuses the person of having committed the offense, and the
drive matches with that password, stored in its database. If it resources of the state are brought to bear against the accused.
matches then authentication for the particular user is Guilty outcomes can result in fines, probation, incarceration,
successful to get the motherboard number of the client. This or even death.When a crime is reported the certain evidence
motherboard number acts as key for attestation of data. This of proof such as photograph images, audio recording of the
key is used for encryption of data using the Rijndael algorithm victim, written statement of acceptance of crime has to be
The accessed motherboard number of Client is stored in gathered to produce in the court of law. The evidence of proof
Server which grants access of data after decryption from of crime is termed as Forensic data and used by the Police
particular client machine. authorities to produce in court of law. After taking these all
D. Data Transfer steps, some physical violation of evidence may carry while
After Successful authentication the next step is Data Transfer transferring the proofs (evidence) to the court of law.
between the Client and Server. The Encrypted data from Someone might stole the hard copies of evidence gathered or
misguide with the evidence or even purposely create

Published By:
140 Blue Eyes Intelligence Engineering
& Sciences Publication Pvt. Ltd.
 Data Reliance Surveillance

accidents to destroy the evidence of reported crime while • Key scheduling: 44, 52 or 60 sub keys having length
carrying the data. So the Forensic data gathered by the police = 32 bi
may be in danger and should be protectively and safely The following are the steps involved in Rijndael Algorithm
carried till the final destination. • Processes data as 4groups of 4bytes
To achieve this, we have designed a system known as Data –128-bit block
Reliance Surveillance where the Police authorities acts as a • Input block copied into State array,
Client and the Court authorities acts as a Server. The Crime modified at each stage of encryption or
evidence such as photograph images, written statements of decryption and copied to the output matrix
criminals, audio recording of criminal of accepting crime can after the final round.
be made and established on a computer system (Client). Then • Has 9/11/13 rounds (depending on which
these all data gathered can be encrypted and transmitted over variant is used) in which State undergoes:
the network to the intended recipient. Hence the physical • byte substitution (one S-box used on
crime of evidence violation is eliminated, the system is termed every byte)
as Anti-Forensic System. Thus the main functions of • shift rows: a simple permutation
Anti-Forensic Systems are: • mix columns: substitution using arithmetic in GF(28)
• Virtual conflict management-Prevent disallowed • add round key (XOR State with the round
actions key)Initial XOR of the plaintext with a
• Physical world differs- Punishment deters crimes. round key
• Framework must be agreed upon Commutativity of
operations and
• Establishing chain of custody.

VII. BENEFITS OF DRS

The following are the huge benefits of using DRS module in
different kinds of applications in the day to day world. For a
instance, we have taken a Anti-Forensic system.
Multi-factor authentication: The DRS becomes one factor
in allowing or denying access, so it can be combined with
biometrics and digital certificates for stronger authentication.
Strong login authentication: Even when used for
single-factor authentication the DRS can be stronger than
traditional password solutions.
Machine binding: Ensure all data saved to external media is
encrypted by a key managed by the DRS.
Digital signatures: A trusted audit trail can be created using
the DRS to produce tamper-resistant digital signatures for
documents, for proof and auditable chain of trust.
Password vaults: People should use stronger passwords, so
the DRS provides a convenient store for such information.
Even if your computer is stolen, passwords are securely
locked away, and in addition, the DRS provides an easy way
to backup this information and restore it to a replacement
machine.
Network access control: DRS-equipped computer attest the
DRS’s identity and the health of the host system before
granting access to network resource, and even quarantining
the computer in real time if it gets infected.
Endpoint integrity: Trusted client/server security: The
clients can now ensure the servers are trusted, forging a true
two-way trusted relationship.

VIII. IMPLEMENTATION OF RIJNDAEL ALGORITHM

Rijndael was developed by Belgian cryptographers Joan
Daemen of Proton World International and Vincent Rijmen of Fig 3. : Flow Diagram of Rijndael Algorithm
Kathlieke Universities Leuven. Rijndael is an iterated block
cipher as implemented in Fig 3. Therefore, the encryption or REFERENCES
decryption of a block of data is accomplished by the iteration [[1] National Aeronautics and Space Administration, “One Policy
(a round) of a specific transformation (a round function).It’s a Approach Regarding Digital Evidence Acquisition and Analysis,”
block cipher which works iteratively with a National Aeronautics and Space Administration, August, 2007.
[2] J. Morris, “Maintaining System Integrity During Forensics,” Security
• Block size: 128 bit (but also 192 or 256 bit) Focus, August 1, 2003.
• Key length: 128, 192, or 256 bit [3] Trusted Computing Group, “TCG Specification Architecture
• Number of rounds: 9, 11 or 13 Overview Revision 1.4,” Trusted Computing Group, August 2, 2007.

Published By:
141 Blue Eyes Intelligence Engineering
& Sciences Publication Pvt. Ltd.
 International Journal of Engineering and Advanced Technology (IJEAT)
ISSN: 2249 – 8958, Volume-3, Issue-3, February 2014

[4] Trusted Computing Group, “Trusted Platform Module () Summary”,

Trusted Computing Group, May 5, 2008.
[5] P.C. Leong, “Some impacts of trusted computing on digital forensic,”
in Cyber Crime Investigation Workshop 2006, Singapore, November,
2006.
[6] Trusted Computing Group, “TCG Glossary of Technical Terms”,
Trusted Computing Group.
[7] R. Sailer, X. Zhang, T. Jaeger and L. van Doorn, “Design and
Implementation of a TCG-based Integrity Measurement Architecture,
“in 13th Usenix Security Symposium, San Diego, California,
August,2004.
[8] B. Parno, “The Trusted Platform Module () and Sealed Storage,”RSA,
June 21, 2007.
[9] R. Sailer, “Integrity Measurement Architecture (IMA),” IBM
Research.
[10] J.A. Halderman et al, "Lest We Remember: Cold Boot Attacks on
Encryption Keys" in 17th USENIX Security Symposium (Sec ‘08),
San Jose, California, July 2008.

Published By:
142 Blue Eyes Intelligence Engineering
& Sciences Publication Pvt. Ltd.