VNƯ Journal of Sciencc, N atural Sciences and Technology 24 (2008) 170-178

Security o f information processing based on grid environment

H uey-M ing L e e'’*, Tsang-Yean L ee', Lily Lin^

^ Department o f Information Management, Chinese Culture University, 55, Hw^a-Kung Road, Yang-Ming-San, Taipei ( I U N ) , Taiwan

^Department o f International Business, China University o f Technology, 56, Sec. 3, Hsing-Lung Road, Taipei (ĨỈ6), Taiwan

Received 11 November 2007, received in revised form 20 November 2007

A bstract. Grid computing architecture was defined to be a complete physical layer. Based on the grid computing architecture, we divided grid nodes into supervisor grid node and execute grid nod.

The data transfer in network must be in secure. In this study, we propose the encryption and decryption algorithm in each grid node to keep information processing in security. We create user information database both in supervisor and execute grid nodes. We use them to verify user processing in system. When these algorithms install in all grid nodes, we can keep processing be secure in all system.

Keywords: Decryption algorithm. Encryption algorithm, Grid computing, Security

1. Introduction

The term “G rid” was coined in the mid 1990s to denote a proposed distributed com puting infrastructure for advanced science and engineering [1]. In grid environm ent, users m ay access the com putational resources at m any sites [2]. Lee et al. [3] proposed a dynam ic supervising model w hich can utilize the grid resources, e.g., CPU, storages, etc., m ore flexible and optimal. Lee et al. [4, 5]

proposed a dynamic analyzing resources model w hich can receive the inform ation about CPU usages, num ber o f running jo b s o f each grid

C o ư e s p o n d in g a u th o r.

E -m a il: h m le e @ fa c u lty .p c c u .e d u .tw

node resource to achieve load-balancing and make the plans and allocations o f the resources o f collaborated nodes optimize.

In general, the functions o f security system are security, authenticity, integrity, non­

repudiation, data confidentiality and access confrol [6-9]. Rivest et al. [10] proposed public cryptosystem. M cEliece [11] used algebraic coding theor>^ to propose public key. M erkle [12] presented “One w ay hash function” and used for digital signature. M iyaguchi [13]

developed the fast data encipherm ent algorithm (FEAL-8). All o f these are encryption algorithm. Lee and Lee [14] used the basic com puter operations, such as insertion, rotation, transposition, shift, com plem ent and pack, to design enciyption and decryption algorithm.

170

Huey-Ming-Lee et a i ỉ V N U journal of Science, Natural Sciences and Technology 24 (ZOOS) Ĩ70-Ĩ78 171 In this paper, we propose the method to

send inform ation to other execute grid nodes through supervisor grid node. Supervisor checks the user to do the processes. We also propose encryption algorithm to encrypt inform ation to produce cipher text and send it to supervisor. Supervisor uses sender format code to decrypts the cipher text to produce m fonnation. Once supervisor has checked, it uses received format code to encrypt inform ation to produce cipher text and sends to the received execute grid node. The received execute grid node uses decryption algorithm to produce original infoim ation. Via the proposed algorithm s, we can receive and send inform ation in secure in netw ork transm ission.

2. P ro p o se m eth o d d e sc rip tio n

The inform ation is sent from one execute grid node to other execute grid node. We send infonnation to supervisor grid node to check and verify. W hen it is correct, we send inform ation to received executed grid node. The inform ation is encrypted to produce cipher text and to be sent. W hen cipher text has received, we decrypt to produce original information. We explain the processes as follows.

2.1. Execute g rid node

In the execute grid nodes, they have the following operations to do:

I) Sign on procedure fir s t time

W hen the execute grid node signs on first time, it uses default fom iat code to encrypt user-id and passw ord and sends to supervisor grid node. It receives form at code from s u p e n is o r and saves to create EUIDB (Execute U ser Inform ation Data Base). The contents o f EUIDB are as Table 1.

T a b le 1. E U ID B (E x e c u te U s e r In fo rm a tio n D a ta B a se )

U s e r-id P a s s w o rd F o rm a t c o d e

W hen user wants to send inform ation, it uses format code in EƯIDB to encryption u ser­

id and passw ord. W hen supervisor returns coưect, it can send inform ation to users.

2) Request perm ission fro m supef^visor

W hen he wants to send information to other users, he inputs user-id and passw ord to get perm ission from supervisor. We use form at code in EƯIDB to enciypt passw ord and send to supervisor to process.

3) Change p assw ord

W hen user w ants to change passw ord, he inputs user-id, old passw ord and new passw ord.

W e use form at code in EUIDB to encrypt passw ord and send to supervisor to process.

4) D elete user

W hen user w ants to delete entry in supervisor, he inputs user-id and passw ord. W e use form at code in EUĨDB to encrypt passw ord and send to supervisor to process and delete the entry in EUIDB.

5) Send information to user in other execute g rid node

W hen he w ants to send infonnation to other user, he types user-id, received-user-id and inform ation. W e use fonnat code in EUIDB to encrypt received-user-id and infonnation to produce cipher text and send to supervisor to process.

6) Receive information fro m supervisor g rid node

W hen it receives cipher text from supervisor, it uses form at code to deciypt cipher text to get information.

172 Hueỵ-M ing-Lee et nỉ. / V N U Journal o f Science, Natural Sciences and Technology 24 (2008) Ĩ7 0 - Ĩ 7 8

7) E xit fr o m supervisor g rid node

W hen user wants to log out, it sends user-id to supervisor.

2.2. Supervisor g rid node

In the supervisor grid node, it handles inform ation processing. It has following operations to do.

1) R eceive new user sign on

W hen the new user signs on, it receives cipher text. It uses default format code to decrypt cipher text to get user-id and password.

It uses user-id as key to access supervisor user inform ation data base. If user exists and returns error code, otherw ise he assigns a format code to user and creates an entry in the SƯIDB (supervisor user inform ation data base) as Table 2 and return format code. It creates an entry in the RU ID B (running user inform ation data base) and inserts access tim e as T ables.

T able 2. SƯIDB (Supervisor User Inform ation Data Base).

U ser-id Password Form at code

Table 3. RƯIDB (Running user infonniition data base).

U ser-id Password Format Access

Code Time

2) R eceive user request

It receives the cipher text and uses use-id as key to find the format code in the SUIDB. If the user does not exist, it returns error code. It uses this format code to decrypt cipher text to get passw ord. W hen the passw ord is not the same as in SƯIDB, it returns e ư o r code and exits. It creates an enừy in the RUIDB and returns perm ission to access.

3) Receive information

W hen it receives the cipher text o f inform ation, it uses user-id as key to find the form at code in the RƯIDB. If the user-id does not exist, it will return error code and exist. It uses the format code to decrypt cipher text to find received-user-id and inform ation. It uses receive-user-id as key to find the forniat code o f this received-user-id. If the user docs not exist, il will return error code to user o f sender and exit. It uses form at code o f received-user-id to encrypt user-id and infom iation to produce cipher text. It sends the cipher text to received- user-id. We update access time field in RUIDB.

4) Receive return m essage fro m receive user

W hen it receives return message from received-user-id, it uses the user-id as key to find the form at code and decrypt to find original user-id and m essage. It uses the format code o f original user-id to enciypt message to produce cipher text and return to original user. We update access time field in RUIDB.

5) F orce to process sign out

W hen user does not process a periodical time, supervisor releases the entry in RUƯ)B.

3. F ra m e w o rk o f th e p ro p o se d m odel

In this section, we present the fram ew ork o f the proposed security o f inform ation process model based on grid environm ent. Based on the grid com puting architecture, we divide grid nodes into supervisor grid node (SO) and execute grid node (Xi). We also present the supervisor inform ation process m odule (SIPM ) on the supervisor grid node, execute information process m odule (EIPM ) on the execute grid node, as shown in Fig. 1.

híucy-M in^-Lee et a i / V N U journal o f Science, Natural Sciences and Technology 24 (2008) 170-Ĩ78 173

F ig. 1. F ra m e w o rk o f the p ro p o s e d m o d e l.

3.1. Supennsor g rid node

W e present the supervisor information process module (SIPM ) on the supervisor grid node. The com ponents in this module are shown in Fig. 2.

The functions o f these com ponents are as the follows:

1) Supervisor receive information com ponent (SRIC):

SRIC receives inform ation from the exccute grid node. It calls inform ation decryption com ponent (ID C) to decrypt cipher text to get information. C alls SPIC (Supervisor Process Inform ation C om ponent).

2) Supervisor pro cess information com ponent (SPIC):

SPIC processes the request o f execute grid nodes. W e have the follow ing actions.

(1) Type N. U se user-id as key to check SUỈDB (Supervisor U ser Inform ation Data Base). If user-id exists, it will return error code and exit. If user-id does not exist, it creates an entry w ith user-id, passw ord and new format code in SUIDB and returns form at code. W e

create an entry in RUIDB (R unning U ser Information Data Base) as Table 3.

(2) Type p. We check user-id and passw ord in SƯĨDB. If it is not correct, it returns error code and exits. W e create an entry in RƯIDB.

(3) Type

u.

W e check user-id and passw ord in SUIDB. If it is not correct, it will return error code and exit. W e change passw ord in SUIDB and store new format code and return format code. W e create an entry in RUIDB.

(4) Type D. W e check user-id and passw ord in SUIDB. If it does not coưect, it will return e ư o r code and exit. We delete user-id in SUIDB and return message.

(5) Type E. W e delete the entiy in RUIDB (6) Type

s.

W e use received-user-id as key to check in SƯIDB. If it does not exist, it will return error code and exits. It uses form at code o f received-ser-id to call lEC to encrypt inform ation to produce cipher text and send to received-user-id.

In each process, we change connect tim e in RUIDB when required and write the text to log file.

174 Hueỵ-Ming-Lee et a i / V N U Journal o f Science, N atural Sciences and Technology 24 (2008) 170-178

SIPM

Fig. 2. A rchitecture o f the SIPM . 3) Supervisor check active node component

(SCANC):

SCANC processes periodically. If user does not connect for a period, supervisor deletes the entry in URIDB.

4) Supervisor send inform ation com ponent (SSIC):

SSIC sends inform ation to grid node.

3.2. Execute g rid node

W e present the execute infonnation process module (EIPM ) on the execute grid node in this section. The com ponents in this m odule are shown in Fig. 3.

The functions o f these com ponents are as the follows:

1) Execute receive inform ation com ponent (ERIC):

ERIC receives inform ation. If it receives from supervisor, it calls EPSIC (Execute Process Supervisor Inform ation Com ponent), otherwise it calls EPUIC (E xecute Process U ser Information Component).

2) Execute process user information com ponent (EPUIC):

EPUIC processes to send user infonnation to supervisor. It has the following formats.

(1) First time sign on. Set code as N and type user-id and password.

(2) R equest perm ission. Set code as p and type user-id and passw ord.

(3) Change passw ord. Set code as Ư and type user-id, old passw ord and new password.

(4) Send inform ation. Set code as

s

^and

type user-id, received-user-id and information.

(5) Exit. Set code E and type user-id to exit from supervisor.

In (1), we use default format code. In (2) to (4), we get form at code in EƯIDB (Execute U ser Inform ation D ata base). W e call lEC (Inform ation Encryption C om ponent) to encryption inform ation to produce cipher text.

T hen call ESIC.

3) Execute process supervisor information com ponent (EPSIC):

EPSIC calls IDC. IDC uses format code to decrypt cipher text to get infom iation. From the receive code, it has following process.

(1) Code N. R eceive form at code and store to EƯEDB (Execute U ser Inform ation Data B ase).

Receive permission (2) Code

supervisor.

(3) Code supervisor.

(4) Code

P. from

R. Receive return code from

S. Receive information from supervisor. This inform ation comes from other user and returns m essage to user.

Hucy-Ming-Lee et aỉ. / V N U loưrnaỊ o f Science, Natural Sciences and Technology 24 (2008) 170-178 175

Fig. 3. Architecture of EIPM.

4) Execute sen d information com ponent ESIC):

Execute send inform ation com ponent ESIC) sends inform ation or return code to

;upervisor.

1. Encryption and decryption algorithm

1.1. Encryption algorithm (lE C Inform ation m crypíỉon component)

The inform ation has the following form at as fable 4.

Table 4. Information

Code User-id Information

Inform ation has different fields separated )y comma. A fter processes the encryption, we )roduce the follow ing format as Table 5 to send )ut.

Table 5. Information send out

Code User-id Cipher Text

W e use the basic com puter operations to ỉesign this algorithm . W e explain each

encryption step in Section 4. W e let the length o f inform ation to be N and it is plaintext.

1). Encryption step

The encryption steps are as follows;

(1) B uild the tables. The steps are as follows:

Step 1: S tore p la in tex t to sym bol table.

From plaintext, we set sym bol table ST as N to store plaintext.

Step 2: S et shift count to

sc. sc

is 1 to 7.

W e left shift every byte o f ST to

sc

places. We set SC to SC+32.

Step 3: Insert M dum m y sym bol to trail o f ST. W e get any M (=IN T (N /10)+ l) dummy sym bol and insert to the trail o f symbol table.

The length o f sym bol table is N+M.

Step 4: S et rotate byte and rotate sym bol table. G et any character DDi DD2. Set rotated byte RBi, as RBi = DDi m ode ((N+M )/2) and R B 2 = D D 2 m ode ((N+M )/2). We divide ST into tw o equal parts, saying S P l and SP2, lengths o f S P l SP2 are equal or length (SPl)=length (SP2)+1. W e rotate SP l to left RBi times and rotate SP2 to right RB2 times. Insert RBi, RB2 to the trailer o f com bination o f new SPl and SP2.

G et symbol table after rotation (STAR).

176 H u c y -M in g -L e e et aỉ. Ị V N U Journal o f Science, Natural Sciences and Technology 24 (2008) 170-Ĩ78

S tep 5: C om plem en t the sym bol table after rotation. Set control bit table (CBIT) to all 0 and byte length to L= [(N +M + 2)/8+l]. If the value o f STA R is below the certain value (ex.

20i6), we com plem ent the symbol o f STAR to get sym bol table after com plem ent (STAC) and set the relative bit o f CBIT to 1.

S tep 6: P a c k e d control byte table. To form control byte table (CBT), we take each 7 bits (as eeeeeee) o f C B IT from left and set control byte as e e e le e e e . The length o f CBT is K =[(N +M +2)/7] +1.

(2) Build background sym bol table (BST)

Step 1: R eserve table

Set s to form at code. W e set num ber L=2*N +S. W e reserve table size as L.

Step2: S e t value o f table. Set above table as random value betw een 20i6 to F0i6

(3) Build cipher text

W e have STA C (sym bol table after com plem ent), C B T (control byte table), s c , N, M ,a n d K.

From form at code, we store s c , STAC and CBT to B ST and B ST is cipher text.

2). F orm at code

W e m ay define some value o f form at code as show ing T able 6.

3). M essage fo r m a t

The forniat o f sending m essage has fields as Code, U ser-id and cipher text.

4). Algorithm description

In this algorithm , we have solved the follow ing items.

(1) Data uncertainty;

(2) B rute-force by volum e o f data to send;

(3) C hange contents o f plaintext;

(4) N etw ork ừansm ission;

(5) Sim ple com putation.

5). C om bination possibility

T im e s o f E ncryption Step Com bination (1) Shift the sym bol table 8**(N) (2) Insert dum m y sym bol 256**M (3) Set rotate byte and rotate ( (N +M )/2)**2 (4) C om plem ent the STA R 2**(N+M +2) (5 ) P a c k e d 2 * * 7 * ( I N T (( N +m Vi)/7 )+ 1 ) (6) R eserve T able 240**(0.7N)

(7) Form at code 240

The total possible com binalions are 8**(N )*256**M *(N +M )*

( (N +M )/2)**2**2**(N +M +2)

*2**7*(IN T ((N + M + l)/7)+ l)*240**(0.7N )*240 This num ber is large. Il is difficult to decrypt.

4.2. D ecryption algorithm (ID C Inform ation D ecryption C om ponent)

D ecryption is the reversed order o f encryption. B efore decryption, we should know the values

s

o f forniat code in execute user inform ation data base and

u

(length o f user-id + 1 (C ode)). W e get the L (length o f message).

W e can com pute the length o f tables as follows Table 6. C ontents o f form at code and cipher text.

Form at C ode C ipher text Content

1 SC ,STA C ,C B T

2 SC, dd, STAC, dd, CBT

3 STA C, SC, CBT

>127 Store in reverse order

w here dd is ứie character skipped.

The length o f sym bol table N"=1/2*(L-S-U).

Hỉíc\/-Mi}ỉsi~Lcc ct nỉ. / V N U louruaỉ of Science, Natural Scicỉiccs and TechnoỉOịỊĩ/ 24 (200S) 170-Ĩ78 177 The length o f dum m y sym bol M=

lN T (N nO )+ l.

The length o f CBT K -[(N + M + 2 )/7 ] +1.

From different format code and above values, we can get s c , STAC and CBT.

I) The step s o f d ecrypt ion a lg o rith m a re as fo llo w s:

S tep 1: Get fr o m cipher te xt (CT), We get N, M, K, SC, STAC and CBT.

Step 2: P ack control bit table (C B IT ). We retrieve 7 bits (skip the bit from left o f each byte) from each CBT. We pack above bits to form the CBIT and length L=[(NH-M +2)/8]+l.

Step 3: C om plem ent sym b o l table after com plem en t (ST A C ). From each bit o f CBIT, if the value o f relative bit is 1, w e com plem ent the corresponding byte o f STAC and get symbol table after rotation (STAR).

Step 4: R otate sym bol table a fter rotation (ST A R ), Get rotated byte RBi=STARN4Mfi and RB2 = STARn+m^2 We divide first N+M symbols o f STA R to two equal parts, saying SPl and SP2, lengths o f SP l and P2 are equal or length (S P l) =length (SP2) +1. W e rotate SP l to right R B| times and rotate SP2 to left RB2 times. We com bine S P l and SP2 to get symbol table after shift (STAS).

Step 5: S h ift the sym bol table after shift (ST A S). Set S C -8-(S C -32), W e left shift each byte o f first N bytes o f STA S and get the plaintext. This is the original plaintext.

5. Conclusion and discussion

In this study, we use the basic com puting operations to design the encryption and decryption algorithm s. It d o e sn ’t need any special hardw are. Finally, we m ake some comments about this study.

a) To do the encryption, w e m ust know format code to produce cipher text.

b) Each cipher text m ay have different length and format because it has different form at code and the length o f dum m y sym bol table.

c) To do decryption, we m ust know form at code, shift count and different form at to decrypt cipher text to plaintext.

d) The proposed algorithm in this study is more difficult to cryptanalysis, because the following fields o f each transaction have different value in the cipher text.

(a) format code, (b) shift count, (c) rotation (d) background table o f random data.

e) M essage processes through en cryp tion and decryption are m ore secure.

j) Give perm ission from supervisor and do inform ation process.

A c k n o w le d g e m e n ts , This w ork was supported in part by the N ational Science Council, Republic o f China, under G rant N SC - 96-2745-M -034-002-Ư RD .

References

[1] I. Foster, c . Kcssclman, s. T ucckc, ‘'G R A M : Key

conccpt” , Available: http;//w w w -

unix.globus.org/toolkiư

docs/3.2/gram /kcỵ/indcx.htm ỉ, July 3 1 ,1 9 9 8

[2] I. Foster,

c.

Kessclm an, "G lobus; A M ctacom puling Infrastructure Toolkit", ỉniernaíionaỉ Journal o f Supercom puter Application Vol. 11 No. 2 (1997)

115.

[3] H.M. Lee,

c.c.

Hsu, M.H. Hsu, "A Dynam ic Supervising Model Based on Grid E nvironm ent", Know ledge-Based Intelligent b ifonnation &

Engineering Systems, LNCS 3682, Springcr-V erlag, (2005) 1258.

[4] H.M. Lee, T.Y. Lee, C.H. Yang, M .ll. Hsu, “ An Optimal Analyzing Resources M odel Based on G rid Environm ent”, WSEAS Transactions on Information Science and Applications, Issue 5, Vol. 3 (2006) 960.

[5] H.M. Lee, T.y!lcc, M.H. Msu, "A Process Schedule

Analyzing Model Based on Grid E nvironm ent", K now ledge-Based Intelligent Inform ation &

E ngineering System s, Part III, LNA! 4253, Springcr- Vcrlag, (2006) 938.

[6] E. Biham, A. Shamir, "D iffcrcniial C r\p ian aly sis o f DES-Iike CrvptosN'Slcm*', Advances in Crypiolog}’-

178 H u e ỵ -M in g -L e e et aỉ. / V N U Journal o f Science, Natural Sciences and Technologx/ 24 (2008) Ĩ7 0 - Ĩ 7 8

C R YP TO '90 Proceedings, Berlin; Springcr-Vcrlag, (1 9 9 1 )2 .

[7] E. Biham, A. Sham ir, "A D ifferential Cryptanalysis o f the D ata Encry>ption S ta n d a rd ', springer, Berlin H eidelberg N ew York, 1993

[8] E. Biham, A. Sham ir, '"Differential Cryptanalysis o f D ata Encryption S ta n d a rd ', Berlin: Springer-Verlag,

1993.

[9] w . Stallings, C ryptography and N etw ork Security:

Principles a n d P ra ciices'\ International Edition, Third Edition 2003 by Pearson Education, Inc. Upper Saddle River, NJ 07458.

[10] R.L. Rivest, A. Sham ir, L. A dlcm an, “ A M ethod for O btaining Digital Signatures and Public -K e y C ryptosystem s” , C om m unications o f the ACM , Vol.

21 No. 2 (1978) 120.

[1 1 ]R .J . M cE liece, "‘A P ublic-K ey System B ased on A lgebraic C oding Theory’,'" Deep Sace Netw ork P rogress R eport, 44, Jet Propulsion Laboratory, C alifornia Institute ofT cch n o io g y (1978) Ị 14.

[12] R .c . M erklc, “O ne Way Hash Function and DES,”

Proc. C r y p to '89, Berlin Springer-V crlag (1990) 428.

[13] S. M iyaguchi, “T he FEAL-8 Cryptosystem and Call for A ttack,” A dvances in C r)'piohgy-C R Y P T O '89 proceed in g s, Springcr-V erlag (1990) 624.

[14] T.Y. Lee, H.M . Lee, “ Encryption and Decryption A lgorithm o f D ata Transm ission in Network Security” , W SE A S Transactions on Information Science a n d A pplications, Issue 12, Vol. 3 (2006) 2557.