International J ournal of Advanced C omputer Science, Vol. 2, No. 7, Pp. 269-273, Jul., 2012.

Sys-Log Database Manipulation Security Protocol by Message splitting

Somchai Prakancharoen
AbstractSys-log message is the importance data which could present information about internet source-destination connection of all IP address nodes in each network server. These sys-log messages must be securely kept in database in case of being referenced, such as legal requesting. The objective of this research was to develop two security protocols of system log message database manipulation. The first protocol [1], message was split to two non oblivious halves then sent them to be appended in two difference databases. These databases were managed by two database administrators (DBA#1, DBA#2). They could not know the meaning of received message and both messages were meaningless when normally put two of them together. This protocol was developed by two security protocol; Message splitting and Blind signature protocol. Security techniques such as RSA, Keyed hashing function-MAC were used as basic processing in protocol scenario. Nevertheless, each DBA could verify authentication of the sender (system administrator) by senders digital signature and integrity of log message by keyed hashing function. The second protocol, the first protocol is suitable for critical secrecy sys-log. In case of less critical secrecy or large volume of sys-log transactions, small amount of calculation time protocol is more preference. Message splitting in twice time with the senders defined same length bit string could increase security while integrity of message is still preserved. These designed protocols can help network system administrator and DBA easily manipulate sys-log database and also increase securely ensure manipulation of sys-log database.

Manuscript
Received: 6, Sep., 2011 Revised: 10,Nov., 2011 Accepted: 25,Jun., 2012 Published: 15,Aug.,2012

Keywords
Security protocol, System-log message database manipulation, Message splitting

must available to be retrieved with no any changing from their original content. The objective of his research was to present two simplified designing of sys-log manipulation protocols in organizations entrusted database. The designed protocols require many techniques and even some security protocol. The digital signature protocol was used to authenticate sender (network system administrator) for prevent repudiation. Blind signature was used to authenticate signer (Database administrator) under obliviousness of their responsible messages. Message splitting protocol was used to split message to a number of unknown meaning message segments. The stakeholders of this event were network administrator (NAD) and database administrator (DBA). Every one has to undertake their function and preserve them selves in security as well. The requirements of this protocol were difference belong to each stakeholder responsibility. NAD has to either split or create secret parts of sys-log message into pieces of unknown meaning messages then send them to be kept in two or more separate database engines. This mean that DBAs could not able to understand reading or attention meaning change any messages which were kept in their responsible database engine. The secure and integrity of these sent and afterward retrieved message were what that NAD really want. DBA have to maintain this message and send it back to NAD when NAD request for it. In side of DBA, they want to check whether sending message were sent from authenticate NAD. The integrity of pre and post sys-log message must able to prove for preventing NADs repudiation and forgery. The appreciate protocol must covered all of these fundamental requirements.

2. Related Theory
A. Message splitting protocol [2] Message splitting is a protocol of splitting message to a number of message segments. If these split messages were operated with some function then original message will be return to the original content. For example, if M is a original message, R is any defined random message with the same number of bits as M. We can get S, target random string with same bit length, by operate exclusive .OR. (.XOR. operator) of M with R. In reverse, when R and S were again operated with .XOR. then we can got M. R and S are irrelevant to Ms meaning so the secret of M was spl it out to two pieces of irrelevant random messages (R,S). 1.M .XOR. R -> S 2.S .XOR. R -> M

1. Introduction
Network system log (sys-log) is internet connection message of organization which every organizations network administrator (NAD) has to mandatory maintained them under security law regulation of many countries. The sys-log messages which were kept in sys-log database and
Somchai Prakancharoen is with Department of Computer and Information Science Faculty of Applied Science, King Mongkuts University of Technology North Bangkok, Bangkok, Thailand (email: s.p.k@kmutnb.ac.th)

270

International J ournal of Advanced C omputer Science, Vol. 2, No. 7, Pp. 269-273, Jul., 2012.

B. Blind signature protocol [3] Blind signature is mostly applied in self enforcement digital money payment protocol in e-commerce [4]. Customer (Banks account holder) would like bank to guarantee customers electronic money payment transaction. The activity of this protocol was explained here. First, customer create a number of customers identical encrypted issued payment messages. All of these were sent to Bank. Bank choose one of them in random. Bank ask customer to decrypt all another of these to confirm that the un-asked message which was chosen by bank will possibly have the same content. If all of the decrypted messages have similar message (for example 99% of asked for decryption messages) then bank undertake digital signature on not decrypted (non obvious) issued message and sent it back to customer. This Banks signature encrypted message will be used as e-money by customer for goods paying with merchandise afterward. Bank sign the encrypted message without customer decryption so he dont know the content of message say that bank do signing in blindness. For example, Customer(C); RSA private key (e, n), R is Cs secret random number, M is message (such as e-money transaction), KPriv_A (Private key of C), KPub_A (Public key of C) Bank(B); RSA public key (d,n) which received from C, KPriv_B (Private key of B), KPub_B(Public key of B). Step-1: C; create E KPub_B (M.Re Mod n) then sent it to Bank (B) Step-2: B; decrypt the received message with D KPriv_B (for privacy of message sending) then decrypt it with RSA(d,n) RSA(d,n) -> (M.Re Mod n)d Mod n. B sent this ones back to C Step-3: C; encrypt received message with RSA(e,n) and R-1. ((M.Re Mod n)d Mod n)eR-1) Mod n -> M

3. Research Framework
Protocol#1 (message splitting approach) A. Protocol#1 scenario Functions of designed protocol are described step by step as: [NAD: A] Node: 0 NAD prepare non obvious sys-log random string message (S) with message splitting protocol. f KPR_A(R,M), f KPR_A(S,M) were created. This value will be used as digital signature of A. Node: 1 Random string message (R) was multiplied with RSA encrypt (e1, n1) r, keyed (with private key of A) hash value of (R,M) and time stamp (occurring time of this transaction log) were encrypt with DBA#1 public key. This

cipher text was then sent to DBA#1 in node: 2. Node: 7 Random string message (S) multiplied with RSA encrypt (e2,n2) r, keyed (with private key of A) hash value of (S,M) and time stamp (occurrence time of this transaction log) were encrypt with DBA#2 public key. This cipher text was then sent to DBA#2 in node: 8. [DBA#1: A] Node: 2 DBA#1 receive cipher text (output of node: 1) from NAD. Node: 3 DBA#1 decrypt it with DBA#1s private key and R-1. Node: 4 DBA#1 decrypt only the first part with DBA#1s RSA (d1,n1) then he got (R.r e1)d1 mod n1 after that concatenate it with T. DBA#1 sent all of them back to NAD. The un processed part, f KPR_A(R,M), will be referenced as As digital signature. This event DBA#1 will do this step only when NAD has sent a request for with a specific T (time of sys-log transaction that was occurred in networking system). [DBA#2: B] Node: 8 DBA#2 receive cipher text (output of node:7) from NAD. Node: 9 DBA#2 decrypt it with DBA#2s private key. Node: 10 DBA#2 decrypt only the first part with DBA#2s RSA (d2,n2) then he got (S.r e2)d2 mod n2 after that concatenate it with T. DBA#2 sent all of them back to NAD. The un processed part, f KPR_A(S,M), will be referenced as As digital signature. This event DBA#2 will do this step only when NAD sent a request for with a specific T (Time of sys-log transaction that was occurred in networking system). [NAD] Node: 5 NAD receive sent node: 4 message from DBA#1. Then inverse it with r -1. Node: 6 NAD encrypt the result from node: 5 with RSA (e1,n1) then NAD got R. Node: 11 NAD receive sent node: 10 message from DBA#2. Then inverse it with r -1. Node: 12 NAD encrypt the result from node: 9 with RSA (e2,n2) then NAD got S. Node: 13 NAD operates .XOR. between R with S then M is presented. The symbols using with each one are shown here. [NAD: A] -KPR_A , KPU_A are Private and public key of A -(e1,n1), (d1,n1); (e2,n2), (d2,n2) are RSA pair of As encrypt and decrypt keys. -R is an arbitrary As defined random string with same size to M or by bit padding.
International Journal Publishers Group (IJPG)

Somchai Prakancharoen: Sys-Log Database Manipulation Security Protocol by Message splitting.

NAD K Pr A ,K Pu A ,K Pu B ,K Pu C, DBA#1 K Pr -B , K Pu A , K Pu C , DBA#2 K Pr - C , K Pu A , K Pu B ,
(d 2 , n2 )

271

(e1 ,n1 ),(e 2 ,n 2 ) R,r,M,T(TimeStamp)

0. M M R S Digital Signature of A

(d1, n1)

A 8. E K (S r e 2 mod n 2 ,fK Pr A (S,M),T) Pu C

fK Pr A (m)
1. E K (R r e1 mod n1 ,fK Pr A (R,M),T) Pu B 7. E K (S r e 2 mod n 2 ,fK Pr A (S,M),T) Pu C A 2. E K (R r e1 mod n1 ,fK Pr A (R,M),T) Pu B

K Pr B
3. R r e1 mod n1 ,fK (R,M),T Pr A 4. (R r e1 ) d1 mod n1

K Pr C
9. S r e 2 mod n 2 ,fK (S,M),T Pr A 10. (S r e 2 ) d 2 mod n 2 ||

e d 5. (R r 1 ) 1 mod n1 ,T

|| 11. (S r e 2 ) d 2 mod n 2 ,T

R d1 r e1d1 mod n1
r-1

R mod n1
6. (R d1 )e1 mod n1 R 13. +

d1

Sd 2 r e 2 d 2 mod n 2 ,T
S d 2 mod n2
12. (Sd 2 )e 2 mod n 2 S
r-1

M Fig. 1. Sys-log database manipulation security protocol#1 (message splitting approach)

NAD

DBA#1
Epub-DBA#2(Epriv-NAD())

DBA#2

0. M N P,T OT S || T P R S R || T
Epub-DBA#1(Epriv-NAD())

1.Epub-DBA#2 (Epriv-NAD(S, H(S),T ))

1.Epub-DBA#1(Epriv-NAD(R, H(R),T ))
Dpub-NAD(Dpub-DBA#1(...)) by DBA#1 Dpub-NAD(Dpub-DBA#2(...)) by DBA#2

2.R,H(R),T T OT
3.

DBA#1

2.S,H(S),T

DBA#2

3.

R, T

3.

S, T
4.Epub-NAD(Epriv-DBA#2(S, H(S),T )) by DBA#2

Dpub-DBA#1(Dpriv-NAD(R, H(R),T )) by NAD

4.Epub-NAD(Epriv-DBA#1(R, H(R),T )) by DBA#1

5.R, T R

5.S, T S

Dpub-DBA#2(Dpriv-NAD(S, H(S), T )) by NAD

M
Fig. 2. Sys-log manipulation protocol#2 (message twice splitting approach)

International Journal Publishers Group (IJPG)

272

International J ournal of Advanced C omputer Science, Vol. 2, No. 7, Pp. 269-273, Jul., 2012.

-S is target random string gathered from .XOR. operation between M with R. -r is a difference arbitrary As defined random string. -M is sys-log message. -T is occurrence time or time stamp of each sys-log messages -f KPR_A() is MD5-keyed (KPR_A) hashing function [DBA#1: B] -KPR_B, KPU_B are private and public key of B (d1,n1) is RSA decryption key (received from A). [DBA#2: C] -KPR_C, KPU_C are private and public key of C (d2,n2) is RSA decryption key (received from A). B. Security of designed protocol Sequences of tasks which help to accomplish the sys-log maintenance protocol are illustrated in Fig. 1. The MD5 keyed (KPR_A) hashing function in node:1 and node: 7 could be used to verify authentication of sender whether it is NAD or not. DBA can verify with KPR_A, in case of repudiation of NAD. The message that DBA received from NAD are meaningless to DBA so DBA cannot read or change it. The Original message M will be gathered only after perform every steps. Nevertheless, DBA can ask NAD to declare re-process his digital signature for message integrity checking if someone make guess about DBA responsibility. The hacker whom attacks to sys-log database could not read or change any meaningless sys-log message. He can only no direction file or record deletion. Database access control method must be configured setting to prevent this kind of deliberate external attacks. Protocol#2 (message twice splitting) A. Protocol#2 scenario Protocol#1 presented above has two problems. The first, message has to process more calculation activities so it is not suitable for less critical secure sys-log manipulation. The other problem is that T (Time stamp) of sys-log transaction is not kept secret. Each sys-log transaction has a unique T value which represents target transaction to be retrieved. Known of T, DBA or intruder can easily and directly scramble or attack specific sys-log transaction. To overcome these problems, twice message splitting technique is used to solve both problems. For example, the problem in T is easily solved by simply exclusive .OR. it with another secret string which has the same length to T. The functions of designed protocol#2 are described step by step as: [NAD: side] Node: 0 This step sender has to prepare M, N, R, T, O. M is a sys-log transaction message. N and R are two difference secrets NADs defined random string which have same length with M. T is time stamp of this sys-log transaction while O is a secret NADs defined random string which has same length with T. NAD operate .XOR.

between M with N then get P. P is performed .XOR. with R then get S. R and S should be two random strings, unknown secrets, that NAD sent them to DBA#1 and DBA#2 under public key encryption respectively along with T', T' is got from .XOR. T with O. H() is MD5 hashing value. [DBA#i: side] Node: 2 DBA#1, or #i [process the same action], receive its piece of secret then decrypt it with (Dpub-NAD(Dpriv-DBA#i()) and save it in #i database engine (node: 2). In case of NAD request on T' sys-log transaction (on node: 3), DBA#i retrieve T record from database engine#i then sent it, (R, H(R) || T') or (S, H(S) || T') under public key encryption (Epub-NAD(Epriv-DBA#i()), back to NAD. [NAD: side] Node: 5 NAD receive secret shares from all sys-log transaction which are sent back from entrust databases. Public key decryption is performed then NAD receives R and S. R is .XOR. with S then P is recovered. P is process .XOR. again with N then M is recovered. The mission is now completed.

4. Conclusion and Suggestion

Protocol#1 (message splitting approach) A. Conclusion NAD can manage secure and integrity of sys-log messages with no one can access or modify its contents. DBA can preserve the sys-log messages in trust that message is really sent from NAD. NAD can not repudiate or forge to DBA. Attacker could be prevented away from sys-log database accessing using any kind of database access control such as RBAC. Even though he can access to database, he cannot understand what and which to read or change. B. Suggestion for further research This protocol provides security in sys-log message manipulation but reduce availability. For performance improvement, the operation tasks may be delivered to third party tiers that specific responsibility to manage this activity. The number of database engines are not limited at only two nodes so more database nodes is required in case of more secure sys-log manipulation. It can increase more confusion by allocate more than two sys-log databases but only two of them should be assigned to responsibly manipulate a specific sys-log transaction. The next sys-log transaction should be assigned with another pair of sys-log database engine by some random function. Cumbersome in random number generation, such as R, r, may be overcome by automation perform any mathematic operation between NADs password, KPR_A, T, etc.
International Journal Publishers Group (IJPG)

Somchai Prakancharoen: Sys-Log Database Manipulation Security Protocol by Message splitting. Protocol#2 (message twice splitting approach) A. Conclusion The advantage of protocol#2 DBA#i has no need to perform any function but ordinary decryption while NADs sent secret can be preserved NADs repudiation. Time stamp of sys-log transaction is changed to new value so that DBA can not easily understand its real time stamp of each sys-log transaction. Performance of operation is more better than Protocol#1. The disadvantage of protocol#2 All secret parts must be sent back for recovery M. If some DBA can not sent its secret part back then M is impossible recovery. In sight of DBA responsibility, verification of their received sys-log transaction should more easily be checked. B. Suggestion for further research Now a day, cloud storage technology is increase availability and scalable storage nodes, Nevertheless, there are more vulnerable attacks. To obtain these advantages, some secure techniques may be found out. In case of flexibility in amount of entrust DBA, t, n threshold key escrow technique should be considered implemented.

273

References
[1] Prakancharoen

Somchai, Sys-log database manipulation security protocol, International conference on advanced computer theory and engineering proceeding, 2010, Chengdu, China [2] Schneier Bruce.,Applied cryptography, second edition: protocol, algorithms, Wiley, ISBN 0-471-11709-9. [3] David Chaum, Blind signatures for untraceable payments, Advances in Cryptology Crypto '82, Springer-Verlag (1983), pp. 199-203. [4] Gregor Heinrich, Survey of Electronic Money Developments, CPSS Publications No. 38 May 2000, Bank for International Settlements, Institute of informatik, Zurich University: SWISS, 2008.

International Journal Publishers Group (IJPG)