International Conference on Computer Networks and Security ...

<strong>International</strong> <strong>Conference</strong>
on
Computer Networks and Security
(ICCNS 08)
(September 27-28, 2008)
Organized by
Department of Computer Engineering
Bansilal Ramnath Agarwal Charitable Trust’s
Vishwakarma Institute of Technology , Pune
(An Autonomous Institute affiliated to University of Pune)
666, Upper Indira Nagar, Bibwewadi , Pune , India 411 037

Information contained in this work has
been obtained by Vishwakarma
Institute of Technology, from sources
believed to be reliable.
However, Vishwakarma Institute of
Technology, does not guarantee a the
accuracy or completeness of any
information published herein.
Vishwakarma Institute of Technology
accepts no responsibility for opinions
and statements made by individual
authors. Editorial board may or may
not agree with the matter printed
inside.
Vishwakarma Institute of Technology
Copyright © 2008 , by Vishwakarma Institute of Technology, Pune
No part of this publication may be reproduced or distributed in any form or by any
means , electronic, mechanical, photocopying , recording , or otherwise or stored in a
database without the prior written permission of the publishers.
ISBN 978-81-906198-0-7
Published by the Vishwakarma Institute of Technology,
666, Upper Indira Nagar, Bibwewadi, Pune 411 037 and
Printed at Kalyani Corporation,
Near Renuka Swaroop School, Sadashiv Peth, Pune 411 030

In association with
Persistent Systems Limited
Wipro Technologies
Asian Institute of Technology,
Bangkok
Groupe des Ecoles des mines
France

Patrons
Shri Rajkumar Agarwal
Shri Bharat Agarwal
General Chair
Prof. Hemant Abhyankar
Chaiman, Bansilal Ramnath Agarwal Charitable Trust, Pune
Managing Trustee
Director, Vishwakarma Institute of Technology , Pune
Advisory Chairs
Prof. Said Irandoust
Dr. Ashok Jhunjhunwala
Dr. Chandra Sekaran K.
Dr. Shridhar Shukla
Dr. Sachin Lodha
Dr. Parag Kulkarni
Mr. Bajrangdas Lohiya
Mr. Udayan Kanade
Dr. Ravi Thool
Dr. P.J. Kulkarni
Dr. D.B. Kulkarni
Dr. P.W. Wani
Dr. G.V. Choudhari
Dr. B.S. Choudhari
Dr. D.H. Manjaiah
Dr. S.D. Lokhande
Dr. D.S. Bormane
Dr. J.V. Kulkarni
Dr. A.S. Abhyankar
AIT, Bangkok
IIT, Madras
NIT, Suratkal
GS Lab, Pune
TCS, Pune
Capsilon, Pune
CISPL, Pune
Oneirix, Pune
SGGS COE , Nanded
Walchand College of Engineering , Sangli
Walchand College of Engineering , Sangli
Dean, Faculty of Engineering, University of Pune
Dr. Babasaheb Ambedkar Technological University
IIIT, Pune
Mangalore
Sinhgad College of Engineering ,Pune
Rajarshee Shahu College of Engineering , Pune
Vishwakarma Institute of Technology, Pune
Vishwakarma Institute of Information Technology, Pune
iv

Editor’s View
As our country is working towards coming on a forefronts of technology, Computer
Networks and Security Systems have a very important role to play.
For celebrating the 25 th anniversary of our Institute, our senior faculty and Heads of
Departments have planned a series of <strong>International</strong> <strong>Conference</strong>s on important
technical issues. The Department of Computer Engineering and their faculty have
taken great efforts to network researchers in the area of Computer Networks and
Security. It is a pleasure to note that a good number of researchers have responded
and are contributing to this <strong>International</strong> <strong>Conference</strong>.
I take this opportunity to extend a warm welcome to them and formally thank them
for their participation.
The interaction during this conference through paper presentations and invited
speeches would offer joyful learning to all the participants. The Institute is really too
keen to ensure that learning always remains joyful.
Hemant Abhyankar,
Chief Editor, ICCNS 08
Director, Vishwakarma Institute of Technology , Pune

Index
Network Security
NS01 Parametric Neuro Security System with Intrusion Detection Capability 01
Meenaxi M. Raikar, Deepa S. Garag
NS02 SHA-1 algorithm based Integrity checking tool for the Security Enhancement 06
Mohd. Ashraf , Rashid Ali
NS03 Cross layer Backbone Routing for MANET based on Bandwidth Estimation 11
Rekha Patil, Dr. A. Damodaram
NS04 Vulnerability in WIMAX MAC 16
Prof. P. A. Bamnodkar, Prof. G. V. Garje, Pankaj Kulkarni
NS05 Efficient Indexing and Searching for dynamic website 20
Karunendra Verma, Prof. R.V. Pawar
NS06 ARBSGen: Association Rule Based automatic worm Signature Generation 25
Sandeep A. Thorat, Rohit A. Khot
NS07
Integrated Approach for Signature Extraction and Profile Generation of Malwares
with Monitoring and Detection
Suhel Ahamed, Dr. J. L. Rana, R. K. Pateriya
30
NS08 Security in Java2 Micro Edition Using MIDlet 35
Vasanth. G., Pradeep B. S., Soumya S., Venugopal A. G.
NS09 Using Neuro-fuzzy techniques to reduce false alerts in IDs 44
Gaonjar Paresh, N. Z. Tarapore, S. G. Pukale
NS10
Security Threats Awareness for Mobile Ad hoc Networks: Applications and
Challenges
Parul Agarwal, Brijesh Singh Yadav
50
NS11 Protection of Sensitive Data in Wireless Devices 56
Nikhil Agrawal, Shubhank Jain, Sheetal Takale
vii

NS12 Securing AODV for MANETs using Message Digest with Secret Key 62
Sunil J. Soni, Prashant B. Swadas
NS13 A Survey on Security issues in Mobile ADHOC networks 68
Pallavi Khatri , Sarita Bhadoria, Mamta Narwariya
NS14 Statistical based anomaly detection technique for detecting intrusions in Snort N-IDS 73
Sumithra Devi K A., Andhe Dharani, Renuka Prasad B., Akshay L. Marathe
NS15
Applying Knowledge Discovery in Database Techniques in Modeling Packet Header
Anomaly Intrusion Detection Systems
Solahuddin B. Shamsuddin, Mike E. Woodward
78
NS16 Rich Internet Applications Security Enhancements 86
Dr. Maheshkumar H. Kolekar, Prof. A. J. Patankar, Yogi R. Joshi
NS17 Issues Over Wireless Links 91
Rachana T. Nemade
NS18 Efficient and Secure Multicast Communication 97
Karan Singh, Rama Shankar Yadav
NS19
Enhanced Optimistic Fair-exchange Protocols for Secured Electronic Transactions
Based on DSA Signatures
Kishore B. Pawar, Sunil G. Bhirud
103
NS20 Improved Algorithmic Routing for Disruption Tolerant Network 107
Mohammad Arif, Rama Shankar Yadav
NS21 Implementation of Protocol Anomaly Detection System for Network Security 113
Prof. Sahana Bhosale, Prof. Ravindra P. Joshi, Prof. Prakash H. Patil
NS22
Security enhancement by reliable secret sharing and embedding using bit plane
complexity segmentation
Sonali Patil, Dr. Arpita Gopal, Amresh Nikam, M. A. Potey
119
viii

Network Management
NM01
Analysis of Reactive Routing Protocols in Congested MANETS based on Energy
Consumption
M. Neelakantappa, Dr. B. Satyanarayana, Dr. A. Damodaram
124
NM02 Analytic Investigation for Security in Wireless Hotspot Networks 128
Raad A. Muhajjar, S. Kazim Naqvi, Nupur Prakash
NM03 Autonomic System Manager 134
Karuna C. Gull, Prof. R. M. Jogdand
NM04 CHAMELEON: An Agile Framework For Adaptive Web Site Generation 140
Abhinay R. Nagpal, Deepak M. Zambre, Chinmay P. Soman, Harshwardhan S. Mulay
NM05 X-Server Database: Strong RDBMS for Wired and Wireless Network 147
Prof. Prakash Devale, Pritesh Patil
NM06 Transliteration Approach for Customizable Localization 151
Sanjesh S. Pawale, Manikrao L. Dhore, Mahesh R. Dube, Ashutosh M. Kulkarni
NM07
Adaptive and Aggregation Aware Scheduling Algorithm for Event Detection
Application
A. Sivagami , K. Pavai, D. Sridharan, S. A. V. Satya Murty
156
NM08 An Efficient Eager Dynamic Primary Copy Algorithm for Replicated UDDI Registry 161
Pradhan B. Umesh, Bharath Kumar A. R., Ananthanarayana V. S.
NM09 Evaluation of Huffman Coding Technique 167
P. D. Ganjewar, Prof. U. S. Bhadade
NM10 Methods For Efficient Work Load Migration 171
P. Neelakantan, Dr. M. M. Naidu
NM11 Requirements Driven Modeling of Autonomic Systems 175
K. Chandra Sekaran, Prarthana A. G., Shruthi Viswanath
NM12 Performance Evolution of AODV, DSDV and DSR for MANET 181
Lakshmikanth G., Prof. A. Gaiwak, Dr. P .D. Vyavahare
ix

NM13
Mutually Exclusive Determination of Shortest Path in Mobile Ad-Hoc Networks – A
tree based approach
Sanket Sarang
187
NM14 Optimized FTP System 192
Patil S. H., Khadtare M., Ursal S. U., Mahajan S. A.
NM15
Time-slotted Routing Technique Enhances Wireless Communication in Mobile Adhoc
Network
Pallavi Khatri, Ankush Jain
198
NM16 Adaptive Call Admission Control for Wireless Mobile Network 202
Varsha N. Wahane, Vijayalaxmi Kadroli
NM17 A Vigorous Spanning Tree Topology for Distributed Applications 207
Smita A. Attarde, Shital K. Dhamal
NM18 Hybrid Chaining Scheme for Video-on-Demand Applications Based on Popularity 213
R. Roopalakshmi, R. Ashok Kumar
NM19 Broadband Network for Live EduSat Connectivity of <strong>Conference</strong> Proceedings 220
M. Murugan, N. P. Pathak, A. S. Tavildar, M. J. Khurjekar
NM20 Evolutionary Algorithm for Hybrid Channel Allocation in Wireless Mobile Network 224
S. R. Shinde, A. M. Jadhav
NM21 Optimum Detection in Block Data Transmission Systems Using Genetic Algorithm 228
Sameena Naaz, Afshar Alam
NM22 Optimized Bandwidth Sharing for Delay Guarantee Using Feedback Loop Control 234
Prem Kumar Nonia , R. Manivasakan
NM23 Network Analyzers and Device Management 238
Thaksen J Parvat, Dr. Yogesh Singh , Dr. Pravin Chandra
NM24
A Novel Method of Broadcasting using Zone Based Multicasting AMRoute in Mobile
Adhoc Networks
Wg Cdr(Retd) Devasish Pal
241
NM25 Mobile Forensics: the study of collecting digital evidence from mobile devices 246
Rizwan Ahmed, Dr. R. V. Dharaskar, Dr. V. M. Thakare
x

Cryptography and Cryptographic Protocols
CP01
CP02
Implementation of Cryptography using VLSI Technology to improve Data Security
with High Flexibility
Sheetal N. Raut, Smita R. Desai, Dr. P. M. Patil
EEEP: An Energy Efficient Election Protocol for Multi-level Clustering in
Homogeneous Wireless Sensor Networks
Nidhi Bansal, T. P. Sharma, Manoj Mishra, R. C. Joshi
254
258
CP03 Cryptanalysis and Security Comparison of Two Clock Controlled Generators 264
Ancy S. Anselam, Deepthi P. P., Sathidevi P.S.
CP04
Elliptic Curve Cryptography based Mutual Authenticated Key Agreement protocol for
secured wireless communication
Kakali Chatterjee
270
CP05 Hardware Efficient Stream Cipher Based on Hash Function 274
Lakshmi V. S., Deepthi P. P., Sathidevi P.S.
CP06 The Information Encryption Using Fibonacci Series 280
Balasaheb S. Tarle, Dr. Vrinda Tokekar
CP07
Proactive Loss Prediction: A solution to problem
of Packet Reordering in TCP
Pradhan B. Umesh, Rio G. L. D’Souza
287
CP08 Security Vulnerabilities in mobile IPv6 293
R Radhakrishnan, Majid Jamil, Shabana Mehfuz, Moinuddin
CP09 A Study on Comparison and Contrast between IPv6 and IPv4 Feature Sets 297
Hanumanthappa J., Manjaiah D. H.
CP10 Improved Preemptive Multipath On Demand Routing Protocol for Adhoc Networks 303
Sujatha P. Terdal, Dr V. D. Mytri, Dr. A. Damaodaram
CP11
CP12
Evaluation and Improving Performance of the Dynamic Source Routing Protocol for
MANETS
Dr. B. Satyanarayana, M. Neelakantappa, Dr. A. Damodaram
Performance Analysis of Routing Protocols in Wireless Sensor and Actor Networks
from an Actor to Actor Perspective
Gowrishankar S., T. G. Basavaraju, Manjaiah D. H., Subir Kumar Sarkar
307
313
xi

CP13 Soft One To One Gateway Protocol 319
Balachandra G. C., Hanumantappa J.
CP14 Visual Cryptography & BPCS Steganography 325
M. P. Wankhade, S.T. Patil
CP15 VoIP Bluetooth Technology 329
F. M. Inamdar, S. R. Rathi
CP16 Cryptanalysis of RSA Using Mobile Agents 330
Prof. Sanjeev S. Sannakki, Prof .D. M. Choudhari, Prof. H. H. Kenchannavar
Biometrics
BM01 Biometric Security 339
Swapnaja B. More, Amol B. Ubale
BM02
Comparison of Wavelet Transform and Optimal Transform [PCA] for Facial
Recognition
Dr. H B. Kekre, Kamal Shah
342
BM03 Fingerprint Identification using Principle Component Analysis (PCA) 346
Dr. H. B. Kekre, Tanuja K. Sarode, Vinaya M. Rawool
BM04 A Survey On Current Fingerprint Matching Methods 352
Bharkad Sangita, Dr. Manesh Kokare
BM05
Consistent Key Generation from Fingerprint Identifier for Probabilistic Approach
Dynamically
Pallavi Talegaonkar, Dr. Aditya Abhyankar, Prof. Abhijeet Patankar
357
BM06 Multimodal Biometric system using shape and texture based Components 363
Deshmukh Sudarshan S., Prof.Thakore Devendra, Wathap Sapankumar Rajkumar
BM07
DCT Applied to Column Mean and Row Mean Vectors of Image for Fingerprint
Identification
Dr. H. B. Kekre, Tanuja K. Sarode, Sudeep D. Thepade
367
xii

Digital Watermarking
DW01 Audio Steganography 373
S. M. Bhadkumbhe, M. C. Hingane, G. M. Bhandari, S. B. Choudhari
DW02 Imperceptible and Robust Data Hiding 379
Suresh N. Mali, Rajesh M. Jalnekar, Mahesh R. Dube
DW03 SMS Steganography Based On Alphabets 385
Prof. Shimna Balakrishnan, Prof. P. M. Kamde, Prof. K. S. Korabu
DW04
Content Based Image Mining Approach For Terrain Knowledge In Remote Sensing
Imagery
J. L. Bind, Rimmi Devgan
389
DW05 A New Wavelet Shrinkage Method for Estimation of Biological Signals 393
V. V. K. D. V. Prasad, P. Siddaiah, B. Prabhakara Rao
DW06 Speaker Identification for the futuristic house 399
D. Y. Sakhare, P. S. Mahajani, P. S. Kasliwal
DW07 Real time speech scrambling and descrambling in time and frequency domain 405
Sarita Rajput , Khadtare M. S. , Prof. A. J. Patankar, Dr. M. H. Kolekar
DW08 Steganography in MS Word Document using its In-built Features 410
V. S. Tidake, Prof. S. G. Pukale, Prof. M. L. Dhore
DW09 Waveletbased medical data compression for telemedicine applications 414
Bairagi Vinayak, Dr. A. N. Gaikwad
DW10 Application of Beamlets to Detect & Extract Lines in Noisy Images 418
Suchitra Khoje, Prof. Dr. S. D. Lokhande, Prof. M. L. Dhore
DW11
DW12
Fingerprint Based Authentication System using Convex Hull: Invariant to Geometrical
Translation and Rotation
J. Howlader, S. Bansal, A. Kundu, Santhosh Y., B. Chakraborty
Compact Representation for Dynamic Texture Synthesis Using Multi Way SVD and
YCbCr Color Coding
Premanand P. Ghadekar, Manik L. Dhore, Suresh N. Mali, Dr. Ashok M. Sapkal
422
427
xiii

DW13
Design Of Optimal Mlp Neural Network Classifier For Intelligent Iris Recognition
System For Person Identification
Sanjay R. Ganorkar, Dr. Ashok A. Ghatol
432
DW14 Entropy Based Fast Fractal Image Compression 438
Pradnya Kulkarni , Prof. S. N. Mali, Prof. M. V. Kulkarni
Discrete Streams
DS01
Arm Processor Based Smart Time Attendance Monitoring & Recording System Using
Thumb Scanner & Smart Card
Aarti Patil, Prof. A. M. Agarkar, Anupama V. Patil
443
DS02 Fault Tolerant Grid Computing System 448
Manik Mujumdar, Meenakshi Bheevgade, Latesh Malik
DS03 Design of Microwave Drying System with Phase Controller: A Modified Applicator 452
A. S. Jambhale, B. V. Barbadekar
DS04 LFSR implementation in CMOS VLSI 458
Doshi N. A., Dhoble S. B., Kakade S.R.
DS05 Boolean Functions Realized Using Quantum Gates With Two Level Implementation 463
Pijush Kanti Bhattacharjee
DS06 Power Management in Wireless Sensor Networks: An Introductory Survey 469
Binu G. S., K. Paulose Jacob
DS07 An Improved GPS Location Tracking with Velocity Estimation 475
Mohammad Zahaby, Ganesh D. Bhutkar, Prof. M. L. Dhore
xiv

ICCNS 08
Network Security

Proceedings of ICCNS 08 , 27-28 September 2008
Parametric Neuro Security System with
Intrusion Detection Capability
Mrs. Deepa S Garag, Mrs. Meenaxi M Raikar SDM College of Engineering and Technology Dharwad, India
Abstract- Security is a compulsory need for data operation today.
The authentication process or commerce exchanges need security and
reliability. The algorithm developed using Artificial Neural Networks
can be used anywhere where Security is a must. It can be applied
whenever data is transmitted across an accessible Medium (wireless,
wires, etc),protection of personal resource, bank transactions where
security is mandatory. An Intrusion Detection System detects attacks
as soon as possible and takes appropriate action. A back propagation
neural network was trained in the identification task and tested
experimentally on a system.
Key words- security, artificial neural networks, intrusion
detection
I. INTRODUCTION
The timely and accurate detection of computer and network
system intrusions has always been an exclusive goal for
system administrators and information security researchers.
The individual creativity of attackers, the wide range of
computer hardware and operating systems, and the ever
changing nature of the overall threat to target systems have
contributed to the difficulty in effectively identifying
intrusions. An Artificial Neural Networks detects attacks as
soon as possible and takes appropriate action. Artificial
Neural Networks study normal network operation and “learn”
to recognize traffic that is abnormal, makes decisions by
analyzing data and calculating probability estimate from
comparison of the data against knowledge base.
I.1 ARTIFICIAL NEURAL NETWORK LEARNING
Learning is a dynamic process by which a system responding
to an environmental influence reorganizes itself in such a
Artificial Neural Networks that it becomes better in
functioning in the environment. Learning in Artificial neural
networks may be thought of as a special case of Machine
Learning. An artificial neural network consists of a collection
of processing elements that are highly interconnected and
transform a set of inputs to a set of desired outputs. The result
of the transformation is determined by the characteristics of
the elements and the weights associated with the
interconnections among them. By modifying the connections
between the nodes the network is able to adapt to the desired
outputs [12].
II.
MOTIVATION
The potential possibility of a deliberate unauthorized attempt
to access information, manipulate information, render a
system unreliable or unusable.
The problem with Artificial Neural Networks is that the
intruder can train the net during its learning phase, net
topology is only determined after considerable trial and error.
In simplest form, resource must be utilized by authentic user is
the solution to the above said problem. Hiding the learning
phase from the intruder and the net topology can be easily
implemented. Artificial Neural Networks provides multilevel,
multivariable security system, which can fulfill the strong
requirement of security. Apart from providing security,
Artificial Neural Networks will have the capability to detect,
if any intrusion happens, as well as several parameters will be
analyzed to know the intruder activity. The technique saves
time and money in setting up system, reduces human
intervention.
Fig.1 Framework of the security system
III. RELATED WORK
Most current approaches to the process of detecting intrusions
utilize some form of rule based analysis. Rule based analysis
relies on sets of predefined rules that are provided by an
administrator, automatically created by the system, or both.
Expert systems are the most common form of rule-based
intrusion detection approaches [11,16] The use of expert
system techniques in intrusion detection mechanisms was a
significant milestone in the development of effective and
practical detection-based information security systems [9, 11,
14, 15, 16, and 17].
Artificial neural networks have also been proposed for use in
the detection of computer viruses. In [10] and [12] neural
networks were proposed as statistical analysis approaches in
the detection of viruses and malicious software in computer
networks. The neural network architecture which was selected
for [12] was a self-organizing feature map which uses a single
layer of neurons to represent knowledge from a particular
domain in the form of a geometrically organized feature map.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 1

Proceedings of ICCNS 08 , 27-28 September 2008
IV. PROBLEM STATEMENT
The main objective of this paper is to implement the
function of Artificial Neural Networks in this security system
as a one-way HASH function.
V.2 TESTING PHASES
Once the learning phase is over, to check the capability of the
machine, it has to pass in the test phase.
V.2 MULTI-VARIABLE PARAMETERS AND THEIR HIERARCHY IN SECURITY
SYSTEM
• Time of intrusion (Year, Month,Date, Hour, Minutes,
Seconds)
• Identification inserted by intruder (Length check)
• Time taken in inserting the Identification
• No of trails taken by intruder before unauthentication
declared.
Xi User Identity
Yi Output of processing environment
• Implement unique value corresponding to Xi
• The Reverse Transformation should not be possible (i.e., Xi
Artificial Neural Networks to be recovered from Yi)
• To design the size of the Artificial Neural Networks
architecture which will depend on the length of the user
identity
• The design of feed forward architecture and back
propagation algorithm (steepest descent) learning rule is used.
• Multilayer architecture of security such as personal
identification protection, system identification protection
• Multivariable are being used to provide security such as time
of intrusion, identification inserted by intruder, time taken in
inserting identity, number of trails taken by intruder before un
authentication declared.
• Resetting of all identity are allowed
• The main idea of this paper is Analysis/ Detection of
intrusion enhancing the security service.
V. IMPLEMENTATION
In our paper, the output layer only needs a single node, the
hidden layer is 30 % of the size of the input layer, and the
input layer is assigned automatically depending upon the
length of the user identity. The weights are generated
randomly. The sigmoid function is used as the activation
function for λ =1.
S(x)=1/(1+e -λx ) …(1.1)
x = summed value of input multiplied with respective weights.
V.1 ARTIFICIAL NEURAL NETWORK PHASES
As in the human, in the Artificial Neural Networks processing
we have two different phases, one is called learning phase and
another test phase.
V.1.1 LEARNING PHASES
In the learning phase, we have to specify a set of input, which
has to be learned, and corresponding target values.
V.3 MULTI-LAYER PARAMETERS AND THEIR HIERARCHY IN SECURITY
SYSTEM
The multi-layer parameters introduced in the paper are
personal identification protection, system identification
protection and the resource being protected.
V.4 PROTECTION OF RESET PROCESS
The Reset Process allows the valid user to change the
password if any intruder activity is taken place, and also to
change the password of all three identities. Even if the
intruder fails in the resource handling, and attempts to enter
the reset process to change the identities, first the intruder
should enter the reset identity and once again followed by
personal identification protection and system identification
protection of the resource, which makes the intruder difficult
to handle the resource.
Thus it can be said; resetting the identity itself is protected by
all other identities. If once unauthentication detected it’s not
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 2

Proceedings of ICCNS 08 , 27-28 September 2008
possible to utilize the resource even by right person, so
remedy is to reset the system.
5.5 Learning phase of the three identities include
• Personal identity
• System identity
• Reset identity
V.6 TEST PHASE OF RESOURCE UTILIZATION
The maximum number of trials given for the unauthorized
person is three. Once the valid user enters the personal
identities the time taken to enter the password is recorded.
Next the length check is done for the entered password. If the
unauthorized user takes more or less time than the valid user,
he/she is not allowed to access the resource. The input
password given by the user is converted to bit form and then
passed through the artificial neural network process. After
learning the parameters of the valid user, in testing phase it
determines about either authorized or unauthorized user.
The access to the resource is given only to the authorized
user, denying the access to the unauthorized user. In case of
reset mode only the authorized user is able to change the
personal and the system identity. In case of intrusion length
identity, time entry and output entry are recorded.
VI. RESULTS ANALYSIS
The variation in the initial weights and trained weights in the
learning phase is as shown in Graph 1.
VI.4 TEST AND GRAPH ANALYSIS OF SYSTEM ERROR
The error gradually decreases with the number of iteration; the
graph (2) shows how the neural network error decreases as the
iterations proceed for the three identities. Three-identity error
graph are shown, each starting with different initial weights.
VI.1 TEST STRATEGY
Testing is an important part of design phase and
implementation in Artificial neural networks. In learning
phase, security system depends upon length of the user
identity. The Sigmoid Function is used as the activation
function.
The back propagation algorithm using steepest descent
method is used as the learning rule. The target value assigned
in the learning phase for all three identities is one. In the
testing phase, the architecture is the same as learning without
the target value.
VI.2 TEST AND GRAPH ANALYSIS OF SIGMOID FUNCTION
The test result obtained for equation 1.1 is
x > 0 : 1
x < 0 : 0
In graph (3) for the input with three characters the ASCII
equivalent is of size 21 which will form the input nodes, the
hidden layer consists of 30% of the input nodes and the output
is a single node.
x = 0 : 0.5
VI.3 TEST AND GRAPH ANALYSIS OF LEARNING
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 3

Proceedings of ICCNS 08 , 27-28 September 2008
Time3 taken to enter identity :10.4400
The Test Result obtained for Reset process:
Enter the Reset Identity : rest Process fails due to length check
Enter the Reset Identity : reset
Process fails due to wrong time entry of identity
Enter the Reset Identity : reset
Enter the Personal Identity : personal
Enter the System Identity : system
Success, Reset Possible,
The user is permitted to change the identities and clear all
intrusion activities.
Test Cases
The three identities at learning phase given:
Personal Identity personal
System Identity_ system
Reset Identity _ reset
Permitted time _ 18.7030
The Test Result obtained for using Resource
Trail 1:
Enter the Personal Identity : person
Enter the System Identity : system
Trail 1 fails due to length check
Trail 2:
Enter the Personal Identity : personal
Enter the System Identity : system
Trail 2 fails due to wrong time entry of Identity
Trail3
Enter the Personal Identity : personal
Enter the System Identity : system
Trail 3, Success, Display Valid Identity
The user is permitted to check all the intrusion activities
The trail identities declared are
Trail1 personal identity is :person1
Trail1 system identity is :system
Time of intrusion (Year, Month, Date, Hour, Minutes,
Seconds) 2008 5 26 14 18 36
Time taken to enter identity :17.5800
Trail2 personal identity is : personal
Trail2 system identity is : system
Time of intrusion (Year, Month, Date,Hour, Minutes,
Seconds) 2008 5 26 14 18 36
time 2 taken to enter identity :20.6000
Trail3 personal identity is : personal
Trail3 system identity is : system
Time of intrusion (Year, Month, Date,Hour, Minutes,
Seconds)
2008 5 26 14 18 36
VII. CONCLUSION
The learning process that takes place in biological systems
inspires Artificial Neural Networks. Neural networks
represent a new computing paradigm based on the parallel
architecture of the brain. They can be “trained “to produce an
accurate output for a given input. Network posses the
advantage of simple computations, fault tolerance, parallel
processing, robust with respect to node failure.
In this paper, the concept of Error Back-Propagation Learning
algorithm has made a break through in supervised learning of
layered neural network. Security and intrusion detection
developed using multilevel, multivariable parameters, the
advantage of building the architecture to the user desire level,
and hiding learning phase from the intruder significantly
increases the performance of the network. The only limitation
of this paper is training is slow, may converge to a local, not
global, minimum of error.
VIII. FUTURE WORK
The advanced Intrusion Detection System using Genetic
Algorithm improves efficiency of Intrusion Detection System
by providing a way to naturally modify data to evaluate
against attack signatures. It works with population of design,
thus reducing the risk of getting stuck at local minima.
REFERENCES
[1] Jacek M.Zurada, Introduction to Artificial Neural Systems, Sixth
Jaico Impression, 2003.
[2] J. Hertz, A. Krogh, and R.G. Palmer, Introduction to the Theory
of Neural Computation, Addison-Wesley, 1991.
[3] S. Haykin, Neural Networks: A Comprehensive Foundation,
Macmillan College Press, New York, 1994.
[4] W.S. McCulloch, and W.Pitts, ‘A Logical Calculus of Ideas
Imminent in Nervous Activity’, Bull. Mathematical Biophysics, Vol.
5, 1943, pp.115-133.
[5] Poggio.T and F. Girosi, ‘Networks for Approximation and
Learning’, Proc.IEEE 78(9), 1990.
[6] Tyspkin, Ya.Z, Foundations of the Theory of Learning Systems,
New York, 1973.
[7] Aurobindo Sundaram, An Introduction to Intrusion Detection, 3
rd edition 2000.
[8] Lin. M. Miikkulainen, Intrusion Detection with Neural Networks
2 nd edition 1995.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 4

Proceedings of ICCNS 08 , 27-28 September 2008
[9] Anderson, D., Frivold, T. & Valdes, A (May, 1995). Nextgeneration
Intrusion Detection Expert System (NIDES): A Summary.
SRI <strong>International</strong> Technical Report SRI-CSL-95-07.
[10] Denault, M., Gritzalis, D., Karagiannis, D., and Spirakis, P.
(1994). Intrusion Detection :Approach and Performance Issues of the
SECURENET
System. In Computers and Security Vol.13, No. 6, pp. 495-507
[11] Denning, Dorothy. (February, 1987). An Intrusion-Detection
Model. IEEE Transactions on Software Engineering, Vol. SE-13, No.
2.
[12] Fox, Kevin L., Henning, Rhonda R., and Reed, Jonathan H.
(1990). A Neural Network Approach Towards Intrusion Detection. In
Proceedings of the 13 th National Computer Security <strong>Conference</strong>.
[13] Frank, Jeremy. (1994). Artificial Intelligence and Intrusion
Detection: Current and Future Directions. In Proceedings of the 17th
National
Computer Security <strong>Conference</strong>.
[14] Lunt, T.F. (1989). Real-Time Intrusion Detection. Computer
Security Journal Vol. VI,Number 1. pp. 9-14. [15] Porras, P. &
Neumann, P. (1997). EMERALD: Event Monitoring Enabling
Responses to Anomalous Live Disturbances. In Proceedings of the
20 th NISSC.
[16] Sebring, M., Shellhouse, E., Hanna,M. & Whitehurst, R. (1988)
Expert Systems in Intrusion Detection: A Case Study. In Proceedings
of the 11th National Computer Security <strong>Conference</strong>.
[17] White, G.B., Fisch, E.A., and Pooch, U.W. (January/February
1996). Cooperating Security Managers : A Peer-Based Intrusion
Detection System.IEEE Network. pp. 20-23.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 5

Proceedings of ICCNS 08 , 27-28 September 2008
SHA-1 algorithm based Integrity checking tool
for the Security Enhancement
Mohd Ashraf 1 and Rashid Ali 2
1 Department of Computer science and Engineering,
IILM Academy of Higher Learning,Greator Noida, India
2 Department of Computer Engineering, A. M.U., Aligarh, India
Abstract— As the importance of data in our computing systems has
increased, number of viruses that may harm its integrity has also
increased. It is very necessary to have a virus detection system that
detects all the known as well as unknown viruses. In this paper, we
discuss an integrity-checking tool that has been implemented using
SHA-1 algorithm. The tool generates check-codes of files. It
generates 160-bit check-code and therefore provides more security
than CRC-32 (32-bit check-code). The probability of forgery in
SHA-1 is 2-160, which implies that it is very difficult to generate a
different message having the same check-code.
Keyword: Enhancing Security, virus, Integrity Checking, SHA-1,
Cryptography
I. INTRODUCTION
As the importance of data in our computing systems has
increased, number of viruses that may harm its integrity has
also increased. It has become very important to detect them, so
that we can remove them as well as disinfect the infected files.
Therefore any defense system should have a component that
detects the presence of any kind of malicious code. There are
four basic types of virus detection techniques: Integrity
Checking, Signature Scanning, Activity Monitoring and
Heuristic method. Each has pros and cons of its own.
This paper analyzes the problem of virus detection using
Integrity Checking Technique and its reliance on the checksumming
technique, which generates the checksum or checkcode
of the file. It is important that this check-code is unique
for every file. In other words, the check-summing technique
should generate a check-code that should not remain same, if
file gets changed in any way. For these reasons, in this
integrity checker program, SHA-1, a cryptographically strong
check-summing technique with reasonable performance
characteristics has been used. It generates 160-bit check-code,
which is large enough to avoid forgery.
In technical terms, a computer virus consists of three parts:
• The infection mechanism,
• The trigger,
• The payload.
The infection mechanism part looks for victims and mostly
avoids multiple infections. After that either it overwrites the
victim or attaches itself at the end or at the beginning of file. A
trigger is a specified event when the payload has to be
executed. The payload causes some malicious behavior, e.g.
corrupting the boot sector of floppy, formatting the hard disk
drive or manipulation of files.
Worms are another form of malicious software but unlike
viruses, worms are independent programs that can travel
across network connections. Therefore worms do not really
need to change other programs.
II.
ANTIVIRUS SOLUTION
As the number of viruses increases on daily basis, there is
a need of virus detection tools so that they can be eradicated
from the system. Generally there are four types of virus
detection techniques
(i) Signature scanning technique: Signature scanner
operates by reading data from disk and applying pattern
matching operations against a list of known virus patterns. If a
match is found for a pattern, presence of a virus instance is
announced [5]. Scanner is easy to use, but to maintain its
effectiveness, the list of patterns must be kept up-to-date.
Otherwise it will never detect the unknown viruses and
produce false negatives.
Cohen says that signature scanning technique is not a good
approach against computer viruses because scanning cannot
find new viruses before their patterns are known, nor will such
methods work against polymorphic viruses. He demonstrates
that integrity checking is the most cost-effective approach to
virus protection..
(ii) Activity monitoring technique. In this technique, some
programs are used to monitor the behavior of other programs
that are executed. These monitoring programs are called
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 6

Proceedings of ICCNS 08 , 27-28 September 2008
behavior monitors and reside in main memory. In case if a
normal program tries to modify interrupt table, boot sector,
partition table, or performs some other suspicious activities,
behavior monitors raise an alarm or perform some action to
prevent it [4].
This technique maintains the database of all behaviors that
viruses are supposed to have. But the new viruses may use
another method to infect system that is not listed in the
database and in that case it will never help in finding the virus.
Sometimes some normal TSRs perform actions that have been
called suspicious, which is likely to give the false positives.
Also some viruses can avoid this defense by getting activated
earlier in boot sequence than the behavior monitors.
Furthermore, viruses can modify these monitors if machines
do not have hardware memory protection.
(iii) Heuristics scanner: Heuristic scanner can find
unknown viruses and threats, because it looks at
characteristics of a file. Also it checks the code statically and
dynamically and determines the chances of infection.
Sometimes it can find many new viruses before they get
chance to execute. This technique is working on the
probabilities of a file being infected. Therefore sometimes an
innocent file may be placed in the list of infected files.
(iv) Integrity checking technique: The integrity checker
program uses a check summing technique that generates
check-codes of the files to be checked for the viruses. Now on
a regular basis these checksums are recomputed and compared
against the previously stored checksums. If there is any
mismatch between these two, it clearly indicates that the
specified file has been modified [3]. Since this technique
detects presence of virus by the changes in files, it is capable
to detect unknown viruses also. The initial calculation of
checksums has to be performed on a clean system that does
not contain any viruses. If some files are already infected
before running integrity checker, then next time their checkcode
will be same and tool will announce them as uninfected.
Therefore it is important that system is uninfected while initial
computations of check-codes.
When a virus infects a file, it certainly modifies the file;
hence the contents as well as length of file and date of
modification get changed. This may be another criterion to
detect the modification, but this alone is not sufficient.
Because viruses may infect file in such a way that its length is
still same and they can restore the date of modification also
after infecting the file. This is not the case with check-codes
since it is not easy to modify file without changing its checkcode.
Though along with check-code, file size, date of creation
and date of modification can be kept and before computing the
check-code we can compare all these attributes of file. If there
is any change in these attributes then file will be announced as
modified without checking its check-code.
(v) Summary of anti virus solutions: As given here there
are several methods of defense against viruses. Which one is
better, still cannot be decided. Each one has its pros and cons.
Integrity checking and behavior monitoring techniques are
generic while signature-scanning technique is the specific
method. Specific methods can detect only the known viruses
but generic and heuristic methods can detect new viruses also.
Heuristic technique looks at the code characteristics of viruses.
Today when lots of viruses are coming up with new
characteristics, it seems that the technque alone is not
sufficient. Behavior monitoring also has some disadvantages;
it cannot do anything if virus infects system before monitor
becomes memory resident. Also, since monitor remains
memory resident, there are chances that viruses can neutralize
it. Integrity checker works only on the basis of modifications
that viruses are sure to perform therefore it is capable to detect
all infections caused by known as well as unknown viruses
and also without being memory resident..
III.
CHECKSUMMING
To implement integrity checker tool, first we need to
compute a small value for each and every file in the system.
This small value is known as check-code, which needs to be
compared instead of the whole file to find out if file has been
modified or not. The initial calculation of check-codes is done
when the system is supposed to be uninfected. After certain
interval these values are again computed and compared
against the previous version. Any mismatch will indicate that
file has been modified.
Now we need to choose a function to calculate the checkcode
of file, it should satisfy certain criteria:
1. The computation of check-code should be easy and fast.
2. The length of generated check-code should be
reasonable, neither too small nor too large.
3. The generated check-code should be unique, i.e. no
other file should have the same check-code. It is difficult to
achieve but at least, the probability of existence of a file with
same check-code should be very less.
IV.
SHA-1 ALGORITHM
SHA (The Secure Hash Algorithm) is a cryptographic
message digest algorithm specified in the Secure Hash
Standard (SHS, FIPS 180), and was developed by NIST [7].
SHA-1 is a revision to SHA that was published in 1994. When
a message of any length less than 264 bits is input to SHA-1,
the result is an output called message digest or check-code of
160-bits. This is called secure because, it is computationally
infeasible to find a message that corresponds to the given
check-code, or to find two different messages that produce the
same check-code. Any change to the message will, with very
high probability, result in a different check-code, and will fail
to verify.
A. Bit String and Integer
The following terminology related to bit strings and
integers will be used:
(i). A hex digit is an element of the set {0, 1, 9, A, ..., F}.
A hex digit is the representation of a 4-bit string.
Examples: 7 = 0111, A = 1010.
(ii). A word equals a 32-bit string, which may be
represented as a sequence of 8 hex digits. To convert a word
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 7

Proceedings of ICCNS 08 , 27-28 September 2008
to 8 hex digits each 4-bit string is converted to its hex
equivalent as described in (a) above.
For example : 1010 0001 0000 0011 1111 1110 0010 0011
= A103FE23.
(iii). An integer between 0 and 232 - 1 inclusive may be
represented as a word. The least significant four bits of the
integer are represented by the right-most hex digit of the word
representation.
For example: the integer 291 = 28+25+21+20 =
256+32+2+1 is represented by the hex word, 00000123.
If z is an integer, 0

Proceedings of ICCNS 08 , 27-28 September 2008
ft(B,C,D) = (B AND C) OR ((NOT B) AND D) ( 0

Proceedings of ICCNS 08 , 27-28 September 2008
(i) Every bit in the message contributes to the check-code.
This means that changing any bit in the message should
change check-code also.
(ii) Relatively small changes in the message should always
result in changes in the check-code. We want to be sure that it
would take an extremely unlikely combination of errors to
produce an identical check-code.
SHA-1 gives a larger checksum that makes it more
resistant to brute force attacks, such as Birthday attacks, which
choose messages at random in an attempt to generate the same
checksum. It is well-known that CRCs are not
cryptographically strong. It fails to provide the required
integrity protection and not advised to be used in place of
SHA-1. CRCs will not protect against intentional damage,
because it is fairly easy to fiddle the file to make the checksum
come out the same, which is very difficult with SHA-1. In
case of SHA-1, the chances of having two random documents
hash to the same value is very small, which is 1 in 2160, while
in the case of CRC, it is 1 in 232. This means that while CRC-
32 will be an excellent judge of unintentional damage to files,
it is possible that a clever virus will be able to defeat it.
Though, CRC-32 is fast, but not secure. So where security
is more important, a slower, but really secure solution is better
than an insecure though fast solution.
Viruses have great difficulty in infecting machines without
making some changes in it. To detect a change is to begin the
process of detecting a virus, that is the approach integrity
checker is using. It uses SHA-1 algorithm to generate 160-bit
check-code, which is large enough to avoid forgery. It also
stores file size, creation date and last modification date, to
avoid check-code computation if change is found in any of
these attributes. It detects all the infections whether it is by
known or unknown viruses with acceptable performance.
If storage and time are not at a premium, then integrity
checker can combine two or more techniques to generate the
check-code. In this way, more security can be obtained but at
the cost of speed and memory.
VII.
CONCLUSION
In this paper, we discussed the development and
implementation of an integrity checker tool called CHECKER.
CHECKER is an on-demand integrity checker tool that uses
SHA-1 algorithm to generate a cryptographic check-code for
verifying the integrity of information in computer systems.
This technique produces a 160-bit condensed representation of
the message called check-code, which is large enough to avoid
forgery. We also discussed the advantages of using SHA-1
algorithm in place of CRCs and found that the use of SHA-1
provides us with more security than the CRCs could provide.
REFERENCES
[1] Pathology of computer viruses March-April 2001.
[2] http://www.leavenworth.army.mil/milrev/download/English/M
arApr01/deal.pdf.
[3] www.cs.wright.edu/~pmateti/Courses/499/Viruses/
[4] Yisrael Radai. “Checksumming Techniques for Anti-Viral
Purposes". Proceedings of the Fifth <strong>International</strong> Computer
Virus & Security <strong>Conference</strong>. 1992. Page 783.
[5] Morton Swimmer, Baudouin Le Charlier, and Abdelaziz
Mounji. “Dynamic Detection and Classification of Computer
Viruses Using Behavior Patterns”. Proceedings of the 1995
Virus Bulletin <strong>Conference</strong>. 1995. Page 75.
[6] http://www.extremetech.com/article2/0,1697,1154648,00.asp
[7] www.boll.ch/fortinet/assets/AntiVirus.pdf
[8] National Institute of Standards and Technology, Specifications
for the SECURE HASH STANDARD, August 2002.
[9] National Institute of Standards and Technology, Descriptions of
SHA-256, SHA-384, and SHA-512, August 2002.
[10] National Institute of Standards and Technology, Description of
SHA-1, Federal Information Processing Standards Publication
180-1, 1995 April 17.
[11] SANS Institute, A Guide to Hash Algorithm by Britt Savage,
April 2003.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 10

Cross layer Backbone Routing for MANET
based on Bandwidth Estimation
Rekha Patil 1 , Dr. A. Damodaram 2 Proceedings of ICCNS 08 , 27-28 September 2008
Abstract: A mobile ad-hoc network(MANET) is baseless station
that is composed of autonomous collection of mobile devices which
communicate with each other over wireless links and cooperate in a
distributed manner in order to provide the necessary network
functionality. There are various types of restrictions. The biggest
restriction is the energy of the batteries. Routing is also a major issue
because of dynamic topology. The communication reliability within
an ad-hoc network and how the different nodes act, are managed by
routing protocols. This project deals with enhancing AODV routing
protocol using the backbone-nodes. Backbone routing, which is an
alternate form of routing, has gained importance as it can be used to
enhance reliability of the network and it saves the control overhead,
which potentially improves the data rate and the QOS in turn. The
QOS will be degraded if the backbone nodes are flooded with too
much packets, consequently transmission may suffer. Hence a cross
layer based method is proposed here whereby the network layer will
fragment or decide the packet sending rate at the backbone node
based on estimated bandwidth, information provided by MAC layer.
Simulation results show that the proposed protocol performs better
even at higher load.
Key Words: MANET, Cross layer ,Backbone,AODV.
I. INTRODUCTION
MANET concept defines simple mechanisms, which
enable mobile devices to form a temporary community
without any planned installation, or human intervention. The
idea is to form a totally improvised network that does not
require any pre-established infrastructure. This is achieved as
each node acts as a host and a router at the same time.
The topologies of such network changes very frequently.
Hence routing cannot always provide the desired QOS.
Proposed Backbone oriented architecture can provide more
stability to the Network and in turn can offer better QOS.In
the proposed architecture, the network will be divided into
regions. Each region will have a backbone node which
essentially should be the highest energy node in the region.
All the packets in a region would be routed via the
corresponding backbone.
Let, N mobile stations (MS) be covered By M mobile routers
(MR). All located on a flat rectangular field of surface AxB.
Each mobile node MSi is represented by the geometrical
point Pi with coordinates (xi, yi), Each mobile router MRj is
represented by the geometrical point Qj with coordinates (aj,
1Rekha Patil is Asst. prof., Dept. of Computer Science & Engg.,
P.D.A.College of Engg., Gulbarga rekha.patilcse@gmail.com
2 Dr. A. Damodaram is Professor Dept of Computer Science & Engg.,
J.N.T.U College of Engg., Hyderabad. damodarama@gmail.com
bj). Rr denotes the mobile router transmission range, Rm
denotes the mobile station transmission range, d(J,K) denotes
the Euclidian distance between geometrical points J and K.
In order to be covered by a router, the distance between a
mobile station and its closest router must be less than Rm.
Two mobile routers are neighbors (i.e. adjacent in the
backbone network) if the distance between them is less than
Rr.
We define:
X min = min(x i ) , x max =max(x i )
1

Proceedings of ICCNS 08 , 27-28 September 2008
A backbone handles all the incoming and outgoing packets
to and from the current region. Because of this high load the
backbone nodes are subjected to congestion, which may
reduce the overall efficiency or throughput of the system.
Hence a cross layerd approach is proposed here. The MAC
layer will estimate the bandwidth prior to transmission and
would notify the Network layer about the state of the channel.
Based on the available bandwidth network layer will transmit
the packets.
Rest of paper is organized as, Section II discuss related
work section III Explains about methodology and algorithm.
Simulation and results shown in Section IV. Article
concludes in Section V.
II. RELATED WORK
Ad-hoc On-demand Distance Vector (AODV) routing
protocol, in MANETs. In AODV[1]When a source node
wants to send a packet to some destination node and does not
have a valid route to that destination, it initiates a path
discovery process to locate the destination. It broadcasts a
RREQ (Route Request) packet to its neighbors, which forward
the request to their neighbors, and so on, until the destination
is located or an intermediate node with a “fresh enough” route
to the destination is located. During the process of forwarding
the RREQ, intermediate nodes record in their route tables the
address of neighbors from which the RREQ was received,
thereby establishing a reverse path. When the RREQ has
reached the destination or intermediate node with a “fresh
enough” route, the destination/intermediate node responds by
unicasting a RREP (route reply) packet back to the neighbor
from which it first received the RREQ. As the RREP is routed
back along the reverse path, nodes along this path set up
forward route entries in their route tables. Finally, the source
node can send its packets to the destination via the established
path.
Cross-Layer
At present, seen from whether OSI seven layers model or
TCP/IP protocols stack, Internet has a layered structure. The
layering method is the base to design network protocols and it
make designer divide a complex question into several
different sub-questions of different layers. So, people can
analyze and settle these sub-questions one by one. However,
the barrier of operation in different layers affect the
optimization in one certain layer. It decreases the efficiency of
the software that is designed according to strict layered
method. So, when designing protocols, keeping the separation
of layers, relaxing the strict demand of layered and allowing
protocols in different layers sharing the status information of
networks has been a promising method. It results in crossing
layer[2].
It is based on classic AODV routing protocol and utilizes
useful information of MAC sub-layer in routing. At the same
time, it improves the sending, receiving and processing
mechanism of the timed HELLO messages[3].
This paper [4]focuses on methodology to build a hierarchical
large-scale ad hoc network using different types of radio
capabilities at different layers. In such a structure, nodes are
first dynamically grouped into multihop clusters. Each group
elects a cluster-head to be a backbone node (BN).
Then higher-level links are established to connect the BNs
into a backbone network. Following this method recursively, a
multilevel hierarchical network can be established. Three
critical issues are addressed in this paper. First analyze the
optimal number of BNs for a layer in theory. They have also
proposed a new stable clustering scheme to deploy the BNs.
Finally LANMAR routing is extended to operate the physical
hierarchy efficiently.
They have investigated the situations where the
connectivity of a set of nodes cannot be guaranteed (if they
are too far apart); moreover, no QoS can be offered since the
number of hops and the signal quality (thus the throughput)
cannot be controlled. They propose to deploy a controlled
backbone in the ad hoc environment using movable mobile
routers. This paper concentrates on two fundamental
problems: on the one hand, global connectivity of the network
is investigated, and on the other hand, it elaborate mechanisms
that allow QoS support by setting an upper bound on the
number of wireless hops. They describe the Mixed Integer
Linear Programming (MILP) models for these deployment
policies with respect to the constraints within these
environments. Their approach suggested for backbone
topology control allows one to achieve an efficient usage of
resources [5].
Based on the observation that most of the orphan clusters are
generated from boundary nodes, they proposed a Boundary-
First Cluster-Minimized (BFCM) clustering algorithm to
minimize the number of generated orphan cluster by boundary
node [6].
This proves that backbone-based hybrid network architecture
has the potential to enhance the connectivity and throughput
capacity of wireless ad-hoc networks. A fundamental problem
for this hybrid network architecture is designing the optimal
network topology under certain topological constraints [7].
[8] Presents an enhanced mobile backbone network topology
synthesis algorithm for constructing and maintaining a
dynamic backbone structure in mobile wireless ad hoc
networks.
Paper [9] has proposed the metrics for various bandwidth
measurement and calculation. The throughput based
bandwidth and delay based bandwidth estimation matrices and
techniques are proposed.
III. METHODOLOGY
The proposed protocol is explained as phases. These
phases are as explained bellow.
Route Establishment: When a source wants to communicate
with the destination, it will generate a RREQ packet. The
Packet will be directly unicasted to the backbone node and the
backbone will broadcast it to the neighbors of it. Therefore the
packet will reach to all the backbones of the other regions and
the mobiles nodes of the same region hence if the destination
lies in the current region, the RREP packet will be sent
directly to the source through the backbone. Else the other
region backbone will broadcast the same packets to it’s
neighbors. Therefore a path is established in the same way
that of AODV.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 12

Proceedings of ICCNS 08 , 27-28 September 2008
Data Communication: Once the path is established, the
packets are transmitted from the source to the destination. A
backbone in any region may handle more than one route and
therefore there may be a queue overflow at the backbone or
the link may suffer less bandwidth.
Bandwidth Estimation: Layer 2 will issue a RTS packet before
the transmission to a Neighbor and the neighbor will reply
with the CTS packet. The total time from issuing a RTS to
receiving a CTS depicts the total round trip delay between two
nodes. Bandwidth is inversely proportional to the delay. As
the delay increases, the bandwidth decreases. When a node
realizes that the available bandwidth between two node is
minimum, as calculated by the MAC layer, the network layer
minimizes the transmission rate.
The bandwidth estimation is carried out based on the
channel delay measured by the MAC layer as Round trip
delay from sending RTS packets to receiving the CTS packets.
The Bandwidth estimation technique is as follows.
We measure the throughput of transmitting a packet as _
,
where S isthe size of the packet, tr and ts is the time the ACK
is received and ts is the time the ACK is received.
Hence (tr- ts) represents round trip delay. We keep separate
throughput estimates to different neighbors because the
channel conditions may be very different to each one. This
link layer measurement mechanism captures the effect of
contention on available bandwidth. As (tr- ts) increases
throughput TP decreases. Our available bandwidth
measurement mechanism thus takes into account the
phenomena causing it to decrease from the theoretical
maximum channel capacity. It should be noted that the
available bandwidth is measured using only successful
linklayer transmissions of an ongoing data flow.
It is clear that the measured throughput of a packet depends on
the size of a packet.
Backbone maintenance: The energy of the backbone nodes
degrades very rapidly if they are battery driven. Therefore
there is a possibility that the back bone node is down. If the
backbone in one area stops performing, then the entire
network stands a possibility to malperform. Therefore there is
a need to find out an alternative backbone as soon as the
original backbone is down. When a backbone observes that
it’s energy is minimum, it notifies it’s neighbors about that.
Other nodes now should resolve which node contains
maximum energy and must calculate an alternative backbone.
As soon as the backbone breakup notification arrives, each
node transmits their relative energy to the original backbone
node. The node calculates the node with highest residual
energy and selects the next backbone. This is done by issuing
a backbone packet to that node. All the routes are further
modified through the new backbone.
Algorithm:
Establish MANET Environment
Divide into Regions
Select a backbone for each region based on energy
Dynamically select source and Destination
Generate RREQ
Transmit RREP through backbone
Select Route via Backbone node
Initialize load=N;
For data=0:N
Begin:
Store in Network Layer Queue
Estimate Bandwidth
Re configure packet rate based on estimated bandwidth.
Transmit
// in the channel
If(Bwreq < Bwtotal)
{Packet Loss++;
}
End
IV. SIMULATION
We have assumed an area of 400 x 400 meters, which is
divided into 2x2, cells each cell having a Backbone. At the
beginning we have selected maximum number of mobiles.
These mobiles would be places one in a cell randomly. A
source and the destinations destination are to be manually
selected by the user. Initially all the mobiles would be given
some initial energy. As the packets are to be transmitted
through the nodes, they would loose some energy. A threshold
would be selected. From the rest of the nodes in the area, any
node would re elected dynamically as the B-Node. If the
elected node does not have enough energy, the situation has to
repeat. To solve this problem we have suggested a new
method, during the B-Node selection only, the node with the
highest energy would be selected. Therefore the repentance
would not occur. In the observation period the group table is
formed. User selects a data load and transmission begins. All
the nodes would loose energy during entire transmission
period.
Cross layered backbone MANET is simulated with Turbo C.
Respective functions are designed for Backbone initialization,
Route Discovery, Transmission, Bandwidth estimation and
updation, MAC-Network message exchange, Performance
measure. As the communication in MANET is normally a
layered approach, top down model of C is very efficient in
designing and modeling the network. Cross layer
communication is simulated by the control statements before
the transmission.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 13

Proceedings of ICCNS 08 , 27-28 September 2008
Throughput in %
120
100
80
60
40
20
RESULTS
Load v/s Throughput
0
0 20 40 60 80 100 120
Load in %
Series1
Figure 1:
The throughput performance elaborates that the throughput is
maintained at a very high level even when the offered load is
about 100%. The cross layered approach enables the
backbones to transmit at a rate to obtain high throughput.
Throughput
120
100
80
60
40
20
Mobility v/s Throughput
0
0 5 10 15
Velocity in m/s(*40)
Series1
Figure 2: In normal AODV, as the mobility of the nodes
increases, the throughput decreases exponentially. A simple
AODV simulation shows the throughput to be bellow 15% at
maximum specified speed limit. But the current algorithm
shows an improvement over the existing system and is
apparent from figure 2 that throughput is almost twice as
better than the normal AODV.
Delay in milliseconds
20
15
10
5
Load v/s Queue Delay(Transmission
Delay)
0
0 50 100 150
-5
Load
Series1
Figure3: the Load v/s the queue delay shows that the delay
never shows an upward trend. Occasionally it would go high
due to long waiting in the queue in the absence of bandwidth
but it improves as soon as the required bandwidth is available.
Control Overhead
Mobility v/s Control Overhead
45
40
35
30
25
20
15
10
5
0
-5 0 5 10 15
Mobility
Series1
Figure 4 shows that the control overhead is always almost
constant. This is due to the stable topology. As the backbone
node monitors the maintenance of the network, control
overhead is optimum.
V. CONCLUSION
The Backbone routing for MANET provides a strong
alternative to conventional MANET topologies and routing
algorithm. Backbones provide better route monitoring and
maintenance. The cross layer design approach improves the
performance of the Backbone network significantly when they
operate at very high load. Bandwidth estimation technique is
based on channel delay hence it takes into account of the
contaminated packets like the time out packets and the retransmitted
packets. The work can be further incorporated
with the channel capacity estimation which would take into
account the fading and other physical behavior of the
channels.
REFERENCES
[1] Charles E_ Perkins, Sun Microsystems Laboratories,
Elizabeth M_ Royer, Dept_ of Electrical and Computer
Engineering, “Adhoc On Demand Distance Vector Routing”.
[2]. ] Safwati A., Hassanein H., Mouftah H., “Optimal crosslayer
designs for energy-efficient wireless ad hoc and sensor
networks,” Performance,Computing, and Communications
<strong>Conference</strong>, Proceedings of the 2003.IEEE <strong>International</strong>, pp.
123 – 128, April 2003.
[3] A Cross-Layer AODV Routing Protocol
Zhi Ren and Jing Su Wei Guo. Proceedings of the IEEE
<strong>International</strong> <strong>Conference</strong> on Mechatronics & Automation
Niagara Falls, Canada • July 2005.
[4] Kaixin Xu, Xiaoyan Hong, Mario Gerla Computer
Science Department at UCLA, “ An Ad Hoc Network with
Mobile Backbones ”
[5] Rabah Meraihi, Gwendal Le Grand, Nicolas Puech,
Michel Riguidel , Samir Tohmé CNRS-PRiSM Lab,
“Improving ad hoc network performance with backbone
topology control”
[6] Chih-Cheng Tseng Graduate Institute of Communication
Engineering, Kwang-Cheng Chen Graduate Institute of
Communication Engineering,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 14

Proceedings of ICCNS 08 , 27-28 September 2008
“Clustering Wireless Ad Hoc Networks with Boundary
Nodes”
[7] Yufeng Xin, Tuna GÄuven, Mark A. Shayman Institute for
Advanced Computer Studies,University of Maryland,
“Topology design for wireless ad-hoc networks with
backbone support “.
[8] Kaixin Xu, Xiaoyan Hong, Mario Gerla Computer Science
Department
University of California, Los Angeles, “Landmark Routing in
Ad Hoc Networks with Mobile Backbones ”
[9] R. S. Prasad M. Murray_ C. Dovrolis K. Claffy_
“Bandwidth estimation: metrics, measurement techniques”,
and tools.
[10] Jin-Man Kim, Jong-Wook Jang Department of Computer
Engineering, Dongeui University, “A Performance Evaluate
of Improved AODV-Based Power-Aware Routing Protocol in
MANET”.
[11] Hueijiun Ju and Izhak Rubin Electrical Engineering
Department University of California, Los Angeles,” Enhanced
Backbone Net Synthesis for Mobile Wireless Ad Hoc
Networks“
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 15

Vulnerability in WiMAX MAC
Prof. P.A. Bamnodkar, Prof. G.V. Garje, Mr. Pankaj Kulkarni
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract In this paper we will discuss how the model
provided by the Intel is insecure that is the model IXP which is the
Wi max MAC processor can be modified and visualize as normal
node though working abnormally. First is Security for Fast path
activities which are time critical. Each module can be modified
and then it can be installed on the same processor. If the node is
the IXP processor then definitely software is installed for
scheduling, packing, framing. The modification in the software
can be done by changing some of the parameters. Which will
make that node either a faulty node or rather can create multiple
problems into the actual transmission by sending incorrect
messages or negative acknowledgement at all Thus we can say
that IXP processor could be vulnerable if the software installed
onto it is not the development kit offered be the Intel. Once the
hacker is successful to install the modified software then it can be
harmful node in the Wimax environment.
Keyword: Intel IXP network processor, Wi max MAC,
Quality of Service, Data Plane, Control Plane
I. INTRODUCTION
The tasks performed by the 802.16 MAC protocol can be
roughly partitioned into two different categories: periodic
(per-frame) “fast path” activities, and aperiodic “slow path”
activities. Fast path activities (such as scheduling, packing,
fragmentation, and ARQ) must be performed at the
granularity of single frames, and they are subject to hard
real-time deadlines. Security should be provided for this
time critical framing. They must complete in time for
transmission of the frame they are associated with. Attack
can increase the frame transmission time, which is not
expected in hard real time deadlines. In contrast, slow path
activities typically execute according to timers that are not
associated with a specific frame or the frame period and as
such do not have strict deadlines. The two categories of
tasks described above interact in that the slow path
activities described above typically dictate the mode of
operation of the fast path activities. For instance, SS
registration and association with a BS, which occurs
through the exchange of several messages, results in the
creation of several connections and associated state
between the SS and BS. These connections can include
state to be tracked in the fast path such as fragmentation
status, ARQ retransmissions, and packing.
In addition to supporting the QoS and MAC functionality
it is expected that at system setup time it will be possible to
configure single systems to treat multiple air channels as
separate MAC instances. Thus a single BS (and associated
MAC implementation) might for example utilize two 10
MHz channels in parallel as two separate MAC instances.
This type of virtualization is necessary because the usage
and allocation of available air bandwidth is highly
dependent on carrier policies, system loading, and radio
environment. If it fails to create such instances then
connection can not be establish.
II. IXP
Intel IXP network processors are suited for high-density
networking applications like access points, routers, and
gateways. It is also a natural choice for WiMAX BSs. It
may be used for SS’s playing the role of residential routing
gateways. While the BS feature set is user-specific, the
802.16 MAC software is one of the most important BS
components. Therefore it is easy to combine the MAC with
modules, be they IPv4, IPv6, or Multiprotocol Label
Switching (MPLS). Moreover, a rich choice of network
access interfaces is supported, e.g., Ethernet (100M, 1G,
10G), ATM (including TM4.1), and Packet Over SONET
(POS).
Prof. P.A. Bamnodkar is lecturer in Pune Vidyarthi Griha’s College of
Engineering & Technology (phone: 9823031243; (e-mail:
pab_comp@pvgcoet.ac.in).
Prof. G.V. Garje, is Assistant Professor & Head, Department of
Computer Engineering & IT in Pune Vidyarthi Griha’s College of
Engineering & Technology .He is also a Chairman , Board of Studies,
Computer Engg.,University of Pune(phone: 9850809413; (e-mail:
gvg_comp@pvgcoet.ac.in).
Mr. Pankaj Kulkarni is with Synechron, Pune (phone: 9823013243; (email:
pankajcoolkarni@gmail.com).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 16

Proceedings of ICCNS 08 , 27-28 September 2008
Figure (a)
Figure (a) shows a sample WiMAX BS software
partitioning. The fast path activities are referred to as Data
Plane (DP) activities, and slow path activities are known as
Control Plane (CP) activities. The CP- modules deal with
policies, while the DP- modules are concerned with
execution. The CP sets control tables used by the DP.
An IXP network processor hosts both the DP modules
and CP modules. As shown in the figure, the DP modules
run partly on IXP microengines (and are frequently referred
to as “microblocks”) and partly on the integrated control
processor.
The DP part has 802.16 MAC, including UL and DL
schedulers, and typically also some forwarder module.
From the RF side, it interfaces to the 802.16 PHY (OFDM,
OFDMA), implementing base band processing, using PHY
Service Access Point Application Programming Interface
(SAP API). The interface to the CP is done using IXP
shared memory.
Some tasks such as handling the MAC control messages
are served by the DP or CP. For example, the 802.16 DP
will service Bandwidth Requests (in), ARQ (in, out), DL-
MAP (out), UL-MAP (out), DCD/UCD (out), while the
other MAC control messages that are not time critical will
be passed to the CP for processing. We call this class
“signaling messages”; they are handled according to the
state machines maintained by the CP.
III. PROBLEM OF FINDING A CENTRALIZED
SCHEDULER
Consider the problem of finding a centralized scheduler
that satisfies Property 1 where we assume that the scheduler
has perfect information about the backlog at individual
nodes, but does not have any knowledge about the packet
arrival rates. Using backlog information, the scheduler
decides which node is transmits the next packet. If the
delays are generated and the packet will experience the
delay which is not expected
A. PROPERTY OF WIRELESS NETWORK:
Property: For a wireless network consisting of nodes
n=1...N, we say that a MAC protocol implements a
distributed buffer with service rate U if the following is
true.
(a) All packets experience the same expected delay, i.e.
we have
(b) The packet-drop probability is identical at all nodes,
i.e. we have,
(c) The throughput is a non-decreasing function in
The above property states that a fair MAC protocol
should serve packets as if the network traffic shares a
common buffer that is served at rate U, i.e. all packets
entering the network should experience the same average
delay and drop probability. The delay time should be
maintained properly. Wimax protocol does not satisfy
Property 1, as it does not always divide equally the network
throughput. From a QoS and traffic management point of
view, the main problem with wireless networks is the
relative low capacity of the shared radio channel. The
nature of the radio channel and the access to the shared
resource cause variable packet delay and loss rate. The
traffic load is defined by the network delay.
Definition of delay: The delay of a packet in a network
is the time it takes the packet to reach the destination after it
leaves the source
B. CP-DP Cooperation
The CP cooperates with the DP across the FAPI. The CP
issues requests, which may convey configuration data,
queries, or they may contain MAC Management messages
(to be sent to a remote SS),There should also be
authentication between SS and CP and it receives
responses to those requests and also asynchronous events
(e.g., MAC Management messages coming from remote
SS’s). PEAP is the authentication protocol used for
authentication in wireless networks. Up till now PEAP is
working at its best since it is base on public key
certification technique. So the communication between the
SS and CP is secure but once the packet is coming at CP
then it is forwarded to the scheduler and can be modified.
C. MAC-PHY Cooperation
The MAC and PHY layers cooperate across the PHY
SAP API. This interface enables a fast and low-latency
exchange of traffic data between PHY and MAC, and also
supports in-band PHY configuration (setting TX/RX
Vector, a data structure equivalent to DL-MAP and UL-
MAP, which has to be provided for the PHY frame after
frame). The interface is asynchronous and supports multiple
MAC instances, which enables parallel servicing of many
transmission channels.
It is assumed that it is PHY that maintains precise time
synchronization needed to transmit or receive a frame.
MAC is loosely coupled with PHY over the PHY SAP API.
D. MAC-Forwarder Cooperation
The CS interface utilizes a “no packet copying”
approach. The MAC prepares a handle to a control structure
pointing at a data buffer (a portion of a buffer or even a
buffer chain) when passing an SDU to a forwarder. A
forwarder uses the same mechanism when passing an SDU
to the MAC for transmission.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 17

Proceedings of ICCNS 08 , 27-28 September 2008
The MAC and a forwarder are loosely coupled via an
elasticity buffer between the two.
IV. IXP MICROBLOCKS
Figure shows the microblocks implementing the fast-path
processing on IXP microengines. The current code supports
the OFDM PHY and multiple MAC instances. The chosen
architecture guarantees that the implementation constitutes
a good starting point for implementation of future 802.16
standard extensions as well as for cooperation with other
PHY types. Part of the code may be reused for the SS MAC
implementation. The microblocks optimize usage of the
radio link and support all service flow types on the UL
direction; they provide efficient DL traffic handling in both
the TDD and FDD mode of operation, including handling
of half-duplex SS’s. The microcode blocks cooperate using
messages passed via ring structures as depicted in Figure
(a). Because the message formats are well-defined, it is
possible to customize or even replace certain blocks to
enable easy product differentiation. In particular, it is
possible to introduce customer-designed schedulers. This
way, extensibility of the design is guaranteed.
The other important data structures include the
Connection Record and Frame Definition. The Connection
Record holds all connection data on a per CID and MAC
instance basis. Its contents are defined by the CP and used
by the DP. The Frame Definition structure determines the
DL-MAP and UL-MAP for the current frame.
The microblocks are described below. They are grouped
into UL Path, DL Path, and Service Blocks.
HCS and CRC, and decrypted if needed). It also extracts
Grant Requests (from stand-alone headers).
Vulnerability introduced in the UL PATH: Extracted
information is passed further and can be used in the another
way .since it contains the important information which has
a lot meaning .one way is to modify this information which
leads to incorrect information and pass the modified
information to the next module.
MAC PDU RX prepares MAC SDUs from MAC PDUs
(with unpacking and defragmentation, in two versions: with
and without ARQ), extracts ARQ feedback IEs,
piggybacked Grant Requests, and MAC Management
messages destined for the CP. It detects missing blocks and
(for ARQ connections) signals this to the ARQ Engine.
Complete MAC SDUs are passed to the forwarder.
Vulnerability introduced in the MAC PDU RX:
Piggybacked Grant Requests and MAC Management
messages can be modified by sensing the line of
communication. Once the pattern is recognized the
sequence nos. can be used to pass the negative
acknowledgment or will not be passed to the forwarder can
be kept at the hackers end for his use.
B. The UL Scheduler
The UL Scheduler receives Grant Requests and plans
when those requests may be fulfilled, based on the service
parameters associated with a given connection. It prepares
the UL portion of the Frame Definition structure. It operates
on an abstract allocation unit. Because the UL Scheduler
processes input in the form of a grant request message, and
produces output to a shared memory, a Frame Definition
structure.
Vulnerability introduced in the UL Scheduler:
Allocation sequence can also be change .It may schedule
incorrectly if it has already received wrong information .It
can pass the wrong output to the shared memory.
C. DL Path
Figure b: Data plane MAC software modules on IXP
microengines
A. UL Path
PHY SDU RX reassembles messages received from
PHY into PHY SDUs, prepares MAC PDUs (with validated
MAC SDU TX handles MAC SDUs arriving from the
forwarder, CP (i.e., MAC Management messages), and
from retransmit queues (ARQ connections only). This block
performs fragmentation, if necessary. It forms incomplete
MAC PDUs (which can be later packed). For ARQ use, it
saves a copy of the portion prepared for transmission and
starts the retransmission timer.
Vulnerability introduced in the DL Path: Packet
fragmentation can be done in the wrong way so that next
node will defragments the improper packet. And hence
change the meaning of the data.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 18

Proceedings of ICCNS 08 , 27-28 September 2008
MAC PDU TX performs MAC PDU queuing per CID,
destination SS, and Burst Profile. The amount of queued
data depends on the free space remaining in the currently
prepared frame (the information is available in the Frame
definition structure). It also does dequeuing of MAC PDUs
for final processing and transmission. At this stage packing
and concatenation take place.
Vulnerability introduced in the MAC PDU TX: Queue
structure available can empty. Since dequeing is done at
this module. MAC PDU’s content are concatenated over
here, extra strings can also be inserted at this stage.
Map Builder is a PHY-specific module, which processes
the Frame Definition structure contents and produces
specifically formatted RX/TX information both for the local
PHY (as TX/RX Vector) and for remote SS PHYs (as DL-
MAP and UL-MAP MAC Management messages).
Map builder is working in proper manner so there is no
need to reset the connection .it will create the impression to
the neighboring nodes that whatever information they are
going to receive is correct and reliable.
PHY SDU TX finalizes processing of each MAC PDU,
by preparing HCS, encrypting its payload (if required) and
generating a CRC. MAC PDUs belonging to the same burst
are then sent as a multisegment PHY SDU to the PHY for
transmission. This microblock also passes the TX/RX
Vector to the PHY and processes confirmations from PHY
(forwarded by the PHY SDU RX microblock).
The CRC generated will be of incorrect message so the
CRC can be generated as it is. Actually this module can
also be changed but if this changed output is observed by
neighboring nodes then the concerned node could be
considered as faulty and can e removed or by pass by the
router.
D. Service Blocks
The ARQ Engine processes ARQ feedback IEs arriving
from remote SS’s and also signals coming from the local
timer and from the MAC SDU TX. It runs state machines to
maintain RX window and TX window data structures, used
to control MAC SDU reassembly and retransmission. This
block also handles resynchronization between SS’s and
BS’s, if they get out of sync.
E. Timer
Timer is a universal block, receiving wake-up requests
from the remaining microblocks and processing them in the
expiration time sequence. The Timer also processes timeout
cancellation orders. When the active timer expires, a
message is sent to the requested microblock with sufficient
context information to handle the event correctly.
Mainly if so many blocks are not giving there responses
on time then this block will definitely perform time out
cancellation orders. So timely execution is again an
important criterion for hacking the micro engine .since this
timer module can’t be removed from the software because
it helps for synchronization between the nodes.
V. CONCLUSION:
If at all it is expected that the modified software should
be there in the system. If this is detected then can be
uninstall and new original version can be install. So it is
important to create a virtual view that everything is going
smoothly. So some modules should work as it is, and some
can be modified exactly appear as the original one.
Thus the software can affect the performance of the node
.once the installation is done .unfortunately it will leads to
the unexpected result. And really this kind of attacks are
rarely detected .Positive point is only that its somewhat
difficult to install such software on the node, but internally
employee who has access to that node can do this. Such
internal threats are really difficult to detect and creates
challenge for the security developers.
REFERENCES:
[1] Corvaja, R., Zanella, A., Dossi, M., Tontoli, A., Zennaro, P., (2004)
“Experimental Performance of the Handover Procedure in a Wifi
Network”, Proceedings of WPMC04, Abano Terme (Padova),Italy.
[2] www.intel.com/products/Centrino/compare.htm
[3] WiMax Operator's Manual: Building 802.16 Wireless Networks
(Paperback) by Daniel Sweeney (Author)
[4] Wi max standards and security by Syed Ahson and Mohhamad Ilyas
[5] Wimax explained System Fundamentals Authors: Lawrence Harte,
Dr. Kalai
[6] Fundamentals of WiMAX: Understanding Broadband Wireless
Network... by Jeffrey G. Andrews
[7] Intel journal downloaded
ftp://download.intel.com/technology/itj/2004/volume08issue03/vol8_
iss03.pdf
[8] Fundamentals of WiMAX: Understanding Broadband Wireless
Networking Jeffrey G. Andrews (Author), Arunabha Ghosh
(Author), Rias Muhamed (Author)
Vulnerability introduced in the Service Blocks: RX
window and TX window data structures are maintained at
this block, by changing the window size packets can be
dropped. MAC SDU reassembly and retransmission is
done at this block if these module is disabled then the lost
frame will never retransmitted through the intermediate
node this will increase the waiting time of the receiving
node.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 19

Proceedings of ICCNS 08 , 27-28 September 2008
Efficient Indexing and Searching For
Dynamic Website
Karunendra Verma 1 , Prof. R. V. Pawar 2
Abstract This paper discusses the efficiency and performance
improvement of the search engine by creating Index .The
performance of index fundamentally affects the result of retrieval in
search engine, it is also useful for space usage and executing speed.
In traditional search engine, index is recreated whenever any
updation occurs in repository. Compared with the traditional index
architecture, current scheme is comprised of main inverted index,
append inverted index, and deleted file list, fitting for the frequent
update problem of index. An inverted index scheme is proposed to
solve the frequent update in traditional search engine.
Keywords— Performance, Index, Traditional search engine,
Updating, Inverted index.
I. INTRODUCTION
Information on Internet is growing exponentially. As the
growing information on Internet, the organization and
utilization of information resources has become a research
spot in information technology. Search Engine technology is
one of its research objects. Since the Web-based search engine
appeared in 1994. It aims for information Navigation offering
the retrieval service for users by searching, gathering, and
understanding, extracting, organizing, and processing the
information on Internet with certain tactics. With the lasting
growth of information on Internet, the information coverage
rate and retrieval precision of generic search engine decreases
continuously. Therefore, the development of topic-focused
information search tool has become a trend. The topic is the
characteristic of information Specific for users; according to
different topic the search engine gathers web pages for postprocessing.
Compared with traditional search engine the topic
search engine has its advantages: Smaller searching zone;
faster gathering and updating of' Information; more accurate
webpage retrieval; higher correlation with users; lower cost
for implementing.
The search engine is usually divided into three parts:
Information-gathering module, index module, and inquiry
service module. The purpose of setting up index is to improve
the speed for looking up through the index data structure.
With the popularization of Internet, it is more convenient to
obtain the documents in larger quantity. The traditional
algorithms, directly sequential keywords-scanning, have been
far from meeting the response timing requirements of modern
1 Karunendra Verma is Research Scholar at Vishwakarma Institute of
Technology, Pune-37 and pursuing M.E. (CSE)-IT.
Prof. R. V. Pawar is Assistant Professor in Information Technology at
Department of Computer Engineering, Vishwakarma Institute of Technology,
Pune-37. (email: rvspawar@rediffmail.com)
Information retrieval system. So the research on this topic has
been launched.
II. RELATED WORK
Extensive research has been focused on the index technology,
and various methods have been introduced. The primary
problem of constructing the index is the choice of an index
model. Inverted index model, Pat array model, and signature
file model are three kinds of full text index model. Inverted
index model is derived from the book content. Because of its
easy implementing, the inverted index model has become
widely used . Pat array model [1] is suited for more complex
inquiry, for instance, prefix inquiry and range inquiry.
However, it is difficult to construct and maintain. Signature
file model, popular in 1980's, has gradually been replaced by
inverted index model.
Modification has been made for Pat array model for
improving the efficiency of space and time. Because of the
relative stability of the indexed documents, static indexing
technology is adopted in the early information retrieval
system. Ricardo [4] and Charles have only illustrated the static
index technology when explaining the full text inverted
technology. This technology needs to rebuild the global index
repository, when updating the index, supposed those indexed
documents are seldom changed or the changing period is
comparatively long.
With the rapid development of Internet, the index of the
search engine needs frequent update. Therefore, the worse
updating performance of static index technology gradually is
uncovered. Three kinds updating tactics, eager, piggyback,
and batch approach, are compared and the conclusion is
drawn that the performance of piggyback is superior to the
other two methods. Google [1], widely used under the
hyperlink data environment, is an excellent search engine. It
adopts the keyword-based technology breaking through the
restriction of inquiry topic, and analyzes in depth the
hyperlinks to web pages with its original Page Rank algorithm
for sorting the search results, which greatly improves the
search performance and makes itself one of the best
commercial one.
III. INDEX
Index is data structures over the text (called indices) to speed
up the search .it is worth- while building and maintaining an
index when the text collection is large and semi-static .Semi
static collections can be updated at reasonable regular interval
(e.g. daily).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 20

Proceedings of ICCNS 08 , 27-28 September 2008
The goal of storing an index is to optimize the speed and
performance of finding relevant documents for a search query.
Without an index, the search engine would scan every
document in the corpus, which would take a considerable
amount of time and computing power. For example, an index
of 10,000 documents can be queried within milliseconds,
where a sequential scan of every word in 10,000 large
documents could take hours. No search engine user would be
comfortable waiting several hours to get search results. The
trade off for the time saved during retrieval is that additional
storage is required to store the index and that it takes a
considerable amount of time to update.
IV. INDEX DESIGN FACTORS
Major factors in designing a search engine’s architecture
include:
1. Merge factors
How data enters the index, or how words or subject features
are added to the index during corpus traversal, and whether
multiple indexers can work asynchronously. The indexer must
first check whether it is updating old content or adding new
content. Traversal typically correlates to the data collection
policy.
2. Storage techniques
How to store the index data - whether information should be
compressed or filtered
3. Index size
How much computer storage is required to support the index .
4. Lookup speed
How quickly a word can be found in the inverted index. How
quickly an entry in a data structure can be found, versus how
quickly it can be updated or removed, is a central focus of
computer science.
5. Maintenance
Maintaining or updating the index over time.
V SYSTEM ARCHITECTURE AND DATA STRUCTURE OF INDEX MODULE:
This system is implemented utilizing the inverted index
module. Its architecture is shown in Figure 1.The index
module is mainly comprised of web pages parser, document
index, index lexicon ,forward index ,inverted index ,index
manager and segment lexicon .
This structure is some different from the traditional system, In
traditional System there is only one inverted index module and
any updation happen in repository it is always updated same
index by recreating index repository .Where as in this system
this single module is divide in three different modules,
appended index for adding new document in the index, delete
file list for deletion of document from index and main inverted
index.
A. Web Page Parser:
Crawlers are primarily read out for further analyzing. It
functions as:
1. Remove the irrelevant information, such as advertisement,
from web pages and extract the main content.
2. Compute the checksum of web page URL.
3. Segment words, count their frequency of usage, and
compute their weights according to their word-location, font,
color, and word-frequency.
Categorize documents based on their contents and number
each document according to the categorization. In addition,
web page parser is tolerant of possible errors, such as spelling
error in html label, blank missing in label definition, non-
ASCII character, and error-nested html label. Web page parser
plays a key role in search engine. A good parser can
accurately analyze the content, architecture, and
characteristics of web pages, and regulate their contributions
to the web pages improving the precision of search results.
Repository
Parser
Forward Index
Append
Inverted
Index
Deleted
File List
Inverted Index
Index Manager
Segment Lexicon
Document Index
Index
Lexicon
Main
Inverted
Index
Figure 1: Index Management
Query
Result
B. Document indexing:
Repository stores the information of each parsed document.
The repository is indexed by DocID (Document
Identification). The indexes item is comprised of the
corresponding URL checksum, type, location in repository,
abstract, and length of each document.
C. Index Lexicon and Segment Lexicon:
Index lexicon stores the words to be indexed, correspondingly
with their serial number, and location in indices (inverted
index and append index), shown in Figure 2. New words
when parsing the web pages should-be appended to the
lexicon. Segment lexicon is utilized in document segmentation
and merging the segments [1].
Figure 2: Data Structure of Index Lexicon
The Character-based method and word-based one have
different advantages and disadvantages respectively.
Character-based method is more general with easier
implementing and lower maintaining cost. Nevertheless, this
method may obtain irrelevant documents ignoring their
meaning, and require more storage space.
As a contrast, in word-based method its index repository could
be organized as a Smaller one with a relative faster response,
and concept-based retrieval could be performed implementing
synonym and antonym processing.
R
E
T
R
I
E
V
A
L
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 21

Proceedings of ICCNS 08 , 27-28 September 2008
However, this method needs the segment processing for
source document, and large quantity words need to be stored.
The relative concentration of contents, high accurate of
segments, comparatively smaller words in lexicon characterize
this system .Therefore, the word-based lexicon is utilized in
this system. Index lexicon is stored in memory employing the
Hash function for retrieval. In index lexicon data structure, the
first position is mapped from the position in main inverted
index, and the second position is mapped from the position in
append index. A null pointer is assigned to indicate no such
word in indices or in the append index [1].
D. Forward Index:
Forward index take the DocID as index item. Index is sorted
according to the number of document followed by the
numbered words and their frequency .The index unit list
follows each numbered word. Figure 3 show the structure of
the forward index.
Figure 3: Data Structure of Forward Index
E. Hit Lists:
A hit list corresponds to a list of occurrences of a particular
word in a particular document including position and font
information. Hit lists account for most of the space used in
both the forward and the inverted indices. Because of this, it is
important to represent them as efficiently as possible. We
considered several alternatives for encoding position and fontsimple
encoding (a triple of integers). The details of the hits
are shown in Figure 4.
Figure 4: Data Structure of Hit
Compact encoding uses two bytes for every hit. There are two
types of hits: fancy hits and plain hits. Fancy hits include hits
occurring in a URL, title, anchor text, or Meta tag. Plain hits
include everything else. A plain hit consists of font size and
13 bits of word position in a document. Font size is
represented relative to the rest of the document using three
bits (only 7 values are actually used because 111 is the flag
that signals a fancy hit). A fancy hit consists of the font size
set to 7 to indicate it is a fancy bit, 4 bits to encode the type of
fancy hit, The length of a hit list is stored before the hits
themselves. to save space, the length of the hit list is combined
with the WordID in the forward index and the DocID in the
inverted index[1].
F. Inverted Index:
For the real-time update of index, the inverted index module is
composed of three components: main inverted index, append
inverted index, and deleted file list.
Main inverted index and append inverted index are both
sorted by WordID. DocID, weight, and index, unit are three
items in the lists. Figure 5 show the structure of inverted
index.
Figure 5: General Process for indexing
VII. USED ALGORITHM
1. Delta Encoding for Compression
Delta encoding is a way of storing or transmitting data in the
form of differences between sequential data rather than
complete files. Delta encoding is sometimes called delta
compression. The differences are recorded in discrete files
called”deltas” or ”diffs”. Because changes are often small,
delta encoding greatly reduces data redundancy. Collections
of unique deltas are substantially more space-efficient than
their non-encoded equivalents. Before storing in to the index
first we will compress the word by using delta encoding and
then store in index. here giving pseudo code for delta
encoding algorithm [9] .
void delta encode(char * buffer, int length)
{
char *temp1,static _temp2 = null;
int i; temp1 = buffer;
for (i = 0; i < length; + + i)
{
if(temp1[i] == temp2[i])
{
count + +;
}
else break;
}
temp2 = buffer;
Printf(%d%s,count,temp1 + count);
}
2. MergeSort Algorithm
The sorting algorithm Mergesort produces a sorted sequence
by sorting its two halves and merging them.Mergesort is also
efficient on list and we are storing word,documented using
List. here giving pseudocode for Mergesort algorithm [9] .
void mergesort(int low, int high)
{
if(low

Proceedings of ICCNS 08 , 27-28 September 2008
void merge(int low, int m, int high)
{
int i, j, k;
for (i=low; i

Proceedings of ICCNS 08 , 27-28 September 2008
IX. CONCLUSION
Different methods to index implementation are studied.
According to the characteristics of search engine, real time
updation in index is requiring. A particular index model is
designed, the inverted index of which is comprised of main
inverted index, append Inverted index, and deleted file list,
solving the index update problem. Different implementations
in main inverted index and append inverted index further
contributes the Performance improvement.
REFERENCES
[1] An Index Design in Topic-focused SearchEngine0-7803-
8125- 4/03/20.00@2005IEEE.
[2] Efficient Update of Indexes for Dynamically Changing
Web Documents Lipyeow Lim.MinWang Sriram
Padmanabhan Jeffrey Scott Vitter.Ramesh Agarwal Received:
4 April 2004 / Revised: 17 March 2005 /Accepted:6
November 2006 / Published on-line: 2 March 2007 Springer.
[3] Second <strong>International</strong> <strong>Conference</strong> on Availability,
Reliability and Security (ARES’07)
0-7695-2775-2/0720.00 2007 IEEE
[4] ” Modern Information Retrieval” by Ricardo Baeza-Yates
and Berthier Ribeiro Neto:changes in modern information
retrieval and how to provide relevant information in this book
about IR technology and Block addressing indices for
approximate text retrieval.
[5] Parsing, indexing, and searching XML with Digester and
Lucene by Otis Gospodnetic (developerWorks, June 2003).
[6] Apparao, V., Byrne, S., Champion, M., Isaacs, S., Jacobs,
I., Le Hors, A., Nicol, G.Robie, J.,Sutor, R., Wilson, C.,
Wood, L.http://www.w3.org/TR/REC-DOM
[7] Boyer, R.S., Moore, J.S.: A fast string searching
algorithm. Commun. ACM 20,762
[8] A. F. Lucene. Apache lucene. http://lucene.apache.org/, 10
2006.
[9]Performance Analysis and Optimization on Lucene by
David Chi-Chuan Su 609 Es- condido Road Stanford, CA
94305 +1 650 497 7416 dsu800@stanford.edu
[10]http://www.dcs.gla.ac.uk/Keith/Chapter.1/Ch.1.html
[11]http://www.dcs.gla.ac.uk/Keith/Chapter.2/Ch.2.html
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 24

Proceedings of ICCNS 08 , 27-28 September 2008
ARBSGen: Association Rule Based automatic
worm Signature Generation
Sandeep Thorat , Rohit Khot
sandeep_thorat,rohit_a{students.iiit.ac.in}
Abstract— In recent era, Internet worms are one of serious
threats which have been a major cause of intrusion attempts.
Traditional Intrusion Detection Systems (IDS) store all known worm
signatures and monitors real time traffic to find out these signatures
and prevent possible intrusion attempts. This approach is not useful
for newly evolved worms due to the unavailability of their signatures.
Present worm signature generation work needs manual analysis
which is time consuming process. To circumvent these problems
substantial efforts have been made which automate the process of
worm signature generation.
In this paper we address the problem of automating worm
signature generation process. We propose an Association Rule Based
Signature Generation (ARBSGen) algorithm which operates at
network entry point to find out new attack patterns and generate
signatures. We use content invariance and prevalence characteristics
of the worms for worm signature generation. Our system is highly
effective against newly evolved worms and slow propagating worms.
Our System operates offline and hence is stable against Denial of
Service attacks (DOS). These are significant improvements over
existing automated worm signature generation methods like Earlybird
and Autograph.
Keywords - Association Rule mining, Network Security,
Signature Generations, Worms.
I. INTRODUCTION AND MOTIVATION
Intrusion refers to any action done intentionally or
unintentionally, which threatens the Security, Integrity,
Availability and Confidentiality of the system. Intrusion
detection systems detect such intrusions attempts and help to
secure computing environments. In recent year’s sudden
increase in malicious activities across the network made
Intrusion detection as one of the most concerned areas.
Internet worms are a major source for Intrusion attempts. A
worm is a self-replicating program moving across the
networks. Worms remotely exploit software vulnerabilities of
a victim host and spread infections to other machines utilizing
current victim’s resources. Since worms are spreading at an
enormous rate they causes major outburst. Unfortunately,
existing techniques to defend against these outbreaks are
extremely poor. Typically, new worms are detected in an ad
hoc fashion by a combination of intrusion detection systems
and administrator handwork. After isolating an instance of a
worm, skilled security professionals manually characterize the
worm signature. This signature is used to prevent subsequent
infections by updating Intrusion Prevention Systems signature
database. But this approach is quantitatively insufficient as
manual signature generation is often slow and expensive [13].
Therefore steps are needed to automate worm signature
generation process. A lot of work has been done in Host based
intrusion detection areas in this regard. Host based Intrusion
detection systems monitor the system calls executed to find out
the malicious behavior/pattern in execution. But these systems
are extremely complex to build. Another major deficiency with
these methods is that, these systems are used for protection of
end host systems rather than protection of the entire network.
From Administrator point of view network protection is more
effective. So network based intrusion detections and
preventions are always preferred to protect entire network
from attacks [3]. For tackling worms one possible direction is
find out IP addresses of infected machines and block these IP
addresses. Ideally this will prevent further infections in the
network. But this is often too blunt instrument to be used
alone; simply blocking all traffic for port 80 at edge networks
across the Internet shuts down the entire web when a worm
that targets web servers is released. Moore et al. [11]
compared the relative efficacy of source-address filtering and
content-based filtering. Their results show that content-based
filtering of infection attempts slows the spreading of a worm
more effectively. Motivated by the efficiency of content-based
filtering different systems were built which detect and prevent
worms using content of traffic. In year 2004 Earlybird [1] and
Autograph [2] systems addressed this problem at network
entry point.
The rest of the paper is organized as, Section 2 discusses
about worm behavior and limitations of Earlybird and
Autograph. In Section 3 we present detail architecture of
ARBSGen system followed by the algorithms used in system.
The Section 4 gives implementation environment and
experimental results. We describe some deficiencies of our
method in Section 5. Finally, in Section 6 we summarize our
work and conclude.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 25

Proceedings of ICCNS 08 , 27-28 September 2008
II. WORM BEHAVIOR ANALYSIS FOR SIGNATURE
GENERATION
A worm tends to behave quite differently from the general
client-server and peer-to-peer applications deployed on
networks. In this section we explore key behavioral
characteristics of a worm in more detail and we discuss how
they are exploited to detect and characterize network worms
[2].
A. Content Invariance
For most of the worms the program content (worm’s attack
code) is invariant across every copy. Typically, the entire
worm program is identical across every host it infects.
However, some worms make use of limited polymorphism.
The polymorphic worms change the attack code content by
encrypting each worm instance independently and/or
randomizing smaller text. In these cases, much of the worm
body is variable, but key portions are still invariant (e.g., the
decryption routine).
B. Content Prevalence
Since worms are designed to spread very fast, the invariant
portion of a worm's attack code appears frequently on the
network as it spreads. Also worm always target a particular
service on the machine. Worms exploit these services to
propagate further. Since the services are identified with
Destination port, worms generate frequent traffic on particular
destination port.
C. Suspicious Connections
When worms start spreading they use different scanning
techniques to find out new victims. These scanning techniques
cause many failed connection attempts in the network. Since
the IP address they are trying to connect may not be in
existence (some worms generates IP address randomly), or the
service they are attempting to exploit may not be running on
destination host. So if we track out the IP addresses causing
failed connections attempts inside the network, it’s sufficient
to track only connections made by these IP addresses to find
out worm signatures. It’s more likely that these IP addresses
are infected with worms and will make worm attacks.
In this paper we will present ARBSGen system for
Automatic worm signature. ARBSGen is based on content
prevalence and content invariance characteristics of worm.
The system finds out frequent packet payload strings flowing
into network targeted on particular destination port, which is
more likely to be a worm code. For finding out these frequent
strings targeted for a particular destination port ARBSGen
uses Association Rule Mining techniques. Association Rule
mining is useful to find out strong relationship between
different columns of the relational databases [7]. ARBSGen
uses Association rule mining techniques to find strong
relationship between a frequent payload and destination port.
From above discussion, finding out worm signature is
equivalent to find out strong relationship between payload and
destination port. The association rules generated is in the form
of:
Frequent Payload Destination Port
Later these Association rules are used as worm signature in
IDS systems to prevent further infections [5, 12].
Since major algorithms in ARBSGen are using Association
Rule mining strategies which carried out at offline, it has
following merits compared to Earlybird and Autograph. [1, 2]
1 Effectiveness against the slow propagating worms
Earlybird and Autograph rely on real time monitoring,
processing of the packet payloads. Due to the real time
monitoring, these methods have limitations in amount of data
they process and as a result of this effectiveness of the
operations is affected. Since incoming data is very high in
volume, these systems have to run garbage collectors to dump
all data after certain periodic interval and start analysis from
scratch. As in case of slow propagating worm’s attack is not in
form of bursts but steadily going. Earlybird and Autograph fail
against them since required data must have been dumped
before recognizing it as a worm. In ARBSGen we are using
Association Rule Mining in incremental way [7], so more
effectiveness against slow propagating worms is achieved.
2 Robustness against DOS attacks on the system itself
Earlybird and Autograph carry out processing of packets at
real time. If packet rate is very high it results either in
dropping few packets from processing or DOS attack on the
system. This makes possibility of evasion against the system as
system is unable to capture required data. Since Earlybird and
Autograph carry packet processing at real time, they have the
edge with respect to time taken to generate worm signatures.
But since our main motto is to find out the signature of newly
arriving worms; we can accommodate certain latency in
signature generation part. So if we move packet processing
part offline rather than real time, we get better effectiveness
and correctness in the signatures generated by the system. The
ARBSGen carries major data processing offline; hence the
system is safe against any DOS attempts against it.
III. ARBSGEN SYSTEM ARCHITECTURE AND
WORKING
In this section we present architecture of ARBSGen in detail
(See Figure 1). The system is deployed at network’s entry
point so that it monitors all incoming traffic. First, a suspicious
traffic selection stage uses heuristics to classify inbound TCP
flows as either suspicious or non-suspicious. This decision
depends on worm’s characteristic of target scanning before
spreading (as seen in 2.C), which causes many failed
connection attempts inside the network. So once we identify
suspicious IP’s causing number of failed connections, we
designate any connection from such IP’s as suspicious
connection. Thus, this component reduces the volume of
traffic that must be processed subsequently to a great extent.
Also it will reduce the number of false positives in generated
signatures since we are monitoring only suspicious
connections.
After above processing ARBSGen performs TCP flow
reassembly for inbound payloads in the suspicious flow pool if
required. The resulting reassembled payloads are analyzed for
generating worm signatures. Flow reassembly removes
possibility of signature evading by distributing worm code
over multiple packets [2].
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 26

Proceedings of ICCNS 08 , 27-28 September 2008
Signature generation requires analysis of the content of
payloads of suspicious flows to find out the signatures. We
have seen in section 2 that as per Moore’s observations two
properties of worms suggest content analysis is fruitful for
signature generation. First, a worm propagates by exploiting
one software vulnerability or a set of such vulnerabilities. And
thus payload content across worm infection has to be frequent.
Even in those cases where multiple variants of a worm’s
payload have existed (e.g., Blaster), those variants have shared
significant overlapping content. Second, a worm generates
voluminous network traffic as it spreads; this trait stems from
worms’ self-propagating nature. For port-scanning worms, the
exponential growth in the population of infected hosts and
attendant exponential growth in infection attempt traffic are
well known.
data. In ARBSGen we have chosen function Prologue and
Epilogue procedure codes as anchors for selecting these
boundaries. Prologue and Epilogue identifies logical units of
the program, which is indirectly indicates semantics of the
data.
Once we have found content based payload partitions these
partitions are hashed to get unique hash values. And these hash
values are stored in the Traffic Log Database in a tuple of the
form:
.
If the hash value is already present in the database count field
is incremented by 1. Since in this scenario we are more
concerned towards the efficiency of the hash rather than hash
collision rate; we have chosen SuperFast Hash function.[16]
This procedure is given in algorithm Data Capture.(See fig 2)
During signature generation, ARBSGen finds the frequent
payloads by measuring the frequencies with which different
payload substrings occur across all suspicious connections.
Also it finds frequent destination port by measuring the
frequencies of each destination port in network traffic. After
that ARBSGen finds out association rule between payload and
destination port which indicates strong relation between these
2 fields of the packet header. The association rules generated
is used as worm signature.
But since most of the times when worm code is propagating;
whole packet payload is not repeating but certain part of
payload is very frequent. So it’s not useful to check out for
frequently occurring packet payloads but it is required to find
repeating part of packet payloads. This care is taken by the
next component in architecture i.e. Content based payload
partitioning. So rather than representing packet as a single unit,
it is divided into multiple parts and frequency of these
partitions is checked. If we divide packet payload into fixed
length partitions, it won’t be useful. Since it is not possible to
predict exact starting position of the worm signature; we need
to partition the packet according to the semantics of the data in
the packet. This problem is equivalent to given 2 files; find out
if these files are similar [6]. So we divide a flow’s payload into
variable-length content blocks using COntent-based Payload
Partitioning (COPP) [2]. Because COPP determines the
boundaries of each block based on payload content, the set of
blocks COPP generates changes little under byte insertion or
deletion. This adds robustness in signature detection process.
For COPP we need to decide the anchors which will determine
the partition boundaries depending on the semantics of the
For each packet do
{
Check if packet is from suspicious sender if not continue;
If required carry out Fragmentation & reassembly;
Apply Content based payload partitioning on packet;
Find out hash value of content based partition;
Check if Hash Value already present in database if yes
Increment corresponding counter value in database &
update entry time;
Else
Add new entry in database for current packet;
}
Fig 2: Algorithm Data Capture
After periodic intervals association rule mining technique is
applied on Traffic Log Database to find out possible worm
signatures. In ARBSGen we are using algorithm similar to
apriori association rule mining algorithm. It requires two scans
of the current database to find out the relation between
frequent payload and destination ports. It gives the payloads
and destination port which have strong relation between each
other; which means that they occur frequently together. We
also run garbage collector module periodically on the Traffic
Log Database. The Garbage Collector will remove the tuples
from Traffic Log Database which are either too old or having
very less frequency (very small value of count). The threshold
values for Support, Confidence, and timeout period for
garbage collector are tunable. So according to the nature of the
traffic these values are adjusted in ARBSGen system. This will
help to keep database size within certain limits. See fig. 3 for
detail association rule mining algorithm.
Initially system is trained for certain time period, so that it
will capture all frequent data packets specific to network.
Using this frequent data a white list is prepared. Generated
signatures are checked if they are part of white list. If not
signature is added to Signature database. Signatures are stored
in Snort compatible format. So these signatures used directly
be used by IDS system like Snort
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 27

Proceedings of ICCNS 08 , 27-28 September 2008
Using the Traffic Log Database do-:
Find the content based payload partitions which crosses
threshold count value.
Find the destination ports occurring frequently (crossing
threshold).
Generate all possible combinations of payload & ports
from above values. (Each combination represents a rule).
Check confidence of each rule & select those rules which
satisfy user set confidence, support criteria’s.
Add the selected rules in signature database.
Fig 3: Algorithm Association Rule Mining
IV. EXPERIMENT ENVIORNMENT AND RESULTS
The ARBSGen system is implemented on standard Linux
2.6 kernel. The system is placed near network entry point, so
as to pass all data flowing inside the network through the
system. The ARBSGen sensor itself is a single threaded
application which executes at user-level and captures packets
passively. The program is implemented in C language using
the popular libpcap packet [15] capturing library. The system
uses SuperFast hash function for getting hash values. Mysql is
used as back end for storing traffic log database.
The following is Blaster worm signature we got using
ARBSGen. The payload given in signature is buffer overflow
code used by Blaster worm to exploit RPC service on the
victim.
0xB0,0x70,0xDD,0xAE,0x74,0x2C,0x96,0xD2,0x
60,0x5E,0x0D,0x00,0x01,0x00,0x00,0x00,0x00,0x
00,0x00,0x00,0x70,0x5E,0x0D,0x00,0x02,0x00,0x
00,0x00,0x7C,0x5E,0x0D,0x00,0x00,0x00,0x00,0
x00,0x10,0x00,0x00,0x00,0x80,0x96,0xF1,0xF1,0
x2A,0x4D,0xCE,0x11,0xA6,0x6A,0x00,0x20,
0xAF Destination port 135
Fig 4 : Blaster Worm Signature
The following is Code Red I worm signature we got using
ARBSGen. The Code Red worm is considered as slow
propagating worm. The payload given in signature is buffer
overflow code used by worm to exploit IIS server on the
victim.
0x74,0x8B,0x95,0x68,0xFE,0xFF,0xFF,0x7A,0x0F,
0xBE,0x02,0x7D,0x85,0xC0,0x7F,0x0F,0x84,0x8D,
0x00,0x00,0x00,0x8B,0x8D,0x68,0xFE,0xFF,0xFF,
0x0F,0xBE,0x11,0x83,0xFA,0x09,0x75,0x21,0x8B,
0x85,0x68,0xFE,0xFF,0xFF,0x83,0xC0,0x01
Destination port 80
Fig 5 : Code Red I Worm Signature
In similar way ARBSGen have found signatures of other
worms which are frequent on our university campus network.
V. LIMITATIONS OF THE SYSTEM
Though ARBSGen has edge over Earlybird and Autograph
in terms of effectiveness and efficiency; it faces some of
similar limitation which is faced by these systems. The
following are possible limitations of the ARBSGen.
1) Polymorphic Worms
The polymorphic worms have changing signatures and only
very small part of worm code is invariant. Due to this we get
small invariant part of worm code as a worm signature. A
small worm signature causes high false positive rate in worm
detection when applied on real time traffic; since its more
likely that small code segment is part of benign traffic.
2) Hit List based scanning
Sometimes worm’s takes help hit list scanning for
performing attacks where probability of failed connections
attempts is very less. In ARBSGen we are using failed
connection attempts to identify the suspicious connection.
So our system will not monitor these connections. It results
in failure of the system for signature generation. To handle
this situation we need to build a complete system which can
track out every possibility of suspicious connection and find
such connections.
VI. CONCLUSIONS
In this paper, we have given a method for real time detection
of unknown worms and automated extraction of worm
signatures. Due to offline and incremental processing, our rule
generation algorithm works effectively against the slow
propagating worms. Also ARBSGen algorithm has been
observed as robust against DOS attacks. We have implemented
the algorithm with moderate memory and computational
requirements.
ARBSGen system has been able to detect and extract
signatures for all contemporary worms. These types of systems
can also be helpful for solving SPAM like problems where
unwanted frequent content is moving on the network. Finally,
our system demonstrates the feasibility of automated high
speed network security which is demand of future network
security applications.
REFERENCES
[1] Sumeet Singh, Cristian Estan, George Varghese and
Stefan Savage “Automated Worm Fingerprinting” OSDI
2004
[2] Hyang-Ah Kim, Brad Karp “Autograph: Toward
Automated, Distributed Worm Signature Detection”
Usenix2004
[3] Ramana Rao Kompella “On Scalable Attack Detection in
the Network” IMC’04
[4] C. Estan, G. Varghese, and M. Fisk. “Bitmap algorithms
for counting active flows on high speed links”. In
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 28

Proceedings of ICCNS 08 , 27-28 September 2008
Proceedings of the ACM Internet Measurement
<strong>Conference</strong>, Oct. 2003.
[5] Snort: Open source network intrusion detection system
www.snort.org 2002
[6] Athicha Muthita charoen “A Low-bandwidth Network
File System” SOSP 2001
[7] Rakesh Agrwal, Arun Swami “Mining Association Rules
between Sets of Items in Large Databases” SIGMOD
1993
[8] Mikolaj Morzy, Tadeusz Morzy “Incremental
Association Rule Mining using Materialized Data
Mining Views” ADVIS 2004
[9] Like Zhang, Gregory White “Analysis Of Payload Based
Application Level Network Anomaly Detection” 40 th
Hawaii <strong>International</strong> <strong>Conference</strong> on System sciences
2007
[10]J. Zico Kolter Marcus Maloof “Learning To Detect and
Classify Malicious Executable In The Wild” Journal of
machine learning research 2006
[11]Moore, D., Shannon, C., Volekar, G. M., And Savage, S.
Internet Quarantine: Requirements for Containing Self-
Propagating Code. In Proceedings of IEEE INFOCOM
2003.
[12]Paxson, V. Bro: A System for Detecting Network
Intruders in Real-Time. Computer Networks 31, 23-24
(Dec. 1999).
[13]F. Cohen. Computer Viruses . Theory and Experiments.
Computers and Security, 1987.
[14]www.symantec.com
[15]Libpcap project http://sourceforge.net/projects/libpcap/
[16]Super Fast Hash Function:
http://www.azillionmonkeys.com/qed/hash.html
[17]M. Mahoney. “Network Traffic Anomaly Detection Based
on Packet Bytes” Proc. ACM-SAC 2003
[18]V. Paxson, Bro: “A System for Detecting Network
Intruders in Real-Time”, Computer Networks, 31(23-24),
pp. 2435-2463, 1999
[19]U.Manber. “Finding similar files in a large file system” In
Proceedings of the USENIX Winter Technical
<strong>Conference</strong>, 1994.
[20]J. Hoagland, SPADE, Silican Defense,
http://www.silicondefense.com/software/spice, 2000.
[21]Athicha Muthitacharoen, Benjie Chen, and David
Mazières, “A Low-bandwidth Network File System”
In the Proceedings of the 18th Symposium on Operating
Systems Principles (SOSP). Banff, Canada. October, 2001
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 29

Proceedings of ICCNS 08 , 27-28 September 2008
Integrated Approach for Signature Extraction and
Profile Generation of Malwares with Monitoring
and Detection
Suhel Ahamed, Dr. J.L. Rana, R.K. Pateriya
Abstract:-Software security assurance and malware
(Trojans, worms, and viruses, etc.) detection are important topics
of information security. Today many Antivirus Scanner just look
for simple signature obtained by the simple dissembling of the
malware, but there are several new type of malwares have arrived
which can easily subvert the detection, also several new variants
of viruses are being created everyday, which is another challenge
for Antivirus Scanners. In this paper, we present an Integrated
Approach of stronger signature extraction and profile generation
of malwares on the basis of there system call sequences, hidden
capabilities, and behavioral data like obfuscation methods. The
stronger signature or profile generated thru this approach can be
used to identify several new variants of malwares and newly
arrived malware that uses obfuscation methods like packers, root
kit, and polymorphism etc. we also have a trust level based
monitoring system that can be used for further detection.
Keywords: - Signature Extraction, Obfuscation, Static
Analysis, Dynamic Analysis, Polymorphism, Trust levels etc.
I. INTRODUCTION
Today, many anti-virus (AV) scanners primarily detect
viruses by looking for simple virus signatures within the
file being scanned. The signature of a virus is typically
created by disassembling the virus into assembly code,
analyzing it, and then selecting those sections of code that
seem to be unique to the virus. The binary bits of those
unique sections become the signature for the virus.
However, this approach can be easily subverted by
polymorphic viruses, which change their code (and virus
signature) every time they’re run.
Theoretical studies have established that there is no
algorithm that can detect all types of viruses, [1] [2].
Current commercial anti-virus software, however, are
mostly ineffective in scanning polymorphic and
metamorphic versions of identified malware. Detection
techniques that use program annotation have been
proposed; however, the amount of time required for
analysis and annotation, as reported, is too high for even
fairly simple malware to be, practical [3][4]. The work
present in this paper is an integrated approach toward the
analysis methods like disassembly (static), behavioral
analysis (dynamic), etc. to generate a stronger signature or
profile to detect Polymorphic Virus, obfuscated codes, and
dynamic variants of viruses.
II.
MALWARE TECHNIQUES
Nowadays malwares are trying every sort of thing to
prevent detection such as obfuscation methods.
Obfuscation is a technique to obscure information such
that others cannot construe the true meaning. With respect
to malware, code obfuscation is an appealing technique to
hinder detection. A simple obfuscation, requiring very
little effort on the part of the virus writer, may render a
known virus completely undetectable to the commercial
scanners.
Following Obfuscation methods are being used by
malwares today:
1. Code obfuscation
2. Polymorphism
3. Packers
4. Root-kits
A. Code obfuscation
For simplicity the code obfuscated malware have been
classified into five types. Generally, the complexity and
‘robustness’ of the malware increases as their type indices
increases.
Type 1: Null operations and dead code insertion
NOPs are inserted into the malicious code. There is
virtually no modification to data or control flow. An
example of a type 1 transformation is presented in Figure 1
below. On the left we have the original code and on the
right we have the modified code with null operations
inserted after every two lines.
Original code
mov eax, -44(ebp)
mov -44(ebp), ebx
sub 12, esp
lea -24(ebp)
push eax
After transformation
mov eax, -44(ebp)
mov -44(ebp), ebx
Nop
Sub 12, esp
Lea -24(ebp)
Nop Null Operation
Push Eax
Figure 1: Example of null operation insertion
Inserting null operations is similar to inserting white space
in a document: it may take longer to read but no more
difficult as the content remains the same.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 30

Proceedings of ICCNS 08 , 27-28 September 2008
Type 2: Data modification
Some data obfuscating transformation is applied,
such as string splitting or variable type replacement.
For example, we could replace a Boolean variable with
two integers. If they are equal, the statement is true,
otherwise it is false. In the example below, Figure 2, x is a
Boolean variable and a, b are integers. The code on the left
is the original control flow and the code on the right
performs exactly the same but has a different signature.
Original code and meaning
cmpb 0, x if (x ==true)
je .sub goto sub
Transformed code and meaning
mov a, eax if (a < b)
cmpl b, eax goto sub
jge .sub
Figure 2: Example of data flow obfuscation
Type 3: Control flow modification
Control flow obfuscating transformations are
applied. Code is swapped around and jump instructions are
inserted. For example, we could copy the contents of a
subroutine to another location in the file and add jumps to
and from the subroutine. The code would work exactly the
same but look quite different. In
Figures 3 below, three lines of code have been shifted to
some location (denoted as [shift]) and helper code has
been inserted.
Original code
cmp 24, eax
jne .sub
sub 12, eax
push eax
Figure 3: Example of control flow obfuscation
After transformation
jmp [shift]
nop Helper Code
nop
push eax
Original execution path resumes
cmp 24, eax
jne .sub – [shift]
sub 12, eax
jmp -[shift]Helper Code
Type 4: Pointer aliasing
The last technique is to introduce pointer aliasing.
Variables are replaced with global pointers and functions
are referred to by arrays of function pointers. This type of
transformation is relatively easy to implement using high
level languages that allow pointer references but tricky (at
best) using assembly languages. Pointer aliasing can be as
simple as changing a = b into *a = **b or as complex as
converting all variables and functions into an array of
pointers to be referenced by pointers to pointers.
Type 5: Data and control flow modification
Pull out all the stops and combine data and control
flow transformations. At this level junk code is inserted
and variables can be completely replaced with large
sections of needless code. For example, we can modify all
Boolean variables as above and transpose the program’s
entry point as in Figure 4.
Original code
cmp 24, eax
jne .sub
sub 12, eax
push eax
After transformation
jmp [shift]
nop Helper Code
nop
push eax
Original execution path resumes
mov 24, eax Data obfuscation
cmpl b, eax Data obfuscation
jle .dead_code
jne .sub – [shift]
sub 12, eax
jmp -[shift]Helper Code
Figure 4: Example of data and control Flow obfuscation
B. Polymorphism
Polymorphic computer viruses are the most complex
and difficult viruses to detect, often requiring anti-virus
companies to spend days or months creating the detection
routines needed to catch a single polymorphic.
Polymorphic virus is a computer virus that can mutate
itself every time it runs. Polymorphic virus uses a
Mutation Engine with infinite number of decryptor loop to
encrypt and decrypt the virus body and mutation engine as
well. Although polymorphism is independent of
encryption, it is easier to use encryption to hide the main
body of the virus and implement a polymorphic decryptor.
The first known polymorphic virus was written by Mark
Washburn [6]. The virus, called 1260, was written in 1990.
A more well-known polymorphic virus was invented in
1992 by the Bulgarian cracker Dark Avenger (a
pseudonym) as a means of avoiding pattern recognition
from antivirus software. In 1992, Dark Avenger [6], author
of Maltese Amoeba, distributed the Mutation Engine, also
known as MtE, to other virus authors with instructions on
how to use it to build still more polymorphic.
Today, anti-virus researchers report that polymorphic
viruses comprise about five percent of the more than 8,000
known viruses.
Two polymorphic [7] — One Half and Natas — rank
among the 20 most-prevalent computer viruses, according
to the 1996 Computer Virus Prevalence Survey conducted
by the National Computer Security Association (NCSA).
One Half slowly encrypts a hard disk. Natas, also known
as SatanBug.Natas, is highly polymorphic, designed to
evade and attack anti-virus software. It infects .COM and
.EXE program files.
A few modern polymorphic viruses use encryption in a
more powerful way, by encrypting parts of themselves and
not including the decryption key within the virus. Without
the decryption key, a human analyst cannot determine
what that part of the virus would do if it were to be
decrypted and executed. Viruses store their decryption key
on an anonymous text file whose checksum is used to trace
it by virus to decrypt itself.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 31

Proceedings of ICCNS 08 , 27-28 September 2008
C. Packers
Gradually, viruses - malicious programs that can
function only within a victim body and which are unable to
exist as a separate file - are being replaced by Trojans,
which are fully independent malicious programs. This
process began when the Internet was still slow and more
limited than it is today. Hard disks and floppy disks were
small, which meant that the size of a program was very
important. In order to reduce the size of a Trojan, virus
writers began to utilize so-called packers - even back in the
DOS era. Packers are dedicated programs that compress
and archive files.
A side effect of using packers that can actually be useful
from a malware point of view is that packed malicious
programs are more difficult to detect using file methods.
When creating a new modification of an existing malicious
program; the virus writer usually changes several lines of
code, while leaving the heart of the program untouched. In
the compiled file, the bytes for a certain sequence of code
will also be altered and if the antivirus signature does not
include that very sequence, then the malicious program
will still be detected as before. Compressing a program
with a packer solves this problem as changing even just
one byte in the source executable results in an entirely new
byte sequence in the packed file. [5]
D. Root-kits
Malicious programs for the Windows operating
system started using stealth technologies to hide their
presence in the system in the first years of the new
millennium. As mentioned above, this was approximately
10 years after stealth programs appeared as a concept and
was implemented for DOS. In early 2004, Kaspersky Lab
encountered a surprising program that couldn't be seen in
the Windows processes and files list. For many antivirus
experts, this was a new beginning – understanding stealth
technologies for malicious programs for Windows – and it
was the harbinger of a major new trend in the virus writing
industry. [5]
The term “root-kit” stems from UNIX utilities that are
designed to provide a user with unsanctioned root access
within the system without being noticed by the system
administrator. Today, the word root-kit covers dedicated
utilities used to conceal information in the system, as well
as malicious programs with functionality which enables
them to mask their presence. These include the
manifestations of any third-party registered applications: a
string in the list of processes, a file on disk, a registry key
or even network traffic. How do root-kit technologies
which are designed to conceal malicious programs in the
system make it so difficult to detect the malicious
programs using antivirus or other security software It’s
very simple: an antivirus utility is an external agent just
like the user. Generally, if a user can't see something, then
an antivirus program can't see it either. However, some
antivirus solutions implement technologies which sharpen
their vision, enabling them to detect root-kits when users
cannot see them. A root-kit is based on the same principle
as DOS stealth viruses. A large number of root-kits have
mechanisms which modify a chain of system calls
(Execution Path Modification). This kind of root-kit may
act as a hook located at a certain point of a route along
which commands or information are exchanged. It will
modify these commands or information in order to distort
them or control what happens on the recipient's end
without the recipient's knowledge. Theoretically, the
number of points at which a hook can be located is
limitless. In practice, there are currently several different
methods commonly used to hook APIs and kernel system
functions. Examples of this kind of root-kit include the
widely known utilities Vanquish and Hacker Defender and
malicious programs such as
Backdoor.Win32.Haxdoor, Email- Worm.Win32.Mailbot
and certain versions of Email-Worm.Win32.Bagle.Another
common type of root-kit technology is Direct Kernel
Object Modification (DKOM), which can be viewed as an
insider that modifies information or commands directly in
their sources. These root-kits alter system data. A typical
example is the FU utility; the same functions can be found
in Gromozon (Trojan.Win32.Gromp). A newer technology
that officially corresponds to the root-kit classification
conceals files in alternate data streams (ADS) in NTFS file
systems. This technology was first implemented in 2000 in
the malicious program Stream (Virus.Win32.Stream), and
got a second wind in 2006 in the form of Mailbot and
Gromozon. Strictly speaking, exploiting ADS is not so
much a means of tricking the system as of taking
advantage of little-known functions, which is why this
particular technology isn't likely to become very
widespread.
There is another rare technology which only partially falls
into the root-kit category (but it corresponds even less to
the other classes of malware self-defense examined in this
article). This technology uses bodiless files - this means
malicious programs do not have any body whatsoever on
the disk. There are currently two known representatives of
this subgroup: CodeRed, which emerged in 2001 (Net-
Worm.Win32.CodeRed) which exists in this form only
within the context of MS IIS, and a recent proof of concept
Trojan that stores its body in the registry.
The modern root-kit trend aims towards the virtualization
and use of system functions – in other words, penetrating
even more deeply into the system. [5]
III.
Integrated approach framework
We are working on an integrated approach of signature
extraction in which all key features of a malware shall be
included. For this we are using techniques like
disassembly, behavioral monitor etc. to generate stronger
signature.
We divide the whole process in to two main parts
1 static analysis i.e. disassembly process (figure 5)
2 dynamic analysis i.e. behavioral monitoring (fig 6)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 32

Proceedings of ICCNS 08 , 27-28 September 2008
B. Dynamic Analysis
Dynamic analysis is based on the behavioral
monitoring of the malware, as shown in figure 6 lots of
monitoring tools like filemon, regmon and also ids and
firewall is used to generate behavioral data, on the basis of
which we extract some unique features and creates a
profile this profile and static signature get integrated thus
generating stronger signature for detection. Once more this
stronger signature will not be simple bit string but a two
layer framed signature
Figure 5: Static Analysis for generating static signature.
A. Static Analysis
As shown in figure 5 this method starts analyzing
virus with some checks 1) Encryption check 2) Packer
check. If the malware found encrypted then some
cryptanalysis methods will be applied over it thus
decrypting the code and generating the crypto-signature,
which will be a part of the stronger signature so next time
a virus could be opened easily.
If a malware found packed then using some well known
and latest packer techniques it will be unpacked or
decompressed, again a packing-signature will be generated
to be a part of stronger signature. Then we use the
dissembler to convert object code in to assembly code.
After conversion to assembly code it will examine the code
obfuscation methods used and will remove those also this
pattern will be stored. Then code parser will be used to
generate API sequences.
This will be stored in a finite state automaton and also
functional flow of the malware and code will be used to
identify the hidden behaviors of the malware such as
trigger on a special date etc. it will then create a profile for
that virus or malware. The profile and the other signature
stored will be used to create a static signature which will
not be a simple bit string but the framed information yet
concise this will be sent to the next level for final signature
extraction. Static signature S(sig) could be formulated as
S(sig) = F ( Cr(sig) + Pc(sig) + FSA(sig) )
Where Cr(sig) is crypto-signature, Pc(sig) is packing
signature, FSA(sig) is Finite state automaton generated
signature, and F is the signature generation function that
generate the framed and concise signature based on
uniqueness and family structure of malwares.
Figure 6: Dynamic Analysis for generating a profile, profile and
static signature integrating in to a stronger signature.
Dynamic signature D(sig) and stronger signature I(sig) can
be formulated as
D(sig) = F ( B(sig) + Profile) )
Stronger Signature I(sig) = ∫ ( S(sig) + D(sig) )
Where B(sig) is Behavioral signature and ∫ is the integration
function to create two layer framed and concise signature
I(sig).
IV.
Monitoring and Detection
For detection of many complex and new viruses only file
scanning is not suffice we also must have a monitoring
system. Here we have proposed a trust level based
monitoring system.
A. Trust level based monitoring
We have proposed a five level trust system in which
every type of file will be flagged as following five levels:
1. Trusted file: the file which would very well
found to be trusted
2. Vulnerable file: any non associated file or
vulnerable system files that needs to be
monitored. It will be given more priority then
trusted file for monitoring.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 33

Proceedings of ICCNS 08 , 27-28 September 2008
3. Suspected file: any encrypted file whose source
is not known or which is alien to the system will
be taken as regard to suspected file. Some
heuristic methods will be used to identify it.
4. Highly Suspected file: File performing
unauthorized task will be deemed as highly
suspected file. It mainly covers the executable
files and scripts.
5. Malware: if a file found to do malicious task will
be immediately flagged as malware and any
access to this file will be denied. And on users
consent it will be deleted or quarantined.
Priority of monitoring increases from trusted file to
malware, i.e. a trusted file will be less monitored then
malware to reduce the time complexity or we can say that
a harmful or suspected file will be monitored in a top
priority.
B. Detection
The stronger signature extracted from the viruses is a
two level signature so a suspected file will be examined on
the basis of this two, first the dynamic signature will be
checked i.e. the behavior of the file will be observe in a
particular manner to find from the signature, then the static
signature will be used to understand and detect the file.
For dynamic signature file will be examined for some
unique feature of malware to put it in a family, then the
static signature will be used to open it, if it is encrypted or
packed or obfuscated then through this signature we can
easily open it and understand it.
Then if it is found as a malware it will be treated as accord
but if it is still a mysterious file then it will be sent to
signature extraction process. See fig .7
Figure 7: Detection Method
V. Scope and limitations
This approach has a great scope as it can be used to
identify new variants and obfuscated malwares.
I(sig) has two layers thus for a normal detection at run time
D(sig) will be used to identify the suspect and S(sig) will be
used to open and identify the actual threat, this way even
very hard to detect malwares could be examined and
detected. But this approach has a limitation of time
complexity and space complexity for simple and generally
wide spread viruses because they are less or not complex
at nature.
On the other way this approach has very less, time and
space complexity for complex viruses and malwares like
polymorphic and metamorphic viruses i.e. this approach
takes very less time and space to detect complex malwares
in compare to other techniques available.
Also the trust level based monitoring system is used to
monitor every file according to trust level this is an
effective yet less time stealing approach.
VI.
Future work
As mentioned in the limitation of this approach having
more time and space complexity for simple and generally
widespread malwares, thus our future work involves the
reduction of time and space complexity of this approach
for this type of malwares.
VII.
Conclusion
Several methods have been brought forward to fight
against the new age malware techniques like obfuscation,
polymorphism, rootkit etc. we have applied an integrated
approach toward this by generation of stronger signature
using every possible information of malwares acquired
through the static and dynamic analysis together yet
creating and using a concise and framed signature.
Also detection and monitoring method using trust based
system is proposed to reduce the false positive and false
negative rate of detection.
VIII.
References
[1] F. Cohen, “Computer viruses: Theory and experiments”,
Computers and Security, Vol.6, 1987, pp. 22-35.
[2] Chess and S. White, “An Undetectable Computer Virus”,
Virus Bulletin <strong>Conference</strong>, September 2000.
[3] J. Bergeron, M. Debbabi, M. M. Erhioui and B. Ktari,
“Static Analysis of Binary Code to Isolate Malicious
Behaviors”, In Proceedings of the IEEE 4th <strong>International</strong>
Workshops on Enterprise Security (WETICE'99),
Stanford University, California, USA, 1999, IEEE Press.
[4] M. Christodorescu and S. Jha, “Static Analysis of
Executables to Detect Malicious Patterns”, Usenix
Security Symposium, 2003, pp. 169-186.
[5] Alisa Shevchenko, “Traditional antivirus solutions - The
evolution of self-defense technologies in malware”,
http://www.viruslist.com/en/analysis
[6] http://en.wikipedia.org/wiki/Polymorphic_code.
[7] Carey Nachenberg, “Understanding and Managing
Polymorphic Viruses” - The Symantec Enterprise Papers.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 34

Proceedings of ICCNS 08 , 27-28 September 2008
MIDlet Security Security: in Java2 An Micro Edition Overview using MIDlet
By banking, online ticket reservation, stock
Vasanth .G
trading etc, the user is skeptical of the
security of sensitive data as data is being
Assistant Professor, Department of Computer Science, Yellamma Dasappa Institute of
transmitted across wireless networks
Technology, Bangalore – 560062. Email: gvasanth_ss@yahoo.co.in
Pradeep B.S
Assistant Professor, Department of Computer Science, Yellamma Dasappa Institute of
Technology, Bangalore – 560062. Email: pradeepbs78@yahoo.com
Soumya.S
Lecturer, Department of MCA, RV College of Engineering, Bangalore, Karnataka.
Venugopal A.G*
8th semester student of Information Science, Yellamma Dasappa Institute of Technology,
Bangalore – 560062. Email:venuajay@yahoo.co.in
Abstract
This paper discusses the overview of
security aspects of J2ME (Java2 Micro
Edition). J2ME is a platform developed by
Sun Microsystems to be used with
resource constrained devices like mobile
phones, PDA’s, set top boxes, embedded
systems etc. Resources could be in the
form of memory, CPU processing power,
display, battery life etc. The biggest
benefit of using the Java platform for
wireless device development is that you're
able to produce portable code that can run
on multiple platforms. But even with this
advantage, wireless devices offer a vast
range of capabilities in terms of memory,
processing power, battery life, display
size, and network bandwidth. It would be
impossible to port the complete
functionalities of an application running
on a sophisticated set-top box to a cell
phone. Even for similar devices such as
PDA’s and advanced smart phones,
establishing portability between the two
often poses a strain to one device and
underutilization of the other. Real
portability can only be achieved among
groups of similar devices. Recognizing
that one size does not fit all, J2ME has
been carefully designed to strike a balance
between portability and usability.
Mobile phones are now being used for
many critical applications like mobile
hence the need to use additional security
measures like data encryption is needed.
MIDP security is feasible using the
Bouncy Castle cryptography package,
which is an open source effort, based in
Australia and it provides sophisticated,
accessible, industrial strength
cryptography for the MIDP platform.
1. Introduction
THE JAVA 2 MICRO EDITION (J2ME)
is the version of the Java 2 platform that’s
designed for use with smaller, lesspowerful
devices such as mobile phones,
Personal Digital Assistants (PDA’s), TV
set-top boxes (for Web browsing and e-
mail without a whole computer), and
embedded devices. Since these devices
vary quite a bit in their capabilities, the
J2ME platform has two different
configurations, each with its own choice
of profiles. The CLDC is designed for
mobile phones and low-level PDA’s.
More precisely, CLDC is intended for
devices with a 16-bit or 32-bit processor,
at least 160 kilobytes (KB) of nonvolatile
memory, at least 32KB of volatile
memory, and some network connectivity,
possibly wireless and intermittent.
CLDC’s unique profile is the Mobile
Information Device Profile (MIDP). The
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 35

Proceedings of ICCNS 08 , 27-28 September 2008
other configuration associated with J2ME
is the Connected Device Configuration
(CDC), this configuration specifies the
type of Java Virtual Machine (JVM) that’s
used and what will be in the minimal class
libraries (the java.* packages and the
javax.microedition.io package in the case
of CLDC). CDC specifies a complete
JVM, but the JVM of CLDC has some
limitations compared to the standard JVM.
A profile is added on top of the
configuration to define a standard set of
libraries.
2. Threats in the Mobile Environment
Modern mobile phones and handheld
computers are systems that have special
Mobile Operating System like Symbian,
Windows CE, Palm OS, EPOC or Linux.
In these devices, users can have different
applications like native, MIDP, or browser
based HTTP/WAP -applications. These
devices usually have a network connection
through mobile networks like GSM or
GPRS. On top of these carriers MIDP or
native applications can have Internet
protocols like HTTP or wireless WAP
protocol. When considering threats in this
kind of environment, it is apparent that the
environment is full of different threats
from almost every possible category.
Internet and wireless protocol threats,
mobile network threats and physical
threats against devices must be considered.
In addition to these, Java applications have
some unique threats and attacks. Within
the mobile environment, the mobile host
must be protected against malicious
mobile software but also the mobile
software must be protected against a
malicious host [1]. Mobile devices have
limited computing capabilities and this
means that also the security mechanisms
must be designed appropriately. For
example, Java 2 Standard Edition (J2SE)
has many security related mechanisms and
APIs that cannot be used in MIDP
application because of the resource
constraints in devices.
In secure mobile environment, several
security services are needed.
Confidentiality, integrity and availability
are the key services and also the key assets
that are protected [2]. Also other services
like authentication, authorization and audit
are needed [3]. These services are also
valid not just for secure mobile
environment but for all secure
environments whether those are wired,
wireless or just computer systems without
network connectivity.
2.1 Threats in the Internet Environment
Applications in the Internet environment
face many different threats. Threats and
attacks can be classified with many ways;
one is to consider passive and active
attacks. Another way is to consider the
location of the threat (client, server,
network, etc.).
Attacks against confidentiality include
eavesdropping the network traffic,
information theft from the server or from
the client, information gathering about the
network configurations and traffic analysis
that can reveal a great deal of information
even if it is only known about who is
connecting with whom and when. Using
cryptography to protect sensitive
information usually solves these problems.
Attacks against integrity include
modification of the user’s data and the
network traffic, Trojan horse software,
memory modifications etc
2.2 Mobile Network and Physical
Threats
Mobile devices are usually connected to
some mobile network and provide
connectivity through e.g. GSM or GPRS.
Some handheld computers might also have
Wireless LAN (WLAN) connection. All
these network technologies and related
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 36

Proceedings of ICCNS 08 , 27-28 September 2008
protocols introduce security threats for the
mobile applications.
GSM network for example does not
provide important security services like
mutual authentication, end-to-end security,
non-repudiation or user anonymity [1].
There are also a number of problems in
existing GSM protocols and cryptographic
algorithms. Various attacks have been
presented against the A5 cipher in GSM
[4], [5]. An attack which enables the
attacker to charge calls to any GSM user
whose identity (IMSI) is known is
presented in [6] and [7] describes an attack
which enables the cloning of the GSM
SIM cards. Like GSM networks, various
threats and attacks have also been
described against GPRS [8], [9] and
WLAN networks.
One particular threat for users and mobile
operators in mobile networks is related to
unauthorized network connections. Users
are usually charged either based on the
time or the amount of data they are
transferring while they are using data
connections. If malicious software could
use the data connection and generate
network traffic without user’s knowledge,
this would all be charged from the user
although s/he didn’t authorize the use of
the network. Mobile phones and handheld
computers do not have the physical
security that is provided by buildings and
locks for PCs and servers. On the contrary,
these devices are personal and carried
everywhere the user goes. This increases
the risk of theft or lost dramatically
compared with normal computers inside
the corporate premises [10].
2.3 Java Threats
Although security has always been
important part of the Java language, there
are still many threats related to Java
applications. Java applications are truly
mobile code, they can be downloaded
from the network and executed e.g. in
web- browser (Applet), mobile device
(MIDlet) or in digital television (Xlet).
When you download some program from
the Internet, how could you really know
what it contains and where it came from
Although you might download it from the
well- known web site, how do you know
that someone doesn’t have DNS spoofed
your connection to some other site that
just looks like the real one Or that
someone hasn’t modified or hijacked your
TCP/HTTP-connection so that the
application you downloaded is not what
you intended to download.
Java includes the concept of sandbox for
mobile code. An applet or MIDlet can be
executed inside the sandbox where it
doesn’t have access to privileged system
resources. With digital signatures and
signed code it is also possible to verify the
integrity and the signer of the application
and thus trust the code. Java language also
has many other features and mechanisms
like type safety, lack of pointers, a byte
code verifier etc [11].
In spite of the Java language features and
the sandbox concept there have been many
problems and attacks related to Java code,
especially applets. A great number of
problems and related attack applets have
been listed in [11]. The same book
concludes that (at the time of the
publishing) “all implementations of Java
have had some rather serious security
flaws”.
Mobile code like Java applications could
quite easily cause Denial of Service
attacks. Hostile application could steal
CPU cycles, spawn new resource
consuming threads, try to grab as much of
the system memory as possible etc. Also
system devices and drivers like audio and
video devices could be misused. [12],
[13].
From all this, we can conclude that mobile
code like Java applets and MIDlets should
not be fully trusted in spite of the language
features such as the sandbox model and
signed code.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 37

Proceedings of ICCNS 08 , 27-28 September 2008
3. J2ME CLDC Security Architecture
The high-level J2ME CLDC architecture
defines 3 layers on top of the device’s
operating system:
The virtual machine (KVM) [14], the
Configuration (CLDC) which is a minimal
set of class libraries that provide the basic
functionalities for a particular range of
devices, and the Profile (MIDP) which is
an extension of the Configuration that
addresses the specific demands of a device
family. At the implementation level,
MIDP also consists of a set of Application
Program Interfaces (APIs). Applications
developed for the J2ME CLDC platform
(MIDlets) are downloaded to the device in
the form of two files: the Java Archive
(JAR), and the Java Application
Descriptor (JAD). The JAR is an archive
file that contains the JAR manifest, which
is a text file that contains various attributes
like the MIDlet name. It also contains
preverified class files of the MIDlet, plus
any other Supporting files needed by the
application (e.g. graphic files). One JAR
file can contain more than one MIDlet and
the set of MIDlets in a JAR file is called
MIDlet suite. The JAD on the other hand,
is a plain text file that contains several
attributes like the MIDlet name and MIDP
version needed to run the MIDlet. The
JAD is also used to give some information
about the MIDlet, such as the vendor’s
name, a small description, etc. The
software entity on the device that is
responsible for MIDlet management is
called the Application Management
System (AMS), or the Java Application
Manager (JAM).
On J2ME CLDC devices security issues
are classified as:
• Low-level security deals with safety
issues related to the virtual machine. In
general, the role of the low-level security
mechanisms is to ensure that class files
loaded into the virtual machine do not
execute in any way that is not allowed by
the Java virtual machine specification
[14].
• By application-level security, we mean
“Java applications can access only those
libraries, system resources and other
components that the device and the Java
application environment allow it to
access” [15].
• End-to-end security has a larger scope
involving secure networking. The main
objective of end-to-end security is to
ensure safe delivery of data and code
between server machines and client
devices.
Low-level and application security are
addressed in CLDC, while MIDP
addresses application and end-to-end
security.
3.1 CLDC Security
To understand the security model of
CLDC, it is important to notice that the
security of CLDC is affected by the
absence of some general Java features –
that are usually present in Java platforms -
and that have been dropped because of
performance and security issues.
Consequently security in CLDC is
characterized by:
• No Java Native Interface (JNI): Mainly
for security and performance reasons,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 38

Proceedings of ICCNS 08 , 27-28 September 2008
JNI [18] is not implemented in CLDC.
Although, a Kilo Native Interface (KNI)
[19] is provided for J2ME CLDC, KNI
does not have the ability to dynamically
load and call arbitrary native functions
from Java programs (which could cause
significant security problems in the
absence of the full Java 2 security model).
• No user-defined class loaders: Mainly
for security reasons, the class loader in
CLDC is a built-in “bootstrap” class
loader that cannot be overridden, replaced,
or reconfigured. The elimination of userdefined
class loaders is part of the
“Sandbox” security model restrictions.
• No thread groups or daemon threads:
While supporting multithreading, CLDC
has no support for thread groups or
daemon threads.
• No support for reflection: No reflection
features are supported, and therefore there
is no support for remote method
invocation (RMI) or object serialization.
Low level security in CLDC is mainly
based on type safety mechanisms. The
class file verifier is the module in charge
of type safety checking. The class file
verifier ensures that the bytecodes and
other items stored in class files cannot
contain illegal instructions, cannot be
executed in an illegal order, and cannot
contain references to invalid memory
locations or memory areas that are outside
the Java object memory (the object heap)
[15].
In J2ME CLDC and due to the constraints
on device resources, this is done in two
steps:
• Off-device pre-verification
• In-device verification
3.2 Application-level Security
Adopting a sandbox model, by protecting
system classes, and by restricting dynamic
class loading, mainly ensures the CLDC
application security:
• Sandbox Model:
1. Java class files are properly verified and
are valid Java classes.
2. Only a closed predefined set of Java
APIs is available to the application
programmer, as defined by CLDC,
profiles and manufacturer-specific classes.
3. Downloading, installing, and managing
MIDlets on the devices takes place at the
native level inside the virtual machine.
Therefore, the application programmer
cannot modify or bypass the standard class
loading mechanisms of the virtual
machine.
4. The set of functions accessible to the
virtual machine is closed. Thus,
developers cannot download any new
libraries containing native functionality or
access any native functions that are not
part of the Java libraries provided by
CLDC, MIDP, or the manufacturer.
• Protecting System Classes:
In CLDC, the application programmer
cannot override, modify, or add any
classes to the protected system packages,
i.e. packages belonging to configuration,
profile, or manufacturer. Thus, the system
classes are protected from the downloaded
applications. Also, the application
programmer is not able to manipulate the
class file lookup order in anyway.
• Restrictions on dynamic class loading:
One important restriction is made on
dynamically loading class files: A Java
application can load application classes
only from its own Java Archive (JAR) file.
4. MIDP Security
We present the security architecture of
MIDP 1.0 and MIDP 2.0. Although
security models in both MIDP 1.0 and
MIDP 2.0 are limited security models
compared to J2SE/J2EE, MIDP 2.0
provides more security mechanisms than
those provided by MIDP 1.0.MIDP 2.0
exposes to MIDlets more capabilities of
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 39

Proceedings of ICCNS 08 , 27-28 September 2008
the device, and provides the security
mechanism needed to control the use of
these capabilities.
4.1 MIDP 1.0 Security
Application security in MIDP 1.0 is based
on a Java sandbox model which was
explained earlier. It is also important to
note that in MIDP 1.0, MIDlet suites are
allowed to save data in persistent storage
files (called record stores). However,
sharing of record stores between MIDlet
suites is not allowed. With respect to endto-end
security, MIDP 1.0 specification
does not include any cryptographic
functionality. The only network protocol
provided in MIDP 1.0 is the HTTP
protocol.
Threats & Solution in MIDP 1.0 & 2.0
4.2 MIDP 2.0 Security
The difference between MIDP 1.0 security
and MIDP 2.0 security is that, in MIDP
2.0, accessing sensitive resources (APIs
and functions) is not totally prohibited.
Instead, MIDP 2.0 controls access to
protected APIs by granting permissions to
protection domains and binding each
MIDlet on the device to one protection
domain. Thus, a MIDlet will be granted all
permissions provided to the protection
domain that has been bound to it. A
MIDlet is bound to one protection domain
according to a well defined procedure that
allows the AMS to authenticate the origin
of a MIDlet: If one MIDlet can be
authenticated, then it is qualified as
trusted, otherwise, it will be qualified as
untrusted. In addition, MIDP 2.0
introduces the ability to share record stores
between MIDlet suites. The protection of
record stores is discussed later in this
section. Also, an important difference
between the security of MIDP 1.0 and
MIDP 2.0 is that MIDP 2.0 provides endto-end
security by allowing secure
networking using HTTPS protocol.
4.3 Sensitive APIs
In MIDP 2.0, some capabilities of the
device are exposed to MIDlets through a
set of APIs that are identified as sensitive
and therefore should be protected. The
sensitive APIs in MIDP 2.0 are the ones
related to connectivity and the
PushRegistry class.
4.4 Permissions and Protection Domains
Access to sensitive APIs is protected by
permissions. A protection domain defines
a set of permissions, and for each
permission, the protection domain defines
the level of access to the API protected by
the permission. The level of access can be
either Allowed or User. For the Allowed
level, the permission is granted without
involving the user. As for the User level,
access to the protected API requires
explicit authorization from the user. This
authorization can be in one the following
modes [16]:
1. Blanket The permission is valid for
every invocation of the protected API.
2. Session: The permission is valid during
one execution of the MIDlet.
3. Oneshot: The user must be prompted
for each invocation of the protected API.
By default, four protection domains are
provided by MIDP 2.0:
• Minimum: This domain contains no
permissions. Access is denied for all
sensitive APIs.
• Untrusted: Requires that sensitive APIs
can only be accessed through user
permissions.
• Trusted: All permissions are granted.
• Maximum: Same as trusted.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 40

Proceedings of ICCNS 08 , 27-28 September 2008
In [17] which is an addendum to the
MIDP 2.0 specification, protection
domains are categorized into four classes,
namely, Manufacturer, Operator, Trusted
third party, and Untrusted domain.
Protection domains are defined in a policy
file. An example of the policy file is given
in figure 1 which is the policy file
provided with the RI. The procedure for
determining whether a MIDlet suite is
trusted is device specific.
Some devices might trust only MIDlet
suites obtained from certain servers. Other
devices might support only untrusted
MIDlet suites. Others authenticate MIDlet
suites using the Public Key Infrastructure
(PKI), which is the case shown in figure 1.
This authentication includes certificate
path validation, signature checks and
expiration checks for the certificates.
4.5 Signing a MIDlet suite
In order to sign a MIDlet suite, the signer
needs to have a private and public key
pair, and a certificate for his public key. If
this certificate is not a certificate authority
(a certificate that is stored in the device),
there should be another certificate that
vouches that the first one is valid. If this
second certificate is still not a certificate
authority, it requires a third certificate
vouching for it, and so on until a root
certificate is reached.
The procedure of signing the MIDlet
consists of the execution of the following
steps:
• The signer computes a digital fingerprint
of the JAR file by applying a hash
function (SHA-1).
• They then sign the digital fingerprint by
encrypting it with the private Key.
• The signed fingerprint is placed in the
JAD file.
• The certificate of the public key is placed
in the JAD (except if the certificate is the
root certificate, which resides on the
device), as well as the other certificates, if
any.
4.6 Persistent Storage Security
In MIDP 2.0 a MIDlet suite can save data
in a persistent storage area. The storage
unit in J2ME CLDC is the record store.
Each MIDlet suite can have one or more
record stores; these are stored on the
persistent storage of the device. Record
stores are identified by a unique full name,
which is a concatenation of the vendor
name, the MIDlet suite name, and the
record store name. Within the same
MIDlet, two record stores cannot have the
same name. However, if they belong to
two different MIDlet suites, they can have
the same name since their full names will
be unique. The actual structure of the
record store on the device storage consists
of a header and a body. The header
contains information about the record
store while the body consists of a number
of byte arrays called records; these contain
the actual data to be stored. The part of the
Java platform responsible for
manipulating the storage is called the
Record Management System (RMS).
For MIDP 1.0, record stores were not
allowed to be shared among MIDlet suites.
In MIDP 2.0, sharing of record stores is
allowed; the MIDlet suite that created the
record store can choose to make it shared
or not. Moreover, the sharing mode can be
set to read-only or read/write. Sharing
information is stored in the header of each
record store, and the default mode of
sharing is private (no sharing).
4.7 End-to-end Security
MIDP 2.0 specification mandates that
HTTPS be implemented to allow secure
connection with remote sites. HTTPS
implementations must provide server
authentication. The Certificate authorities
present in the device are used to
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 41

Proceedings of ICCNS 08 , 27-28 September 2008
authenticate sites by verifying certificate
chain provided by a server.
Conclusion
There exist already millions of MIDP 1.0
enabled mobile devices. These provide a
promising environment for mobile
personal and business applications. MIDP
1.0 environment is full of different threats
and without any application level
mechanisms, the MIDP 1.0 environment is
not secure enough for applications dealing
with business critical or personal
information. Without any additional
mechanisms, the MIDP 1.0 environment is
suitable for dealing with public Internet
information like news etc. As a solution
for security needs, some security
mechanisms could be built into
applications but this is not easy and not all
of the problems could be solved. The new
MIDP 2.0 specification introduces several
new security concepts and mechanisms.
The new version includes trusted MIDlets
through code signing, protection domains,
related policies and permissions. The
application signing and verification of
applications is based on X.509 PKI.
As we have stated, the new security
features in MIDP 2.0 improve the major
problems in MIDP 1.0. These include
application integrity and authentication of
origin. Also network connection related
problems are partly solved with HTTPS
and SSL. Although many problems have
been addressed in the new version, there
still exist problems. These include mainly
PKI related problems but also the whole
signed application concept does not
necessarily work in practice as well as in
theory. New cryptographic protocols, the
PKI related decisions and user approved
permissions require the user interaction,
which is usually the weakest link in
security.
As mentioned earlier, the new threats in
MIDP 2.0 were only mentioned briefly.
More thorough analysis is left for future
work. The analysis in this paper is also
based on literature; once the MIDP 2.0
devices are available, more practical issues
could be studied. These could include
actual attacks against devices and
applications to find things like
implementation errors, defects and
problems in user interfaces. The future
will also show how the J2ME runtime
environments are updated in mobile
devices once the first defects are found
like any other software, the runtime
environment should also be updated
against known defects. This must be done
securely or otherwise there will be trojan
virtual machines and libraries in users
devices, which maybe the worst possible
situation to think of.
References
[1] S. Jun-Zhao, D. Howie, A. Koivisto,
and J. Sauvola, “A hierarchical framework
model of mobile security,” in Personal,
Indoor and Mobile Radio
Communications, 2001. IEEE, 2001.
[2] D. Gollmann, Computer Security.
USA: John Wiley & Co, 1999.
[3] P. Ashley, H. Hinton, and M.
Vandenwauver, “Wired versus Wireless
Security: The Internet, WAP and iMode
for E-Commerce,” in Proc. Of Computer
Security Applications <strong>Conference</strong> 2001,
USA, 2001.
[4] A. Biryukov, A. Shamir, and D.
Wagner, “Real time cryptanalysis of A5/1
on a PC,” Lecture Notes in Computer
Science, vol. 1978, 2001.
[5] L. Tarkkala, “Attacks against A5,”
2000. [Online]. Available:
http://www.hut.fi/u/ltarkkal/netsec.ps
[6] R. Anderson, “GSM hack - operator
flunks the challenge,” 1997. [Online].
Available:
http://catless.ncl.ac.uk/Risks/19.48.html#s
ubj5
[7] Security Engineering. USA: John
Wiley & Sons, 2001.
[8] C. Candolin and J. Lundberg, “Attacks
on GPRS,” 2001. [Online]. Available:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 42

Proceedings of ICCNS 08 , 27-28 September 2008
http://www.tml.hut.fi/
candolin/studies/hakkeri/
[9] J. Rautpalo, “GPRS security - secure
remote connections over GPRS,” 2000.
[Online].
Available:
http://citeseer.nj.nec.com/rautpalo00gprs.h
tml
[10] A. K. Ghosh and T. M. Swaminatha,
“Software Security and Privacy Risks in
Mobile E-Commerce,” Communications
of the ACM, vol. 44, pp. 51–57, 2 2001.
[11] G. McGraw and E. Felten, Securing
JAVA. USA: John Wiley & Co, 1999.
[12] A. Chander, J. Mitchell, and I. Shin,
“Mobile code security by Java bytecode
instrumentation,” in Proc. of DARPA
Information Survivability <strong>Conference</strong> &
Exposition II 2001. USA: IEEE, 2001.
[13] M. Shoffner and M. Hughes, “Java
and web-executable object security,”
Dr.Dobb’s Journal, 11 1996. [Online].
Available:
http://www.ddj.com/documents/ddj9611d/
[14] T. Lindholm and F. Yellin. The Java
Virtual Machine Specification (Second
Edition). Addison Wesley, April 1999.
[15] J. Van Peursem. JSR 118 Mobile
Information Device Profile 2.0, November
2002.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 43

Proceedings of ICCNS 08 , 27-28 September 2008
Using Neuro-Fuzzy Techniques to Reduce False
Alerts in IDS
Pravesh Gaonjur, N.Z. Tarapore, and S.G. Pukale
Abstract—The problems related to security for network systems
are relative to the design of network architectures, which is
typically based on open standards. Monitoring tools based on
pattern recognition or behavioral analysis is typically used to ensure
network security. SNORT is one such tool which is based on
pattern recognition. SNORT alerts system administrators whenever it
receives packets of information that match predetermined signatures
contained in the SNORT ruleset, thereby protecting network systems.
Unfortunately, due to the nature of this design, SNORT operates at
the packet level and thereby has no concept of the specific properties
of the network it is trying to protect.
This paper provides the analysis of NEFCLASS and JRip which,
upon taking SNORT alerts as input and learning from training,
attempts to reduce false-positive and negative alerts sent to the system
administrator. The major drawback of SNORT is the amount of false
alerts generated by the SNORT engine, which must then be analyzed
and classified by system administrators. This paper demonstrates
that Neuro-Fuzzy Classifiers can be used to lessen this burden and
considerably reduce the workload of having to classify alerts by
human beings.
Keywords—IDS, Security, Networks, False Alerts, Neuro-Fuzzy,
JRip.
I. INTRODUCTION
THe IDS looked at most closely in this paper, SNORT, is a
rules-based network intrusion detection system (NIDS).
Martin Roesch, in his paper entitled “SNORT - Lightweight
Intrusion Detection for Networks,” says “SNORT fills an
important ecological niche in the realm of network security:
a cross-platform, lightweight network intrusion detection tool
that can be deployed to monitor small TCP/IP networks and
detect a wide variety of suspicious network traffic as well as
outright attacks”. The SANS Institute also reported SNORT
as becoming the standard among intrusion detection experts
due to the fact that it is open-source, frequently updated, and
free of charge [17].
A. False Alerts Problem in SNORT
One of the main problems in existing security sensors is
their tendency of producing high rates of false positive logs
and alerts. Often, a false alert is generated when in fact the
event that triggered the alarm can be considered harmless.
This condition is aggravated when the attacker has some
Pravesh Gaonjur is a Research Scholar from Mauritius, he is currently
researching on IDS at the Department of Computer Engineering, Vishwakarma
Institute of Technology, Pune, email: p.gaonjur@gmail.com
N.Z. Tarapore and S.G. Pukale are Assistant Professors at the Department
of Computer Engineering, Vishwakarma Institute of Technology, Pune, email:
noshir.tarapore@vit.edu,shraddhanand.pukale@vit.edu
prior knowledge of the techniques employed by the security
sensor and thus purposely crafts network data to trigger
these false alerts. This will not only allow an attacker to
control the security sensors, but also overwhelm the ability
of the security sensor to function properly due to the large
amount of traffic that matches its rules or other triggering
alert mechanisms, and hence wasting processing resources.
Although an excellent tool, SNORT has three major drawbacks:
• Packet Dropping
• False Positive Alerts
• False Negative Alerts
SNORT may not pick up all packets due to speed issues
with a network. Other factors which can affect SNORT in this
way are the speed of the promiscuous interface and the stack
implementation of the operating system. It is important to
note that SNORT is able to be overrun with packet flooding
which then makes the detection of intrusions more difficult.
False positives occur when SNORT sends alerts when it
shouldn’t, in other words a false alarm. This can happen for
various reasons. Some of these include:
• Placement of SNORT outside of the security perimeter:
In this case SNORT receives DNS scans, web proxy
scans and other various benign informational network that
would cause overload for the system administrator.
• Site Policy allowing activity that causes IDS alarms:
For instance, using the default setting for SNORT which
would increase the data inflow to an unmanageable level.
• Lack of site awareness in the IDS: Not being aware of
services running on hosts, such as IIS (Internet Information
Services) attacks on Apache web servers could lead
to false alarms.
False Negatives occur because of any attack not matching
a signature in the ‘known attack’ database. This can happen
because of poor rule design, encrypted or otherwise cleverly
[2] disguised traffic, or simply because the attack is new and
has never been signature matched.
B. Proposed Solution
The proposed framework is based on Artificial Intelligence
Techniques, which is expected to improve the percentage in
the reduction of False Positive alerts. Also the framework
should be able to cater to the main problem in the Neuro-
Fuzzy Technique, which could not reduce the number of
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 44

Proceedings of ICCNS 08 , 27-28 September 2008
False Negatives significantly enough.
Objectives:
1) The first and foremost contribution is the design and
implementation of an intelligent technique that allows
the system (IDS) to reduce false alerts.
2) Secondly, the system should be fine tuned such that the
number of False Negatives are also reduced.
3) Finally, an empirical comparison of the results obtained
in tests conducted using the previously used technique
and the improved technique is demonstrated.
II. ARTIFICIAL INTELLIGENCE TECHNIQUES
Artificial Intelligence or AI as it is known has been around
for quite some time. It is a field of computer science that
attempts to mimic or copy human-type thinking and action.
Unlike simple processing of information with selection
statements and working memory, artificial intelligence
attempts to replicate thought processes such as reasoning,
intuition, learning from past trial and error, and generalizations
[9].
Although difficult, some success in replication of human
intelligence has been achieved by what are known as expert
systems. Usually these systems reside on very powerful
machines operating at extremely high speeds and the
programs themselves are incredibly complex. Expert systems
are actually in a class of artificial intelligence known as
rule-based systems [9].
The more an intrusion detection system (IDS) knows about
the network it is trying to protect, the better it will be able to
protect the network. This is the fundamental principle behind
target-based intrusion detection, where an IDS knows about
the hosts on the network.
SNORT is the IDS in question and this paper describes
some of its features that users might not be taking advantage
of that would allow the IDS to adapt to networks and detect
anomalies. AI alleviates some of the security professionals’
work load by first learning about a network and gauging
reactions from a security professional to reduce false positives,
and second, by adapting to changes in the network to identify
new attacks.
There are several different soft computing techniques and
algorithms that can be successfully used to detect intrusions.
These techniques include [13]:
• Fuzzy Logic
• Probabilistic Reasoning
• Neural Networks
• Genetic Algorithms
Combinations of these can also be used. For example,
genetic algorithms can be used to build a neural network and
probabilistic reasoning can be built on fuzzy logic. Neural
networks are the most common AI type for an IDS [9]. Our
main focus will be on Fuzzy logic techniques since we are
more concerned with what happens inside the AI logic, a black
box implementation will not be helpful at all for us.
A. NeuroFuzzy Systems
A neuro-fuzzy network can be defined as a fuzzy system
trained with some algorithm derived from the neural network
theory. The integration of neural networks and fuzzy systems
aims at the generation of a more robust, efficient and easily
interpretable system where the advantages of each model are
kept and their possible disadvantages are removed. Some
neural network models such as the MLP [1] have been
successfully applied to the training of neuro-fuzzy networks.
The NEFCLASS model proposed by Nauck and Kruse [3] is
based on a three-layer feedforward neural network [1] and
the FuNN (Fuzzy Neural Network) proposed by Kasabov
is a five-layer feedforward neural network. Both networks
use modified versions of the back-propagation algorithm to
adjust the membership functions (activation functions) and
connection weights of the processing units.
Modern neuro-fuzzy approaches are of this form: A
neural network and a fuzzy system are combined into one
homogeneous architecture. The system may be interpreted
either as a special neural network with fuzzy parameters, or
as a fuzzy system implemented in a parallel distributed form.
Some of these approaches are reinforcement learning types
that are especially suited for control tasks and others are
multi-purpose models, which use supervised learning, and can
be used for data analysis, like the NEFCLASS approach. As
we are only interested here in hybrid neuro-fuzzy systems we
restrict ourselves, in the further descriptions to information
needed as a basis for this approach. NAUCK/KRUSE gives a
definition that shall be used here to specify what a neurofuzzy
system means in this paper:
1) A neuro-fuzzy system is a fuzzy system trained by a
(heuristical) learning algorithm (usually) derived from
neural networks.
2) A neuro-fuzzy system can be represented by a feedforward
neural network architecture. However, this is
not a prerequisite to training, it is merely a convenience
to visualise the structure and the flow of data.
3) A neuro-fuzzy system can always be interpreted in terms
of fuzzy if-then rules.
4) A neuro-fuzzy system’s training procedure takes the
semantics of the underlying fuzzy model into account
to preserve the linguistic interpretability of the model.
5) A neuro-fuzzy systems performs (special cases of) function
approximation. It has nothing to do with fuzzy logic
in the narrow sense. i.e. generalized logical rules.
Figure 1 shows this neural network structure which is often
used to demonstrate the parallel structure and the data flow
through the model, both for learning (backward path) and classification
(forward path). Furthermore it is easier to compare
NEFCLASS to other fuzzy classification approaches if this
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 45

Proceedings of ICCNS 08 , 27-28 September 2008
representation is chosen. But it also should be remembered
again that this is only one possible visualisation. This system
is not a neural network. It is a hybrid neuro-fuzzy system
which is an integrated system.
C. Application to IDS
To reduce the false positive alarms of an IDS, we need an
approach which is able to deal with uncertainty in network
traffic to predict unforeseen and noisy data accurately.
Furthermore, the information provided for alerts through
audit data and logs do not hold sufficient facts on the
characteristics of the connections made on the network.
Fuzzy rule based systems have the ability to explain the fuzzy
patterns of alerts attributes. However, these alerts attributes
used to train the fuzzy rules for IDS is usually high in
dimensionality. For example, alerts generated from DARPA
1999 dataset contains many attributes to be analyzed. Each
attribute has a various number of possible values ranging from
small number of possible value (e.g. the number of protocols)
to the huge number of possible values (e.g. the IP address).
Therefore, it is not an easy task to explicitly determine the
membership functions for the fuzzy rules. For this type of
background knowledge, a Neural Network (NN) approach
is acceptable as a powerful learning method to learn from
scratch. For these reasons, the NN can be a useful learning
approach to refine the fuzzy sets and membership function to
be appropriate with the dataset. Due to the reasons mentioned
above, the neuro-fuzzy hybrid approach was investigated to
reduce false positive alerts.
Fig. 1.
Neural Network Structure.
This paper proposes a solution for the problem of false
negatives, false positives, and network noise through the use
of NeuroFuzzy Classifier. From SNORT documentation, it
has been clearly identified that there is simply not enough
information present inside the SNORT engine to make any
knowledgeable assessment of a true attack. Obviously packet
analysis is necessary to detect attacks, but an additional level
of information and decision processing is required.
B. RIPPER
RIPPER was developed by William Cohen [5] based
on repeated application of Furnkranz and Widmer’s
IREP algorithm followed by two new global optimization
procedures. Like other rule-based learners, RIPPER grows
rules in a greedy fashion guided by an information gain
heuristic. It is comparable in accuracy to similar algorithms
such as C4.5 rules, but is significantly more efficient. This
efficiency combined with RIPPER’s implementation of setvalued
features allows learning in much larger feature spaces
than would be possible with C4.5 rules.
RIPPER has already been applied to a number of standard
problems in classification with quite promising results [5]. It is
important to emphasize that RIPPER is a rule-based machine
learning system that has made its mark in a field dominated
by purely statistical algorithms such as Nave Bayes, Widrow-
Hoff, or K-Nearest Neighbor. The high dimensionality of most
representations of data has in the past lead researchers away
from rule or tree based learning systems. This makes RIPPER
interesting since most conclusions about the effectiveness of
various representations have been drawn in a context that may
not apply to a rule-based learner.
The most logical improvement would be the addition
of an AI technique that will automatically learn from the
history of past attacks. Although SNORT by itself is a
successful, highly rated intrusion detection device, it offered
no systematic attack analysis by itself. To rectify this situation,
a completely separate, parallel knowledge base would work
in tandem with SNORT, which would still function as the
primary attack detector.
Using SNORT detection engine, a NeuroFuzzy Classifier
would work in parallel, which would sift through the SNORT
alerts intelligently such that it can act as a security assistant
for the system administrator.
III. EXPERIMENTAL SETUP
Experimental Setup consisted of the following elements:
1) SNORT IDS
2) DARPA Data Set 1999
3) TcpReplay
4) NeuroFuzzy Classifier
Firstly SNORT [17], a lightweight intrusion detection
system tool that can be deployed on TCP/IP network will
be used to detect attacks and generate alerts. The default
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 46

Proceedings of ICCNS 08 , 27-28 September 2008
configuration of SNORT and rule sets is used intentionally
to show how much to reduce the number of false positive
alarms. In this paper, SNORT version 2.7.0 was used along
with its corresponding rules. Secondly Tcpreplay tool [19]
is configured to resend the TCP dump raw data of the
DARPA 1999 dataset to generate the alerts and log them
into a file. The DARPA 1999 dataset from MIT-Lincoln Lab
is a collection of four types of network traffic data, which
are inside tcpdump and outside tcpdump, audit data (bsm),
and file systems data. The dataset consists of 5 weeks of
traffic. The first three weeks of traffic is attack-free except
for the second week that includes labeled known attacks. The
fourth and fifth weeks are the testing dataset that contains
new attacks [18]. Thirdly, Tcpdump binary files of the
outside traffic of the DARPA 1999 dataset were used for the
experiment. The first three weeks of the dataset are used for
training purpose, while the last two weeks of data are used
for evaluation.
The following diagram depicts the architecture of the proposed
experimental setup.
B. Understanding the Alerts
Understanding of alerts is a very slow and tedious task. If
pre-processing is not done properly, it is nearly an impossible
task to train a network and get acceptable classification percentages.
The alert of the training phase has to be properly
labeled as true or false alert for us to be able to train the
NeuroFuzzy Network accordingly. If there is a mistake in the
training input, all the analysis that will come later will be
biased. Once our training data is complete, we can freeze this
phase and start with training our NeuroFuzzy Network.
1) Alert Correlation: Correlation in Intrusion Detection
concerns finding a relationship between alerts generated by a
single (or multiple) data sources and coupling this information
with additional knowledge.
• Explicit Correlation
Where it is possible to express some connection between
known events. This form of knowledge has to be manually
entered in the system.
• Implicit Corrrelation
Is used when data analysis brings out some mappings
and relations between events. Implicit correlation can be
based on learning techniques and statistics.
2) Aggregation: Aggregation, following correlation, is
the process of grouping events together according to certain
criteria to compute aggregated security level. The goal of
aggregation is to discover high-level incidents.
Both correlation and aggregation has been used to some extent
to Pre-Process SNORT Alerts, the following section gives
more detail.
Fig. 2.
Experimental Setup Architecture.
A. Role of NEFCLASS
NEFCLASS is not an automatic classifier creator where data
is fed in and a solution pops out, but it must be seen as a tool
that supports users in finding readable fuzzy classifiers.
Forward Path: Classification
Backward Path: Learning
Main goal of NEFCLASS
1) Readable Classifier
2) Acceptable Accuracy
Fuzzy Rule-based Systems have the ability to explain the fuzzy
patterns of alert attributes. But its main problem is:
• Alert attributes are high in dimensionality
• Each attribute has various number of possible values
Solution: A Neural Network to learn this type of background
knowledge of alerts. A Neural Network can be used
as a learning approach to refine the fuzzy sets and membership
function to be appropriate with the dataset.
IV. IMPLEMENTATION
The Implementation part consists of taking preprocessed
alerts as input to a classifier, in this case NEFCLASS and
JRip. These classifiers were trained and tested by modifying
the parameters that will ensure a higher classification rate.
A. Parameters of NEFCLASS
The following table shows the possible parameter modifications
that can be made to NEFCLASS to improve training
and classification rate.
TABLE I
NEFCLASS PARAMETER SETTINGS
The Parameter Settings
Training data file Darpa.dat or KDD.dat
Number of fuzzy sets Any valid number
Type of fuzzy sets Triangular/Trapezoidal/Bell-Shaped/List
Aggregation function Maximum/Weighted Sum
Size of the rule base Automatic/Manual
Rule learning procedure Best per Class/Best
Fuzzy set constraints Relative/Overlap/Symmetrical/Intersect
Rule weights
Not used/[0-1]/Arbitrary
Learning rate [0-1]
Validation
No validation/Cross Validation[n]/Single Test[%]
Stop control
Max Epoch/Min Epoch/Optimum/Admissible Error
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 47

Proceedings of ICCNS 08 , 27-28 September 2008
B. Testing
We installed SNORT Version 2.7.0 with its default rulesets
and replayed DARPA raw packets to it to generate SNORT
alerts. These alerts were pre-processed in an appropriate
format to be fed in our Classifier. The parameters were
tweaked such that we get a better classification rate which in
turn means better detection ratio for attacks.
C. Fuzzy Rules Generated
After training the System, an example of fuzzy rules that
will be generated are as follows:-
Original JRip rules:
===========
(0 = 0) and (3 = 3) => Class=0 (3705.0/0.0)
(0 = 1) => Class=0 (2176.0/20.0)
(0 = 0) and (1 = 2) and (1 = 1) => Class=0 (366.0/0.0)
(0 = 2) and (1 = 0) and (6 = 0) => Class=0 (70.0/8.0)
(1 = 2) => Class=0 (240.0/64.0)
(6 = 1) and (0 = 2) => Class=0 (36.0/6.0)
(3 = 3) => Class=0 (9.0/0.0)
(1 = 1) => Class=0 (8.0/1.0)
=> Class=1 (15182.0/8.0)
Number of Rules : 9
Class=0 Normal and Class=1 Attacks
TABLE III
PREPROCESSED KDD DATASET
KDD Dataset: 3 Fuzzy Sets; 100 Epochs; 0.01; Triangular; No Validation
Correct
Misclassified
Training 94.09 5.91
Testing 87.10 12.90
is better than in Table II. The reason behind this is that KDD
Data Set contains 41 features out of which we have used 13
features with highest information gain value.
A. Evaluation of Results
The above result shows that NEFCLASS and JRip can
be used to reduce False alerts in IDS. Using a NEFCLASS
detection rate was 84.63%, JRip was 88% and False alerts
were reduced as follows:
False Alerts Reduction Rate - Jrip Classifier
False Positive 8.48 %
False Negative 3.52 %
Detection Rate 88 %
False Alerts Reduction Rate - NEFCLASS Classifier
The numbers in the bracket stand for coverage / errors in
the training data, which follows the standard convention of
tree/rule induction. eg. (0 = 0) → Class=0 (3705.0/0.0) means
that the rule “(0 = 0) → Class=0” covers instances with total
weights of 3705.0, out of which there are instances with
weights of 0.0 misclassified. Normally weight 1 means one
instance.
These rules are then used to test the system and it can be
observed that if we can increase classification rate, the number
of false alerts are drastically reduced. From the results obtained
through various testing, it is noted that SNORT alerts is almost
always 95% of false positives.
V. RESULTS
The parameters in Table I were used to get different set of
results of training and testing on preprocessed SNORT alerts
as follows:
TABLE II
PREPROCESSED SNORT DATASET
SNORT Dataset: 7 Fuzzy Sets; 1000 Epochs; 0.01; 10 Cross Validation
Correct
Misclassified
Week4 89.03 10.97
Week5 83.93 16.07
Average 84.63 15.37
Table II has been generated using 7 variable Fuzzy sets,
1000 epochs, a learning rate of 0.01 and 10 Cross Validations.
The overall classification ratio is 84.63% and false positive
rate was 0.10% only.
With KDD Dataset as input which is originally a part of
the DARPA Data Set, we can see that the classification rate
False Positive 0.10 %
False Negative 6.67 %
Detection Rate 84.63 %
Misclassification Rate 8.60 %
VI. CONCLUSION
In this paper, we demonstrated that a Neuro-Fuzzy
Approach can be used to solve the problem of false alerts in
IDS. The proposed scheme tries to keep the number of false
alerts generated by an IDS to an acceptable level.
We have chosen NEFCLASS and JRip as classifiers and
DARPA 1999 Data Set and KDD 1999 as our dataset for
training and testing purposes.
VII. DIRECTIONS FOR FUTURE WORK
• More work can be done to improve on the detection rate,
such as using more features. This can be achieved by
parsing low level packets captured by SNORT instead of
using only the alerts.
• AI logic can directly be embedded in SNORT as a plugin.
REFERENCES
[1] Alshammari Riyad, Sonamthiang Sumalee, Teimouri Mohsen, Riordan
Denis, “Using Neuro-Fuzzy Approach to Reduce False Positive Alerts”,
Communication Networks and Services Research, 2007. CNSR ’07. Fifth
Annual <strong>Conference</strong> IEEE Press, pg 345 - 349
[2] Bakar N., Bealton B., and Samsudin A., “False Positives Reduction via
Intrusion Alert Quality Framework”, Joint IEEE Malaysia <strong>International</strong>
<strong>Conference</strong> on Communications and IEEE <strong>International</strong> <strong>Conference</strong> on
Networks, pp. 547-552, November 2005.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 48

Proceedings of ICCNS 08 , 27-28 September 2008
[3] Nauck D., Nauck U., and Kruse R., “NEFCLASS for JAVA New
Learning Algorithms”, Proceedings of Fuzzy Information Processing
Society(NAFIPS) 18th <strong>International</strong> <strong>Conference</strong> of the North American,
pp. 472-476. July 1999.
[4] Nauck D., and Kruse R., “NEFCLASS: A Neuro-Fuzzy Approach for
the Classification of Data”, ACM Symposium on Applied Computing,
Nashville, pp. 461-465, Feb 1995.
[5] William. W. Cohen, “Fast Effective Rule Induction”, Proceedings of the
Twelth <strong>International</strong> <strong>Conference</strong>(ML95), 1995.
[6] Kayacik H. G., Zincir-Heywood A. N., Heywood M. I., “Selecting
Features for Intrusion Detection: A Feature Relevance Analysis on KDD
99 Intrusion Detection Datasets”, Proceedings of the Third Annual
<strong>Conference</strong> on Privacy, Security and Trust, October 2005, St. Andrews,
Canada.
[7] Dorothy Denning, “An Intrusion-Detection Model”, IEEE Transactions
on Software Engineering, no. 2, page 222, February 1987
[8] Biswanath L. Mukherjee, Todd Heberlein, and Karl N. Levitt, “Network
Intrusion Detection”, IEEE Network, vol. 8 no. 3, pp. 26-41, May/June
1994.
[9] Frank, J., “Artificial Intelligence and Intrusion Detection: Current and
Future Directions”, Proceedings of the 17th National Computer Security
<strong>Conference</strong>, October 1994.
[10] Srinivas Mukkamla, Andrew H. Sung, “Identifying Significant Features
for Network Forensic Analysis Using Artificial Intelligent Techniques”,
<strong>International</strong> Journal of Digital Evidence, Winter 2003 Vol I Issue 4
[11] Kasabov, N. “Foundations of Neural Networks, Fuzzy Systems and
Knowledge Engineering.” MIT Press, Cambridge, Massachusetts. 1996.
[12] Prechelt, L., “Proben1-A Set of neural Netwok Benchmark Problems
and Benchmarks Rules.” Universitt Karlssruche, Germany,1994.
[13] Nauck, D., “Design and Implementation of Neuro-Fuzzy Data Analysis
Tool in Java.” Technische Universitt Brauschweig, Brauschweig, 1999.
[14] Mahoney, M. and Chan, P., “An analysis of the 1999 DARPA Lincoln
Laboratory evaluation data for network anomaly detection,” In Recent
Advances in Intrusion Detection (RAID2003)- Lecture Notes in Computer
Science, Vol. 2820, pp. 220-237. Springer-Verlag, 2003.
[15] http://www.cnn.com/2000/TECH/computing/09/06/fear.trinity.idg/
[16] Innella, Paul; Mcmillan Oba. “An Introduction to Intrusion Detection
Systems” 2001 http://www.securityfocus.com/infocus/1520
[17] SNORT, Intrusion Detection System, www.snort.org
[18] DARPA Data Set, 1999, www.ll.mit.edu/IDS/eval/1999/
[19] TcpReplay, Packet Replay Tool, www.tcpReplay.com
[20] JRip (Weka’s implementation of the RIPPER rule learner,
www.auknomi.com/categorical learners.html
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 49

Proceedings of ICCNS 08 , 27-28 September 2008
Security Threats Awareness for Mobile Ad hoc
Networks: Applications and Challenges
Parul Agarwal, and Brijesh Singh Yadav
Abstract— Mobile ad hoc networks (MANETs) consist of a
collection of wireless mobile nodes which dynamically exchange
data among themselves without the reliance on a fixed base station or
a wired backbone network. This gives rise to various network
applications as well as challenges to the design of a MANETs.
Examples of applications for ad hoc network range from military
operations and emergency disaster relief, to community networking
and interaction between attendees at a meeting or students during a
lecture. Interestingly, the attribute that make MANETs attractive as
a network paradigm is the a number of nontrivial challenges to
security design, such as shared wireless medium, stringent resource
constraints, and highly dynamic network topology. In this paper, we
also discuss the issue of security threats for these innovative
networks.
Keywords—MANETs, Network Topology, Routing Protocols,
Security Threats.
A
I. INTRODUCTION
"mobile ad hoc network" (MANET) is self-organizing
and adaptive. This means that a formed network can be
de-formed on-the-fly without the need for any system
administration. In mobile ad hoc networks there is no preexisting
network infrastructure, and the topology in such
networks may be highly dynamic [6]. The principal
advantages of an ad hoc network include independence from
central network administration, self-configuring and selfhealing
nature, scalability, flexibility [27]. Basic structure of
MANET is shown in Fig. 1.
Fig. 1. Path from the user’s node to the destination node
is provided by other user’s devices acting as routers
As an ad hoc wireless network does not rely on any fixed
P. Agarwal is a Lecturer with Computer Science and Information
Technology Department, Moradabad Institute of Technology, Moradabad,
U.P., India (corresponding author to provide e-mail: parul.pec@ gmail.com).
B. S. Yadav, is Assistant Engineer, UPPCL, U. P., India (e-mail:
er.brijesh84@gmail.com).
network entities, the network itself is essentially
infrastructureless [3]. Multi hop, mobility, large network size
combined with device heterogeneity [7], bandwidth and
battery power constrain make the design of adequate routing
protocols a major challenge [7]. In recent years, many routing
protocols have been proposed for MANET [12]. Basically
these protocols can be fit in one of three major categories: ondemand
such as AODV [8] and DSR [9], proactive such as
DSDV [10] and OLSR [11], and hybrid such as ZRP [1].
Ad hoc networks have been receiving much attention
recently due to their immense field of application [13].
MANETs have potential use in a wide variety of disparate
situations. Such situations include moving battlefield
communications to disposable sensors which are dropped
from high altitudes and dispersed on the ground for hazardous
materials detection [5]. Many of the diverse application areas
for ad hoc networks, including emergency relief operations,
military situations, commercial applications, the newly
forming community networks that are considered to be next
generation ad hoc networks and environmental data collection,
exhibit a high degree of temporal and spatial variation [2].
Civilian applications include simple scenarios such as people
at a conference in a hotel where their laptops comprise a
temporary MANET to more complicated scenarios such as
highly mobile vehicles on the highway which form an ad hoc
network in order to provide vehicular traffic management [5].
However, MANETs offer many more possibilities. We
assume that mobile ad hoc services will be introduced in the
future into everyday life, and not just supporting work or daily
activities but also giving pleasure in spare time.
Mobile Ad hoc Network has various challenges. In Mobile
Ad hoc networks, the wireless mobile nodes may dynamically
enter the network as well as leave the network. Nodes may
join the network at any time, get disconnected as they run out
of power, or alter the physical network topology by moving to
a new location. Since ad hoc networks rely on forwarding data
packets sent by other nodes, power consumption becomes a
critical issue [14]. A mobile ad hoc network is built of a
collection of diverse wireless nodes (devises or users).
MANET nodes are typically distinguished by their limited
power, processing, and memory resources as well as high
degree of mobility [7]. The ability of an ad hoc mobile device
to act as a server or client will depend on its computation,
memory, storage and battery life capacity [25]. Characteristics
of some existing mobile devices are shown in Table 1.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 50

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE 1. CHARACTERISTICS OF SOME MOBILE
DEVICES
Device
Type
Palm
Pilot
Active
Badge
Cellular
Phone
Pocket
PC
Laptop
Computer
Form
Factor
3.5*4.7
cm
3.5*3.5
cm
2.5*5.5
cm
13*7.8
cm
12*9
cm
Memory Disk Battery
(MB)
(Walt-hr)
2-8 None 3-5.5
64 bytes None 5V
1Mbit None 10-20
mA
(3.6V)
32-64 16MB 3-5
Flash
ROM
32-128 5-20
GB
37.44-
66.60
Security threats in Mobile Ad hoc Networks is also a one of
the challenging and emerging issues in MANETs [19]. Ad hoc
network can undergo various security attacks. Based on the
normal operation of the network, security attacks in MANETs
can be categorized as active and passive attack [4]. Besides it,
routing attacks are also classified into five categories [16]:
attacks using impersonation, modification, fabrication, replay,
and denial of service (DoS) [17].
The rest of the paper is organized as follows. In Section 2,
we have discussed applications of MANET. In Section 3, we
have presented an overview of the challenges to MANETs.
Section 4 provides various security threats in MANETs.
Finally in Section 4, we have provided the conclusion.
II. APPLICATION OF MANETS
The essential characteristic of an ad hoc network is the
ability of forming spontaneous networks between nodes that
are in range of each other. This is a feature of a number of
military, commercial, and social applications [24]. This
section discusses potential applications to motivate the reasons
for deploying ad hoc networks.
A. Military Application
Military applications require the war fighters and their
mobile platforms to be able to move freely without any
restrictions imposed by wired communication devices. These
applications should thus be self-configuring, independent of
any centralized control stations, and should be infrastructure
independent in nature. These networks need to be robust in
nature, i.e., they should not have a single point of failure. Ad
hoc networks are thus an appropriate solution for such
applications.
B. Community Networks
A community network consists of one or more computers
providing services to people using computers and terminals to
gain access to those services and to each other [15].
Community network terminals can be set up at public places
like libraries, bus stations, schools, Laundromats, community
and senior centers, social service agencies, public markets,
and shopping malls.
C. Emergency services
Anywhere when there is an emergency there is a need to
co-ordinate the rescue personnel. This is commonly solved
using hand held or vehicle mounted radios. However, what
about the infrastructure that may have been damaged and is no
longer in operation. This might not be such a big problem in
small fires or so, but when larger areas are hit by a natural
disaster it can be important to quickly be able to communicate.
As shown in Fig. 2 by using ad hoc networks to set up a
network infrastructure it is simply a matter of placing out a
couple of mobile routers which makes it easy and fast.
Fig. 2. Mobile ad hoc network in emergency services
D. <strong>Conference</strong>s
In many situations the need for connecting and exchanging
information between participants of a conference or some
other meeting is clear. There are usually available networks
for the participants to use but this might imply very large
round trips for the data using for example Mobile IP.
E. Home networking
Given that the use of wireless computers and appliances
keeps on growing in the home environment the need for
helping out administrating this is also expanding. Fig. 3 shows
MANET in home environment.
Fig. 3. Mobile ad hoc network in home environment
F. Personal area networks
Many objects that are tightly coupled to a single person
can take advantage of being connected to each other forming a
personal area network. The network itself is most definitely
mobile since people tend not to stay around for long in one
spot. However, when getting connected to another personal
area network (PAN) the connections between person’s devices
might be wanted.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 51

Proceedings of ICCNS 08 , 27-28 September 2008
G. Embedded systems
As more and more machines everywhere is in need for
communicating different things to the surroundings, a need for
ad hoc networking arises. One can think of objects that can
respond to changes in the environment and together with other
devices perform different scenarios depending on the current
context.
H. Sensors
Using tiny devices that are able to gather different
information such as temperature, concentrations of different
chemicals and gases, vibrations, and so on can be of
importance in accidents and emergency situations.
Constructing these sensors so that when turned on they form
an ad hoc network and report back to a well known data
collecting node they can be of great importance.
III. CHALLENGES TO MANETS
Mobile Ad hoc Network has various challenges. This section
discusses challenges to MANETs.
A. Unpredictability of environment
Ad hoc networks may be deployed in unknown terrains,
hazardous conditions, and even hostile environments where
tampering or the actual destruction of a node may be
imminent. Depending on the environment, node failures may
occur frequently.
B. Unreliability of wireless medium
Communication through the wireless medium is unreliable
and subject to errors. Also, due to varying environmental
conditions such as high levels of electro-magnetic interference
(EMI) or inclement weather, the quality of the wireless link
may be unpredictable.
C. Resource-constrained nodes
Mobile ad-hoc networks need to operate efficiently with
limited resources, including network bandwidth and CPU
processing capacity and battery power (energy) as well as
limited in storage and processing capabilities of each
individual node in the network.
D. Dynamic topology
Mobility of nodes lends to unpredictable network topology
[25]. The topology in an ad hoc network may change
constantly due to the mobility of nodes. As a result of these
issues, MANETs are prone to numerous types of faults
including transmission error, node failures [5], link failures
[5], route breakages and congested nodes or links.
E. Variable capacity wireless links
Wireless links are bandwidth-constrained. Moreover, since
wireless links have lower capacity than hardwired links,
traffic congestion is typical rather than atypical.
F. Power constrained operation
Power conservation is crucial in mobile wireless systems
since these networks typically operate off power-limited
sources, which dictate whether a network is operational or not.
G. Physical security
Mobile networks are more vulnerable to physical security
threats such as eavesdropping and jamming attacks.
Provisions for security must be made, e.g., the application of
Internet Protocol (IP) security techniques.
H. Distributed
The decentralized nature of a MANET requires that any
routing protocol execute in a distributed fashion.
I. On demand operation
Since a uniform traffic distribution can not be assumed
within the network, the routing algorithm must adapt to the
traffic pattern on a demand or need basis, thereby utilizing
power and bandwidth resources more efficiently.
J. Loop-free
Also the problem of loop freedom and scarce bandwidth
available puts even higher demands on the routing algorithm.
To ensure proper message delivery and efficient network
operation, a routing protocol must be loop-free.
K. Entering/Departing nodes
A routing protocol should be able to quickly adapt to
entering or departing nodes in the network, without having to
restructure the entire network.
L. Bidirectional/Unidirectional links
Since the condition of a MANET is dynamic, a routing
protocol should be able to execute on both bidirectional and
unidirectional links.
M. Physical limitation of RF communication
Issues such as interference, limited range, limited data
throughput, device mobility and the sharing of the RF
spectrum amongst devices all need addressing.
N. Need for addressing
Routing protocols are working with unique node
addresses, for example IP numbers. These addresses must,
however, be handed out in some way. Also, the need for
gateways to wired networks needs to be considered in the
addressing schema.
O. Existing Internet protocol usage
The existing Internet protocol suite works very well in
wired networks. Many applications have been developed to
work using these protocols.
To enable these applications to work in ad-hoc networks,
the effectiveness of these Internet protocols in ad-hoc
networks needs to be examined.
P. Service location and access
All the concerns listed prior to this are all addressed with a
view to provide devices with the ability to share data and
services. There are service location and discovery protocols in
existence.
They provide a means of allowing remote discovery,
advertisement and access method determination. Their
suitability for ad-hoc networking needs to be determined.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 52

Proceedings of ICCNS 08 , 27-28 September 2008
Q. Security and privacy
Due to the open nature of wireless communications,
security and privacy is a concern in all wireless networks, not
just ad-hoc. There is an absence of a “trusted third party”,
used in most current wired security mechanisms. When all the
traffic start to flow around between everybody seemingly
uncontrolled the need for security and authentication arises.
R. Updation of routing table
A big challenge is of course to keep the routing tables
needed up to date with a fast changing topology.
S. Power awareness of routing protocols
However, the need to make the routing protocols power
aware and not waste too much power on control messages
instead of actual information traffic is essential.
IV. SECURITY THREATS IN MANETS
Attacks on ad hoc wireless networks can be classified as
active and passive attacks, depending on whether the normal
operation of the network is disrupted or not.
In passive attacks, an intruder snoops the data exchanged
without altering it. The attacker does not actively initiate
malicious actions to cheat other hosts. The goal of the attacker
is to obtain information that is being transmitted, thus
violating the message confidentiality. Since the activity of the
network is not disrupted, these attackers are difficult to detect.
Powerful encryption mechanism can alleviate these attackers
by making difficult to read overheard packets.
In active attacks, an attacker actively participates in
disrupting the normal operation of the network services. A
malicious host can create an active attack by modifying
packets or by introducing false information in the ad hoc
network. It confuses routing procedures and degrades network
performance. Active attacks can be divided into external and
internal attacks:An outsider or external attack can be caused
by entities that do not belong to the network. Such attacks can
be defended by using encryption, firewalls and source
authentication. An insider or internal attack is caused by nodes
or entities that belong to the network itself and have either
been compromised or have joined the network with some
malicious intentions.
Routing attacks are also classified into five categories:
attacks using impersonation, modification, fabrication, replay,
and denial of service (DoS) [17]. In the DoS attack, an
attacker explicitly attempts to prevent legitimate users from
using system services. Fig. 4 shows denial of service attack.
Fig. 4. Denial of service attack
In addition to often being wireless the structure of an ad
hoc network, or lack there of, leads to some special kinds of
attacks. Especially attacks on the connectedness of the
network which means attacks on the routing protocol. In this
section some of these attacks will be addressed.
A. . Routing Loop
By sending forged routing packets an attacker can create a
routing loop. This will result in data packets being sent around
consuming both bandwidth and power for a number of nodes.
The packets will not reach their intended recipient and thus
can be considered a sort of denial-of-service attack.
B. Black Hole
The setup for the black hole attack is similar to the routing
loop attack in which the attacker sends out forged routing
packets. It can setup a route to some destination via itself and
when the actual data packets get there they are simply
dropped, forming a black hole where data enters but never
leaves. Another possibility is for the attacker to forge routes
pointing into an area where the destination node is not located.
Everything will be routed into this area but nothing will leave
also creating a sort of black hole.
C. Grey Hole
A special case of the black hole attack is an Grey Hole
attack. In this attack the adversary selectively drops some
kinds of packets but not other. For example the attacker might
forward routing packets but not data packets.
D. Partitioning
Another kind of attack is for the attacker to create a
network partition in which some nodes are split up to not
being able to communicate with another set of nodes. This
attack can be accomplished in many kinds of ways, Both by
forging routing packets as in the previous attacks but also
using some physical attack such as radio jamming.
E. Misrouting Attack
In the misrouting attack, a non-legitimate node sends data
packet to the wrong destination. This type of attack is carried
out by modifying the final destination address of the data
packet or by forwarding a data packet to the wrong next hop
in the route to the destination.
F. Detour Attack
In this type of attack, the attacker adds a number of virtual
nodes in to a route during the route discovery phase. As a
consequence, the traffic is diverted to other routes that appear
to be shorter and might contain malicious nodes which could
create other attacks. The attacking node can save energy in a
detour attack because it does not have to forward packets to
that destination itself. This attack is specific to source routing
protocols.
G. Blackmail
Some ad hoc routing protocols tries to handle the security
problems by keeping lists of possibly malicious nodes. Each
node has a blacklist of, what it thinks, bad nodes and thereby
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 53

Proceedings of ICCNS 08 , 27-28 September 2008
avoiding using them when setting up routing paths. An
attacker might try to blackmail a good node causing other
good nodes to add this node to their blacklists and so avoid it.
H. Wormhole
In the wormhole attack[18] an attacker uses a pair of nodes
connected in some way. It can be a special private connection
or the packets are tunnelled over the ad hoc network. Every
packet that one of the nodes sees is forwarded to the other
node which in turn broadcast them out. This might create
short circuits for the actual routing in the ad hoc network and
thereby create some routing problems. Also, all the data can
be selectively forwarded or not using this attack thereby
controlling the ad hoc network to a large extent. This kind of
attack together with a partitioning attack can gain almost
complete control over the network traffic.
I. Tunneling Attack
In a tunneling attack, two or more nodes collaborate and
exchange encapsulated messages along existing data routes.
This would falsely make the receiver conclude that the path
containing the attackers is the shortest path available.
J. Resource Consumption Attack
In this attack, a malicious node deliberately tries to
consume the resources (e.g. battery power, bandwidth, etc.) of
other nodes in the network.
The attack can be in the form of unnecessary route
requests, route discovery, control messages, or by sending
stale information.
K. Routing Table Poisoning
In this attack, a malicious node sends false routing updates,
resulting in sub-optimal routing, network congestion, or
network partition.
L. Rushing Attack
Many reactive routing protocols keep a sequence number
for duplication suppression at every node. An attacker can
distribute a large number of route requests with increasing
sequence numbers forged to appear to be from other nodes.
This way when the actual route request is sent out many nodes
suppress it as a duplicate and thereby disrupt the actual route
discovery.
M. Sybil Attack
In the Sybil attack [15], an attacker pretends to have
multiple identities. A malicious node can behaves as if it were
a larger number of nodes either by impersonating other nodes
or simply by claiming false identities.
Sybil attacks are classified into three categories:
direct/indirect communication, fabricated/stolen identity, and
simultaneity.
N. Resource Consumption
By injecting extra data packets into the ad hoc network
limited resources such as bandwidth and maybe battery power
are consumed for no reason. Also, the other nodes might
forward control information as it comes in resulting in even
more resource consumption.
O. Man-in-the-Middle Attack
In this attack, a malicious node reads and possibly
modifies the messages between two parties. The attacker can
impersonate the receiver with respect to the sender, and the
sender with respect to the receiver, without having either of
them realize that they have been attacked.
P. Misbehaving nodes
Nodes can be misbehaving because of some hardware or
software problem and be unable to perform its tasks properly.
According to their behaviour., misbehaving nodes can be
categorized as overloaded node, selfish node, malicious node,
broken node [23]. The situation is especially serious if the
misbehaving nodes form a risk of partitioning the network.
Q. Stealth Attacks
Stealth attack can be of two principal types. In a first type
of attack [22], the adversary wishes to disconnect the network,
whether this means a general partition of the network or the
isolation of particular nodes. A related attack does not aim to
partition the network, but to merely degrade the goodput of a
network, whether globally or locally. In a second type of
stealth attack [22], the adversary modifies routing information
in order to hi-jack traffic from and to selected victim nodes.
R. Link Level Security
In wireless environment the links are susceptible to attacks
where eavesdropper can intercept data packets. Physical
barriers such as walls\rooms\&c. provide no barrier to
wireless radio packets [24].
S. Routing\Network layer Security
The routing within ad hoc networks is more vulnerable to
attack as each device itself acts as a router. An attacker can
pose as a member node and incorrectly route packets to
achieve an attack. Denial of service attacks are particularly
easy doing this.
T. Key Management
General network security implementation of keys involves
a trusted authority [24]. Given the lack of infrastructure in adhoc,
it is generally not possible to have a fixed trusted
authority. An alternative to this is required.
U. Eavesdropping
This attack is used to gain knowledge of the transmitted
data. This is a passive attack which is easily performed in
many networking environments. However this attack can be
prevented by using an encryption scheme to protect the
transmitted data [24].
V. CONCLUSION
Mobile ad hoc networking, as a typical example of selforganized
networks, is an emerging and promising
communication paradigm. Not only the variety of devices but
also the diversity of services is continuously increasing. Such
services must be provisioned in a flexible and distributed way
without central infrastructure. Mobile ad hoc networking
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 54

Proceedings of ICCNS 08 , 27-28 September 2008
brings challenges to the network applications. In the midst of
challenging environment of this network, it is required to
provide services to network applications with the
consideration of the issues of security threats also. While the
different applications and the great number of mobile devices
make ad hoc networking interesting, the lack of central
infrastructure, the high level of device heterogeneity, the
degree of mobility and the resource constraints of devices
make it hard to provide ad hoc services. In addition to this our
discussion is also leaded to some special kinds of attacks
especially on the routing protocol.
REFERENCES
[1] Changling Liu and Jörg Kaiser, “A Survey of Mobile Ad Hoc
network Routing Protocols”, Tech.Report Series, Nr. 2003-08,
University of Magdeburg, 2005
[2] Chansu Yu, Ben Lee and Hee Yong Youn, “Energy Efficient
Routing Protocols for Mobile Ad Hoc Networks”, EFFRD Grant No.
0210-0630-10, Cleveland State University
[3] Elizabeth M. Royer and Chai-Keong Toh, “A Review of Current
Routing Protocols for Ad Hoc Mobile Wireless Networks”, IEEE
Personal Communications , April 1999
[4] Qifeng Lu, “Advanced Computer Networks”, Advanced
Computer, August 2006
[5] Stephen Mueller, Rose P. Tsang and Dipak Ghosal, “Multipath
Routing in Mobile Ad Hoc Networks: Issues and Challenges”, Sandia
National Laboratories, Livermore, CA, USA
[6] R. Praveen Sam , Dr. B. Stephen Charles and Dr. P. Chandrasekhar
Reddy, “Denial of Service Attack Through Compromised Nodes in
Mobile Ad-Hoc Networks”, Academic Open Internet Journal ISSN
1311-4360, Vol 21, 2007
[7] Thomas Plagemann, Vera Goebel, Carsten Griwodz, and Pål
Halvorsen, “Towards Middleware Services for Mobile Ad-hoc
Network Applications”, IEEE Workshop on Future Trends of
Distributed Computing Systems, 2003
[8] C. E. Perkins, E. M. Royer, and S. R. Das, “Ad Hoc On-Demand
Distance Vector (AODV) Routing”, IETF Mobile Ad Hoc Networks
Working Group, IETF RFC 3561
[9] D. B. Johnson, D. A. Maltz, and Y-C Hu., “The Dynamic Source
Routing Protocol for Mobile Ad Hoc Networks (DSR)”, IETF
Mobile Ad Hoc Networks Working Group, Internet Draft, February
2003
[10] C. E. Perkins and P. Bhagwat, “Highly Dynamic Destination-
Sequenced Distance-Vector Routing (DSDV) for Mobile Computers”
ACM Special Interest Group on Data Communications (SIGCOMM),
August 1994, pages 234-244
[11] T. Clausen, Ed. and P. Jacquet, “Optimized Link State Routing
Protocol (OLSR)”, Network Working Group, Request for Comments:
3626
[12] Liang Qin and Thomas Kunz, “Survey on Mobile Ad Hoc
Network Routing Protocols and Cross-Layer Design”, Technical
Report SCE-04-14, August 2004
[13] Perkins and C. E., “Ad Hoc Networking”, Addison Wesley,
2001
[14] K. Mase, M. Sengoku, and S. Shinoda, “A Perspective on Next
Generation Ad hoc Networks: A Proposal for Open Community
Network”, IEICE Trans, Fundamentals, January 2001
[15] J. Newsome, E. Shi, D. Song, and A. Perrig, “The Sybil Attack
in Sensor Networks: Analysis & Defenses”, Information Processing
in Sensor Networks, 2004
[16] W. Stallings, Cryptography and Network Security: Principles
and Practices, 3rd edition, Prentice Hall, 2003.
[17] C. S. R. Murthy and B. S. Manoj, Ad Hoc Wireless Networks:
Architectures and Protocols, Prentice Hall PTR, 2004.
[18] Y. -C. Hu, A. Perrig, and D. B. Johnson, “Packet Leashes: A
Defense against Wormhole Attacks in Wireless Networks”, Infocom
2003.
[19] Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, and Lixia Zhang,
“Security In Mobile Ad Hoc Networks:
Challenges And Solutions” IEEE Wireless Communications,
February 2004
[20] Hu, Y.-C., Perrig, A., and Johnson, D. B., “Ariadne: A Secure
On Demand Routing Protocol For Ad Hoc Networks”, Mobile
Computing and Networking, September 2002
[21] Steenstrup M., “Cluster-Based Networks”, In Perkins, 2001, ch.
4, pp. 75–138
[22] Markus Jakobsson, Susanne Wetzel and B¨ulent Yener, “Stealth
Attacks on Ad-Hoc Wireless Networks”
[23] Kai Inkinen, “New Secure Routing in Ad Hoc Networks: Study
and Evaluation of Proposed Schemes”
[24] David Blount, “A Study of Mobile Ad-Hoc Network
Architectures and Technologies”, National University of Ireland,
Cork, April 2004
[25] Madhavi W. Subbarao, “Performance of Routing Protocols for
Mobile Ad-Hoc Networks Wireless Communication Technologies
Group”, National Institute of Standards and Technology
[26] C. K. Toh, Ad hoc Mobile Wireless Networks: Protocols and
Systems, Prentice Hall PTR, New Jersey,2002
[27] Gary Breed, “Wireless Ad Hoc Networks: Basic Concepts”,
High Frequency Electronics, 2007
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 55

Protection of Sensitive Data in Wireless
Devices
Nikhil Agrawal 1 , Shubhank Jain 2 , Sheetal Takale 3 Proceedings of ICCNS 08 , 27-28 September 2008
Abstract Wireless devices like laptops are prone to theft and
loss due to their small size and the characteristics of their
common usage environment, because laptops allow users to
work while they are away from their desk. Unfortunately, this
is also where the information in these devices is, most at risk.
Existing schemes for securing data either do not protect
information in the device after it is stolen or require
bothersome re-authentication. We provide a secure scheme
which protects the sensitive data of the user in these devices.
We solve the problem existing systems with Transient
Authentication, in which a small hardware token (Mobile
Phone) continuously authenticates the user’s presence over a
short-range, wireless link. When the user departs, the token
and device lose contact and the device secures itself. We show
how to leverage this authentication framework to secure
sensitive and confidential data on laptop. We implemented
this system and the results were outstanding.
Keywords— Authentication, Bluetooth.
1. INTRODUCTION
Powerful and affordable laptops have brought users
to an unprecedented level of convenience and flexibility.
Laptops let users work anywhere, anytime. Unfortunately,
physical security is a major problem for these devices. Since
they are designed for mobile use, they are often exposed in
public places such as airports, coffee houses, and taxis, where
they are vulnerable to theft or loss. Along with the value of
lost hardware, users are worried about the exposure of
sensitive information. People store vast amounts of personal
and confidential data on their laptops and the loss of a device
may lead to the exposure of bank credentials, passwords,
client data, and military secrets.
In presently available schemes the sensitive data in laptops
can be protected by using various encryption methods, but the
challenge in securing the sensitive and confidential data is not
encrypting it but authenticating the current user. The device
must obtain the correct evidence of the user’s identity and
authority before granting access to data. This evidence could
be in the form of a password, a smart card inserted into a
reader, or biometric data from a fingerprint or iris scanner.
1 Nikhil Agrawal (nikhil.a.agrawal@gmail.com),
2 Shubhank Jain (shubhank86@gmail.com),
3 Sheetal Takale (sheetal.takale@gmail.com),
Department of Information Technology Engineering,
V.P.C.O.E, Baramati 413 133, University of Pune, Pune
But, how often must an authentication should take
place by the user Current systems require users to reauthenticate
each time the device performed any operation on
sensitive data. This would quickly render the system unusable
and many users would disable the authentication system out of
annoyance. Another mechanism would require the user to
“unlock” the device once at boot. This would enhance the
users experience but leave data vulnerable if the device were
lost or stolen. These two models highlight an inherent tension
between security and usability.
Transient Authentication resolves this tension. Users
can have a small token (Mobile Phone) with modest
computational resources. It constantly authenticates the device
on behalf of the user. The limited short wireless range serves
as a proximity cue, letting a device take steps to protect its
data when the user leaves the physical area. We assume that
since users have the token which is been frequently used by
her, it is far less likely to be misplaced or stolen.
2. TRANSIENT AUTHENTICATION
2.1 PRINCIPLES:
Transient Authentication is standing on the following
four principles:
A] Access Capabilities to Authorized Users.
The computer system should carry out the critical
operations only when the authorized user is present. Thus, all
encryption keys must reside solely on the token, which is in
her possession at all times and hence it is far less likely to be
stolen or misplaced. The keys must be flushed from the cache
of computer system in absence of the user.
B] No Burdensome involvement of User.
Users tend to immediately disable inconvenient and
cumbersome security mechanisms. But, anecdotal evidence
proves that users conveniently accept infrequent insertion of
authentication codes. Transient Authentication requires user
participation that is convenient. Users will also quickly disable
the system with poor performance, thus to ensure complete
adoption, the additional overhead of key authentication,
communication, and data encryption must not be excessive.
C] In Users Absence/presence system should secure/restore
respectively.
When the user departs, the device must quickly secure
itself so as to avoid the attack, to physically extract any
information, by an unauthorized user.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 56

Proceedings of ICCNS 08 , 27-28 September 2008
Conversely, when a user walks back to use the device, the
token should regain wireless contact while she is still some
meters away. This gives the system several seconds to restore
the device’s state thereby avoiding the attackers attempt to
extract sensitive data.
D] Always Ensure Authorized User’s Consent.
The device must not attempt to perform any critical
action without the authorized user’s consent. Transient
Authentication must ensure that only the respective token is
capable to carry out the authentication process with the
corresponding devices only with her knowledge. To limit the
consequences of mobile phone loss, users must authenticate
themselves to their token daily.
Armed with these authentication principles, laptop
protects data when the user departs by encrypting it.
Cryptographic file systems secure data in persistent storage,
but the unique characteristics of laptops make protecting data
in other memory locations critical as well. Batteries and
wireless network links allow devices to continue running
while traveling and in public places. This is precisely where
they are most vulnerable to loss or theft. Some processes can
safely continue while the user is absent, either because they do
not handle sensitive data or because they secure their secrets
themselves.
1. Initializing the Bluetooth stack which involves
setting the device name, security settings and/or
turning the Bluetooth radio on/off.
2. Searching the respective mobile phone that is in
proximity.
3. Opening, closing and initiating connections.
4. Perform security Input and Output messages.
These above mentioned steps are carried out by
Bluetooth control centre, which typically is a set of control
panels that serves as the central authority for local Bluetooth
device settings. Before creating the connection the application
retrieves local device information, which is used for creating
the respective connection. The Bluetooth connection is
established using the logical link control and adaptation layer
(L2CAP) of the Bluetooth protocol stack. L2CAP does a
simple Ns lookup and gets the address of the mobile phone
(server) and tries to establish a logical connection with the
L2CAP of the server (mobile phone) through the host
controller interface (HCI) layer below. After creating the
connection the application performs the security I/O
messages. This is explained in Fig 1.2.
3 CONNECTION ESTABLISHMENT
3.1 Communication Module:
The communication module consists of a token
(mobile phone) and computer system (laptop) which is
implemented using User Datagram Packets. Each datagram
packet in data field is simply the text inputted. The module
establishes a typical single slave Bluetooth Piconet scenario; it
opens up a Bluetooth port in both laptop and mobile phone for
receiving communications as shown in Fig. 1.1. Once Laptop
system receives the packet, it attempts to decrypt that packet
using the key currently received from mobile phone and
thereby allows the user to access the sensitive data in its
original form.
Fig. 1.2 Connection Establishment at Laptop Side
(Client Side)
3.3 Connection Establishment At Mobile Phone Side:
The mobile phone acts as server in the Piconet, it performs
the following steps:
1. creates a server connection using the L2CAP
2. Waits for accepting connection and then opens up the
connection with the client (laptop)
3. Performs security application I/O messages.
Before creating the connection the application gets,
the information about local device and discovers it in the
proximity. Meanwhile the client (laptop) establishes the
connection to it. When mobile phone receives a L2CAP
connection request, it immediately accepts and opens up the
connection, then starts performing security I/O messages and
accordingly manages the connection.
Fig. 1.1: Communication module
3.2 Connection Establishment At Laptop Side:
The laptop acts as client in the Piconets, the communication
is achieved in following sequential manner:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 57

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 1.3 Connection Establishment at mobile phone side
(Server Side)
4. AUTHENTICATION SYSTEM
4.1 Initial authentication process:
In initial authentication process the system performs
an operation based on challenge-response messages between
the laptop (client) and mobile phone (server) in order to
authenticate each other based on immutable Universal Unique
Identification system. This system uses UUID which
represents a 128-bit value.
4.2 User authentication process:
As mentioned earlier User authenticates his/her
mobile phone infrequently as well as persistently, when the
mobile phone requests user for authentication then positive
results of this authentication will be valid for a day , if failed
to do so user cannot access his/her data for further use.
The laptop system periodically sends nonce to
mobile phone which ensures the laptop system whether the
authorized user is present or absent in the proximity. If the
user is present then the sensitive data will be accessible. But if
the user is absent then the system will secure itself
immediately. But what if the short wireless link between the
two devices drops the packet In that case laptop will secure
itself if the response is not received in expected round trip
time. Since this is a single, uncontested network hop, this time
is relatively stable. Then the Laptop system retries sending a
request, if the response is achieved then data will be
accessible otherwise it remains in secured state. The overall
process is illustrated in Fig 1.5.
Fig. 1.5 Connection and Disconnection: Laptop checking for
mobile phone presence.
4.5 Encryption and Decryption process:
In our system which we have implemented, we have
used the Data Encryption Standard for the process of
Encryption and Decryption. The reason for using this method
is that since we have implemented our model using Java
Technology, where the encryption and decryption function by
default uses DES for encrypting and decrypting the data and
also it is fast enough to run efficiently with limited memory
resources and processing time. The process of encryption and
decryption is explained below:-
Fig 1.4: User Authentication: User has to re-authenticate once
in 24 hours to access the data as per persistent authentication.
4.3 Authentication and Encryption-decryption key creation:
Authentication key is used to authenticate the user to
the laptop once in 24 hours. Once the authentication process is
complete then the user is requested to select the encryptiondecryption
(E-D) key to be used for those 24 hours, here the
user need not perform a burdensome job of remembering the
E-D key. If the process is completed successfully then the
encryption-decryption process commences to perform the
operation of encrypting the data in absence of the user and
decrypting the data in presence of the user, using the same E-
D key.
Fig. 1.6 Encryption and Decryption process: Mobile Phone
sends the E-D key to for decrypting the data and Laptop uses
this E-D key to decrypt the encrypted sensitive data.
5. Overall Authentication Process:
The over all processes of authentication system illustrated in
Fig. 3.
4.4 Disconnection and reconnection:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 58

Proceedings of ICCNS 08 , 27-28 September 2008
[CONNECTION NOT AVAILABLE]
[CONNECTION AVAILABLE]
[NOT ENCRYPTED]
ENCRYPT FILES
[FILES ENCRYPTED]
LOCK FILES
UNLOCK FILES
DECRYPT FILES
[CONNECTION ESTABLISHED]
Fig. 1.7 Authentication System: The steps followed in overall
Authentication Process.
5. DATA FORTRESS IMPLEMENTATION
As we have mentioned earlier in that we have
implemented the transient system using mobile phone and
laptop. The Data fortress system uses mobile phone as token
and Laptop as wireless device containing sensitive
information. The languages used were J2SE and J2ME. The
implementation algorithms developed by us are given below:
5.1 Algorithms
The vital Algorithms developed by us for implementing the
Data Fortress applications are as follows:
Activity diagrams describe the workflow behavior of a
system. Activity diagrams show the flow of activities through
the system
SEND CONNECTION
REQUEST
SEND NOUNCE
Fig 1.9 Processes at Laptop side.
[NO REQUEST]
LISTEN CONNECTION
REQUEST
ACCEPT CONNECTION
[CONNECTION BREAKS]
[CONNECTION REQUEST]
ACCEPT PASSW ORD, KEY AND TOKEN NAME
[KEY PRESENT]
CHECK PASSWORD
[KEY NOT PRESENT]
[PASSW O RD INVALID]
SEND KEY
ACCEPT KEY
[PASSW ORD VALIDATE]
CHANGE KEY
SEND CONNECTION REQUEST TO TOKEN
[CONNECTION BREAKS]
[CONNECTION AVAILABLE]
[CONNECTION NOT ESTABLISHED]
SEND NOUNCES
SEND KEY
[CONNECTIO N ESTABLISHED]
Fig 1.8 Process of Communication Establishment.
Fig 1.10 Process at Mobile phone.
The vital Algorithms developed by us for implementing the
Data Fortress applications are as follows:
5.1.1 Algorithm for Connection
Establishment between Laptop and Mobile phone
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 59

Proceedings of ICCNS 08 , 27-28 September 2008
BluetoothServiceDiscovery class is used to establish
connection.
1. Creating the object of DiscoveryAgent.
2. A StartInquiry method of DiscoveryAgent object is
called for searching the device in the proximity.
3. After completion of the Search for devices, a lock is
applied until the user selects the respective device for
the purpose of binding. Lock is applied for halting
the processes.
4. An application service is searched on the selected
device from step (C) using a SearchService method.
5. After application service is searched on the token
device then L2CAP connection is established using
Connector.open(connectionURL)
where
connectionURL is a string.
6. After connection is established Nounces are
send/receive to validate the
7. presence of the token in the proximity.
Protection, encryptfile and decryptfile classes are used to
provide the protection to the sensitive files. For encryption
and decryption Data Encryption Standard Algorithm was
used.
For encrypting the file,
1. Create the object of Encryptor class and the file.
2. Store the file in the FileInputStream, which reads the
input file in bytes.
3. The E-D key and data is passed to the encrypt() of
the Encryptor class.
4. Obtain the encrypted file by using the
FileOutputStream.
For decrypting the file,
1. Create the object of Encryptor class and the file.
2. Store the encrypted file in the FileInputStream,
which reads the input file in bytes.
3. The E-D key and encrypted data is passed to the
decrypt() of the Encryptor class.
Obtain the decrypted file by using the FileOutputStream.
5.1.2 Algorithm for monitoring and maintaining the
connection
LaptopThread class is used for checking the status of
connection and accordingly performing encryption and
decryption.
1. The lock is applied. This lock helps in keeping the
track of the connection.
2. This lock is notified when
disconnection/reconnection occurs.
3. The status of the connection is checked and
respective action is taken, that is,
If disconnection occurs
1. Encrypt the sensitive data
2. Stop the accessibility of the access rights of these
files
If Reconnection occurs
1. Allow the access rights to be accessible
2. Decrypt the data
3. Go to step A.
5.1.3 Algorithm for Locking the Access Rights of sensitive
files
Locker class was developed to block the access rights for the
purpose of unauthorized access. To achieve this we developed
two functions.
Lock() function is called when disconnection occurs.
1. Store the path of the files.
2. File channel uses pointer to access the Read-Write
rights of the files.
3. Lock is applied.
Unlock() function is called when reconnection occurs.
1. Release the lock applied in Lock().
2. Close the file channel to allow the user to access the
file.
5.1.4 Algorithm for protecting the sensitive files
CONCLUSION
Now-a-days, information in wireless devices is
indispensable for the users of the respective devices. This
information may be present in laptops, desktop computers etc.
which is vulnerable to theft. We provide a secure system
which protects the sensitive data of the user in these devices.
In our system, we are using cell phone as a token
which will authenticate the system and the client machine,
which can be a laptop or a desktop computer. These two
systems are connected to each other via a Bluetooth.
Once, the devices are authenticated and connected then our
application will ask the user to declare the sensitive files and
folders on laptop or desktop machine.
When the user along with his cell phone is in the
range of the laptop or desktop computer, the sensitive data
will be available for access and as soon as the user is outside
the range then the data will be inaccessible to others.
Hence, our application provides security to the
sensitive data in the laptop or desktop machine. The advantage
of our application is that the user doesn’t have to authenticate
him/her time and again to the system, as authenticity is taken
care by our application. We have developed the pioneer
version of Data Fortress application we strictly feel that this
application has various areas in which it can further be
extended. We the developers conclude that our security makes
system more efficient and also assures high level of reliability
to the users of Data Fortress.
REFERENCES
[1] A. Adams and M.A. Sasse, “Users Are Not the Enemy:
Why Users Compromise Security Mechanisms and How to
Take Remedial Measures,” Comm. ACM, vol. 42, no. 12, pp.
40-46, Dec. 1999.
[2] R. Anderson, “Why Cryptosystems Fail,” Comm. ACM,
vol. 37, no. 11, pp. 32-40, Nov. 1994.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 60

Proceedings of ICCNS 08 , 27-28 September 2008
[3] M. Blaze, “Key Management in an Encrypting File
System,” Proc. Summer 1994 USENIX Conf., pp. 27-35, June
1994.
[4] M. Burrows, M. Abadi, and R. Needham, “A Logic of
Authentication,” ACM Trans. Computer Systems, vol. 8, no.
1, pp. 18-36, Feb. 1990.
[5] Anthony J. Nicholson, Mark D. Corner , Brian D. Noble ,”
Mobile Security Using Transient Authentication “ IEEE
Transaction on Mobile Computing, VOL. 5, NO. 11,
NOVEMBER 2006
[6] B. Schneier, Applied Cryptography. John Wiley and Sons,
1996
[7] M. Corner and B. Noble, “Zero-Interaction
Authentication,” Proc. Eighth Int’l Conf. Mobile Computing
and Networking (ACM MobiCom’02), Sept. 2002.
[8] C. Landwehr, “Protecting Unattended Computers without
Software,” Proc. 13th Ann. Computer Security and
Applications Conf. (ACSAC), pp. 274-283, 1997.
[9] Kahate, A., 2003. Cryptography and Network Security, 1st
Edn., Tata McGraw-Hill Company, India.
[10] Chang, J.K.W., 2003. An interaction of Bluetooth
technology for zero interaction authentication. Honours
Project, School of Computer Science, Carleton University.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 61

Proceedings of ICCNS 08 , 27-28 September 2008
Securing AODV for MANETs using Message
Digest with Secret Key
Sunil J. Soni and Prashant B. Swadas
Abstract- Due to lack of the infrastructure, open peer-to-peer
architecture, shared wireless medium, limited resource constraints
and highly dynamic topology, MANETs (Mobile Ad-hoc
Networks) are frequently established in insecure environments,
which make them more vulnerable to attacks. These attacks are
initiated by sharing malicious nodes against different services of
network. The binding force in these networks is routing protocol,
which is a common target of malicious nodes. MANETs routing
protocols are being developed without having security in mind.
Ad-hoc On-Demand Distance Vector (AODV) is one such widely
used routing protocol that is at present undergo extensive research
and development. AODV is based on distance vector routing, but
here the updates are shared not on a periodic basis but on an as
per demand basis. The control packets contain a hop-count and
sequence number field which recognizes the freshness of routing.
These fields are editable, so it creates a possible susceptibility that
is frequently abused by malicious nodes to advertise false better
routes. As well as, transmission of routing updates in form of
clear text also reveals crucial information about the network
topology, which is again a probable security danger. In this paper
we are presenting a novel and practical security mechanism for
securing the AODV routing protocol that protects against a
number of attacks carried out in MANETs. We will present
message digest with secret key mechanism to secure AODV
messages which is very effective and less power consuming
security solution for MANETs.
Keywords— Malicious, Mechanism, Message Digest, Routing
Protocol, Secret Key, Security
I. INTRODUCTION
ANET is a collection of independent mobile users
Mthat communicate over relatively bandwidth and
power constrained wireless links [1]. MANET has
capability to establish networks at anytime, anywhere.
These networks are built, work and maintained by its own
because each node performs dual role of host and router.
By and large, these nodes have a limited transmission range
and so each node search for the support of its neighboring
nodes in forwarding packets.
Sunil J. Soni is pursuing M.E. (Computer Engineering) from Sardar
University, ISTAR, Vallabh Vidhyanagar, Gujarat, INDIA. (phone:
+91 9898751570; e-mail: sj_soni2003@ yahoo.co.in).
Prashant B. Swadas, working with BVM, Vallabh Vidhyanagar. Gujarat.
He is now with the Department of Computer/IT, (e-mail:
prashantswadas@gmail.com).
In order to establish routes between two nodes which are
away from each other than a single hop, special routing
protocols are already designed. This unique feature is
responsible to route the message in spite of dynamic
topology of network [2]. These networks don’t depend on
extraneous hardware which makes them an ideal candidate
for military services and operations. For example battle
field ad hoc network, in such a network we would surely be
first concerned with the efficient and in time delivery of the
message but with this, we will have to be more concerned
about the strong privacy or secrecy of the information also.
These kinds of scenarios, where we want to transmit private
and secure information very rapidly, motivate us to make
use of message digest with secret key in security context. In
this paper we consider advantage of message digest with
secret key to hide the information of all the fields of
message by using different message digest functions.
II. PREVIOUS WORK
To protect MANET against various possible attacks a
routing protocol must fulfill a set of requirements [3] to
confirm that the determined path from source to destination
works correctly in the presence of malicious nodes. These
requirements are:
1) Authorized nodes should perform route
computation and discovery,
2) Minimal exposure of network topology,
3) Detection of spoofed routing messages,
4) Detection of fabricated routing messages,
5) Detection of altered routing messages,
6) Avoiding formation of routing loops, and
7) Present redirection of routes from shortest paths.
Many secure routing protocols have been recently
developed that conform to most of the requirements. Some
of them are as under:
1. SAODV (Secure Ad-hoc On-Demand Distance Vector)
SAODV [8] is an extension of AODV routing protocol.
It provides authentication, message integrity and nonrepudiation
in ad-hoc networks by using one-way hash
chain and digital signature. It needs the use of Key
Management Scheme. The main disadvantage with the
protocol is the use of Public Key Cryptography that
requires considerable amount of processing power and
slows down the process to some extent.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 62

Proceedings of ICCNS 08 , 27-28 September 2008
2. ARAN (Authenticated Routing for Ad-hoc Networks)
ARAN [3] provides authentication, message integrity
and non-repudiation in ad-hoc networks by using a
preliminary certification process which is followed by a
route instantiation process that ensures end-to-end security
services. But it needs the use of trusted certification server.
The main disadvantage with the protocol is every node that
forwards a route discovery or a route reply message must
also sign it, which is very power consuming and causes the
size of the routing messages to increase at each hop.
III. AODV ROUTING PROTOCOL
AODV [2] is a distance vector routing protocol that has
been naturally build for MANETs. It is an on demand
protocol and reactive in nature as it searching the routes
only when required. AODV makes widespread use of
sequence numbers in control packets to avoid the problem
of generation of routing loops. When a source node is
interested to communicate with a destination node whose
route is unknown, it broadcasts a RREQ (Route Request)
packet. Each RREQ packet contains a Request ID, source
and the destination node IP addresses and sequence
numbers along with a hop count and flags. The Request ID
field uniquely identifies the RREQ packet; the sequence
numbers gives information regarding the freshness of
control packets and the hop-count maintains the number of
nodes between the source and the destination. Recipient
node of the RREQ packet that has not find the Source IP
and ID pair or doesn’t maintain a fresher (larger sequence
number) route to the destination rebroadcasts the same
packet after incrementing the hop-count. Such intermediate
nodes also create and preserve a REVERSE ROUTE to the
source node for a certain time.
When the RREQ packet arrived at the destination node
or any intermediate node that has a fresher route to the
destination a RREP (Route Reply) packet is generated and
sent back to the source. RREP packet contains the
destination node sequence number, the source and the
destination IP addresses, route lifetime along with a hop
count and flags. Intermediate node that receives the RREP
packet, increments the hop count, establishes a Forward
Route to the source of the packet and transmits the packet
on the Reverse Route. When a link failure is detected for a
next hop of an active route a RERR (Route Error) message
is sent to its active neighbors that were using that particular
route.
The key vulnerabilities [2] present in the basic AODV
routing protocol are:
1) Deceptive incrementing of Sequence Numbers
2) Deceptive decrementing of Hop Count
Value
0 Reserved
1 MD5
2 SHA1
3-127 Reserved
Hash Function
128-255 Implementation Dependent
Table 1: Possible values for Hash_Function field
IV. SECURING AODV USING MESSAGE DIGEST AND
SECRET KEY MECHANISM
There is a Message Digest with Secret Key mechanism
used to secure AODV message. This mechanism calculates
message digest using appropriate hash function for all the
fields (mutable as well as non-mutable) of an AODV
message in addition with secret key. And then message
digest and hash function value will be transmitted along
with the AODV message.
The Message Digest with Secret Key mechanism
algorithm is as follows:
Every time a node originates a RREQ, a RREP or a
RERR message, it performs the following operations:
• It chooses suitable value of hash function h that is to
be used to make message digest, from all available
possible values shown in Table 1.
• Sets Hash_Function field by value of chosen h.
Hash_Function = h
Where, h is the value of hash function.
• Get the value of Secret Key, and add it to values of
all the fields of message.
• Calculates Message_Digest by passing the values of
all the fields with added secret key to hash function
h.
Message_Digest = h (values of all the fields with
added secret key)
Where, h is a hash function.
h(x) is the result of applying the function h to x.
In addition, every time a node receives a RREQ, a
RREP or a RERR message, it performs the following
operations in order to verify the valid message:
• Get the value of Secret Key, and add it to values of
all the fields of received message.
• Applies the hash function h to the values of all the
fields of received an AODV message with added
secure key except Hash_Function and
Message_Digest fields, and verifies that the
calculated message digest is equal to the value
contained in the Message_Digest field of received an
AODV message.
Message_Digest = = h (values of all the fields with
added secure key except Hash_Function and
Message_Digest fields)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 63

Proceedings of ICCNS 08 , 27-28 September 2008
Where, a = = b reads: to verify that a and b are equal.
• Before rebroadcasting a RREQ or forwarding a
RREP or a RERR, a node will perform the
following:
It once again chooses suitable value of hash
function h (may be different of earlier value of
h) that is to be used to make message digest.
Sets Hash_Function field by value of chosen h.
Hash_Function = h
Get the value of Secret Key, and add it to values
of all the fields of message.
Calculates Message_Digest by passing the
values of all the fields to hash function h.
Message_Digest = h (values of all the fields with
added secret key)
V. EXTEDED MESSAGE FORMATS
As shown in Fig. 1, Fig. 2 and Fig. 3, the extended fields
namely Hash Function and Message Digest (shown in gray
color) are added in AODV messages [13], in order to make
them secure according to our proposed mechanism.
VI. MESSAGE DIGEST WITH SECRET KEY MECHANISM
In our proposed secure mechanism, we assumed that
there exists a central key management system, which
distributes secret key to all legitimate nodes in advance
before they participate in system called a team key or a
group key or anything else. How key management system
handles, distribute and share the secret key among
legitimate nodes is out of scope for this paper.
The node which wants to send AODV message, first
selects appropriate hash function and then gets secret key
and adds secret key to the message data and then applies
hash function on message data with added secret key to
create message digest, after creating message digest it will
send message digest and hash function value along with
AODV message to the next node.
The node which receives AODV message first obtains
hash function from received hash function value and then
Figure 1: Secure AODV RREQ Message Format
Figure 2: Secure AODV RREP Message Format
Figure 3: Secure AODV RERR Message Format
Figure 4: Message digest with secret key mechanism
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 64

Proceedings of ICCNS 08 , 27-28 September 2008
gets secret key and adds secret key to the message data of
received message and then applies that hash function on message
data of received message with added secret key and creates
message digest. After creating message digest it will compare
created message digest with received message digest, if both
message digests are equal it will accept that valid message and
process it, but if they are not equal it will not accepting that
invalid message and simply drops it.
The detail secure Message digest with secret key
mechanism works as shown in Figure 4.
VII. SECURITY ANALYSIS
Here we discuss how the presented message digest with
secret key security mechanism defies possible attacks in
MANET and satisfies the seven requirements of any secure
routing protocol:
1) Authorized nodes should perform route computation
and discovery
All authorized nodes are having unique system
wide secret key and different secure hash function by
using which they are generating message digest for
route computation and discovery while unauthorized
nodes does not have secret key and any knowledge
about hash functions and so that they cannot participate
in network.
2) Minimal exposure of network topology
Mechanism allows passive eavesdropping by any
adversary regarding network topology, but main punch
of mechanism is it will not let any malicious node to
misuse that eavesdropped information, because
adversary cannot alter or fabricate routing message, as
they do not have secret key.
3) Detection of spoofed routing messages
Spoofing of information does not give any benefit
to the adversary until it has secret key and different
hash functions available to use that spoofed
information.
4) Detection of fabricated routing messages
Malicious nodes cannot inject fabricated routing
messages into the network as they have not secret key,
required to generate messages.
5) Detection of altered routing messages
All routing message data produces single and
unique message digest so that it is not possible by any
malicious node to alter it without secret key, and if
malicious node alters it then legitimate node can easily
find out that alteration when it compares message
digest.
6) Avoiding formation of routing loops
This mechanism confirms that routing loops
cannot be formed through any malicious action. Since
routing loops mainly occurs if a malicious node is able
to spoof, alter or fabricate legitimate routing packets
[2].
7) Present redirection of routes from shortest paths
Generally, shortest paths are created by
decrementing the number of addresses in the routing
protocol. The mechanism is designed in such a manner
that routing packets are only accepted from
authenticated immediate neighbors. This ensures that
an adversary cannot inject such routing packets unless
an authorized node first authenticates it [2].
Following are the attacks that can be launched against the
AODV routing protocol [12]:
1) Message tampering attack
This mechanism confirms that if malicious node
tampers message in between the route, it can be easily
detected by destination node.
2) Message dropping attack
This mechanism confirms that if malicious node
drops invalid messages to the destination or to the
intermediated node, it can be easily detected.
VIII. SIMULATION AND RESULTS
We have successfully implemented message digest
mechanism to secure AODV routing protocol using NS-
2.28 [9, 10] on Fedora core 4 Linux version and concluded
that it is very secure mechanism which fulfills all security
requirements without consuming much power of nodes and
gives almost same performance as AODV gives without
using mechanism.
The main aim of simulation is to prove proposed
mechanism is properly securing AODV with all security
aspects. For simulation, we have considered 3 different
mobile nodes, namely node 0, node 1 and node 2. The TCP
traffic connection is established between node 0 to node 1.
Total simulation time is 150 sec. All network components
of mobile node are considered their default values. (E.g.
Link Layer, Interface Queue, Mac Layer etc.) Agent,
Router and Movement traces are kept ON and Mac trace is
kept OFF for all three mobile nodes.
Following tables are showing the result of our
simulation that proves proposed mechanism is securing
AODV.
Routing Protocol: AODV
Case: With or without malicious node
Node
Packets
Generated Sent Forwarded Received
Node 0 3934 3931 0 7837
Node 1 3923 3920 0 7848
Node 2 6 6 7827 7845
Table 2: AODV with or without malicious node/s
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 65

Proceedings of ICCNS 08 , 27-28 September 2008
Routing Protocol: AODV with proposed mechanism
Case: Without malicious node
Node
Packets
Generated Sent Forwarded Received
Node 0 3934 3931 0 7837
Node 1 3923 3920 0 7848
Node 2 6 6 7827 7845
Table 3: AODV with proposed mechanism and without
malicious node/s
Routing Protocol: AODV
Case: With or without malicious node
Node
Packets
Generated Sent Forwarded Received
Node 0 3067 3048 0 6069
Node 1 3020 3017 0 6037
Node 2 2 2 5692 5694
Table 7: AODV with or without malicious node/s
Routing Protocol: AODV with proposed mechanism
Case: With malicious node 0
Node
Packets
Generated Sent Forwarded Received
Node 0 12 12 0 5
Node 1 0 0 0 6
Node 2 0 0 0 9
Table 4: AODV with proposed mechanism and with
malicious node 0
Routing Protocol: AODV with proposed mechanism
Case: Without malicious node
Node
Packets
Generated Sent Forwarded Received
Node 0 3067 3048 0 6069
Node 1 3020 3017 0 6037
Node 2 2 2 5692 5694
Table 8: AODV with proposed mechanism and without
malicious node/s
Routing Protocol: AODV with proposed mechanism
Case: With malicious node 1
Node
Packets
Generated Sent Forwarded Received
Node 0 12 12 0 18
Node 1 8 8 0 14
Node 2 9 9 0 13
Table 5: AODV with proposed mechanism and with
malicious node 1
Routing Protocol: AODV with proposed mechanism
Case: With malicious node 2
Node
Packets
Generated Sent Forwarded Received
Node 0 5540 5535 0 11046
Node 1 5518 5502 0 11047
Node 2 15 15 0 17
Table 6: AODV with proposed mechanism and with
malicious node 2
Next we will consider the power consumption of nodes
and showing the result of our simulation. We considered
energy model for all three nodes with initial energy 10
joules and 0.1 W energy consumed when node receives
AODV message and 0.2 W energy consumed when node
transmits AODV message.
Routing Protocol: AODV with proposed mechanism
Case: With malicious node 0
Node
Packets
Generated Sent Forwarded Received
Node 0 12 12 0 5
Node 1 0 0 0 6
Node 2 0 0 0 9
Table 9: AODV with proposed mechanism and with
malicious node 0
Routing Protocol: AODV with proposed mechanism
Case: With malicious node 1
Node
Packets
Generated Sent Forwarded Received
Node 0 12 12 0 18
Node 1 8 8 0 14
Node 2 9 9 0 13
Table 10: AODV with proposed mechanism and with
malicious node 1
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 66

Proceedings of ICCNS 08 , 27-28 September 2008
Routing Protocol: AODV with proposed mechanism
Case: With malicious node 2
Node
Packets
Generated Sent Forwarded Received
Node 0 4652 4652 0 9278
Node 1 4634 4626 0 9268
Node 2 4 4 0 5
Table 11: AODV with proposed mechanism and with
malicious node 2
Table 2 and Table 7 shows that simple AODV routing
protocol cannot detect any malicious node/s and generate,
send, forward and receive same amount of packets in both
the cases of present and absent of malicious node/s.
Table 3 and Table 8 shows that AODV routing
protocol with proposed mechanism and without any
malicious nodes in system will generate, send, forward and
receive same amount of packets as AODV will generate,
send, forward and receive.
Table 4 and Table 9, shows AODV routing protocol
with proposed mechanism and with malicious node 0 that
can easily detect malicious node. Here node 2 recognizes
that node 0 is malicious and will not forward any of the
message sent by node 0 to node 1.
Table 5 and Table 10, shows AODV routing protocol
with proposed mechanism and with malicious node 1 that
can easily detect malicious node. Here node 2 recognizes
that node 1 is malicious and will not forward any of the
message sent by node 0 to node 1.
Table 6 and Table 11, shows AODV routing protocol
with proposed mechanism and with malicious node 2 that
can easily detect malicious node. Here node 0 is
recognizing that node 2 is malicious and sends all the
messages directly to node 1 by passing node2.
Table 7 and Table 8 shows that proposed mechanism
generate same amount of messages, it means that
mechanism does not consume more power even if it is
secure.
Above results easily illustrates that proposed
mechanism is very efficient, secure and can easily find
malicious node/s within system, and provide good security
overall without loosing extra energy in spite of security.
IX. CONCLUSION
In this paper we have presented a message digest with
secret key mechanism for securing the AODV routing
protocol used in MANET. Research in the field of networks
has shown that Public Key Cryptography and its related
algorithms are very slower and power consuming than the
Symmetric Key Cryptography. Our proposed mechanism
uses symmetric key cryptography and generates very less
overhead of calculations and saves power consumption of
nodes significantly which is most important and attractive
feature. This mechanism does not use any kind of
encryption or decryption techniques so that the performance
of secure routing protocol is remain almost same. The entire
security strength of this mechanism is relies on how
frequently key management scheme is changing the secret
key of all nodes. For ensuring greater security, we can have
the concept of “One Time Pads” or “Key of the Day” etc.
Moreover, the military networks which perform very
sensitive operations where we have to spread private
information very securely, we are mainly concern about
privacy or secrecy along with efficient and in time delivery
of the message. Such a kind scenarios motivate us to use
message digest with secret key which is very secure as well
as efficient.
X. FUTURE WORK
The same kind of mechanism we would like to design
for other routing protocols of MANET like DSR, DSDV,
TORA etc. We would also like to enhance proposed secure
mechanism by adding concept of “set of secret key”, in
which each node will maintain couple of secret keys instead
of single unique key, in order to make mechanism very
strongly secure.
ACKNOWLEDGMENT
The authors would like to thank Prof. R.D. Vanzara
(Asst. Professor, UVPCE, Kherva, Guj - India) for his
comments and constructive feedbacks on our work.
REFERENCES
[1] Junaid Arshad, Mohammad Ajmal Azad, “Performance Evaluation of
Secure on-Demand Routing Protocols for Mobile Ad-hoc Networks”,
(2006) IEEE, pp. 971-975.
[2] Asad Amir Pirzada, Chris McDonald, “Secure Routing with the AODV
Protocol”, (2005) Asia Pacific <strong>Conference</strong> on Communication, Perth,
IEEE, p.p. 57-61.
[3] B. Dahill, B.N. Levine, E. Royer and C. Shields, “A secure routing
protocol for ad hoc networks”, Proceedings of the international
conference on Network Protocols (ICNP), p.p. 78-87, 2002.
[4] Tuulia Kullberg, “Performance of the Ad hoc On demand Distance
Vector Routing Protocol”, HUT T-110.551 Seminar on
Internetworking.
[5] Manel Zapata, N. Asokan, “Securing Ad hoc Routing Protocols”
(2002), WiSe-02, September 28,2002, Atlanta, Georgia. (ACM)
[6] H Yang, H.Y. Lue, F Ye, S.W. Lu and L Zhang, “Securing in mobile as
hoc networks: challenges and solutions” (2004) IEEE wireless
communications 11(1), pp. 38-47.
[7] Jean-Pierre, Levente Buttyan, Srdan Capkun, “The Quest for security in
mobile ad hoc networks”. (2001) ACM.
[8] Manel Zapata, Secure Ad hoc On-Demand Distance Vector (SAODV)
Routing, INTERNET DRAFT (September 2006) draft-guerrero-manetsaodv-06.txt
[9] Ns homepage - http://www.isi.edu/nsnam/ns/
[10] Ns manual - http://www.isi.edu/nsnam/ns/
[11] Konrad Wrona, “Distributed Security: Ad Hoc Networks &
Beyond”, PAMPAS Workshop, RHUL, September 16-17, 2002.
[12] Lin, Rad, Wong, Song, “Experimental Comparisons between
SAODV and AODV Routing Protocols”, WMuNeP, October 13, 2005.
(ACM)
[13] Perkins, Belding-Royer and Das, “Ad hoc on-demand distance vector
(aodv) routing”, IETF RFC 3591, 2003.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 67

Proceedings of ICCNS 08 , 27-28 September 2008
A Survey on Security issues in Mobile
ADHOC networks
Pallavi Khatri Sarita Bhadoria Mamta Narwariya
pallavi_magic@yahoo.com saritamits61@yahoo.co.in mamta_2481@hotmail.com
Abstract - Ad-hoc networks are infrastuctureless, selforganizing
networks. They don’t have fixed
infrastructure. Topology in ad-hoc networks is dynamic
as nodes join and leave the network “on the fly”
whenever there is a need either to transmit data or when
transmission gets over. These networks do not have a
central authority for the management of the network.
Here hosts rely on each other to keep the network
connected. As the topology of the ad-hoc network is
dynamic and every transmission is on the air these
networks become vulnerable to number of attacks and
security becomes a major issue. In this survey paper we
study the different threats to ad-hoc networks. We try to
provide a brief introduction to the types of attacks and
possible counter measures to prevent the attacks.
Keyword -: Attacks, Routing, Counter measures
I. INTRODUCTION
AD-HOC networks are a new paradigm of wireless
communication for mobile hosts or nodes. Node
mobility in an ad-hoc network leads to frequent change
of network topology so there is no fixed infrastructure
or base stations. Each node communicates directly via
wireless links that are within each other’s radio range.
The military tactical and other security- sensitive
operations are main applications although it becomes
attractive option for commercial uses like sensor
networks or virtual classrooms. The major issue for
both type of communication networks either wired or
wireless is Security. Ad-hoc network pose both
challenges & opportunities in achieving security goals,
such as confidentiality, authentication, integrity,
availability, access control and non-repudiation.
Routing path of the packets over the network is
dynamically set for transmission. As the nodes move or
adjust their transmission & reception parameters, the
network topology may change with time. MANET
poses many features like dynamic topologies, resource
constraints, limited physical security & no
infrastructure. The main challenge is to secure its
communication. Replication of and new cryptographic
schemes such as threshold cryptography are used to
build highly secure and
highly available Key management services. Routing
protocols for adhoc network are still under active
research.
Paper is organized in following way.
Section 2 classifies the attacks and vulnerabilities of
various mechanisms. Section 3 describes various types
of attacks and their countermeasures and section 4
concludes and gives the future work to be done.
II. CLASSIFICATION OF ATTACKS
Author [1] tells about different security mechanisms,
which are related to the kind of the network, which is
considered for security.
Author discusses the attacks on ad-hoc networks, which
can be broadly classified as:
1. Attacks on the basic mechanisms of ad-hoc network
such as Routing and these attacks can be prevented
using cryptographic algorithms.
2. Attack on security mechanisms and key management
mechanisms.
2.1 Vulnerabilities of basic mechanisms:
1. Risk of being captured & compromised: -
terminals are after stolen or tampered with by
rogue users.As communication is performed over
the air ad-hoc networks become vulnerable to
attacks ranging from eavesdropping to active
interference.
2. Algorithms are assumed to be cooperative i.e. in
the MAC nodes are expected to cooperate.
3. Routing mechanism in ad-hoc networks are more
vulnerable than in conventional networks
because here each device acts as a relay.
4. Neighbor discovery attack using blue tooth
device as explained in [3]
2.2 Vulnerabilities of the security mechanisms:
As stated in [1] in any network the fundamental
security mechanism requires that the users make use of
appropriate cryptographic keys.
Attacks against security mechanism are as follows:
1. Public keys can be maliciously replaced.
2. Some keys can be compromised
3. If there is a trusted server it can fall under the
control of a malicious party
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 68

Proceedings of ICCNS 08 , 27-28 September 2008
III. TYPES OF ATTACKS AND THEIR
COUNTERMEASURES:
Following sections discuss about the different
types of attacks on the basic mechanisms of an adhoc
network, their classification and their
countermeasures.
3.1 Tamper resistance and countermeasure
Risk of being captured & compromised: In such
attacks terminals are after stolen or tampered with
by rogue users.
Solution is to implement the device in tamper
resistant hardware is discussed in [1]. Eg.
Embedding the cryptographic information in a
smart card, which could be plugged & removed
when desired into & from the node itself. SIM card
works on this principle. The advantage of such
cards is that user can change devices while keeping
his data private.
But then implementing smart cards is still not safe
as Smart cards does not have direct input/output
capabilities, does not have it’s own clock, it
becomes vulnerable to attack mounted from a
compromised device in which they are plugged in.
3.2 Routing Based attacks and countermeasures
Routing mechanisms as discussed in [1,chap 30]
are more vulnerable in ad-hoc network than in
conventional network because in ad-hoc networks
each device acts as a relay. Attacks against secure
routing are of two types
3.2.1 Internal attack
Author in [14,15] says that internal attacks are
severe attacks as the malicious node belongs to the
network as an authorized party and is protected by
the security mechanisms offered by the network or
its services. Thus they protect their attack using the
security mechanisms of the network.
Some internal attacks:
a. Some malicious nodes agree to forward
packets but fail to do so and solution to this can be
some entity can be assigned the job of identifying
the misbehaving nodes (watch dog) and in charge
of defining the best route circumventing these
nodes (path rater).
b. Routing information can be outdated and the
Routing protocol of ad-hoc networks may have to
cope with outdated routing information to
accommodate the dynamic changing topology.
False routing information generated by
compromised nodes may be considered as outdated
information. Solution to this problem can be
that as long as number of correct nodes remains
high the routing protocol should be able to find
route that circumvent compromised nodes and as it
can find multiple routes nodes can switch to an
alternative route when the primary route appears to
have failed.
c. An attacker can try to modify the contents of
the routing table and may lead to wrong packet
delivery. To avoid such attack it’s better to avoid
routing table and forward the packets on
geographic information. This requires that ach
node is aware of its own geographic position and
can share it with others.
3.2.2 External attack
External attacks are well discussed in [8] are
typical active attacks and are targeted to cause
congestion, propagate incorrect routing
information, prevent services from working
properly or shut the down completely. These
attacks can be prevented by using security
mechanisms such as firewalls, encryption etc.
External attacks are further divided in to active and
passive attacks
3.2.2.1 Active attacks
Performed by adversaries for replicating,
modifying and deletion of exchanged data. They
try to change the behavior of the protocol. These
attacks from attackers are meant to degrade or
prevent message flow between the nodes. Such
attacks collectively can be called as DOS attacks
that either degrade or completely halt the
communication between the nodes. Another type of
attack involves insertion of extraneous packets in
the network to cause congestion. Outdated routing
information can be replayed back to the nodes in
the network passing them outdated routing
information. Active attacks can be detected
sometimes and this reason makes active attack less
used by an attacker.
Some types of active attacks are [8]:
1. Black hole attack: - where a malicious node
uses the routing protocol to advertise itself
as having the shortest path to the node
whose packets it wants to intercept
2. Routing table overflow: An attacker tries to
modify the routing table by attempting to
create routes to nonexistent nodes.
3. Sleep deprivation attack: -attacker
continuously talks to a node till its battery
exhausts and it become disable.
4. Location disclosure: -This type of attack can
try to reveal about the location s of the
nodes.
3.2.2.2 Passive attacks
As discussed in [8] this type of attack involves
unauthorized listening of the routing packets.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 69

Proceedings of ICCNS 08 , 27-28 September 2008
Attacker may eavesdrop on all the routing updates.
In this case an attacker does not disrupt the
operation of a routing protocol rather it only listens
to it to discover the valuable information about the
routing. Such attacks are difficult to be detected.
From the routing packets as attacker may
understand abut a node which is important in the
network and route to that node is requested by
every other node I the network very often. So an
attacker tries to disable this node to bring the
network down. Includes Covert channels, Traffic
analysis, Shifting to compromised keys.
3.3 Neighbor discovery attack:
Attack against Blue tooth in a blue tooth
framework is well explained in [3]. Weakness in
protocols can be exploited to perform malicious
neighbor discovery.
An attacker in this case forces a victim node to
unveil private data such as its identity. Many
solutions that rely on the home network operators
are proposed but problem has hot been solved yet.
In [3] author well explains how a blue tooth
framework victim is observed by a set of attackers
in the network. Solution to this is that if the identity
of a device changes for each session it becomes
difficult for an attacker to trace the location of the
victim. Definitely it increases the complexity of
addressing schemes.
3.4 DOS Attacks
These attacks are well discovered in [1 and 8].
they constitutes of flooding any centralized
resource so that it does not operate correctly and
finally crashes. But this technique is not suitable to
ad- hoc networks because of the distributed
processing. In ad-hoc networks the techniques,
which work are Radio jamming and Battery
Exhaustion. Following subsections throw a light on
such types of attacks
3.4.1 Jamming the radio Frequencies
Attack by jamming the radio frequencies, which
are used. Services to the nodes can be denied. Such
mechanisms are used by military people and less
relevant to the commercial world.
3.4.2 Battery exhaustion
A malicious user may interact with a node in a
legitimate way to just to consume its battery
energy. In Pico net nodes are often kept in sleep
mode in which they only listen for radio signals
once in a while. An attacker continues to talk till
the battery runs out & once it runs out it stops &
walks away leaving the node disabled. This
technique is called sleep deprivation torture
attack.
3.4.3 Byzantine failure
Compromised nodes are capable of reconfiguring
the routing protocol either or they can send the
routing information very frequently causing
congestion and preventing nodes from gaining new
information about the change of the topology of the
network. Worst case is when an attacker can
change the routing protocol such hat it operates the
way the attacker wants. If such attacks are not
detected the consequences may be severe as the
network seems to operate normally. This type of
invalid operation of the network because of the
malicious nodes is called a Byzantine Failure
3.5 Disclosure:
Authors in [1 and 8] explain how Sensitive and
confidential information must be protected against
eavesdropping and at the same time the critical
data must be protected from unauthorized access
which can disclose the status details of a node,
private or secret keys or passwords etc.
3.6 Attacks on information in transit:
Enemy nodes/attacker can exploit the
information carried in the routing packets to launch
attacks. These attackers can corrupt the
information, disclose the sensitive information.
Theft of legitimate services from other protocols
can also be done [8].
Threat to information in transit includes:
3.6.1 Interruption
Flow of routing packets specially route
discovery and updates can be interrupted by
malicious nodes.
3.6.2 Interception and subversion
Routing protocol traffic a control messages can
be deflected and rerouted.
3.6.3 Modification
Routing protocol packets can be modified. False
routing messages can be propagated leading to
bypassing the legitimate nodes.
3.6.4 Fabrication
This attack is more like modification where a
malicious user can insert false route in to a
legitimate protocol packet.
3.7 Attacks on protocol layers:
As analyzed in [7, 8, 9, 10, 11, 12, and 13]
different layers of the protocol stack face the
attacks, which are enlisted below of which we have
discussed most in the previous sub sections of the
paper. Counter measures to some of the attack
layer wise are discussed in the next section.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 70

Proceedings of ICCNS 08 , 27-28 September 2008
LAYERS
Application
Transport
Network
Data link
layer
Physical
Multi layer
ATTACKS
Repudiation, data corruption
Session hijacking’s flooding
Wormhole, Black hole, Byzantine,
Flooding,
Resource consumption, Location
disclosure attacks
Traffic analysis, Monitoring,
Disruption MAC (802.11) WEP
weakness
Jamming, Interceptions,
Eavesdropping
DOS, Impersonation, Replay, manin-the-middle
3.8 Countermeasures on attacks on protocol
layers:
3.8.1 Physical Layer
At this layer we can use spread spectrum
technology such as frequency hoping (FHSS) &
direct sequence (DSSS). It changes frequency in
random fashion to make signal capture difficult It
also minimizes the potential for interference from
other radio & electromagnetic devices [10].
3.8.2 Link Layer
Traffic analysis is prevented by encryption at
data link layer. WEP has been widely criticized. A
dynamic mix method is used to hide the source &
destination information during message delivery
via cryptography method & to “mix” nodes in the
network [12]
3.8.3 Network Layer
The sector mechanism is based on distance
bounding techniques, one-way hash chains &
Merkle hash tree security aware ad-hoc routing
protocol (SAR) can be used to defend against black
hole attacks ARAN can be used to defend against
impersonation & repudiation attacks. Security
protocol SEAD is used against modification attacks
[13]. Directional antennas [11] are also proposed as
a counter measure against wormhole attacks.
3.8.4 Transport Layer
Point to point or end-to-end encryption provides
message confidentiality at or above the transport
layer in two end systems.
3.8.5 Application Layer
Application layer firewalls can effectively
prevent many attacks & application specific
modules .An intrusion detection system (IDS) can
be used as second line of defense.
3.8.6 Multi Layer
End to end authentication may prevent DOS
attacks.
IV. CONCLUSION
In this paper we have surveyed the various
categories of threats to the ad-hoc networks. As ad
hoc networks are vulnerable to many types of
attacks. Security of this network is a major issue.
Many researchers are trying to prevent the attacks
done on ad-hoc networks at various levels. A
variety of such attacks have been discussed. Here
we focus on the currently used security
countermeasures to defend against these attacks .A
lot of research is still being carried out to identify
new threats to ad-hoc networks & securing them
.
REFERENCES:
[1] Jean-Pierre Hubaux,Levente Buttyyan, Srdan
Capkun, The Quest for Security in Mobile Ad-hoc
Networks.
[2] R.Anderson And M.Kuhn.Tamper, Resistence-A
Cautionary Note. In Proceedings Of The Second
Usenix Workshop On Electronic Commerce,
1996.
[3] M.Jacobsson And S Wetzel.Security Weaknesses
In Bluetooth.Technical Report,Bell Labs,January,
2001.
[4] F. Stajano And R. Anderson, The Resurrecting
Duckling: Security Issues For Ad-Hoc Wireless
Networks In Proceedings Of The 7 th <strong>International</strong>
Workshop On Security Protocols, 1999.
[5] Y . Zhang And W .Lee, Intrusion Detection In
The Wireless Ad-Hoc Networks. In Proceedings
of MOBICOM, 2000.
[6] L. Zhou And Z. Haas, Securing Ad-hoc Networks.
IEEE Network, 13(6): 24-30,
November/December 1999.
[7] A. Tanenbaum, Computer Networks, PH PTR,
2003.
[8] M. Ilyas, The Handbook Of Ad-Hoc Wireless
Networks, CRC Press, 2003.
[9] R. Opplinger, Internet And Intranet Security,
Artech House, 1998.
[10] W. Stallings, Wireless Communication And
Networks, Pearson Education, 2002.
[11] L.Hu And D. Evans, Using Directional Antennas
To Prevent Wormhole Attacks.Pro Of Networks
And Distributed System Security Symposium
(NDSS).
[12] T.Karygiannis And L.Owens, Wireless Network
Security-802.11, Bluetooth And Handheld
Devices. National Institute Of Standards And
Technology. Technology Administration, U.S
Department Of Commerce, Special Publication
800-848,2002.
[13] S.Capkun, L.Buttyan And J.Hubaux, Sector:
Secure Tracking Of Node Encounters In Multi-
Hop Wireless Networks.Proc Of The ACM
Workshop On Security Of Ad- Hoc and sensor
networks, 2003.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 71

Proceedings of ICCNS 08 , 27-28 September 2008
[14] The Terminodes project.www.terminodes.org
[15] S.marti. T.Giuli, K. Lai, and M.Baker, Mitigating
routing misbehavior in mobile ad-hoc
networks.in proc. Of MOBICOM, 2000
[16] Bing Wu, Jianmin Chen, Jie Wu, Mihaela Cardei,
A survey on attacks and countermeasures in
Mobile Ad-hoc networks, 2006.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 72

Proceedings of ICCNS 08 , 27-28 September 2008
Statistical based anomaly detection technique
for detecting intrusions in Snort N-IDS
Sumithra Devi K A, Andhe Dharani, Renuka Prasad B, Akshay L Marathe
Abstract— Conventional firewall and intrusion detection systems
(IDS) are used to detect possible attacks from the network, they often
make wrong decisions and abort the safe connections. Snort , a free
and open source distribution, an IDS, that detects attacks against a
computer or network, and let us know when the attacks occur
through detecting attacks, enforcing policies, providing an audit trail
and resource justification. In this paper a novel system is presented
which is an analyzer for intrusion detection systems for network on
Snort. In Snort the draw backs are there is can be detection on attacks
which can be false, the analysis is static and there is no reliable
security of data. In this paper were are discussing a system which is a
statistical analyzer where we are trying to take care of three added
thing on Snort – reduce the false alarm rates and dynamic analysis
rather than static.
C
Keywords—Snort, IDS, false alarm rate, statistical analyzer
I. INTRODUCTION
omputers today are no longer used as standalone units.
More often, they are networked into large distributed
systems where each individual computer can use applications
which are distributed throughout the system and shares
resources with all the other subsystems [1]. The potential
damage that can be inflicted by attacks launched over the
internet keeps increasing due to a growing reliance on the
internet and more extensive connectivity. Intrusion detection
systems have become an essential component of computer
security to detect attacks that occur despite the best
preventative measures. Comprehensive discussions of
alternate approaches to intrusion detection are available in [2,
3, 4].
computer and network system are concerned, IDS is a
software system which detects the evil attacks from outside
illegal intruders and the illegal behavior of inner users when
they exceed their authority [5]. A typical IDS consists of the
following parts: event generator, event analyzer, response
units and event databases. The data are exchanged by
Gidos_generalized intrusion detection object [6] between the
parts. Network intrusion detection systems are the kind of IDS
responsible for detecting attacks related to the network. One
point of discordance is where it should be deployed. You may
encounter network topology where it is before a firewall, and
you may find it after a firewall.
Once an adversary is detected event generators obtain the
required information and transform it into standard format.
Respectively event analyzers analyze the data and generate
Gidos. Gidos are processed by response units. Event databases
store the events and Gidos. Current network intrusion
detection systems often work as misuse detectors, where the
packets in the monitored network are compared against a
repository of signatures that define characteristics of an
intrusion. Successful matching fires an alert. Generally, a
good signature must be narrow enough to capture precisely
the characteristic aspects of adversaries. At the same time, it
should be flexible enough to capture variations of attacks.
Failure in any way may lead to either large amounts of false
positives or false negatives [7]. Figure 1 clarifies the system
in more detail
A. Intrusion Detection System
Intrusion detection technology in general helps find out the
illegal intrusions from inside and outside by tracking the
intruders’ trail, such as the records of failure access trails. It
acts as an active defense against illegal intrusions. Thus it
plays an important role in network security. As far as the
Prof. K.A.Sumithra devi is with R.V.College of Enginerring, Head of the
Department, Dept of MCA, Bangalore – 560059, India, phone: 091-80-
9945004632; fax: 091-80-28600337; e-mail: sumithraka@gmail.com).
Andhe Dharani, Asst. Professor, is with R. .V .College of Engineering, She
is Asst. Professor of Department of MCA, Bangalore – 560 059, INDIA.
Renuka Prasad B, is with R. .V .College of Engineering, Lecturer of
Department of MCA, Bangalore – 560 059, INDIA
Akshay L Marathe, is with R. .V .College of Engineering, Department of
MCA, Bangalore – 560 059, INDIA
Fig. 1. Basic Intrusion Detection System
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 73

Proceedings of ICCNS 08 , 27-28 September 2008
An IDS before the firewall is an Attack detection and after the
firewall is Intrusion detection. In a switched network, since
we don't have broadcasting, we have two better options on
deploying the NIDS, using a hub to force a broadcast or using
a mirroring-port in the switch.
Types of IDS
• Based on Architecture
• NIDS – Network IDS
• HIDS – Host IDS
• Hybrid IDS
• Based on Detection Methodology
• Misuse Detection
• Anomaly Detection
Shortfall of an IDS
Accepted traffic can have intrusions
Insider attackers are common
Detection of abnormal behaviour
Nowadays everyone is working on open source software.
Open access, open source software, and open standards are
three concepts that have been receiving increased attention
lately in today’s world. Open access is seen by some as a
possible solution to the increasing price of serials and as a
way for governmental funding agencies to receive a better
return on investment. Open source software can benefit by
lowering initial and ongoing costs, eliminating vendor lock-in,
and allowing for greater flexibility. With the existing trend of
using open source software and the internet solutions, it is
very important to have an IDS which works on the open
source. The solution to this is Snort [8].
B. Snort
Snort is an open source Network Intrusion Detection System
(NIDS) which is available free of cost. NIDS is the type of
Intrusion Detection System (IDS) that is used for scanning
data flowing on the network. There are also host-based
intrusion detection systems, which are installed on a particular
host and detect attacks targeted to that host only. Although all
intrusion detection methods are still new, Snort is ranked
among the top quality systems available today [9]. When used
with Snort can prevent engine from ever seeing the packets.
Components of Snort
Snort is logically divided into multiple components. These
components work together to detect particular attacks and to
generate output in a required format from the detection
system. A Snort-based IDS consists of the following major
components:
• Packet Decoder
• Preprocessors
• Detection Engine
• Logging and Alerting System
• Output Modules
Fig.2. shows how these components are arranged. Any data
packet coming from the Internet enters the packet decoder. On
its way towards the output modules, it is either dropped,
logged or an alert is generated.
Fig. 2. Components of Snort
Snort, essentially works on detection methods like signature
detection, misuse detection and anomaly detection. Snort can
be run as a daemon or as a super packet sniffer. It can also be
utilized as a firewall to control the network traffic. Snort is
configurable. It is widely used and is constantly updated.
Also, runs on multiple platforms. For a dual processor system,
a different instance of Snort can run on each processor. Snort
is modular and scalable. Snort, internally uses tcpdump and
libpcap/Winpcap libraries to capture network traffic, which
are then decoded by packet decoder , preprocessed(using
rules) ,and intrusions, if any, are detected. An alert is
generated and logged for such an intrusion. These alerts give
information on the kind of attack, source IP, destination IP
etc. Log entries illustrate the actual packets of the attack,
showing MAC addresses, packet payload, timestamp and TCP
flags. These entries can be ported to a database for further
analysis.
II. IMPLEMENTATION
The current scenario in snort with its drawbacks -
• Snort Doesn’t Provide Statistical Profiler.
• Uses static data and works heuristically.
• Analysis is made on Dumped data.
In our paper we are taking care of these drawbacks by
considering a statistical analyzer. Figure 3 gives the block
diagram of a complete N-IDS consisting of Snort and
statistical analyzer implemented in our system
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 74

Proceedings of ICCNS 08 , 27-28 September 2008
A. Learning Phase.
In learning phase System analyze the network traffic and
obtains a normal event data (Standard data)further used for
testing in detection phase, or one can skip this phase and take
standard data obtained from long-term analysis. Below table
1. shows the parameters taken for the time ^ t and the mean
data obtained which is analyzed to get the standard data to be
analyzed with the respective parameters in the detection phase
Fig. 3. Block diagram of Snort N-IDS Model and statistical
analyzer
TRAINING AND TESTING DATA
For intrusion detection, we want to build a long term profile of
normal events and to compare events in the recent past to the
long-term norm profile for detecting a significant departure.
Audit data of normal events are required for training the norm
profile. In this study, we use a sample of audit data for normal
events that is developed by the CDAC (Center for). The
sample contains a stream of 3000 audit
Table 1. Mean data analyzed for the parameters for a
given time.
Some of the Parameters Considered in our work are
TCP, UDP, ARP, IP, ICMP, HTTP, HTTPS, TELNET,
SSHP, SMTP, SNMP, DNS, DHCP, FTP, NETBIOS,
HTTPSIZ, TEL-SIZ, SSH-SIZ, SMTP-SIZ, SNMP-SIZ,
DNS-SIZ, HTTPS-SIZ, FRGCNT, I-OCNT, O-ICNT,
CNTRLCNT, IPBCAST, ARPBCAST, CONNERQ
MySQL Tables
Data Reference_system
Detail Schema
Encoding Sensor
Event
Icmphdr
Iphdr
Opt
Sig_class
Sig_reference
Signature
Tcphdr
Reference Udphdr
Table 2. Standard data ready for analysis of the Means
with respect to the parameters
B. Detection Phase
There are different statistical methods available. The best
suited distribution taken for the analysis is Chi-Square
Distribution and Fisher’s Index Number.
Chi-Square Distribution:
Hotelling's T 2 [10] multi variate statistic is a measure of the
statistical distance from an observation to the mean estimate
of the multivariate normal distribution, we develop a distance
measure based on a chi-square test statistic as follows:
STATISTICAL TECHNIQUE
The analysis process is split into two categories to achieve
better results and make the system to work dynamically; those
are Learning Phase and Detection Phase.
Mi is the observed value of the ith variable, Ei is the expected
value of the ith variable and n is the number of variables. X 2 is
small if an observation of the variables is close to the
expectation.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 75

Proceedings of ICCNS 08 , 27-28 September 2008
Fisher’s Index Number
The test is used to examine the significance of the association
between two variables i.e the number of parameters and time
in a 2 x 2 contingency table. The p-value from the test is
computed as if the margins of a 2 by 2 table are fixed. As
pointed out by Fisher, this leads under a null hypothesis of
independence to use of the hypergeometric distribution for a
given count in the table.From the hypergeometric distribution,
the probability of obtaining the values are
P= (t n +p n ) !
demonstrated the promising performance of this technique
for intrusion detection in terms of a low false alarm rate and
a high detection rate. Intrusive events were detected at a very
early stage. Table 3 and 4 gives the data information and the
results.
n!t n !p n !
The hypothesis implemented is as follows
Hypothesis:
H0 : Normal proper Alarm.
H1 : False Alarm.
H0 v/s H1
If (H0 < №) Accept
Hypothesis
Else Reject Hypothesis
Fig. 4. Working Of Snort IDS.
The algorithm used for implementation is as follows:
C. ALGORITHM
1. Start
2. Capture Data From Network using Snort.
3. Port data to MySQL using Snort Connectivity's.
4. Obtain data* for analysis from MySQL DB using
mysql++ connector
5. Using chi-square check for the acceptance or
rejection of hypothesis
6. Using the variations obtained in chi-square analyze
the same data set by Fisher’s index number
7. If hypothesis is rejected in both the cases, then
raise an alarm
8. Else no alarm
9. Continue till log-off
10. Stop
Fig.5. Sample Rule
III. RESULTS AND CONCLUSIONS
An intrusion into an information system compromises its
security (e.g. availability, integrity and confidentiality)
through a series of events in the information system.
Intrusive events often show departures (anomalies) from
normal events in an information system. This paper presents
an anomaly detection technique based on a chi-square
statistic. This technique builds a profile of normal events in
an information system --a norm profile computes the
departure of events in the recent past from the norm profile
and detects a large departure as an anomaly --a likely
intrusion. This technique was tested for its performance in
distinguishing normal events from intrusive events in an
information system. Fig 4 shows the working of Snort IDS
and figure 5 gives a sample rule done on the IDS and figure 6
gives the detected alert of the rule. The test results
Fig.6. An Detected Alert
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 76

Proceedings of ICCNS 08 , 27-28 September 2008
Table 3. Test run on the days and the related information
Table 4. Statistical Analysis Report on the normal and attack data
Fig. 7. Performance of detection of the false alarm rate by the
algorithm
.
REFERENCES
[1] Dobry R. and Schanken M.D., “Security Concerns for distributed
Systems”. National Security Agency, Fort Meade, MD 20755-6000,
IEEE 1994.
[2] J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, E. Stoner, State of
the Practice of Intrusion Detection Technologies, Carnegie Mellon
University/Software Engineering Institute Technical Report CMU/SEI-
99-TR-028, January 2000.
[3] E. G. Amoroso, Intrusion Detection: An Introduction to Internet
Surveillance, Correlation, Trace Back, Traps, and Response,
Intrusion.Net Books, 1999.
[4] Steven Northcutt, Network Intrusion Detection; An Analysis Handbook,
New Riders Publishing, Indianapolis, 1999.
[5] Zhengjun T., “The design and implement of Network industry”.
Published by. 4.2002.
[6] Donghai H., Chao W. and Li Q., “Example Anatomy of IDS”. Published
by Tsinghua University 5.2002.
[7] Kreibich C. and Crowcroft J., “Honeycomb: Creating Intrusion
Detection Signatures Using Honey pots”. ACM SIGCOMM Computer
Communications Review, Volume 34, Number1: January 2004.
[8] Edward M. Corrado, “The Importance of Open Access, Open Source,
and Open Standards for Libraries”, Issues in Science and Technology
Librarianship, Spring 2005
[9] Rafeeq Ur Rehman, “Introduction to Intrusion Detection and Snort”,
ISBN 0-13-140733-3, 2003 Pearson Education, Inc. Publishing as
Prentice Hall PTR, Upper Saddle River, New Jersey 07458
[10] [ Javitz HS, Valdes A, “The NIDES statistical component description of
justification”,. Technical Report A010, SRI <strong>International</strong>, Menlo Park,
CA, March 1994.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 77

Proceedings of ICCNS 08 , 27-28 September 2008
Applying Knowledge Discovery in Database
Techniques in Modeling Packet Header
Anomaly Intrusion Detection Systems
Solahuddin B Shamsuddin, and Mike E Woodward
Abstract—This paper describes packet header anomaly intrusion
detection system modeling. The essence of the discussion in this
paper is on applying knowledge discovery in database technique to
produce expert production rules which is one of the main component
of our model which we call as Protocol based Packet Header
Anomaly Detector (PbPHAD) Intrusion Detection System. PbPHAD
is designed to detect the anomalous behaviour of network traffic
packets based on three specific network and transport layer protocols
namely UDP, TCP and ICMP to identify the degree of maliciousness
from a set of detected anomalous packets identified from the sum of
statistically modelled individually rated anomalous field values.
Keywords— Anomaly, Intrusion Detection Systems, Knowledge
Discovery in Database, Expert Production Rules.
I
I. INTRODUCTION
ntrusion Detection Systems (IDS) has been part and parcel
of essential key components of an overall security
architecture in any computer network [1]. A significant
number of research efforts have been geared in this area
especially in the design and development of anomaly based
IDS as this model has emerged to be a more promising model
in detecting unknown attacks or more popularly known as zero
day attacks which could come from any malicious hosts in any
corners of the globe which appear hastily in today’s
interconnected computer architectures.
One of the main focus in designing anomaly based IDS is to
come up with a model that could give a high detection rate
with an acceptable number of false alarm rates as high false
alarm rates would significantly reduce the effectiveness of the
IDS. Reducing false alarm rates have been the main concern in
anomaly based IDS design and it has been the most
challenging task to achieve it. A variety of ensemble
techniques [2] have been applied by a lot of researchers in
their quest to come up with the best algorithm to produce the
expert production rules to deduce the classification of
anomalous packets which deem to be malicious from a
plethora of incoming packets traversing into any monitored
S. B. Shamsuddin is with the School of Informatics, University of
Bradford, Bradford BD7 1DP, United Kingdom (phone: 01274-233-926; fax:
01274-233-920; e-mail: S.B.Shamsuddin@Bradford.ac.uk).
M. E Woodward is with the School of Informatics, University of Bradford,
Richmond Road, Bradford BD7 1DP, United Kingdom (e-mail:
M.E.Woodward@Bradford.ac.uk).
network segment of a particular interest. New trends in IDS
research modelling are focused more towards into performing
sophisticated protocol analysis and embedding expert
production rules in the detection algorithms such that the use
of attack signatures has become less dependent [3].
Even though the use of anomaly based IDS is the current
trend, the use of signature based IDS is still very much in need
as the former model still has not reached its maturity stage yet
and as such a lot of research efforts are very much going on in
gearing to perfecting the model. We believe, for the time
being, a hybrid approach shall be the best approach in making
full use of the best advantages of both models [4]. i.e. the
combination of high level of detection accuracy of signature
based IDS with low false positive rates and the ability to detect
unknown attacks or zero day attacks of anomaly based IDS.
In this paper, we will discuss our work in modelling our IDS
by applying knowledge discovery in database (KDD)
techniques in extracting expert production rules which can be
embedded in the detection algorithm to reduce the level of
false positive to a fairly acceptable rate. We took this approach
as rule-based expert systems is the most popular choice for
building knowledge-based systems which can be found in a lot
of artificial intelligence literatures [5]. The rest of the paper is
organized as follows. In section II, we discuss other related
works in intrusion detection systems. In section III, we
describe our anomaly based IDS model which include its
design concept and statistical modelling. In section IV we
discuss the life cycle of our IDS modelling process and data
engineering process in applying knowledge discovery in
database technique to our IDS model. We discuss our model’s
experimental results using 1999 DARPA evaluation data set in
section V. In section VI we discuss the comparison of our
results with the 1999 DARPA IDS evaluation system results
on poorly detected attacks. We present our conclusion in
section VII.
II. RELATED WORK
Peddabachigari et al. studied two hybrid approaches for
modelling IDS where Decision Trees and Support Vector
Machines are combined as hierarchical hybrid intelligent
system model. They also came up with an ensemble model
combining the base classifiers. Their results shows that the
ensemble approach produced better results compared to the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 78

Proceedings of ICCNS 08 , 27-28 September 2008
individual classifiers and the hybrid models. [6].
IDES (Intrusion Detection Expert System) [7] exploited the
statistical approach for the detection of intruders. It uses the
intrusion detection model proposed by Denning [8] and audit
trails data as suggested in Anderson [9]. IDES maintains
profiles, which are a description of a subject’s normal
behaviour with respect to a set of intrusion detection measures.
Profiles are updated periodically, thus allowing the system to
learn new behaviour as users alter their behaviour. These
profiles are used to compare the user behaviour and inform
significant deviation from them as the intrusion. IDES also
uses the expert system concept to detect misuse intrusions.
The advantage of this approach is that it adaptively learns
the behaviour of users, which is thus potentially more sensitive
than human experts. This system has several disadvantages.
The system can be trained for certain behaviour gradually
making the abnormal behaviour as normal, which may make
the intruders undetected. Determining the threshold above
which an intrusion should be detected is a difficult task.
Setting the threshold too low results in false positives (normal
behaviour detected as an intrusion) and setting it too high
results in false negatives (an intrusion undetected). Attacks,
which occur by sequential dependencies, cannot be detected,
as statistical analysis is insensitive to order of events.
ADAM - (A Testbed for Exploring the Use of Data Mining
in Intrusion Detection) observe IP addresses and subnets, port
numbers and TCP state to build normal traffic models. This
model will be used to detect suspicious connection which
deviates from the developed normal traffic model [10].
Statistical Packet Anomaly Detection Engine (SPADE)
observes ports and addresses to monitor detection [11].
C. Yin et al. developed new methodology in applying
genetic programming to evolve learned rules for network
anomaly detection [12]. Their work was focusing on rule
learning for network anomaly detection which involve
evolving rules learned from the training traffic by using
Genetic Programming (GP) [13], and with the evolved rules,
differentiation of the attack traffics from the normal traffic will
be carried out by the system.
M.V. Mahoney and P.K. Chan built their IDS model that
learns the normal range of values for 33 fields of the Ethernet,
IP, TCP, UDP and ICMP protocols using a generic statistical
model for all values in the packet headers for all protocols by
estimating probabilities based on the time since the last event
[14]. Our experiment in essence is to expand the idea of using
just the packet header field values to learn the anomalous
behaviour of the packets during transmission in any TCP/IP
network traffic. We extend the statistical analysis by modelling
the detection algorithm based on three specific network and
transport layer protocols namely UDP, TCP and ICMP.
III. PROTOCOL BASED PACKET HEADER ANOMALY
DETECTION (PbPHAD) STATISTICAL MODEL
A. Data Source
The 1999 DARPA Intrusion Detection Evaluation Data Set
[15] has been chosen for this research for its data source. This
data set was prepared by MIT Lincoln Lab and is publicly
available to all researchers. It has been accepted by IDS
research community as the de facto standard for benchmarking
their IDS models.
Fig. 1 [16] shows of an isolated test bed network for the
offline evaluation. Scripting techniques were used to generate
live background traffic which is similar to traffic that flows
between the inside of one fictional Eyrie Air force base created
for the evaluation to the outside internet. Rich background
traffic was generated in the test bed which looks as if it were
initiated by hundreds of users on thousands of hosts.
Automated attacks were launched against the UNIX victim
machines and the router from outside hosts. Machines labeled
‘sniffer’ in Fig. 1 run a program named tcpdump [17] to
capture all packets transmitted over the attached network
segment.
Fig. 1 Block diagram of 1999 test bed
Lincoln Lab provided 5 week of data which consists of 3
weeks of training data and 2 weeks of testing data in several
formats such as tcpdump, BSM solaris host audit data and NT
audit data. In this research, the tcpdump format will be used as
it provides details of the TCP/IP packet that traverse through
the network which contains most the information of our
interest for detail analysis of the intrusion. In the training data,
the first and third weeks of the data do not contain any attacks
which are provided to facilitate the training of anomaly based
IDS. Only the second week of the training data contains
labeled attacks. The testing data consist of two weeks of
network based attacks in the midst of normal background data.
The forth and fifth weeks of data are the "Test Data" used in
the 1999 Evaluation from 29 March 1999 to 9 April 1999.
There are 201 instances of about 56 types of attacks
distributed throughout these two weeks. Out of 201 attack
instances only 176 are found in the inside testing data used for
this experiment. Our performance evaluation will be based on
the 176 attack instances as we only use the inside testing data.
These attacks fall into four main categories:
• Denial of Service (DoS): In this type of attack an attacker
makes some computing or memory resources too busy or
too full to handle legitimate requests, or denies legitimate
users access to a machine. Examples are Apache2, Back,
Land, Mailbomb, SYN Flood, Ping of death, Process
table, Smurf, Teardrop.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 79

Proceedings of ICCNS 08 , 27-28 September 2008
• Remote to User (R2L): In this type of attack an attacker
who does not have an account on a remote machine sends
packets to that machine over a network and exploits some
vulnerability to gain local access as a user of that machine.
Examples are Dictionary, Ftp_write, Guest, Imap, Named,
Phf, Sendmail, Xlock.
• User to Root (U2R): In this type of attacks an attacker
starts out with access to a normal user account on the
system and is able to exploit system vulnerabilities to gain
root access to the system. Examples are Eject,
Loadmodule, Ps, Xterm, Perl, Fdformat.
• Probing: In this type of attacks an attacker scans a
network of computers to gather information or find known
vulnerabilities. An attacker with a map of machines and
services that are available on a network can use this
information to look for exploits. Examples are Ipsweep,
Mscan, Saint, Satan, Nmap.
B. Protocol-based Packet Header Anomaly Detector
(PbPHAD) Model
The fundamental design concept behind our PbPHAD IDS
is to learn the normal packet header attribute values during the
attack-free week 3 of inside training data which consist of
12,814,738 traffic packets in order to come up with the normal
traffic profile based on distinct packet header field values for
each of the host in the network. Two separate normal profiles
are created for each host for incoming and outgoing traffic.
See process 1.0 in Fig. 2.
The packet header field values are taken from layer 2, 3 and
4 protocols which are the IP, Ethernet, TCP, UDP and ICMP
which summed up to 30 fields as depicted in the Field Name
column in Table 1. We designed our PbPHAD anomaly
statistical model based on 3 specific protocols which are TCP,
UDP and ICMP because of their unique behaviour when
communicating among hosts, client and servers depending on
the purpose and application used for a particular session. With
this in mind, a more accurate statistical model with finer
granularity which represents the 3 chosen protocols can be
built for detecting the anomalous behaviour of the testing data.
For each protocol, if we index each field as i, i=1,2,…,n, the
model is built based on the ratio of the normal number of
distinct field values in the training data, R i , against the total
number of packets associated with each protocol, N i . The ratio,
p i = R i /N i represents the probability of the network seeing
normal field values in a packet. Thus, the probability of
anomalies will be 1 – p i for each corresponding field. Each
packet header field containing values not found in the normal
profile will be assigned a score of 1 – p i and will be summed
up to give the total value for that particular packet.
Score packet = ∑ (1 - p i ),
n
i=1
i = 1,2,…n
As the value of Ri varies greatly, we use log ratio in our
model. The value of column TCP, UDP and ICMP in Table 1
is calculated based on:
(1)
Relative percentage ratio of 1-log(R i /N i )
to give the total probability of 1 for each protocol.
Table 1 shows PbPHAD statistical model for one host with
IP address 112.016.112.050 for incoming packets. It is
obvious from the PbPHAD model that the bigger the number
of anomalous fields (R), the smaller the anomaly score will be.
The anomaly score of 0.000 shows that particular field is not
related to that particular protocol.
TABLE 1
PBPHAD STATISTICAL MODEL FOR HOST 112.016.112.050 INCOMING
PACKETS
Ser Field Name R N
Anomaly Score
TCP UDP ICMP
1 etherdest 1 1545610 0.053342 0.067305 0.073532
2 etherprotocol 1 1545610 0.053342 0.067305 0.073532
3 ethersize 818 1545610 0.031711 0.040035 0.043739
4 ethersrc 6 1545610 0.047563 0.060019 0.065573
5 icmpchecksum 2 84096 0 0 0.057521
6 icmptypencode 2 84096 0 0 0.057521
7 ipchecksum 1 1545610 0.053342 0.067305 0.073532
8 ipdest 1 1545610 0.053342 0.067305 0.073532
9 ipfragid 65536 1545610 0.017574 0.022213 0.024268
10 ipfragptr 2 1545610 0.051106 0.064486 0.070453
11 ipheaderlength 1 1545610 0.053342 0.067305 0.073532
12 iplength 825 1545610 0.031684 0.040001 0.043702
13 ipprotocol 3 1545610 0.049799 0.062838 0.068652
14 ipsrc 28 1545610 0.042595 0.053756 0.058730
15 iptos 3 1545610 0.049799 0.062838 0.068652
16 ipttl 1 1545610 0.053342 0.067305 0.073532
17 tcpack 384656 1076131 0.010744 0 0
18 tcpchecksum 2 1076131 0.049984 0 0
19 tcpdestport 620 1076131 0.031483 0 0
20 tcpflag 8 1076131 0.045513 0 0
21 tcpheaderlen 3 1076131 0.048676 0 0
22 tcpoption 2 1076131 0.049984 0 0
23 tcpseq 383431 1076131 0.010754 0 0
24 tcpsrcport 1553 1076131 0.028522 0 0
25 tcpurgptr 1 1076131 0.052220 0 0
26 tcpwindowsize 912 1076131 0.030238 0 0
27 udpchecksum 2 385383 0 0.058839 0
28 udpdestport 4067 385383 0 0.027867 0
29 udplen 46 385383 0 0.046091 0
30 udpsrcport 3 385383 0 0.057190 0
N Total 842537 1 1 1
IV. APPLYING KDD TECHNIQUE IN EXTRACTING EXPERT
PRODUCTION RULES
Fig. 2 shows the whole process of modelling our packet
header anomaly-based IDS. Process 1.0 is the normal profile
building phase as described in the previous section. Process
2.0 is where we simulate the testing data and compare it
against its normal profile to get its anomaly score for packets
which deviates from its normal profile. For anomalous packets
which have surpassed their threshold values, expert production
rules will be applied to give classification to the packets
whether it falls into normal or attack categories. Applying the
expert production rules is done in process 3.0. If the
anomalous packets are incorrectly classified i.e. big number of
false positives or false negatives, a thorough analysis has to be
done to identify the packets into its right classification whether
it is normal packets or attack packets with proper categories,
which is the process 4.0. Process 5.0 is the gist of our
discussion in this paper which is applying KDD technique
which utilizes machine learning tools to extract the expert
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 80

Proceedings of ICCNS 08 , 27-28 September 2008
production rules. After extracting the expert production rules,
the rules will be updated in the database which is used in
Process 3.0 to classify the anomalous packets. The whole
process starting from process 1.0 to 5.0 is the normal life-cycle
process of IDS modelling for any anomaly based IDS as the
data is always dynamic. i.e. after some period of time, when
users changed their behaviours in using the network or some
new services are introduced into the network, the normal
profiles have to be updated and also it is an eminent fact that
any network that is connected to the internet is bound to
encounter new attacks as new attacks are being developed on a
daily basis, therefore process 1.0, 4.0 and 5.0 shall always be
an ongoing process as and when it is deemed necessary.
Fig. 2 PbPHAD System Modelling Process
A. Data engineering process
One of the most time consuming process in applying KDD
technique to a set of data to learn the association rules of the
attributes and coming up with the classification algorithm is
the data preparation stage. This is the stage where a set of
attributes need to be intelligently chosen and the data is
cleansed before the machine learning technique is applied to
discover useful knowledge from the data that is being mined.
Most of the time, a new set of transformed attributes or
secondary attributes need to be introduced into the data
structure to increase a chance of getting better results.
Fundamentally, choosing the right attributes require a good
understanding of the underlying data to be analyzed by the
domain expert in that particular field. In the case of IDS
modelling, it requires at least a profound understanding of the
ISO-OSI layers, TCP/IP protocol suite, anatomy of attacks and
the IDS architectural design principles as domain knowledge
can cut down the search space drastically. I. H. Witten and E.
Frank put it as “Knowledge is power: a little goes a long way,
and even a small hint can reduce the search space
dramatically” [18] This stage is known as “data engineering”
process which constitutes “engineering the input data into a
form suitable for the learning scheme chosen and engineering
the output model to make it more effective”. [18]
We started modelling the data structure by first selecting the
primary fields which is all fields for packet header attributes
which comprise of the headers of layer 2, 3 and 4 protocols
which are the Ethernet, IP, TCP, UDP and ICMP packet
header fields. For each of the packet header field, an anomaly
flag field is created for it to indicate the state of that particular
field. i.e. whether or not that particular header field value is
anomalous which is represented by either ‘1’ or ‘0’
respectively. Not all actual packet header attribute values are
included in the data structure. Packet header fields which we
thought that would not contribute much to the creation of the
rules will be discarded. i.e. the value of IP fragmentation ID is
discarded as the value of this 2-byte field is very big and is
selected based on how this protocol is implemented by the
operating system of the host and does not really tied to any
particular protocols. The actual field value of both source and
destination IPs are also discarded as our intention is to come
up with a generic rules which does not get tied to any
particular host. Using 1-second time window, we created 2
secondary attributes which are ‘volume’ – number of bytes
destined for a host, measured in byte/s and ‘scan speed’ -
measured in number of packets/s and their corresponding
anomaly flag fields as we would foresee that these 2 fields
could contribute in the identification of either DoS or Probing
attack category. A ‘direction’ field is created to indicate the
direction of the packet. i.e. from inside to inside, outside to
inside or inside to outside. We would foresee that this field
could assist in the rule creation to come up with the right
category of attack as we know that R2L and U2R attacks can
be identified by this direction.
For transport layer protocol which comprise of TCP and
UDP protocols, we introduced two more secondary fields to
track the anomaly use of the protocol. As we know that both
UDP and TCP use socket-pair to communicate which uniquely
identify a connection. i.e. the 4-tuple consisting of the server
IP address, server port number, client IP address and client
port number. Client port numbers which are known as
ephemeral port number usually have a value of greater than
1023 and server port numbers which are known as well-known
server port numbers have a value of less than 1024. [19] If
both port numbers in any packet has either values greater than
1023 or less than 1024 this will indicate some anomaly in the
protocol being used which might give an indication of a
malicious intent. These new secondary fields are named as
‘isbothportsgt1023’ and ‘isbothportslt1024’. For ICMP
protocol, we combine the ICMP type and ICMP code fields as
for the purpose of identifying an ICMP packet, a unique
combination of both fields have to be joined together in order
for it to be meaningful. We also created one field to track if a
packet has the same source and destination IP address which
obviously shows a grave anomaly for a normal packet. Finally
a ‘class’ field and ‘anomaly score’ fields are created to assist
the classification of the packets by its anomaly score.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 81

Proceedings of ICCNS 08 , 27-28 September 2008
B. Rule extraction
Once the data engineering process has finished, we then
wrote a program to fill up the values for the secondary fields
for all 21,954,377 cleansed packets discovered in the 2 weeks
of the testing data to suit the new data structure which has been
created. 3 different tables were built for each of the TCP, UDP
and ICMP protocols as each one of them has different distinct
set of fields to be analyzed by the machine learning tools.
In this exercise we used WEKA [20] for the machine
learning workbench. We chose WEKA as it is a very robust
open source machine learning workbench which has more than
80 classifier algorithms to choose from. It is quite a
challenging task to choose the right algorithm for this purpose
as each algorithm has its own strengths and weaknesses which
is suitable to particular data structures and furthermore it is
very hard to find one algorithm that can out perform all other
algorithms for all type of data structures.
We used a small set of data to evaluate the performance of
all classifier algorithms that is available in WEKA and after
doing a thorough analysis of the results we decided to use J48
Tree classifier algorithm as this algorithm has shown a very
good performance for our data set. Furthermore it is very easy
to convert the tree to expert production rules which is one of
the main components in our IDS model. The ‘Run
Information’ of the result will show the structure of the J48
pruned tree and alternatively this tree can be viewed visually
using ‘WEKA Classifier Tree Visualizer’ feature. By
analyzing the structure of the tree we then convert it to expert
production rules. The number of leaves will give the number
of rules that can be extracted from the tree. i.e. See Fig. 4.
V. EXPERIMENTAL RESULTS ON THE 1999 DAPRA IDS
EVALUATION DATA SET
We tested our model on the 2 weeks of the inside testing
data which comprises of 21,954,377 cleansed packets. In this
paper, we will discuss the result of one host with IP address
112.016.112.050 which has the most number of attacks among
inside hosts in the DARPA 1999 test bed for the duration of
the two weeks testing period. Furthermore our IDS model is a
host-based model such that the KDD process shall be done by
host in order to acquire a meaningful result. We managed to
detect 55 out of 61 attack instances which gave us 90.16%
success rate as depicted in Table 2 below. Our PbPHAD IDS
model shows a very good detection rate for ICMP packets at
100%, a high percentage rate for UDP packets at 90.91% and
a slightly lower detection rate for TCP at 89.13%.
A. TCP
Fig. 3 below shows one snap shot of a Run information for
host 112.016.112.050 on 9 th April for TCP packets which used
10-fold-cross-validation test mode for J48 classifier algorithm.
Only 3 actual primary attribute values are used in this run
which are ‘tcp source port’, ‘tcp destination port’ and ‘tcpflag’.
4 secondary attributes used in this run are ‘volume flag’,
‘direction’, ‘if both ports greater than 1023 flag’, ‘if both ports
less than 1024 flag’ and the rest are primary attributes flags.
TABLE 2
DETECTION RESULTS FOR HOST 112.016.112.050
There are 170,259 TCP packets destined for this host on this
particular day and we managed to get a very good
classification result as shown in the Confusion Matrix below
with only 1 false positive and 3 false negatives which gives the
percentage of correctly classified instances to 99.9977 %.
=== Run information ===
Scheme: weka.classifiers.trees.J48
Instances: 170259
Attributes: 18 => tcpsrcport, tcpdestport, tcpflag, volumeanom,
direction, isbothportsgt1023, isbothportslt1024, ethersizeisanom,
iplengthisanom, ipfragidisanom, ipsrcisanom, tcpsrcportisanom,
tcpdestportisanom, tcpseqisanom, tcpackisanom, tcpwindowsizeisanom,
score, class
Test mode:
10-fold cross-validation
=== Classifier model (full training set) ===
J48 pruned tree
Number of Leaves : 14
Size of the tree : 27
Time taken to build model: 21.08 seconds
=== Stratified cross-validation ===
=== Summary ===
Correctly Classified Instances 170255 99.9977 %
Incorrectly Classified Instances 4 0.0023 %
Kappa statistic 0.9997
Mean absolute error 0
Root mean squared error 0.0028
Relative absolute error 0.0483 %
Root relative squared error 2.5892 %
Total Number of Instances 170259
=== Detailed Accuracy By Class ===
TP Rate FP Rate Precision Recall F-Measure ROC Area Class
1 0 1 1 1 1 Normal
1 0 1 1 1 1 dos
0.999 0 1 0.999 0.999 0.999 probe
1 0 1 1 1 1 r2l
1 0 0.999 1 1 1 u2r
1 0 0.909 1 0.952 1 data
=== Confusion Matrix ===
a b c d e f

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 4 J48 Tree for TCP Packets on 9th April
Fig. 4. shows the corresponding J48 pruned tree for the run.
From this figure we can see that a combination of the actual
value of the primary attribute which is ‘tcpdestport’, the
primary attribute anomaly flag which is ‘ip source is
anomalous flag’ and a secondary attribute which is ‘direction’
correctly classified R2L attack with 0 false negative. For U2R
attack, an additional actual value of primary attribute which is
‘tcp destination port’ correctly classify its class with 0 false
negative. See the Confusion Matrix in Fig. 3.
Rule 1
Antecedent
IF source IP is not anomalous
AND TCP destination port 22
AND direction = ‘II’
Consequent
THEN class is ‘R2L’
Fig. 5 J48 Tree for TCP Packets on 9th April
From Fig. 4. we can see that the tree has a size of 27 with 14
leaves. From this tree we can extract the expert production
rules. Since there are 14 leaves, 14 rules can be extracted from
this tree. Fig. 5 shows some example of the rules extracted
from the tree.
B. UDP
Fig. 6 below shows one snap shot of a Run information for
host 112.016.112.050 on 9 th April for UDP packets which
used ‘evaluate on training data’ test mode for J48 classifier
algorithm. Only 2 actual primary attribute values are used in
this run which are ‘udp source port’ and ‘udp destination port’.
There are 11,454 UDP packets destined for this host on this
particular day and we managed to get a good classification
result as shown in the Confusion Matrix below with 0 false
positive and 70 false negatives which gives the percentage of
correctly classified instances to 99.3889 %.
=== Run information ===
Scheme: weka.classifiers.trees.J48
Relation: 112-150-09apr-I-UDPweka.filters.unsupervised.attribute.Remove-R1-4,33,35
Instances: 11454
Attributes: 14 => udpsrcport, udpdestport, volumeanom, scanspeedanom
direction, isbothportslt1024, iplengthisanom, ipfragidisanom
ipsrcisanom, udpsrcportisanom, udpdestportisanom,
udplenisanom, score, class
Test mode: evaluate on training data
=== Classifier model (full training set) ===
Number of Leaves : 6
Size of the tree : 11
Time taken to build model: 0.83 seconds
=== Evaluation on training set ===
=== Summary ===
Correctly Classified Instances 11384 99.3889 %
Incorrectly Classified Instances 70 0.6111 %
Kappa statistic 0.828
Mean absolute error 0.0059
Root mean squared error 0.0544
Relative absolute error 28.4034 %
Root relative squared error 53.4538 %
Total Number of Instances 11454
=== Detailed Accuracy By Class ===
TP Rate FP Rate Precision Recall F-Measure ROC Area Class
1 0.289 0.994 1 0.997 0.972 Normal
1 0 1 1 1 1 probe
1 0 1 1 1 1 dos
0.705 0 1 0.705 0.827 0.972 data
=== Confusion Matrix ===
a b c d

Proceedings of ICCNS 08 , 27-28 September 2008
type and code’. There are 84,096 ICMP packets destined for
this host during the test period and we managed to get a good
classification result as shown in the Confusion Matrix below
with 8 false positive and 42 false negatives which gives the
percentage of correctly classified instances to 99.9405 %.
=== Run information ===
Scheme: weka.classifiers.trees. trees.J48
Instances: 84096
Attributes: Attributes: 17 => icmptypencode, volumeanom,
scanspeedanom, direction, ethersizeisanom, etherdestisanom, iptosisanom
iplengthisanom, ipfragidisanom, ipfragptrisanom, ipprotocolisanom
ipsrcisanom,ipdestisanom,icmptypencodeisanom,
icmpchecksumisanom, score, class
Test mode: 10-fold cross-validation
=== Stratified cross-validation ===
=== Summary ===
Correctly Classified Instances 84046 99.9405 %
Incorrectly Classified Instances 50 0.0595 %
Kappa statistic 0.9984
Mean absolute error 0.0008
Root mean squared error 0.02
Relative absolute error 0.3007 %
Root relative squared error 5.6177 %
Total Number of Instances 84096
=== Detailed Accuracy By Class ===
TP Rate FP Rate Precision Recall F-Measure ROC Area Class
1 0.001 0.998 1 0.999 1 Normal
1 0 1 1 1 1 dos
0.987 0 0.996 0.987 0.992 0.997 probe
=== Confusion Matrix ===
a b c

Proceedings of ICCNS 08 , 27-28 September 2008
category. This result shows a performance increment of
32.14%. For Non-detected attack category, PbPHAD managed
to detect 4 out of 5 attacks which were not detected by all
evaluated systems. This result shows a performance increment
of 90.91%.
TABLE 4
COMPARISON BETWEEN THE 1999 DARPA EVALUATION
BEST SYSTEMS AND HOST 112.016.112.050 ON POORLY NON-
DETECTED ATTACKS
Our IDS model failed to detect only one attack which was
also not detected by the best composite system which is
resetscan. The resetscan attack is a hard to detect attack as it
did not have any anomaly that can be detected by our IDS and
it is made up of only 2 out of 110537 incoming packets
destined for host 112.016.112.050 for that particular day.
TABLE 5
OVERALL PERFORMANCE OF PbPHAD MODEL
VII. CONCLUSION
Our research has clearly shown the benefit of using KDD
process in modeling IDS. Table 5 exhibits the overall
performance of PbPHAD model after KDD technique is
applied to it as part of its complete life cycle IDS modeling
process. It is apparent that from 1,414,398 packets processed
using KDD technique the results has shown actual high
percentage of correct classification for Normal, U2R and R2L
at 100%, DOS at 99.9% and the smallest percentage is for
Probe at 99.2%. The result shows that we managed to suppress
the percentage of false positive rate to be very small at 0.01%
which can be seen from Table 2 that it is only at 9 FP/day.
This research also shows the importance of having a good
statistical model that can give good anomaly score rating to an
anomalous packet. We have demonstrated how the score plays
an important role in classifying the packets into their proper
classes as shown in Fig. 10. From this research, we also show
that one of the keys to having good classification results is to
have secondary attributes intelligently chosen for the data
structure which would greatly assist the classifier algorithm to
yield beneficial knowledge from the data being mined which
eventually would produce the corresponding good expert
production rules needed in the IDS model. Comparison of
PbPHAD with the 1999 DARPA composite system
performance attested that our model has succeeded in
discovering new dimension of attack space which
complements the composite systems in terms of covering the
whole dimension of attack space.
REFERENCES
[1] John McHugh, A.C., and Julia Allen, Defending Youself: The Role of
Intrusion Detection Systems. IEEE Software, 2000(September/October):
p. 42-51.
[2] Mukkamala, S., A.H. Sung, and A. Abraham, Intrusion detection using
an ensemble of intelligent paradigms. Journal of Network and Computer
Applications, 2005. 28(2): p. 167-182.
[3] Schultz, E.E. and E. Ray, The future of intrusion prevention. Computer
Fraud & Security, 2007. 2007(8): p. 11-13.
[4] Patcha, A. and J.-M. Park, An overview of anomaly detection
techniques: Existing solutions and latest technological trends. Computer
Networks: The <strong>International</strong> Journal of Computer and
Telecommunications Networking, 2007. Volume 51(Issue 12 (August
2007)): p. 3448-3470.
[5] Negnevitsky, M., Artificial Intelligence - A Guide to Intelligent
Systems. Addison Wesley, 2002.
[6] S. Peddabachigari, A. Abraham, C. Grosan, C. Grosan, and J. Thomas,
Modeling Intrusion Detection System Using Hybrid Intelligent Systems.
Journal of Network and Computer Applications, Elsevier Science, 2005.
[7] T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. Neumann, H. Javitz,
A. Valdes, and T. Garvey, A Real-time Intrusion Detection Expert
System (IDES). Technical report, Computer Science Laboratory, SRI
<strong>International</strong>, Menlo Park, California, February 1992.
[8] D. E. Denning, An Intrusion Detection Model. In IEEE Transactions on
Software Engineering, February 1997: p. 222-228.
[9] J. P. Anderson, Computer Security Threat Monitoring and Surveillance.
Technical report, James P Anderson Co., Fort Washington,
Pennsylvania, April 1980.
[10] D. Barbara, J. Couto, S. Jajodia, L. Popyack, and N. Wu, ADAM:
Detecting intrusions by data mining. In Proc. of the IEEE Workshop on
Information Assurance and Security, June, 2001.
[11] S. Biles, Detecting the Unknown with Snort and the Statistical Packet
Anomaly Detection Engine ( SPADE ). Technical Report TR2004-485,
Department of Computer Sciense, Dartmouth College, Hanover, USA,
2003.
[12] C. Yin, S. Tian, H. Huang and J. He, Applying Genetic Programming to
Evolve Learned Rules for Network Anomaly Detection. In Advances in
Natural Computation, First <strong>International</strong> <strong>Conference</strong>, ICNC 2005,
Proceedings, Part III, 2005. 3612: p. 323-331.
[13] J.R. Koza, Genetic Programming. MIT Press, 1992.
[14] M. V. Mahoney, and P. K. Chan, PHAD: Packet Header Anomaly
Detection for Identifying Hostile Network Traffic. Technical report,
Florida Tech., technical report CS-2001-4, April 2001.
[15] MIT, Lincoln Laboratory 1999 DARPA Intrusion Detection Data Sets.
.
[16] R. P. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, The
1999 DARPA Off-Line Intrusion Detection Evaluation. MIT Lincoln
Lab Technical Report, 2000.
[17] tcpdump, Lawrence Berkeley National Laboratory Network Research
Group .
[18] I. H. Witten, and E. Frank, Data Mining: Practical Machine Learning
Tools and Techniques. 2nd Edition, Morgan Kaufmann, San Francisco,
2005.
[19] Stevens, W.R., TCP/IP Illustrated Volume 1. Addison Wesley, 2003.
[20] Weka, Software. Machine Learning. The University of Waikato,
Hamilton, New Zealand. Availaible form:
.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 85

Proceedings of ICCNS 08 , 27-28 September 2008
Rich Internet Applications Security
Enhasments
Dr. Maheshkumar H. Kolekar , Prof. Abhijit .J. Patankar, Mr. Yogi R.Joshi
Abstract—Rich Internet applications (RIA) are web
applications that have the features and functionality of
traditional desktop applications. Rios typically transfer the
processing necessary for the user interface to the web client
but keep the bulk of the data (i.e., maintaining the state of
the program, the data etc) back on the application server.
This concept covers the remedies for making WEB 2.0
applications more secure which include making people
aware of better coding practices, secure deployment &
awareness among common users. Motivation behind RIA
security is various statistics that are found recently. Recent
example is the Sammy worm that exploited
MySpace.com’s cross-site scripting flaw; AJAX gets
executed on the client-side by allowing an incorrectly
written script to be exploited by an attacker. AJAX calls are
Highly silent & client is unknown of the execution of the
AJAX calls so malicious web page may capture data when
user is accessing important data using session cookie the
user has .An another dimension to RIA is RICH using
FLASH framework, ActiveX control for rich UI features
where binary gets copied to the use side, in this case the
client can reverse engineer the binary, patch it and bypass
some authentication. As proposing the incremental solution
we try to make aware people of making both client side
validation & server side validation while developing web
2.0 applications as well as rather avoiding using AJAX
instead use. For this we have generated project prototypes
in both AJAX & Adobe Flex where we found that Adobe
flex is more secure than AJAX because it generates it’s
own binary intermediate form which is difficult to reverse
engineer than that of AJAX. The end user should be trained
for secure use of web applications & should exploit all the
security facilities provided for him/her by the platform,
because without end users consideration all the work done
will be in vain.
Keywords—AJAX, RIA, WEB2.0
Dr. Maheshkumar H. Kolekar Post Doctoral fellow University of
Missouri Columbia, USA e-mail: mkolekar@gmail.com
Prof. A.J. Patankar Asst.Professor, Comp.Engg. D.Y.PATIL College of
Engineering Akurdi, Pune-411044, India e-mail: abhijitpatankar@yahoo.com
Mr. Yogi R.Joshi B.E.Computer,D.Y.P.C.O.E.,Akurdi,Pune-44,India,
Email:yogirjoshi@yahoo.com
I. INTRODUCTION
The evolution of the internet has had a profound
effect on the way businesses and individuals work
and communicate. Web based security is an
integrated part of each and every individual. Various
new types of Trojans and attacks may cause serious
damage to the data of an organization as mostly
business is depends on web. While Web 2.0 and
AJAX have greatly enhanced the user experience and
added important business functionality, they also
introduce opportunities for hackers to invisibly inject
and propagate malicious code. Reactive signaturebased
solutions were not designed to detect these
types of dynamic malicious web scenarios, thus they
are not enough, alone, to provide protection against
the modern hacking methods. The prevailing
assumption that an anti-virus or URL filtering lab can
put its hands on each and every piece of malicious
code and create a signature is no longer valid in
today's web scenario. on the other hand, real-time
security solutions which are able to analyze web
content on-the-fly as it occurs and detect whether or
not it is legitimate, regardless of its source, are
critical for stopping these threats. This differentiates
real-time code inspection technology from URL
filtering solutions or reputation services, which
usually automatically mark well known websites as
trusted despite the fact that hackers can upload
malicious code to personal pages or ads to those
domains. So for web 2.0 security we need better
coding practices among developers, secure
deployment means for web applications & most
important we need is awareness amongst common
users regarding proper use .The biggest challenges in
creating Ajax applications are not technical. The core
Ajax technologies are mature, stable, and well
understood. Instead, the challenges are for the
designers of these applications: to forget what we
think we know about the limitations of the Web, and
begin to imagine a wider, richer range of
possibilities.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 86

Proceedings of ICCNS 08 , 27-28 September 2008
What Is AJAX Fundamentally, AJAX represents a
generic application model that would enable more
interactive, more responsive, and smarter Web
applications.
1.1 Basic AJAX architecture:
In case of basic AJAX architecture as shown in fig 1
for web browser providing User interface Ajax API is
able to handle HTTP Request Response and XML
Http request from web servers.
The difference between AJAX architecture &
classical Web applications is , java script is used for
rich user interface & instead of having “break” in
user experience, silent AJAX calls are made for
having server interactions . This architecture creates
many opportunities for various attacks on AJAX
application.
II. TYPES OF ATTACKS ON RIA
Here we discuss top types of attacks on rich internet
application that are observed recently.
2.1 Cross-site scripting in AJAX
Fig 1: AJAX Architecture
Recently, several cross-site scripting attacks have
been observed, where malicious JavaScript code from
a particular Web site gets executed on the victim’s
browser thereby compromising information. A recent
example is the Yamanner worm that exploited crosssite
scripting opportunities in Yahoo mail’s AJAX
call. AJAX gets executed on the client-side by
allowing an incorrectly written script to be exploited
by an attacker. The attacker is only required to craft a
malicious link to coax unsuspecting users to visit a
certain page from their Web browsers. This
vulnerability existed in traditional applications as
well but AJAX has added a new dimension to it as
shown in f ig.3.
1.2 The classic web application model v/s AJAX
Model
Fig.3 New Dimensions in AJAX
Fig2. The traditional model for web applications (left)
compared to the Ajax model (right).
2.2 XML poisoning
XML traffic goes back and forth between server and
browser in many of the WEB 2.0 applications. Web
applications consume XML blocks coming from
AJAX clients. It is possible to poison this XML
block. Not uncommon is the technique to apply
recursive payloads to similar-producing XML nodes
multiple times. If the engine’s handling is poor this
may result in a denial of services on the server. Many
attackers also produce malformed XML documents
that can disrupt logic depending on parsing
mechanisms in use on the server. There are two types
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 87

Proceedings of ICCNS 08 , 27-28 September 2008
of parsing mechanisms available on the server side –
SAX and DOM. This same attack vector is also used
with Web services since they consume SOAP
messages and SOAP messages are nothing but XML
messages.
3.1 Ideal validation technique – both on
client & server:
Fig. shows how validation can be performed for
client and server using JavaScript and validation
Servlet.
2.3. Malicious AJAX code execution
AJAX calls are very silent and end-users would not
be able to determine whether or not the browser is
making silent calls using the XMLHTTPRequest
object. When the browser makes an AJAX call to any
Web site it replays cookies for each request. This can
lead to potential opportunities for compromise. For
example, John has logged in to his bank and
authenticated on the server. After completing the
authentication process he gets a session cookie. His
bank’s page has a lot of critical information. Now he
browses other pages while still logged in to his
bank’s account Web page and lands at an attacker’s
Web page. On this page the attacker has written silent
AJAX code which makes backend calls to his bank
without John’s consent, fetches critical information
from the pages and sends this information to the
attacker’s Web site.
2.4. RSS/Atom injection
This is a new WEB 2.0 attack. RSS feeds are
common means of sharing information on portals and
Web applications. These feeds are consumed by Web
applications and sent to the browser on the clientside.
One can inject literal JavaScripts into the RSS
feeds to generate attacks on the client browser. An
end user visits this particular web site loads the page
with the RSS feed and the malicious script – a script
that can install software or steal cookies – gets
executed.
III. CLIENT SIDE VALIDATION IN AJAX
ROUTINES
To prevent from all the above mentioned attacks
client side validation of the end user is necessary.
WEB 2.0 based applications use AJAX routines to do
a lot of work on the client-side, such as client-side
validations for data type, content-checking, date
fields, etc. Normally, these client-side checks must be
backed up by server-side checks as well. Most
developers fail to do so; their reasoning being the
assumption that validation is taken care of in AJAX
routines. It is possible to bypass AJAX-based
validations and to make POST or GET requests
directly to the application – a major source for input
validation based attacks such as SQL injection,
LDAP injection, etc.
Fig. 4 Client and Server validations
IV. RIA THICK CLIENT BINARY
MANIPULATION
Rich Internet Applications (RIA) use very rich UI
features such as Flash, ActiveX Controls or Applets
as their primary interfaces to Web applications. There
are a few security issues with this framework. One of
the major issues is with session management since it
is running in browser and sharing same session. At
the same time since the entire binary component is
downloaded to the client location, an attacker can
reverse engineer the binary file and decompile the
code. It is possible to patch these binaries and bypass
some of the authentication logic contained in the
code.
Fig.5 patching binary using Hex editor
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 88

Proceedings of ICCNS 08 , 27-28 September 2008
V. PRACTICAL TESTING OF APPLICATIONS
We developed prototype of our project in both DHTML-
AJAX and Adobe flex which is recent tool for developing
RIA .We found that DHTML-AJAX provides many
backdoors for attackers to attack our application.
Compared to DHTML-AJAX the flex framework offers
better solutions but still flex applications are vulnerable to
session hijacking like threats & other threats related to
session management.
VI. INCREMENTAL SOLUTION FOR THREATS
We suggest some solutions that are to prevent from
various Threats as follows
6.1. Better coding practices
least privilege—when configuring accounts that access
resources, always limit the rights of these accounts to the
absolute minimum that is required. As an extreme
example, do not use an administrator account just to read
a configuration file. It is all too easy when things are not
working due to permissions failures to increase an
account's rights just to get the application to work. The
intention is to scale back later, but all too often this never
happens.
Never trust a user's input. Validate any input—this is
especially true for web applications. Make sure that your
application does not rely on client-side validation; all
checks should be repeated on the server as it is relatively
simple to construct copies of web pages without the
restraints that could lead to destructive code being run or
simply a denial-of-service (DOS) attack that crashes your
system. Use error messages sparingly—although detailed
error messages are extremely helpful when developing,
they are an invaluable source of information for malicious
users details are better recorded in a separate log.
6.2 Prevent SQL Injection
To defense from SQL injection where user tries to modify
query through input we suggest that we can use stored
procedures to carry out the user verification.
When parameter values are set, special symbols such
as single quotes are escaped and it is not possible to
add extra predicates to a WHERE clause or run
multiple SQL statements .Second way is that you
filter out some special strings like quotes form user
input i.e. escape them. We used first way & results
suggest it’s more robust.
6.3 Fight against cross – side scripting
Cross-site scripting, sometimes abbreviated to XSS,
is allowing code from one area to run in the context
of another site. As in most cases this can be avoided
by validating input from users. In this way user can
insert JavaScript code into emails etc. & can get
confidential info about victim’s account. Solution
against this is to filter emails & other susceptible
things against tags like & remove malicious
JavaScript. You can prevent this by employing
regular expressions.
6.4.Secure deployment
To protect against today's highly sophisticated webborne
threats, including Web 2.0/AJAX exploits,
obfuscated code and other dynamic threats,
enterprises should adopt a multi-layered approach,
typically involving both proactive (e.g. real-time
inspection) and reactive (e.g., signature-based) IT
security technologies. The use of multiple IT security
solutions must become a standard approach for any
organization seeking to protect its internet-connected
assets.
To achieve this objective, IT managers should
consider installing an appliance at the Internet
gateway, which performs real-time code inspection of
traffic flowing into and out of the corporate network.
High performance and high availability appliances
capable of monitoring and acting swiftly to block any
suspicious web traffic are paramount.
6.5 Awareness among common end users
The end user should be trained for secure use of web
applications & should exploit all the security
facilities provided for him by the platform .This is the
most important and interesting aspect for web 2.0
securities because without end users consideration all
the work done will be in vain. End user awareness
needs proper demos, trainings for common users &
developer organizations should regard this as a high
priority work. Typically the web application should
contain training information manuals, videos &
other accessories for user. If the training is given to
the all end users on secure use of web services then
this problem will be reduced up to certain extents.
Fig.6 SQL injection
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 89

Proceedings of ICCNS 08 , 27-28 September 2008
VII. CONCLUSION
It is observed that the threats that are observed in our
day to day life while browsing on internet are quite
general one and we can use firewalls or any good
Antivirus anti worm solutions to prevent from these
attacks. Some of the attackers may cause serious
damage by doing some validation breaking and it
may cause serious damage to the organizations, so
there is a need to be more careful while browsing on
the internet and doing business on the internet, but to
obtained security in RIA based application on WEB
2.0 using AJAX, it provides security which can
prevent more damages from hidden attacks such as
XML poisoning, Cross-site scripting, RSS / Atom
injection and Malicious AJAX code execution. And
most important part is the end user who should be
trained for secure use of web applications.
VIII. REFRENCES
[1] Coach K. Wey: AJAX: Asynchronous Java + XML
http://www.developer.com/design/article.php/3526681
[2] Jesse James Garrett: AJAX: A New Approach to Web
Applications,http://www.adaptivepath.com/publications/essays/
archives/000385.php
[3] Bernhard Wagner: Server-Side Swing for Rich Internet
Applications,http://javadesktop.org/articles/canoo
/index.html
[4] Michael Sonntag “Ajax Security in Groupware”
[5] Paulson, L.D. “Building rich web applications with
AJAX “
[6] Shanmugam, Jayamsakthi; Ponnavaikko M, “ A
solution to block Cross Site scripting Vulnerabilities
based on Service Oriented Architecture” <strong>International</strong>
<strong>Conference</strong> on Internet and Web Applications and
Services.
[7] Jayamsakthi, S. Ponnavaikko, M. “Risk Mitigation
for Cross Site Scripting Attacks Using SignatureBased
Model on the Server Side” <strong>International</strong> <strong>Conference</strong> on
Internet and Web Applications and Services.
[8] Memon, J.M.; Shams-ul-Arfeen; Mughal, A.; Memon,
F.”Preventing Reverse Engineering Threat in Java Using
Byte Code Obfuscation Techniques” <strong>International</strong>
<strong>Conference</strong> on Internet and Web Applications and
Services.
[9] Integrating AJAX Approach into GIS Visualization
Web Services Sayar, A.; Pierce, M.; Fox, G.
Telecommunications, 2006. AICT-ICIW apos;06.
<strong>International</strong> <strong>Conference</strong> on Internet and Web
Applications and Services Volume, Issue, 19-25 Feb.
2006 Page(s): 169 – 169
[11] From Desktop Applications towards Ajax Web
Applications Zepeda, J. Sergio Chapa, Sergio V.
Department of Computer Science. CINVESTAV,
Av. Instituto Politécnico National 2508. 07300.
[12] Ajax and Web Services Integrated Framework
Based on Duplicate Proxy Pattern Yifu Gan
Huirong Yang Beijing Univ. of Technology., Beijing;
[13]Simplifying Ajax-style Web development Smith, K.
Microsoft; Publication Date: May 2006Volume: 39,
Issue: 5 on page(s): 98- 101
[14] T. Elteto and S. Molnar, “Security enhancements in
TCP/IP networks,” LCN’99 Proceedings: 24th
<strong>Conference</strong> on Local Computer Networks. Lowell, MA,
pp. 172–181, IEEE Computer Society Press, Oct. 1999.
[15] L. L. Peterson and B. S. Davie, Computer Networks:
A System Approach, 2nd ed. San Francisco, CA:
Morgan Kaufmann, 2000.
[16] C. Fraleigh, S. Moon, B.Lyles, C. Cotton, M.Khan,
Moll, R. Rockell,T. Seely, and C. Diot, “Packet-level
traffic measurements from the SprintIP backbone,”
IEEE Network, vol. 17, no. 6, pp. 6–16, Nov.–Dec.
2003.
[17] V. Paxson, “Measurements and analysis of end-toend
internet dynamics,”Ph.D. dissertation,
Univ.California, Berkley, CA, Apr. 1997
[18] J. Padhye, V. Firoiu, D. Towsley, and J. Kurose,
“Modeling TCPthroughput: a simple model and its
empirical validation,” in Proc.ACM SIGCOMM, 1998,
pp. 303–314.
[19 ] L. Ma, “Signal processing analysis and algorithms for
Internet congestion control,” Ph.D. dissertation, Univ.
Delaware, Newark, DE, Aug .2004.
[20] J. Hall, I. Pratt, and I. Leslie, “Observing web browser
behavior using the Nprobe passive monitoring
architecture,” Cabernet, 2001, [Online.] Available:
http://www.cl.cam.ac.uk/Research/SRG/netos/
nprobe/publications/cabernet-2001.pdf.
[21] C. S. Hood and C. Ji, “Proactive network fault
detection,” in Proc. IEEEINFOCOM, 1997, pp.
1147–1155.
[23 ] A. Zalesky, E. W. M.Wong, M. Zukerman, H. L. Vu,
and R. S. Tucker,“Performance analysis of an web
based system ,” IEEE Photon. Technol.Lett., vol. 16,
pp. 695–697, Feb. 2004.
[24] Web 2.0 Security - Defending AJAX, RIA, AND SOA
(Paperback)by Shreeraj Shah
[25] Hacking Exposed Web 2.0: Web 2.0 Security Secrets and
Solutions Rich Cannings, Zane Lackey
[26] Pragmatic Ajax: A Web 2.0 Primer (Pragmatic) by Justin
Gehtland, Ben Galbraith
[10]Integrating AJAX Approach into GIS
Visualization Web Services Sayar, A. Pierce, M.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 90

Proceedings of ICCNS 08 , 27-28 September 2008
Issues Over Wireless Links
Ms. Rachana T. Nemade
AbstractWireless network technology is the fastest growing
segment of the communications market. Unprotected wireless
networks essentially open the front door of your network to
intruders that can access shared drives and data, sniff every packet on
your network, read emails, access web sites, and capture data for
further analysis, and take as long as they need to crack the rest of
your system. This paper first describes taxonomy of wireless network
attack techniques, a brief overview of wireless networks and security
standards. Accordingly, security standards must fill the gap between
the state of the art in system development and actual operation of
these systems. In this article, we look into the technology and
security schemes in IEEE 802.11, Cellular and Bluetooth wireless
transport protocols.
W
I. INTRODUCTION
IRELESS technologies, in the simplest sense, enable
one or more devices to communicate without physical
connections without requiring network or peripheral
cabling. Wireless technologies use radio frequency
transmissions as the means for transmitting data, whereas
wired technologies use cables. Wireless technologies range
from complex systems, such as Wireless Local Area Networks
(WLAN) and cell phones to simple devices such as wireless
headphones, microphones, and other devices that do not
process or store information. By removing the need to wire a
network in the home, the cost of adoption and benefit of
mobility within the home and low cost of components make
wireless networking a low-cost and efficient way to install a
home network. This segment of the market is much less aware
and concerned about the security implications associated with
wireless networks. Wireless networking is inherently
insecure. From jamming to eavesdropping, from man-in the
middle to spoofing, there are a variety of attack methods that
can be used against the users of wireless networks. Modern
wireless data networks use a variety of cryptographic
techniques such as encryption and authentication to provide
barriers to such infiltrations.
II. WIRELESS NETWORK CONCEPT
Wireless networks serve as the transport mechanism
between devices and among devices and the traditional wired
networks (enterprise networks and the Internet). Wireless
networks are many and diverse but are frequently categorized
into three groups based on their coverage range: Wireless
Wide Area Networks (WWAN), WLANs, and Wireless
Personal Area Networks (WPAN). WWAN includes wide
coverage area technologies such as 2G cellular, Cellular
Digital Packet Data (CDPD), Global System for Mobile
Communications (GSM), and Mobitex. WLAN, representing
wireless local area networks, includes 802.11, HiperLAN, and
several others. WPAN represents wireless personal area
network technologies such as Bluetooth and IR. Wireless
adoption within the corporate and medium-sized businesses
has been severely inhibited by security concerns associated
with placing sensitive corporate data over the air.
Wireless networks are not limited by network jacks nor are
they limited by geography. Wireless networks provide
unprecedented flexibility in that an area not originally
intended as a collaborative workspace can accommodate a
large number of wireless clients. Insecure Wireless Networks
are not just a problem for WLAN users, but through Address
Resolution Protocol (ARP) attacks, every system on the same
side of the router as the WLAN in an organizations network
is vulnerable to attack.
We have conducted a study of the available Wireless
Network security technology. To limit the scope of this paper
we have decided to choose representative techniques rather
than try and assemble and discuss a complete list of Wireless
attacks. Specific attacks are normally focused on
vulnerabilities that are design and implementation specific.
However, there are classes of attack techniques that apply
across different technologies. Through our choices we hope to
achieve a fair comparison of the different Wireless network
security technologies. We will also not discuss attacks that are
either stopped or defeated by the technologies we discuss in
this paper.
III. RISKS IN WIRELESS NETWORKS
Risks in wireless networks are equal to the sum of the risk
of operating a wired network (as in operating a network in
general) plus the new risks introduced by weaknesses in
wireless protocols. To mitigate these risks, agencies need to
adopt security measures and practices that help bring their
risks to a manageable level. Any well-known attack can be
decomposed and the components can all be classified into one
of these attack techniques. A complete information assurance
risk assessment requires a focus on the threats against the
three key components of assuring information. That is, the
information system should protect against confidentiality,
integrity, and availability (CIA) attacks. We chose not to
discuss attacks on the WLAN availability, otherwise known as
denial of service attacks. Denial of Service attacks against
layer 1 or layer 2 cannot be defeated by any of the security
technologies that we are analyzing.
This subsection will briefly cover the risks to wireless
networks i.e., attacks on confidentiality, integrity, and
network availability. We start by examining attacks against the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 91

Proceedings of ICCNS 08 , 27-28 September 2008
confidentiality of communication on the network. We then
move into those attacks that actually alter the network traffic,
hence destroying the integrity of the information on the
network. When looking at confidentiality attacks we start with
the least intrusive and work towards more intrusive attacks.
Of the eight attack techniques in our taxonomy, four violate
just the confidentiality or privacy of the session: traffic
analysis, passive eavesdropping, active eavesdropping with
partial known plaintext, and active eavesdropping with known
plaintext. One technique can be used to violate confidentiality
and/or integrity -- the man in- the-middle attack. Three attack
techniques violate the integrity of the network traffic:
unauthorized access, session high jacking, and the replay
attack. The integrity attack techniques generally require
successful use of one or more of the confidentiality attack
techniques in order to meet the necessary preconditions of
these attacks.
A. Traffic analysis
Traffic analysis is a simple technique whereby the attacker
can determine the load on the communication medium by the
number and size of packets being transmitted. The attacker
only needs a wireless card operating in promiscuous (i.e
listening) mode and software to count the number and size of
the packets being transmitted. A simple yagi or helical
directional antenna provides an increased range at which the
attacker may analyze traffic. Traffic analysis allows the
attacker to obtain three forms of information. The attack
primarily identifies that there is activity on the network.
Similar to standard radio communications, a significant
increase in the amount of network activity serves as an
indicator for the occurrence of a large event.
The identification and physical location of wireless access
points (APs) in the surrounding area is a second form of
information acquired from traffic analysis. Unless explicitly
turned off, access points broadcast their Service Set Identifiers
(SSIDs) in order to identify themselves to wireless nodes
desiring access to the network . The SSID is a parameter that
must be configured in the wireless cards driver software for
any wireless station desiring access to a wireless LAN. By
broadcasting this information, access points allow anyone to
identify in their area to identify them with simple locator
software. If a directional antenna is used along with a Global
Positioning System (GPS), an attacker may know not only that
there is an AP(s) in the area, but may also obtain the physical
location of the access point or the center of the wireless
network. From a military standpoint, this is the same
technique used in triangulating radio communications or field
artillery batteries for the purpose of counterfire.
The third piece of information that an attacker may learn of
through traffic analysis is the type of protocols being used in
the transmissions. This knowledge is obtained based on the
size and the number of packets in transmission over a period
of time.
B. Passive Eavesdropping
In this attack the attacker passively monitors the wireless
session. The only precondition is that the attacker has access
to the transmission. This is an attack that cannot easily be
stopped by using physical security measures. One would
believe that wireless network users would configure their
wireless access points to include some form of encryption;
however, studies have shown that less than half of the wireless
access points in use even have the vulnerable 802.11 wireless
security standard, the wired equivalent privacy (WEP)
protocol, properly configured and running. Assuming that the
session is not encrypted, the attacker can gain two types of
information from passive eavesdropping. The attacker can
read the data transmitted in the session and can also gather
information indirectly by examining the packets in the session,
specifically their source, destination, size, number, and time of
transmission. The impact of this type of attack is not just
basedon the importance of the privacy of the information. The
information gleaned from this attack is an important
precondition for other, more damaging attacks.
C. Active Eavesdropping
In this attack the attacker monitors the wireless session as
described in passive eavesdropping .Unlike passive
eavesdropping however, during active eavesdropping, the
attacker not only listens to the wireless connection, but also
actively injects messages into the communication medium in
order to assist them in determining the contents of messages.
The preconditions for this attack are that the attacker has
access to the transmission and has access to partially known
plaintext such as a destination IP address. The attackers only
requirement is to determine the bit difference between the data
they want to inject and the original data.
D. Unauthorized Access
Unauthorized Access is different from any of the previous
attack types that we have discussed in that it is not directed at
any individual user or set of users. It is directed against the
network as a whole. Once an attacker has access to the
network, she can then launch additional attacks or just enjoy
free network use. Although free network use may not be a
significant threat to many networks, access is a key step in
ARP attacks.
Due to the physical properties of WLANs, attackers will
always have access to the wireless component of the network.
In some wireless security architectures this will also grant the
attacker access to the wired component of the network. In
other architectures, the attacker must use some technique like
MAC address spoofing to gain access to the wired component
of the network
E. A man-in-the-middle attack
A man-in-the-middle attack can be used to read private data
from a session or to modify the packets thus violating the
integrity of a session. This is a real-time attack, meaning that
the attack occurs during a target machines session. The data
may be read or the session modified as it occurs. The attack
will know the contents of the message prior to the intended
recipient receiving it, or the message is changed en route.
There are multiple ways to implement this attack. One
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 92

Proceedings of ICCNS 08 , 27-28 September 2008
example is when the target has an authenticated session
underway.. In step one, the attacker breaks the session and
does not allow the target to reassociate with the access point.
In step two, the target machine attempts to reassociate with the
wireless network through the access point and is only able to
associate with the attackers machine which is mimicking the
access point. Also in step two, the attacker associates and
authenticates with the access point on behalf of the target. If
an encrypted tunnel is in place the attacker establishes two
encrypted tunnels between it and the target and it and the
access point.
F. Session High-Jacking
Session High Jacking is an attack against the integrity of a
session. The attacker takes an authorized and authenticated
session away from its proper owner. The target knows that it
no longer has access to the session but may not be aware that
the session has been taken over by an attacker. The target may
attribute the session loss to a normal malfunction of the
WLAN. Once the attacker owns a valid session she may use
the session for whatever purposes she wants and maintain the
session for an extended time. This attack occurs in real-time
but can continue long after the victim thinks the session is
over. To successfully execute Session High Jacking the
attacker must accomplish two tasks. First she must
masquerade as the target to the wireless network. This
includes crafting the higher-level packets to maintain the
session, using any persistent authentication tokens and
employing any protective encryption. This requires successful
eavesdropping on the targets communication to gather the
necessary information. The second task the attacker must
perform is to stop the target from continuing the session. The
attacker normally will use a sequence of spoofed disassociate
packets to keep the target out of the session
G. Replay
Replay attacks are also aimed at the integrity of the
information on the network if not necessarily the integrity of a
specific session. Replay attacks are used to gain access to the
network with the authorizations of the target, but the actual
session or sessions that are attacked are not altered or
interfered with in anyway. This attack is not a real-time attack;
the successful attacker will have access to the network
sometime after the original session(s).
In a replay attack the attacker captures the authentication of
a session or sessions. The attacker then either replays the
session at a later time or uses multiple sessions to synthesize
the authentication part of a session for replay. Since the
session was a valid, the attacker establishes an authenticated
session without being privy to any shared secrets used in
authentication. Without further security mechanisms the
attacker may interact with the network using the targets
authorizations and credentials..
IV. WIRELESS SECURITY TECHNOLOGIES
This section will discuss the actual specifications and
standards for the 802.11 family, CDMA, GPRS and Bluetooth.
There are numerous vendor specific extensions to many of
these standards but those extensions are not included here.
A. 802.11
WLANs are based on the IEEE 802.11 standard, which the
IEEE first developed in 1997. The IEEE designed 802.11 to
support medium-range, higher data rate applications, such as
Ethernet networks, and to address mobile and portable
stations.
802.11 is the original WLAN standard, designed for 1 Mbps
to 2 Mbps wireless transmissions. The IEEE 802.11 consists
of a group or family of Wireless LAN (WLAN) standards.
They are designed for use with wireless data access devices
such as laptops and PDAs. Each member of the family builds
upon the 802.11 base and is identified by a single letter suffix
to the standard. This leads to an alphabet soup of protocols
(802.11a, 802.11b, 802.11c, 802.11d and so on). The 802.11
base or legacy standard set specifies the lower portion of the
Data Link Layers Medium Access Control (MAC) and the
Physical Layers (PHY) operations. Since WLAN operation
requires everyone to use the same set of frequencies, the
Carrier Sense Multiple Access with Collision Avoidance
(CSMA/CA) protocol, which is similar to Ethernet, is used.
However, there is an added problem in that the wireless
stations cannot detect a collision as reliably as in a wired
environment. To remedy this issue, Collision Avoidance is
used. To do this the protocol defines a window of time
between frame transmissions that can be used to make a
determination as to the mediums usage. This space is referred
to as the Interframe Space (IFS) and is defined within the
basic standard with several variants that allow for simple
request prioritization. The station that wishes to transmit
avoids, at least initially, any potential collisions by listening
for any stations that may already be transmitting. If it detects
another station transmitting, it waits until the next IFS then
attempts to transmit. If a collision is detected, a transmission
in progress is detected or the station has just finished
transmitting, then an Exponential Backoff Algorithm is used
to determine when to try again. In the lower, physical layer,
there are three specifications defined for the transmission of
the data, Frequency-Hopping Spread Spectrum (FHSS), Direct
Sequence Spread Spectrum (DSSS) and Infrared (IR). Most
vendors choose to use the DSSS method, which uses two
different phase shift keying or modulation approaches to
achieve 1 Mbps (Differential Binary Phase Shift Keying
DBPSK) or 2 Mbps (Differential Quadrature Phase Shift
Keying DQPSK) data transmission rates. The data sent using
these methods is first modulated using a specific pattern of
ones and zeros referred to as the chipping sequence.
One of the issues that arise with this standard is the usage of
the 2.4GHz band. Many other devices such as microwaves and
cordless phones are also using this same band. In congested
areas such as a large city with a large number of closely
packed and tall buildings, the signals may not be clear and
there is the possibility that differing signal types and strengths
may cause wireless stations to select an access point other than
the desired target.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 93

Proceedings of ICCNS 08 , 27-28 September 2008
1. Security in 802.1x
Wireless LANs are significantly less secure than wired
LANs. Signals can be more easily captured from a number of
stations by the simple choice of capture location. In order to
prevent this type of data capture from being successful, the
wireless LAN standards have included a set of protocols and
facilities. However, like anything new and interesting, it turns
out that the initial protocols were not as robust in performing
their task as was to be hoped.
In addition to the work on the 802.11i standards, there is a
Robust Security Network (RSN) proposal, focused on a longterm
solution to the 802.11 problems, referred to as 802.1X.
RSN provide security by adding a third party, authentication
server service to the authentication process. The way this
works is that the station, referred to as the Supplicant that
wishes to connect to the network by way of the Access Point,
referred to as the Authenticator, makes a connection request.
The Authenticator then contacts an Authentication Server,
usually a RADIUS type server, which either validates or
rejects the request. The Extensible Authentication Protocol
(EAP) is used to make the authentication request. In this way a
high degree of secure, flexibility exists as to the actual service
that can be deployed. EAP is considered to be secure in that is
a challenge-response model.
Like in all new protocol proposals weaknesses are identified
that allow for both a Man-In-Middle attack and to allow a
Session Hijacking to occur. The first attack focuses on the
relationship between the Authenticator and the Authenticating
Server. No explicit mutual authentication is specified in the
standard and thus someone sitting between these two entities
could gain access and assume either role. The second attack
relies on the wireless operational environment and the ability
for an attacker to use certain management frames to change
the Supplicants and Authenticators connection to a different
Supplicant while remaining in an Authenticated state. In
addition, proposals are made for how to resolve these security
problems. This dialogue is not complete, however but when it
is, it normally results in a much stronger standard.
2. 802.1X User Authentication
WEP and TKIP have no user authentication mechanism.
Any user that has the encryption key (whether legitimately or
illegally obtained) can get free access to the network and the
traffic data. To overcome this weakness, 802.1X securities is
layered on top of the physical layer security. The more recent
physical layer security protocols, Wi-Fi Protected Access
(WPA) and the emerging 802.11i standard, both specify
802.1X securities as a framework for strong wireless security.
802.1X user authentication, requires a user to provide
credentials to the security server before getting access to the
network. The credentials can be in the form of user name and
password, certificate, token, or biometric. The security server
authenticates the user's credentials to verify that the user is
who he or she claims to be, and is authorized to access the
network.
If the user is both authenticated and authorized to access the
network, and the access point is verified as being part of the
network, then the security server communicates directly with
the access point to authorize the user's access to the network.
The security server also creates a unique pair of encryption
keys for this user session, which are sent to both the access
point and the client to securely and uniquely encrypt the
wireless communication between the two.
The security server also verifies that the access point is a
valid part of the network. This is done to protect the user from
connecting to an unauthorized access point that may have been
set up to fraudulently capture network data. 802.1X security
overcomes two significant limitations that physical layer
security alone presents. It provides unique encryption keys for
each user each time they sign onto the network, and eliminates
the key management issues associated with maintaining
common encryption keys across all access points and
users.The security server allows network access to be
managed on a user basis. It can tie in to other corporate user
databases or directories to authenticate the user against a
common set of user credentials, eliminating the need for
replicating and maintaining separate databases.
While no security mechanism can be considered absolutely
secure, the protection given by 802.1X security is strong
enough to prevent most sophisticated attacks. As such, layer 2
security offers a pragmatic, economical security mechanism to
meet the requirements of most corporate environments.
Gartner Research believes this level of security will meet the
needs of most businesses through 2005. In some cases where a
higher level of data security is required, VPNs can be layered
on top of the security servers to provide an additional level of
encryption of the IP data.
3. SSID
Optionally, security for 802.11, 802.11a, b and g was
initially defined to be based on the use of the Service Set
Identifier (SSID) and the Wired Equivalent Protocol (WEP) to
provide for both authentication and privacy through the
encryption of data over the radio waves. The SSID is a
network name that identifies the area covered by one or more
APs. In a commonly used mode, the AP periodically
broadcasts its SSID in a beacon. A wireless station wishing to
associate with AP can listen for these broadcasts and can
choose an AP to associate with based upon its SSID. In
another mode of operation, the SSID can be used as a security
measure by configuring the AP to not broadcast its SSID. In
this mode, the wireless station wishing to associate with the
AP must already have its SSID configured to be the same as
that of the AP. If the SSIDs are different, management frames
sent to the AP from the wireless station will be rejected
because they contain the incorrect SSID and association will
not take place. Each wireless network has the option of
specifying a SSID that can be exchanged at the initiation of
communication between a system and an Access Point. The
SSID in use must be the same between both sides before
further communications can commence
4. WEP
The IEEE 802.11 covers the communication between
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 94

Proceedings of ICCNS 08 , 27-28 September 2008
wireless components RF poses the challenges to privacy in
which it travel through and around the physical objects.
802.11 working group implement a mechanism to protect the
privacy of individual transmission known as WEP protocol. It
utilizes cryptographic security measures for the goal of
privacy. It uses this goal through the shared key
authentication. WEP is a key based security protocol intended
to prevent casual eavesdropping of the data being
transmitted over the wireless network. The key is used to
encrypt/decrypt the data portion of a packet. The key that is
defined in the original standards is a single 40-bit key
although larger keys, up to 128 bits, are defined by a follow on
standard often referred to as WEP2. The key is defined at and
for each of the stations that communicate over the wireless
network. The entire key is never exchanged over the wireless
network, so it is not directly captured.
The WEP key generation is based on the RC4 stream cipher
algorithm. The algorithm depends upon a permutation of all
the possible n bit words, a pair of indices and the initial value
of a variable key. RC4 defines the output of a Key Scheduling
Algorithm (KSA) which uses the variable key as input to drive
the subsequent permutations of the algorithm.
B. Virtual Private Networks
VPN can be employed over the WLAN to provide the data
level encryption and end to end authentication depending upon
what services are provide at the wired network side. The use
of VPN can be used to augment the existing protocols such as
WEP and WPA and can be used in lieu of the availability of
the 802.11i or 802.1X standards. VPN uses IPsec with
encryption and L2TP inside of IPsec. The VPN environment is
considered by most to be very secure and a variety of standard
are being codified in support of a more widespread
interoperability.
1. VPN Security
In environments where triple DES encryption is required, or
the data on the wireless network may be passed through the
Internet, VPNs may be used to provide another layer of
security over 802.1X based solutions. A word of caution on
VPN implementations for wireless security: early wireless
implementations used VPNs as the only security layer for
wireless LANs. This practice leaves open security
vulnerabilities. VPNs only encrypt data between the IP
packets, leaving the wireless network vulnerable to a number
of lower level attacks on the MAC and IP headers, such as
wireless session hijacking and rogue AP, or man-in-themiddle
attacks. 802.1X-based security should be used to
prevent unauthorized access to the network, and to prevent the
sniffing and stealing of IP and MAC addresses. It should also
be used to prevent session hijacking and man-in-the-middle
attacks through rogue access points. VPNs, while providing
very strong IP data encryption, cannot prevent these types of
lower level attacks. If VPN security is required, a layered
approach in conjunction with an 802.1X security server is the
predominately recommended approach.
C. GPRS
General Packet Radio Service (GPRS) is a standard for a
value added service to be used with the cellular telephone
infrastructure using GSM and TDMA. It augments the voice
capability of cellular phones, providing digital wireless
communication data rates of up to 171.2 kbps theoretically
and 114 kbps practically. GPRS works by using a Gateway
GPRS Support Node (GGSN) to interface to other networks
such as the Internet. The mobile device communicates with a
Serving GPRS Support Node (SGSN). The GGSN and SGSN
work together to maintain the virtual connections and to
deliver the data. The SGSN acts to maintain an attached state
for the mobile device as it moves through the network.
Though GPRS seems to provide a good match for other packet
based backbones, it also brings with it a few downsides. One
of the issues is that GPRS must share the bandwidth with the
GSM/TDMA voice channel.
D. CDMA
After the success of digital cellular systems such as GSM in
most parts of the world and TDMA in the US, Qualcomm
developed a competing standard, the Code Division Multiple
Access (CDMA) protocol. This original definition is currently
also known as CDMA One and is defined as the IS-95B
standard. CDMA works by transmitting a digitally encoded
analog signal using spread-spectrum technology combined
with a special coding scheme over a 1.25 MHz channel.
E. Security in Cellular networks
The security of cellular networks has been studied, but not
as rigorously as other forms of wireless networks. This is
because; today the usage of cellular networks for critical data
transmission has not been popular. Cellular networks are used
for small messages, quick web browsing and sending pictures.
The security of GPRS networks depends upon algorithms
used by the GSM system to authenticate the user and the base
station and to cipher all data and voice traffic between them.
While on the surface GPRS seems to be secure many security
holes have been discovered. The smartcard used in the GSM
system uses an authentication system in which a challenge
response is performed with the mobile units ESN (electronic
serial number). The encoding used in this challenge response
scheme has been shown to be vulnerable and smartcards can
be thus cloned.
However such attacks are not prevalent as the importance of
user data transmitted by GPRS networks is still quite small.
The CDMA systems are believed to be more secure than the
GPRS network, mainly due to the nature of the radio
frequency signaling. While it is possible to listen in on a
GPRS transmission using TDMA receivers, such is not
possible with CDMA. A CDMA receiver has to be coded with
the correct 64-bit code to receive a channel of CDMA traffic,
and without this code, or with a wrong code, the received
signal is noise. A brute force attack to find a correct code is
not feasible. The code is exchanged between the sender and
the receiver at the handshake, which happens over an
encrypted channel.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 95

Proceedings of ICCNS 08 , 27-28 September 2008
An attacker can find the location of a mobile station with
the use of radio monitoring equipment. This does not
compromise the privacy of the data, but the privacy of the
operators location. GSM, Global System for Mobile
communications, is the currently very popular digital cellular
telecommunications system specified by the European
Telecommunications Standards Institute (ETSI).
In short, GS intends to provide three security services:
temporary identities, for the confidentiality of the user
identity; entity authentication, that is, to verify the identity of
the user; and encryption, for the confidentiality of user-related.
The Subscriber Identity Module (SIM) is a security device, a
smart card which contains all the necessary information and
algorithms to authenticate the subscriber to the network. It is a
removable module and may be used in any mobile
equipment. The encryption algorithms are integrated into the
mobile equipment as dedicated hardware. GSM does not use
public-key cryptography. Symmetric keys are derived from
user related data using an algorithm under the control of a
master key.
F. Bluetooth
Bluetooth is a standard that describes a short range wireless
link between devices. The maximum link distance is about 10
meters (33 feet). The transmitter operates on the 2.4GHz ISM
band and uses a fast acknowledgement frequency hopping
which improves the robustness of the signal in a
noisyfrequency environment. Since it also uses less power for
its transmissions, it also is intended for the Bluetooth units to
be relatively close to each other. Bluetooth is intended for use
as a communications link between small potentially cheap
devices.It is not intended for both mobility and distance. It has
a data rate of between 300-400 kbps. That is to say a mouse
can communicate with a PC or some other mouse driven
devices, wirelessly.
1. Security in Bluetooth
There are four entities in Bluetooth devices that are used to
maintain link level security. The first is the Bluetooth device
address, which is a 48-bit value, unique to each Bluetooth
device and defined by IEEE. The second is a private
authentication key, which is a 128 bit random number.
Thirdly, there is an 8 to 128-bit private encryption key. Lastly
is a pseudo randomly generated, 128-bit number that the
device generates. These entities are used to one degree or
another depending upon the mode of security level setting
(mode) of the Bluetooth device.The choices for Modes are 1 to
3; where Mode 1 is the non-secure mode, Mode 2 is service
level enforced and Mode 3 is link level enforced. Mode 3
security begins the security prior to a communications channel
being established. Devices can also be tagged as trusted and
untrusted with service levels tat include requiring both
authorization and authentication, authentication only and open
to all.
The vulnerabilities of Bluetooth security mechanisms are
have not yet been thoroughly investigated. Since the market
penetration of Bluetooth is yet low, these devices have not
been subject to severe scrutiny.
V. CONCLUSION
The benefit of wireless networks is driving the explosive
growth of the WLAN market. Where security has been the
single largest concern for wireless network deployment in the
corporate setting, strong security solutions are available to
make wireless networks as secure as wired networks.
This paper is useful for planning a secure wireless network
implementation. We have addressed known security threats to
networks. Described security standards offer a pragmatic,
economical security mechanism to meet the requirements of
most corporate environments. For environments that require a
more robust security, VPN tunnels can be layered on top of
802.1X security for a more comprehensive solution. This
approach offers a solution to wireless security and can resolve
the single largest barrier to Wireless network deployment for
IT managers. A cost-effective solution using 802.1X security
can be deployed to deny access to any user without the proper
credentials, and provide strong security for wireless networks.
REFERENCES
[1] Arbaugh, William, Narendar Shankar and Y.C. Justin Wan, Your 802.11
Wireless Network has No Clothes Department of Computer Science
University of Maryland. Webpage online available at
http://www.cs.umd.edu/~waa/wireless.pdf.
[2] Barnes, Christian, Tony Bautts, Donald Lloyd, Eric Ouellet, Jeffrey
Posluns, David M. Zendzian, and Neal OFarrell, Hack Proofing Your
Wireless Network. Syngress Publishing Inc, Rockland, MA, pp 201 237.
[3] Chickinsky, Alan, Wireless LAN Security Threats. Document IEEE
802.11-01/258 Simon, D., Ba Aboba and T. Moore. IEEE 802.11 security
and 802.1x. IEEE Document 802.11
[4] White Paper on Wireless Network Security, 802.11, Bluetooth and
\ Handheld Devices ,by Tom Karygiannis, Les Owens
http://csrc.nist.gov/publications/nistpubs/800- 48/NIST_SP_800-48.pdf
[5] White Paper on A Survey of 802.11a Wireless SecurityThreats and
Security Mechanisms Colonel Donald J. Welch, Ph.D. Major SCOTT
D. Lathrop www.itoc.usma.edu/Documents/ITOC_TR-2003-101_(G6).pdf
[6] White Paper on Wireless LAN Security 802.11b and Corporate Networks
documents.iss.net/whitepapers/wireless_LAN_security.pdf
[7]White Paper on Wireless Network Security
www.proxim.com/learn/library/ whitepapers/wireless_security.pdf
[8] Wireless Network Security by Partha Dasgupta and Tom Boyd
www.public.asu.edu/~tboyd/publications/W-Sec-v03A.pdf
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 96

Efficient and Secure Multicast Communication
Karan Singh, Student Member, IEEE, and Rama Shankar Yadav, Member IEEE
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract-- The coming age is information age in which data is
dealing with computer network one source to destination using
unicast, multicast. Multicast services are very popular for
transmission of information data. So, multicast network growths are
going to increase day by day, due to exponential increase in network
comes various problems such as reliability, security, congestion,
connectivity scalability, fairness etc. Congestion is very serious
problem to decrease the network utilization if multicast network is
not secure it may be increase congestion due to misbehavior of
network entity. So, we need a secure multicast efficient multicast
system.
multicast congestion control system by which can control the
congestion using security constraints.
Index Terms-- Attack, Congestion, IGMP, Secure IGMP,
Multicast, Multicast congestion, Security, Unicast.
W
I. INTRODUCTION
E are living in a digital data age in which data or
information is flowed by various network services
such as unicast [2], broadcast, multicast etc. Data
communication is the delivery of message from the source to
the destination. In the case of unicast one source and one
destination while broad cast [3] on the one source various
destinations, and multicast provide communication via one or
many source to a particular group which has various
destinations. Broadcasting refers to transmitting a message
that will be received by every destination on the network.
Anycast [4] is a network addressing and routing scheme
whereby data is routed to the nearest or best destination as
viewed by the routing topology. Figure 1 illustrated the
unicat, broadcast, Multicast and anycast. In case of unicast,
multicast, broadcast S is denoted by source and R is denoted
by receviers while in case of anycast C is denoted by client
and S is server. Main problem in all type of transmission is
congestion which comes when the number of transmitted
packets exceeds the capacity of the network. In other words,
congestion in network occurs when increment in network load
either leads only to small increases in network throughput, or
reduction in network throughput. Congestion control is
desirable for both unicast and multicast traffic. However, the
design of good multicast congestion control protocols is more
difficult than the design of unicast protocols. Multicast
congestion control schemes ideally should scale to large
receiver sets and be able to cope with heterogeneous network
conditions at the receivers. The problem may be increase
more if receivers do misbehavior. So, we need a secure
Karan Singh is a Research Scholar in the Department of Computer
Science and Engineering, Motilal Nehru National Institute Of Technology,
Allahabad-211004, INDIA (e-mail: karancs12@yahoo.com).
Rama Shankar Yadav is with the Department of Computer Science and
Engineering, Motilal Nehru National Institute Of Technology, Allahabad-
211004, INDIA (e-mail: rsy@mnnit.ac.in).
Fig. 1. Network Services
Section II deal with multicast where as multicast congestion
control is given section III. Section IV is providing the secure
multicast schemes and section V discussing the efficient and
secure multicast. Finally section VI concludes the paper.
II. MULTICAST
Basic concept of multicast all receivers send feedback to
router to join a group, router take decision if decision maker is
router otherwise forward the request to sender. According to
network requirement sender take the leave and join decision of
receiver. The transmission reaches the end-users requesting
the transmissions without a separate transmission required for
each user, as would be the case in a unicast transmission. A
multicast connection has a bandwidth saving nature. A
multicast message transmission is sent to a multicast group; a
group represents end-users network nodes. The multicast
groups are dynamic, receiver-controlled groups, where a host
can join or leave the group at any time. Traditionally, the use
of multipoint connections has been limited to Local Area
Network (LAN) applications.
Figure 2 shows the multicast example which has one sender
and data flow via intermediate hop to decision router to
receivers which are receivers 1, 2, 3. Receiver is sending a
join group request message to router to join the group usinf
IGMP and all other receivers are connected to network via
wired and wireless [3, 8]. In this section we are going to
discuss IGMP, Security threat and secure IGMP which are
following
A. Internet Group Message Protocal
This Multicast group is managed by internet group
management protocols (IGMP) [19]. The Internet Group
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 97

Proceedings of ICCNS 08 , 27-28 September 2008
Management Protocol IGMP is used between IP hosts and
their immediate neighbor multicast agents to support the
creation of transient groups, the addition and deletion of
members of a group, and the periodic confirmation of group
membership.
which can result in denial of service (usually due to
congestion) over the wide-area.
4. The use of UDP as IP multicast’s transport protocol
means that there are no in-built protocol mechanisms
to prevent congestion caused unintentionally by a
multicast sender.
In next section we provide the various type of attack which
disturbs the multicast communication.
Fig. 2. Multicast
IP hosts to register their dynamic multicast group
membership use IGMP. It is also used by connected routers to
discover these group members. IGMP is an integral part of IP.
It is required to be implemented by all hosts wishing to
receive IP multicasts. IGMP uses the message report for
joining and leaving receivers in group. The specials query
message used by for management group for example figure 3
shows that sender send a IGMP report to know receivers
status and receivers sends back by feedback a IGMP report.
The wide-area multicast communication is at a substantially
increased risk from certain threats, namely the unauthorized
observation of multicast traffic (i.e. listening), the sub-sequent
threats that can come about as a result of being able to snoop
traffic, and denial of service attacks, which arise from
unauthorized sending to a group.
Fig. 3. Multicast and IGMP Report
Multicast communication is more susceptible to security
attacks because of following factors
1. The participants of a multicast communication have
no mechanisms at their disposal by which to impose
group membership restrictions, thereby rendering
groups easily accessible. Consequently, multicast
provides a vehicle for attackers to pose as legitimate
group members.
2. The IP multicast address space is a well-known
contiguous part of the unicast IP address space,
making it easy for an attacker to locate, and be-come
part of, a multicast group at random.
3. There exist no mechanisms that can prevent either
group members, or non-group members, from
sending (possibly spurious) multicast data to a group,
B. Security Threat
The types of security threat [3, 18 ] present in unicast are
also present in multicast, but the potential risk of particular
attacks are considerably greater in multicast than in unicast as
the multicast architecture makes it inherently more
susceptible.
TABLE I
MULTICAST ATTACKS
Attack
Denial of Service
(Active/Passive)
Traffic Observation
(Passive)
Self Beneficial
(Passive)
Masquerading
(Active)
Malicious Replay
(Active)
Description
Explicit attempt by attackers to prevent
legitimate users of a organization from
using services and network resources like
bandwidth. It should be noted that any
unauthorized sending of multicast data
could be construed as a denial of service
attack
Often called eavesdropping, traffic
observation concerns the interception of
information between communicating
parties, thereby resulting in the disclosure
of information such as traffic type,
content, frequency, presence or absence
Attackers increase its own bandwidth
consumption
Often called spoofing, masquerading
concerns the issuance of information, the
receipt of information, or the acquirer of
access rights using an identity other than
its own. It is relatively easy for a user to
insert a bogus source address in the
network-layer header of an IP packet
A replay attack is the result of an intruder
having intercepted information, and
replaying it at a later time. This,
therefore, can result in denial of service
As the number of communication links traversed by wide-area
multicasts are potentially far greater compared with a single
unicast, where the communication path is a collection of links
and nodes between just one source and one destination.
Therefore, multicast intrinsically creates more opportunity for
traffic interception. Passive attacks [6] that result in
information release are passive and active attacks those that
involve message modification or denial of resources are
current uses. The brief description of multicast attacks [9] is
given in table 1.
C. Secure IGMP
If receivers are successful in obtaining an authorization
stamp for group [11], or if the group is unrestricted, then it
may proceed to join group. The next step in the joining
process involves the host sending an IGMP report to the
receiver’s local designated router. If the group being reported
has restricted access; the authorization stamp must be included
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 98

Proceedings of ICCNS 08 , 27-28 September 2008
in the membership report. For example as in figure 4 senders
is checking the authenticity of receivers using IGMP reports.
Fig. 5. Secure IGMP
Secure IGMP provide the authenticity but does not aware
about the congestion problem of multicast network [21] which
is needed for network utilization. In next section we are going
to deal multicast congestion control and controlling
algorithms.
III. MULTICAST CONGESTION CONTROL
Computer network use the channels for transmit the data from
source to receivers. If source rate [5] increases the capacity of
channel then congestion occurred. There are various multicast
congestion control [13] algorithms for example RLM [7],
TFMC [12, 22], FLID-DL [1], DMPRAIS [14], RLC [7],
AMCC [4], MILDA [17], WEBREC [13], MMCC [20],
FDCCMMN [15], RACCOOM [12] etc. which only control
the congestion but doesn’t aware security threat. There are
some algorithm which describe that they only control
congestion and not working in distrust environment. There are
following
Receiver-driven Layered Multicast (RLM)
Receiver-driven Layered Multicast is the first well-known end
to end congestion control for layered multicast. In RLM,
receiver detects network congestion when it observes
increasing packet losses. Receiver reduces the level of
subscription if it experiences congestion. In the absence of
loss, the receiver estimates the available bandwidth by doing
the so-called join experiments when the join-timer expires. A
join experiment means that a receiver increases the level of
subscription and measures the loss rate over a certain period.
If the join-experiment causes congestion, the receiver quickly
drops the offending layer. Otherwise, another join-timer will
be generated randomly and the receiver retains the current
level of subscription and continues to do the join experiments
for the next layer once the newly generated join-timer has
expired.
In general, the subscription level can be increased or
decreased in RLM based on the following rules:
1. Before doing the join experiment, receiver will perform the
“shared learning” by broadcasting a notification message to all
receivers in the multicast group. By doing so, all the receivers
will know which layer is currently participating the join
experiment.
2. Join-timers are randomized to avoid protocol
synchronization effect. If a join-timer expires and no
experiment or a lower layer experiment is in progress, receiver
will perform the join experiment to increase the level of
subscription. Otherwise, the current join-timer is ignored and
a new one will be generated.
3. If a packet loss is detected, depending on different
circumstances of the receiver, following actions will be taken:
- If the receiver is currently participating the join experiment
for the highest level, receiver will drop the offending layer and
back off the join-timer;
- If the receiver is currently doing join experiment but not for
the highest level or no experiment is being performed, RLM
will measure the long term congestion before dropping the
offending layer.
TCP-like Congestion Control for Layered Multicast Data
Transfer
A congestion control algorithm suitable for us with
cumulative, layered data streams in the Ml3one. Our algorithm
behaves similarly to TCP congestion control algorithms, and
shares bandwidth fairly with other instances of the protocol
and with TCP flows. It is entirely receiver driven and requires
no per-receiver status at the sender, in order to scale to large
numbers of receivers. It relies on standard functionalities of
multicast routers, and is suitable for continuous stream and
reliable data transfer.
FLID-DL: Congestion Control for Layered Multicast
FLID-DL is a congestion control algorithm for layered
multicast sessions. FLID-DL generalizes the receiver-driven
layered congestion control protocol (RLC) introduced by
Vicisano et al. ameliorating the problems associated with large
Internet group management protocol (IGMP) leave latencies
and abrupt rate increases. Like RLC, FLID-DL is a scalable,
receiver- driven congestion control mechanism in which
receivers add layers at sender-initiated synchronization points
and leave layers when they experience congestion. FLID-DL
congestion control coexists with transmission control protocol
(TCP) flows as well as other FLID-DL sessions and supports
general rates on the different multicast layers. We demonstrate
via simulations that our congestion control scheme exhibits
better fairness properties and provides better throughput than
previous methods. A key contribution that enables FLID-DL
and may be useful elsewhere is dynamic layering (DL), which
mitigates the negative impact of long IGMP leave latencies
and eliminates the need for probe intervals present in RLC.
We use DL to respond to congestion much faster than IGMP
leave operations, which have proven to be a bottleneck in
practice for prior work. In network system source, router or
receiver may be attackers. The attacker crate the big problem
which are following
A. Misbehaviors of Source
In case of source misbehavior, source work as attacker and
disturb the data rate by which channel may be overflow due to
increase of rate of data. For example in figure 5 senders does
misbehave that is the cause of congestion receiver’s side
channel because it doesn’t provide the fair distribution or
increase the unlimited rate.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 99

Proceedings of ICCNS 08 , 27-28 September 2008
A. Misbehaviors of Router
In case of router misbehavior, attacker is a router and delay
the data rate by which channel may be overflow due to
increase of rate of data suddenly.
Fig. 4. Misbehavior of Source
B. Misbehaviors of Receivers
In case of misbehaviors receiver congestion may be
occurred due to increase of feedback data and disturbs control
unit such as sender and router. For example in figure 6
receivers 1, 2, 3 misbehave so due to this misbehave increase
feedback dada at sender side and congestion id occurred.
Fig. 6. Misbehavior of Receivers
Thus, we can see if source, router or receivers are worked
as a attacker the congest may be increase more and network
utilization will decrease so we need the secure multicast
system to provide the authenticity of source and receivers. In
next section we are providing secure multicast scheme to
controlling the misbehavior or attack on system.
IV. SECURE MULTICAST SCHEME
This section is providing various type of secure multicast
communication scheme which protect the network with
security services such as authentication, Non-repudiation,
Integrity etc.
A. Simple off-line hash-chaining
It divides the stream into blocks and embed in the current
block a hash of the following block. In this way sign only the
first block and then the properties of this single signature will
propagate to the rest of the stream through the hash chaining
.It is Off-line because entire stream is known in advance and
this solution is not fault tolerant.
B. Random hash-chaining
Efficient Multi-chained Stream Signature protocol (EMSS)
EMSS [27] provides more or less probabilistic guarantees that
it remains a hash-chain between the packet and a signature
packet, given a certain rate of packet loss in the network. The
robustness of the protocol to packet loss is proportional to the
redundancy degree, k. In order for the sender to continuously
assure the authentication of the stream, the sender sends
periodic signature packets. To verify authenticity of received
packets, a receiver buffers received packets and waits for their
corresponding signature packet. The signature packet carries
the hashes that allow the verification of few packets. These
latter packets carry, in turn, the hashes that allow verifying
other packets, and so on until the authenticity of all received
packets is verified.
A 2 Cast
A 2 Cast [26] is similar to EMSS, but authentication
information redundancy degree is source driven rather than
fixed a priori. Receivers communicate periodically to the
sender the quality of reception reports. Reports contain the
actual packet loss ratio faced by receivers. Sender uses these
reports to calculate the average packet loss ratio. This
technique allows saving authentication information bandwidth
overhead.
Redundant and random hash-chaining
It proposed to tolerate packet loss in a network. The random
redundant topology proposed by the authors is called p-
random graph. In a basic p-random graph scheme, for all pairs
of packets (Pi, Pj) where j < i, the hash of packet Pi is
embedded within packet Pj with probability p. Once the p-
random graph of the stream is constructed, the packets of the
stream are sent. If it is valid, the receiver verifies by checking
the existence of a hash-link path between the received packet
and the signature packet.
C. Deterministic hash-chaining
It similar to EMSS, but packets is chosen in a deterministic
way rather than randomly. The authors proposed deterministic
topologies of packet hash-chains, called Augmented Chains.
The goal of the proposed schemes is to maximize the size of
the longest single burst of loss. Piggybacking, designed to
resist multiple bursts, deals with the case where data carried
by different packets has more or less importance from the
point of view of the application level. Then hash chaining is
made in a way that: the higher is the priority of a class, the
more redundant is hash-chaining of packets belonging to that
class
D. RLH: receiver driven layered hash-chaining for
multicast data origin authentication
Multicast security provides the data origin authentication
(source or receivers means with non-repudiation or without
non-repudiation). To provide this type of security, we can use
the various scheme such as key with packet, hash value with
each packet, hash chaining with each packet. In this approach
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 100

Proceedings of ICCNS 08 , 27-28 September 2008
the main problem is overhead because key, hash, hash
changing will take some more space (bandwidth) then original
data.
In second approach we can sent the same things (key, hash
value, hash chaining) with a block of packet. But in this
approach main problem will come after packet loss. If any
packet or block loss the approach will fail, so packet loss
should not exceed from threshold limit.
Yacine Challal [24] use the random hash changing according
to amortizing (single digital signature over multiple packets)
concept which also used in EMSS and A 2 Cast protocol. This
approach provides the data origin authentication at threshold
packet loss ratio. According to random hash changing authors
provide the three algorithms: sender side, receiver side and
verification algorithm
E. Hybrid and Efficient Scheme of Multicast Source
Authentication
HE Jin [25] uses a hybrid approach in use the hash tree and
hash chaining combination. In case of hash tree, data break
into M block; each block into m packets and each packet
associate the hash value. Root hash of each block is signed by
sender. So per packet communication overhead is even higher
than shining each packet. Speed of hash function (MD5,
SHA1) is about 1000 faster then digital sinning (RSA, ECC,
DSS); the computational overhead of hash tree is much less.
Singing at each packet only root hash is sign by sender. Hash
Chaining: Data divide into N block, compute the hash of first
block, sign the hash payload and send to all receivers. In case
of hash Chain, One signature is sign by sender and n hash is
compute by receivers, so communication and computing
overhead less in hash chaining.
Hash chaining scheme can’t tolerate packet loss and the
receiver can not verify authenticity if any future packets once
any portion of data is lost in transit. He Jin [25] approach use
the hash tree for decreasing receiver’s computation overhead
and authenticity because one root hash has the all value of leaf
hash. Hash chaining use used for decreasing communication
overhead and signing. It has the very less computation
overhead because no need to compute more then one time at
receiver side to verify the authenticity. It has the little more
communication overhead.
In next section we are going to illustrate the efficient and
secure multicast communication approach.
V. EFFICIENT AND SECURE MULTICAST
COMMUNICATION
Multicast congestion control scheme RLM [7], TFMC [12,
22], FLID-DL [1], RLC [7], provide the controlling respect to
congestion it is not provide the avoidance with respect to
distrusted receiver, source or router. DMPRAIS [14] provides
the frame work for protection distrusted receiver to prove the
DELTA and SIGMA algorithm with embed a congestion
function. The main problem with secure multicast scheme is
the packet loss and increasing the overhead. In this paper, we
are describe a key concept for multicast security and efficient
in term of reducing packet loss and overhead.
To achieve this objective, we can solve the problems of [25],
which have more overhead to providing the security services.
Because each packet, the sender includes the signed block
hash, the packet ID, and the hashes of siblings of all the nodes
in the current packet’s path to the root.
Fig. 7 Hybrid Scheme
According to [25] sending data are following
Block 1 (Signature (h18))
P1 h2+h34+h58+h28
P2 h1+h34+h58+ h28
P3 h4+h12+h58+ h28
P4 h3+h12+h58+ h28
P5 h6+h78+h14+ h28
P6 h6+h78+h14+ h28
P7 h8+h56+h14+ h28
P8 h7+h56+h14+ h28
Block 2
P1 h2+h34+h58+ h38
P2 h1+h34+h58+ h38
P3 h4+h12+h58+ h38
…………………………
The sending information of sender of block 1, block 2. The
senders first verify hash value of block 1 root and if true all
coming block are authentic because each packet has the hash
value of next block. The packets P1, P2, P3, P4 have
redundancy with respect to h58, h28, h14. The security
requirement at receiver side for one Block 1, first store h18
and verify signature then achieve the new h18 from h1,h2,h12,
h34, h14, h58 for used path P1 to root of tree. We can store
the value of hash h58 like h18 we can produce the h58 such as
h14. This technique may be better then hybrid scheme and less
overhead. Main problem with this scheme is packet loss for
that we can embed a multicast congestion control scheme such
as RLM, RLC, FLID/DL with tightly bound condition. For
example: If we are using the FLID/DL, mechanism objective
should be very less packet loss near to zero. If this schem
work satisfactory so we can send h28, h38 with only one
packet of block. So, these schemes increase the computation
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 101

Proceedings of ICCNS 08 , 27-28 September 2008
overhead at receiver side but we can use the powerful system
for this purpose.
This is new approach to providing efficacy and security
multicast communication. This scheme work in both type of
attack self beneficially and DoS. We are going to simulate
these tasks in NS-2 to achieve the secure and efficient
multicast communication.
VI. CONCLUSION
In this paper we have provided the secure and efficient
multicast communication scheme which deal both problem
packet loss and network security. With help of this scheme we
can reduce the overhead of packet to providing security and
reduce the redundancy, packet loss.
REFERENCES
1. Byers, J., Frumin, M., Horn, G., Luby, M., Mitzenmacher, M., Roetter,
A., Shaver, W.: FLID-DL: Congestion Control for Layered Multicast.
Proceedings of NGC, November 2000.
2. Jun Peng and Biplab Sikdar “A Multicast Congestion Control Scheme
for Mobile” GLOBECOM 2003.
3. Karan Singh, R. S. Yadav, Ranvijay “A Review Paper On Ad Hoc
Network Security” <strong>International</strong> Journal of Computer Science and
Security, Volume (1): Issue (1) pg.52-69 Malaysia – 2007
4. Karan Singh, Rama Shankar Yadav, Raghav Yadav, R. Shiva Kumaran,
“Adaptive Multicast Congestion Control ” HIT haldia March 2007.
5. Lijun Cheny, Tracey Hoy, Steven H. Lowy, Mung Chiangz and John C.
Doy “Rate Control for Multicast with Network Coding” IEEE
<strong>International</strong> Symposium on Sept. 2004.
6. Karan Singh and Rama Shankar Yadav “Overview of secure multicast
Congestion Control” <strong>International</strong> <strong>Conference</strong> on Soft Computing and
Intelligent Systems (ICSCIS-07), Jabalpur, Dec 2007.
7. McCanne, S., Jacobson, V., Vetterli, M.: Receiver-driven Layered
Multicast. Proceedings of ACM SIGCOMM, August 1996.
8. R. Shiva Kumaran, Rama Shankar Yadav, karan Singh “Multihop
wireless LAN” HIT haldia March 2007.
9. R. Stewart, M. Tuexen, G.C. Ericsson” Security Attacks Found Against
the Stream Control Transmission Protocol (SCTP) and Current
countermeasures” RFC- 5062 September 2007.
10. RFC 4046 “Multicast Security (MSEC) Group Key Management
Architecture” April 2005.
11. RFC-3740 “The Multicast Group Security Architecture” March 2004.
12. S. Gorinsky, Sugat Jain, Harrick Vin “Robust Congestion Control for
Multicast: Challenges and Opportunities” Jan 2003.
13. S. Bhattacharyya, D. Towsley, and J. Kurose, “The Loss Path
Multiplicity Problem in Multicast Congestion Control,” Proc. IEEE
INFOCOM ’99, Mar. 1999.
14. S. Gorinsky, Sugat Jain, Harrick Vin, Yongguang “Design of Multicast
Protocols Robust Against Inflated Subscription” IEEE/ACM
Transactions on Networking, Vol. 14 No. 2, April 2006.
15. Saswati Sarkar, Leandros Tassiulas, “Fair Distributed Congestion
Control in Multirate Multicast Networks” IEEE/ACM
TRANSACTIONS ON NETWORKING, VOL. 13, NO. 1, FEBRUARY
2005.
16. Security tools from: http://www. cert- in.org
17. Sisalem, Wolisz “MLDA: A TCP-friendly Congestion Control
Framework for Heterogeneous Multicast Environments” IEEE 2000.
18.
Threats: http://www.caci.com/business /ia/threats.html .
19. Understanding IGMP Snooping “Power Connect Application Note #18”
February 2004.
20. Wei-QiangXu, Ya-Ming Wang, Cheng-Hai Yu “MMCC: multirate
multicast congestion control for optimal Resource allocation in ad hoc
networks” proceeding IEEE 2005.
21. Wen-Tsuen Chen, Yaw-Ren Chang, and Chun-Fu Huang “A Low-cost
Self-routing Multicast Network” in 1993
22. Widmer, J.; Denda, R.; Mauve, M.; “A survey on TCP-friendly
congestion control” May-June 2001.
23. Y.Challal,A.Bouabdallah,Y. Hinard” RLH: receiver driven layered
hash-chaining for multicast data origin authentication” 20 November
2004.
24. Yacine Challal, Abdelmadjid Bouabdallah, Yoann Hinard ”RLH:
receiver driven layered hash-chaining for multicast data origin
authentication” Computer Communications 28 (2005) 726–740,
Elsevier.
25. HE Jin-xin, XU Gao-chao, FU Xiao-dong, ZHOU Zhi-guo “A Hybrid
and Efficient Scheme of Multicast Source Authentication” Eighth ACIS
<strong>International</strong> <strong>Conference</strong> on Software Engineering, Artificial
Intelligence, Networking, and Parallel/Distributed Computing IEEE,
2007.
26. Y. Challal, H. Bettahar, and A. Bouabdallah, “A2Cast: An Adaptive
Source Authentication Protocol for MultiCast Stream”, IEEE-
ISCCÕ2004, June 2004.
27. A. Perrig et al, “Efficient and Secure Source Authentication for
Multicast”, 8th Annual Internet Society Symp. Network and
Distributed System Security, 2001.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 102

Proceedings of ICCNS 08 , 27-28 September 2008
Enhanced Optimistic Fair-exchange
Protocols for Secured Electronic Transactions
Based on DSA Signatures
Kishore B. Pawar, Sunil G. Bhirud
Abstract— Now a day use of electronic transactions is very
common. If we analyze the security issues in the secured electronic
transactions (SET) there is fundamental problem of fair exchange of
the data. Same problem exists with the digital rights management
also though we are using third parties, we cannot relay fully.
Recently, Park et al. [1] present optimistic fair-exchange protocol
based on RSA (Rivet, Shamir, Adleman) Algorithm, Dodis and
Reyzin analyze the vulnerability of Park’s protocol and present an
optimistic fair-exchange protocols based on GDH, then Wang, Hong
and Zhu [3] have analyzed these schemes and proposed the new
Optimistic Fair Exchange Protocols based on improved DSA
(Digital Signature Algorithm) signatures. This paper points out that
Wang, Hong and Zhu‘s scheme is also insecure and inefficient. This
paper presents a multi-signature scheme based on improved DSA,
describes an enhanced way of constructing more efficient fairexchange
protocols based on the enhanced DSA signatures. The
protocols of this paper are become more secure and efficient than
that of [1], [2], and [3].
Keywords— Digital Certificates, Fair-Exchange Protocols,
Multi-signatures, Secured Electronic Transactions.
I.INTRODUCTION
In secured Electronic Transactions (SET) and digital rights
management authenticity and confidentiality are some of the
fundamental security issues; along with that the fair-exchange
is the fundamental problem. A fair-exchange protocol mainly
deals with the exchanging the items in a fair way between
two parties, so that either each party gets the other’s item or
neither party does. That is the atomicity i.e. transactions
should be atomic. This is getting more importance as there is
tremendous need of such transaction in business on Internet.
Boyd [4] proposed an RSA-based multi-signature scheme that
allows two signers to compute a multi-signature efficiently.
Recently, Park etc [1] point out the vulnerability of Boyd’s
scheme, and present an improved scheme of RSA-based
multi-signature scheme. Dodis and Reyzin [2] analyze Park
et al.’s scheme and its vulnerability and present optimistic
fair-exchange protocols based on GDH. Afterward Wang,
Hong and Zhu [3] present optimistic fair exchange protocols
based on improved DSA signatures. Wang point out that
Dodis and Reyzin’s scheme is insecure and inefficient. This
paper point out that Wang’s scheme is also insecure and
inefficient. Also presents a new multi-signature scheme based
on enhanced DSA, describes a novel method of constructing
very efficient fair-exchange protocols based on enhanced
DSA signatures than that of Wang’s. Comparing with [1],
[2], [3], the protocols of this paper are more secure and
efficient.
In the next section, we analyze the vulnerability of
optimistic fair-exchange protocols which were presented by
Wang, Hong and Zhu, [3] (based on the improved DSA
signature).In section III we propose approach and
enhancement. In Section IV, we describe an enhanced
method of constructing very efficient fair-exchange protocols
based improved DSA signatures. In Section V, comparing
with [1], [2], [3], [4], we analyze the security and efficiency
of our scheme. The concluding remarks are given in Section
VI.
II.VULNERABILITIES IN WANG’S SCHEME
Wang Shaobin, Hong Fan and Zhu Xian have proposed the
scheme in optimistic fair-exchange protocol, in their scheme
public key of the signer is calculated as follows.
Setup: Alice/signer generates the p, q, g, x, etc. here p, q,
g and x are same as that in DSA (Federal Information
Processing Standards Publication [6]), x is the private key
then we calculate the public key y.
y = g x ----------------------------- (a)
and
y1 = g x1
----------------------------- (b)
Here these y and g are sent to Co-Signer.
Now,
Let’s take the log on both sides for the a and b
log y = log (g x )
log y1 = log(g x1 )
log y = x log g
log y1 = x1 log g
x = log y / log g
x1 = log y1 / log g
x = log g y
x1 = log g y1
----------------------------- (c)
----------------------------- (d)
Hence, with reference to the equations c and d private key is
not secure. It can be calculated by co-signers and can be
misused.
It can be overcome by using our new scheme explained in
this paper.
K. B. Pawar is student pursuing M.Tech (Computer Technology) at the
Veermata Jijabai Technological Institute, Mumbai, India (e-mail: kishore.pwr@
gmail.com).
S. G. Bhirud is with Veermata Jijabai Technological Institute, Mumbai,
India. (e-mail: sgbhirud@yahoo.com).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 103

Proceedings of ICCNS 08 , 27-28 September 2008
III.PROTOCOL APPROACH
Like Wang’s [3] protocols we also use same multisignature
scheme. The players in multisignature scheme are also same
i.e. n 2 signers and a verifier.
Registration Protocol (Faint Arrows)
1. Request for Registration
2. Certification after validation
Exchange Protocol (Dotted Arrows)
3. Exchanging Certificate
4. Receiving Merchandise after Verification
5. Exchanging the Signature
Dispute Resolution protocol (Dark Arrows)
6. Dispute Resolution Request if 5 fails
7. Exchanging Signer’s Signature by Co-signer
8. Exchanging Verifier’s Merchandise by Co-Signer
Figure 3.1 Protocol Approach
Basically there are three protocols viz. Registration
Protocol, Exchange Protocol and Dispute Resolution Protocol.
Registration Protocol contains the first two steps as in Figure
3.1. Success of this protocol leads to Exchange Protocol
which contains steps 3, 4 and 5. And if this protocol fails
after step 4 then verifier starts the Dispute Resolution
Protocol as steps 6, 7 and 8 in Figure 3.1.
But to overcome vulnerabilities in Wang’s scheme we
propose some enhancements to key generation and message
verification.
A.Proposed Enhancements
According to our Enhanced Optimistic Fair-Exchange
Protocol (EOFEP) we will calculate the keys as follows:
Public key of signer y = g x mod p, Likewise;
Public key of co-signer y 1 = g x1 mod p
Now, signatures are generated same as in Wang’s Scheme.
And message verification can be done in following manner:
m mod p = g s y r’ r mod p.
or
m ≡ g s y r’ r mod p.
and
m mod p = g s1 y r1’ 1 r 1 mod p.
or
m ≡ g s1 y r1’ 1 r 1 mod p.
So now signature scheme can be explained as follows
The parameters p, q and g are the same of DSA signature
scheme. x is the private key of Alice’s full signature δ. x 1 is
the private key of Alice’s partial signature δ 1. y = g x mod p is
the public key of Alice’s full signature δ. y 1 = g x 1 mod p is the
public key of Alice’s partial signature δ 1. x 2 is the Charlie’s
private arbitration key. x, x 1 and x 2 satisfy the relation x = x 1
− x 2 . The signature of m is as follow:
1) Alice’s full signature δ is computed as follow: Alice
selects a random number k, and computes: r = mg -k
mod p, r'= r mod q, s = k − r' x mod p. (r, s) is
Alice’s full signature δ. Bob verify the signature is as
follow:
m ≡ g s y r’ r mod p.
2) Alice’s partial signature δ 1 is computed as follow:
Alice computes: r 1 = r, r 1’ = r 1 mod q, s 1 = k – r 1’ x 1
mod p. (r1, s1) is Alice’s partial signature δ 1. Bob
verify the signature is as follow:
m mod p = g s1 y r1’ 1 r 1 mod p.
i.e.
m ≡ g s1 y r1’ 1 r 1 mod p.
3) If there is disputed, Charlie must verify δ 1 and use
the arbitration key x 2 to construct δ. The process is as
follow: First, Charlie verifies δ1: (r1, s1). If it is true,
then construct full signature δ: (r, s), let r and s
satisfy the follow relation:
r = r 1, r 1’= r 1 mod q, s = s 1 + r 1’ x 2 mod p. (r, s) is the full
signature δ.
IV.ENHANCED OPTIMISTIC FAIR-EXCHANGE PROTOCOL BASED ON
IMPROVED DSA SIGNATURE SCHEME
The enhanced optimistic fair-exchange protocol includes
three parties: Alice (primary signer, acting as customer), Bob
(verifier, acting as merchant) and Charlie (cosigner, acting as
TTP (Trusted Third Party)). It is composed by three
protocols: registration protocol, exchange protocol and
dispute resolution protocol. First, Alice sends her
commitment (denote as δ 1) of the exchange to Bob. Bob
verifies the commitment and sends the merchandise to Alice.
After received the merchandise, Alice sends her digital check
or cash (denote as δ) to Bob. Charlie is involved in the
protocol only if one of the parties behaves unfairly or aborts
the protocol prematurely; otherwise the Charlie is never
involved in the protocol. The protocol is explained in this
section
A.Registration Protocol
This is an interactive protocol between Alice (Signer) and
Charlie (Co-Signer). Alice first generates two mutual keys
(private key, public key): (x, y), (x 1, y 1), and the arbitration
key x 2, then contacts Charlie to get the joint public key y
certified. After verifying the construction of signature,
Charlie issues a signed certificate C CA. The key x is used to
sign Alice’s full signature δ. The key x 1 is used to sign Alice’s
partial signature δ 1. This value δ 1 has no intrinsic value, but
serves as Alice’s commitment to the exchange. The key x 2 is
the arbitration key to Charlie. The voucher V C is a signed
statement for δ 1 from Charlie that assures the following:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 104

Proceedings of ICCNS 08 , 27-28 September 2008
1) y 1 is Alice's valid partial public key, and
2) The algebraic relations between the keys have been
verified, and, as a result, Charlie can generate a multisignature
from the corresponding partial signature.
Figure 4.1 shows registration protocol:
1) Alice generates p, q, g, x, x 1, x 2 = x 1 − x, y = g x mod p and
y 1 = g x1 mod p, then sends (p, q, g, y, y 1, δ, δ 1, x 2, ID A) to
Charlie. ID A is Alice's unique identity. δ is Alice’s full
signature on a random message m: δ=(r, s), r = mg -k
mod p, s = k − r' x mod p . δ 1 is Alice’s partial signature
on the random message m: δ1=(r1, s1), r 1 = mg -k mod p,
s 1 = k − r 1' x 1 mod p.
2) After received the message from Alice, Charlie first
verify δ and δ 1, then construct δ using x 2 and δ 1. If
everything is in order, Charlie authorize Alice’s
signature scheme, send V C and C CA to Alice.
By the end of which either one of the parties aborts, or
Alice learns (x, y), (x 1, y 1), x 2, V C, C CA, Charlie learns his
secret arbitration key x 2, and y, y 1, x 2, V C, C CA.
Figure 4.1 Registration Protocol
B.Exchange Protocol
This is an interactive protocol between Alice (Signer) and
Bob (Verifier). Alice initiates the protocol with Bob. We
assume that Alice and Bob have gone through a negotiation
process to agree on the purchase information M (which might
contain Alice's unique identity, Bob's unique account number,
price of the merchandise, description of the merchandise, and
date of transaction) prior to the start of the exchange protocol.
This process may be as simple as Alice choosing fixed-priced
goods from Bob's website. Note that Alice's digital signature
on M (which is her multi-signature δ) acts as her digital
check. In addition, Alice and Bob agree on a session key
using some key-agreement protocol (e.g., Diffie-Hellman key
agreement). The session key is used to encrypt the digital
merchandise to deter eavesdropping. Figure 4.2 shows the
messages exchanged between Alice and Bob in the exchange
protocol when both parties act honestly:
1) Alice selects a random number k, and compute δ 1: (r1,
s1), r 1 = mg -k mod p, r 1’ = r 1 mod q, s 1 = k − r 1' x 1 mod
p. Alice sends δ 1, C CA and V C to Bob.
2) Bob verifies C CA, V C and δ 1. If everything is in order, Bob
encrypts the digital merchandise u with some symmetric
encryption algorithm E r(·), where r is the secret
encryption key (i.e., the session key). The encrypted
merchandise E r(u) is sent to Alice. However, if any one of
the items received from Alice is invalid, Bob does not
send the merchandise, and stops the protocol.
3) Alice decrypts and verifies the merchandise. If Alice is
satisfied with the merchandise, she computes the multisignature
δ: (r, s), and sends it to Bob. Otherwise, Alice
stops the protocol.
4) Bob verifies δ, if it is valid, Bob ends the protocol.
Otherwise, Bob initiates the dispute resolution protocol.
Figure 4.2 Exchange Protocol
C.Dispute Resolution Protocol
If Bob does not receive the multi-signature δ, or if δ is
invalid, he initiates a dispute resolution protocol by
contacting Charlie. We assume that reliable channels exist
between the parties. The following steps describe the dispute
resolution protocol.
1) Bob encrypts the session key r as AE pkc(r), where pkc is
Charlie's public key, and AE pkc(·) is an asymmetric
encryption algorithm. Bob then sends V C, C CA, δ 1, M,
E r(u) and AE pkc(r) to Charlie.
2) Charlie decrypts AE pkc(r), and uses r to recover u. Next,
he extracts all the system parameters and keys from C CA
and V C, and then verifies δ 1 using those values. If
everything is in order, Charlie generates the multisignature
δ: (r, s) using δ 1 and his secret arbitration key
x 2 as follow:
r = r 1 , r 1' = r 1 mod q, s = s 1 + r 1’ x 2 mod p.
Figure 4.3 shows the messages exchanged between the
parties at dispute resolution.
The multi-signature δ is sent to Bob, and the (encrypted)
merchandise is forwarded to Alice. Otherwise, if any of the
items received from Bob is invalid, Charlie halts the dispute
resolution protocol without sending anything to either party.
Figure 4.3 Dispute Resolution Protocol
V.ANALYSIS
We can directly apply the suggestions given by Wang’s
analysis which are already applied by us during
implementation of protocol. Along with the Wang’s
guidelines in analysis part of [3] we can also use the Kerberos
key distribution algorithm for different key exchange.We
have achieved more security than Wang’s [3] scheme in our
protocols.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 105

Proceedings of ICCNS 08 , 27-28 September 2008
Security against the registration follows unconditionally. In
our scheme, Alice has p, q, g, x, x 1, x 2, y, y 1, V C and C CA,
Charlie has p, q, g, x 2, y and y 1. Indeed, if Charlie accepted
the values (p, q, g, y, y 1, δ, δ 1, x 2, ID A) in the registration, it
means that m ≡ g s y r’ r mod p, m ≡ g s1 y 1
r1’
r 1 mod p and s = s 1
+ r 1’ x 2 mod p is valid. Also, any valid partial signature δ 1 =
(r 1, s 1) satisfies r 1 = mg -k mod p, r 1’ = r 1 mod q, s 1 = k - r1’x
mod p. Therefore the resolved full signature δ=(r, s): r = r 1,
r 1’ = r 1 mod q, s = s 1 + r 1’ x 2 mod p satisfies x 2 = x 1 − x, and
thus must pass the usual verification algorithm. Charlie can’t
obtain (x, x 1) in the registration. So, the registration is
security.
Security against the exchange follows unconditionally. In
the exchange process, Alice sends Bob (C CA, V C, δ 1, δ 2), Bob
can’t obtain (x, x 1, x 2). Besides, Alice uses a random number
k in every signature. The k has no effect to Bob and Charlie
for verifying. Bob has no other way to produce the signature δ
and δ 1. If Bob does not receive the multi-signature δ (in step 3
of exchange protocol), or if δ is invalid (in step 4), he can
obtain δ from Charlie by initiating the dispute resolution
protocol. If Alice does not receive the merchandise (in step 2
of exchange protocol), she lost nothing. Because the value δ 1
sent to Bob in step 1 has no intrinsic value, but serves as
Alice’s commitment to the exchange. So, we can see during
the exchange process, there is no party losing benefits.
[8] William Stalling. “Cryptography and Network Security”.
[9] http://java.sun.com/docs/books/tutorial/security/apisign/index.html
VI.CONCLUSION
We improved a DSA signature scheme, presented a novel
method for constructing efficient optimistic fair-exchange
protocols using DSA-based multi-signatures. Comparing with
the signature scheme in [Park’s], [Dodis’s], [Wang’s],
[Boyd’s] [1], [2], [3], [4], our scheme is more efficient and
secure than the schemes in [Park’s], [Dodis’s], [Wang’s],
[Boyd’s] [1], [2], [3], [4]. Our scheme uses multi-signatures
that are compatible with the underlying (single-signer)
signature, which implies that implementing the fair-exchange
feature on top of an existing e-commerce system is less
complicated. Also we have successfully implemented the
EOFEP.
REFERENCES
[1] J. M. Park, E. Chong, H. Siegel, and I. Ray. “Constructing fair
exchange protocols for E-commerce via distributed computation of
RSA signatures.” In 22-th Annual ACM Symp. on Principles of
Distributed Computing, Pages172-181, 13- 16 July 2003.
[2] Y. Dodis, L. Reyzin. “Breaking and Repairing Optimistic Fair
Exchange from PODC 2003.” In proceedings of the 2003 ACM
workshop on Digital rights management, Pages 47-54, 27 October,
2003.
[3] Wang Shaobin, Hong Fan, Zhu Xian. “Optimistic Fair-exchange
Protocols Based on DSA Signatures.” In 2004 IEEE <strong>International</strong>
<strong>Conference</strong> on Services Computing (SCC’04)
[4] C. Boyd. Digital multi-signatures. “Cryptography and coding”, Pages
241-246, 1989.
[5] A. Boldyreva. “Efficient threshold signatures, multisignatures and
blind signatures based on the Gap-Diffie-Hellman-group signature
scheme”. In Desmedt [14].
[6] National Institute of Standards and Technology, NIST FIDS PUB
186, “Digital Signature Standard”, U.S. Department of Commerce,
May 1994.
[7] K. Nyberg and R. A. Rueppel, “Message Recovery for Signature
Schemes Based on the Discrete Logarithm Problem”, Advances in
Egyptology-EUROCRYPT’94 Proceedings, Springer-Verlag, 1995,
to appear
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 106

Proceedings of ICCNS 08 , 27-28 September 2008
Improved Algorithmic Routing for Disruption
Tolerant Network
Mohammad Arif, Rama Shankar Yadav
Abstract—Disruption tolerant networks are used in the
situations where the end to end connectivity is not certain and
in the environment which are characterised by very long path
delay. As routing for delay tolerant network is an emerging
topic of research, many approaches have been devised for it.
In this paper we have developed an algorithmic technique for
the routing in disruption tolerant network. In this technique
we have emphasized on minimizing the delay and
maximizing the delivery ratio. Unlike other approaches we
maintained only one copy of message at one point of time in
the network. We used breadth first search algorithm and
modified it to find the route from source to destination and
repeat the algorithm for each destination. It is a unicastmulticast,
meaning that it is multicast like situation but every
time source want to send data to some destination, it will
apply the algorithm to find the path for that specific node and
then forward the data along that path. It will also include the
multicasting up to some extent.
Keywords—Mobile Computing, Routing, Delay Tolerant
Network, Intermittent Connectivity, Network Topology.
I. INTRODUCTION
Disruption Tolerant Network (DTN) is challenging
network architectures because end to end path between
source and destination may not exist as the links
between the nodes are opportunistic. A DTN is a
network of regional networks. It is an overlay on the
top of the regional networks, including the internet.
These types of networks are applicable in military
combat situations, civilian applications of vehiclebased
mobile data centers, disaster relief situations
where fixed infrastructure may have been destroyed.
Mohammad Arif is with Al-Falah School of Engineering &
Technology, Dhauj, Faridabad, Haryana, India (Institute Phone No. :
0091-129-2206223, Mobile: 0091-9873256208: e mail:
arif_mohd2k@rediffmail.com).
Rama Shankar Yadav is with Motilal Nehru National Institute of
Technology, Allahabad, Uttar Pradesh, India. (e-mail:
rsy@mnnit.ac.in).
A commuter bus as it moves through rural areas
providing connectivity by acting as a store and forward
switch is also an example. In traditional ad hoc
networks end to end path is must, but in contrast, DTN
based communication scheme imply asynchronous
communication but achieve better reachability,
particularly in sparsely populated environment or in the
environment which are characterised by very long
delay paths.
In traditional TCP/IP based protocol end to end path
between the communicating nodes is necessary and
round trip delay must be so small so that data transfer
can be done. But in the case of DTN, it is difficult to
ensure end to end path for an ongoing data transfer due
to frequent network partition and sparsely connected
networks. Long round trip delay makes it impossible to
provide acknowledgement and retransmission.
In this paper we have devised a routing algorithm in
which we have used breadth first search which can
cope up with the changes in the network topology over
a period of time. We simulated our algorithm in NS2
and we have proved our algorithm on the basis of the
performance metrics such as delivery ratio and end to
end delay.
Rest of the paper is organized as follows: In section 2
we have mentioned the related work. In section 3 we
have explained our proposed scheme. In section 4 we
presented and discussed the simulation model and the
results. In section 5 we have summarized the
conclusion.
II. RELATED WORK
DTN is an overlay on the top of the regional networks,
including the internet which provides network services
and interoperability among them. Many researchers
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 107

Proceedings of ICCNS 08 , 27-28 September 2008
have proposed the routing algorithm in which they
have considered the intermittent connectivity of the
links [12]. Some of them [2, 3] have modified the
Dijkstra’s shortest path algorithm by including the link
weights and also considered the waiting time due to
disconnection of links.
In the recent time the attention of the researchers have
been diverted towards the networks in which the
network partitions occur very frequently or sparsely
connected networks. Many of the algorithms
emphasized on the characteristics of the mobility of the
nodes such as epidemic routing in [4]. Some proposed
the spray and weight scheme in which the flooding
overhead have been reduced by spaying the limited
number of copies of the message in the network and
wait until it reach he destination [5].
Some researches like [6] devised the mobile nodes
which are called message ferries which move in a
predictable manner in the network to collect and
transfer the data.
CAMR
In [7], the author presented a multicasting scheme
called CAMR which works in the environment where
the nodes are moving in the sparsely connected
network. In this paper he suggested that firstly the
communicating node will try to find the neighbor by
sending the route request with regular power of
transmission (say 250 m) but if the topology is sparsely
connected then it will send the route request with high
power transmission (say 500 m). If any intermediate
node or the receiver gets the request with high power,
obviously it will respond with high power reply. If
sending node gets the response with high power it will
move towards the receiving node to transfer the data
with regular power.
III. Algorithmic Routing
In this section we have presented the Algorithmic
Routing. We have made the assumption that link state
change is predictable [12]. In [6] the author has used a
message ferry which moves in a predictable manner to
help in collecting and delivering the data. In this the
author tried to show that by making the non random
movement of node, the delivery of data can be planned
more efficiently. We also have assumed that links have
sufficient bandwidth, required to carry the data.
a. Algorithm Terminology
We have considered the entire topology as an
undirected graph G and then applied the breadth first
search algorithm on it to find the route from source
node to all destination nodes. In graph G = (V, E), V
stands for the set of vertices (nodes are considered as
vertices) and E stands for set of edges. One node
among V is the source node and is represented by “s”.
An edge is (u, v) which can be add or deleted any time
in the delay tolerant network. The graph is represented
as adjacency list representation which consists of the
arrays for each node in V. There will be some edges
which will be fixed, that edges will be called static
edges and the edges which are added or deleted are
called dynamic edges. We assume the starting time as
t 0 . We have taken a linked list Events(u, v, t e , a)
representing the events of addition and deletion of
edges which will be sorted by the event time t e . Here
(u, v) G is an edge which can be added or deleted at
any time t e and “a” represents the action which can
either ADD or DELETE. We have taken an upper limit
of time T, which should be as T > t 0 . The search is
restricted within this time T to avoid the endless search
and to avoid the endless event list where the edges are
added and deleted regularly. If the upper limit of time
T has reached then it will not consider any new event
and algorithm will be terminated.
b. Algorithm Description
We have an undirected graph G, at the start time t 0 , end
time T, source node s and the event list Events. The
algorithm calculates the earliest time in which a
message originated at s can reach to any other node of
G within the time T if possible.
The source first broadcast the message to reach the 1-
hop neighbor nodes. If the destination is 1-hop away,
then the algorithm will be terminated here only. In that
case we will not apply the algorithm. If the destination
is more than 1-hop away then in that case the Traversal
and Route , both the algorithms will be applied from
source to find the best possible or we can say the
shortest path to reach the destination. So first apply the
Traversal initially to discover the nodes reachable
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 108

Proceedings of ICCNS 08 , 27-28 September 2008
immediately from s. We assume that all nodes
reachable during the initial search are discovered at
time t 0 and are marked. Now we process each event in
the list Events. We always update E when ever any
edge is added or deleted. An edge can be added at any
time which means that a new node has been
discovered. In such case we will apply the breadth first
search on the newly discovered node as the new source
node. All new nodes discovered during the search are
marked with the time of the event t e , that led to their
discovery. Whenever an ADD event takes place, it
discovers the new node due to which the route is
extended. If a DELETE takes place, it means that only
topology has changed, length of route may or may not
shorten.
In our algorithm given in Figure 1, we used d to store
the distance in the terms of number of hops from the
source node, F is a first-in-first-out queue. π, is the
predecessor node. We use WHITE to denote nodes
which are not yet discovered, and GRAY nodes
represent the discovered nodes which are being
explored. BLACK, for nodes discovered and explored.
We first modify the standard breadth-first search
algorithm to store the time of discovery t d for each
node discovered. At the end of the execution of the
breadth first search algorithm, all nodes are colored
BLACK.
We next introduce the constraint that the amount of
storage available at any node is limited. If S u is the total
storage available on node u, m is the size of the
message, and s u is the amount of storage in use at node
u at a given time, we must ensure that: s u + m ≤ S u
To enforce storage constraint, we implement a drop
policy on each node. Using the route found by
Traversal algorithm, a message as it is being
transmitted could be dropped due to storage constraint
along the path. For a drop policy, we propose that the
message with the longest life time in a queue would be
dropped when there is no available storage.
We used breadth first search algorithm and modified it
to find the route from source to destination and repeat
the algorithm for each destination. It will be unicastmulticast
meaning that it is multicast like situation but
every time source want to send data to some
destination, it will apply the algorithm to find the path
for that specific node and then forward the data along
that path. We have also assumed that the link state is
predictable, i.e. we know in advance when the new
node will be added or deleted.
IV. Performance Evaluation
To evaluate the performance of different routing
algorithms, we implemented proposed scheme and
CAMR in the NS2 simulator. Table 1 shows the
simulation parameters used in the simulations. The
performance metrics that are used to compare different
multicast routing approaches are:
Message Deliver Ratio: It is defined as the number of
successful transfers which successfully arrive at all the
receivers over the total number of messages which are
expected to be received. Because of the long link
disconnections, many transfers will still be in progress
within the network at the end of simulation time. We
do not count those in our calculation of delivery ratio.
Delivery ratio = S / (S + N + D)
Number of successful transfers (S): this metric defines
the number of complete transfers with storage on
intermediate nodes.
Number of No Routes (N): this metric defines the
number of transfers that result in incomplete paths to
the destination because the BFS algorithm fails to find
a path within the given LAT.
Number of message drops (D): this metric defines the
number of transfers failing to complete because of
storage unavailability at intermediate nodes.
Average Message Delay: It is defined as the average
of the end to end message delivery latencies for each
algorithm.
Data Efficiency: It is defined as the ratio between the
packets received successfully by the receivers and the
total data traffic (i.e. data packets and the control
packets) generated in the networks.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 109

Proceedings of ICCNS 08 , 27-28 September 2008
_____________________________________
Traversal(G, x, t d )
1 F ← {x}
2 While F ≠ Ф
3 Do u ← head(F)
4 For each v Є Adj[u]
5 Do if color[v] == WHITE
6 Then color[v] ← GRAY
7 d[v] ← d[u] + 1
8 π[v] ← u
9 d t [v] ← t d
10 ENQUEUE(F,v)
11 DEQUEUE(F)
12 Color[u] ← BLACK
Route(G, s, t 0 , T, Evts)
1 Send the message to all 1-hop neighbors
2 If the destination is 1-hop away
3 then terminate the algorithm
and EXIT
Else do following steps
4 For each vertex u Є V[G] – {s}
5 Do color[u] ← WHITE
6 d[u] ← ∞
7 π [u] ← NIL
8 d t [u] ← NEVER
9 Color[s] ← GRAY
10 d[s] ← 0
11 Π[s] ← NIL
12 d t [s] ← t 0
13 Traversal (G, s, t 0 )
14 While Evts ≠ Ф
15 Do Evt ← DEQUEUE(Evts)
16 u ← u(Evt);
17 v ← v(Evt);
18 t e ← t e (Evt);
19 If a(Evt) == DELETE then
20 E ← E - (u, v)
21 Else Do E ← E U (u, v)
22 if color[u] ≠ color[v]
23 Then do
24 if color[u] ≠ BLACK
25 then swap(u, v)
26 d[v] ← d[u] + 1
27 π[v] ← u
28 d t [v] ← t e
29 Color[v] ← GRAY
30 Traversal (G, v, t e )
31 Repeat the above algorithm for each
Destination
_____________________________________
Figure 1: Algorithm for Routing
Simulation parameters
No. of nodes 40
Number of messages generated
per second on each node
Simulation time
Look-ahead-time (LAT)
Message size
Storage amount on each node
Simulation Area
Values
5, 10, 15
(msg/sec)
500 Sec
200 Sec
15KB
Table1: Simulation Parameters
a. Effect of Node Density
5, 10, 15MB
1Kx1K, 2Kx2K,
3Kx3K, 4Kx4K
In the first set of experiments we evaluate the effect of
node density on CAMR and proposed algorithm as in
Figure 2. Figure 2 (a) shows that as we increase the
simulation area (i.e. decrease the node density), delay
increases as the network becomes sparse. From Figure
2 (b) & 2(c) it is clear that data efficiency and the
dlivery ratio both are afected by the node density and
both increases on increasing the node density.
b. Effect of Traffic Load
In the second set of experiments we evaluate the effect
of traffic load on CAMR and proposed algorithm as in
Figure 3 and find that performance decreases because
message drop increases.
From Figure 3 it is clear that on increasing the traffic
load on each node of the network, the performance
deteriorates. Average delay increases and delivery ratio
& efficiency both decreases.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 110

Proceedings of ICCNS 08 , 27-28 September 2008
2 (a)
3 (b)
2 (b)
3 (c)
Figure 3: Effect of Traffic Load
c. Effect of Storage Capacity and
Traffic Load on Delivery Ratio
In the third set of experiments we evaluated the empact
of storage capacity and traffic load on delivery ratio.
Figure 4 expalins that on increasing the storage
capacity along with the traffic load , the delivery ratio
of proposed scheme improves and increases.
2 (c)
Figure 2: Effect of Node Density
3 (a)
Figure 4: Effect of Storage Capacity and Traffic Load
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 111

Proceedings of ICCNS 08 , 27-28 September 2008
V. Conclusion
We have presented an algorithmic approach for
developing a routing technique for delay tolerant
networks by modifying the well known breadth first
search algorithm. We made simplifying assumptions
with justification, such as predictability of link state
changes, to bring out the essence of our approach in its
simplest form. Through simulation we analyzed the
performance of the proposed routing algorithm using
appropriate metrics.
[9] K. Fall, “A delay-tolerant network architecture for
challenged Internets”, In Proceedings of
SIGCOMM’03, August 2003.
[10] W. Zhao, M. Ammar, and E. Zegura, “Multicasting
in delay tolerant networks: semantic models and
routing algorithms,” in the Proceeding of Sigcomm
Workshop in DTN, August 2005.
[11] DARPA Disruption Tolerant Networks program
http://www.darpa.mil/ato/solicit/dtn/.
[12] Padma Mundur, Sookyoung Lee, Matthew
Seligman. “Routing in Intermittent Network
Topologies”. In the Proceedings of ACM-
MSWiM’06. Malaga, Spain, October 2006.
Simulation results clearly show that delivery ratio, data
performance have been increased. The delay is also
improved and is minimised.
References:
[1] Forrest Warthman. “Delay Tolerant Networks – A
Tutorial” DTN Research Group Internet Draft,
March 2003 Vreson No. 1.1. http://www.dtnrg.org.
[2] J. Alonso, and K. Fall. “A linear programming
formulation of flows over time with piecewise
constant capacity and transit times”. Technical
report IRB-TR-03-007, Intel Research Berkeley,
July 2003.
[3] S. Jain, K. Fall, and R. Patra. “Routing in a delay
tolerant network”. In ACM Sigcomm 2004,
Portland, OR, 2004.
[4] A. Vahdat and D. Becker. “Epidemic routing for
partially connected ad hoc networks”. Technical
Report CS-200006, Duke University, April 2000.
[5] T. Spyropoulos, K. Psounis, and C. Raghavendra,
“Spray and wait: an efficient routing scheme for
intermittently connected mobile networks,” in
WDTN ’05: Sigcomm’05 DTN workshop, 2005, pp.
252–259.
[6] Zhao, W., Ammar, M., and Zegura, E. Message
ferrying approach for data delivery in sparse mobile
ad hoc networks. In Proceedings of the 3rd ACM
<strong>International</strong> Symposium on Mobile Ad Hoc
Networking and Computing (Mobihoc), Tokyo,
Japan, May 2004.
[7] Peng Yang, Mooi Choo Chuah. “Context-Aware
Multicast Routing Scheme for Disruption Tolerant
Networks”. In proceeding of PE-WASUN'06,
October 6, 2006, Torremolinos, Malaga, Spain.
[8] Mohammad Arif, Rama Shankar Yadav, Karan
Singh. “Survey on Routing in Delay Tolerant
Networks (DTNs)”. In the Proceedings of the
National <strong>Conference</strong> on Emerging Trends in
Computer Science & Information Technology
(ETCSIT-08), pages: 171-182, AFSET, Fardabad
(Haryana). April 23, 2008.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 112

Proceedings of ICCNS 08 , 27-28 September 2008
Implementation of Protocol Anomaly Detection
System for Network Security
Prof. Sahana K. Bhosale, Prof. Ravindra P. Joshi, and Prof. Prakash H. Patil
Abstract - Network management platforms provide
flexible facilities for setting up custom applications able
to detect protocol anomalies on a specific environment.
This is because each network is made of users, services
and computers with a specific behavior that is then
reflected in the generated network traffic. Protocol
anomaly detection works by analyzing application level
traffic, commands and behavior, blocking and denying
undesirable otherwise inappropriate commands. Goal of
this paper is to show that in every network there are some
global variables that can be probably used for detecting
network anomalies, regardless of the type of network
users and equipment. As most of the relations among
these variables are fixed, this paper shows that it is
possible to define generic network rules aimed to
automatically detect selected network/protocol anomalies.
Finally, the paper covers the design and implementation
of an open-source application used to effectively validate
this work on a large campus network.
Key Words - Anomaly, Detection, Correction, Protocol,
Intrusion Detection System (IDS), Signatures
I. INTRODUCTION
The most common network issues that continue
to plague the corporate world are securing their
network from attacks. Worms, port scans, ARP
floods, IP spoofing, IP fragmentation, ping of death,
SYN flood, UDP flooding, DNS spoofing and other
network anomalies attack the availability and are
able to abuse network and bandwidth resources. In
common, the IDS/IPS is known as “attack
prevention technologies”. In this paper, the basic
concepts of IDS are covered first, followed by the
actual implementation in a campus network [1].
Prof. Sahana K. Bhosale is Assistant Professor at the
<strong>International</strong> Institute of Information Technology (I 2 IT),
Hinjawadi, Pune - 411057, India (e-mail:
sahanab@isquareit.ac.in)
Prof. Ravindra P. Joshi is Professor at the <strong>International</strong>
Institute of Information Technology (I 2 IT), Hinjawadi,
Pune - 411057, India (e-mail: ravindraj@isquareit.ac.in)
Prof. Prakash H. Patil is Assistant Professor and Head,
E&TC Dept. at the Indira College of Engg. and
Management, Pune, India (e-mail:
phpatil2005@yahoo.co.in)
An Intrusion is defined as any set of actions that
attempt to compromise the integrity, confidentiality,
or availability of a resource. It is the violation of
the security policy of a system or a network.
Intrusion detection is the methodology by which
intrusions are detected. This methodology can be
categorized into two: “anomaly” detection and
“misuse” detection. There are two types of IDS:
“network-based IDS” and “host-based IDS”. A
network-based IDS collects, filters, and analyses
traffic that pass through a specific network location.
In host-based IDS, each computer has an IDS client
installed that reports either locally or to a central
monitoring station. The advantage of host-based
IDS is that the internal operation and configuration
of the individual computers can be monitored.
The purpose of anomaly detection is to find
abnormal usage of a system/network, possibly
indicating intrusions. Normal usage is described
using profiles that can be built using either
statistical measures or rules. The profiles are built
either from a set of presumed non-intrusive usage or
continuous monitoring [2]. A weakness with
continuous monitoring is that it is vulnerable to
gradual change of usage. Rules used for building
profiles can be generated manually or automatically
by the administrator. A weakness when using rules
is that the detection abilities depend on the
knowledge about the normal usage; this weakness is
not there in the automatically generated rules.
Anomalies can be detected by comparing current
usage with the profiles. Anomaly detection covers
a number of different threats and is most effective
for intrusions by authorized users who don’t bypass
the system security mechanisms but merely violate
a security policy.
II.
DATA COLLECTION METHODS FOR
INTRUSION DETECTION
Intrusion data basically comes from two sources:
audit logs and system information. Under UNIX,
Syslog provides functionality for recording
information that is hard to tamper with. Ordinary
system information, such as process status, and
packets appearing on the network interface also
provide data for intrusion detection [6]. The
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 113

Proceedings of ICCNS 08 , 27-28 September 2008
intrusion data comes from different levels of the
computer system. As a result, these levels
determine the type of events provided that are
logged on to the other applications (electronic bill
payment, direct funds transfer etc).
A. Application
User application can be augmented to produce
audit logs. These logs will contain information
about user actions within that particular application.
Database management systems usually have audit
functionality, as they control access to shared data.
B. Command
The commands typed in the command interface
(shell) are recorded in sequence. The commands
can either be built-in commands or starting arbitrary
programs.
C. Network
Information concerning network traffic, such as
communicating hosts, services, and transmitted data
can be logged through API or taping wire.
D. Operating system
Information at operating system level is logged
or extracted by a system call. This can be
implemented in the form of a layer, intercepting all
system calls or modifications to the kernel. Many
aspects of user behavior are available through
system calls such as login-time, process status,
system resource utilization [3].
E. Hardware
Certain characteristics of hardware usage are
relevant for logging. Methods like keystroke
analysis need information available at the hardware
level. In a host-based intrusion detection system,
intrusion data is collected at each host. The host
data can come from application, command,
operating system or hardware level. In network
intrusion detection, intrusion data is collected at
network level.
III. IDS IMPLEMENTATION METHODS
There are two important methods for
implementing IDS: the statistical method and the
rule-based method. There are other methods of
implementation like neural networks, traps, and
keystroke analysis. All these methods, except
keystroke analysis are generic, and can be applied
to all data levels.
A. Statistical
The statistical method is mainly used for
anomaly detection [5]. Statistical methods are used
to compare the profile against current usage. It can
also be used for misuse detection. The patterns of
misuse are described by the threshold values, which
are compared to the current usage [2]. It is often
based on the assumption about the distribution of
data results since many times these assumptions are
not valid.
B. Rule-Based
A rule-based system consists of rules and facts
together with a control mechanism for applying the
rules. The rule is basically a condition and the
resulting consequence or action. The condition is
specified in terms of data or facts that are analyzed.
The facts are variables which are either results
derived from the rules or explicitly as input. An
expert system is a type of rule-based system where
the knowledge of human system is represented as
rules.
Rule-based methods can be used for both misuse
and anomaly detection. The most common
approach is to represent known misuse as rules and
then apply these rules to the current usage. For
anomaly detection, the rules define the normal
usage and then each rule has an associated
probability or some other statistical measure.
One advantage when using rule-based methods
for intrusion detection is that good explanations of
suspected intrusions are given by showing the rules,
which were used. Rule-based methods are often
used to evaluate results from other components of
the intrusion detection system such as a statistical
component [7].
IV. PROTOCOL ANOMALY DETECTION
Protocol Anomaly Detection detects and blocks
previously unknown forms of attack without the
need for signature. A network attack signature is a
pattern that we want to look for in the network
traffic [4]. To better understand the signatures,
following examples are given.
A. Connection attempt from a reserved IP address:
This can be easily identified by checking the
source address field in an IP header.
B. Packet with an illegal TCP flag combination:
This can be found by inspecting the flags in a
TCP header against known good/bad flag
combinations.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 114

Proceedings of ICCNS 08 , 27-28 September 2008
C. Email containing a particular virus:
The attack prevention system can compare the
subject or attachment of each email with known
features of virus-laden email.
As we look at and analyze the above examples,
you can understand that the signatures range from
very simple such as checking the value of a header
field to highly complex which may actually track
the state of a connection or perform extensive
protocol analysis. Some signatures may tell you
which specific attack is occurring or what
vulnerability the attacker is trying to exploit, while
other signatures may just indicate occurring of
unusual behavior. It will often take significantly
more time and resources to identify the tool that
causes malicious activity, but it will give you more
information as to why you’re being attacked and
what the intent of the attack is.
A. Attack signatures based on headers:
Some header values are clearly abnormal, so
they make great candidates for signatures. A classic
example of this is a TCP packet with the SYN and
FIN flags set. This is a violation of RFC 793, which
defines the TCP standard, and has been used in
many tools in an attempt to circumvent firewalls,
routers and intrusion detection systems [9]. Many
exploits include header values that purposely
violate RFCs, because many operating systems and
applications have been written on the assumption
that the RFCs would not be violated resulting in
improper error handling of such traffic. Not all
Operating systems and applications completely
adhere to the RFCs. In fact, many have at least one
facet of their behavior that violates an RFC. Also,
over time, protocols may implement new features
that are not included in an RFC [10]. New standards
emerge over time which may “legalize” values that
were previously illegal; RFC 3168, for Explicit
Congestion Notification (ECN) is a good example
of this. Thus, an attack prevention signature based
strictly on an RFC may produce many false
positives.
Although illegal header values are certainly a
fundamental component of signatures, legal but
suspicious header values are at least as important.
For example, alerting on connections to suspicious
port numbers such as 31337 or 27374 (often
associated with Trojans) may provide a quick way
of identifying Trojan activity. Unfortunately, some
normal traffic may happen to use the same port
numbers. Without using a more detailed signature
that includes other characteristics of the traffic, we
won’t be able to determine the true nature of this
traffic. Suspicious but legal values such as a port
number are best used in combination with other
values.
B. Identifying possible signature components
Let we take an example of a worm activity to
make understand the issues in developing the
signature-based on header values. Consider the
Ramen Worm example and the detail information
about the worm is given in the Appendix. Here are
some of the IP and TCP header values that were
present in Ramen worm packets during the first
stage of the worm’s spread.
• Various source IP addresses
• TCP source port 21, destination port 21
• Type of service 0
• IP identification number 39426
• SYN and FIN flags set
• Various sequence numbers set
• Various acknowledgment numbers set
• TCP window size 1028
We look for values that are illegal, unusual or
suspicious. In many cases, these characteristics
correspond to the vulnerabilities that the attacker is
trying to exploit, or a particular technique that the
attacker uses. Packet values that are completely
normal don’t make good signature characteristics
by themselves, although they are often included to
limit the amount of traffic that we study. For
example, we would include the normal IP protocol
value of 6 for a protocol, so that we only check TCP
packets. But other characteristics that are
completely normal, such as the type of service set to
0, are much less likely to be helpful in signature
development
V. IMPLEMENTATION OF PROTOCOL
ANOMALY DETECTION SYSTEM
The previous section highlighted some network
traffic parameters used for detecting network
anomalies. This section describes the scenario
where this work has been validated and it shows
how dynamic traffic knowledge parameters have
been collected. In order to validate the work in a
real, large network, the authors decided to use the
whole network campus of <strong>International</strong> Institute of
Information Technology (I 2 IT), Pune as test bed.
The Cisco 2600 router sports both serial and
Ethernet interfaces. This router has been configured
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 115

Proceedings of ICCNS 08 , 27-28 September 2008
LAN
Internet Link
Router
Fig. 1: Validation Test Bed
Ntop
in a way that the traffic to/from Internet has been
mirrored on an Ethernet port where a home grown
traffic probe named Ntop has been installed (see
Fig. 3). This configuration allows the probe to see
all the traffic from/to the Internet that flows through
the 2 Mbps Internet link. Thus, the authors can
validate the work on a large network without having
to place different probes one in each department
under analysis. The use of a Cisco 2600 router
allows testing of thousand of traffic rules per port
with almost no performance degradation. Also, it
has a quite flexible configuration language that
enables administrators to define:
• Packets/volume counters for traffic that
matches some traffic rules (e.g. fragmented
HTTP traffic)
• Traffic shapers per network flow
• Filters for logging and discarding certain
kind of traffic.
Although the router is very flexible, its
measurement capabilities are quite rudimental as
they have been designed for measuring overall
traffic and not fine-grained host traffic. For this
reasons, we decided to enhance Ntop to integrate
into it the ability to measure all the traffic
parameters useful for detecting network anomalies,
and to store information into a database for
statistical analysis. The implementation of the
alarming system and anomaly detector has been
realized outside of Ntop, in order to avoid creating a
large monolithic application difficult to manage and
configure.
Fig. 2 highlights the current Ntop architecture.
The Ntop core is responsible for capturing and
analyzing network packets. Most of the information
is kept in memory with some limited caching on
disk for storing data accessed very seldom. For each
monitored host, Ntop has a set of counters that keep
track of the relevant network activities including
(but are not limited to):
- The total traffic (volume and packets
sent/received) generated/received by the host
classified according to network protocol (IP,
IPX, AppleTalk, etc.) and when applicable, IP
protocol (TCP, UDP, ICMP, FTP, HTTP, NFS)
- TCP session history: source/destination,
duration, TCP sliding window size and TTL
statistics, retransmitted data and fragmented
packets percentage.
- Host used TCP/UDP services, operating system
type, and address tracking by means of DHCP
monitoring.
- Traffic distribution (local vs. remote traffic),
network usage (contacted peers, traffic
generated by each running application), overall
used bandwidth (actual, peak, and average),
local subnet traffic matrix.
- Packets distribution: total number of packets
sorted by packet size, unicast Vs. multicast vs.
broadcast, and IP vs. non-IP traffic.
- Protocol utilization and distribution according
to both protocol and source/ destination.
Report Engine
Packet sniffer
& analyzer
Traffic Stats
Alarms
RRD
Threshold
Analyzer
SQL DB
Fig 2: Ntop Security Architecture
In addition, Ntop has been extended with new
counters (one for data sent, and one for data
received) to detect all the anomalies listed below.
TCP flags
Scanning
TCP
connections
Fragments
ICMP
Protocol
checker
Other
TABLE 1
Ntop Host Security Counters
SynPkts, rstPkts, rstPkts, synFinPkts,
finPushUrgPkts
AckScan, xmasScan, finScan, nullScan,
udpToClosedPort,
UdptoDiagnosticPort,
tcpToDiagnosticPort
RejectedTCPConn, establishedTCPConn,
ClosedEmptyTCPConn,
incompleteTWHandshaking
TinyFragment, icmpFragment,
overlappingFragment, icmpFragments
IcmpPortUnreach, icmpHostNetUnreach,
icmpProtocolUnreach,
icmpAdminProhibited, icmpToBroadcast
InvalidHTTPReq, invalidFTPReq,
invalidSMTPReq, invalidSSHReq
LandAttackPkts, malformedPkts
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 116

Proceedings of ICCNS 08 , 27-28 September 2008
Whenever a counter goes above a threshold, the
counter that keeps track of the problem is
incremented, an alarm is emitted, and the packet(s)
that triggered the alarm is stored on disk for later in
depth analysis. Ntop generated alarms are both
stored in a SQL database and used to alert users
using several ways including SNMP Traps, GSM
SMSs, and instant messengers. Although alarms
and counters can partially overlap, the authors have
decided to have both for two reason. First, some
problems (e.g. port scan or fragmented ICMP
packet) are evident after just one alarm, hence the
alarming subsystem can alert the user as soon as it
sees an alarm without having to wait the polling
time. Second, further problems (e.g. network scan)
cannot be detected with one single Ntop generated
alarm but with a broader view of the overall
network traffic over a specified period of time.
The alarming subsystem is split into two
independent components: traffic information
storage, and a traffic analyzer. The first one is
responsible for periodically polling traffic
information (represented in simple ASCII or using
high level languages such as XML) out of Ntop via
HTTP and storing it on disk. In order to create a
modular system the following conventions have
been used:
- Each counter of each host is stored using the
RRDTool on a different RRD (Round Robin
Database) as this format allows to easily
maintain large amount of data over the time
with limited effort.
- Supposing to store the value of counter
tinyFragmentSent for host Y, the RRD file that
contains the counter is stored on
$DATA DIR=Y=tinyFragmentSent.rrd
The traffic analyzer is a component written in
Perl and responsible for analyzing and correlating
the data stored in RRD, and generated alarms. The
correlation rules used by the traffic analyzer are
stored on a table inside the same SQL database
where the alarms are stored. The format of that
table that contains the rules is the following:
< counter comparison expression > < time period >
< action >. For instance:
“for each host if ((# ARP requests) - (# ARP
responses) > 20) over the past 10 minutes then send
a trap'' is translated in one SQL table row:
(arpSentarpRcvd)
> 20
10 ALARM 'Host $host is
sending too many ARP
requests: (network scan
attempt)'
“if host jake sent more that 5 packets to a closed
UDP port in the past 15 minutes then send a trap''
becomes:
jake.udpToClos
edPort >5
15 ALARM Host $host sent
too packets to a closed
UDP port over the past
$timePeriod minutes
Where,
- The < counter comparison expression > is
expressed as < host >: < counter >: if the
host name is not specified then the rule is
applied to all stored hosts.
- The variable names start with the dollar
sign $ and are expanded by the traffic
analyzer at runtime for each matching rule.
As the counters rely on RRD, the analyzer takes
advantage of the facilities offered by RRD for
analyzing the counter archives and validating the
expression: .
Nevertheless, it is usually not very wise to emit an
alarm every time the analyzer detects that a counter
is above the specified threshold. In fact, some early
tests have shown that it does not make sense to emit
an alarm whenever Ntop detects a suspicious event
such as data sent to a closed port or a not completed
three-way handshake. In addition, in order to detect
events such as network mapping it would be
necessary to control most of the hosts of the
network, making life difficult for network anomaly
applications developers. For the above reasons it
has been introduced the concept of risk factor, an
integer value in the range 0-100 that shows how
likely the system has detected an anomaly in the
network. The risk factor is implemented in the
analyzer as follows:
- The < action > _field can contain the value
RISK < X > where < X > is the value of the
risk factor.
- Whenever the traffic analyzed encounters for a
host Y a matching rule containing as RISK
action, it increments of X the value of the RRD
file $DATA_DIR/Y/ -riskFactor.rrd.
- As soon as the value of
$DATA_DIR/Y/riskFactor.rrd for the current
timeframe goes above 100, an alarm is emitted
(no additional alarms are emitted if the value is
further incremented by additional rules).
As stated before, the Ntop probe has been
attached to an Ethernet port of the Cisco router and
configured to analyze all the Internet traffic
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 117

Proceedings of ICCNS 08 , 27-28 September 2008
generated/directed to the campus hosts. The
alarming subsystem (running on the same host
where Ntop is active) stores once every 5 minutes
the Ntop traffic counters on disk and validates the
traffic correlations rules against the stored traffic.
The main goals of the validation have been to:
- Prove that the proposed architecture and
implementation can work effectively on a real
large network
- Put at work the traffic information gathered by
Ntop as shown in the previous section by using
the border gateway
- Create a set of correlation rules that allows the
campus network administrators to be noticed
about security violations of campus hosts.
VI. CONCLUSION
In this paper, we discussed the protocol-based
anomaly detection system and deals with the basics
of anomaly detection and related challenges. It
gives a detailed explanation of anomaly pattern and
a design for the same. The design allows
integration of anomaly-based techniques in order to
prevent all the major attacks against networks. Its
modular concept provides an adequate
infrastructure to dynamically add a new
functionality to the system. By taking packets from
the protocol stack itself, only the legitimate packets
are passed and processed.
VIII. REFERENCES
[1] Daniel Blomqvist et al. “Intrusion Detection: A Study”
Technical Report, Uppsala University, June 1995. ISSN
0283 - 0574.
[2] Sandeep Kumar et al. “An application of Pattern Matching
in Intrusion Detection”, Technical Report, Purdue
University, June 1994. CSD-TR-94-013.
[3] Alfred V Aho et al. “Compilers: Principles, Techniques and
Tools”, Addison Wesley, 1986.
[4] R.S. Boyer and J.S. Moore. “A Fast String Searching
Algorithm”, Communications of the ACM, 20(10): 262-272,
1977.
[5] Dorothy E. Denning, “An Intrusion Detection Model”, In
IEEE Transactions on Software Engineering, number 2, page
222, Feb 1987.
[6] Koral Ilgun. “USAT: A real-time Intrusion Detection System
for UNIX”, Technical Report, University of California,
November 1992.
[7] Karen Kent Frederick. “Network Intrusion Detection
Signatures”, Technical Paper, www.securityfocus.com.
2005.
[8] Christian Charras et al. "Handbook of Exact string matching
algorithms”, Technical Report, Available {online].
http://www-igm.univ-mlv.fr/%7Elecroq/string/
[9] Stephen Northcutt et al. “Network Intrusion Detection, An
analyst’s Handbook”, Second Edition, New Riders.
The set of rules/thresholds/actions produced
during the validation phase and the learnt
experience has allowed campus network
administrators to instrument the campus border
router for:
- Blocking the most common attacks
- Detecting common trojans that have been
installed on campus hosts
- Counting valid yet suspicious traffic
- adding traffic shaping rules for limiting the
bandwidth of some class of traffic (e.g.
SYN packets)
VII. ACKNOWLEDGEMENTS
Authors are thankful to Dr. Bharat S. Chaudhari,
Dean Academics and Head of the Dept. for
encouraging us to conduct this research work in the
Networking & Telecommunication laboratory.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 118

Proceedings of ICCNS 08 , 27-28 September 2008
Security enhancement by reliable secret sharing
and embedding using bit plane complexity
segmentation
SONALI PATIL, DR. ARPITA GOPAL, AMRESH NIKAM, M. A. POTEY
Abstract- Many researchers have separately developed secret image
sharing scheme and image hiding schemes over years. Some
researchers have been integrating image sharing technique and image
hiding technique with the purpose of hiding secret images and
authentication. However, researchers have not yet explored the
combination of a reliable secret image sharing scheme with reduced
secret size and embedding technique with high data hiding capacity
for images without size constraint. This paper presents a scheme that
divides secret image into n image shares and then embeds the image
shares in cover images with high data hiding capacity technique. The
original image can be reconstructed by using the same embedding
technique on at least k shares where k ≤ n. This technique helps in
enhancing the reliability as even if not all image shares reach the
destination the original image can be reconstructed, and increases the
security as the image shares are embedded in cover images hence not
attracting the attacker’s attention. The experimental results show that
the proposed scheme achieves reduced secret image share size and
very high embedding capacity making it more suitable for
transmission on the network. This scheme also provides high security
and reliability for image hiding, transmission and reconstruction.
Keywords- information hiding, matrix projection and visual
cryptography.
1. INTRODUCTION
Secure transmission of data is more and more needed in the
worldwide computer network environment. The effective and
secure protections of sensitive information are primary
concerns where only encrypting data is not the solution.
1.1 Existing techniques to overcome the problem:
To transmit or store an image in a safer way against
interceptor, there are at least three possible major approaches:
encryption with keys; sharing the image among distinct
channels/places; hiding the image in other media or objects.
None of these techniques provide high degree of security and
reliability at the same time. These techniques are discussed
below.
Sonali Patil, Sinhgad Institute of Business Administration and Research,
Kondhwa – Pune (sonalimpatil@gmail.com).
Arpita Gopal, Sinhgad Institute of Business Administration and Research,
Kondhwa – Pune (aina@rediffmail.com).
A. V. Nikam, Sinhgad Institute of Business Administration and Research,
Kondhwa – Pune (amresh_n2000@rediffmail.com).
M. A. Potey, D. Y. Patil College of Engineering, Akurdi – Pune
(mapotey@gmail.com ).
1.2 Sharing:
Shamir [1] and Blakley [2] invented two (k, n) thresholdbased
SSS independently in 1979. The general idea behind
“secret sharing” is to distribute a secret (e.g.,
encryption/decryption key) to n different participants so that
any k participants can reconstruct the secret, and any (k − 1)
or fewer participants cannot reveal anything about the secret.
Karnin [3] suggested the concept of perfect secret sharing
(PSS) where zero information of the secret is revealed for an
unqualified group of (k −1) or fewer members. For these
requirements in PSS schemes, a secret has zero uncertainty if
k or more participants can discover the secret. On the
contrary, the secret, in PSS schemes, remains the same
uncertainty for (k − 1) or fewer members. Therefore, there is
no information exposed to (k−1) or fewer members. When
exposed information is proportional to the size of the
unqualified coalition, these types of SSS are referred as a
ramp secret sharing (RSS) [4], [5]. Various research papers
are devoted on the topics of PSS schemes [6], [7] and RSS
schemes [8], [9].
Naor and Shamir [10], [11] extended the secret sharing
concept into image research, and referred it as visual
cryptography. Visual cryptography is a PSS scheme, and
requires stacking any k image shares (or shadow images) to
show the original image without any cryptographic
computation. They are not applicable for lossless image
recovery due to: i) image shares have larger image size
compared to the size of the original secret image and ii) the
contrast ratio in the reconstructed image is quite poor. Thien
and Lin [12] have presented a better image secret sharing
approach. With some cryptographic computation, they
cleverly used Shamir’s SSS to share a secret image.
1.3 Embedding:
Most of the image embedding programs use image data (cover
image) as a container, for hiding the confidential information
and some use the least significant bits [13] of the image data
(cover image) to hide the confidential information. Other
programs embed the confidential information in a specific
band of the spatial frequency component of the carrier.
Nakamura’s [14] embedding method paid attention to the
frequency redundancy of the images, while still others make
use of the sampling error in image digitization. However, each
of these embedding methods has relatively small information
hiding capacity, allowing only 5-15% of the cover image to
hide information.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 119

Proceedings of ICCNS 08 , 27-28 September 2008
This capacity is generally sufficient for “watermarking” or
placing a digital “signature” onto computer data, but is
generally insufficient for confidential human-to-human
communication applications.
1.4 Sharing and hiding:
Very few have proposed the combination of secret image
sharing and hiding techniques. These techniques give higher
reliability and security at the same time compared to only
sharing or only hiding techniques. Chin-Chen Chang and Duc
Kieu [15] have proposed a novel secret sharing and
information-hiding scheme by embedding a secret image and
a secret bit stream into two shadow images. It has limited
reliability and shadow image size is more. Y.S. Wu, C.C.
Thien, and J.C. Lin [16] have proposed sharing and hiding of
secret images but with size constraint.
1.5 Proposed technique
Our technique proposes a combination of information sharing
and hiding techniques for secret image using a cover image to
provide greater reliability and security. The proposed method
involves a "transmitter" and many "receivers". The transmitter
chooses a secret image and applies reliable secret sharing
scheme on it, to obtain the corresponding image shares. Every
share is individually embedded into cover image using BPCS
(Bit Plane Complexity Segmentation) [17] method. Finally,
the transmitter electronically transmits the images with
embedded data (stego images) to the receivers. Receivers
process the received image by applying the reverse of BPCS
technique to obtain the embedded image shares. The receivers
should obtain minimum k image shares to reconstruct the
original secret image. During the transmission even if few
image shares are lost and not all but k image shares are
received the original image can be reconstituted providing
greater degree of reliability. Also since original secret image
is divided into image shares and embedded using cover image
it doesn’t attract attacker’s attention hence providing better
security.
2. Review of Secret Sharing Schemes
2.1 Shamir’s [1] Secret Sharing Scheme
Shamir developed the idea of a (k, n) threshold-based secret
sharing technique (k ≤ n). The technique allows a polynomial
function of order (k −1) constructed as,
f(x) = d 0 + d 1 x 1 + d 2 x 2 + . . . + d k-1 x k-1 (mod p), where the
value d 0 is the secret and p is a prime number.
The secret shares are the pairs of values (x
i
, y
i
), where
y i = f(x i ), 1 ≤ i ≤ n and 0 < x 1 < x 2 . . < x n ≤ p − 1.
The polynomial function f(x) is destroyed after each
shareholder possesses a pair of values (x i , y i ) so that no single
shareholder knows the secret value d 0 . In fact, no groups of (k
− 1) or fewer secret shares can discover the secret d 0 . On the
other hand, when k or more secret shares are available, then
we may set at least k linear equations y i = f(x i ) for the
unknown d i ’s.
The unique solution to these equations shows that the secret
value d 0 can be easily obtained by using Lagrange
interpolation [1].
Shamir’s SSS is regarded as a PSS scheme because knowing
even (k − 1) linear equations doesn’t expose any information
about the secret.
2.2 Bai’s[18] Matrix Projection Secret Sharing Scheme
Bai developed a SSS using matrix projection. The idea is
based upon the invariance property of matrix projection. This
scheme can be used to share multiple secrets, and detail of the
scheme can be found in [18].
3. Review of Image embedding schemes
Image embedding hides a secret message in a cover image,
this process is usually parameterized by a hide-key, and the
detection or reading of embedded information is possible only
by having this key.
3.1 Least Significant Bit Insertion [13]
In this method the secret message is embedded into the least
significant bit plane of the image. Since this only affect each
pixel by +/- 1, if at all, it is generally assumed with good
reason that the degradation caused by this embedding process
would be perceptually transparent. Hence there are a number
of LSB based steganography techniques available in the
public domain. The problem with this method is that it does
not provide protection against small changes resulting from
lossy compression or image transformations. The other
disadvantage of this method is that it is having very less data
hiding capacity. Therefore, improvements as suggested by R.
J. Anderson and F. A. P. Petitcolas [19] are urged for LSB.
3.2 Adaptive MELSBR Method [20]
To avoid changing the properties of cover-images, the
message must be embedded in "random texture" areas of each
bit-plane. For taking advantage of local characteristics, an
adaptive steganography method based on the Minimum Error
LSB Replacement (MELSBR) method is proposed. First, the
upper bound of embedding capacity for each pixel in the
cover-image is evaluated. If the amount of message to be
embedded is less than the total embedding capacity provided
by the cover-image, whole secret message will be embed in a
local area and it can be easier for the attacker to extract the
secret. To treat this scattering method is provided.
4. Our Proposal
The proposed technique is a combination of (a) Construction
of secret image shares and embedding shares in cover images;
and (b) Reconstruction of original secret image. This
technique provides enhanced security and reliability than any
other existing technique.
4.1 Construction of secret image shares and embedding
Sharing:
For image sharing a reliable secret sharing method is
suggested which incorporates two k-out-of-n secret sharing
schemes:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 120

Proceedings of ICCNS 08 , 27-28 September 2008
i) Shamir’s secret sharing scheme [1] and ii) matrix
projection secret sharing scheme [18]. The technique allows a
secret image to be divided as n image shares so that: i) any k
image shares (k < n) are sufficient to reconstruct the secret
image in the lossless manner and ii) any (k - 1) or fewer image
shares cannot get enough information to reveal the secret
image. It is an effective, reliable and secure method to prevent
the secret image from being lost, stolen or corrupted. In
comparison with other image secret sharing methods, this
approach’s advantages are its large compression rate on the
size of the image shares, its strong protection of the secret
image and its ability for the real time processing. For an l × l
secret image with intensity level as I (i, j) where 1 ≤ i, j ≤ l,
partition the secret image I as non-overlapped m × m blocks
(m > 2(k − 1) − 1) for each RGB color. It procedures roughly
([l/m]) 2 blocks. We can share each block S using following
scheme.
1. Construct an m × k random matrix A of rank k.
2. Determine its projection matrix $ and remainder matrix R =
S − $.
3. If any element in matrices $ and R is greater than 251, go
back to step (1) to reconstruct a new random matrix A.
Otherwise, proceed to the next step.
4. Choose n linearly independent k × 1 random vectors x
i
and
n distinct values r
i
.
5. Calculate share v i = (A × x i ) (mod p) for 1 ≤ i ≤ n.
6. Use Thien and Lin’s [21] image SSS to secretly share the
matrix R as a G i = [g 1 (i) g 2 (i) . . . g (mk) (i) ] for g tt (i)(j)
= I (t k + 1, j) +. . + I (t k + (k−1), j) rt (k-1) t mod 251, where
1 ≤ t ≤ (mk) and 1 ≤ j ≤ m.
7. Each image share Sh i
is the combination of v i and G ii .
Embedding:
Suggested technique to embed secret data into a dummy
image is based on BPCS. The key idea to this approach is that
a binary image can be categorized as “informative” and
“noise-like” regions, which are segmented by a “complexity
measure”. If the embedding data is noise-like, we can hide it
in the noise-like region of the dummy image. If a part of
embedding data is simple, then we apply “image conjugate”
operation to it. This operation transforms a simple pattern into
a complex pattern.
Following steps describes the algorithm for embedding:
1. Segment each bit-plane of the dummy image into
informative and noise-like regions by using a threshold
value (α). A typical value is α = 0.3.
2. Group the bytes of the secret file into a series of secret
blocks.
3. If a block (S) is less complex than the threshold (α), then
conjugate it to make it a more complex block (S*). The
conjugated block must be more complex than α.
4. Embed each secret block into the noise-like regions of the
bit-planes (or, replace all the noise-like regions with a
series of secret blocks). If the block is conjugated, then
record this fact in a “conjugation map.”
5. Also embed the conjugation map as was done with the
secret blocks.
When the stego image is ready for transmission it is
transmitted over the network. This transmission is more secure
and reliable in comparison to any other technique. This part of
the process is illustrated in Fig. 1.
4.2 Reconstruction of original secret image
To reconstruct the secret image the inverse operations of
the above procedures is required. The Decoding algorithm
(i.e., the extracting operation of the image share from an
embedded dummy image) is just the reverse procedure of the
embedding steps. It is impossible to extract it without
knowing α and conjugation-map. At least k shares are
required to reconstruct the original secret image. By applying
the reverse of reliable secret sharing technique on k or more
image shares the original secret image is obtained as
illustrated in Fig. 2.
Embedding:
Suggested technique to embed secret data into a dummy
image is based on BPCS. The key idea to this approach is that
a binary image can be categorized as “informative” and
“noise-like” regions, which are segmented by a “complexity
measure”. If the embedding data is noise-like, we can hide it
in the noise-like region of the dummy image. If a part of
embedding data is simple, then we apply “image conjugate”
operation to it. This operation transforms a simple pattern into
a complex pattern.
Following steps describes the algorithm for embedding:
1. Segment each bit-plane of the dummy image into
informative and noise-like regions by using a threshold
value (α). A typical value is α = 0.3.
2. Group the bytes of the secret file into a series of secret
blocks.
3. If a block (S) is less complex than the threshold (α), then
conjugate it to make it a more complex block (S*). The
conjugated block must be more complex than α.
4. Embed each secret block into the noise-like regions of the
bit-planes (or, replace all the noise-like regions with a
series of secret blocks). If the block is conjugated, then
record this fact in a “conjugation map.”
5. Also embed the conjugation map as was done with the
secret blocks.
When the stego image is ready for transmission it is
transmitted over the network. This transmission is more secure
and reliable in comparison to any other technique. This part of
the process is illustrated in Fig. 1.
4.2 Reconstruction of original secret image
To reconstruct the secret image the inverse operations of the
above procedures is required. The Decoding algorithm (i.e.,
the extracting operation of the image share from an embedded
dummy image) is just the reverse procedure of the embedding
steps. It is impossible to extract it without knowing α and
conjugation-map. At least k shares are required to reconstruct
the original secret image.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 121

Proceedings of ICCNS 08 , 27-28 September 2008
By applying the reverse of reliable secret sharing technique on
k or more image shares the original secret image is obtained as
illustrated in Fig. 2.
Table I Comparison between VC & Reliable SSS
Table II Comparison between LSB & BPCS
Fig. 1 Embedding process
DHC: Data Hiding Capacity
PSNR: Peak Signal to Noise Ratio
4.4 COMPARISON WITH EXISTING TECHNIQUES:
We propose a simple and lossless secret sharing and
information-hiding scheme for color images. The
experimental results show that the proposed method provides
high reliability with reduced image share size as illustrated in
Table 1. The size of image shares is less than the secret image
so transmission time is less. It also provides high security as
original image is divided into image shares and each one of
which is embedded in cover image making it least susceptible
to attackers. Even if attackers are aware it is not possible to
reconstruct original image with less than k image shares. The
BPCS technique provides high embedding capacity up to 55%
as illustrated in Table 2. Because of these reasons the
technique is most suitable for security-related applications.
The difficulty with the technique is that it is computationally
heavy both at transmitting end and at receiving end.
Fig. 2 Reconstruction of secret image
4.3 EXPERIMENTAL RESULTS:
1) Random basis column
2) Pixel sampling
3) Square sub-pixel expansion
4) Smallest square expansion with filler
5) Smallest square expansion w/o filler
6) Extended VCS: preserve size
7) Extended VCS: preserve detail
5. FUTURE WORK AND SUGGESTIONS:
To accommodate this computationally heavy but highly
reliable and secure technique we propose to design parallel
algorithm to generate the image shares of secret image and for
generation of embedded image shares in cover images at the
transmitting end. At the receiving end similar parallel
algorithms can be designed for extraction of hidden image
shares from the cover images and subsequent reconstruction
of original image from at least k image shares. Parallel
algorithm will make this technique suitable for real time
applications with high security requirements. This proposed
technique is not suitable for palette images due to numerous
color variations.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 122

Proceedings of ICCNS 08 , 27-28 September 2008
REFERENCES
1. A. Shamir, “How to share a secret,” Communications of the ACM,
vol. 22, no. 11, pp. 612–613, Nov. 1979.
2. G. Blakely, “Safeguarding cryptographic keys,” presented at the
Proceedings of the AFIPS 1979 National Computer <strong>Conference</strong>,
vol. 48, Arlington, VA, June 1997, pp. 313–317.
3. E. D. Karnin, J. W. Greene, and M. E. Hellman, “On secret sharing
systems,” vol. IT-29, no. 1, pp. 35–41, Jan. 1983.
4. W. Ogata and K. Kurosawa, “Some basic properties of general
nonperfect secret sharing schemes,” J.UCS: Journal of Universal
Computer Science, vol. 4, no. 8, pp. 690–704, 1998.
5. K. Srinathan, N. Tharani Rajan, and C. Pandu Rangan, “Nonperfect
secret sharing over general access structures,” in
INDOCRYPT, 2002, pp. 409–421.
6. C. Asmuth and J. Bloom, “A modular approach to key
safeguarding,” vol. 29, no. 2, pp. 208–210, Mar. 1983.
7. A. Beimel and B. Chor, “Secret sharing with public
reconstruction,” vol. 44, no. 5, pp. 1887–1896, Sept. 1998.
8. A. De Santis and B. Masucci, “Multiple ramp schemes,” vol. 45,
no. 5, pp. 1720–1728, July 1999.
9. M. Franklin and M. Yung, “Communication complexity of secure
computation,” 1992.
10. M. Naor and A. Shamir. (1996, June) Visual cryptography II:
Improving the contrast via the cover base.
11. M. Naor, A. Shamir, “Visual cryptography”, Proc. Eurocrypt
’94, Lecture Notes Computer Sci., Vol. 950, pp.1-12, 1994.
12. C. C. Thien and J. C. Lin, “Secret image sharing,” Computers &
Graphics, vol. 26, no. 5, pp. 765–770, 2002.
13. N.F. Johnson, Z. Duric, and S. Jajodia, “Information hiding:
Steganography and watermarking- attacks and
countermeasures”, Kluwer Academic Publishers, 2000.
14. Nakamura, Y. and Matsui, K., “A Unified Coding of Image and
Text Data Using Discrete Orthogonal Transform”, IEICE D-II,
Vol. J72-D-II, No.3, pp.363-368, 1989.
15. Chin-Chen Chang, The Duc Kieu “Secret Sharing and
Information Hiding by Shadow Images”, 2006.
16. Y. S. Wu, C. C. Thien, and J. C. Lin, “Sharing and hiding secret
images with size constraint,” Pattern Recognition, vol. 37, no.
7, pp. 1277–1385, 2004.
17. Michiharu Nimmi, Hideki Noda and Eiji Kawaguch, “An image
embedding in image by a complexity based region segmentation
method”, Proceedings of the 1997 <strong>International</strong> <strong>Conference</strong> on
Image Processing (ICIP '97).
18. L. Bai, “A strong ramp secret sharing scheme using matrix
projection,” presented at the Second <strong>International</strong> Workshop on
Trust, Security and Privacy for Ubiquitous Computing, Niagara-
Falls, Buffalo, NY, 2006.
19. R. J. Anderson and F. A. P. Petitcolas, “On the limits of
steganography,” IEEE J. Select. Areas Commun, vol. 16, no. 4,
pp. 474–481, May 1998.
20. Tuomas Aura, "Practical Invisibility in Digital Communication",
First Workshop of Information Hiding Proceedings, Cambridge,
U.K. May 30 - June 1, 1996. Lecture Notes in Computer
Science, Vol.1174, Springer-Verlag (1996).
21. C.C. Thien and J. C. Lin, “Secret image sharing, “Computers &
Graphics, vol. 26, no. 5, pp. 765–770, 2002
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 123

ICCNS 08
Network Management

Proceedings of ICCNS 08 , 27-28 September 2008
Analysis of Reactive Routing Protocols in
Congested MANETS based on
Energy Consumption
Mr.M.Neelakantappa 1 ,r.B.Satyanarayana 2 ,Dr. A. Damodaram 3
Abstract-Ad hoc networks are autonomous systems composed of
mobile hosts that are free to move around arbitrarily. Rather than
relying on a network infrastructure to perform routing in an Mobile
Ad hoc NETwork (MANET) each mobile host serves as a router to
forward packets originated from other nodes. We compare the
performance of three reactive routing protocols for mobile ad hoc
networks: Dynamic Source Routing (DSR), Ad Hoc On-Demand
Distance Vector Routing (AODV), location-aided routing
(LAR1).Our evaluation is based on energy consumption in
MANETS. The performance differentials are analyzed using varying
network load, mobility, and network size. We simulate protocols
with GLOMOSIM simulator. Based on the results, we conclude
about the best protocol under various parameters of the MANET
under consideration.
Keywords—Mobile Ad hoc Network, Energy consumption,
GlomoSim, routing protocols.
I. INTRODUCTION
A MANET is a multi-hop wireless network formed by a
group of mobile nodes that have wireless capabilities
and are in proximity of each other. MANETS facilitate
communication among mobile users in situationsmilitary
or disaster recovery – where fixed infrastructure
is infeasible. In MANETS each node in the network also
acts as a router, forwarding data packets for other nodes.
A central challenge in the design of ad hoc networks is
the development of dynamic routing protocols that can
efficiently find routes between two communicating
nodes.
The routing protocol must be able to keep up with the
high degree of node mobility that often changes the
network topology drastically and unpredictably .Such
networks have been studied in the past in relation to
defense research, often under the name of packet radio
networks. Routes between two hosts in a MANET may
consist of hops through other hosts in the network.
1 M.Neelakantappa is working as Professor & Head in CSE Dept. of
G.Pullaiah Engineering College, Kurnool,AP,India. He is Research scholar in
Faculty of CSE in JNT University,Hyderanad.
2 Dr.B.Satyanarayana is working as Professor & Head in Computer Science
Dept. of S.K University ,Anantapur,AP,India.
3 Dr. A.Damodharam working as Vice-Principal and Professor in JNT
Universty, Hyderabad,AP,India
Host mobility causes frequent unpredictable topology
changes. Therefore, the task of finding and maintaining
routes in MANET is nontrivial. Many protocols have
been proposed for mobile ad hoc networks, with the goal
of achieving efficient routing. These algorithms differ in
the approach used for searching a new route or
modifying a known route, when hosts move. The ad hoc
routing protocols may be generally categorized as
proactive and reactive [2,3]. The simulation results
reported in several papers show that normally reactive
(on demand) routing protocols have higher packet
delivery ratio and need less routing messages than
proactive (table-driven) routing protocols.
Energy consumption in ad hoc networks is a very
important factor. Because batteries carried by each
mobile node have limited power supply, processing
power is limited, which in turn limits services and
applications that can be supported by each node. This
becomes a bigger issue in mobile ad hoc networks
because, as each node is acting as both an end system
and a router at the same time, additional energy is
required to forward packets from other nodes. Our goal
is to carry out a systematic performance study of three
on demand routing protocols for high density ad hoc
networks: the Dynamic Source Routing protocol (DSR)
and the Ad Hoc On-Demand Distance Vector protocol
(AODV) Location-Aided Routing (LAR)[1,8,6].
The rest of the paper is organized as follows: In the
following section, we briefly review the LAR1, DSR and
AODV protocols. We present a detailed critique of the
three protocols, focusing on the differences in their
dynamic behaviors that can lead to performance
differences. This lays the foundation for much of the
context of the performance study. We describe the
simulation environment. We present the simulation
results, followed by their interpretations. We finally
draw conclusion.
II.DESCRIPTION OF THE PROTOCOLS
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 124

Proceedings of ICCNS 08 , 27-28 September 2008
A. LAR1
The LAR1 [6] algorithm uses a request zone that is
rectangular in shape [6]. Consider a node S that needs to
find a route to node D. Assume that node S knows that
node D was at location (Xd,Yd) at time t0. At time t1,
node S initiates a new route discovery for destination D.
It assumes that node S also knows the average speed v
with which D can move. Using this, node S defines the
expected zone at time t1 to be the circle of radius R =
v(t1 - t0) centered at location (Xd Yd). When a node
receives a route request, it discards the request if the
node is not within the rectangle specified by the four
corners included in the route request.
the RREP packet is cached at the source for future use. If
any link on a source route is broken, the source node is
notified using a route error (RERR) packet. The source
removes any route using this link from its cache. A new
route discovery process must be initiated by the source if
this route is still needed.
{a,b}
a
{a,b}
b
c
{a,b,c}
d
{a,b,c,d}
e
Fig.2: Example of route Discovery with same request ID
Fig. 1 LAR1 Routing protocol
For instance, in Fig. 1, if node I receives the
route request from another node, node I forwards the
request to its neighbors, because I determines that it is
within the rectangular request zone. However, when
node X receives the route request, node X discards the
request, as it is not within the request zone.
B. DSR
The key distinguishing feature of DSR[4] is the
use of source routing. That is, the sender knows the
complete hop-by-hop route to the destination. These
routes are stored in a route cache. The data packets carry
the source route in the packet header. When a node in
the ad hoc network attempts to send a data packet to a
destination for which it does not already know the route,
it uses a route discovery process to dynamically
determine such a route. Route discovery works by
flooding the network with route request (RREQ) packets
[4].
Each node receiving an RREQ rebroadcasts it,
unless it is the destination or it has a route to the
destination in its route cache. Such a node replies to the
RREQ with a route reply (RREP) packet that is routed
back to the original source. RREQ and RREP packets
are also source routed.
The RREQ builds up the path traversed across the
network. The RREP, routes itself back to the source by
traversing this path backward. The route carried back by
C. AODV
AODV[7] shares DSR’s on-demand characteristics in
that it also discovers routes on an as needed basis via a
similar route discovery process. Similar to DSR, AODV
uses the route discovery and route reply mechanism to
create and maintain a route on demand. However,
AODV adopts a very different mechanism to maintain
routing information [8]. It uses traditional routing tables,
one entry per destination. This is in contrast to DSR,
which can maintain multiple route cache entries for each
destination. Without source routing, AODV relies on
routing table entries to propagate an RREP back to the
source and, subsequently, to route data packets to the
destination. AODV uses sequence numbers maintained
at each destination to determine freshness of routing
information and to prevent routing loops.
These sequence numbers are carried by all
routing packets. Different from DSR, AODV uses a
distributed approach, meaning that source nodes do not
maintain a complete sequence of intermediate nodes to
reach a destination. An important feature of AODV is
the maintenance of timer-based states in each node,
regarding utilization of individual routing table entries.
A routing table entry is expired if not used recently. A
set of predecessor nodes is maintained for each routing
table entry, indicating the set of neighboring nodes
which use that entry to route data packets.
These nodes are notified with RERR packets
when the next-hop link breaks. Each predecessor node,
in turn, forwards the RERR to its own set of
predecessors, thus effectively erasing all routes using the
broken link. In contrast to DSR, RERR packets in
AODV are intended to inform all sources using a link
when a failure occurs.
Route error propagation in AODV can be visualized
conceptually as a tree whose root is the node at the point
of failure and all sources using the failed link as the
leaves.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 125

Proceedings of ICCNS 08 , 27-28 September 2008
III. THE SIMULATION MODEL
To compare the routing protocols, a parallel discrete
event driven simulator, GlomoSim,[15] was used.
GloMoSim (Global Mobile Information System
Simulator) is a simulation tool for large wireless and
wired networks. We focused on energy consumption to
compare the three routing protocols. The control
parameters we used in our simulation experiments were
traffic load (TL), node density (n) and node mobility
(pause-time).
Traffic load generated by each source node was modeled
by a constant bit rate data stream, whose transmission
rate was defined by packet transmission interval for
fixed size packets. Two different levels of traffic load
defined by the packet transmission intervals are, (i) low
traffic load: one packet transmitted at every 10 seconds,
(ii) medium traffic load: one packet at every second.
Movement of each node was modeled using the random
waypoint model. In the random waypoint model, each
node remains stationary for the duration of its “pausetime”.
At the end of a pause time, a node starts moving
in a randomly selected direction in the network terrain at
a fixed speed. Once a node reaches its new location, it
remains stationary during its next pause-time. At the end
of the new pause time, a node again starts moving in
another randomly selected direction in the network. This
movement process was continued during a simulation
experiment. The network terrain size was fixed for 2,000
* 2,000 meters. The simulation time was 450 seconds for
all the experiments.
Table1 describes the detailed setup for our simulation.
Routing
AODV,DSR,LAR1
MAC Layer 802.11
Bandwidth 2Mbps
TERRAIN 2000 x 2000
Nodes 100,500
Node Placement Random
Simulation Time 450 Sec
Mobility Model RWP(0-10 m/s)
Data Traffic CBR
Pause Time 0,150,225,300,450
Table1: Simulation parameters in GlomoSim
Avg.Energy Consumption(mwhr)
Avg.Energy Consum ption(m whr)
Avg.Energy Consumption(mwhr)
112.512
112.51
112.508
112.506
112.504
112.502
112.5
112.498
DSR
AODV
LAR!
112.496
0 50 100 150 200 250 300 350 400 450
pause-time(s)
112.522
112.52
112.518
112.516
112.514
112.512
112.51
112.508
112.506
Fig3: Energy Consumption (n=500,TL=1S)
DSR
AODV
LAR!
112.504
0 50 100 150 200 250 300 350 400 450
pause-time(s)
Fig4: Energy Consumption (n=100,TL=1S)
112.505
112.504
112.504
112.503
112.503
112.502
112.502
112.501
112.501
DSR
AODV
LAR1
112.5
0 50 100 150 200 250 300 350 400 450
pause-time(s)
Fig5: Energy Consumption (n=100,TL=10S)
IV. SIMULATION RESULTS
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 126

Proceedings of ICCNS 08 , 27-28 September 2008
Avg.Energy Consum ption(m whr)
Avg.Energy Consumption(mwhr)
112.515
112.51
112.505
112.5
112.495
DSR
AODV
LAR1
112.49
0 50 100 150 200 250 300 350 400 450
pause-time(s)
Avg.Energy Consum ption(m whr)
112.505
112.505
112.504
112.504
112.503
112.503
112.502
112.502
112.501
112.501
Fig6: Energy Consumption (n=1000,TL=1S)
112.502
112.502
112.501
112.501
112.5
112.5
112.499
112.499
DSR
AODV
LAR1
112.498
0 50 100 150 200 250 300 350 400 450
pause-time(s)
Fig7: Energy Consumption (n=1000,TL=10S)
DSR
AODV
LAR1
112.5
0 50 100 150 200 250 300 350 400 450
pause-time(s)
Fig8: Energy Consumption (n=500,TL=10S)
V. CONCLUSION
We have compared the performance of LAR1, DSR and
AODV, three prominent reactive routing protocols for ad
hoc networks. The following is a list of key findings
obtained from our experiments:
Finding 1: Contrary to our prediction, LAR1 performed
much better than expected for high density networks.
LAR1 is better in energy consumption generally in high
density networks(n=1000). Hence LAR1 is good
protocol for congested networks.
Finding 2: DSR resulted in the best (i.e., the least)
energy consumption for low density networks.
Finding 3:AODV generated higher volume of energy
even than the DSR in high density networks.
REFERENCES
[1]Das, S.R., Perkins, C.E., and Royer E.M.: Performance
comparison of two on-demand routing protocols for ad hoc
networks. http://www.ietf.org/internetdrafts/ draft-ietfmanetaodv-06.txt,
IETF Internet Draft, July 2000, work in progress.
[2] Jochen Schiller. Mobile Communications; Pearson
Education,2004.
[3]D.J.Goodman.Wireless Personal Commun. Systems;
AddisonWesley,2002.
[4] Johnson, D.B., Maltz, D.A., and Hau, Y.C.: The dynamic
source routing protocol for mobile ad hoc networks, IETF
Internet Draft , http://www.ietf.org/internetdrafts/draftietfmanet
-dsr-03.txt, IETF Internet draft, April 2003 work in
progress.
[5] Samir Das, Charles Perkins, Elizabeth Royer. Performance
Comparison of On-demand Routing Protocds for Ad hoc
Networks, IEEE, INFOCOM2000.
[6] Y.B. Ko and N.H. Vaidya, “Location-Aided Routing
(LAR) in Mobile Ad Hoc Networks,” Proc. IEEE MobiCom,
Oct. 1998.
[7] C. E. Perkins and E. M. Royer, “Ad Hoc On-demand
Distance Vector Routing,” Proc. 2nd IEEE Wksp. Mobile
Comp. Sys. and Apps., Feb. 1999, pp. 90100.
[8] C. E. Perkins, E. M. Royer, and S. R. Das, “Ad Hoc on
Demand Distance Vector (AODV) Routing,
http://www.ietf.org/internetdrafts/ draft-ietfmanet-aodv-06.txt
, IETF Internet Draft, July 2000, work in progress.
[9] B. Das, E. Sivakumar and V. Bhargavan, Routing in adhoc
networks using a spine, in: Procof IEEEIC3N ’97
[10] M. Jiang, J. Li and Y.-C. Tay, Cluster based routing
protocol (CBRP) functional specification (Internet-draft),
in:MobileAd-hoc Network (MANET) Working Group,IETF98).
[11] C.E. Perkins and P. Bhagwat, Highly dynamic
destination-sequenced distance-vector routing (DSDV) for
mobile computers, in: Proc. Of ACM SIGCOMM ’94
Symposium on Communication, Architectures and Protocols
(1994) pp. 234–244.
[12] J. Broch, D. A. Maltz, D. B. Johnson, Y.-C.
Hu&J.Jetcheva,“A Performance Comparison of Multi-Hop
Wireless Ad Hoc Network Routing Protocols”, Proc. of the
Fourth Annual ACM/IEEE <strong>International</strong> <strong>Conference</strong> on
Mobile Computing and Networking,Dallas, TX, Oct. 98.
[13] E. M. Royer and C.-K. Toh, “A Review of Current
Routing Protocols for Ad-Hoc Mobile
Wireless Networks”, IEEE Personal
CommunicationsMagazine,April 1999, pp46-55.
[14] Imrich Chlamtac , Marco Conti , Jennifer J.-N. Liu”
Mobile ad hoc networking: imperatives and challenges.
[15] X.Zeng, R.Bargrodia and M.Gerla “GloMoSim: A library
for parallel simulation of large scale wireless networks” in
workshop on Parallel & distrib’d simulation;1998.pp154-161
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 127

Proceedings of ICCNS 08 , 27-28 September 2008
Analytic Investigation for Security in Wireless
Hotspot Networks
Raad A. Muhajjar, S. Kazim Naqvi., and Nupur Prakash
Abstract— This paper presents the analytic investigation for
security threats and security mechanisms in wireless hotspot
networks, some security threats of user authentication and access
control methods for hotspot networks, related to Universal Access
Method (UAM) and IEEE 802.1x are identified and studied.
Keywords— Hotspot Network, Wireless Security, Universal
Access Method, IEEE 802.1x, Secure Socket Layer.
I. INTRODUCTION
hotspot is a location with a public available wireless
A network. Achieving a truly secure connection at a public
wireless hotspot is an impossible proposition [1]. Despite the
lack of security, wireless hotspots using IEEE 802.11-based
wireless technology have popped up in coffee shops, hotels,
airports and even gas stations. They do provide people a very
convenient way to stay in touch with the corporate office.
While using public hotspots is convenient, the user should be
careful before accessing any confidential information using a
hotspot.
We believe that the current wireless hotspots present a
larger security issues than the early wired-Internet connections.
A large number of organizations, based on vendor literature,
believe that the security provided by their deployed wireless
hotspot is sufficient to prevent unauthorized access and use.
Unfortunately, nothing could be further from the truth. While
the current combined with the work of others show that all of
these mechanisms are completely ineffective [17]. As a result,
organizations with deployed wireless hotspot networks are
vulnerable to unauthorized use of, and access to, their internal
infrastructure.
The rest of the paper is organized as follows. In the second
section, we introduce the details of network hotspot networks
provide several security mechanisms, our work architecture for
Wireless Internet Service provider (WISP). The security
mechanisms and security threats are then presented in detail in
Raad A. Muhajjar is ICCR Scholarship, Department of Computer Science,
Jamia Millia Islamia, New Delhi-110025, India. Mobil No : 9811370889 ( e-
mail: raadmahjar@yahoo.com).
S. Kazim Naqvi, Sr. System Analyst , FTK-Centre for Information
Technology , Jamia Millia Islamia, New Delhi-110025, India Mobile No:
9212004194 (e-mail: kazim.cit@jmi.ac.in).
Nupur Prakash Dean, University School of Information Technology, GGS
Indraprastha University, Kashmere Gate, Delhi-110006, India. Phone
No:23900309 (e-mail: nupurprakash@rediffmail.com).
the third and fourth sections. In the fifth section, we discuss
the security issues in WISP hotspots and possible solutions.
The last section concludes the paper.
II. NETWORK ARCHITECTURE
General network architecture of a WISP is shown in figure-
1. It includes a hotspot access network and a networkoperating
centre [2]. The hotspot contains the basic access
network components to provide access service. Network
operating centre is located away from the hotspot and
connected via telecom infrastructure that is usually out of
control of the WISP. The distributed architecture permits the
hotspots to extend its services over large geographical areas.
Thus, WISP’s network domain may comprise many hotspot
access networks and one or a few network operating centers
connected via other operator’s infrastructure.
The components in hotspot access network are: Access
point (AP), Access Controller (AC), Gateway (GW), firewalls
and other specific modules such as DHCP server, mobile IP
agents, VPN support etc. An AP provides network access to
users on their respective stations (STA) which are fitted with
WLAN radio interfaces. A hotspot network may have multiple
APs. The Access Controller (AC) controls access of STAs to
network based on authentication and authorization results.
AAA client collects authentication request and forwards them
to an AAA server located at Network Operating Centre. The
Gateway (GW) provides access to the Internet The firewall
protects the hotspot domain from possible network security
attacks which may originate from outside the hotspot.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 128

Proceedings of ICCNS 08 , 27-28 September 2008
III.
SECURITY MECHANISMS
Because the basic security services and methods specified in
IEEE 802.11 standard are not designed for public network
access, WISPs had to develop new methods of basic security
services - like user authentication and access control [3]. In
this section, we describe and analyze the most popular security
methods of wireless hotspot network viz. the Universal Access
Method (UAM) and Port based Authentication (IEEE 802.1x).
A. Universal Access Method (UAM)
The UAM is a web browser based access control method
recommended by Wireless Internet Service Provider Roaming
(WISPr). The method addresses the problem of roaming users
in different WiFi hotspots. Since its recommendation by
WISPr the method has been adopted at many hotspot networks
[3]. It is also referred to as “Web-based authentication [4]” or
“Captive Portal1 [5]”. The method uses the authentication and
encryption protocol of Secure Sockets Layer/ Transport Layer
Security (SSL/TLS). The UAM allows a subscriber to access
WISP services with only an Internet browser and WiFi
network interface on the subscriber device, so that all users,
regardless of device type or operating system, can participate
in the hotspot network. The UAM represents the lowest
common denominator for granting access to a WISPr network
ensuring that all users can share the same experience. User’s
experience of authentication is described in the following
passage:
“A user visits a public hotspot. He boots up his laptop and
associates with the local WiFi network by selecting the
available network or the correct SSID in his WiFi PC card
Configuration Utility. He then starts his browser, which, for
the sake of discussion, is configured to load www.yahoo.com
as his home page. Instead of the browser loading this home
page, it loads a Welcome Page from the Hotspot Operator that
allows the user to login with a username and password. Once
authenticated, a Star Page appears from the Home Entity and
the user can access his original home page such as Yahoo. In
addition, a smaller window pops up detailing session
information and providing a button which, when clicked, will
1 Captive Portal was first proposed in Stanford’s SPINACH project. They
are widely used for user authentication in WiFi access networks.
log him out. At this time the user can access the Internet via
his wireless connection. When the user finishes, he clicks the
aforementioned logout button to disconnect from the network
and continues to work on the laptop or shuts down his laptop
and leaves”
The signaling mechanism between various entities of a
UAM is shown in figure-2. After STA associates with a
hotspot WLAN AP, it receives an IP address from DHCP
server, user than starts a Web browser. The first HTTP
connection request is captured and suspended by AC in the
hotspot. The HTTP request is redirected to an internal Web
server module in order to start authentication procedure. The
internal web server module may reside in the AC or in network
operating centre, i.e. close to AAA server. It establishes a
SSL/TLS connection to the browser on STA and displays a
logon page requesting user to provide his/her credentials
(account /username and password). The user is expected to
verify the SSL/TLS certificate to authenticate the WISP.
Depending on the result, user may provide his credentials
which are encrypted and are transmitted to the internal Web
server. User credentials are then embedded in an
Authentication Request and forwarded to WISP’s AAA server,
which performs user authentication and authorization. The
results are returned to the hotspot AC which may admit or
reject the access. Upon admission the original HTTP request is
resumed.
In comparison with other access control methods of hotspot
networks [2], UAM has the following advantages:
unified authentication interface for various usage
scenarios (prepaid, contractual and roaming users);
no extra hardware required at user side;
easy software configuration at user side;
Interoperability for roaming user authentication.
The security goals of UAM are [2]:
network authentication – based on WISP’s (SSL/TLS)
public key certificate;
User authentication – to authenticate user’s credential
(account and password pair).
Some security issues in UAM are identified as follows:
Authentication of network/WISP is performed through
verification of the SSL/TLS certificate received from the
internal web server. However, the verification requires
users:
a) to have some knowledge of certificates and to know
some technical aspects of the WISP, such as its
domain name, which may beyond user’s capability;
b) to manually check the certificate every time he/she
logs into the network
Ignorance about the aforementioned issues may render the
security useless as a rough WLAN with a valid SSL certificate
can be launched in the hotspot and cheat users of their
credentials. The certificate says nothing about whether the
valid certificate holder is entitled to operate a public WLAN at
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 129

Proceedings of ICCNS 08 , 27-28 September 2008
a specific site.
Password based user authentication suffers many attacks,
especially for contractual users that have a long-term
relation with a WISP.
No support to dynamic key generation and exchange,
which prevents using IEEE 802.11i or WEP, based
encryption mechanisms for confidentiality and except
other integrity protection. Thus, user data is transmitted in
plaintext in the air measure like IPSec is adopted.
The Universal Access Method may be enhanced by use of a
proprietary Smart Client2 to simplify the user experience [3].
A Smart Client can be used to enhance the subscriber
experience by providing features such as a directory listing
available public network access hotspots, SSID browsing,
automated sign-on or single-click launch of additional
software (like a remote Virtual Private Network client). These
Smart Clients are typically compatible with, and add value
over and above the UAM, and are typically provided by the
subscriber’s WISP. The WISP should be mindful that
requiring the use of a proprietary Smart Client could restrict
network access. As a result, the WISP must ensure that use of
the Smart Client does not preclude roaming using the UAM.
B. Port-based network authentication
The port-based authentication protocol was approved by
IEEE in June 2001 as an IEEE 802.1x standard [16]. It was
originally designed for wired networks of IEEE 802 family
(layer-2 authentication), but was later extended to 802.11 as
well. It enables authentication and key management for IEEE
802 LANs, including Ethernet, token ring and fiber distributed
data interface. One objective of IEEE 802.11 Task Group I is
to define how 802.1x and 802.11 machines are to
communicate [6]. The purpose of this standard in WLAN is to
drive authentication and encryption keys for use with any
cipher and to manage the keys.
The IEEE 802.1x is based on Extensible Authentication
Protocol (EAP). Various authentication methods such as onetime
passwords, smart cards, tokens and certificate-based
authentication may be employed for authentication [4]. Since
open standards for authentication, authorization, and
accounting (including RADIUS and LDAP) combine well with
IEEE 802.1x, the Remote Authentication Dial In user Servers
(RADIUS) that support EAP are often used as authentication
servers. EAP messages and are referred to as EAP Over LAN
(EAPOL) [7]. As depicted in figure 3, 802.1x defines three
roles in the authentication process:
Supplicant: a wireless device that, when authenticated,
can send IP data to the LAN.
Authenticator: an AP that keeps a port status for each
supplicant it is controlling,
Authentication server: often a RADIUS based server,
2 Smart Client is a Software solution that resides on the user’s access
device that facilitates the user’s connection to public access networks whether
via a browser, signaling protocol or other proprietary method of access.
though this not specifically required.
Figure 3: Message flow of EAP-TLS
In 802.1x, supplicants are by default considered
unauthorized. Supplicants in this state can send or receive only
EAPOL (EAP [11] over LAN) frames. After association, an
802.1x supplicant sends an EAPOL-Start frame to the
authenticator. The authenticator responds by requesting the
supplicant’s identity. The authenticator then translates and
relays a sequence of responses and requests between the
supplicant and the authentication server. Communication
between the supplicant and authenticator uses the EAPOL
protocol. On the other hand, communication between the
authenticator and the authentication server uses the RADIUS
protocol [7, 10]. RADIUS can be configured to secure packets
using a secret key. The sequence of requests and responses in
this phase will depend on the particular authentication scheme
used (which will be discussed later in this subject). The
authenticator receives this information from the client and then
passes it onto an authentication server for validation. No other
communications from the client is permitted until the
authentication server has validated the logon request. If the
logon is accepted, the authentication server generates a WEP
key specifically for the client and sends it through the access
point to the client. The client is now permitted to access the
network behind the access point.
There are several implementations of EAP, including
[4,8,9,10]:
1- Transport Layer Security (EAP-TLS): developed by
Microsoft and used in 802.1X clients for Windows
XP, EAPTLS provides strong security, but requires
each WLAN user to run a client certificate.
2- Lightweight EAP (LEAP): developed by CISCO and
used in their Aironet solution, LEAP supports
dynamic WEP key generation and provides for fixed
password user authentication.
3- Protected EAP (PEAP): co-developed by CISCO,
Microsoft and RSA Security, PEAP does not require
certificates for authentication. It supports dynamic
WEP key generation and provides options for
password, token or digital certificate based user
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 130

Proceedings of ICCNS 08 , 27-28 September 2008
authentication.
4- Tunneled Transport Layer Security (EAP-TTLS):
developed by Funk Software and Certicom as a
competing standard for PEAP, EAP-TTLS supports
password, token or certificate side user
authentication. Unlike EAP-TLS, EAP-TTLS
requires only the server to be certified.
The comparison of the authentication mechanisms discussed
above is provided in Table 1 [9].
Some of the advantages of 802.1x/EAP authentication are:
It provides user authentication/accounting,
It provides encryption,
It protects the infrastructure,
It results in light network traffic, as there is no per-packet
overhead, only periodic authentication transactions,
It allows secured application level protocols, such as
VPN, SSL, SSH, to be used.
Some of the issues of 802.1x/EAP authentication include the
following:
It is an evolving standard,
It requires specific client software,
At the moment, proprietary network equipment is
required,
Investment in new authentication infrastructure is
necessary.
EAP was designed for PPP, and was never meant to take
wireless threat models into account.
It is limited to one-way authentication: supplicants and
authentications should not send data traffic until mutual
authentication is complete.
It does not offer authentication of management frames.
Traffic can be intercepted.
Various types of attack, including hijacking and man in
the middle, are possible.
Authentication after association presents roaming
problems because of the time needed, during which data
transmission can be disrupted.
If the RADIUS server fails, the WLAN becomes
unavailable.
IV. SECURITY THREATS
Without authentication and encryption, security problems
cannot be addressed [12]. In this section, we categorize
security threats. This is followed by a discussion on some of
the weakness in security approaches based on SSL and PKI.
We explain why these features are not in wireless hotspot
network services.
A. Threats
UAM and IEEE 802.1x are used for authentication between
the user and WISP, however, none of the methods is enough
for security and authentication purpose for public wireless
Internet access.
The UAM based public wireless LAN systems use webbased
authentication schemes, and users can get IP-level
network access before showing their identity and credentials.
Although this open style of network authentication enables
fine-grained service authorization and accounting options, lack
of lower-layer cryptographic bindings yields security
vulnerabilities. Examples include:
Theft of service by spoofing IP or MAC address;
Eavesdropping because of no data encryption;
Message alteration because of no message integrity check;
and
Denial of service attack by placing rogue access points.
The key to avoiding those security threats is to have a
cryptographic binding between the user and the network. As
explained in Section 3.2, the IEEE 802.1X port-based network
access control is being deployed in corporate wireless LANs,
and it uses cryptographic method for user authentication and
network access control. Normally IEEE 802.1X adopts
conventional closed style mutual authentication and assumes a
pre-shared secret between users and the network. However, we
can’t assume a pre-shared secret in public wireless LANs to
accommodate one-time users that use credit-card
authorization, or to provide free contents for non subscribers.
EAP allowed developers to construct their own algorithm
and consequently a lot of wireless vendors implemented their
own 802.1X adaptation. They provided significant
modifications to the authentication system but, as there was no
general specification, this enhancement was frequently
platform dependent. Moreover, these adaptations often relied
on external systems like RADIUS server, PKI and Certificates.
All this solutions have some problems related to attacks on
802.1X [13]:
1- Man-in-Middle attack: the one-way authentication
exposed to the man-in-middle attack where adversary
becomes an authenticator for the client and a client
for the real authenticator.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 131

Proceedings of ICCNS 08 , 27-28 September 2008
2- Session Hijacking: A hacker waits until a valid user
authenticates himself, then he pretends to be this user
and blocks the valid user traffic.
Here is a list of the most common EAP implementations
with known vulnerabilities:
EAP-MD5, Message Digest 5 (or CHAP Protocol)
(RFC1994): Vulnerable to a lot of attacks and did not
support dynamic WEP keys. Only use this implementation
in a small private network.
EAP-TLS, Transport Layer Security (RFC2716): Open
standard, using X.509 certificates complex architecture
for servers and users. It relies on PKI and TLS. It allowed
manipulation of dynamic WEP keys. It resists to most
802.1X attacks except Man-in-Middle and the user’s
identity is revealed.
EAP-TTLS, Tunnelled TLS: very similar to EAP-TLS.
This protocol simplifies the PKI structure by using
server’s Certificate only. It also protects the user’s
identity.
PEAP, Protected EAP: Very similar to EAP-TTLS.
LEAP, Lightweight EAP: It is vulnerable to a lot of
attacks like dictionary, man-in-middle and session
hijacking (Cisco answer to dictionary attack by EAP-
FAST1).
B. Known weakness in PKI and TLS
Newer wireless security standards offer much better security
if set up and used properly. For example, IEEE 802.1x
framework has been in fact used with authentication protocol
(EAP methods). EAP allows system designers to use whatever
manner of authentication they need to secure their system. For
some, this may be a simple user-name-and-password
combination. Others may need much more assurance of the
identity of the actors on the networks; bidirectional certificatebased
authentication is an option and a key method for
creating secure wireless networks. With both the client
verifying the identity of the access point and the access point
verifying the client, attackers have difficulty pretending to be
legitimate actors in the network. When a strong-enough
signature algorithm and key length are used, attackers find it
almost impossible to impersonate a legitimate device,
assuming the software that implements the certificate checking
is properly coded.
The drawback of this bidirectional certificate-based
authentication architecture is the difficulty of assembling and
maintaining it. Clients and access points must have software
that understands low to perform certificate-based
authentication.
In theory, eavesdropping and the Man-In-The-Middle
(MITM) attacks against UAM would not be possible [15]. The
web-based authentication use HTTPS. HTTPS employs a
certificate to authenticate the Web server to the client’s
browser. Browsers typically come preconfigured with public
keys of major certifying authorities (CAs, e.g., Verisign). Such
keys enable browsers to authenticate certificates issued by
those CAs, thwarting MITM attacks. After server
authentication, HTTPS can use strong algorithms for
authenticating and encrypting data packets sent between client
and server.
However, the current state of public-key infrastructure
(PKI) deployment is such that browsers frequently encounter
certificates that they cannot verify. In such circumstances,
browsers typically display a warning to the user, asking if the
user wants to continue anyway. By giving users this override
ability, browsers enable MITM attacks, despite HTTPS.
Certificate verification can fail for a variety of reasons
[14,15]. First, the browser may not know the public key of the
CA that issued a server’s certificate. If the accessed server is
intended only for members of the organization that owns the
server, this failure is very common and not indicative of an
attack: many organizations have private CAs that issue
certificates for internal servers. Such certificates are easier and
less costly to obtain than are those issued by major CAs, but
they require the public key of the private CA to be installed in
all clients – a chore that is often neglected. On the other hand,
for servers open to the public, this type of failure could very
well be result of a MITM attack. Second, the certificate may
have expired. This failure may result from inattention and is
not suggestive of a MITM attack. Third, the certificate may be
for a server whose name differs from that which the user
wishes to visit. Discrepancies at the sub domain level may
result from simple server reorganization, and not an attack. On
the other hand, if the domains differ, the possibility of a
MITM attack is high.
V. PROBLEMS AND POSSIBLE SOLUTIONS
Mitigating these problems is clearly difficult. First and
foremost the 802.11 protocol is designed to make layer-2
transitions transparent to the user. While such transparency is
great from a usability perspective, it is terrible from a security
perspective [1]. To avoid attacks the core protocol must be
violated, a preexisting trust relationship must exist in the form
of bidirectional certificate-based authentication; otherwise,
security software (such as a wireless intrusion detection
system) must be added after the fact.
None of these solutions is particularly useful in normal
hotspot environments. Worse, even most of the educated users
too do not know if something malicious is happening on the
network without using specialized wireless security software.
Users have been educated over the years that when using a
secure socket layer protected Web site they must look at the
URL to ensure they are at the right site and “look for the lock”
to ensure the traffic is protected. There is no analog for this
activity on wireless networks. The network name is the same
whether it is the legitimate network or a rogue; moreover, the
user has no visual cue to look for.
Applications are unaware of the network environment in
which they run. An instant messaging client or Web browser
has no way of knowing if the computer it is running on it is
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 132

Proceedings of ICCNS 08 , 27-28 September 2008
within a controlled area with a wired network or if it is a
coffee shop with a random wireless network. Attackers who
subvert the wireless connection will then probably try to
subvert applications running on the client system. Ideally, the
applications are able to recognize differing threat
environments and reconfigure themselves accordingly.
Conventional wisdom with secure software architectures do
not account for these situations.
VI. CONCLUSION
The characteristic hotspot ability to be easily available and
easy to use for all prospective customers sets tight restrictions
on security mechanisms to be adopted. In this paper we made a
security analysis of user authentication and access control
methods for hotspot WLAN. The main focus has been put on
Universal Access Method, IEEE 802.1x. The role of smart
client in the context of UAM is discussed.
The analysis shows none of the existing and proposed
authentication mechanisms for WLANs cover the requirements
that are induced through the openness of hotspot networks, the
demanded interoperability and roaming features between them.
Some mechanism such as UAM and 802.1x offer mutual
authentication, but the implementations lack usability for
public deployment (SSL certificates have to be checked
manually) or have other severe security issues such as putting
authenticator in an insecure place or unauthorized usage of
resources with stolen devices (WISPr with automatic
authentication). Thus, there is a need to develop a security
solution that can provide necessary functions in a hotspot
while at the same time providing the expected security.
[12] Jon Edney, and William A. Arbaugh, “ Real 802.11 Security WiFi
Protected Access and 802.11i”, copyright 2004 by Pearson Education,
Inc.
[13] Mishra and Arbaugh, “An Initial Security Analysis of the IEEE 802.1X
Standard”, University of Maryland;
http://www.cs.umd.edu/~waa/1x.pdf.
[14] Haidong Xia, Jos´e Carlos Brustoloni," Improving the Usability of Web
Browser Security"
[15] Haidong Xia, Jos´e Carlos Brustoloni,”Hardening Web Browsers
Against ManintheMiddle and Eavesdropping Attacks” 802.1x-Port
Based Network Access Control, http://www.ieee
802.org/1/pages/802.1x.html,1998, last accessed, July 1, 2004.
[16] William A. Arbaugh, Narendar Shankar, “Your 802.11 Wireless
Network has No Clothes”, University of Maryland, march 2001.
REFERENCES
[1] Bruce Potter, “Wireless Hotspots: Petri Dish of Wireless Security”,
Communications of the CAM June 2006/Vol. 49, No. 6, P-51.
[2] H. Wang, A. R. Prasad, P. Schoo, K. M. Bayarou, S. Rohr, “Security
Mechanisms and Security Analysis: Hotspot WLAN and Inter-Operator
Roaming”
[3] B. Anton, B. Bullock, and J. Short, “Best Current Practices for Wireless
Internet Service Provider (WISP) Roaming, “ Best Practices Document,
Wireless Ethernet Compatibility Alliance (WECA), Wireless ISP
Roaming (WISPr) initiative, Mar. 2002.
[4] Hardjono, Thomas. Security in Wireless LANs and MANs. Norwood,
MA, USA : Artech House, Incorporated, 2005.
[5] Haidong Xia, Jos´e Carlos Brustoloni,”Detecting and Blocking
Unauthorized Access in WiFi Networks”
[6] Philippe Bouvier, “Wireless Lan Security”, Thales Security Systems,
November 2003.
[7] C. Rigney, W. Willats, and P. Calhoun, “RADIUS Extensions.” RFC
2869, June 2000.
[8] Bhagyavati, Wayne C. Summers, Anthony DeJoie, “Wireless Security
Techniques: An Overview”, InfoSecCD conference ’04, September
2004, Kennesaw, GA, USA.
[9] Jyh-Chang, and Yu-Ping Wang, “Extensible Authentication Protocol
(EAP) and IEEE 802.1x: Tutorial and Empirical Experience”, IEEE
Radio Communication, December 2005.
[10] L. Blunk and J. Vollbrecht, “PPP Extensible Authentication Protocol
(EAP).” RFC 2284, Mar. 1998.
[11] C. Rigney, S.Willens, A. Rubens, andW. Simpson, “Remote
Authentication Dial In User Service RADIUS).” RFC 2865, June 2000.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 133

Proceedings of ICCNS 08 , 27-28 September 2008
Autonomic System Manager
First A: Karuna C. Gull, Second B: Prof. R. M. Jogdand
Abstract--Autonomic computing is about shifting the burden of
managing systems from people to technologies.
The architecture of Autonomous Computing System reinforces that
self-management uses intelligent control loop implementations to
monitor, analyze, plan and execute leveraging knowledge of the
environment. These control loops can be embedded in resource run-time
environments in the form of self-managing resources or delivered in
management tools. The control loops collaborate using an enterprise
service bus that integrates the remaining four architectural building
blocks: autonomic managers, manual managers, manageability endpoints
and knowledge sources.
Autonomic managers and manual managers communicate with
managed resources through the manageability interface, in the form of a
manageability endpoint, using sensor and effector interfaces.
The project is aiming to develop an Intelligent Control Loop in
Autonomic Manager-which has Self-healing attribute-that automates
these functions-The Monitor, The Analyze, The Plan and The Execute.
To form Intelligent Control Loop following functions must be
automated:
The Monitor collects, aggregates, filters and reports details (the log
file) collected from managed resource (Application in this case).
The Analyse correlates and models complex situations. Helps the
autonomic manager to learn about the IT environment and helps to
predict future situations
The Plan constructs the action needed to achieve goals and
objectives. Uses policy information to guide its work. If suitable actions
are not available in policy information, then present those queries to a
manual manager (IT professional) through SMS or E-mail for evaluation.
Now generates recommended changes to the IT system (Application in
this case).
The Execute changes the behavior of the managed
resource(Application in this case) using effectors based on the actions
recommended by the plan functions.
Keywords-- GSM (Global System for Mobile Communications), IT
(Information Technology), SLA(Service Level Agreements), SMS(Short
message service),
I. INTRODUCTION
What is Autonomic Computing
The term autonomic is derived from human biology. The
autonomic nervous system monitors your heartbeat, checks
your blood sugar level and keeps your body temperature close
to 98.6°F, without any conscious effort on your part. In much
the same way, autonomic computing components anticipate
computer system needs and resolve problems -with minimal
human intervention. However, there is an important distinction
between autonomic activity in the human body and autonomic
responses in computer systems. Many of the decisions made
by autonomic elements in the body are involuntary, whereas
autonomic elements in computer systems make decisions
based on tasks you choose to delegate to the technology. In
other words, adaptable policy—rather than rigid hard
coding—determines the types of decisions and actions
autonomic elements make in computer systems.
F.A. Author is studying in IV Semester M.Tech. (CSE) in Gogte Institute
of Technology, Belgaum, Karnataka, India. (E-mail : karuna_gull@sify.com,
Cell : +919902897445)
S.B. Author is working as Assistant Professor, Department of Computer
Science and Engg., G I T, Belgaum, Karnataka, India. (Cell: +919964084413,
E-mail : sojwal25@rediffmail.com)
Self-management attributes of system components
Autonomic computing was conceived as a way to help reduce
the cost and complexity of owning and operating an IT
infrastructure. In an autonomic environment, system
components—from hardware such as desktop computers and
mainframes to software such as operating systems and
business applications-are self-configuring, self-healing, selfoptimizing
and self-protecting.
These self-managing attributes are defined as follows:
Self-configuring-To adapt automatically to the dynamically
changing environments.
Self-configuring components adapt dynamically to
changes in the IT system, using policies provided by the IT
professional. Such changes could include the deployment of
new components or the removal of existing ones, or a dramatic
increase or decrease in the workload. Dynamic adaptation
helps ensure continuous strength and productivity of the IT
infrastructure, to help ensure business growth and flexibility.
Self-healing-To discover, diagnose and react to disruptions.
Self-healing components can detect system malfunctions
and initiate policy based corrective action without disrupting
the IT environment. Corrective action could involve a product
altering its own state or effecting changes in other components
in the environment. The IT system as a whole becomes more
resilient since the day-to-day operations are less likely to fail.
Self-optimizing-To monitor and tune resources automatically.
Self-optimizing components are able to tune themselves to
meet end-user or business needs. The tuning actions could mean
reallocating resources to improve overall utilization or to
ensure that particular business transactions can be completed
in a timely fashion. This includes adapting to dynamically
changing workloads. Self-optimization helps provide a high
standard of service for both the system’s end users and their
customers.
Self-protecting-To anticipate, detect, identify and protect
against attacks from anywhere.
Self-protecting components can detect hostile behaviors as
they occur and take corrective actions to make themselves less
vulnerable. The hostile behaviors can include unauthorized
access and use, virus infection and proliferation, and denialof-service
attacks. Self-protecting capabilities allow businesses
to consistently enforce security and privacy policies.
Customer Value
Ideally, the IT business operates through a collection of
best practices and processes. The Fig.1 shows an example of a
typical process flow for incident management, problem management
and change management. The actual mechanics of
how these flows are implemented in a particular IT organization
varies but the functionality remains the same.
The efficiency and effectiveness of these processes are
measured using metrics such as elapsed time to complete a
process, percentage executed correctly, and people and mate-
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 134

Proceedings of ICCNS 08 , 27-28 September 2008
rial cost to execute a process. Autonomic systems can positively
affect these types of metrics, improving responsiveness,
reducing “Total Cost of Ownership TCO” and enhancing time
to value through:
Quick process initiation-Typically, implementing these
processes requires an IT professional to initiate the process,
create the request for change, spend time collecting incident
detail and open a problem record. In a self-managing system,
components can initiate the processes based on information
derived directly from the system. This helps reduce the
manual labor and time required to respond to critical situations,
resulting in two immediate benefits: more timely initiation
of the process and more accurate data from the system.
Reduced time and skill requirements-There are tasks or
activities in these processes that usually stand out as skills-intensive,
long lasting and difficult to complete correctly, because
of system complexity. In a change management process,
such an activity is the” change impact analysis task.”And, in
problem management, such an activity is problem diagnosis.
In self-managing systems, resources are built so that the expertise
required to perform these tasks can be encoded or automated
into the system. This helps reduce the amount of time
and degree of skill needed to perform these tedious tasks, since
the tasks can be performed by technology rather than people.
Fig.1 Typical IT Processes can be presented as
autonomic control loops
Architecture of Autonomic Computing System
The building blocks of reference architecture are the architectural
representations of the components in an autonomic
system and they work together to provide self-managing capabilities.
One such composition is illustrated in Fig.2
Fig.2 Autonomic computing reference architecture
Managed Resource is an Entity that exists in the run-time
environment of an IT System and that can be managed.
Example: Server, Storage Unit, Database, Application etc.
Manageability Endpoints or Touch Points implements
the manageability Interface for a specific managed resource or
set of related managed resource. The manageability Interface
for monitoring and controlling a managed resource is
organized into its sensor-used to obtain data from the
resource-and effector–used to perform operations on the
resource. Example: Web Services Distributed Management is
one standard manageability interface.
Autonomic Manager implements an Intelligent Control
Loop. To form Intelligent Control Loop the functions The
Monitor, The Analyze, The Plan and The Execute must be automated.
The Monitor collects, Aggregates, filters and reports
details that were collected from managed resource.
The Analyze correlates and model complex situations.
Helps the autonomic manager to learn about the IT environment
and helps predict future situations. Example: Time Series
forecasting and Queuing model
The Plan constructs the action needed to achieve goals and
objectives. Uses policy information to guide its work.
The Execute changes the behavior of the managed resource
using effectors based on the actions recommended by the
plan functions.
Different Autonomic Managers
Touch Point Autonomic Manager is a single Touch point
manager acting in isolation can achieve autonomic behavior
only for the resources that it manages.
Orchestrating Autonomic Manager is an Autonomic
Manager that works with other Autonomic Manages to
provide coordination functions to deliver system wide AC
behavior. There are two Configurations in this case
1.Orchestrating within a discipline coordinates multiple
touch point mangers of the same type.
2.Orchestrating across disciplines coordinates multiple
touch point mangers that are a mixture of self-configuring,
self-healing, self-optimizing and self-protecting.
Knowledge Source is a standard data shared among the
Monitor, Analyze, Plan and Execute functions of Autonomic
Manager such as Symptoms and policies.
Enter Prize Bus is used to connect various Autonomic
Computing building blocks.
This project is aiming to implement An Autonomic Manager
that automates some management function and externalizes
this function according to the behavior defined by management
interfaces. The autonomic manager is a component that
implements an intelligent control loop. For a system component
to be self-managing, it must have an automated method
to collect the details it needs from the system; to analyze those
details to determine if something needs to change; to create a
plan, or sequence of actions, that specifies the necessary
changes; and to perform those actions. When these functions
can be automated, an intelligent control loop is formed.
As illustrated in Fig.3, an autonomic manager is capable of
automating the monitor, analyze, plan, and execute parts of the
loop, IT professionals might delegate only portions of the
potential automated functions to the autonomic manager. In
Fig.3, four profiles (monitoring, analyzing, planning, and exe-
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 135

Proceedings of ICCNS 08 , 27-28 September 2008
cuting) are shown. An administrator might delegate only the
monitoring function to the autonomic manager, choosing to
have the autonomic manager provide data and recommended
actions that the administrator can process. As a result, the
autonomic manager would surface notifications to a common
console for the situations that it recognizes, rather than
automating the analysis, planning, and execution functions
associated with those actions. Other delegation choices could
allow additional parts of the control loop to be automated.
Fig.3 Functional details of an Autonomic Manager
II. VARIOUS TRANSFORMATION LEVELS OF AUTONOMIC
COMPUTING
An IT deployment model that defines each progressive
level of autonomic maturity. The following list prescribe the
five levels of transformation toward achieving a refined state
of Autonomic Computing, which is required in every on
demand Operating Environment. These levels are as follows:
Level 1: Basic-The starting point where most systems are
today, this level represents manual computing, in which all
system elements are managed independently by an extensive,
highly skilled IT staff.
The staff sets up, monitors, and eventually replaces system
elements.
Level 2: Managed-Systems management technologies can
be used to collect and consolidate information from disparate
systems onto fewer consoles, reducing administrative time.
There is greater system awareness and improved productivity.
Level 3: Predictive-The system monitors and correlates
data to recognize patterns and recommends actions that are
approved and initiated by the IT staff.
This reduces the dependency on deep skills and enables
faster and better decision-making.
Level 4: Adaptive-In addition to monitoring and correlating
data, the system takes action based on the information.
This can be mapped to SLAs, thereby enhancing IT agility
and resiliency with minimal human interaction while insuring
that the SLAs are met.
Level 5: Autonomic-Fully integrated systems and components
are dynamically managed by business rules and policies,
enabling IT staff to focus on meeting business needs with true
business agility and resiliency.
The need is to define, standardize, and integrate an Industry-wide
approach to problem determination to achieve selfhealing
in multi-component environments. This will always
consist of a standards-based approach to data capture, analysis,
and remediation to realize the self-healing aspects, and
would practically be achieved by a phased approach, over
time, represented by incremental levels of increasing autonomic
maturity.
The first step is to get the right data from the system, in a
consistent, standards-based format. The next step consists of
putting a set of symptoms and corresponding actionable causes
in a consistent format, and building tools that can correlate
the data to match against a cross-product, standards-based problem/symptom
database: in other words, autonomic event correlation.
We ultimately want to automate fixing defects by being
able to automate the provisioning of an application with
standardized fixes (or temporary workarounds) based on the
business policies that govern each application.
While we evolve IT infrastructures toward self-healing,
there are many benefits that can be realized and are already
having an impact. Here are two examples: First, the common
format for log entries, submitted as a standard, is dramatically
reducing training time for administrators and providing a
consistent format to evaluate multiple logs together. Second,
automated correlation engines are reducing manual analysis by
providing a programmatic method to correlate the logs that are
adapted to the common format. Fig.4 Shows the autonomic
model.
Fig.4 The various levels involved in creating selfhealing
systems.
For an IT professional to be willing to delegate management
tasks to the system, he or she must have a high degree of
trust in the autonomic management functions. Moving toward
higher degrees of autonomic maturity is an evolutionary
process. One phase of this process involves management
functions that can monitor the IT system for situations of
interest, perform analysis of those situations, generate
recommended changes to the IT system and present those
changes to a manual manager (IT professional) for evaluation.
This phase is an important one, as it enables the IT
professional to build trust in the autonomic management
functions – that is, if the autonomic manager consistently
recommends actions that the IT professional routinely
performs, then the IT professional is likely to become willing
to automate those actions by delegating the corresponding
tasks to the autonomic manager.
III. DESIGN AND IMPLEMENTATION
The approach of the author of this paper is shown in Fig.5
Step-wise proceedings towards the author’s approach.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 136

Proceedings of ICCNS 08 , 27-28 September 2008
Module 1:This module is designed for logging into the
Autonomic System Manager.
Step1:System User enters username and password.
Fig.5 Block Diagram of Autonomic System Manager-
Author’s Approach
Step2:Verification of username and password to be valid, is
carried with Login table.
Step3:If valid jumps to Module 2. Else Allows login settings
for new user.
Module2:Contains design issues of System settings, Administrator’s
settings, Adding symptom catalog to knowledge
source and Path of the log file.
Step1:Autonomic System Manager is reconfigured to get the
POP3 facilities from the particular server for mail exchanges
(Ex: G-mail POP3 service).
Step2:Autonomic System Manager can change the Administrator
settings like cell number or e-mail id for correspondence.
Step3:Autonomic System Manager can change the Customer
settings like cell number or e-mail id for correspondence.
Step4:To increase the knowledge of the Autonomic System
Manager, this provides an user interface to add/delete the knowledge
to the symptom catalog.
Step5:This step is used to enter into the Autonomic System
Manager.
The following modules are used to implement the actual
Intelligent Control Loop.
Module 3:Designed for monitoring to capture data. i.e. To
get the particular log file from Application.
Step1:Enter the path of the log file.
Step2:Reads every line of log file, converts it into author’s
standard format and compares error message with database. If
error message does not exist in the database then it generates
new error code for that message and adds it to the database.
Module 4:Designed for analyzing every line of converted
log file with the help of symptom catalog.
Step1:Reads each line of converted log file, error message is
compared with database entry and extracts the error code and
action number of that error message.
Step2:If action number is “0”, it jumps to Module 5. Else the
action is directly sent to the customer through e-mail or SMS.
Module 5:Designed for planning the action. After performing
analysis of situations, generate recommended changes to the
application if available in knowledge source, else forward
those analysis to the manual manager. (This phase is an
important one, as it enables the IT professional to build trust in
the autonomic management functions).
Step1:It sends an e-mail to Manual manager requesting for the
response in said format “Send response in double quotes with
error code and action number separated by :” .
Step2:It waits for three minutes for the response from Manual
manager.
Step3:If System receives action for error, then sends that
action to the customer through e-mail or SMS and jumps back
to Module 4. Else jumps to Module 6.
Module 6:Designed for sending the SMS using GSM
modem or GSM enabled mobile.
Step1:It sends SMS to Manual manager requesting for the response
in said format “Send response within forward slashes,
with error code and action number separated by : (colon)”.
Step2:It waits for three minutes for the response from Manual
manager.
Step3:If System receives action for error, then sends that action
to the application or end user through e-mail or SMS and
jumps back to Module 4. Else sends action as “No Response”
to the end user and jumps to Module 4 until all the lines of the
log file are addressed.
Module 7:After reading all the lines of log file, this module
is designed to get the new log file or to get the appended old
log file.
Step1:After completion of that log file it has facility to read
the new log file or the appended old log file.
Step2:If new log file then start with first line of that file. Else
begin with next line after the last line of the old log file.
Step3:Jump back to Module 3.
Algorithms used:
1. Algorithm: Basic Steps: Sending Email over SMTP:
Create a java.util.Properties object to pass information about
the mail server, as the JavaMail API allows room for many
settings.
Load the Properties with at least the hostname of the SMTP
mail server.
Create a Session object.
Create a Message from the Session object.
Set the From, To, CC address, and Subject in the Message.
Set the message text into the message body. Finally, use the
static method Transport.send( ) to send the message
2. Algorithm: Basic Steps: Reading Email Using Store:
Get a Session object using Session. getDefaultInstance() and
pass System. getProperties() as the Properties argument.
Get a Store from the Session object.
Get the root folder.
If the root Folder can contain subfolders, list them.
For each Folder that can contain messages, call getMessages(),
which returns an array of Message objects.
Display the headers and let the user select which message to
view
3. Algorithm to send SMS using GSM Modem is:
In our code we need to write externally the Port Number in the
program to which GSM is connected and we also set the
properties of Modem in the program.
The code also checks for the connectivity of GSM by giving
the at command and waits, till it gets an response from modem.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 137

Proceedings of ICCNS 08 , 27-28 September 2008
Modem will response either by sending OK (for proper
connectivity) or Error (for error in the connectivity).
If we get OK signal from modem then it sends the recipient’s
cell number to Modem.
Soon after sending a Cell number on COM Port, an onComm
event within code will automatically triggers itself to check
the status of GSM Modem whether it is in a position to receive
the message or not by accepting a Greater Than(>) sign or
other character.
If event receives a > sign then it is in a ready state to
accept message to be sent.
IV. RESULTS AND DISCUSSION
Fig.6 through Fig.18 show snap shots of the various
implemented modules.
Module designed for logging into the Autonomic System
Manager.
This is used to change the Customer settings like cell
number or e-mail id for correspondence.
Fig.10 For changing the settings of the customer
Providing an user interface to add the to the enter symptom
catalog.
Fig.6 Verification of username and password to be valid
Contains design issues of System settings, Administrator’s
settings, Customer settings, Adding symptom catalog to knowledge
source and Path of the log file.
Fig.11 Adding symptom catalog to the knowledge source
Designed for monitoring to capture data. i.e. To get the
particular log file from Application and for analyzing the
every line of log file by assigning a unique error code for a
new error generated.
Fig.7 Main page to enter settings page.
Contains configuration and setting issues regarding choosing
of particular server for mail exchanges.
Fig.12 Getting the log file of the application by giving the
path and submitting it for the analyzing
Designed for planning the action. After performing
analysis of situations, generates recommended changes to the
application if available in knowledge source, else forward
those analysis to the manual manager. To interact with manual
manager system may send e-mail or SMS.
Designed for sending the e-mail using System Setting.
Fig.8 For changing the settings of the system.
This is used to change the Administrator settings like cell
number or e-mail id for correspondence.
Fig.13 Sending E-mail to the administrator for planning
i.e. prior to taking an action
Designed for getting response from Administrator through
E-mail
Fig.9 For changing the settings of the administrator
Fig.14 Waiting for response from the Administrator.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 138

Proceedings of ICCNS 08 , 27-28 September 2008
Designed for sending the SMS using GSM modem or
GSM enabled mobile.
Fig.15 Sending SMS to the administrator for planning i.e.
prior to taking an action
Designed for getting response from Administrator through
SMS.
Fig.16 Waiting for response from the Administrator.
Designed for sending the response or action as E-mail or
SMS to the customer.
Fig.17 Sending an action/a response as E-mail or SMS to the
customer.
After reading all the lines of log file, this module is designed
to get the new log file or to get the appended old log file.
Fig.18 Getting new or appended log file of application.
V. CONCLUSION
Businesses-small, medium and large-want and need to
reduce their IT costs, simplify the management of complex IT
resources, realize a faster return on their IT investments, and
ensure the highest possible levels of system availability,
performance, security and asset utilization.
Autonomic computing addresses these issues-not just
through new technology but also through a fundamental,
evolutionary shift in the way that IT systems are managed.
Moreover, autonomic computing can free IT staffs from
detailed mundane tasks, allowing them to focus on managing
business processes.
Autonomic computing can be accomplished through a
combination of process changes, skills evolution, new technologies,
architecture, and open industry standards.
The on demand business evolution, incorporating
Autonomic Computing, is not an overnight transformation in
which system-wide, self-managing environments suddenly
appear inside the infrastructure. Autonomic Computing must
be a gradual transformation to deliver new technologies that
are adopted and implemented at various stages and levels.
Thus it is concluded that “the project developed here is a
single touch point autonomic manager -which has self healing
attribute- acting in isolation can achieve autonomic behavior
only for the resource (application in this case) that it
manages.”
VI. FUTURE SCOPE
The project can de extended to develop the following
different kinds of control loops, which may be automated to
have an autonomous effect.
Self-Configuring…To adapt dynamically to the changes-
Deployment of new components or Removal of existing onesin
the environments using policies provided by the IT
professionals. Example: Installation of Software when system
detects that software is missing
Self-Optimizing...To tune resources and balance workloads
to maximize the use of IT resources. Example: By adjusting
the current workload, when it observes an increase in capacity.
Self-Protecting...To anticipate, detect, identify and protect
against threats. Example: By taking resources offline if it
detects an intrusion attempt.
The extension of this project may help to produce a system-wide
autonomic computing behavior in which the selfmanaging
autonomic capabilities delivered by touch point autonomic
managers need to be coordinated. Coordination are
two types. First one is coordination of multiple touch-point
autonomic managers of the same type (one of self-configuring,
self-healing, self-optimizing or self-protecting).and another
one is coordination of touch-point autonomic managers that
are a mixture of self-configuring, self-healing, self-optimizing
and self-protecting. Thus, it is possible to have multiple control
loops managing the same resource. In general, a robust IT
system can have thousands of active control loops at any point
in time.
VII. REFERENCES
[1] An IBM White Paper on ”An Architectural Blue Print for Autonomic
Computing”, 4th ed. June 2006.
[2] IBM Corporation, IT Service Management Standards: A Reference
Model for Open Standards-Based ITSM Solutions, April 2006.
[3] Websites Referred:
http://www.phptr.com/content/images/0131440241/samplechapter/0131
440241_ch03.pdf
ftp://ftp.software.ibm.com/software/tivoli/pdf/itsmstandardsreferencemo
del.pdf
www.ibm.com/autonomic/pdfs/ACwpFinal.pdf
www.3.ibm.com/autonomic/pdfs/ACBP2_2004-10-04.pdf
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 139

Proceedings of ICCNS 08 , 27-28 September 2008
CHAMELEON: AN AGILE FRAMEWORK FOR
ADAPTIVE WEB SITE GENERATION
Abhinay Nagpal, Deepa Ambre, Chinmay Soman, Harshwardhan Mulay
Abstract
The subject of Web mining and personalization has generated a
lot of interest across the research community as well as
industry. The continuous growth in the size and use of the World
Wide Web imposes new methods of design and development of
on-line Information Services. Recommendations are crucial for
the success of large websites. While there are many ways to
determine recommendations, the relative quality of these
recommenders depends on many factors and is largely unknown.
We propose a new classification of recommenders and evaluate
their quality for a sample website. Web navigation is dynamic
and idiosyncratic, by viewing each Web user’s navigation
process on a Web site as a Markov chain; in our work we build
a Markov model of the Web site and search for Maximal
forward Chains using past users’ traversals on the hyperlinks as
their accumulated navigation behavior. We analyze heatmap of
clicks on a HTML page, showing hot and cold click zones and
render the page such that users view the hot zones area on
requesting the page. Our framework Chameleon enhances the
user’s browsing by employing searching and relevance ranking
techniques in acquisition of relevant information and in the
rendering of pages.
1. Introduction
Web personalization is the process of customizing a Web site to
the needs of specific users, taking advantage of the knowledge
acquired from the analysis of the user’s navigational behavior in
correlation with other information [9-10] collected in the Web
context, namely structure, content and user profile data.
Information based model of WWW makes it difficult for users
to navigate and glean essential data [1-2, 11-15].
Recommendations have been used to alleviate the problem faced
by users.
The overall process of usage-based Web personalization
consists of four modules, which correspond to each step of the
process. These are:
1. User profiling: In the Web domain, user profiling is the
process of gathering information specific to each visitor, either
explicitly or implicitly [17-18, 21-22]. A user profile includes
demographic information about the user, their interests and even
their behavior when browsing a Web site. This information is
exploited in order to customize the content and structure of a
Web site to the visitor’s specific and individual needs.
information and discover interesting usage patterns [13-16]. This
process of extracting information concerning the browsing
behavior of the users can be regarded as part of the user
profiling process.
3. Content management: This is the process of classifying the
content of a Web site in semantic categories in order to make
information retrieval and presentation [18-23] easier for the
users. Content management is very important for Web sites
whose content is increasing on a daily basis, such as news sites
or portals.
4. Web site publishing: A publishing mechanism is used in
order to present the content stored locally in a Web server and/or
some information [18, 23-25] retrieved from other Web
resources in a uniform way to the end-user. Different
technologies can be used to publish data on the Web.
Existing research in this domain fails to capitalize on content
management [30-32] and fail to provide an agile framework for
making responsive, dynamic and adaptive web sites. Perkowitz,
Etzioni [26] concentrate only on clustering of resources by
modifying the PageGather Algorithm; it fails to concentrate on
user profiling, log analysis and mouse behavior. Pazzani, Billsus
[27] fail to consider content management and adaptive
reorganization of web pages.
In this work, we develop a system that predicts next page a user
may visit by modeling user's web access pattern to classical
Markov theory [29]. The recommendations made being
dependent on user's past behavior, suit the user in consideration
very well. Section(2.1) discusses creation of development of
such system. Section(2.2) presents way to extract the most
frequently used forward reference chain from user's on-line
behavior. We further try to assist user by using click-stream
analysis in section(3). The following section(4) presents results
obtained by employing methods discussed in this paper to a
demo web-site. Finally we conclude our work with conclusions
in section(5).
2. Link prediction
2.1 Markov Analysis
A Markov process is a stochastic process whose dynamic
behavior is such that probability distributions for its future
development depend only on the present state and not on how
the process arrived in that state [29]. This idea can be
mathematically expressed as:
2. Log analysis and Web usage mining: This is the procedure
where the information stored in Web server logs is processed by
applying data mining techniques in order to extract statistical
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 140

Proceedings of ICCNS 08 , 27-28 September 2008
The equation implies that given the “present” state of the
system, the “future” is independent of it's “past”. The usage
pattern of web site for user can be modeled using the Markov
process implying the only causal influence on the user's choice
of what page to do to next is presumed to arise from the factors
related to current page.
To model the Web site traversal pattern peculiar to user after
Markov process we develop URL-state association, frequency
transition matrix and probability matrix. We also keep track of
the inter-state transitions made by the user.
URL-state Association:
In our approach to link prediction we identify each page with a
unique id. The id is a simple integer. Thus a 'n' page website will
need 'n' states to identify the individual pages. At any point of
time, the user on page 'p' can be considered to be in state 's' if 's'
is associated with 'p'.
Frequency transition matrix (FTM):
A frequency transition matrix can be defined as:
where,
e i,j = k implies, user has made 'k' transitions from state
'i' to state 'j'
Probability Transition Matrix (PTM):
A probability transition matrix can be represented as:
1. Begin
2. State Retrieval:
For a new visitor (a user whose IP
address is not found in the server
database),
initialize his state to the state
current page corresponds to.
Associate zero matrices PTM,
FTM with him and initialize
num_trans = 0 for him.
For a existing user(a user whose IP
address is found in the server database),
extract his PTM, FTM and
num_trans from the database.
Initialize the current state of user
to the state the current page
corresponds to.
3. State Update:
For each transition made by user from
state 'i' to state 'j' do,
His current state is updated to the state
his current page represents.
i. Increase user's
num_trans by 1
ii.
Increase the e ij element
in FTM by 1
iii. Update the probabilities
in PTM
4. Display the web url associated with state
'k' such that, p jk is maximum.
5. State Storage:
Store the user associated data structures
in the server database.
6. End
Algorithm (1) Using Markov Chain to predict the next page
where,
p i,j = m implies, the probability that the user will make
a transition to state j, given current state is i, is 'm'
Now consider the application of above algorithm for web usage
graph shown in figure below where each of the circle is
representative of a state (web page).
Number of transitions (num_trans):
'Number of transitions' represent the times a user has changed
his state.
Web-page prediction:
Afore mentioned data structures are used in predicting web page
the user will visit next. Representatives of user's behavior, PTM,
FTM and num_trans, are maintained persistently on the web
server using a database (eg. MySQL). The stored data is indexed
according to user id (IP address in our case). The following can
be used to predict the web page user will visit next:
Figure (1) A sample web site hierarchy
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 141

Proceedings of ICCNS 08 , 27-28 September 2008
When the user is in state 1 after access pattern 1-2-6-2-1-3-7-3-
1-2-6-2-1, the num_trans will be 12,non-zero elements of FTM
will be,
e 1,2 = 2, e 2,6 = 2, e 6,2 = 2, e 2,1 = 2, e 1,3 = 1, e 3,7 = 1, e 7,3 = 1, e 3,1 =
1
Based on elements of FTM, the non-zero elements of PTM will
be,
p 1,2 = 0.17, p 2,6 = 0.17, p 6,2 = 0.17, p 2,1 = 0.17, p 1,3 = 0.083, p 3,7 =
0.083, p 7,3 = 0.083, p 3,1 = 0.083
Based on the PTM, the Markov chain usage will predict that it is
probable for the user in state '1' to go to state '2'.
2.2 Most Frequent Maximum Forward Chain (MFC)
Prediction:
A maximal forward reference of a Web user is a longest
consecutive sequence of Web pages visited by the user without
revisiting some previously visited page in the sequence [30-31].
A most frequent maximal forward reference is a MFC sequence
most frequently followed by the user.
Most frequent MFC is a property associated with user's web
access pattern. Displaying most frequent MFC that originates at
the current page [21, 23-25] the user is on exposes the usage of
user to himself, thereby reducing the memory load of user and
making the navigation [7] simpler for user. Using the PTM
developed in section(2.1) and keeping track of user's MFC can
help in predicting the most frequent MFC in following way:
Tracking MFC:
We keep a track of the MFC that gets developed when the user
browses a website. These MFCs are stored in the database
associated to the user id. The MFC tracking art can be seen in
[30, 32-33].
Predicting frequent MFC for a user:
Let us represent a MFC stored in database as a sequence of
states: S a1 S a2 ...S ak . Let 'A' be the set of MFCs the user has used
until now. Let the user be in state 'm'
Referring back to the model web site demonstrated in fig(1), if
the user ends up in state '1' after a web-site traverse pattern like
1-2-6-2-5-10-5-2-6-2-5-10-5-2-1, then the num_trans will be 14.
The non-zero elements of FTM will be,
e 1,2 = 1, e 2,6 = 2, e 6,2 = 2, e 2,5 = 2, e 5,10 = 2, e 10,5 = 2, e 5,2 = 2, e 2,1
= 1.
Based on the value of FTM, the non-zero elements of PTM will
be,
p 1,2 = 0.07, p 2,6 = 0.14, p 6,2 = 0.14, p 2,5 = 0.14, p 5,10 = 0.14, p 10,5
= 0.14, p 5,2 = 0.14, p 2,1 = 0.07.
Here the forward chains that user has visited will be 1-2-6 and
1-2-5-10. Both these chains have been visited by the user 2
times but the algorithm(2) will predict 1-2-5-10 as the possible
maximum forward chain that user may re-traverse when he is in
state '1', eventually giving longer chain a preference in case the
k-step transition probability from the present state is same for
two or more chains. In this case both 1-2-6 and 1-2-5 have same
probability with k = 3.
1. Begin
2. Let M=Ǿ
3. For each MFC 'c' in 'A',
if c is a sequence s.t. it contains the state
S m then,
M = M Ú s where s = substring of c
starting from the current state S m
4. selectedChain = Ǿ
5. For each MFC 'c' in M
i. minTrans =
minimum(length(selectedChain),
length(c))
ii. P selectedChain =
p a(i),a(i_+1) *p a(i+1),a(i+2) *...*p a(minTrans-
1),a(minTrans) where,
ai = the current state,
p ai,a(i+1) represents the probability of
user making a transition from
state 'ai' to 'a(i+1)'. This
probability can be obtained from
PTM
iii. P c =
p a(i),a(i_+1) *p a(i+1),a(i+2) *...*p a(minTrans-
1),a(minTrans)
iv. if P c < P selectedChain , selectedChain =
c
v. if P c = P selectedChain , selectedChain =
longer chain of selectedChain and
c
6. Display the selectedChain as the most
probable MFC to user
7. End
Algorithm (2) Prediction of frequent MFC
In the WWW, objects (i.e. webpage) are linked together and
users travel through them back and forth in accordance with the
links and icons provided. Therefore, some node might be visited
only because of its location, not content[26-27]. This is easily
understandable. For example, when the user wants to reach a
sibling of the current webpage he/she is viewing, he/she is
usually inclined to use the “BACK” button on the browser or if
provided, the “backward” button on the page, then continue
selection on the links on the parent node. Consequently, to
extract the frequent itemsets from the server log database, we
will have to take into consideration such backward traversals
that are not needed in our research [30-33]. Informal statistics
research has shown that only a very small amount of backward
moves are made because of webpage contents. So we can safely
rule them out.
Specifically, a backward reference means revisiting a previously
visited object in the same user session [10, 14, 19]. Whenever
there is a backward reference, a forward reference path is
terminated. This resulting forward reference path is termed a
maximal forward reference.
After a maximal forward reference is obtained, we shall go back
to the starting point of the forward references and get ready for
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 142

Proceedings of ICCNS 08 , 27-28 September 2008
collecting another forward path. Also, the occurrence of a null
source node also indicates the termination of current forward
reference path.
transitionmatrix Object
(
[freq_matrix] => Array
(
[0] => Array
(
[0] => 0 [1] => 5
[2] => 0 [3] => 1
[4] => 0 [5] => 3
)
[1] => Array
(
[0] => 3 [1] => 0
[2] => 2 [3] => 0
[4] => 0 [5] => 1
)
[2] => Array
(
[0] => 0 [1] => 0
[2] => 0 [3] => 2
[4] => 0
)
[3] => Array
(
[0] => 0 [1] => 1
[2] => 0 [3] => 0
[4] => 1 [5] => 1
)
[4] => Array
(
[0] => 1 [1] => 0
[2] => 0 [3] => 0
[4] => 0 [5] => 1
)
[5] => Array
(
[0] => 4[4] => 1
)
)
Figure(2) Sample Output showing Transition Matrix
Determination of these most visited sections mandates a click
stream analysis of that particular web page.
3.1 Methodology:
3. Click Stream Analysis
The general internet users have a very peculiar pattern when it
comes to reading the web pages. Users normally read in an F
shaped pattern [28], with their eyes rapidly moving across the
contents, in a horizontal and vertical manner. The implications
of this pattern are significant from the point of view of content
design. There are some areas within the web site that receive
more attention than others, [9-10,12-14] particularly when these
areas comprise of visual entities like images, diagrams,
advertisements and so on. However, in case of web sites having
a large number of text sections, the most visited section is often
the most informative one. If we can draw the user’s attention to
these “popular” sections [32-, 33] at the moment when the page
loads, it would greatly enhance the utility of that web page.
Algorithm (3) Determination of most visited section using click
stream analysis
Logs are maintained for each of the sections of the web page
visited by the users. These logs contain following information –
i. Click frequency
ii. Click interval
iii. Section type
iv. Container element (if any)
v. Anchor tag name attribute (if any)
vi. Section position, size
The click frequency and click interval values are used in
determining the most visited section. The other properties are
stored along with these fields, so that the next time any user
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 143

Proceedings of ICCNS 08 , 27-28 September 2008
visits this page, we can highlight the popular section by
manipulating its properties.
For sake of demonstration, we focus on the Wikipedia pages for
click stream analysis (Table 1). A distinct property of these
pages is that the sections have a clearly defined anchor tag name
attribute. We store this information in the log, along with the
click frequency and click interval to highlight the most visited
section.
Section
Click_
frequency
Click_
interval
(seconds)
Wsec i
1 5 4 4.6
2 3 2 2.6
3 1 5 2.6
4 2 5 3.2
5 5 3 4.2
6 4 2 3.2
Table (1) Wikipedia pages click stream analysis
4. Results
As a part of our study, we hosted Wikipedia pages on a college's
web server, to track user actions when browing through the
same. Following graphs depict the enhancement in ergonomics
of the web sites by using our system – Chameleon. As observed
in the first graph when the number of page hits is at its peak, the
number of user actions expended is of factor 0.475, when this
tool is not used. In the presence of Chameleon this figure goes
down to 0.38, which is testimonial to the ability of this system in
serving the user's needs.
Therefore, max(Wsec i ) = 4.6. Hence, most popular section is
‘Section1’. In this case, we use the anchor tag name attribute of
section 1, to display section 1 automatically when some user
visits this page next time. This is done by redirecting to the
following URL:
#
Where, URL is the actual URL of the web page under
consideration.
Figure (3) Number of Actions per user vs. number of hits
In general, the stored properties of the most visited section can
be used to highlight the same. This can be done by various
methods:
1. Rearranging the section in the DOM node hierarchy,
to make it appear at the top.
2. Highlighting the section using explicit visual
indicators.
Figure (4) Number of Actions per user vs. number of hits using
Chameleon
Figure (2) Click Stream Analysis Overview
The overall system operation is given in the following figures.
The Markov chain analysis and maximum forward chain
prediction mechanisms are responsible for generating the
recommendation links, as shown in figure(5).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 144

Proceedings of ICCNS 08 , 27-28 September 2008
The figures also depict the capability of the click stream analysis
in customizing pages for different users. The heat maps
generated by the user clicks are shown in color. This
information, regarding user focus areas is used by the system in
highlighting the most popular sections as shown in figures (5)
and (6).
Figure (7) section is automatically loaded by using the anchor
tag name attribute
Figure (5) Markov Analysis and MFC prediction
5. Conclusion
Figure (6) Click Heat Area
Figure (7) is a snapshot the paragraph on “economy” is the
most visited, evident from the heat map. Consequently, next
time when some user visits this page, the “economy” section is
automatically loaded by using the anchor tag name attribute.
This system has been implemented using PHP, Apache Web
Server, MySQL and AJAX. For representation of the heat zones
GD2 library has been used. The framework supports use of
cookies and server logs for user tracking. Thus the framework
has been implemented using portable technologies and can be
deployed across all popular platforms.
Figure (8) User Satisfaction graph
This paper presents an agile framework for an adaptive web site
A survey of the study showed that 67% of users found the
recommendations and the dynamic rendering to be very useful
about 14% of users were unsatisfied and 19% of users did not
have any opinion.
This clearly demonstrates that automatic personalization
provided by the framework is successful and is scalable. In the
future we will incorporate user clustering and extend the
framework for PDA’s and mobile phones.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 145

Proceedings of ICCNS 08 , 27-28 September 2008
6. References
[1] Chakrabarti, Dom, Kumar, “Mining the link structure of the
World Wide Web,” IEEE Computer, 32(8), August 1999
[2] Principles of Data Mining, Hand, Mannila, Smyth. MIT
Press, 2001.
[3] Link Analysis in Web Information Retreival, Monika
Henzinger. Bulletin of the IEEE computer Society Technical
Committee on Data Engineering, 2000.
[4] Slides from Data Mining: Concepts and Techniques, Jan and
Kamber, Morgan Kaufman, 2001.
[5] J. Srivastava, R. Cooley, M. Deshpande, Pang-Ning Tan,
Web Usage Mining: Discovery and Applications of Usage
Patterns from Web Data, SIGKDD Explorations, Vol. 1, Issue 2,
2000.
[6] B. Mobasher, R. Cooley and J. Srivastava, Web Mining:
Information and Pattern Discovery on the World Wide Web,
Proceedings of the 9th IEEE <strong>International</strong> <strong>Conference</strong> on Tools
with Artificial Intelligence (ICTAI'97), November 1997.
[7] B. Mobasher, Namit Jain, Eui-Hong (Sam) Han, Jaideep
Srivastava. Web Mining: Pattern Discovery from World Wide
Web Transactions. Technical Report TR 96- 060, University of
Minnesota, Dept. of Computer Science, Minneapolis, 1996
[8] R. Cooley, P. N. Tan., and J. Srivastava. (1999). WebSIFT:
the Web site information filter system. In Proceedings of the
1999 KDD Workshop on Web Mining, San Diego, CA.
Springer-Verlag, in press.
[9] R. W. Cooley, Web Usage Mining: Discovery and
Application of Interesting Patterns from Web data. PhD Thesis,
Dept of Computer Science, University of Minnesota, May 2000.
[10] Cooley, R., Mobasher, B., and Srivastava, J. Web Mining:
Information and pattern Discovery on the World Wide Web.
IEEE Computer, pages 558-566, 1997.
[11] N. Good, J. Schafer, J. Konstan, A. Borchers, B. Sarwar, J.
Herlocker, J. Riedl, Combining collaborative filtering with
personal agents for better recommendations, in: Proc. AAAI-99,
Orlando, FL, 1999.
[12] S. Hanson, M. Bauer, Conceptual clustering, categorization,
and polymorphy, Machine Learning 3 (1989) 343–372.
[13] T. Joachims, D. Freitag, T. Mitchell, Webwatcher: A tour
guide for the World Wide Web, in: Proc. IJCAI-97, Nagoya,
Japan, 1997, pp. 770–775.
[14] R. Khare, A. Rifkin, XML: A door to automated Web
applications, IEEE Internet Computing 1 (4) (1997) 78–87.
[15] J. Kleinberg, Authoritative sources in a hyperlinked
environment, in: Proc. 9th ACM-SIAM Symposium on Discrete
Algorithms, 1998.
[16] Etzioni, O. The world wide web: Quagmire or gold mine.
Communications of the ACM, 39(11):65-68, 1996.
[17] Kosala, R. and Blockeel, H. Web Mining Research: A
summary. SIGKDD Explorations, 2(1):1-15, 2000.
[18] Fayyad, U., Djorgovski, S., and Weir, N. Automating the
analysis and cataloging of sky surveys. In Advances in
Knowledge Discovery and Data Mining, pages 471-493. AAAI
Press, 1996.
[19] Langley, P. User modeling in adaptive interfaces. In
Proceedings of the Seventh <strong>International</strong> <strong>Conference</strong> on User
Modeling, pages 357-370, 1999.
[20] Madria, S.K., Bhowmick, S.S., Ng, W.K., and Lim, E.-P.
Research issues in web data mining. In Proceedings of Data
Warehousing and Knowledge Discovery, First <strong>International</strong>
<strong>Conference</strong>, DaWaK ‘99, pages 303-312, 1999.
[21] Masand, B. and Spiliopoulou, M. Webkdd-99: Work-shop
on web usage analysis and user profiling. SIGKDD
Explorations, 1(2), 2000.
[22] Trawling the web for emerging cyber-communities (1999)
Ravi Kumar, Prabhakar Raghavan, Sridhar Rajagopalan,
Andrew Tomkins, WWW8 / Computer Networks.
[23] Finding Related Pages in the World Wide Web (1999)
Jeffrey Dean, Monika R. Henzinger, WWW8 / Computer
Networks.
[24] A System for Collaborative Web Resource Categorization
and Ranking, Maxim Lifantsev.
[25] A Study of Approaches to Hypertext Categorization
(2002) Yiming Yang, Sean Slattery, Rayid Ghani, Journal of
Intelligent Information Systems.
[26] Mike Perkowitz and Oren Etzioni. Adaptive web sites:
Conceptual cluster mining. In Sixteenth <strong>International</strong> Joint
<strong>Conference</strong> on Articial Intelligence, Stockholm, Sweden, 1999.
[27] Pazzani, M., and Billsus, D. Adaptive Web Site Agents. In
Proceedings of the Third <strong>International</strong> <strong>Conference</strong> on
Autonomous Agents (Agents'99) (1999).
[28] Jakob Nielsen,
“http://www.useit.com/alertbox/reading_pattern.html” F-shaped
pattern for Reading Web Content.
[29] Kishore S. Trivedi Probability and Statistics with
Reliability, Queuing and Computer Science Applications
[30] Chen, M.S., Park, J.S. & Yu, P.S. (1998). Efficient data
mining for path traversal patterns. IEEE Transactions on
Knowledge and Data Engineering. 10(2), 209-221.
[31] Cooley, R., Mobasher, B. & Srivastava, J. (1999). Data
preparation for mining world wide web browsing patterns.
Journal of Knowledge and Information Systems}, 1(1), 5-32.
[32] Z. Chen, R. Fowler, A. Fu, C. Wang: Efficient Web Mining
for Traversal Path Patterns.
[33] D. Xing: Algorithms for Web Page Traversal Pattern
Mining.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 146

Proceedings of ICCNS 08 , 27-28 September 2008
X-Server Database: Strong RDBMS for
Wired and Wireless Network
Prof. Prakash Devale, Mr. Pritesh Patil
Abstract- Nowadays XML is being used as an
underlying technology for most of the transactions on the
internet. XML is widely used for Database Storage.
Most of the leading product developed companies use
XML as their Metadata framework. This work started
with a goal to manage XML data and to provide security
to XML data while wired or wireless data transfer. It
helps in storing, managing, publishing, retrieving data
from Database in XML format and updating stored data
in XML documents. The databases are normalized upto
3NF. There are different workspaces of this work. First is
a SQL Manager, which helps to retrieve and manage data
from XML documents, second is Relationship Builder
which helps in establishing the relationship between the
relations, and User Management and Security which
helps in creating users or clients of the database and to
assign security and privileges. Major feature of our
database is its platform independence, which would help
us to us this database with different environments which
supports JAVA, for example we can install the database
server on LINUX and on Windows or LINUX clients.
Keywords- Query Analyzer, Relationship, Client-server
based database, Encryption, Enterprise Manager
I. INTRODUCTION
MAKING a cross-platform tool was a challenge
some 10 years ago, but this has totally changed
now. In 1993 when Sun Microsystems introduced
the JAVA platform, making platform independent
software’s was a breeze. The slogan “Compile
once, Run anywhere” could be heard, thanks to
Java. Not only does Java provide the capabilities to
make the software run on many platforms, but also
as a programming language it is very superior to its
contemporaries.
X-Server database is a Client – Server
based Database. It is more user-friendly, easy to
retrieve data and easy to access the database for
both the programmer and the client or end user.
Prof. Prakash Devale is with IT department of Bharati
Vidyapeeth University, Pune-43 (Phone: +91-20-24220697
email: Prakash_devale@yahoo.com)
Mr. Pritesh Patil is with Computer Engg. Department of Bharati
Vidyapeeth University, Pune-43 (Phone: +91-9975850134 email:
p.patil.k@gmail.com)
It is used to create database, tables, query and the
reports. User can view the database, create the
tables and analyze the query and after all he can
make reports on the basis of tables and with respect
to their queries.
For Creating, accessing and maintaining
the database, User should have permissions from
the Server. Server granted the permissions and after
that client (user) can do what he wants to do. Client
can view only the encrypted form of data because
of all the data are maintained in the XML database
in Encrypted form what a client can never perceive.
For the security point of view it has particular users
with their passwords who are the authorized
persons who can access the database. This is query
analyzer database to which multiple users can
access at the same time with no restrictions. It is a
platform independent database and more
economical than any other databases.
The database proposed in this paper is
platform independent. XML Metadata framework is
the key feature, by which one can deal with data
within very less time and accurately [1]. At
different level the security issues have been
considered. In terms of putting the join between
two tables or databases in proposed database which
works on XML metadata framework means the
XML files containing data, we have considered
primary key and foreign key concepts [1,3,5].
Our database provides inbuilt GUI forms
for handling different application which requires
third party backend. It also provides auto report
generation facility. For secure delivery of records
on the network the database proposed in this paper,
it provides the encryption strategy.
II. SCOPE
The future extent of this SQL Query Analyzer is too
extensive to comprehend. Today the IT Industries
demand for effective environment and efficient
tools. They want to specify the following strategies
before implementing the software needs. XML
Database helps professionals and the Corporate to
record and maintain the data into the database.
Even Corporate uses the database like Oracle
[12,13,14], MS – Access, SQL Server and
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 147

Proceedings of ICCNS 08 , 27-28 September 2008
MySQL[8] for accessing, retrieving and
maintaining data into the database, but for these
databases user should have absolute knowledge
about the Commands of Structured Query
languages and should be well trained in accessing
the granting permissions from the server. For using
the above specified databases Corporate has to pay
the respected amount as per the Company rules and
regulations for getting the registration from the
authorized Database Companies. Installation cost,
maintenance cost and the implementation cost can
affect the company’s production cost. This database
is a platform independent server database and can
be used with free of cost platform provided by the
Sun Microsystems.
Scope of X- Server application is to provide a XML
based Data Server, which will have a provision to
store data in XML format [2,4]. X- Server provides
a tool for:
1. Storing metadata
2. SQL Manager to handle DDL and DML
statements
3. Creating indexes on XML data
4. Handling XML data through Cache
Mechanism
5. Middleware to act as an interface to SQL
Manager to parse SQL statements and pick
data from XML metadata.
The clients using X-Server database are assumed to
have the knowledge of SQL to use Query analyzer
of SQL Manager for accessing the data. No existing
applications need to be modified on the client side.
Users login to the system by providing the
username and password and then interact with the
system and other optional parameters.
Use of SAX: SAX is an interface that allows us to
write applications to read the data held in an XML
document. It is primarily a Java interface.
Use of JDOM: JDOM is an open source, treebased,
pure Java API for parsing, creating,
manipulating, and serializing XML documents.
IV. SYSTEM ARCHITECTURE
This section describes the X-Server Database
architecture defining major tiers comprising that
architecture. The architecture of the database
proposed in this paper is the very simple to
understand and implement, figure 1 shows the
architecture of X-Server database.
Client connects to X-Server entering all necessary
details such as Server Name, Login and password.
After connecting Client sends or receive content of
XML Documents via SQL Manager. Server fetches
request made by Front End for processing, parses
the request and then processed request is given
back to Client in the form of Response.
Administrator takes care of User Management by
creating, editing and deleting users.
Client
X- SERVER
User
Repository
Content
(XML)
Repository
III. TECHNOLOGY OVERVIEW
Java: Java language is used due to its powerful
features such as it is simple to understand, highly
object oriented, robust, secure, architecture neutral,
portable, multithreaded and dynamic.
XML: XML stands for extensible Markup
Language. The word “extensible” implies that a
developer can extend his ability to describe a
document, and define meaningful tags for his
application XML is used to generate dynamic
contents.
Databases: The study of databases like SQL-
SERVER, ORACLE [9,10,11], MySQL [6,7] are
done in the aspect of manipulating the stored data
by their respective query language.
Figure 1. Physical structure of X-Server Database.
The detailed system design consists of different
components of the system and the primary
responsibilities and/or behavior of this component.
All kinds of services it provides to its clients. The
connection module connects X-server Client to X-
Server. SQL manager accepts the options for
building and executing the query. User module is at
Client end. Responsibilities of this component are:
i. Access to SQL Manager
ii. Save the Query
iii. Choose mode of result display i.e. Grid or file.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 148

Proceedings of ICCNS 08 , 27-28 September 2008
V. DATABASE DESIGN
X-server database design process includes the
designing of SQL manager, Data storage section,
Relationship builder, security, GUI design of
database.
A. SQL MANAGER:
To establish the connection with respective
database.
Parse the query in proper syntax. (It contains
“syntax.xml” which is used for syntax
checking).
Execute the query.
Display the result in grid or in file format.
Provide option for saving the query so formed.
All syntax’s for DDL as well as DML Queries are
stored in “syntax.xml” file.
Example syntax:
B. DATA STORAGE:
With the popularity of XML, most of the
servers need to work with and store XML data.
Example .xml file format:
DatabaseName
C. Relationship Builder
Relationship Builder of X-server builds
relation between two XML documents,
implementing the concepts of primary and foreign
keys. It is a tool to facilitate joining two XML files
based on attributes common in both files. The
attribute in one xml file is a primary key and it gets
related to some attribute in other xml file, which is
a foreign key.
D. GUI Design
This section describes the X-Server
architecture defining major layers comprising that
architecture. Front End can be any Form Template
Designer or application that sends or receive XML
Documents. Like other Servers, X-Server also has
Service Providers- Request and Response, which
are implemented via Java Classes. Server fetches
request made by Front End for processing and then
processed request is given back to Client in the
form of Response. X-server provides standard API
for processing XML based information and way of
passing XML documents and non-XML documents
to and from Server. API will consist of different
classes written in Java using OOPS concepts, which
are used for connecting to database, executing
queries and displaying the result. Figure 1 below
explains the architecture of the project.
E. General constraints
Availability or volatility of resources:
Volatile resources such as main memory
must conform to the current standard configuration.
The software will be handling files occupying
memory of the order of megabytes.
Security requirements:
The system will be password protected.
Since multi-user feature is disabled the sole purpose
of the password is for security reasons.
Memory and other capacity limitations:
The software will be handling files
occupying memory of the order of megabytes.
Sufficient volatile and non-volatile memory does
become a constraint.
F. User Management
This module helps in managing users by
Creating users, Editing users, Deleting users,
assigning/ editing their passwords.
G. Security
Server will provide its own authentication
features to authenticate users via facility of XML
Encryption/Decryption, which ensures that,
unauthorized individuals or intruders cannot access
important documents. Figure 2 shows the detailed
internal structure of X-server database of figure 1.
X-server database provides a complete
GUI to handle all activities performed by the clients
or users. Users can perform the activities according
to the privileges they obtain. At the time of adding
new users administrator can assign minimum to
higher level privileges. The relations created by
using X-server database are normalized upto higher
level of normalization.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 149

Proceedings of ICCNS 08 , 27-28 September 2008
Figure 2. X-Server Database internal architecture
VI. SCREEN SHOTS
Figures 3(a, b, c) shows some of the screens of the
proposed database.
Figure 3(a) Table View of Database
Figure 3(c) User View of database.
Figure 3(b) SQL Manager view
VII. CONCLUSION
XML has become very popular in various Web and
platform independent applications. There is an
increasing need to store XML documents. This X-
Server will provide an efficient way to store,
maintain, publish and exchange XML documents.
Although
its possible to store XML in the form of text files,
or to extract the data from structured XML and
store it relationally, neither solution is as potential
as X-Server Database. The X-server uses core
XML services such as a SAX Parser and JDOM.
These provide the core services for parsing the
incoming document to determine the appropriate
class and method to call, as well as getting the data
out of the XML format for manipulation by the
database. X-servers will provide an important
building block for the next generation of Web
applications.
VIII. REFERENCES.
[1] Using Stylus Studio to Deploy XML Data Services: A
Zap Think.
[2] Building XQuery Based Web Service Aggregation and
Reporting Applications.
[3] An XML Schema Tutorial: Practical XML Schema
Development.
[4] SQL/XML, XQuery, and Native XML Programming
Languages.
[5] FIXML Tutorial: Working With Complex Message Sets
Defined Using XML Schema.
[6] MySQL: The Best Choice for Modern Online Database
Applications Enterprise.
[7] A Guide to Database High Availability.
[8] MySQL High Availability Solutions.
[9] http://docs.oraclewhitepapers.com/oraclewhitepapers/totalrecall.
[10] http://docs.oraclewhitepapers.com/oraclewhitepapers/nextgeneration-soa.
[11].http://docs.oraclewhitepapers.com/oraclewhitepapers/jdevel
oper
[12].http://docs.oraclewhitepapers.com/oraclewhitepapers/databa
se10g_release2.
[13].http://docs.oraclewhitepapers.com/oraclewhitepapers/acade
micenterprise.
[14].http://docs.oraclewhitepapers.com/oraclewhitepapers/fusion
middleware.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 150

Proceedings of ICCNS 08 , 27-28 September 2008
Transliteration Approach for Customizable
Localization
Sanjesh S. Pawale, Manikrao L. Dhore, Mahesh R. Dube, Ashutosh M. Kulkarni
Abstract—This paper explains the use of transliteration approach for
customizable localization support in small scale systems. Indian
languages like Hindi and Marathi which are based on Devanagari
Script are considered by using customizable Localization support
with the use of translation memory. This work addresses supporting
the user to input and retrieve the data in Hindi or Marathi languages
on the fly; whereas the data will be stored in database in default
language, English. When a user wants to see the data in Hindi or
Marathi, middleware will read the English data from the server or
from keyboard and transliterate it into Devanagari script and display
it to user. This transliteration from English to Devanagari will be on
the fly. The transliterated data is not getting stored anywhere. This
method solves the problem of web page translation such as
consumption of extra space on web server as well as complexity in
web pages. This approach provides safe and cost effective method of
localizing existing and new web pages stored on web server from
English to Hindi or Marathi language using Devanagari script.
Keywords—Localization, middleware, on the fly conversion,
translation Memory, transliteration approach.
I. INTRODUCTION
In the era of globalization, Internet evolved as a powerful and cost
effective medium of communication and information sharing. Mass
Scale data is available within few clicks irrespective of location i.e.
on anytime anywhere basis. Internet has become global
communication medium of choice. Internet is global medium of
communication and information sharing. English is the dominant
language for the World Wide Web. The number of internet users is
steadily growing. In India, there are more than thirty official
languages spoken or used. It is obvious that a site in the native
language will be more appealing and easy to use. Localization is a
concept in which the interaction with the application including all the
commands is done in the specific language. This calls for major
enhancements to the system software to allow interpretation of text
strings in different languages. Hence an application supporting
localization for a language can provide an effective user interface in
that language. Localization is not just translation, its modification of
Sanjesh S Pawale is a Research Scholar at Department of Computer
Engineering, Vishwakarma Institute of Technology, Pune (phone:91-20-
24202110) (email: sanjeshpawale@yahoo.com).
Manikrao L. Dhore is with Vishwakarma Institute of Technology, Pune as
Assistant Professor in Computer Engineering (phone:91-20-24202133) (email:
manikrao.dhore@vit.edu).
Mahesh R. Dube is with Vishwakarma Institute of Technology, Pune as
Assistant Professor in Information Technpology (phone: 91-20-24202116)
(eamil: mahesh.dube@vit.edu).
Ashutosh M. Kulkarni is with Vishwakarma Institute of Technology, Pune as
Reader in Master of Computer Application (phone:91-20-24202268) (email:
ashutosh.kulkarni@vit.edu).
the product or service so that it becomes optimised for local market.
The only constraint for this is linguistic barrier and the solution to the
problem is Localization using <strong>International</strong>ization, it will open the
doors of the information and communication centers for those who
are not comfortable with the conventional language of the system.
The existing approach is to replicate the HTML web page in several
languages depending on the targeted audience but this approach
suffers with the problem of web page updating and redundancies.
Modifying the default web page contents needs to modify all the web
pages in alternative languages and as the same web page needs to be
stored in number of languages increases the redundancy and wastage
of server space.
Although the web has predominantly been an English-centred
medium, leading companies identify that 90% of their market outside
the US is non-English speaking and web users are four times more
likely to purchase from a site that communicates in the customer’s
language. Nearly one in four Americans speaks a language other than
English at home, the Census Bureau says, an increase of nearly 50
percent during the past decade.[6] So for increasing sales and market,
it is needed to provide web pages to clients in their native language.
Even though English is main business language, over 100 million
people access the Internet in a language other than English. Only
38% of web users use English as a language for internet. Rest all use
their own native languages. English is a language mainly used in
USA, but in country like India the percentage of English language
users is less. According to ITU, Dec.2001, this percentage is just 7%
in India [7]. Web users are more sensitive towards the site which
communicates in their own native language.
1. Problem
For increasing market and providing user-friendly interface to
clients, previously addressed web page translation technique has risks
like complexity in updating existing web pages and consumption of
extra space on web server for storing translated target language web
pages. In case of multilingual web sites using translation technique,
the original English web pages are translated into languages in which
website is providing access to clients. But if some changes made to
original web page then changes should be performed in all translated
web pages also. If change performed in original web page is not
updated in a way it is desired, then all corresponding translated web
pages will display incorrect / inconsistent information to clients.
Moreover there is no system at present which handles the dynamic
data submitted by client in his native language, in such case the static
language localization is an incomplete solution to the problem.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 151

Proceedings of ICCNS 08 , 27-28 September 2008
2. Current Solution
The existing tools can be categorized into Web Page Localization
Tools and Client side Localization Tools. Client side language
localization tools are installed on the client side as an add-on
component of the browser, it has options for few user specific
languages and when user gets page in some other language, user
requests for localization and gets the localized page but the drawback
is its standalone. Also there are too less options for localization as it
supports two or three languages only.
Some dynamism is added by the Web Page Localization tools, which
is server-side component, encapsulated with the server itself. In this
case client request for localization, this request goes to server; it
processes the request and responds with the same page with
requested language. But the drawback is that page referenced is static
and stored in server already. Shortcomings of this method are no
dynamism, and it is a time consuming process. This is overcome by
localization on the fly concept.
3. Proposed solution
The basic difference between English and Devanagari is, Devanagari
is having 12 Vowels and 36 consonants. Each consonant has 12
variations. This produces about 432 different alphabetical characters
(glyphs). It has 10 numerals similar to English; Whereas English has
only 26 alphabets. The alphabetical complexity of Devanagari is
more than English. Devanagari script does not have separate Capital
and small alphabets as in English. Devanagari is not having tradition
of making acronyms and short forms as practiced in English. In
English, one tends to drop vowels for speed of typing e.g. ‘tbl’ for
‘table’ or ‘u’ for ‘you’ or ‘r’ for ‘are’. In Devanagari vowels are
integral part of consonants and therefore they can not be separated or
dropped for making short forms [19].
English alphabets do not alter their basic shapes, whereas, a
Devanagari alphabet alters itself drastically with addition of Matra
and Conjuncts. English Script does not encode the conjuncts but they
are pronounced in speech. But Devanagari script encodes the
conjuncts exactly the way one would pronounce it. English alphabets
are designed with basic geometric shapes like vertical, horizontal,
diagonal and circular lines. It also uses lot of symmetric shapes. On
contrary, Devanagari alphabets have asymmetric, free flowing and
highly intricate shapes [19].
The proposed system aims at analyzing and enhancing Indian
languages specially Hindi and Marathi to adapt Transliteration
approach through the development of middleware. The middleware
will support the user to input and to retrieve the data in Hindi or
Marathi languages, whereas the data will be stored on server / central
database in default language, English.
The web page is dynamically converted into the target language on
the fly. On the fly means no intermediate storage of web pages in any
alternative language. So there is no question of redundancy of
memory and as the web pages are getting dynamically converted in
to the target language it is much faster than normal translation. This
is the basic theme of the localization.
II. SYSTEM DESIGN
The system being developed is basically a module/middleware which
can be used in client server model. Client will give a request to server
in his native language and server will listen to it in its default
language, English. When server gives response to the client request,
it gives it in English only, but the middleware will transliterate that
response to client’s native language on the fly. For the transliteration,
static or converted data is not getting stored anywhere hence
effective memory utilization is achieved.
Following Linguistic Usability Heuristics were identified and applied
during the evaluation of Customizable Localization support using
Transliteration Approach. The heuristics will be useful for qualitative
evaluation of any other languages in the application and also serve as
design guidelines [19]
• Representation of languages in its original form
• Uniform representation of language
• Avoid influence of any other language
• Maximum three characters for representation of single
character
• Least typing effort, User Navigation support
• Avoid uncontrolled mixture of alphabets
• Good readability of text
Fig. 1 Flow graph for on the fly conversion
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 152

Proceedings of ICCNS 08 , 27-28 September 2008
effort. The translation memory stores matching source and target
language segments that were translated by translator in a database for
future reuse. As the translation effort progresses, the translation
memory grows. Newly encountered segments are compared to the
database content, and the resulting output (exact, fuzzy or no match)
is reviewed and completed by the translator [15].
Once the data in Translation Memory is loaded then different
functions can be applied on it such as:
• Multilingual search capabilities.
• Multiple TM databases.
• Search of both the source and target languages of translations.
• Display of ranked list of relevant example texts.
• Display of “snapshots'' of ranked examples for easy skimming.
• Fuzzy matching of search and text terms to capture cognates and
morphological variants.
• Fuzzy highlighting of found terms, including cognates in the
parallel text.
There are many advantages in using TMs:
• The translation can go much faster, avoid unnecessary re-typing
of existing translations, or having to change only parts of text.
• TMs also allow a better control of the quality by offering
translation candidates that have been already approved,
with the correct terminology.
Fig. 2 Flow graph for on the fly conversion (Function1)
2. Conversion Process
The Conversion process can now be reformulated with more
detail as follows:
Skeleton
of
Document
4
Converted
Document
Original
Document
1
3
Conversion
5
Dynamic
Part of
Document
2
Translation
Memory
Database
Fig. 3 Flow graph for on the fly conversion (Function2)
III. SYSTEM IMPLEMENTATION
Middleware is a key part of the Customizable Localization support
using Transliteration Approach procedure. Middleware support
online Translation Memory. Translation memory acts as a database
memory which goes on increasing. Translation Memory is a solution
that increases efficiency by reusing previously translated words,
phrases and sentences.
1. Translation Memory
Translation Memory is designed to enhance the human translation
Fig. 4 Conversion Process
Text extraction: Separation of translatable text from layout data.
Pre-translation: Addition of existing translation to the new file
generated in the previous step.
Conversion: Performed by a Conversion logic.
Reverse conversion: Generation of a translated document from the
translated file.
Translation memory improvement: Storage of new translations in
a translation memory (TM) database for later reuse
Conversion:
Once it has been decided that translation is required then the core
step Conversion comes into picture. Translation unit is a string, so
one can easily find out its length. Once length of string is known that
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 153

Proceedings of ICCNS 08 , 27-28 September 2008
will become the terminating condition to run a loop. Every character
in the string is getting converted into its equivalent Devanagari
Unicode, So that it can be displayed into Marathi. For every
character one has to check whether it is a vowel, like ‘a’, ‘e’, ‘i’, ‘o’,
‘u’ or consonant. If a character is a consonant it means one has to
display that character as a whole. But immediately we can not
display that character because based on next character we have to
decide whether we have to add any other character to it or we have to
display it as whole character.
There are mainly two categories, one the full characters having only
vowels attachment and another category is characters which need to
be displayed as half characters. Let’s consider first category. For
example if first character is ‘s’ one cannot display ‘ स ‘ but if next
character is ‘e’ then we have to display ‘ से ‘ but if next character is
‘u’ then we have to display ‘ सु ‘.
Therefore to display a character one has to wait for minimum two
characters to come. Similarly if first character is ‘s’ and next
character is ‘h’ then one has to wait for third character also, because
single ‘s’ means ‘ स ‘ and single ‘h’ means ‘ह ‘ but when ‘sh’ is there
then the character becomes ‘ श ‘ and to this ‘ श ‘ now we can add ‘
◌ा ‘, ‘ ◌े ‘, ‘ि◌ ‘ , ‘ ◌ी ’, ‘ ◌ु ‘ , ‘◌ो ‘ , etc.
Now let’s consider second category having half characters. To
display half character one has to make use of ‘Halant’ whose
Unicode is ‘\u094d’. This Unicode character is used for conjuncts
only. Any character followed by this character is considered as half
character. The complexity of characters can go on increasing like
this. It may happen that a vowel may be used as a single character i.e.
‘a’ will be for ‘अ’ so one has to take care of such characters also.
One has to differentiate the characters which are following by ‘h’
character and treat them separately.
Unicode Standards are used for conversion. For Devanagari the
Unicode’s are ranging from \u0900 to \u097F, i.e. 128 characters are
supported. ITRANS is getting utilized at the time of conversion
process. ITRANS is nothing but Indian languages TRANSliteration
which is an ASCII transliteration scheme for Indic scripts [11].
ITRANS transliteration scheme which is used here is as follows:
Fig. 5 ITRANS Scheme
When the translated data is finally ready, it must be merged with the
skeleton file to produce a translated document in the desired output
format. Now the skeleton is read and the translated document is
combined with it to produce a final document. Here we have a
skeleton as static part of the different forms. After all dynamic parts
have been replaced with the corresponding text from the conversion
step; the skeleton becomes a translated document and should be
saved under a new name.
Finally we have to extract and pairs from the
approved elements of the converted file. Store these
pairs in the TM database for later reuse. These pairs are usually
stored in a special XML format called Translation Memory
eXchange (TMX), which all important translation tools support. But
here a pair of English and equivalent Marathi word is getting stored
in normal MS Access Database.
IV. TESTING
For this project work following feature set were been tested.
• Displaying of different forms in Marathi
• Reading from and updating to Database
• Check against different error functions such as password check,
date check, no. of days check, empty field check, etc.
• Conversion of English to Marathi String ( input from Keyboard,
read from Database)
• Testing administrator login for different options like change in
post, change in name, change is department, etc.
V. CONCLUSION
The English speakers are no longer the only one making use of the
internet. The growth of its usages in other languages has posed new
challenges and demanded new solutions to offering content in other
languages. The process involves not only translation but cultural
adaptation and a series of technical hurdles that have to be overcome.
Customizable Localization support achieves dynamism, platform
Independence as implemented with Java, multilingualism as it
supports multiple languages and can be extended to support number
of languages which are based on Devanagari. Hence this work is
committed to deliver state-of-art capabilities for global market place.
VI. REFERENCES
[1]. Cornell and Horstmann., Core Java2, Vol. II., Advance
Features of Sun Microsystems., Pearson Education.
[2]. Steven Holzner., Java2, Swings, Servlets, JDBC and Java
Beans Black Book, DreamTech Press.
[3]. Andrew Deitsch and Mike Loukides, Java <strong>International</strong>ization.,
O’Reilly 2001.
[4]. John Yunker, Beyond Borders : Web Globalization Strategies
by, New Riders Publishing., 2003.
[5]. Bert Esselink, A Practical Guide to Localization. John
Publishing Company, 2000.
[6]. “Percentage of non English speaking”, www.boston.com.
[7]. “Internet Language Use Statistics”,www.translate-tosuccess.com/internet-language-use.html.
[8]. “Census Data Summary”, www.censusindia.gov.in
[9]. “CDAC LISM, MANTRA, Gist”, www.cdac.in
[10]. “Unicode consortium Standard”, www.unicode.org
[11]. “Unicode for Indian languages”,
http://acharya.iitm.ac.in/multi_sys/unicode/intro.php
[12]. “Unicode enabling in Microsoft applications”,
http://www.i18nguy.com/unicode/c-unicode.html
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 154

Proceedings of ICCNS 08 , 27-28 September 2008
[13]. “cultural differences, internationalization, localization,
globalization, translation”, http://www.i18nguy.com/index.html
[14]. “Unicode in Java”, www.jorendorff.com/articles/
[15]. “Java localization with TMX standard”,
http://www.evolt.org/Java-Localization-with-TMX-standard
[16]. “Creating, managing and maintaining a global website”,
www.sdtlintl.com
[17]. “Localization concept”, http://www.localization.ie
[18].Prof. Dhore, M (2006), Automating HTML Localisation
Process: An Implementation Using Java <strong>International</strong>isation
Approach.
[19].Katre D. S. (2006), 'A Position Paper On Cross-cultural
Usability Issues of Bilingual (Hindi & English) Mobile Phones',
http://hceye.org
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 155

Proceedings of ICCNS 08 , 27-28 September 2008
Adaptive and Aggregation Aware Scheduling
Algorithm for Event Detection Application
First A. Sivagami , Second K. Pavai, Third D. Sridharan, and Fourth S.A.V. Satya Murty
Abstract—Energy is most important but scare resource in
Wireless Sensor Networks (WSNs). We consider a problem of data
aggregation in WSN for event detection application. For such an
application, minimizing the end-to-end delay of the data and
maximizing the lifetime of the network are the prime requirements in
the design of WSN. Most of the data aggregation schemes aim at
reducing the energy consumption but giving less importance to the
latency. While aggregating the packets, the latency increases with the
increase in number of child nodes. Hence, when data aggregation is
done in an event detection application, the time will be considered as
prime factor. A new MAC layer protocol, Adaptive and Aggregation
Aware MAC (AA-MAC) is proposed to increase the lifetime of the
network while reducing the end-to-end delay. The lifetime of the
network is increased by routing the packet based on the residual
energy of a node and by reducing the number of transmission. The
end-to-end delay is reduced by changing the duty cycle of a node
adaptively based on the traffic. Hence, this protocol balances between
the energy and the delay.
Keywords—Data Aggregation, Medium Access Control (MAC),
Wireless Sensor Networks (WSN)
I. INTRODUCTION
A Wireless Sensor Network consists of one or multiple data
sinks and many low cost sensor nodes. These sensor nodes are
capable of sensing, processing and transmitting the sensed data
to the sink, but they have limited resources like low processing
speed, less storage capacity and limited power. Since, these
nodes are operated by batteries, energy is a precious source.
Hence it should be used in most economical way to increase
the life time of the node and hence the life time of the network.
[1]
The energy is drained by microprocessor and its associated
circuitry, by sensor circuits and by the transceiver circuits.
The main cause for energy drain in WSN is due to
communication. Energy is used for transmission, reception,
collision and retransmission. To reduce collision, the MAC
Manuscript received May 14, 2008.
F. A. Sivagami, Research Scholar, CEG Campus, Anna University,
Chennai - 25 (phone: 9443881215; email: siva_psg69@yahoo.co.in).
S. K. Pavai, Research Scholar, CEG Campus, Anna University, Chennai –
25 (e-mail: pavai_me@yahoo.com)
T. D. Sridharan, Assistant Professor, CEG Campus, Anna University,
Chennai -25 (e-mail: sridhar@annauniv.edu)
F. S. A. V. Satya Murty, Head, Computer Division, Indira Gandhi Centre
for Atomic Research, Kalpakkam – 602 102 (e-mail : satya@igcar.gov.in)
layer protocol Carrier Sense Multiple Access/ Collision
Avoidance (CSMA/CA) with RTS/CTS is used. If the number
of transmissions is reduced, then the energy can be preserved.
To reduce the number of transmissions and save the energy
cost, an efficient data aggregation scheme can be employed.
The aggregation may be either lossy or lossless. In lossless
aggregation, the data from all the sources are put together and
transmitted as a single packet. This will reduces the packet
overhead and number of transmissions. In lossy aggregation,
the simple aggregation functions like MAX, MIN,
AVERAGE, and SD can be used. For example, if n packets are
aggregated, the number of transmissions by a node is reduced
from n to 1. We have used simple lossless data aggregation
scheme.
There are many applications where the data should be
delivered to the sink within a specified time frame. The data
will be transmitted using multi hop communication. The data
collected by the nodes which are far away from the sink will
experience maximum delay. The causes for delay are
processing delay, channel contention delay, sleep delay,
queuing delay and data transmission delay. Compared to
communication delay, the processing and transmission delay
are ignored. Queuing delay can be avoided by doing
aggregation at the intermediate node. In order to reduce the
end to end delay, the channel contention delay and sleep delay
should be reduced. This proposed MAC protocol aims at
reducing these two delays and hence improves the latency.
Thus we propose a new adaptive, aggregation aware MAC
protocol (AA - MAC) that guarantees the network lifetime by
making all the nodes deplete their energy uniformly. To
guarantee the network life time, a cross layer approach is used.
No explicit routing protocol is used in this application.. The
routing is performed based on the residual energy in the node.
The residual energy is piggybacked with RTS/CTS packets.
This information is passed to the routing layer from the MAC
layer and the neighbor table is updated.
This work aims at the following issues.
• Adaptive Duty Cycle: Duty cycle of the node varies
according to the traffic load of the network. The
nodes, listen the channel for the particular duration.
If any packet is intended for it, the node will
continue to be in awakening state to receive the
packet. The parent node receives packets from its
child nodes and aggregates the packet.
• Improving the Network Lifetime: Routing is based
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 156

Proceedings of ICCNS 08 , 27-28 September 2008
on the node’s individual energy. Hence load
balancing is achieved among the forwarding nodes.
The overall energy consumption by all the nodes is
uniform. This avoids the hole formation and hence
the partitioning of the network.
• Latency Reduction: The aggregated packet will
experience less delay due to adaptive duty cycling
of the MAC layer and the packets are routed to the
parent node which is closer to the sink and having
more energy as well.
The rest of the paper is organized as follows. Section 2
gives the survey of existing MAC protocols Section 3 gives the
protocol overview of AA – MAC and section 4 gives the
performance evaluation of the proposed protocol. Finally
Section 5 gives the conclusion and future work.
II. RELATED WORK
The main energy waste at the MAC layer are idle listening,
overhearing, control overhead and collision & retransmissions.
To mitigate the energy consumption by idle listening, many of
the currently proposed protocols adapt periodic listen/sleep
scheduling. All the nodes wake up at the same period and
listen the channel. If a node wants to communicate, it contends
for the channel. It sends the RTS to the receiver if it succeeds
in getting the channel. The receiver node sends the CTS and
continue to be in the awaken state to receive the data. Even
though this periodic listen/sleep schedule reduces the energy
consumption, it increases the end to end delay [2]. The
tradeoff between the energy and the latency will depend on the
duty cycle. The existing MAC protocols are categorized into
two: 1. protocols for maximizing the energy efficiency and 2.
Protocols for minimizing the latency.
Ye et al. in 2002[3] proposed the MAC protocol called
Sensor MAC(S –MAC) which is focusing on energy
efficiency. The ideal listening is reduced by adapting periodic
listen/sleep cycle. All nodes are free to choose their schedule
and broadcast it to its neighbor through SYNC packet. Nodes
that have not adapted their own schedule will follow one of the
schedule it has received from its neighbor and form a virtual
cluster. The nodes will listen the channel when they wakeup
and if it receives any RTS from its neighbor, it remains awake.
Collision and overhearing problems are alleviated by
RTS/CTS and NAV mechanism similar to IEEE 802.11.
Due to periodic sleep, the downstream nodes may not know
the ongoing communication. Hence the upstream nodes have
to defer their data forwarding until the next node’s listen
period. This delay increases as number of hops. This is called
sleep forwarding delay and S- MAC suffers from this delay.
Fig. 1 S – MAC Schedule
In the fig. 1, [5] Node A is the source node and B, C, and D
are the forwarding nodes. The node B receives packet from A
but it can’t forward this packet until C wakes up. This causes
sleep delay.
To reduce this delay, an Adaptive S –MAC [4] was
proposed by W. Ye, et al in which they can reduce this delay
slightly. In this scheme, a RTS/CTS communication between
A & B is overheard by C and sets it NAV timer. The node
wakes up after the timer expires even during the sleep
duration. From the Fig. 2 [5], it is clear that the sleep delay is
reduced compared to S – MAC.
Fig. 2 A – MAC Schedule
This reduces the sleep delay in alternate hops, but cannot
address multi-hop latency problem.
In order to reduce the latency in multiple hops, Changsu Suh
et al proposed Traffic Aware Early Wakeup (T - Wakeup)
scheme [5]. In Fig. 3, during the listen period the nodes A & B
exchange RTS/CTS packets. The nodes within the CS range of
A & B can hear this communication and aware of on going
communication. Nodes C, D, and E are in the CS range and set
their NAV timers. The nodes wake up after the timer expires
and forward the packet continuously. The cross layer approach
is used to wakeup only the forwarding nodes in the CS range.
Routing information is exchanged in RTS/CTS packets, hence
the nodes which are in the routing path will wake up and
forward the packet. Remaining nodes in the CS range will not
wake up during their sleep schedule.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 157

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 3 Traffic Aware MAC
The author claims that the latency is reduced very much
compared to S – MAC where it takes 4 duty cycles to forward
the data from A to E whereas Traffic Aware –MAC takes only
1 duty cycle. Even though this scheme reduces the latency but
it does not provide any significant energy efficiency over S –
MAC.
To reduce the end to end delay and to guarantee the network
lifetime, Youngsub et al proposed A-MAC approach [6]. In
this algorithm, the nodes dynamically change their duty cycles
depending on the remaining energy and the remaining time
until the required network lifetime expires. The nodes with less
energy will sleep more to balance the energy consumption.
The nodes will broadcast their schedule using SYNC packets
and all the nodes keep track their neighbor’s sleep schedule.
The nodes do not have packets to send will wake up only
during their listen interval. If a node is having packets to send
will wake up at their neighbor’s listen period.
III. ADAPTIVE DATA AGGREATION AWARE MAC PROTOCOL
(AA-MAC)
The primary focus of this protocol is to reduce the end to
end delay and increasing the life time of the network while
aggregating the data. The data aggregation scheme is used to
reduce the number of transmission. In Tiny Aggregation Tree
(TAG) protocol [7], the packets coming from various child
nodes are aggregated by the parent node and it is forwarded to
the next down stream node. The parent node has to wait until
all of its child nodes transmit their data. Suppose a node is
having n child nodes, then the minimum waiting time of the
parent node to forward the packet is n * t MAC , where t MAC is
one sleep and listen period. Because, the nodes will go to sleep
mode after a transmission starts between any two nodes in
their vicinity. Hence the delay in one hop depends on how
many child nodes (degree of the node) are there in a parent.
This delay will increase if any node is not getting its chance to
transmit. The packets are forwarded to the sink by multihop.
Hence the total delay experienced by a packet is equal to
cumulative delay of this single hop delay. The total delay = H
* single hop delay where H is the maximum level of the tree.
Therefore the total delay depends on the number of hops and
degree of the nodes [8]
In order to reduce the delay, a MAC layer listen/sleep
schedule is modified. All nodes wake up during its listen
interval and contend for the channel. If any node gets its
chance to transmit, the neighbor nodes will hear the RTS/CTS
communication and seize their back off timer. If any of the
neighbor nodes wants to communicate with same parent node,
it will do the carrier sensing continuously instead of going to
sleep. Once the communication is over, the nodes which are
having packets for the same parent will start their timer and
contend. Mean time, the parent node will not go for sleep state.
Instead it waits for the contention window period. If no RTS
from any of its child nodes it goes to sleep, otherwise it will
stay awake to receive the data from its child nodes. In order to
fix a bound for the delay, the number of packets to be
aggregated is fixed to D. The duty cycle of the nodes, which
are close to the sink are increased in order to decrease the
forwarding delay.
Self-Organization: When a node is switched on, it listens to
the channel for any transmission. The sink node transmits the
HELLO message to all the nodes. It contains the Source Node
ID, its location, level, Residual energy and the next hop
downstream neighbor. The level is the hop number, i.e. how
many hops it is away from the sink. Hence the level for the
sink is 0 and the neighbors of the sink are level 1 and so on.
The node receives the HELLO packet will check the source id,
it tells the origination of the HELLO packet and writes into its
neighbor table. The other entries in the neighbor table are
Level, residual energy and the location of the source id. The
node with maximum residual energy is selected as the parent
node. The HELLO packet will be retransmitted after updating
the next hop neighbor and the level field, which is incremented
by one. Fig. 4 explains this procedure.
After this initial phase, all the nodes are having the neighbor
table which holds the information about its downstream
neighbors. The routing of the packets will be based on this
table. This table will be updated periodically by broadcasting
HELLO messages.
The SYNC information is also transmitted by the sink in
HELLO message, there by all the child nodes synchronize
their clock with the sink node.
SINK LEVEL 0
Fig. 4 Network organization
LEVEL 1
LEVEL 2
Network Operation: The nodes will from a virtual tree. The
packets are routed through this virtual tree. This can be
changed dynamically at the time of Hello messages. Routing is
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 158

Proceedings of ICCNS 08 , 27-28 September 2008
based on the residual energy available in the node. While
exchanging the RTS/CTS packets, the nodes will include their
residual energy. The nodes hear this RTS/CTS will update
their neighbor table entries. The routing is based on the energy
available and the distance between the forwarding node and
the sink. From the neighbor list, the routing algorithm of the
source node calculates the distance of each of the forwarding
node and the sink node. Then it routes the packets to the
forwarding node which is closer to the sink is selected as the
relay node [9].
For example, suppose a source node wants to communicate
with sink, it looks for the neighbor list. From the list, it
chooses the node with more energy as a forwarding node. If
any two nodes (A & B in the figure 5) are having equal energy,
then it will calculate the distance of the forwarding nodes A &
B from the sink. The node which is closer to the sink is
chosen to be the next hop neighbor. Here Node B will be
selected as the forwarding candidate.
Adaptive
Wake up
First
Packets for
packet
aggregation
Listen
Extended
period
Listen period
Fig. 6 Adaptive Sleep/Wake up schedule
Level 1
Level 2
Level 3
SOURCE
A
B
SINK
Fig. 5 Routing based on distance
MAC for Data Aggregation: The nodes are grouped into
different levels based on their hop count from the sink. All the
nodes wake up at the same interval of time, but their duty cycle
changes with the traffic load. The nodes at all the levels except
the leaf nodes, wakes up at the centre of its sleep duration if
there are any packets to forward. From the fig. 6, the nodes at
the level 3 are the leaf nodes. If any event is detected, the data
will be sent to the level 2. If more nodes want to communicate,
those nodes will compete for the channel. If any node
succeeds, they exchange RTS/CTS and this will be overheard
by the nodes in the level 1. The CTS packet also carries the
next hop information, hence the next hop neighbor in the level
1 will wake up at he middle of the sleep interval and receives
the packet. Otherwise, it will not get up in between and thus
saves energy.
Thus the adaptive wake up executed by the nodes at the
same level decreases the aggregation delay and the adaptive
wake up at different levels decreases the forwarding delay. The
system will report about the event with less delay and uses less
energy. This ensures the fairness among the competing nodes.
The number of packets to be aggregated is fixed in order to
avoid delay in the MAC layer.
Fig. 6 shows the adaptive sleep/wakeup schedule for the
proposed AA-MAC. The next level nodes will wake up in
between if there is any CTS heard during the listen period.
Otherwise, it won’t wakeup in the middle. For example, the
nodes in the level 1 hear the RTS/CTS communication
between the nodes in level 2 & 3. Hence they wake up in the
middle of the sleep period and receive the packet. This reduces
the latency in forwarding the packets to the sink.
The fig. 7 explains the two level communications between
the parent & child at any level. The node 1 in the level 1
communicates with its parent during its listen period. This will
be heard by nodes 2 & 3 and they are having packets to
transmit. They set their NAV timer and goes to sleep mode.
When the timer expires, all the competing nodes again contend
for the channel. For this duration the parent node will remain
in awaken state.
RTS
CTS
4 1 2
3
5
6
2 & 3 do carrier
sensing
Level 2
Level 3
Fig. 7 Two level communication between parent and child
IV. PERFORMANCE EVALUATION
We implemented this algorithm in ns –2 Network simulator
[10], [11]. The network size is 10 X 10 arranged in grid
topology with the inter node spacing of 45m. The sink is fixed
at the center of the grid. The RX threshold is said to be 55m
and the CS threshold is said to be 110m. We use the battery
model and receiver threshold as given for IRIS mote [12]. The
size of the data packet is 100 bytes and the duty cycle is said to
be 10% as used in LE –MAC. The total simulation time is
400s. The number of packets to be aggregated is fixed as 4
packets. The traffic is generated at the node at extreme left
corner and is transmitted to the sink. The event is assumed to
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 159

Proceedings of ICCNS 08 , 27-28 September 2008
be take place at the bottom left corner. Hence the nodes near to
this region will have the data for transmission. The nodes 70 -
73, 80 – 83 and 90 – 93 will generate the traffic at 50s. The
node 45 will act as a sink.
The end-to-end delay is calculated by finding the average
delay of all the packets received during the simulation interval.
The energy consumption is calculated as the total energy
consumption in all the nodes to transmit the packets for the
duration of the simulation. This analysis is performed for
various sizes of networks.
The performance of the algorithm will be compared with S
–MAC and TAG. The end-to-end delay increases with increase
in number of nodes and it decreases with increase in duty
cycle. The duty cycle is defined as the ratio of listen period to
listen + sleep period. The AA- MAC will be compared with S-
MAC for the delay and energy analysis against the network
size. The aggregation capabilities of this algorithm will be
compared with TAG.
V. CONCLUSION
Since this algorithm uses no fixed infrastructure like Tree in
TAG, it doesn’t require any tree formation algorithm. So, it
doesn’t require any memory space for storing the algorithm
and it doesn’t waste the CPU energy. The energy saving is
achieved by routing through more energy nodes and doing data
aggregation. The delay is reduced by adaptive listening. Hence
lifetime will be increased compared to S-MAC & TAG and the
delay will be reduced compared to TAG. This algorithm will
balance between the energy efficiency and the delay incurred
by the data aggregation. This algorithm will also be tested in
Crossbow’s IRIS motes.
REFERENCES
[1] D. Culler, D. Estrin, and M. Srivastava, “ Overview of sensor
Networks”, Computer, Vol. 37, No. 8, pp. 41-49,2004
[2] Yang Yu, Bhaskar Krishnamachari and Viktor K. Prasanna, "Energy-
Latency Tradeoffs for Data Gathering in Wireless Sensor Networks,"
IEEE Infocom, Hong Kong, March 2004
[3] W. YE, J. Heidemann, D. Estrin, “An energy efficient MAC protocol for
wireless sensor networks”, IEEE INFOCOM ’02, June 2002.
[4] J W. YE, J. Heidemann, D. Estrin ,”Medium Access Control with
Coordinated Adaptive Sleeping for Wireless Sensor Networks”, IEEE
Trans. On Networking , Vol. 12 No. 3 493-506, 2004
[5] Changsu Suh, Deepesh Man Shrestha, and Young-Bae Ko, “an Energy-
Efficient MAC Protocol for Delay-Sensitive Wireless Sensor Networks”,
EUC Workshops 2006, LNCS 4097, pp 445- 454, 2006
[6] Yongsub Nam, Taekyoung Kwon, Hojin Lee, Hakyung Jung, Yangghee
Choi, “ Guaranteing the network lifetime in wireless sensor networks: A
MAC layer approach”, ScienceDirect, Computer Communication 30,
2007
[7] Samuel Madden, Michael J. Franklin and Joseph Hellerstein, Wei Hong,
“TAG: a Tiny AGgregation Service for Ad-Hoc Sensor Networks“,
[8] H.Cheng, Q.Liu, and X.Jia, “Heuristic algorithms for real-time data
aggregation in wireless sensor networks” in ACM IWCCC 2006,
Vancouver, British Columbia, Canada, Jul 2006
[9] B. Karp, H.T. Kung,, ”GPSR: greedy perimeter stateless routing for
wireless networks“, in Proceedings of the 6 th <strong>International</strong> <strong>Conference</strong>
on Mobile Computing and Networking (MobiCom 2000), Boston, MA,
USA, August 2000, pp. 243 - 254
[10] http://www.isi.edj/nsnam/ns/ - Ns home page
[11] http://www.isi.edu/nsnam/ns/ns-man.html - ns manual page
[12] www.xbow.com/iris --- crossbow iris data sheet
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 160

Proceedings of ICCNS 08 , 27-28 September 2008
An Efficient Eager Dynamic Primary Copy
Algorithm for Replicated UDDI Registry
Pradhan Bagur Umesh, Bharath Kumar A. R., and Ananthanarayana V. S.
Abstract— UDDI (Universal Description, Discovery, and
Integration) provides a method for publishing and finding service
descriptions, and therefore is a crucial entry point for Web Services.
High throughput, availability and data integrity are the basic
requirements of UDDI. In this paper we propose an eager dynamic
primary copy algorithm for replicated databases which satisfies the
above requirements in an efficient manner. Due to high access rates
of UDDI registry reduction of number of messages exchanged during
updating is a crucial factor for increasing throughput in a distributed
database system like UDDI registry. Our algorithm preserves the
advantages of dynamic primary copy method. It handles the
conflicting requests efficiently by arranging the nodes into groups
and restricts all the interactions to within these groups which reduces
the number of messages significantly.
U
Keywords— Dynamic Primary copy, eager replication, UDDI.
I. INTRODUCTION
DDI (Universal Description, Discovery, and Integration)
specifications define a registry service for Web services
and for other electronic and non-electronic services which
helps to provide simplified mechanisms for B2B and B2C
interactions. Each Service Provider registers the services in
the registry of Service Broker and the Service Requester
queries the registry to find the required Web Service. UDDI
would be a crucial entry point for web services and it needs to
provide high throughput, low response time, high availability,
and access to accurate data. Many applications demand
replicated databases and involve large number of transactions.
Thus we can expect to have numerous conflicting requests for
access of data everyday. This can be done by data replication
and handling conflicting requests is a necessity.
A primary copy of a data in replicated databases refers to
the data item to which any update request has to be directed.
In dynamic primary copy method [1], [2], the notion of
primary copy is dynamic in nature where the update is done at
the same site where the request is submitted.
Pradhan Bagur Umesh is with the National Institute of Technology
Karnataka, Surathkal (NITK, Surathkal), Srinivasanagar Post, Mangalore -
575025 ,India( mobile: 91-9886857647, e-mail: pradhan@ieee.org)
Bharath Kumar A. R. is with the National Institute of Technology
Karnataka, Surathkal (NITK, Surathkal), Srinivasanagar Post, Mangalore -
575025, India (e-mail: a.r.bharathkumar@gmail.com).
Ananthanarayana V. S is with the National Institute of Technology
Karnataka, Surathkal (NITK, Surathkal), Srinivasanagar Post, Mangalore -
575025, India (e-mail: anvs@nitk.ac.in).
Replication strategies can be broadly categorized as lazy
replication and eager replication [3], [4], [5], [6]. In lazy
replication, the propagation of the updates is done by
independent transactions after the original transaction
commits. This method provides low response time, but at a
given point of time data at all remote sites may not always
correspond to one of the latest update. Whereas, in eager
replication, the coordination between the replicas ensure that
the response received by user corresponds to one of the latest
update. In dynamic primary copy method [1], the method used
is a blend of lazy and eager replication where as Lazy
Dynamic Primary Copy Method (LDPC) [2] uses lazy
strategy. In this paper, we discuss an Eager Dynamic Primary
Copy Method (EDPC).
In Dynamic primary copy method[1], [2], as the number of
concurrent and conflicting update requests increases, the
number of messages exchanged is lesser than Eager
Middleware Replication method[3] i.e. the number of
messages exchanged decreases with increase in the number of
conflicting update messages. Our method for dynamic primary
copy provides a solution where the number of messages
exchanged is independent of number of conflicting requests.
Our algorithm makes sure that deadlocks don’t occur while
handling conflicting requests.
The rest of the paper is organized as follows: In next
section, we give a brief description of UDDI Registry API. In
section 3, we describe the previous work done in this area. In
section 4, we describe our algorithm. Later in section 5, we
give a brief description about handling of confliction requests.
In section 6, we give the analysis of the algorithm and in
section 7 we compare our algorithm with Eager Middleware
replication and Dynamic Primary copy mechanism with
Piggy-Backing (both DPCP M and DPCP P ) and finally we
conclude in section 8.
II. DESCRIPTION OF UDDI REGISTRY API
UDDI Registry consists of four core data structure types [11]:
business information, service information, binding
information, and information describing the specifications for
services. The relationship between these data structures is
illustrated in Fig. 1[13].
Business information: It is contained in a businessEntity
structure. The businessEntity models business information of
organization that provides web services
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 161

Proceedings of ICCNS 08 , 27-28 September 2008
Service information: It is contained in a businessService
structure. The businessService describes the family of Web
Service offered by organization.
Binding information: It is contained in a bindingTemplate
structure. The bindingTemplate describes the technical
information required to use the Web Service
Information describing the specifications for services:
Metadata about the various specifications implemented by a
given Web service represented by the tModel. The tModel
describes a technical model which describes a reusable
concept like Web Service type, a protocol used by Web
Services, or a category system.
The above data structures are uniquely identified by a key,
i.e. businessKey, serviceKey, bindingKey and tModelKey for
businessEntity, businessService, bindingTemplate and tModel
respectively.
Fig. 1 Relationship between data structures.
Each child structure has a unique parent structure i.e. each
businessService structure is owned by a specific
businessEntity. Each bindingTemplate is owned by a specific
businessService. Each bindingTemplate structure references to
unique instances of tModel structures.
An UDDI node supports the interaction with UDDI data
using one or more of the API sets, viz. UDDI Inquiry and
UDDI Publication(necessary API sets); and optional APIs
which are UDDI Security, UDDI Custody Transfer, UDDI
Subscription and UDDI Replication API sets. One or more
UDDI nodes may be combined to form a UDDI Registry.
UDDI Inquiry API and UDDI Publisher API which are
relevant to the proposed algorithm explained below:
UDDI Inquiry API: It is used to locate and obtain detail on
entries in a UDDI registry. To locate any entry API calls
involving find_business, find_service, find_binding and
find_tModel (find_xx) are used. And to obtain the details on
the UDDI entries API calls involving get_businesDetail,
get_serviceDetail, get_bindingDetail, get_tModelDetail
(get_xx) are used.
UDDI Publisher API: It is used to update (add, modify or
delete) information contained in a UDDI registry. To add or
modify the entries API calls involving save_business,
save_service, save_binding and save_tModel(save_xx) are
used. And to delete entries API calls involving
delete_business, delete_service, delete_binding and
delete_tModel (delete_xx) are used.
Relevant arguments are passed to these APIs and one of
the required arguments is the key in direct or indirect form.
III. RELATED WORK
A. Lazy Primary copy method
In this method, the propagation of the updates is done by
independent transactions after the original transaction
commits. Thus it provides low response time by providing the
response before any coordination takes place between the
different sites. Also, at a given point of time data at remote
site do not always correspond to one of the latest update.
Here, the replicas just apply the changes propagated by the
site having the primary copy and all coordination and ordering
happens only at primary site.
B. Eager Primary copy method
In this method, the transaction is committed only after the
propagation of updates is completed (after primary copy
learns that other copies i.e. secondary copies are updated).
Thus its response time is higher than that of lazy method
because the response to user has to be sent after the
transaction is committed which in turn happens only after the
propagation of updates to all the sites. Ordering of updates in
secondary copies is governed by that of primary copy (order
of applying updates at secondary copies follows the same
order of primary copy). In UDDI terms, the UDDI data is
divided in portioned based on publisher and each partition has
a primary copy. An update request R i (save_xx or delete_xx)
is submitted by client to any site and that site multicasts R i ,
timestamp and update information to all other sites. On receipt
of R i all the sites excluding primary site of data corresponding
to R i sends acknowledgement or request piggybacked with
acknowledgement (if that site has to request for the same
pages corresponding to R i ). Only primary copy performs the
task executing R i which is later propagated to other sites and
order of updating at other sites is same as that of primary site.
C. Dynamic Primary copy with Piggy-Backing (DPCP)
method
This method uses a blend of Lazy and Eager replication. The
idea of primary copy is dynamic in nature. The UDDI registry
is divided into pages and each page has one or more entities.
When a site wants to update, an update request R i (save_xx or
delete_xx) for a particular page is broadcasted. Upon receipt
of permission from all the sites, it updates the page locally
unlike primary copy method where the updating is done at the
site holding the respective primary copy. This method has
been classified into DPCP M and DPCP P (the subscripts M and
P refer to multicast and point-to-point respectively) based on
method used for prorogation of updates. In DPCP M , after
completion of local update the site broadcasts the update
where as in DPCP P ; it sends the update only to node which
would update the same page next and broadcasts the update
only if there are no update requests for same page queued up.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 162

Proceedings of ICCNS 08 , 27-28 September 2008
D. Lazy Dynamic Primary Copy (LDPC) method
This method uses Lazy strategy but the notion of primary
copy is dynamic in nature. In this method, the sites are
grouped and the communication each site is restricted to the
nodes of its group. Whenever a node wants to update some
data item, it sends a request message to all the nodes of its
group. If the node which receives the request is allowed to
vote, it votes for this node. Upon receipt of votes from all the
nodes of its group, the requester updates the data item. Then it
multicasts the updated data to all the nodes of its group. The
system model used in LDPC is similar to that we describe in
the following section.
IV. PROPOSED ALGORITHM
A. System Model
We assume that UDDI registry is divided into pages. Hence
in this paper, terms like data item, page and data are used
interchangeably. The system has ‘N’ sites (S 1 , S 2 , S 3, …, S N ).
The underlying communication channel is assumed to be error
free and reliable, and message passing between nodes to be
asynchronous. Without loss of generality, database is assumed
to be fully replicated at all the sites and that each site executes
a maximum of one database accessing process. (Hence in this
paper the terms sites, processes, and nodes will be used
interchangeably).
In this paper we group the sites of the system into different
groups called as voting districts. Voting districts are
constructed in such a way that each voting district has equal
number of sites in them (say ‘K’) and that there is at least one
node in common between any two voting districts. Node
which belongs to more than one voting district is called an
intersection node in this paper. Every node should belong to at
least one voting district.
Here one can sense some flavor of the Maekawa's
distributed mutual exclusion algorithm [8] i.e. similar to
Maekawa’s we divide the nodes into groups and four out of
five types of messages we use this algorithm are similar to
that of Maekawa's. However, the context at which our
algorithm is being applied for, is different. Maekawa's
algorithm addresses the problem of distributed mutual
exclusion which handles the issue of access to critical section,
where as our algorithm provides a method for conflict
resolution of update requests in replicated databases. Issues
like read and write on data items, which are not important in
the critical section, need to be handled which makes our
algorithm quite different from that of Maekawa’s.
We use eager strategy for updating the UDDI registry i.e.
each update request initiates updating process at each and ever
site, and only after the update being propagated to all the sites
the user be informed of successful committing of the
transaction.
Maekawa established the following relationship between 'N'
and 'K': N = K(K-1) + 1. Hence 'K' can be approximated to
√N.
B. Basic Idea
The node, which wants to update a data item of the UDDI
registry, multicasts a request message to all the nodes of its
native voting district. The nodes which receive the update
request check if they have voted for some node and are
waiting for its update. If they have no pending votes, they cast
their vote to the site which has sent the request message. Else
the request is queued up to be processed later. Upon receipt of
votes from all the nodes of its voting district, the requester
updates the data item. It then broadcasts the updated data to all
the nodes in the system. On receipt of the update, nodes
update their local copies of data. If the update is received from
the node to which it has currently voted then the node again
allowed to vote now. The node, which thus gets back its
voting right, checks if there is any request waiting in the
queue. The request with the least timestamp is chosen and the
vote is sent.
Here, deadlocks are handled because of total ordering
achieved by timestamps. Special messages are used to retrieve
the vote, if voted to a request with higher timestamp, thus
avoiding possible deadlock situations.
Whenever a node wants to read a data item, the read request
is satisfied by its local copy of the data item, as it contains
latest copy of the data item which has been requested for.
C. Definitions
Timestamp (TS): Timestamp at any site S i (where 1

Proceedings of ICCNS 08 , 27-28 September 2008
the corresponding UPDATE message it checks if the
timestamp of the REQUEST message to which it has currently
voted is lesser than the current REQUEST message. In case it
is true, the current request is queued. Else, it checks if it has
already sent an INQUIRY message to the node to which it has
voted. If it has not yet sent the INQUIRY message it will do
so.
On receipt of the INQUIRY message at node S k , it replies
with the RELINQUISH message if it has not yet started to
update its local copy of the UDDI Registry. RELINQUISH
message gives back the voting right to S j . S j on receipt of the
RELINQUISH message queues the request of S k in its request
queue. S j then chooses the node from its request queue which
has the least timestamp and sends its vote as a VOTE message,
to that node. VOTE message carries the timestamp of the local
copy of the data item at the sender’s site.
Upon receipt of VOTE from all the nodes of its native
voting district, S i checks the timestamp of the all the VOTE
messages. If the timestamp of the VOTE message with highest
timestamp is greater than the timestamp of the data item at S i ,
then there is at least one UPDATE message that has not
reached S i yet. So S i waits until it receives the UPDATE
message whose timestamp value is equal to the timestamp of
the VOTE message with the highest timestamp. S i then
updates its local copy of the data item and its timestamp.
It can be noted here that, if the VOTE message carries the
local copy of the data item of the sender, then S i need not wait
for the UPDATE message. It can update its local copy of the
data item using the copy carried by the VOTE message with
the highest timestamp. However this leads to increase in the
size of the VOTE message which increases the network traffic.
Now when S i has received the VOTE from all the nodes of
its native voting district and that it is sure that there are no
pending UPDATE messages, it updates its local copy of the
UDDI Registry, increments its timestamp value and
broadcasts the update to all the nodes in the system including
itself using the UPDATE message, which carries the
incremented timestamp of S i along with a copy of the updated
page.
UPDATE message carries the updated data page along with
the timestamp. Then the recipient node checks for the
timestamp of the update. If its timestamp is lesser than or
equal to the timestamp of its own data then the updates are
neglected as it already has the latest update. Else it updates its
local copy of the data. This message restores the voting right
of its recipient node if the recipient node has currently voted
for the node from which it received the message. The node
whose voting ability has been restored, checks its request
queue. If it is not empty, it picks the request with the least
timestamp, and sends the VOTE message to that node.
All read (Query) requests on the data item are satisfied by
querying the local copy of the data item at the site where the
request generated.
This algorithm preserves the advantages of [1], [2] like
parallelism in operation and distribution of load, which is
achieved by lesser number of messages. Since the updates are
broadcasted by the updating node itself, information about
global situation is available at all the nodes. Since all the
updates are broadcasted before declaration of successful
committing, all the nodes have updated data and timestamp
value. Updated data available at all sites avoids the need for
messages for the read query on the database. Updated
timestamp values help in total ordering of the requests
avoiding deadlocks.
Though this algorithm is explained in the context of UDDI
Registry, it can be used as a generic conflicting update
requests handling algorithm in any distributed database
scenario.
F. Description of Handling of an update request
Fig. 2 an illustration of handling update request
Consider a scenario with three nodes and two voting districts.
In Fig. 2, each circle represents a voting district. Let R 1 and R 2
be the REQUEST messages generated by nodes S 1 and S 2
respectively such that TS(R 1 ) < TS(R 2 ). But R 2 has reached
intersection node S 3 earlier (Fig. 1a) and node S 3 sends the
VOTE to node S 2 (Fig. 1b). After S 3 receives R 1 , it finds that
TS(R 1 ) < TS(R 2 ) and sends INQUIRY message to S 2 (Fig. 1c).
Here, to illustrate the algorithm we assume that S 2 has not
started updating its local UDDI registry. So, S 2 sends
RELINQUISH message upon receipt of INQUIRY message
(Fig. 1d). S 3 upon receipt of RELINQUISH message form S 2
sends its VOTE to S 1 ( Fig. 1e) and queues the REQUEST of
S 2 . S 1 , after updating, broadcasts the UPDATE message (Fig.
1f) and henceS 3 gets back its voting right, after which it sends
VOTE to S 2 whose REQUEST was earlier queued(Fig. 1g).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 164

Proceedings of ICCNS 08 , 27-28 September 2008
G. Description of the messages used
1. REQUEST message is the message used by the nodes to
request for updating the particular data item in the UDDI
Registry. This request message carries the current
timestamp of the requesting node (site id is also
communicated as site id is a part of the timestamp).
2. VOTE message is the message used by the nodes to convey
that the no node is updating the data in the UDDI
Registry. VOTE message from an intersection node also
implies that no node in its adjoining voting district is
updating the data in the UDDI Registry. Hence there is no
objection from the node (which sent the VOTE) against
the requester to update it. The time stamp of the
REQUEST message which lead to the generation of
VOTE message is sent along with it. The VOTE message
also carries the timestamp of the local copy of the data
item at the sender’s site. Optionally the message may also
carry a copy of the local copy of the data item at the
sender’s site as described in section 4E.
3. INQUIRY message is sent to inquire if the recipient of the
VOTE is ready to forgo his VOTE, or he has already
started updating based on the VOTE which he received.
This message carries the timestamp of the request for
which the VOTE was sent, for identification of the correct
corresponding REQUEST and VOTE messages.
4. RELINQUISH message indicates that the sender node has
given up the VOTE it received from the receiver node and
hence the receiver is free to vote some other node with a
lesser timestamp. Even this message carries timestamp of
the corresponding REQUEST message, for correct
matching with the INQUIRY message.
INQUIRY and RELINQUISH messages are used to
ensure that there is no deadlock situation in the system.
The system uses total order to ensure order among
request messages, and hence avoids hold and wait
requirement for deadlocks.
5. UPDATE message carries the latest update information on
the page of the registry, along with the update timestamp.
This message gives back the voting right to the receiver
of the message if the message is received from the site to
which recipient site has voted.
V. IDENTIFICATION OF CONFLICTING REQUESTS
In our algorithm, in order to handle the conflicts, we assume
that the registry is divided into pages and each page has one or
more entities. Lowest granularity of a page is a core
component of an entity [10] which could be core component
of a businessKey, serviceKey, bindingKey or a tModelKey.
Pageset of a request is the set of pages corresponding to
pages of the entity specified in the request, its contained
entities and other new contained entities(e), if any specified
in the request with e’s immediate parent [1].
Two requests R i and R j are conflicting if, they have at least
one of the pages in their pageset in common and at least one
of the request is publish (update) request.
Pageset is obtained for a given request by maintaining a
multi-level key structure (it is a data structure used to store the
entities and their corresponding page numbers) from which we
get page numbers pertaining to the entities defined in the
request. As the status of UDDI data changes after every
update multilevel key structure also should be refreshed to
reflect the corresponding changes. As the main aim of this
paper is to present an efficient algorithm to handle conflicting
requests in replicated database scenario such as UDDI
registry, we have excluded detailed description of
identification of conflicting requests in UDDI registry,
interested user may refer to [9] for details.
VI. ANALYSIS
For every update we require √N number of message for
REQUEST and VOTE messages each. Propagation of updates
to all the nodes in the system requires N message (UPDATE
message). Assuming that for every update there will be one
INQUIRY and RELINQUISH message from each node then
we require √N messages for each of these two types (worst
case). Thus the number of messages required by this algorithm
varies from N+2√N to N+4√N.
Read requests do not require any message exchange
between nodes as they read the local copy of the data item at
the site where the request generated.
VII. COMPARISON
In this section we compare the number of message required in
case of Eager Middleware Replication, DPCP M , DPCP P and
EDPC.
Let r be the read/write ratio, q be number of simultaneous
requests to be handled and N is the number of nodes.
Eager Middleware Replication (EMR): The number of
messages required (M EMR ) here is given by (3Nq – 3q) [1].
Here read does not need any more messages. Thus the number
of messages required for each update request (including
proportional reads) is
M
EMR
= 3( N − 1)
(1)
DPCP M : The number of messages required (M DPCPM ) in case
of DPCP M is given by (6Nq-q 2 -q)/2 [1]. Here read does not
need any more messages. Thus the number of messages
required for each update request (including proportional
reads) in the best case (when q=N) is
M
DPCPM
= 2.5N
− 0.5
(2)
DPCP P : The number of messages required (M DPCPP ) in case
of DPCP P is given by (4Nq-q 2 +3q + 2N -4)/2 [1]. Thus the
number of messages required for each update request in the
best case (when q=N) is (1.5N + 2.5). However every read
requires two messages. Thus the number of messages required
for each update request (including proportional reads) is
MDPCPP
= 1.5N + 2.5 + 2r
(3)
LDPC: The number of messages required for every update is
3√N (best case). If in the worst case every vote has been
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 165

Proceedings of ICCNS 08 , 27-28 September 2008
relinquished then the number of messages required (M LDPC )
would be 5√N (worst case) and number of messages required
per read is 2√N [2]. We use the best case of this method to
compare with the worst case of the proposed method.
MLDPC
= 3k + 2rk
(4)
EDPC: In our algorithm the number of messages required for
every update is N+2K (and K ~ √N). If in the worst case every
vote has been relinquished then the number of messages
required (M EDPC ) would be (worst case)
MEDPC
= N + 4k
(5)
From (1) (2) (3) and (5) it is clear that the proposed
algorithm requires lesser number of messages than those
respective algorithms described in section 3 for all values of N
above certain threshold which can be derived by comparing
the equations. Though LDPC performs better than EDPC in
terms of number of messages, the read latency is zero in
majority of cases as the read is locally satisfied and the node
need not take read permission form any other node unlike
LDPC where read request and update request are similarly
resolved by the other nodes.
[3] Chenliang Sun, Yi Lin, Bettina Kemme, “Comparison of UDDI Registry
Replication Strategies”, ICWS 2004, pp 218-225.
[4] Antoni Wolski, “Applying Replication to Data recharging in Mobile
Systems”, Solid Information Technology, Vol. 7, Issue 2, 2001.
[5] Y. Breitbart, R.Komondoor, R. Rastogi, S.Seshadri, “Update Protocols
for Replicated Database”s, ICDE, 1996, pp 469-476.
[6] T.A.Anderson, Y. Breibart, H.F. Korth, A. Wool, “Replication,
Consistancy and Pratcality: Are these Mutually Exclusive” ACM
SIGMOD 1998, pp 485-495.
[7] L.Lamport, “Time, Clocks and the ordering of Events in a Distributed
System”, Comunications of the ACM,1978, pp 558-565.
[8] Maekawa, M., "A sqrt(n) algorithm for mutual exclusion in
decentralized systems," AC.M Transactions on Computer Systems, vol
3, no. 2, may 1985, pp. 145-159.
[9] Ananthanarayana V.S., “Identification and Handling of Conflicting
Requests in UDDI Registry: A Formalism”, NITK research bulletin vol.
16, dec-2007, pp 15-24.
[10] H.Kreger: Web Services Conceptual Architecture (WSCA 1.0) IBM.
Aavailable: http://www-4.ibm.com/software/solutions/webervises/ pdf/
WSCA.pdf.
[11] UDDI.org, UDDI Version 3.02 Specification. Available:
http://www.uddi.org/pubs/uddi_v3.htm.
[12] IBM.com, Understanding UDDI. Available: http://www.ibm.com/
developerworks/library/ws-featuddi/.
[13] Eclipse.org, Web application development guide. Available:
http://help.eclipse.org/help32/index.jsp.
VIII. CONCLUSION
An efficient dynamic primary copy algorithm implementing
eager strategy has been presented. This algorithm is scalable
as it performs better than other primary copy methods for any
value of N above certain value. Though this algorithm has
been proposed in the context of replicated UDDI Registry, this
is a general concurrency control algorithm that can be used for
other replicated database scenarios as well. The number of
messages exchanged in our algorithm per update (or read)
operation can vary from N+2√N to N+4√N which is an
improvement over the existing Dynamic Primary Copy
method [1] and our algorithm reduces the read latency to zero
in most of the cases by using Eager replication strategy unlike
LDPC [2] where read latency is of considerable amount which
might not be desirable for some application which have high
read rates. By restricting most of the communication within
the voting districts, which otherwise was being done with all
the nodes of the system, reduction in number of messages is
achieved.
The following improvement can be made to our algorithm.
Piggy-backing can be used for our advantage wherever
possible (E.g. If a site has to VOTE some node and also has to
send the REQUEST, then it can piggy-back the REQUEST
with the VOTE for that node) and hence reducing the number
of messages exchanged.
REFERENCES
[1] Ananthanarayana V.S, K. Vidyasankar, “Dynamic Primary Copy with
Piggy-Backing Mechanism for Replicated UDDI Registry”, ICDIT
2006, Lecture Notes in Computer Science, Vol. 4317, Yr 2006, Springer,
pp 389 – 402.
[2] Bharath Kumar A.R., Pradhan Bagur Umesh., Ananthanarayana
V.S.,"An Efficient Lazy Dynamic Primary Copy Algorithm for
Replicated UDDI Registry", ICIP-2008, pp 564-571
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 166

Evaluation of Huffman Coding Technique
Mr. Pramod D. Ganjewar
Assistant Professor, Department of Computer Engineering,
Maharashtra Academy of Engineering, Alandi(D.), Pune – 412 105, MS, India
e-mail: pramoddg@rediff.com
Prof. Umesh S. Bhadade
Assistant Professor, Department of Computer Science and Engineering,
G. H. Raisoni Institute of Engineering and Management, Jalgaon – 425 001, MS, India
e-mail: umeshbhadade@yahoo.com
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract - The purpose of this paper is to compare percentage
of compression, CPU time, average code length achieved by the
use of Huffman Coding implemented by us and Mark Nelson [4].
The Huffman Algorithm is implemented for generating codes for
each character scanned from text source file. Each compression
file has unique set of Huffman codes. The results of using
Huffman Coding algorithm has demonstrated that the larger the
file the more useful the technique for compression. Also the
results show that code length generated by our implementation is
slightly better than their way of implementation.
Keywords – Average Code Length, Compression Ratio,
Compressed File Size, Decompressed File Size.
D
I. INTRODUCTION
ATA compression [1] has been a topic of interest
recently because of its applications both in computer
memory management and in communications. Besides, data
compression, as a subject, is no longer a theoretical subject,
when it comes to statistical coding techniques, for example,
Huffman Coding is a statistical coding method. With the
advances in semiconductors technology and computing
algorithms, it is now possible to implement such
complicated coding techniques in hardware also.
Huffman [2] developed a coding procedure for a
statistically independent source in order to minimize the
average code length. In this code, each symbol is
represented by a binary code word that has the following
length:
| c ( i ) | = f ( - log ( p ( i ) ) [1]
where:
c ( i ) = Code Word
p ( i ) = Probability of Occurrences,
f ( i ) = The closest integer to x.
Thus, Huffman coding yields the following average code
length :
Average code length = ∑ p(i) * | c( i ) | [2]
Which is, approximately, the entropy of the input source
file. In addition to this economical property, Huffman
coding has another one, known as the prefix property which
means that no code word is duplicated at the beginning of a
longer code word.
Many authors have developed computer techniques to
simulate Huffman coding. Pechura [3] has demonstrated
encouraging results using static or non-adaptive scheme to
compress small computer programs.
The rest of this paper is organized as follows,
Section II gives brief information about related work on
Huffman Coding by [4], Section III describes our way of
implementation, Section IV demonstrates results and
discussion and finally, Section V presents the conclusion.
II. RELATED WORK
In [4] Huffman Coding is implemented for text files. It
has used NODE structure which stores related information
in it like count, which is its weight in the tree, and the node
numbers of its two children.
A Huffman tree is set up for decoding, not encoding.
When encoding, first walk through the tree and build up a
table of codes for each symbol. The codes are stored in the
CODE structure.
The special EOS symbol is 256, the first available
symbol after all of the possible bytes. When decoding,
reading this symbols indicates that all of the data has been
read in.
In compression routine, it looks for a single additional
argument to be passed to it from the command line: "-d".
If a "-d" is present, it means the user wants to see the model
data dumped out for debugging purposes. This routine
works in a fairly straightforward manner. First, it has to
allocate storage for three different arrays of data. Next, it
counts all the bytes in the input file. The counts are all
stored in long integer, so the next step is scale them down
to single byte counts in the NODE array. After the counts
are scaled, the Huffman decoding tree is built on top of the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 167

Proceedings of ICCNS 08 , 27-28 September 2008
NODE array. Another routine walks through the tree to
build a table of codes, one per symbol. Finally, when the
codes are all ready, compressing the file is a simple matter.
After the file is compressed, the storage is freed up, and the
routine returns.
In decompression it will expand a file that has been
compressed with order 0 Huffman coding. This routine has
a simpler job than that of the Compression routine. All it
has to do is read in the counts that have been stored in the
compressed file and build the Huffman tree. The data can
then be expanded by reading in a bit at a time from the
compressed file. Finally, the node array is freed and the
routine returns.
Occurrences of characters in this file are shown in Table
– 1 and corresponding Huffman Tree is shown in Fig. II.
TABLE – I
LIST OF SYMBOLS WITH CODE WORDS AND FREQUENCY
COUNTS
Symbol Frequency Code
f 1 010
e 1 0111
d 1 0110
b 2 00
a 3 10
c 4 11
III. OUR WAY OF IMPLEMENTATION
Algorithm [1] is of three step
1) Analyze the file to be compressed & build the code tree.
2) Compress the file based on Huffman codes generated.
3) Decompress the file back into its original form.
In Analysis step,
Scan the source file character by character, determine
occurrences of each character in the source file. Then sort
these characters in ascending order of their frequency as
shown in Table-1. Create linked list of these characters.
Create new node with frequency equal to addition of
frequency of first two nodes i.e. first two nodes having
minimum frequency. Insert that new node at proper position
in that linked list. Repeat this till your linked contains only
one node i.e. root node of Huffman Tree. Now we can say
that linked list is converted to Huffman Tree. Now walk
through that Huffman tree for assigning codes to all nodes
in Huffman Tree as shown in fig. II. Use this Huffman code
in compression as well decompression by storing it in some
file.
The Node Structure in Huffman Tree and Linked List
will be same and it is as shown in Fig. – I
Link
To
Parent
Node in
Tree
Character Frequency Code
Fig - I Node Structure
Link
To
Next
Node in
LL
In this node structure,
Link to Parent Node in Huffman Tree – This will store the
address of parent node which is used for traversing at the
time of code generation. Character – character from source
file, Frequency – No. of occurrences of that character in
source file and Link to next node in Linked List – stores
address of next node in the linked list.
Example: Consider source file with contents
“aabcccdefbac”
1-d
12
5
00 01
2-b
010
0
1 -f
0110
3
Fig. - II Huffman Tree with Code Words
In Compression step,
Scan stored code words and store it in primary memory
using array of structures. Scan source file character by
character. Then find out code word of that character from
current array of structure. Collect that code word in a buffer
of 8 bits. When that buffer become full, write it to a
compressed file. Repeat this till end of source file. At last
you will get compressed file.
Contents of compressed file for the given source file are
“£ötX”.
Details are given below
“{a}10{a}10{b}00{c}11”=‘£’(163)
“{c}11{c}11{d}0110” =‘ö’(246)
“{e}0111{f}010{b}0” =‘t’(116)
“0{a}10{c}11000” =‘X’(88)
Here at the time of compression last byte which we are
going to write may contain less than 8 bits, so we have to
append some additional 0’s to make its length to eight.
Otherwise it will give some extra bytes at the end of
decompressed file after expansion. Also we have to provide
special attention, towards this extra bits appended in
compression, at the time of decompression of compressed
file.
In Decompression, Scan code words and store it in
primary memory by using array of structures. Now scan
compressed file, character by character. Separate that
10
3-a
011
2
1
7
0111
1-e
11
4-c
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 168

Proceedings of ICCNS 08 , 27-28 September 2008
scanned byte bit by bit and compare that group of bits with
code words in memory. If that group of bits is matching
with some code word, write its related character in
decompressed file. Repeat this for remaining bits and
remaining characters in compressed file. At last you will
get decompressed file same as that of source file. In
decompression we have to take care of additional bits
appended in compressed file at the time of compression
here.
Contents after expansion of compressed file are
““aabcccdefbac”.
Details are as below
“{10}a{10}a{00}b{11}c{11}c{11}c{0110}d{011
1}e{010}f{00}b{10}a{11}c{000}”.
IV. RESULTS AND DISCUSSIONS
The results are based on way of implementation of
Huffman Coding. Here information considered is of text
type in both cases. The text file may be of Notepad, Word
pad and c files. The files are taken from corpus named
Canterbury corpus. Huffman codes are generated for every
possible character in that file by using both ways.
The result information recorded for each file is number
of bytes in original files, the percentage of compression, the
average code length in bits per character, the CPU time,
number of bytes in compressed file, the number of bytes in
the decompressed file.
The percentage of compression is calculated by equation
- (3), Average code length in bits per character is
calculated by the equation - (4). Finally the CPU time is
based on the amount of CPU time required to analyze,
compress and decompress source file.
Compressed File Size
Comp. Ratio = ---------------------------- * 100 [3]
Original File Size
Compressed File Size
Average Code length = ---------------------------- * 8 [4]
Original File Size
At the time of taking results their code of Huffman
Coding which we are having is not able to compress large
files. Hence we have considered only small files for
comparison results.
V. CONCLUSION
The results of our implementations are shown in
Table – II. Similarly the results of their implementations are
shown in Table – III. Comparative results of these both
methods related to code length are shown in Table – IV.
The results presented in Table – IV, shows that there is
minor improvement in code length by using our way of
implementation for Huffman coding. Our way of
implementation reduces code length, because of that it
gives better results in compression ratio for larger files that
is shown in Table -V. As code length is small, compressed
file size will be small, because compression ratio is
dependent on average code length of that source file.
Here difference in code length is not that much, but as
file size increases, we will get better results in code length.
So we recommend our implementation for larger files for
getting better code length. Other than code length we have
to consider other properties of compression techniques like
percentage of compression ratio, CPU time, file size after
decompression, file size after compression and compression
ratio in the comparative results. These properties of both
ways of implementations are given below in Table II & III.
As our work is going on, still we will try to improve this
results.
REFERENCES
[1] Ahmed Desoky, Mark Gregory, ”Compression of Text and Binary
Files Using Adaptive Huffman Coding Techniques”, IEEE, 1988,
660 – 663
[2] A. Huffman , “A Method for the Construction of Minimum
Redundancy Codes”, IRE 40, 9, Sept. 1952, 1089 – 1101.
[3] M. Pechura, “File Archival Techniques using Data Compression”,
ACM 25, 9 Sept. 1982, 605 – 609.
[4] “The Data Compression Book“, Second Edition, by Mark Nelson
and Jean-Loup Gailly.
TABLE – II
RESULTS OF OUR WAY OF IMPLEMENTATION
Description / File alice29.txt asyoulik.txt Plrabn12.txt fields.c lcet10.txt
Original File Size(B) 152,089 125,179 481,861 11,150 426,754
Compressed File Size (B) 87,689 75,807 275,586 7,027 250,556
Decompressed File size (B) 152,089 125,179 481,861 11,150 426,754
Compression Ratio 57.65% 60.55% 57.19% 63.02% 58.71%
Code length(bits/char) 4.61 4.84 4.57 5.04 4.69
CPU Time (Seconds) 0.06 0.43 1.75 0.00 1.53
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 169

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE – III
RESULTS OF MARK NELSONS WAY OF IMPLEMENTATION
Description / File alice29.txt asyoulik.txt Plrabn12.txt fields.c lcet10.txt
Original File Size(B) 152,089 125,179 481,861 11,150 426,754
Compressed File Size (B) 88,116 76,010 276,890 7,139 251,544
Decompressed File size (B) 152,089 125,179 481,861 11,150 426,754
Compression Ratio 57.93% 60.72% 57.46% 64.02% 58.94%
Code length(bits/char) 4.63 4.85 4.59 5.12 4.71
CPU Time (Seconds) 0.00 0.00 0.05 0.00 0.05
TABLE – IV
COMPARISON OF AVERAGE CODE LENGTH
File Name
Original File Size
(Bytes)
By Our Way of
Implementation
Comparisons of Code Length
Mark Nelsons Way
Implementation
alice29.txt 152,089 4.61 4.63
asyoulik.txt 125,179 4.84 4.85
plrabn12.txt 481,861 4.57 4.59
fields.c 11,150 5.04 5.12
lcet10.txt 426,754 4.69 4.71
TABLE – V
COMPARISON OF COMPRESSION RATIO
File Name
Original File Size
(Bytes)
By Our Way of
Implementation
Comparisons of Compression Ratio
Mark Nelsons Way
Implementation
alice29.txt 152,089 57.65 57.93
asyoulik.txt 125,179 60.55 60.72
plrabn12.txt 481,861 57.19 57.46
fields.c 11,150 63.02 64.02
lcet10.txt 426,754 58.71 58.94
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 170

Proceedings of ICCNS 08 , 27-28 September 2008
Methods For Efficient Work Load Migration
P.Neelakantan
Dr M.M.Naidu
Associate Professor,
Professor,
S.V.C.E.T.
S.V.U
pneelakantan@rediffmail.com
Abstract
In a conventional operating system, process management
deals with mechanism and policies for sharing the
processor of the system among all processes. Similarly in
a distributed system, the main goal of process
management is to make the best possible use of the
processing resources of the entire system by sharing them
among all processes. In this connection an efficient
process migration is needed to deal with the movement of
process from its current location to the processor to
which it has been assigned. In this paper we discussed (1)
Local scheduler (2) continuous load balancing through
adaptive scheduling (3) Global scheduler methods to
migrate the process in efficient manner to avoid process
thrashing
1. Introduction
Many large scale applications are adaptive in that their
computational load varies throughout the execution and
causes uneven distribution of the workload at runtime.
Efficiently partitioning of the workload and migration of
excess workload from overloaded processors to under
loaded processors during execution are critical techniques
needed for efficient use of distributed computing
environment. These are also called dynamic load
balancing techniques. Tradition research has been focused
on partitioning the problem; however the cost entailed by
workload migration may consume orders of magnitude
more than the actual partitioning when the excess
workload is transferred across geographically distributed
machines. In particular with workload migration, it is
critical to take into account that the wide area network in
addition considering the resource allocation. Transferring
excess workload in a distributed system is complicated
due to the following challenges imposed by the nature of
the distributed systems.
• Transparency: At the object access level it is
the minimum requirement for a system to
support non preemptive process migration
facility. At a system level and inter process
communication level, a migrated process does
not continue to depend upon its originating
node after being migrated.
• Minimal interference: Migration of a process
should cause minimal interference to the
progress of the process involved and to the
system as a whole.
• Minimal residual dependencies: No residual
dependency should be left on the previous
node. A migrated process should not depend
on its previous node once it has started
executing on its new node.
Process migration mechanisms:
Migration of a process is a complex activity that involves
proper handling of several sub activities in order to meet
the requirements of a good process migration mechanism.
The four major sub activities involved in process
migration are as follows:
• Freezing the process on its source node and
restarting it on its destination node.
• Transferring the process’s address space from its
source node to its destination node.
• Forwarding messages meant for the migrant
process.
• Handling communication between cooperating
processes that have been separated as a result of
process migration.
2. Related work
A Process consists of the program being executed,
along with program’s data, stack and state. Thus the
migration of a process involves the transfer of the
process’s state and process’s address space to the
destination node is required. In total freezing, a process
execution is stopped while its address space is being
transferred which is used DEMOS/MP[1] and LOCUS[2].
In pretransferring, the address space is transferred while
the process is still running on the source node.
Pretransferring is done as an initial transfer of the
complete address space followed by repeated transfers of
the pages modified during the previous transfer until the
number of modified pages(detected using dirty bits) is
achieved[3].This method is used in V-system. The
disadvantage of this approach is it increases the total time
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 171

Proceedings of ICCNS 08 , 27-28 September 2008
for migration due to the possibility of redundant page
transfers. Another method is based on the assumption
that process tend to use only a relatively small part of
their address space while executing. In this method , the
process’s address space is left behind on its source node
and as the relocated process executes on its destination
node[4], attempts to reference memory pages results in
the generation of requests to copy in the desired blocks
from their remote locations. This method is not efficient
in terms of the cost of supporting remote execution once
the process is migrated and imposes a continued load on
the process’s source node and results in failure of the
process is the source node fails or is rebooted. In
message forwarding mechanisms , the messages to be
forwarded to the migrant process’s new location can be
classified into the following:
1. Messages received at the source node after
the process execution has been stopped on its
source node and the process execution has not
yet been started on its destination node.
2. Messages received at the source node after
the process’s execution has started on its
destination node.
3. Messages that are to be sent to the migrant
process from any other node after it has
started execution on the destination node.
In origin site mechanism , the process identifier of these
systems has the process’s origin site [5] embedded in it,
and each site is responsible for keeping information about
the current locations of all the processes created on it.
This method is not good from a reliability point of view
because the failure of the origin site will disrupt the
message forwarding mechanism and continuous load on
the migrant process’s origin site even after the process
has migrated from that node. In link traversal mechanism
to redirect the message of types 2 and 3, a forwarding
address known as link is left at the source node pointing
to the destination node of the migrant process. The most
important part of the link is the message process address
that has two components. The first component is unique
process identifier and second component is the last
known location of the process[6].It suffers from the
drawbacks of poor efficiency and reliability. Several links
have to be traversed to locate a process from a node and if
any node in the chain of links fails , the process cannot be
located.
interconnected queues. The below fig illustrates this
situation using nodes to represent queues and the
interconnected lines to represent traffic flow. Two
elements of such network complicate the methods shown
so far:
The partitioning and merging of traffic , as illustrated by
nodes 1 and 5 respectively in the figure.
Fig 1: Network of queues
The existence of queues in tandem, or series, as illustrated
by nodes 3 and 4. No exact method has been developed
for analyzing general queuing problems that have the
above elements. However if the traffic flow is Poisson
and the service times are exponential, an exact and simple
solution exists.
Partitioning and merging of traffic streams
Suppose that traffic arrives at a queue with a
mean arrival rate of λ, and that there are two paths, A and
B, by which an item may depart (Figure 2). When an item
is serviced and departs the queue, it does so via path A
with probability P and via path B with probability (1 – P).
In general, the traffic distribution of streams A and B will
differ from the incoming distribution. However, if the
incoming distribution is Poisson, then the two departing
traffic flows also have Poisson distributions, with mean
rates of Pλ and (1 – P)λ..
3. Proposed methods
Network of queues
In a distributed environment isolated queues are
unfortunately not only problem presented to the analyst.
Often the problem to be analyzed consists of several
Fig 2: Traffic partitioning
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 172

Proceedings of ICCNS 08 , 27-28 September 2008
3.1 Local Scheduler
Jobs are only allocated or migrated to remote
workstations if the “leverage” is significant i.e., the ratio
of the destination capacity to the capacity needed at the
local system to support remote execution should be large.
Each workstation has a local scheduler and a back ground
queue, which holds the jobs submitted by the user. A
central coordinator is present on one workstation .Each
station keeps information regarding its job load. The
central coordinator uses polling mechanism to see which
stations are available and allocates capacity. The
workstation decides the scheduling, according to the
relative priority of the jobs. When the user of the
destination system (where the process is migrated)
reclaims the machine the process is “check-pointed” and
state transferred to the home machine. The main points to
be noted here are that such a policy would make sense in
a loosely coupled system where all remote resources are
freed up and no residual dependencies remain.
Transferring of state
Here a shadow process runs as a “substitute
process” on behalf of the remote process on the home
machine. System and other location dependent calls are
forwarded to the substitute process. The “check-pointing”
facility is to save the state of the process, so that process
can be restarted elsewhere. Saving the state involves
writing the process’s data and stack segments to
permanent storage using the file system. In a uniform file
system environment , this is equivalent to migration(since
the file system is mountable from any host), while in
environments where the nodes do not have a uniform
view of the file system , calls are forwarded via remote
procedure calls to the shadow process on the home node,
and the results are sent back.
File system and migration
This method needs to support both uniform and
non uniform views of the file system. In an network file
system like environment, where any file can be remote
mounted, checkpoint/restart is simpler to implement. File
state information such as open file descriptors, seek
position are captured at check point time. It also supports
non uniform view of the file system through forwarding
mechanisms via remote procedure calls. The important
assumption is that the state of the checkpoint file is not
altered between checkpoint and restart.
Scaling considerations
There is a centralized coordinator who does the
allocation. However each node is autonomous since it
only needs t keep track of its own load state. If the
coordinator fails, new requests are affected, n ot the
requests that are already allocated. So these aspects give
a certain degree of scalability to method1.
3.2 Continuous load balancing through adaptive
scheduling
Here load balancing is done continuously , not
just during creation or ejectment of a process. Processes
get migrated anytime the distributed system gets
unbalanced, through adaptive scheduling[7].If a process
requirement exceeds a certain threshold, then a process
becomes a candidate for migration. Each process must
also run for a bare minimum time on the processor to
prevent thrashing. A load vector is maintained at each
node, which contains information about the load of a
random subset of neighboring nodes. This load vector is
constantly updated through “load information
propagation” which is completely decentralized process.
Candidate target nodes are chosen from this load vector.
During allocation, I/O bound processes are allocated on
nodes with which this process has maximum I/O
communication. Also, a process that has a history of
partitioning other processes becomes a good candidate for
migration.
Transferring state
Once a target has been picked there is an
exchange of messages between source and destination.
The destination node can choose to reject the request.
Here this method uses a demand paged transfer of virtual
memory. If we use kernel level implementation, it is easy
to store the process and processor states. Even the
hardware is heterogeneous, migration is allowed only
between homogeneous processors.
File system and migration
Here we can use the UNIX file system ,so we
have a uniform transparent view of the file system. This
facilitates transferring or virtual memory files.
Scaling considerations
Here nodes are completely autonomous, and the
scheduling is totally decentralized. Each node maintains
information only about a random subset of nodes, usually
those at close physically proximity due to I/O affinity
considerations. Each processor also sends out information
regarding its load to only a random subset of processors.
All communication is carried out only between the
concerned 2 nodes during migration.
3.3 Global scheduler
Here we use a global scheduler which is
basically centralized resource manager which decides
where to migrate the process. Here the migration is
usually done during work creation or ejectment or when
node is under excessively heavy loaded. Idle hosts are
located by global scheduler in a manner some what
similar to method1.Each node has daemon manager
installed on it. When decision has been made by the
global scheduler , a signal has been sent to the daemon
manager on the node from which the process has to
migrate. Target allocation is based on idle workstation
availability.
Transferring state
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 173

Proceedings of ICCNS 08 , 27-28 September 2008
Here a process establishes a TCP connection
with the destination node. All process state that can be
captured by the application using the daemon manager
library functions is transferred to the destination and a
skeletal process is constructed. Here migration can only
be performed
File system and migration
Here we make that global file system like NFS
exists on both source and target nodes. This is required
for file I/O migration. Here we can provide wrapper
functions to the daemon manager which allows to
maintain a list of open file descriptors.
Scaling considerations:
Here the scaling is limited by the fact that a
centralized resource manager is used.
4. Conclusion
In this paper, we have proposed different
workload migration schemes for processes running in
distributed environments. The methods described above
provide the optimized allocation of migrated data along
different cluster systems so as to reduce the migration
overhead. Our future work includes fully evaluating and
refining the proposed techniques. For ex., the mobile
agent approach to process migration is an alternative to
true process migration and the mobile agent approach
may be implemented in interpreted languages such as
Java which are more secure and promising for certain
applications. In these languages the interpreter acts as a
virtual machine to create an artificial homogeneous
environment.
[7]Eager at al. “Adaptive load sharing in Homogeneous
Distributed Systems,” IEEE Transactions on Software
Engineering, vol. SE-12,No.5,pp 662-675
5. References
[1].Powell ,M.L., and Miller,B.P.,” Process Migration in
DEMOS/MP,” In: Proceedings of the 9 th ACM
Symposium on Operating System Principles, Association
for Computing machinery, New York, pp 110-119.[83]
[2]Theimer, M.M.,Lantz K.A., and Cheriton,
D.R.,”Preemtable Remote Execution Facilities in V
System,” In: Proceedings of the 10 th ACM symposium on
Operating system principles ,New York, pp 2-12.[85]
[3]Smith J.M.” A Survey of Process Migration
Mechanisms” ACM Operating Systems
review,Vol.22,pp.28-40.[88]
[4] Distributed Operating Systems ,PHI, Pradeep K.Sinha
[5] Walker, B.J.,and Mathews,R.M.,”Process Migration
in AIX’s Transparent Computing Facility(TCF),”TCOS
Newletter,Vol.3,pp 5-7[89].
[6]Chang, H.W.D., and Oldham,W.J.B..,”Dynamic Task
Allocation Models for Large Distributed Computing
Systems,” IEEE Transactions on Parallel and
Distributed systems,vol.6,No.12,pp1301-1315[95].
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 174

Proceedings of ICCNS 08 , 27-28 September 2008
Requirements Driven Modeling of Autonomic
Systems
K Chandra Sekaran, Prarthana A.G, Shruthi Viswanath
Abstract—This paper proposes an approach that uses
requirements driven formalism to model autonomic systems.
Autonomic systems are typically complex and development of such
systems should follow principles and life cycle models of systems
engineering. This work proposes a new approach in using Unified
Modeling Language associated with Ontology as a formal approach
while using the requirements engineering in the development of
autonomic systems. An example case has been presented to describe
the proposed approach.
Keywords—Autonomic communication, formal methods,
ontology, Requirements modeling, UML.
I. INTRODUCTION
Autonomic systems [1] are distributed, complex and
concurrent systems, comprised of multiple interacting
autonomic elements. Developments of such systems require to
follow engineering approaches using formal methods. In this
paper we propose Unified Modeling Language (UML)
associated with Ontology as a combined approach to the
development of such systems which is driven based on the
requirements. Thus, the scope of this work is explore the
possibilities of using UML in association with ontology as a
formalism to model autonomic systems. Following paragraphs
in this section describe (a) the need for requirements based
modeling of autonomic systems and (b) UML and ontologies
as formalism in requirements modeling.
A. Requirements modeling in Autonomic Systems
Requirements modeling are concerned with the
identification of goals to be achieved by the envisioned
system, the operationalisation of such goals into services and
constraints, and the assignment of responsibilities of resulting
requirements to hardware and software systems. It also refers
to the development of a methodology for capturing the
functional and nonfunctional requirements of the system as
K.Chandra Sekaran is with the National Institute of Technology
Karnataka, Surathkal (corresponding author), Professor in the department of
Computer Engg; (e-mail: kchnitk@gmail.com).
Prarthana.A.G , was with National Institute Of Technology, Surathkal. She
is now working in VMware Software India Private Limited, Bangalore, India
(e-mail: prarthanaag@gmail.com).
Shruthi Viswanath was with National Institute Of Technology, Surathkal.
She is currently pursuing PhD in computer Science department, University of
Texas, Austin (e-mail: shruthi.viswanath@gmail.com).
specified by the stakeholders. This task is necessary for
several reasons: in order to analyze and evaluate the multiple
alternatives for meeting the system goals by explicitly
capturing the different alternatives. It also makes the
requirements generation more systematic. Besides, the
requirements model can be used to create the design views by
enriching it with additional data, hence allowing for the
gradual conversion of requirements specifications into
solution designs in a requirements driven framework, thus
leading to tight requirements traceability [6].
An autonomic system is a self-managing, autonomous and
ubiquitous computing environment that completely hides its
complexity, thus providing the users with an interface that
exactly meets one’s needs [1]. As networks and their
applications grow increasingly complex, it is difficult to
maintain them by manually controlling the operation of the
network. This increasing complexity has led to the concept of
systems, which handle self-management without external
intervention. An autonomic communications system reduces
the cost of operation by relieving the system administrators of
some of the load associated with maintaining complex
networks. Such a system aims to achieve autonomic behaviour
by means of the four self-* attributes: self-configuring, selfhealing,
self-optimizing and self-protecting [2].
Autonomic systems in particular, necessitate requirements
modeling for several reasons as stated in [6]. Firstly, for
exploring, analyzing and implementing alternative process
specifications at design-time instead of runtime; this enables
the interactions between autonomic systems less complex and
less error prone. This approach leads to a more predictable
system behavior. Secondly, the modeling provides traceability
from the autonomic system design to the stakeholder
requirements. Thirdly, it provides a framework for relating the
high-level system objectives to the goals for individual
autonomic elements [6].
B. Role of Formal Methods in requirements modeling
Formal methods are now used extensively in many stages of
software development, especially in the requirements
modeling stage, for the following reasons. Firstly, one can
catch incomplete specifications of input or behavior at the
preliminary stage itself. Formal methods complement
traditional methods of inspection by providing a mechanism
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 175

Proceedings of ICCNS 08 , 27-28 September 2008
for checking complete assertions and hence detecting invalid
specifications. Also, they can eliminate the ambiguity present
in natural language specifications, by using mathematics.
Complex properties can be expressed concisely using
mathematics. Supported by visual approaches like UML,
formal methods can speed up the process of converting natural
language based requirements specifications to working code.
Lastly, formal methods lead to a deeper understanding of
systems in terms of precision and detail.
The support of formal methods is particularly needed in the
case of requirements modeling for autonomic systems. Firstly,
autonomic communication systems are extremely complex
both in terms of architecture and policies and are hence
difficult to test for errors, omissions and conflicts. Hence a
formal framework is required in order to ensure correctness of
behaviour of the system and guarantee that the system satisfies
its requirements. Formal methods can also be used not only for
verifying system requirements but also for monitoring the
change in requirements and maintenance over long periods of
time.
Large, heterogeneous network systems e.g. intelligence
network systems are crucial applications where failure or
malfunction will incur a heavy cost. Here formal methods can
be used for stepwise design and verification to ensure
completeness and consistency of the system. This reduces
chances of errors in the later stages. Formalization allows us to
describe the decomposition of non-functional requirements
rigorously and also serves as a reference for practical
evaluation of the system. Formalization enhances the
relationship between the architecture and Quality Of Service
attributes and ensures that the attributes are met and sustained
over a long period of time.
The Unified Modeling Language (UML) has been widely
accepted as a standard modeling language in the software
engineering community. It defines semantics and their
notations of model elements required for the problem in hand.
UML provides nine kinds of diagrams with fine levels of
abstraction to specify entities in a given problem. Complex
systems such as autonomic systems can be modeled through a
set of independent diagrams, which this paper explores.
Ontology necessarily embodies some sort of realistic view
of tasks that we want to formalize with respect to a given
domain. This realistic view often represents the concepts and
their relations. Typically this is known as ‘conceptualization’.
Some refer, therefore, ontology also as a formal representation
of systems which provides shared understanding of how does
the system function. In our work we use ontology as a first
level formalism in order to capture the requirements /
functionalities of an autonomic system faithfully and then
embed UML in the ontology in order to realize a meaningful
formalism to develop the autonomic system in a true software
engineering based approach.
The remainder of this paper is structured as follows: Section
2 discusses the proposal for using formal methods in the
development of systems in the domain of autonomic
communication. Section 3 briefs the role of UML associated
with Ontology in our proposed work. .Section 4 presents a
‘Proof of Concept Scenario’, where we discuss the UML
ontological modeling of a specific case of network failure in
autonomic communication. Section 5 summarizes and
concludes the presentation of the work.
II. REQUIREMENTS AND FORMALISMS IN
AUTONOMIC SYSTEMS
An autonomic communication system is a specialized
domain of autonomic systems. There are several aspects of
autonomic communication systems that can be formally and
functionally specified or represented and verified. In our work,
UML associated ontology as a formal method being used for
the representations of the high-level autonomic
communication network architecture. Also, the network
policies and protocols, which ensure autonomous behaviour,
can be formally specified and verified. The formal proof can
also be used to generate code for the network and
communication software.
A. Features of autonomic systems
Formal methods are being applied to represent all the basic
requirements of an autonomous system. Also to ensure that
both at the micro (individual network element) and macro
level (the whole network should function as an autonomous
system) requirements, formal methods are being applied[5].
Following are the important characteristic features of an
autonomic system [1,6], which need to be captured and
represented in its development through a formal method:
1) Self-configuration
This requires that a system collect information from
various internal and external sources and derive self
knowledge and context awareness so that it can reconfigure
itself with respect to its changing environment without manual
intervention. A formal method proof of the protocols and
policies laid down for data collection and evaluation would
verify that a system is able to reconfigure itself within its
operational envelope.
2) Self-healing
The system must be able to dynamically detect and take
measures to correct its faults. This property is implemented
using environment awareness. Stating this in a formal
requirement specification will ensure completeness in
specification, since this is a property, which uses a large
number of operational details that may run the risk of
omission if not formally asserted. Also self-healing is crucial
for the working of the system. Hence a formal verification of
this property is essential.
3) Self-optimization
The system needs to preemptively optimize itself, with
respect to business goals and must balance requirements. For
this, the applications that the system needs to optimize itself
with respect to, needs to be clearly specified. Also the priority
order among requirements needs to be known to the system. A
formal specification can help perform the above with clarity
and conciseness.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 176

Proceedings of ICCNS 08 , 27-28 September 2008
4) Self-protection
This involves detecting and responding to external attacks.
A formal framework can be used for specifying and verifying
policies of node based and network based protection.
The formal methods shall be used for context definition and
context handling with respect to the above properties while
developing these systems; obviously, these properties enforce
and increase complexity of the systems.
B. Role of formal methods in Autonomic Systems
The development process of any system or product begins
with the specifications or representations of the functionalities
of it in a more readable and understandable form, which later
can be used to verify the features of the system on hand. In our
context, we shall be able to mean the role of formal methods
in the following tasks:
• A formal framework for events concerning a network
element like: making a choice to resolve a conflict, negotiating
for resources, subscription and notification of events from peer
elements, classification and prioritization of system events and
forcing human interaction to resolve and learn from new
situations can be used in all the stages, from the requirement
stage to the testing stage.
• System dynamics is handled by collection of data from
various sources and knowledge derivation, followed by rule
generation to form system policies dynamically. A formal
proof for rule-generation would assist in automated generation
of system level policies.
• A system has to evolve rather than adapt i.e. automatic
selection of algorithms and components in response to an
environment change must be made possible. Formal
framework can be used to derive evolvability patterns and
specify them in behavioral definitions and also predict the
emergent behaviour of the system.
• Formal methods can also be used to verify seamless
integration of self-managing components, in order to ensure
that the system on the whole, behaves autonomously.
Using formal methods help the developers to get ‘early feed
back’ in the development process and due to which the system
or product can be predicted with quality attributes like
complexity.
III. ONTOLOGY AND UML IN AUTONOMIC SYSTEMS
Formal methods like Estelle and Lotos [9,10] are
mathematically driven approaches; these are not widely used
in industries as they impose difficult notations. On the other
hand, UML like formalisms use diagrammatic approaches
which can easily be followed in a team work for software
development. However, capturing the functional requirements
only with ‘use cases’ of UML approach has been experienced
as a time consuming task as the ‘conceptualization’ of the
system has not been directly reflected in it. On the other hand,
ontology based approaches have been successfully used to
capture the requirements and representing them in an easier
way. But, ontology based approaches cannot be used for
verification or validation purposes at a later stage of a product
life cycle, which can easily be done while using the tools of
UML. Thus, the proposed approach makes of a hybrid
approach which uses ontology as a first level formalism to
capture the functional requirements of autonomous systems
and then to use (embed) UML (its state diagram) in the
ontology such that the approach takes benefits of both the
approaches.
A. Functional Representation of Autonomic Systems
A functional representation of a system consists of
descriptions of the functionality of components and the
relationship between them. The claim here is that it is not
trivial to clearly identify functional components and / or sub
systems along with their inter-relationships while designing
any complex system. Ontology based approaches are being
demonstrated in developing new systems while describing
their functionalities and relationships [3,4,7] in successful
manner. We take advantage of this approach that the
ontologies are at the core of systems development and
semantic representation. They capture the basic terminology
(concepts) of the domain of interest and the relationships
between those concepts. It is used to reason about the objects
within that domain. However, when the developer wants to
use tools to verify the properties of functional representations
one has to seek the help of UML like approaches. Thus, in the
next step, we use UML in ontology representation.
Visual languages like Unified Modeling Language can be
used in conjunction with ontology based system design, which
has been experimented successfully, in this work. There is a
growing interest especially in the use of UML diagrams to
represent dynamics system that is under development. The
principal advantages of using UML are that it can be extended
as a formal design and verification technique. It is simple to
use and is a de-facto industry-wide standard for systems
modeling. It is precisely defined and a number of analysis,
testing, simulation and transformation tools are available for
UML. It not only provides a basis for simulating and testing
an entire system, but also provides an optimum resource for
reasoning across the entire system [8].
B. Proposed Approach
As a requirements driven approach to modeling autonomic
systems using formal methods, we use ontology associated
UML as a formal method. Ontology associated UML as the
formalism has been proposed and based on this approach, the
graphical representation of a network failure in autonomic
communication has been presented as a case study or an
example.
Ontologies have been defined as an explicit specification of
a conceptualization. It aims at making application
functionalities being represented through graphical means. In
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 177

Proceedings of ICCNS 08 , 27-28 September 2008
our work we capture the functional requirements of an
autonomic system, more specifically a communication system.
Graphical representation makes the system to understand very
clearly without any ambiguity. Ontological definitions of
functional properties of systems are human-readable. We use
the ontology for enlisting the functional features /
requirements of the system on hand.
UML is being used with its diagrammatic notations to
represent the functionalities which can be used in conjunction
with any tool to verify the properties of the system on hand.
We use the state diagram of UML to capture the system
requirements with its dynamic characteristic and embed it in
the ontology representation.
This combined approach enables us to understand the
system that it to be developed more precisely without any
ambiguity also to use tools to verify, validate and test the
system for its expected behaviours when implemented or
prototyped.
IV. PROOF OF CONCEPT SCENARIO - AN EXAMPLE
CASE
The proposed approach is based on Formal Methods
implemented by means of Ontology associated UML. We use
UML notations to model the case of communication failure
between two autonomic elements. The example of network
failure is being considered here; it poses serious challenges to
the working of any communication system. It is understood
that once a network failure occurs, there will be a sequence of
activities, which follow link failure or node failure in an
autonomic communication system. Next paragraph narrates
the situation and approach.
Consider a simplistic situation in an autonomic
communication system where there are two autonomic
elements A and B. By autonomic element, we refer to the
combination of a managed element and an autonomic
manager, which controls its behaviour, as discussed
previously. These elements may form a part of a larger group
of interacting autonomic elements. We consider a situation
wherein the element A has assigned a task to element B and is
communicating with it, over the network. Element B is
executing the task allotted and sends its task status information
to element A at regular time intervals. Now, for A to behave in
an autonomic manner, it needs to monitor its internal and
external environment continuously, to satisfy the properties of
self-awareness and self-configuration. It does so, by
monitoring the timestamp of packets arriving from B. If there
is any peculiar delay noticed, or the packets stop arriving from
B, A interprets and diagnoses its current state as a
communication failure.
The next step involves analyzing the causes of
communication failure. Element A determines whether the
failure is a link failure between B and itself, or the node B
undergoes a system failure (node failure). Now A adapts to
changes caused by the failure in the following ways.
If the failure is diagnosed as a node failure of B, A should
first analyze whether it currently has the resources and data to
perform the task allotted to B. If yes, it can resume B’s work
from where it left off, or if not possible, execute the task from
beginning, depending on the nature of the task. If A does not
have sufficient resources, it searches for the nearest element
capable of performing the same task. After this, it supplies the
data required to start execution, to the new element, and
initiates task execution.
The situation is different if we consider the case of link
failure. In this case, the element B may still be reachable from
A through some alternate path. In such a case, A plans to
reach B through the next optimal path, through some other
intermediate node(s). Since the autonomic element needs to be
self-optimizing, load balancing among the various available
paths, network traffic, bandwidth and other metrics like
business rules are taken into consideration for finding the next
optimal path. The element A then initiates the task in element
B. If, on the other hand, no suitable path can be found to
element B from A, it follows the steps taken in case of node
failure.
In each of the above cases, the router table information of
element A is updated as part of the execution, and is sent to its
neighboring elements or group elements. In order to adapt to
the dynamic environment, and facilitate learning
autonomically, the element A ‘learns’ from the situation, i.e.
remembers’ the cause and remedial action for the failure, in
order to implement the same for future situations.
The situation in Figure 1 (shown at the end of the paper) is
the graphical representation based on our approach. The
autonomic communication system is modeled using ontology
associated UML as a formal method. Here, firstly we enlist the
functional requirements of the system: monitor, analyse, get
alternate path and initiate – are in one path of flow in an
autonomic element ‘A’ in figure 1. Like wise all the paths
have been identified and represented. Then, we use UML State
diagrams to capture the requirements of the dynamic behavior
of the system - situation of node and link failure. Here, we
notice that the entire ontology elements are being used for
representing the requirements of the autonomic system.
V. CONCLUSION AND FUTURE WORK
Requirements modeling is highly necessitated in the area of
autonomic system development due to its complexity. Formal
methods play a vital role in the requirements modeling of
these complex systems by making it easier to test for
omissions and incomplete requirements, ensuring a concrete
reference at each stage of autonomic software development
and helping meet the Quality Of Service attributes for these
systems in a better way. Here, we have used ontology
associated UML as a formal method with an appropriate
graphical representation of the ontology to delineate the
importance of taking a requirements-driven approach to
modeling autonomic systems. We have explored and resented
alongside is a proof-of-concept scenario for a specific case of
network failure in autonomic communication.
As an extension of our current work, we plan to incorporate
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 178

Proceedings of ICCNS 08 , 27-28 September 2008
the concept of hierarchical autonomic elements, in the
requirements modeling of autonomic systems. We also plan to
extend our approach to other scenarios that arise in autonomic
communication. As it is part of our on-going work, we intend
to use some of the popular tools of UML to verify and validate
the requirements / characteristic features. As a comparison of
our approach with other approaches, we state that our
approach provides more human-readable representation (with
formal approach) of requirements while following a life-cycle
model of system development than merely using use-cases or
any other similar approach.
REFERENCES
[1] R.Steritt, M.Parashar, Manish Parashar, Huaglory Tianfien, Ranier
Unland, A Concise Introduction to Autonomic Computing, Advanced
Engineering Informatics 19 (2005) 181–187.
[2] David Lewis, Declan O’sulliavan, John Keeny, , Towards the
Knowledge-Driven Benchmarking of Autonomic Communications,
World of Wireless, Mobile and Multimedia, Networks, 2006.
WoWMoM 2006, <strong>International</strong> Symposium on 26-29 June 2006
[3] Gruber, T.R. Toward principles for the design of ontologies used for
Knowledge sharing. Int. J. Hum. Comput. Stud. 43, 5/6 (1995), 907–928
[4] Clyde W. Holsapple and K.D. Joshi, A Collaborative approach to
Ontology Design, Communications of the ACM, Vol. 45, No. 2,
February 2002.
[5] Giancarlo Guizzardi, Gerd Wagner and Heinrich Herre, On the
Foundations of UML as an Ontology Representation Language, EKAW
2004, LNAI 3257, pp. 47–62, Springer -Verlag Berlin Heidelberg 2004.
[6] Alexei Lapouchnian, Sotirios Liaskos, John Mylopoulos and Yijun Yu
Towards requirements-driven autonomic systems design, ACM
SIGSOFT Software engineering notes Vol. 30 Issue 4
[7] J. Wang, D. Brady, K. Baclawski, M.M. Kokar and L. Lechowic The use
of ontologies for self-awareness of communication nodes, In Proc.
Software Defined Radio Technical Conf. SDR'03 (2003)
[8] E.A. Coyle, L.P Maguire and T.M McGinnity, Design philosophy for
self-repair of electronic systems using the UML, IEE Proceedings, Vol.
149, No. 6, December 2002
[9] M.D.Fraser, K. Kumar and V.K.Vaishnavi, Informal and formal
requirements specification languages: Bridging the gap, IEEE Trans.
On Software Engineering, 17(5), 454-466, 1991.
[10] S.Budkowski, Estelle Development Toolset (EDT), Computer Networks
and ISDN Systems, 25(1), 63-82, 1992.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 179

Proceedings of ICCNS 08 , 27-28 September 2008
AUTONOMIC ELEMENT 'A'
MONITOR
Monitor timestamp
information of packets
arriving from element
'B'
ANALYZE
Type of failure
Link
Failure
Failure
detected
GET ALTERNATE PATH
Obtain next Optimal Path to element B
based on the following metrics:
Not
Found
a) Load balancing for self-optimization
b) Current network traffic
c) Network bandwidth
d) Business policies and other regulations
Get Path
Node
Failure
CHECKING
Determine whether the
element A itself has
resources and the data to
do the task it allotted to
element B
SEARCHING
Find the nearest
node which can
continue the task
SUPPLY DATA
If Not Possible
If Po
s si ble
Communicates state informa t i o n
CHECKING
Check if it can
continue the
task from
where B left off
NO
YES
AUTONOMIC
ELEMENT 'B'
EXECUTION
Execute the task allotted
to it by A and send the
state information at
regular time intervals
UPDATING TABLES
Update the routing
tables of element B to
reflect the changes in A
Found
INITIATION
Initiate the
execution in the
element B
Provide the necessary
data to the new
element to carry out
the task
State
EXECUTION
Execute
the task from
beginning
EXECUTION
Resume the
task from
where B left
off
INITIATION
Initiate the
execution in the
new element
Send Updated Routing information
UPDATING TABLES
Update the routing tables of
autonomic element A and send
updated router information to
the neighbouring autonomic
element
NEW
SITUATION
No
Yes
LEARNING
Autonomic element "learns"
from the new situation,its
cause and the actions to be
performed in a similar future
case
Figure – 1 : Ontology associated UML model of an autonomic communication – node and link failure
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 180

Proceedings of ICCNS 08 , 27-28 September 2008
Performance Evaluation of AODV, DSDV and
DSR for MANET
*G. Lakshmikanth # A. Gaiwak +Dr. P .D. Vyavahare
Abstract-- A mobile ad hoc network (MANET) is a collection of
wireless mobile nodes dynamically forming a temporary network
without the use of any preexisting network infrastructure or
centralized administration. The performance of MANET is related to
the efficiency of the routing protocols in adapting to frequently
changing network topology and link status. Because of the nature of
ad hoc networks, there are special demands for ad hoc routing
protocols and the performance of these routing protocols is an
important issue. This paper presents the performance evaluation of
AODV, DSDV and DSR for MANET through simulations using
NS2. The protocols are compared based on the scenario, by varying
the number of nodes and transmission power of mobile nodes
simultaneously. Three performance metrics are considered for
comparison namely: Packet Delivery Ratio, Normalized Routing
Overload and Average End-to-End Delay. The objective is to validate
the scalability and effectiveness of the three routing protocols.
Index Terms-- MANET, routing protocol, performance, DSDV,
DSR and AODV.
I. NOMENCLATURE
MANET-Mobile Ad hoc NETworks
AODV-Ad-hoc On-demand Distance Vector
DSDV-Destination-sequenced Distance Vector
DSR-Dynamic Source Routing
PDR-Packet Delivery Ratio
AED-Average End-to-end Delay
NRL-Normalized Routing Load
A
II. INTRODUCTION
mobile ad hoc network (MANET) is a category of
wireless networks that utilize multi-hop radio relaying
and are capable of operating without the support of any
infrastructure hence they are also called infrastructure less
networks. The absence central coordinator base station makes
routing complex compared to infrastructured networks.
Because of the nature of ad hoc networks, there are special
demands for ad hoc routing protocols and the performance of
* Mr. G. Lakshmikanth is master's student in the Department of Eletronics
and Teleommunications, S.G.S.I.T.S, Indore (MP)-452003, INDIA
(email:lkg497@gmail.com).
# A. Gaiwak is the Head of the department of Electronics,
M.I.T.M, Indore (MP)-452003, INDIA (email:agaiwak@yahoo.co.in).
these routing protocols is an important issue. Routing
protocols used in ad hoc networks must automatically adjust to
environments that can vary between the extremes of high
mobility with low bandwidth, and low mobility with high
bandwidth. The performance of MANET is related to the
efficiency of the routing protocols in adapting to frequently
changing network topology and link status.
This paper addresses the issue by comparing the relative
performance of three key ad-hoc routing protocols: Ad-hoc
On-demand Distance Vector (AODV)[1], Destinationsequenced
Distance Vector (DSDV)[2] and Dynamic Source
Routing (DSR)[3] through simulations. The protocols are
compared based on the scenario, by varying the number of
nodes and transmission power of mobile nodes simultaneously.
The objective is to validate the scalability and effectiveness
of the three routing protocols.
III. AN OVERVIEW OF PROTOCOLS
The MANET routing protocols can be classified in two
categories:
Table driven (proactive) algorithms:
Store the needed information for routing purposes in tables,
which are repeatedly updated through control packets that are
sent by each node. The updates can also respond to topological
changes of the network. Example is DSDV.
On-demand (reactive) protocols:
In contrast to table driven routing protocols, compute the route
to a specific destination only when needed, so a routing table
containing all the nodes as entries does not have to be
maintained in each node. When a source wants to send packet
to a destination, it invokes a route discovery mechanism to
find the path to the destination. The route remains valid till the
destination is reachable or until the route is no longer needed.
Examples are AODV, DSR.
The following subsections briefly describe the three ad hoc
routing protocols which are considered in this paper. The first
one (DSDV) is fully table driven whereas the second one
(AODV) is fully on-demand based. The third one (DSR) has
adopted some of the characteristics of the both the categories.
+ Dr.P.D.Vyavahare is with the Department of Electronics and
Telecommunications, S.G.S.I.T.S, Indore (MP)-52003, INDIA
(email:prakash.vyavahare@gmail.com).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 181

Proceedings of ICCNS 08 , 27-28 September 2008
A. Destination Sequence Distance Vector (DSDV)
DSDV [2], is a distance vector routing protocol. It is based on
the Bellman-Ford routing algorithm. DSDV is a proactive
routing protocol. It works on hop-by-hop basis i.e in this
protocol every node maintains a routing table that contains
next-hop entry and the number of hops needed for all
reachable destinations. DSDV assumes bidirectional links and
thus does not have unidirectional link support. DSDV uses a
concept of sequence numbers to provide loop freedom. The
sequence number is originated by the destination node. To
maintain routing information consistent within a network
DSDV requires nodes to broadcast route advertisements
periodically. In practice updates are sent in every few seconds.
The advertisement contains the routing table entries of the
advertising node. These entries contain the address of
destination, next hop and hop count to that destination and the
last known sequence number originated by that destination.
When a node receives an advertisement it updates its routing
table on this basis. Routes with greater sequence numbers are
always preferred. If the sequence numbers are equal, a route
with lower hop count is chosen. Note that the receiving node
increases the hop counts in the advertisement since the
destination needs one hop more to be reached. The receiving
node will then subsequently pass this new information forward
within its own route advertisement. When a node detects a link
failure it marks all routes through that link with hop count
equal to infinity (any number beyond allowed maximum) and
assigns sequence number greater than the stored sequence
number for that destination, then broadcasts update
information. That is why nodes detecting failures always
assign odd sequence numbers to these routes. Original
destination originated sequence numbers are even. Since
frequent route advertisements can generate a lot of control
traffic, DSDV introduces two kinds of route update packets.
The first is known as full dump containing all available routing
information and may require several network protocol data
units (NPDUs). Smaller incremental packets are used to
distribute only information that has changed since last full
dump.
B. Dynamic Source Routing (DSR)
DSR [3] is a fully reactive routing protocol. It is a source
routing protocol meaning that a packet carried in the network
contains an ordered list of all nodes through which the packet
must be routed. Nodes in a networks using DSR routing are
required to maintain so called Route Cache where all learned
routes to any given node in the network exist. DSR uses two
basic mechanisms Route Discovery and Route Maintenance.
Route Discovery is initiated by the source node, say S, to
obtain a source route to the destination node, say D. Route
Discovery takes place only when S does not already know a
route to D. The purpose of Route Maintenance is to provide a
mechanism that enables the node S to detect if the network
topology has changed such that the source route to D does not
work anymore. When the node S needs to send packets to the
node D, it obtains a route to D by searching its Route Cache of
previously learned routes. If no route is found, Route
discovery protocol is initiated by broadcasting a ROUTE
REQUEST message. Request messages are identified by
initiator determined request ids. When a node receives a Route
Request message, it returns a ROUTE REPLY message to the
initiator, if it is the target of the request or a node knowing a
valid route to the target. Otherwise if the receiving node has
lately seen a request from the same initiator with the same id
or if its address is already in the route record of the ROUTE
REQUEST packet, it discards the packet. The receiving node
adds it own address to the route record of the request and
broadcasts the request forward. After a successful Route
Discovery process, route record of a ROUTE REQUEST
contains a complete source route from the initiator to the
target. This information is then contained in a ROUTE REPLY
message. DSR supports unidirectional links since the reply is
sent back to the source based on a route in replier’s cache or it
is piggybacked on a Route Request packet for the initiator.
Route Discovery is initiated when a node needs to discover a
route to another node. A Route Request packet is broadcasted.
When a node receives a Route Request it searches its route
cache where all routes are stored. If requested route cannot be
found in the cache, the node adds its address to the sequence
of hops contained in the header of Route Request packet and
broadcasts it again. The request floods through the network
until it reaches the destination node or a node having a valid
route to the destination. The destination node, on receiving
ROUTE REQUEST packet, responds by sending a ROUTE
REPLY packet back to the source node by piggybacking.
Route Maintenance requires that each node ensures that
forwarded packets are received by the next-hop node. In a case
of link breakage a ROUTE ERROR packet is sent back to the
source node which removes broken link from its cache. All
routes are also truncated at that point. The DSR [3] also
specifies a promiscuous mode. In this mode nodes are allowed
to learn routes by overhearing packets not addressed to them.
It means that packets with link level addresses of other nodes
are not filtered. Working in such a mode may cause
unnecessary power consumption.
C. Ad Hoc on Demand Distance Vector (AODV)
AODV [1], combines some properties of both DSR and
DSDV. It uses route discovery process to cope with routes ondemand
basis. However, it adopts DSDV like hop-by-hop
routing tables for maintaining routing information. Hence
AODV is a reactive protocol; it doesn’t need to maintain
routes to nodes that are not communicating. AODV handles
route discovery with Route Request (RREQ) messages. RREQ
message is broadcasted to neighbor nodes. The message floods
through the network until wanted destination or a node
knowing fresh route is reached. Sequence numbers are used to
guarantee loop freedom. The destination node unicasts a Route
Reply (RREP) back to the source node. Nodes transmitting a
RREP message create routing table entries for forward route.
Nodes periodically send HELLO messages to neighbor nodes
for route maintenance. If a node fails to receive three
consecutive HELLO messages from a neighbor, it concludes
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 182

Proceedings of ICCNS 08 , 27-28 September 2008
that link to that specific node is down. A node that detects a
broken link sends a Route Error (RERR) message to any
upstream node. When a node receives a RERR message it will
initiate a new source discovery process.
IV. SIMULATION SETUP AND RESULTS
RFC 2501[4] describes a number of quantitative metrics that
can be used for evaluating the performance of a routing
protocol for mobile wireless ad-hoc networks. In this paper,
we follow the general ideas described in RFC 2501. The
packet delivery ratio and average end-to-end delay are the two
most important parameters for best-effort traffic. The
normalized routing load is used to evaluate the efficiency of
the routing protocol. Finally, the normalized MAC load is a
measure of the effective utilization of the wireless medium for
data traffic.
We present the performance comparison of AODV, DSDV
and DSR. The MAC layer of IEEE 802.11 has been used for
the simulations using NS2 [5] as the simulator.
We had the scenario as:
Fig 4.2
Fig 4.3
Varying the number of nodes and the transmission
power of the node simultaneously at constant
mobility.
Simulations are done for above scenario with the routing
protocols AODV, DSDV and DSR to get 100 trace files. After
analyzing those 100 trace files with corresponding awk scripts
plotting of the graphs is done for the metrics given in (4) with
respect to the variables which are varied for performance
evaluation.
All the simulations are run for 900 seconds (15 min).
Results are shown bellow for the scenario. Figures from 4.1 to
4.10 show the variation of average delay with number of nodes
at different transmission powers. Figures from 4.11 to 4.20
show the variation of normalized routing load with number of
nodes at different transmission powers. Figures from 4.21 to
4.30 show the variation of packet delivery ratio with number
of nodes at different transmission powers.
(i) Average delay variation with Transmission power and
the number of nodes
Fig 4.4
Fig 4.5
Fig 4.1
Fig 4.6
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 183

Proceedings of ICCNS 08 , 27-28 September 2008
(ii) Normalized routing load variation with transmission
power and the number of nodes
Fig 4.7
Fig 4.11
Fig 4.8
Fig 4.12
Fig 4.9
Fig 4.13
Fig 4.14
Fig 4.10
At any transmission power, Delay is decreased when the
number of nodes is increased because of the increase in the
node density. When the transmission power is also increased
simultaneously, then delay is further decreased. This is
because When the transmission power is increased
transmission range increases and with the increase of the
number of nodes node density in each nodes range increases.
But, in DSR the delay is increased at higher transmission
powers and higher the number of nodes; because when the
transmission power is increased the interference increases
hence link failures will increase. Then DSR must choose other
routes, but at higher the number of nodes node density is more,
so Average end to end delay increases.
Fig 4.15
Fig 4.16
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 184

Proceedings of ICCNS 08 , 27-28 September 2008
(iii) Packet delivery ratio variation with transmission
power and the number of nodes
Fig 4.17
Fig 4.21
Fig 4.18
Fig 4.22
Fig 4.19
Fig 4.23
Fig 4.20
Normalized routing load is increased at any transmission
power when the number of nodes is increased in all protocols.
Up to 30 nodes all protocols performs similar. But, after 30
nodes DSR routing load increases more than AODV and
AODV routing load increases more than DSDV at any
transmission power. At 100 nodes, DSR routing load is 70%
more than AODV at lower transmission powers (0.1w to
0.2w), 1.5 times more at transmission powers from 0.3w to
0.9w and 4.3times more at 1.0w. At 100 nodes AODV routing
load is 2 times more than DSDV almost at all transmission
powers.
When the number of nodes increases node density increases,
control packet size also increases in DSR and with
transmission power link failures will increase then
automatically routing load increases. This increase is more
than AODV and DSDV, because no intermediate node
participates in routing in DSR. AODV delay is more than
DSDV when the number of nodes increases at any
transmission power because AODV needs to use more Hello
packets.
Fig 4.24
Fig 4.25
Fig 4.26
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 185

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE I shows the percentage of decrease in PDR for all
protocols. At lower transmission powers (0.1w to 0.4w) PDR
decreases up to 70 nodes, and then it is stabilized. At middle
transmission powers (0.6w) PDR decreases up to 50 nodes,
after it is stabilized. At higher transmission powers (0.6w to
1.0w) PDR decreases up to 30 nodes, after it is stabilized.DSR
performs 6% better than DSDV and AODV in terms of PDR.
Fig 4.27
Fig 4.28
V. CONCLUSIONS
Each of the protocols studied performs well in some cases yet
has certain drawbacks in other cases. Average delay of AODV
and DSDV decreased with the increase in Number of nodes
and transmission power. But, at higher number of nodes and
higher transmission powers, Average delay increased in DSR.
At lower transmission powers a significant fraction of data
packets were dropped when the number of nodes is 70. At
higher transmission powers a significant fraction of data
packets were dropped when the number of nodes is 30. DSR
performs 6% better than DSDV and AODV in terms of PDR.
The performance of DSR is very good at all transmission
powers and nodes, although its use of source routing increases
the number of routing overhead bytes required by the protocol.
AODV performs almost as well as DSDV at all transmission
powers and nodes, but it still requires the transmission of many
routing overhead packets and at high transmission powers.
VI. REFERENCES
Fig 4.29
Fig 4.30
When the number of nodes increases Packet delivery ratio
decreases because probability of packet loss increases due to
increasing the node density. But when the transmission power
is also increased then the PDR decreases quickly because of
interference.
TABLE I
Transmission
power(watts)
Stabilization
point(nodes)
% decrease
In PDR
0.1 70 58.64
0.2 70 61.21
0.3 70 64.48
0.4 70 64.86
0.5 60 59.63
0.6 30 56.82
0.7 30 56.8
0.8 30 55.6
0.9 30 56.8
1.0 30 57.8
[1] Charles E. Perkins, Elizabeth M. Royer, and Samir R. Das, “Ad hoc ondemand
distance vector (AODV) routing.” IETF INTERNET DRAFT,
MANET working group, July 2003 http://www.ietf.org/rfc/rfc3561.txt
[2] Charles E. Perkins, Pravin Bhagwat. Highly Dynamic Destination-
Sequenced Distance-Vector Routing (DSDV) for Mobile Computers. In
Proceedings of the SIGCOMM ’94 August 1994.
http://people.nokia.net/charliep/txt/sigcomm94/paper.pscited 1.03.2004.
[3] David B. Johnson, David A. Maltz, Yih-Chun Hu.The Dynamic Source
Routing Protocol for Mobile Ad Hoc Networks (DSR). Internet Draft,
IETF MANET Working Group, April 2003. http://www-2.cs.cmu.edu/
dmaltz/internet-drafts/draft-ietf-manet dsr- 09.txt cited 08.03.2004
[4] S. Corson, J. Macker. MANET: Routing Protocol Performance Issues
and Evaluation considerations. RFC 2501, IETF Network Working
Group, January1999. http://www.ietf.org/rfc/rfc2501.txt cited
15.02.2004.
[5] Ns2’s web page is at http://www.isi.edu/nsnam/ns.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 186

Mutually Exclusive Determination of Shortest
Path in Mobile Ad-Hoc Networks – A Tree
Based Approach
Sanket Sarang
A.C. Patil College of Enggineering, Univ. of Mumbai, Mumbai, India
sarang.sanket@gmail.com
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract— Communication in an Ad-hoc network involves the
problem of finding the shortest path. In continuous network topology
changing scenarios, it is important that a particular device on the
network is capable of finding the shortest path to the desired
destination for exchange of messages in order to increase the
communication efficiency and reliability. In dynamic networks,
communication over the shortest path or precisely the path with a
least number of hops is most desired and may be considered to be the
most reliable. We present an algorithm in this paper to find the
shortest path for sending a message on a Mobile Ad-Hoc network
with dynamically changing network topology.
Keywords-Algorithm, Network Tree Generation, Ad-Hoc
Mobile Networks, Path Optimization
I. INTRODUCTION
Mobile wireless Ad-Hoc networks are classified into a
category of networks that do not involve routers. The message
passing takes place directly between the peers, also termed as
nodes, without the intermediate routers. The messages hop
from one node to another until they reach their desired
destinations. The communication channel between the nodes
is wireless. Because of a limited range of wireless
communication of each node, it is often required that a
message once sent, hops several times from one node to
another before reaching its destination. The message hopping
is done in dynamic network topologies and often is the case
that the message needs to pass through a large number of
nodes, before reaching the destination node. The number of
hops is correlated to the efficiency of message transfer and is
a Quality of Service (QoS) measure. Less number of hops
ensures less propagation delay, reduction in network traffic,
and more reliability of successful message transfer.
The problem of finding the shortest path for communication
over the network is worsened by the absence of routers and
the presence of a dynamically changing network topology.
The solution to the problem involves dynamically recording
the network topology, and taking real time decisions. It should
however be noted that for a message to follow the shortest
path, the sender must have knowledge of the shortest path,
before the message is sent. The first hop should be to the node
which is on the shortest path and not to any other node.
Ensuring this condition becomes difficult when the sender
does not have any direct communication with the receiver or
is unaware of the number of nodes in between him and the
receiver. This paper proposes a solution for finding the
network topology at real time and then proceeds on to finding
the shortest path for transfer of messages. At the end we also
discuss how this system meets some of the QoS standards.
We have developed a network tree generation algorithm,
which generates a network tree 0 of the shortest path. The
algorithm generates the network tree with respect to a given
node. The generated tree contains only a singular occurrence
of each node. Our algorithm is different, in the sense that it
generates a tree of the shortest paths. In our algorithm,
multiple paths [1] to reach a particular node are avoided, and
in a tree, there is one and only one path available for the
transfer of messages and this path is the shortest. Our
algorithm also handles situations of nodes refusing to take part
in the communication process, which are not considered in
other algorithms 0[3].
II. NETWORK TOPOLOGY
We assume the following characteristics for a mobile
wireless network on which we propose our algorithm.
A. The network contains no routers:
This means that there are no routers present in the network,
or rather there is no communication guide which keeps track
of the path to be followed to the destination.
B. All communication over the network takes place over
wireless channel:
Communication over the network happens through a
wireless channel, which is totally unguided. A particular node
can communicate only with nodes within its range. If it wishes
to communicate with a node which is not within its direct
range, then it must be able to detect if the desired node is
within range of any of the nodes in the network, and if so
what is the shortest path for communication.
C. The peers (nodes) in the network change places
dynamically:
All the nodes in the network change their position
dynamically within the network. The list of nodes in range
with a particular node changes continuously, as the nodes
change their positions.
D. Any peer may leave the network or enter the network
dynamically:
Any node of the network may decide to leave the network
or a new node may decide to enter the network dynamically
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 187

Proceedings of ICCNS 08 , 27-28 September 2008
without any prior notice. A node may leave the network
without completing its assigned task, or without forwarding a
received message.
3
1
E. Message forwarding is a request and not an
enforcement or order:
Any of the nodes of the network may refuse to forward a
message. Once the node receives a request for forward of
message, it may reply back a ‘reject’ or simply accept the
message without any further acknowledgement. Once the
message is accepted, the node must make an attempt to
transfer the message to the other nodes. However a failure of
the node as a whole, or loss of connection of the node from
the network without any prior notice is permitted.
F. Every node has a unique identity:
Every node of the network must have a unique identity
which never changes. The unique identity can be in the form
of a phone number in case of a Bluetooth Ad-Hoc network of
mobile phones. A particular node in the network is detected
and located by its unique identity [4].
G. Every message has a unique message ID:
Every message which is sent over the network must have a
unique message ID. The message ID is used for locating the
message, and detecting multiple receptions of the same
message. The message ID must be a combination of the
node’s unique ID and a serial number which is never repeated
by the sending node for any new message.
H. There is an Hand-off between nodes:
This means that when a node changes its position and
breaks a connection with one of the nodes and establishes a
connection with other nodes, there is a smooth hand-off [5]
from one node to another i.e. at all times during the shift, the
node is still within the network and there is no instance during
the shift wherein the node is inaccessible. Although this
condition is not necessary for the proper functioning of the
algorithm, the efficiency of the algorithm is highly increased
if this condition is satisfied.
Throughout the paper it is assumed that the network strictly
adheres to the above mentioned rules. The following
algorithm works best in network scenarios congruent to the
above mentioned characteristics.
III. ALGORITHM
In order to send a message we start by first creating a list of
the nodes present on the network. To find the nodes present
on the network, each node first makes a list of all the nodes
present within its direct range. This list is made public and
shared amongst all other nodes on the network. Consider the
network topology at any given instance for a 4 node network
as shown in Fig. 1.
4
Fig. 1 An example of a 4 node network
It can be seen from Fig. 1 that node 1 is having nodes 3 and
2 in its vicinity; node 2 is having nodes 3 and 1 in its vicinity;
node 3 is having nodes 1, 2 and 4 in its vicinity; while node 4
is having only node 3 in its vicinity. The bi-directional arrows
indicate that the two nodes linked by the arrow can directly
communicate with each other, and that both the nodes are in
wireless range of each other. In the figure it can be observed
that nodes 1, 2 and3 can directly communicate with each
other, but if node 1 and 4 want to communicate with each
other, then they must send their messages through node 3,
which is the shortest path.
The primary problem in this situation is node 1 detecting
that node 4 is within the network and that communication with
node 4 is possible via some of the nodes present in the
network. As node 4 is not located within the wireless range of
node 1 and node 2, the two nodes will be able to detect that
node 4 is a member of the network only if node 3 informs
them about the presence of node 4 within its range. The
solution to the problem can be obtained, if each node
maintains a list of all the nodes present in its network, and
shares the list amongst all the members in the network. The
list which is maintained by each node is depicted in tabular
form in table 1.
Node Number or Node ID
TABLE I
A map of neighboring nodes
1 2, 3
2 1, 3
3 1, 2, 4
4 3
List maintained by each node
From table 1, it can be seen that nodes 1 and 2, which have
node 3 in their lists, will know about node 4’s presence in the
network upon viewing the list of node 3. Similarly node 4 will
be informed about the presence of node 1 and node 2 upon
viewing the list of node 3.
Now consider that node 1 moves farther away from the
network and the new topology now becomes as depicted in
Fig. 2.
4
3
2
2
1
Fig. 2 After node 1 has moved
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 188

Proceedings of ICCNS 08 , 27-28 September 2008
For the network shown in Fig. 2 the list which will be
maintained by each node is shown in table 2.
Node Number or Node ID
TABLE II
A new map after topology changes
1 2
2 1, 3
3 2, 4
4 3
List maintained by each node
In this case, it can be observed that node 4 will not know of
node 1, as node 1 is not present in the list of node 3, and
similarly node 1 will not know of node 4, as node 4 is not
present in the list of node 2. This means that just maintaining
the list of the members in vicinity is not sufficient. The
solution to this problem can be obtained by maintaining a tree
of the nodes in network; wherein the level of a node in the tree
is decided upon the number of hops required to reach that
node. The tree is produced by iterating through all the node
numbers until the time that none of the nodes in the list is
remaining. The tree maintained by each node, corresponding
to the network topology depicted in Fig. 2, is shown in Fig. 3.
1
2
3
4
3
2 4
1
Fig. 3 Node topology tree for each node in the network
Each node creates its own tree. This means that to each node
the network topology appears to be the tree contained by the
node. In this manner a list of the entire network can be
maintained separately by each node.
The tree in each case will actually depict the shortest path
between the parent node and the node to which the message is
to be sent. For this purpose, we will have to construct the tree
in a specific manner. The rules for constructing the tree are
stated below:
1. The node which is creating the tree becomes the parent of
the tree.
2
1 3
4
4
3
2
1
2. All the nodes which are in the range of the parent node
must be drawn as parallel branches as its children.
3. The tree for each child is constructed recursively until the
leaf node is reached.
4. During recursive tree generation if a particular node is
found to be present in the tree of the parent node which is
constructing the tree, then that particular common node
must be ignored and must not be added into the tree again.
5. Performing the above steps repetitively will generate a
tree which holds the shortest path between the parent node
and any other node in the tree.
The above mentioned rules are explained in the form of an
algorithm in Listing 1.
Listing 1: Algorithm for creating a tree of the shortest paths for a
particular node
Make ‘self node’ as the parent node of the
tree
child = parent node;
while(child != null){
NodeList = getNodeList(Node);
For i=0 to length of NodeList
{
If(!isPresentInTree(NodeList[i]))
addNode(NodeList[i]);
}
}
In Listing 1, the function getNodeList(Node) returns a list
of the nodes contained by the node passed as parameter. The
parameter passed is the unique identity of the node, from
which the list is obtained. Communication with the nodes in
order to retrieve their network list must be done by passing the
message on a path defined by the unfinished tree. The
isPresentInTree(Node) function checks if the node having the
node ID, passed as parameter, is present in the tree or not. It
returns true if the node is present in the tree and returns false
otherwise. The addNode(Node) function adds the node, whose
unique identity is passed as parameter, to the tree. The node is
added in the tree under the node defined by the variable
‘child’.
4
Fig. 4 A more complex network
3
2
By following the steps of the above mentioned algorithm, it
is possible to create a tree of the shortest paths. The tree for a
complex network as shown in Fig. 4 for the node 1 of the
network is shown in Fig. 5.
5
1
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 189

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 5 Network tree created by node 1
It may be noted that in Fig. 4, for communication between
nodes 1and 3, a path via the node 5 is of the same length as
the path via node 2. In the tree we do not maintain multiple
paths to a particular node, but maintain only a single path to a
particular node. Hence either a path via node 2 or a path via
node 5 must be considered, and not both. In Fig. 5 a path via
node 2 is considered.
If the tree shown in Fig. 5 is observed carefully then it can
be seen that there is one and only one path for communication
between node 1 and any other node, and this path is the
shortest path for communication. Hence by the use of the
above mentioned algorithm we have been able to search for
the shortest path for communication between a given node and
any other node in the network.
IV. COMMUNICATION BETWEEN NODES
Once the shortest path is found, the message passing along
the found path can be considered. For sending the message,
the sender sends the message to the node which is first in the
list of the nodes to the shortest path. The sender along with the
message sends the unique identity of the receiver of the
message, and also its own identity. The information about the
path to be followed is not passed along with the message.
Each intermediate node determines the shortest path for the
transfer of message by using its own tree. To understand this
better, let us consider an example in which node 1 of Fig. 4
sends a message to node 3. We will track the path of the
message right from node 1 to node 3. The shortest path for the
transfer of message will be the path form node 1 to node 2 and
then node 2 to node 3. To start the message transfer, node 1
communicates with node 2 and sends the message to node 2,
along with the unique identity of the receiver of the message
and the creator of the message. Once node 2 has accepted the
request and has received the message, the node 2 uses its own
tree to find the shortest path for sending the message and
forwards the message to node 3. Node 3 accepts the message
and sends back a ‘received’ reply to the creator of the message
along the shortest path in accordance to its own tree.
In this manner the message can be sent from the creator to
the receiver, and vice-a-versa, along the shortest path even if
the network topology changes during the transfer, as each
node forwards the message along the shortest path with
respect to its own position at any given instance of time.
Now consider the situation when one of the intermediate
nodes refuses to forward the message. Consider the same
example as above, in which node 1 intends to send a message
1
2 5
4 3
to node 3 and node 2 refuses to forward the message. When
node 1 sends a request to node 2 for the message forward,
node 2 replies back with reject. Now node 1 has no possible
path for sending the message to node 3, so it starts making a
new temporary tree for this message. The tree is made by
using the same algorithm, but with certain modifications.
Whenever node 2 is found in the process of creation of the
tree, it is ignored without any consideration, and a new tree is
made which does not contain node 2 and possibly all those
nodes which are having a connection solely with node 2 and
no other node. After the new tree is created if the destination
node is found in the new tree, then communication is possible
and if the destination node is not present then communication
will not be possible. The newly created tree would appear as
shown in Fig. 6.
Fig. 6 Modified Path
Hence the new shortest path is from node 1 to node 5 and
then from node 5 to node 3 and eventually to node 4. This tree
is maintained only temporarily for the current message. For
any new message, the main tree is tried first before creating a
new temporary tree.
If at any point in between the communication a particular
node refuses to forward the message, and the new tree formed
does not contain the destination node, then the node under
consideration destroys the message and sends back a ‘fail’
reply to the creator of the message along the shortest path by
using its main tree and not the temporary tree. A temporary
tree may also be created for sending back any message of
failure or success, and if in such a temporary tree, the node
which is the creator of the original message is not present,
then, the node under consideration may just destroy the status
message without any further considerations. In order to ensure
successful communication, if a ‘received’ reply
(acknowledgement) is not received by the creator of the
message in a particular interval of time, then the creator may
resend the message. The resent message must contain the
same message ID as the previous send in order to avoid
duplication of messages. If any node receives two messages
with the same message ID, then the node processes any one of
the messages and not both. The amount of time to wait for an
acknowledgement to be received, before resending the
message, must be decided by the creator of the message.
Until now we have not considered a situation in which a
forwarding node fails or abruptly leaves the network without
forwarding the received message. If such a case does occur
then the message is lost in between, and the sender would
1
5
3
4
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 190

Proceedings of ICCNS 08 , 27-28 September 2008
have no choice but to wait for the timeout of message delivery
before making another attempt for the message delivery.
Mitigating against network failures [6] is not within the scope
of this paper and methods of fault tolerance when a particular
node fails or malfunctions are not discussed.
V. QUALITY OF SERVICE
The algorithm discussed above is capable of finding the
shortest path for transfer of messages from one node to
another. Sending messages along the shortest path ensures less
network traffic, hence avoiding network congestion. The time
taken for the message transfer is greatly reduced, hence
offering a better service [7] to the users of the network. The
algorithm does not impose any restrictions on the functioning
of the nodes and each node may function as desired. A node
may choose to stay inactive by not forwarding messages,
without causing any effect to the other nodes in the network.
The algorithm proposes a solution to a more general and
realistic network situation, offering satisfactory service to
each node, without imposing any restrictions on the peer
nodes.
VI. CONCLUSION
The algorithm has been explained by taking certain
examples, which are specific to certain conditions occurring in
the network. But in real life situations the actual network
topology may be very complex, and node positions may be
fast changing. Even in a highly volatile situation we claim that
our algorithm should work as desired without any failure. The
only assumption is that each node is able to generate the
network tree faster than the network topology changes. As the
algorithm does not require a strict path, and the shortest path
is decided by each node individually at real time, the
algorithm will be able to produce satisfactory results even in
networks having a high churn rate. As the algorithm sends the
message along the shortest path, chances of network failure or
node failures in the course of the message transfer are highly
reduced, thereby ensuring a more reliable way of
communication between nodes. Our algorithm provides a
better solution for network routing than the Dynamic Virtual
Backbone [8] type of routing.
REFERENCES
[1] Aleksi Penttinen, ”Efficient multicast tree algorithm for ad hoc
networks”, Proceedings of the 1st IEEE <strong>International</strong> <strong>Conference</strong> on
Mobile Ad-hoc and Sensor Systems (MASS 2004),
http://lib.tkk.fi/Diss/2006/isbn951228331X/article2.pdf, 2004
[2] Aleksi Penttinen, “Minimum cost multicast tree in ad hoc networks”,
Proceedings of the 2006 IEEE <strong>International</strong> <strong>Conference</strong> on
Communications (ICC 2006), http://lib.tkk.fi/Diss/2006
/isbn951228331X/article1.pdf, 2006
[3] S. Ramanathan, “Multicast Tree Generation in Networks with
Asymmetric Links”, IEEE/ACM Transactions on Networking Vol 4, No
4, http://www.ir.bbn.com/~ramanath/pdf/multicast-ton.pdf, 1996
[4] Namhoon Kim, Saehoon Kang, Younghee Lee, and Ben Lee, “Name
based Autoconfiguration for Mobile Ad Hoc Networks”, ETRI Journal,
Volume 28, Number 2,
http://folk.uio.no/paalee/referencing_publications/ref-nr-kim-etrij06.pdf,
2006
[5] Yair Amir, Claudiu Danilov, Michael Hilsdale, Raluca
Mus_aloiu-Elefteri, Nilo Rivera, “Fast Handoff for Seamless Wireless
Mesh Networks”, MobiSys'06, Uppsala, Sweden
http://www.cs.toronto.edu/~delara/courses/csc2228/papers/fasthandoff.p
df, 2006
[6] Farinaz Koushanfar, Miodrag Potkonjak and Alberto Sangiovanni-
Vincentelli, “Fault Tolerance Techniques for Wireless Ad Hoc Sensor
Networks”,
http://www.ece.mtu.edu/ee/faculty/mishra/Research/ReliableSensor/FT_
technique.pdf
[7] “Quality of Service in Ad Hoc Networks by Priority Queuing”,
http://www.diva-portal.org/diva/getDocumenturn_nbn_se_liu_diva-
1638-1__fulltext.pdf, 2003
[8] Ben Liang, and Zygmunt J. Haas,” Hybrid Routing in Ad Hoc Networks
with a Dynamic Virtual Backbone”, IEEE Transactions on Wireless
Communications Vol 5 No 6, 200
VII. FURTHER WORK
The algorithm needs to be implemented and tested
practically or under simulation. The efficiency of the stated
algorithm may be drastically decreased in networks wherein
nodes, leave and enter the network quiet frequently. Although
the algorithm may be able to function in networks wherein the
nodes change positions continuously, the algorithm may fail in
networks wherein nodes join and leave the network
frequently. The algorithm has not been tested in real life
situations, and hence it must be simulated and the results
compared with the other existing network path minimization
algorithms.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 191

Proceedings of ICCNS 08 , 27-28 September 2008
OPTIMIZED FTP SYSTEM
1. Mr. Patil S.H., 2. Mr. Khadtare M., 3 Ms.Ursal S.U., 4 Mr. Mahajan S.A
1 B.V.D.U.College Of Engg. Computer Dept.Pune.
2. IIT , Guwahati, 3 College Of Engineering,Hadpsar,Pune.
Email: sa_mahajan@yahoo.com , suhas_patil@yahoo.com, maheshkha@gmail.com,
sarikaursal@gmail.com
ABSTRACT
FTP is file transfer protocol is basically to transfer for large
volumes of data. Implementations of it can be widely
deployed and can be used on well-connected network
because of its ability to scale to network speeds. We propose
the optimization technique to improve the performance of
FTP[1], measured performance using the various profilers.
This Profile data is valuable for identifying performance
bottlenecks and guiding optimizations .The FTP ported on
various hardware platforms such as P-III, P-IV with MMX,
SIMD architecture based. We have use deoxygen/ system
clock (gettime()) tool techniques for gathering and
manipulating profile information at varying degrees of
precision, particularly in the presence of various
optimizations techniques such as inlining, c level
optimization, loop unrolling, intrinsic, utilization of pipeline
stage for processors with compiler level coding. We found
that with various levels of optimization stages we achieve
that data memory and program memory saving with effect of
60% of actual size not affect the actual performance. As
FTP contains the compute intensive modules such as
communicating protocol as ISO-OSI[2] layer to transfer data
it affects the bandwidth and processing speed of CPU core.
This method gives us performance nearer to GridFTP high
performance computing model (Note: GridFTP used mostly
HPC processor to measure its work[3]).
Index Terms
Data transfer, small files, FTP, profilers, Secure data
transfer, Parallel streams.
1. INTRODUCTION
Sharing of information is essential for organizations
today. Internet serves this purpose because it has the
ability to move files. FTP is a well known protocol used
for uploading and downloading files from Internet. But
as defined in RFC-959 [1][4]minimum FTP
implementation does not support various essential
features. Through this paper we show results which can
make the FTP fast and efficient through optimization .
The protocol is optimized to transfer large volumes of
data commonly found in grid applications which can
varies from kilobytes to hundreds of megabytes. Given
the high-speed networks commonly found in modern
grid environments, datasets less than 100 MB are too
small for the underlying protocols like TCP to utilize the
maximum capacity of the network. Therefore, FTP[5]
and most bulk data transfer protocols experiences the
highest levels of throughput when transferring large
volumes of data.
The typical quality of service requirements i.e. transfer
delay, throughput rates for high speed protocols impose
strong performance requirements on high speed protocol
implementations. As the throughput of the networks has
increased much faster than the processing power of
processors these requirements can only be satisfied by
efficient processing of protocol data by the involved
protocol machines. Different approaches to improve the
performance of communication protocols have been
proposed .It could be done by the improvements by
changes to the protocol mechanisms and hardware
implementation of protocol functions and by
parallelizing the implementation of communication
protocols. These papers suggests to optimize the FTP
protocol functions over multiple processors like P-III
and P-IV with either dedicated or general purpose
functionality, thus an SIMD parallelization. We will
focus on this parallelization approach in this paper.
Periodic sampling of a processor's performance
monitoring hardware is an effective, unobtrusive way to
obtain detailed profiles. Unfortunately, existing
hardware simply counts events, such as cache misses
and branch mispredictions, and cannot accurately
attribute these events to instructions, especially on outof-order
machines. We propose an alternative approach,
with deoxygen tool, that samples instructions. As a
sampled instruction moves through the processor
pipeline, a detailed record of all interesting events and
pipeline stage latencies is collected.
Our optimization will support paired sampling, which
captures information about the interactions between
concurrent instructions, revealing information about
useful concurrency and the utilization of various
pipeline stages while an instruction is in flight. We
describe an inexpensive software implementation of our
optimization technique, outline a variety of software
optimization techniques to extract useful profile
information from the hardware. This information can
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 192

Proceedings of ICCNS 08 , 27-28 September 2008
provide valuable feedback for optimization of FTP. We
had carried out work on P-IV with 3.00Hz
@2.99GHz,248MB RAM, P-IV 2.66 GHz @2.67GHz
and P-III x-86 family,533 MHz,127 MB RAM.
E-mail
FTP
Application
Protocols
TCP
UDP
Transport
2. RELATED WORK
IP
Internet
Users often tar into a single file all of the files they
plan to send and then transfer that single file. This
process requires additional CPU time and disk space.
The Grid FTP Pipelining taken by[3] is for the Grid
environments. We had worked on similar lines but by
using various profiling techniques and the machines of
Pentium level which are used in large scale. With this we
had optimize the performance of our FTP.This allows us
for many file transfers to occur at the same time. With
this approach we could perform many transfers
concurrently, giving the appearance of a single large file
transfer. The approach we present here has the
significant potential.
3. Network protocol issues
Transfer of data can be done with either TCP or UDP
depending on the need and application. We choose TCP
over UDP due to various reasons. The reasons are TCP
provides full featured protocol that allows applications to
send data reliably without worrying about network layer
issues, is a connection oriented protocol, reliable
delivery, more scalable and adapts to growing as well as
congested networks, it can send about 8-12 segments at a
time before waiting for an acknowledgement instead of
UDP sending 1 segment then waiting for an ACK has an
effect on the performance. So the standard protocol for
network data transfer remains TCP. FTP is a file transfer
system, is part of TCP/IP suite[6][7][8]. However, TCP’s
congestion avoidance algorithm can lead to poor
performance, particularly in default configurations and
on paths with high round trip times. Solutions to this
problem include careful tuning of TCP parameters, TCP
protocol improvements, multiple “parallel” TCP
connections , and the substitution of alternative protocols
FTP is a widely implemented and well understood
standard protocol with a large base of code and expertise
from which to build. Secondly, FTP provides a welldefined
architecture for protocol extensions and supports
dynamic discovery of the extensions supported by a
particular implementation. Apart from the common
design objectives of the FTP importantly, RFC959 also
notes that FTP, whilst being directly usable by the user,
is designed mainly for use within programs, i.e. a
program provides an easy interface through which the
FTP protocol may be used .
Networks
Fig 1.
FTP[9] maintains the same command/response
semantics introduced by RFC959. It also maintains
the two-channel protocol semantics. One channel is
for control messaging (the control channel) such as
requesting what files to transfer, and the other is for
streaming the data pay load (the data channel). These
protocol details have interesting effects on the
optimization problem. In FTP Access control is normally
accomplished by associating a number of access flags
with each file and directory(e.g. a read-only flag).How
this is done is OS specific.
Three groups of access flags are provided: for user,
their workgroup and then general access. Three flags are
included within each group: one for read access, another
for write access, and a third for execute privileges.
File
Syste
m
Server
Protocol
Interpreter
Server
Data
Transfer
FTP
ARPANE
Fig 2.
Commands
&Replies
Data
Connection
SATNET
User
Interface
User
Protocol
Interpreter
User
Data
Transfer
FTP Client
LANs
User
File
system
The FTP comprises three logically distinct components:
client and server protocol interpreters (PIs), which
handle the control channel protocol (these two functions
are distinct because the protocol exchange is
asymmetric), and the data transfer process (DTP), which
handles the accessing of the actual data and its
movement via the data channel protocol. These
components can be combined in various ways to create
servers with different capabilities. For example,
combining the server PI and DTP components in one
process creates a conventional FTP server, while a
striped server might use one server PI on the head node
of a cluster and a DTP on all other nodes.
4. Channel Establishment
4.1 File Transfers
FTP servers listen on a well-known and published port
for client control channel connections. Once a client
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 193

Proceedings of ICCNS 08 , 27-28 September 2008
successfully forms a control channel with a server (this
often involves authentication and authorization), it can
begin sending commands to the server. In order to
transfer a file, the client must first establish a data
channel. This involves sending the server a series of
commands on the control channel describing attributes of
the desired data channel such as: what protocol to use,
binary or ASCII data, passive or active connection, and
various protocol specific attributes. Once these
commands are successfully sent, a client can request a
file transfer.
At this point a separate data channel connection is
formed using all of the agreed upon attributes and the
requested file is sent across it. In standard FTP the data
channel can be used only to transfer one file. Future
transfers must again go through the process of setting up
a new data channel. Through our program FTP modified
this part of the protocol to allow many files to be
transferred across a single data channel.
With FTP we had tried for all of the messaging to
establish a data channel is done once; the data channel
connection is formed just once, and the client can request
several file transfers using that same data channel. This
enhancement is called as data channel caching.
File Request 1
Data1
File Request 2
Data 2
File Request 3
Data3
Fig 3.
Ack1
Ack2
Ack3
File transfer requests are done with the RETR (send) or
STOR (receive) command. A client sends one of these
commands to the server across the control channel. Data
then begins to flow between the client and server over
the data channel. Once all of the data has been
transferred, a “Transfer Complete” acknowledgment
message is sent from the server to the client on the
control channel. Only when this acknowledgment is
received can the client request another transfer. This
interaction is shown in Figure 4. As the figure shows,
there is an entire round-trip time on the control channel
between transfers where the data channel must be idle.
Before issuing the next transfer command the client must
first receive the transfer completion acknowledgment,
which is one trip across the network. After receiving the
acknowledgment, the client sends the transfer command
immediately. However, the server does not immediately
receive it. The message must cross the network before
the server will begin sending data. This process involves
another trip across the network. Assuming we have the
FTP data channel caching enabled, we do not have to
worry about the latencies involved with establishing the
data channel. If we do not have it enabled, the delay is
significantly longer.
File Request 1
File Request 2
File Request 3
Fig 4.
Data1
Data 2
Data3
Ack1
Ack2
Ack3
During this time the data channel is idle. The latency
between transfers adds to the overall transfer time and
thus detracts from the overall throughput. The problem
can have high implications when communicating over
high latency networks where the RTT is very high.
While the idle data channel time is a problem, there is a
far greater problem that it causes.
TCP is a window-based protocol. For it to achieve
maximum efficiency, the window size of allowed
unacknowledged bytes must grow to the bandwidth
delay product. Various algorithms in the TCP protocol
decide to increase or decrease the window size based on
observed events . If a connection is idle for longer than
one RTT, the window size gets reduced to zero; and once
it is used again, it must go through TCP slow start
When transferring a series of files, the data channel
is idle for a control channel RTT in between transfers. If
the control channel RTT and the data channel RTT are
similar, it is likely that data channel TCP connections
will have entire closed windows by the time the next
transfer begins. When the amount of data sent in each
file is small, the ratio of idle data channel time to transfer
time becomes higher and affects the throughput.
Additionally, small files may not be transferred long
enough to traverse the slow-start algorithm and bring
TCP to full throttle. Thus, even when data is being
transferred, it is not moving at full speed.
5. PROFILING
Given the relatively large number of highperformance
transfer tools, the question about the
effectiveness of each of them arises naturally. However,
although prototypes of many of the systems have been
around for a while, an experimental comparison is still
lacking in the literature. This paper aims at filling this
gap by presenting the results we collected by performing
data transfer experiments, among machines which are
pentium compatible, using some of the tools mentioned
here. We tried to answer the following questions,
1. Need of profiling
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 194

Proceedings of ICCNS 08 , 27-28 September 2008
The first stage of any optimization process is to identify
the critical routines and measure their current
performance. A profiler is a tool that measures the
proportion of time or processing cycles spent in each
subroutine. We use a profiler to identify the most critical
routines. A cycle counter measures the number of cycles
taken by a specific routine. We had measure our success
by using a cycle counter to benchmark a given
subroutine before and after an optimization.
Profilers [10]use a wide variety of techniques to collect
data, including hardware interrupts, code
instrumentation, operating system hooks, and
performance counters. The usage of profilers is called
out in the performance engineering process.
2. Improvement in the optimization [10]
1) Space optimizations - Reduces the size of the
executable/object.
1) Constant pooling
2) Dead-code elimination.
2) Speed optimizations .Most optimizations belong to
this category. There are important optimizations not
covered above, e.g. the various
loop transformations:
1) Loop unrolling - Full or partial transformation of a
loop into straight code. Eliminating the loop and writing
code separately for each loop index
Significantly increases speed .
for (int x = 0; x < 100; x++)
{
delete(x);
}
If this part of the program is to be optimized, and the
overhead of the loop requires significant resources, loop
unwinding can be used to speed it up. This will result in
an optimized code fragment like:
for (int x = 0; x < 100; x += 5)
{
delete(x);
delete(x+1);
delete(x+2);
delete(x+3);
delete(x+4);
}
2) Loop blocking (tiling) - Minimizes cache misses by
replacing each array processing loop into two loops,
dividing the "iteration space" into smaller "blocks".
3) Loop interchange - Change the nesting order of loops,
may make it possible to perform other transformations.
4) Loop distribution - Replace a loop by two (or
more)equivalent loops.
5) Loop fusion - Make one loop out of two (or more)
equivalent loops.
6) inlining- This is an efficient language-independent
optimization technique. Done manually, it makes our
program look horrible, but many compilers can perform
it automatically. Note that this technique enlarges the
size of the executable. It is effective on highly pipelined
CPUs.
3. Optimizing the code and program memory with c
level techniques
In general design changes tend to affect performance
more than "code tweaking".
Here we had attempted simple mathematical analysis.
We calculate the approximate running time of our
algorithm (i.e., calculate its "O") [12]taking all
bottlenecks into account like is it optimal can we prove
it can we justify up our algorithmic design with
theoretically known results
The following is a piece of code that shows the
optimization of code process,
Ex-1Before:
for(i=0;i

Proceedings of ICCNS 08 , 27-28 September 2008
1
2
3
Fetch decode execute
Fetch decode execute
Fetch decode execute
Fig 5.
time
As we are porting our FTP on P-III and P-IV machines
,we had used this pipeline info to achieve desired
performance. We also used the info of SIMD
implementation to reduce the iterations through loop
unrolling and deoxygen tool[11].The SIMD concept is a
method of improving performance in applications where
highly repetitive operations need to be performed.
Simply put, SIMD[11] is a technique of performing
the same operation, be it arithmetic or otherwise, on
multiple pieces of data simultaneously.
Ideally, to increase performance, the number of
iterations of a loop needs to be reduced. Once method of
reducing iterations is known as loop unrolling. This takes
the single operation that was being performed in the
loop, and carries it out multiple times in each iteration.
For example, if a loop was previously performing a
single operation and taking 10,000 iterations, its
efficiency could be improved by performing this
operation 4 times in each loop and only having 2500
iterations.
The SIMD concept takes loop unrolling one step
further by incorporating the multiple actions in each loop
iteration, and performing them simultaneously. With
SIMD, not only can the number of loop iterations be
reduced, but also the multiple operations that are
required can be reduced to a single, optimized action.
6. IMPLEMENTATION
Two important questions to ask when tuning software
are: (1) how to identify what code to focus on, and (2)
how to estimate the benefit of recoding, and/or recompiling
with an optimized compiler A beneficial
approach for getting answers to these questions is to sort
the execution times of a given workload into sections
according to the amount of time spent in each section of
the executed code. By focusing on small sections of code
that consume greater proportion of execution time and
using an accurate tool for measuring performance
improvement, the challenge of estimating the reward of
optimizing an application becomes easier. Combined
with an accurate tool for estimating likely application
performance gain for each coding situations, this can
ensure software tuning effort is focused on the primary
coding issues.
characteristics of the application, implementation details
of the re-coding effort, hardware and software
configurations, etc. The approximate ranges of likely
performance gains are based on a comparison of
performance results between a typical Pentium 4
processor platform relative to a typical Pentium III
processor platform, with similar hardware configurations
and with the frequency of the Pentium 4 processor
running at approximately 1.5X higher than that of the
Pentium III processor.
The profiler tool[13][14] used here is useful for
identifying critical code paths and performance
bottlenecks. For example, it can be used to sample and
compare performance data when the application to be
optimized is run on two different target processors; for
example, a Pentium 4 processor running at 1.5 GHz and
a Pentium III processor running at 1 GHz. This
performance data from the two targets can be sorted and
displayed at different scopes ranging from modules to
functions, to assembly code. This capability allows us to
identify individual modules, and individual functions as
“hot spots”. We had carried out work on two P-IV
machine and one P-III machine. The following table
shows the results with general category and warning
levels rangining from o1 to o4 optimization. The
complier speed varies from default to the maximum
speed. The original exe file size is 404 KB and the final
size after implementation is 340 KB. The results shows
the variations when we change the optimization levels as
given in the table,
Optimization
Level
Optimization
Speed
Results in kb
P- IV,
3.00GHz,
2.99GHz
248MB
RAM
P-IV,
2.66GHz,
2.67GHz
448MB
RAM
P-III,x-86
family,533
MHz,127
MB RAM
None 1 2 3 4
default
392
Kb
392
Kb
393
Kb
max.
speed
384
kb
372
kb
382
kb
max.
speed
372
kb
362
kb
373
kb
max.
speed
372
kb
350
kb
373
kb
max.
speed
348
kb
340
kb
352
kb
We also carried out the results with Inline function
where levels varies as maximum speed,minium
.size,global optimization and full optimization.The
results are shown in the table below as,
7. RESULTS
Actual performance results on target applications will be
influenced by many factors, ranging from the workload
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 196

Proceedings of ICCNS 08 , 27-28 September 2008
Category
Optimization
Speed
default
max.
speed
Results in kb with inline function
P- IV,
3.00GHz,
2.99GHz
248MB RAM
P-
IV,2.66GHz,
2.67GHz
448MB RAM
P-III,x-86
family,533
MHz,127 MB
RAM
420
kb
420
kb
497
kb
392
kb
390
kb
493
kb
min
size
390
kb
375
kb
473
kb
global
384
kb
362
kb
393
kb
Optimize
Optimize
Optimize
Optimize
Optimize
full
384
kb
362
kb
369
kb
To determine whether a prominent hot-spot module or
function is a cause of poor performance, the sampled
data from profiler can be further processed for
comparison based on a relative performance scaling
factor between the two target processors. Typically,
those modules (or functions) that represent performance
bottlenecks are identified by a relative scaling factor, that
falls significantly below 1.0 or another known
characteristic of the workload. The table shows that we
got better results with the optimization levels ranging
from 01 to 04 comparing to inline function.
[5] The Case for Secure File Transfer: Overview of GlobalSCAPE’s
Enhanced File Transfer (EFT) Solution.Published: July 2005 .
[6] Mastering IIS FTP - Part 2 - Virtual Directories-Physical
Directories - Scott Forsyth's WebLog.
[7] www.cute.FTP.com
[8] www.gnu.org/software/tar
[9] The bbFTP-Large Files Transfer Protocols
Websitewww.doc.in2p3.fr/bbftp
[10] Desktop Performance and Optimization for Pentium 4 Processor,
www.intel.com/procs/perf/pentium4 .
[11] Jeffrey Dean,Jmes E. Hicks,Carl
A.Waldspurger,William E. Weihl,George Clurysos,Hardware support
for instruction level profiling on out-of-order processors. Proceedings
of the 30 th annual ACM/IEEE international symposium
onMicroarchitecture,1997,292-302
[12] David Grove,Jeffrey Dean,Charles Garrett,Craig
Chambers.Profile-guided receiver class prediction,ACM SIGPLAN
Notices,Volume 30,1995,108-123.
[13] Karl Pettis,Robert C. Hansen ,Profile guided code
positioning,ACM SIGPLAN Notices,Volume 25,1990,16-27.
[14]Merten,M.C.Trick,A.R.George,C.N.Gyllenhaal,J.C.Hwu,W.W.,A
Hardware-driven profiling scheme for identifying program hotspots to
support runtime optimizations,Computer architecture,Proceedings of
26 th <strong>International</strong> Symposium,1999,136-148.
8. CONCLUSION AND FUTURE WORK
This experiment is to study the optimization and to
optimize the performance of a program specifically the
network program which incorporates the network
bandwidth,processors speed,protocols used etc. Through
these experiments we had presented a solution to
optimize the performance of FTP system using Profiling
concept. Our results show that the profiling and
optimization approach is effective for slower as well as
faster processors at P-III and P-IV level. The results
may vary a bit depending on the processors speed. The
results has the revalence to those working on Pentium
level machines.Although we have achieved good results
with this kind of processor speed, we plan to carryout
the further work in direction of High performance
computing (HPC) network solutions.
9. REFERENCES
[1] J. Postel, J. Reynolds, File Transfer Protocol(FTP).
RFC 959, Internet Engineering Task Force, October 1985.
[2] J. Postel, Transmission Control Protocol. RFC 793, Internet
Engineering Task Force, September 81.
[3] John Bresnahan,Michael Link,Rajkumar Kettimuthu,Dan
Fraser,Ian Foster. Grid FTP Pipling , Teragrid
<strong>Conference</strong>,Madison,W,2007
[4] M. Allman, V. Paxson, W. Stevens, TCP Congestion Control.
RFC 2581, Internet Engineering Task Force,April,99.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 197

Time-slotted Routing Technique Enhances
Wireless Communication
In Mobile Adhoc Network
Pallavi Khatri, Ankush Jain
Department of Information Technology
ITM Universe, Gwalior (M.P.)
pallavi_magic@yahoo.com, ankush182002@gmail.com
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract - An ad hoc mobile network is a collection of
mobile nodes that are dynamically and arbitrarily located in
such a manner that the interconnections between nodes are
capable of changing on a continual basis. In order to
facilitate communication within the network, a routing
protocol is used to discover routes between nodes. The
primary goal of such an ad hoc network routing protocol is
correct and efficient route establishment between a pair of
nodes so that messages may be delivered in a timely manner.
Route construction [1] should be done with a minimum of
overhead and bandwidth consumption. Congestion can be
reduced and performance improved for a mobile ad-hoc
network with fast-moving or peer-aware nodes by using timeslotted
routing protocol.
Keywords: Routing, ad-hoc network
I. INTRODUCTION
An Adhoc mobile network is a collection of nodes, each
of which is capable of and is likely to be moving, resulting in
continual changes in the topology of the network. These
nodes communicate through wireless transmission, and each
of them serves as a router for the other network nodes.
Adhoc network have many unique characteristics that make
network communication challenging. The mobility of nodes
introduces the problem of discovering and maintaining paths
over a dynamic network topology. The network has limited
bandwidth [3], and there are often high error rates. Because
of these limitations, protocols designed for providing
communication in wired networks are often not suitable for
wireless network. Adhoc routing protocols must be designed
with these limitations, and must aim to minimize processing
and transmission overhead and to being able to find and
maintain routes over a dynamic topology.
An Ad hoc routing protocol is a convention or standard
that controls how nodes come to agree which way to route
packets between computing devices in a mobile ad-hoc
network (MANET)[2]. In ad hoc networks, nodes do not have
a priori knowledge of topology of network around them, they
have to discover it. The basic idea is that a new node
announces its presence and listens to broadcast
announcements from its neighbours. The node learns about
new near nodes and ways to reach them, and may announce
that it can also reach those nodes. As time goes on, each node
knows about all other nodes and one or more ways how to
reach them.
Wireless communication within a mobile ad-hoc network
(MANET) system is prone to network congestion and
susceptible to interference. Congestion can be reduced and
performance improved for a mobile
ad-hoc network with fast-moving or peer-aware nodes.
Many protocols have been developed and studied in an effort to
alleviate network congestion in a MANET. Some examples
include demand source routing (DSR)], optimized link state
routing (OLSR), and the ad-hoc on-demand distance vector
(AODV) [4] protocol. All of these provide a reasonable solution
for a MANET when the nodes exhibit low mobility. However,
when the nodes in the network move at a high rate of speed or
are peer aware, as in UAV formation flight, the inner node
communication increases network congestion. We have
developed a hybrid protocol to decrease the inner node
communication and so limit the number of collisions that occur
during the route seeking process.
II. EXISTING AD HOC ROUTING PROTOCOLS
Since the mobile wireless network is the infrastructure
less mobile network, Infrastructure less networks have no
fixed routers, all nodes are capable of movement and can be
connected dynamically in an arbitrary manner. Numerous
routing protocols have been developed for mobile adhoc
network to manage the working of nodes that
communicate with other nodes.
These routing protocols are generally categorized as
• Table driven
• On- demand driven (source -initiated)
A. Table -Driven Routing Protocol
Table-driven routing protocols attempt to maintain
consistent, up-to-date routing information from each node
to every other node in the network This type of protocols
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 198

Proceedings of ICCNS 08 , 27-28 September 2008
maintains fresh lists of destinations and their routes by
periodically distributing routing tables throughout the
network. These protocols require each node to maintain
one or more tables to store routing information, and they
respond to changes in network topology by propagating
updates throughout the network in order to maintain a
consistent network. The areas in which they differ are
the number of necessary routing-related tables and the
methods by which changes in network structure are
broadcast.
Some table- driven adhoc routing protocols are
(a) Destination-Sequenced Distance-Vector Routing
The Destination Sequenced Distance Vector
Routing (DSDV) protocol described is a table-driven
algorithm based on the classical Bellman Ford routing
mechanism . The improvements made to the Bellman
Ford algorithm include freedom from loops in routing
tables.
Every mobile node in the network maintains a routing
table in which all of the possible destinations within the
network and the number of hops to each destination are
recorded. Each entry is marked with a sequence number
assigned by the destination node. The sequence
numbers enable the mobile nodes to distinguish stale
routes from new ones, there by avoiding the formation of
routing loops. Routing table up dates is periodically
transmitted throughout the network in order to maintain
table consistency. To help alleviate the potentially large
amount of network traffic that such updates can generate,
route updates can employ two possible types of packets.
The first is known as a full dump. This type of packet carries
all available routing information and can require multiple
network protocol data units.
(b) Clusterhead Gateway Switch Routing
The Cluster head Gateway Switch Routing (CGSR)
protocol differs from the previous protocol in the type
of addressing and network organization scheme
employed. Instead of a “flat” network, CGSR is a
clustered multihop mobile wireless network with several
heuristic routing schemes. The authors state that by
having a cluster head controlling a group of ad hoc
nodes, a framework for code separation (among
clusters), channel access, routing, and bandwidth
allocation can be achieved. A cluster head selection
algorithm is utilized to elect a node as the cluster head
using a distributed algorithm within the cluster.
The disadvantage of having a cluster head scheme is
that frequent cluster head changes can adversely affect
routing protocol performance since nodes are busy in
cluster head selection rather than packet relaying.
(c) The Wireless Routing Protocol (WRP)
The Wireless Routing Protocol (WRP) described in is a
table-based protocol with the goal of maintaining routing
information among all nodes in the network. Each node in
the network is responsible for maintaining four tables
• Distance table
• Routing table
• Link-cost table
• Message retransmission list (MRL) table
B. Source Initiated On-Demand Routing Protocol
A different approach from table-driven routing is sourceinitiated
on-demand routing. This type of routing creates
routes only when desired by the source node. When a node
requires a route to a destination, it initiates a route
discovery process within the network. This process is
completed once a route is found or all possible route
permutations have been examined. Once a route has been
established, it is maintained by a route maintenance
procedure until either the destination becomes
inaccessible along every path from the source or until
the route is no longer desired.
(a)Ad Hoc on-Demand Distance Vector (AODV) Routing
AODV is an improvement on DSDV because it
typically minimizes the number of required broadcasts by
creating routes on a demand basis, as opposed to
maintaining
a
complete list of routes as in the DSDV algorithm. The
authors of AODV classify it as a pure on-demand route
acquisition system, since nodes that are not on a selected
path do not maintain routing information or
participate in routing table exchanges.
When a source node desires to send a message to
some destination node and does not already have a valid
route to that destination, it initiates a path discovery
process to locate the other node. It broadcasts a route
request (RREQ) packet to its neighbors, which then
forward the request to their neighbors, and so on, until
either the destination or an inter mediate node with a
“fresh enough” route to the destination is located. the
propagation of the broadcast RREQs across the network.
AODV utilizes destination sequence numbers to ensure all
routes are loop-free and contain the most recent route
information. Each node maintains its own sequence
number, as well as a broadcast ID.
(b) Dynamic Source Routing (DSR)
The Dynamic Source Routing (DSR) protocol
presented in is an on-demand routing protocol that is
based on the concept of source routing. Mobile nodes
are required to maintain route caches that contain the
source routes of which the mobile is aware. Entries in
the route cache are continually updated as new routes
are learned.
The protocol consists of two major phases: route discovery
and route maintenance. When a mobile node has a packet
to send to some destination, it first consults its route
cache to determine whether it already has a route to the
destination. If it has an unexpired route to the
destination, it will use this route to send the packet. On
the other hand, if the node does not have such a route, it
initiates route discovery by broadcasting a route request
packet.
This route request contains the address of the
destination, along with the source node’s
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 199

Proceedings of ICCNS 08 , 27-28 September 2008
address and a unique identification number. Each
node receiving the packet checks whether it knows of a
route to the destination. If it does not, it adds its own
address to the route record of the packet and then
forwards the packet along its outgoing links. To limit the
number of route requests propagated on the outgoing links
of a node, a mobile only forwards the route request if the
mobile has not yet seen the request and if the mobile’s
address does not already appear in the route record.
A route reply is generated when the route request reaches
either the destination itself, or an intermediate node,
which contains in its route cache an unexpired route to the
destination. By the time the packet reaches either the
destination or such an intermediate node, it contains a
route record yielding the sequence of hops taken. The
formation of the route record as the route request
propagates through the network. If the node generating
the route reply is the destination, it places the route
record contained in the route request into the route reply.
If the responding node is an intermediate node, it will
append its cached route to the route record and then
generate the route reply. To return the route reply, the
responding node must have a route to the initiator. If it
has a route to the initiator in its route cache, it may use
that route. Otherwise, if symmetric links are supported,
the node may reverse the route in the route record. If
symmetric links are not supported, the node may initiate
its own route discovery and piggyback the route reply
on the new route request. The transmission of the route
reply with its associated route record back to the
source node.
packets. In other words, C = S size (route replies, route requests,
route error, data) for all messages required in both the route
discovery process and the payload or data transmission
process. Using a back-off period allows the messages to either
be sent in the first instance of the time slot or to use a random
send time in each slot. The time slot is defined to be:
τ = (1/C*D) + ρ + B
Where B is the back-off period, C is the largest control
packet length, D is the data rate, ρ is the maximum clock
skew, and τ is the time slot size.
To maximize network bandwidth usage, τ must be as small
as possible while still allowing time for route discovery and
payload traffic transmission to occur. The choice of a
minimum value of τ must provide for a reasonable maximum
clock skew.
C. Disadvantages of Existing Routing Protocols.
The main disadvantages of Table driven routing Protocol
1. Respective amount of data for maintenance.
2. Slow reaction on restructuring and failures
The main disadvantage of On-Demand Routing Protocol
1. High latency time in route finding.
2. Excessive flooding can lead to network clogging.
To overcome these defects present in existing routing protocol
technique, there is new way to route the packet using a
mechanism called “Time- slotted Routing Technique”.
III. TIME-SLOTTED ROUTING TECHNIQUE
Methodology
Fig.1 illustrates the simple star network topology of a small
cluster. All traffic is routed through the head node, and the
source is no more than one hop from the destination. This is
based on the AODV protocol, but introduces a time component
into it, similar to that of the slotted ALOHA protocol. A
particular time slot is set aside for each node to communicate
data to the designated head node.
To implement a time-slotted protocol, the time increments
must be large enough to support the aggregate of all routing
Fig. 1 In the star cluster network topology, all traffic goes through the
head node, and the source is no more than one hop from the destination.
IV. RESULT
The average ratios of dropped packets to sent packets
(drops-to-sends ratios) for both the AODV and time-slotted
protocols are shown in Table 1. [5] Notice that the ratios for
the time-slot-managed network are better than the AODV in
all but the two-node case. While the total network traffic
decreases with the time-slotted method, a consistent level of
reliability and scalability are provided over a broader range of
network sizes. It should also be noted that the transmission
capacity for individual nodes is inversely proportional to the
number of nodes in the network.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 200

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE 1
AODV AND TIME-SLOTTED DROPS TO SENDS RATIOS
AODV
Time Slotted Protocol
Send Drop % Send Drop %
1 297620 79 0.026 96823 41 0.0423
2 595320 1360 0.228 96561 14 0.0144
3 895124 3180 0.355 96608 17 0.0175
4 1287130 6845 0.531 96764 14 0.0144
5 1572299 13197 0.839 95600 352 0.3682
6 1792147 20828 1.162 96579 12 0.0124
7 1928818 133854 6.939 96634 13 0.0134
8 2110803 161612 7.656 96760 36 0.0372
The use of time slot allocation to coordinate communication
between nodes in a MANET is shown to improve the quality
of service (QoS) of node communication by minimizing data
packet drops. Adjusting the time-slot duration to facilitate the
transfer of the largest packet and routing message requirements,
while at the same time avoiding data packet collisions,
maximizes the reliability of communication over the network.
The data transfer rate is lowered by this method, but the
communication throughput sustained by the time-slotted routing
protocol is sufficient to maintain formation flight in a UAV.
The important results to note are the reliability of the
communication, the scalability of the nodes in the formation,
and the hazards of a dropped navigation packet that may
potentially disrupt or alter the mission beyond recovery.
V. CONCLUSION AND FUTURE EFFORTS
The results suggest several additional enhancements to the
use of the time-slot method, including a two-stage time-slot
window to increase the size of t when the route discovery
process is required or requested, and a dynamic time-slot
window for clock skew. Other approaches include allocating
time slots based on message type, and relaxing the time-slot
node allocation constraint and allowing more than one node in
the network to transmit. Other future efforts include intrusion
detection
schemes
based on time-slotted communication with predetermined
Frequency hopping strategies. This additional security,
coupled with enhanced reliability, is applicable not only to
UAV formation flight, but to first-responder/urban search and
rescue missions, rapid military deployment, and contaminated
sensor network scenarios.
REFERENCES
[1] R. Badonnel, R. State, and O. Festor, “Management of Mobile
Ad- Hoc Networks” IEEE 15th Annual Int’l. Phoenix
<strong>Conference</strong> Comp. and Commun., Mar. 1996, pn 480-486.
[2] “The Handbook of Ad Hoc Wireless Networks” By Mohammad
Iiyas, Florida Atlantic University ©2003 by CRC Press, pp.
120-132.
[3] Mobility Management in Wireless Networks By Karen Q.Tian
and Donald C.Cox,Stanford University,©2004 by Kluwer
Academic Publishers, pp.4, 36-45.
[4] Mobile Protocols for Data Networks By Anna Hac, University
of Hawaii at Manoa, Honolulu, ©2003 John Wiley & Sons, pp.
197-211.
[5] C. E. Perkins and P. Bhagwat, “Highly Dynamic Destination-
Sequenced Distance-Vector Routing (DSDV) for Mobile
Computers,” Computer Community Rev., Oct. 1994, pp. 234-
244
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 201

Proceedings of ICCNS 08 , 27-28 September 2008
Adaptive Call Admission Control for Wireless
Mobile Network
Varsha N. Wahane, Vijayalaxmi Kadroli
Abstract---CAC is a Call admission control which plays a
significant role in providing the desired quality of service in wireless
networks. Many CAC schemes have been proposed. - A dynamic call
admission control (CAC) and its associated resource reservation (RR)
schemes are proposed in this paper based on the guard channel (GC)
concept for a wireless cellular system supporting multiple quality of
service (QoS) classes. The proposed CAC policy selects the resource
access threshold according to the estimated number of incoming call
requests of different QoS classes. The amount of resources to be
reserved is dynamically adjusted by considering neighboring-cell
higher-priority calls, which are likely to handoff. The rationale
behind our proposed dynamic CAC and RR scheme is to make an
efficient resource reservation for priority calls by considering
potential handoff calls in the neighboring cells, based on their signal
to noise ratio (SNR) information and the traffic profile for each
mobile. Analytical results for some performance metrics such as call
blocking probabilities are obtained under some specific assumptions.
However due to the mobility, some assumptions may not be valid
when the average channel holding times for new calls and handoff
calls are not equal. Thus the key contribution is the introduction of a
novel call admission control and bandwidth degradation scheme for
real-time traffic as well as the development of a model for the
admission controller.. In this paper we reexamine some of the
analytical results for call blocking probabilities for some CAC
schemes under more general assumptions and provide easier-tocompute
approximate formulas.
Keywords— CAC, Handoff Call Dropping Probability, New
Call Blocking Probability.
T
I. INTRODUCTION
he third generation (3G) wireless communication systems
will support multimedia traffic at a target transmission
rate of up to 2Mbps for static mobile users and 384kbps
for high mobility users. Unlike wired networks,
communication entities in wireless networks change their
connectivity via handoff when they move from one cell to
another. The use of micro or pico-sized cells makes the role of
handoff procedures very important in maintaining the service
continuity and QoS guarantees to the multimedia applications.
Due to the limited bandwidth resources in wireless multimedia
system, efficient call admission control (CAC) and resource
reservation (RR) schemes are needed to maintain desired QoS.
Varsha N. Wahane is working as Lecturer in Terna Engineering College,
Nerul, Navi Mumbai. ( Phone +919869125055, e-mail: varshasim
@indiatimes.com ).
Vijayalaxmi Kadroli is working as Lecturer in Terna Engineering College,
Nerul, Navi Mumbai. ( e-mail: v_udachan@yahoo.co.in ).
CAC schemes enable the system to provide QoS to new
incoming as well as existing calls. The RR scheme, such as
the use of guard channels (GC), is adopted to reserve
resources for certain higher priority calls. Obtaining a right
balance between the two opposing criteria is a big challenge.
This paper proposes a novel dynamic RR and CAC scheme to
increase the access probability for the higher priority calls,
while ensuring high overall system efficiency, in the presence
of multiple QoS classes such as priority, rate adaptively as
well as different mobility. We adopt the idea of the GC
scheme, which gives preferential treatment to the handoff calls
by reserving a fixed number of channels exclusively for them.
However, such a scheme may lead to poor channel utilization
because it decreases the handoff dropping rate at the cost of
increasing the blocking rate for other users. To deal with this
problem, we introduce a dynamic resource reservation
algorithm to efficiently estimate resources needed to be
reserved for high priority calls, by using the SNR and the
distance information of mobile users in neighboring cells.
The remaining part of the paper is organized as follows.
I. Special emphasis on Cutoff priority scheme.
II. Analytical and simulation model for the same
Simulation is conducted by MATLAB.
III. Numerical results.
IV. Finally, concluding remarks and future work
A Preferential treatment to priority and handoff calls
A wireless multimedia system cannot always meet
different QoS requirements of mobile users, due to resource
constraints. Therefore, the system requires rules to decide who
will receive the services according to predefined cost
functions, to avoid unwanted call blocking and handoff
dropping while maximizing channel utilization. Usually,
handoff calls are assigned higher priority over new calls. How
to seamlessly transfer resources between cells during handoff
is an important issue. For this, resource reservation and call
admission schemes should be integrated with the handoff
mechanism to provide more flexibility to all mobile users and
better QoS guarantees for premium users. Many different
admission control strategies have been discussed in the
literature to provide priorities to higher priority-call and
handoff requests, without significantly jeopardizing new
connection requests. These strategies fall into two categories:
Handoff Queue (HQ) and Guard Channel (GC) schemes.
HQ based methods follow the principle: when resources
become available, one of the calls in the handoff queue is
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 202

Proceedings of ICCNS 08 , 27-28 September 2008
served. If there are no available resources, call requests are
being queued until resources are available again. HQ scheme
needs lot of buffers to deal with real-time multimedia traffic
and sophisticated scheduling mechanism is needed to meet the
QoS requirement for delay sensitive calls to guarantee that the
queued data will not expire before they are transmitted.
The basic idea of GC (Guard channel) -based admission
control strategies is to reserve resources in each cell a priori to
deal with handoff requests. In order to provide mobile users
with continuous connectivity, a system reserves backup
channels referred to as “guard channels” to provide
preferential treatment to priority calls and handoff calls. In
such a system, resource is less than a certain threshold. GC
strategies differ in the number of guard channels to be chosen
by a base station.
B. Fixed and dynamic GC schemes
The concept of Guard Channel was first introduced by
Hong and Rappaport [2]. They used a fixed GC scheme to
treat new calls and handoff calls differently, by reserving the
same amount of resources for the handoff calls in the entire
period of simulation cycle. In this paper, only one traffic class
was considered. Rapport and Purzynski [4] extended this work
to multiple services and platform types. They analyzed the
performance based on their proposed mathematical model,
with the assumption of stationary traffic. Epstein and
Schwartz [5] considered a mixed traffic with calls of narrow
and wide-band.. All the schemes proposed above are static
because such GC schemes cannot adapt to quick variation of
the traffic pattern. Dynamic GC schemes have appeared in the
literature, which improve the system efficiency while
providing the QoS guarantees to priority calls. These schemes
adaptively reserve the actual resources needed for priority
calls and, therefore, accept more lower-priority calls as
compared to a fixed scheme. Naghshineh and Schwartz [7]
proposed an analytical model to estimate the resource
requirements for handoff calls. In their model, all connection
requests have identical traffic profile and the traffic is under
stationary conditions. Ramanathan et al. [8] proposed a
dynamic resource allocation scheme based on the estimation
of maximum expected resource requirement needed for
handoff calls. Acampora et al. [9] applied a linear weighting
scheme (LWS) as part of their admission control algorithm.
Linear weighting scheme uses the average number of ongoing
calls in all cells within the region of awareness to determine
the admission. Sutivong and Peha [10] adopted a hybrid
scheme by using the weighted sum of ongoing calls in the
originating cell as well as other neighboring cells for
admission control.
C. Service Model
We consider multimedia traffic with the following service
attributes:
1) MinBW, MaxBW: Minimum and Maximum Bandwidth
Requirements characterize the bandwidth consumption of the
traffic.
2) RA: Rate Adaptively describes whether a connection is
flexible in its bandwidth requirements. If a connection is rate
adaptive, it can be serviced in a degraded mode when
congested. This connection thus has high probability to
receive service in either the full or degraded rate.
3) Priority Class: Higher priority is assigned to connections
that are willing to pay more. They are likely to receive better
QoS guarantees in terms of better chance to receive the
service and in better quality mode. Similarly, system will gain
higher rewards if it provides services to such priority calls.
4) Mobility: High, moderate and low mobility traffic types are
included in our service model. Different mobility traffic will
have different weighting factor.
In this paper, we concentrate on the guard channel schemes.
We have assumed that the channel holding times for new calls
and handoff calls are independent and exponentially
distributed but with different average values. However, in
reality, these assumptions may not be true. It is usually agreed
that the new call and the handoff call have different channel
holding-time distributions ([12] and [3] and references
therein). Also, the handoff traffic may not be Poisson [12].
Performance analysis of CAC schemes under more realistic
assumptions (using higher moments of cell traffic and channel
holding times) has to be carefully carried out. We will present
such a study in a subsequent paper. Future generation wireless
systems have shifted the focus on multimedia services and
guaranteeing their QoS. Call connections may demand
different amounts of network resource (channels). Thus, call
admission control scheme can be designed to deal with
multiclass services. The schemes (e.g., thinning schemes) can
be generalized to handle such situations: permission
probabilities can be chosen according to the resource
utilization and amount of resource needed to support a call
request. We can also use priority levels and multiple
thresholds to handle different traffic classes.
CALL ADMISSION CONTROL SCHEMES
There are three call admission control schemes in
wireless networks, when the channel holding times for new
calls and handoff calls are differentiated: the new call
bounding priority, new call thinning scheme and the cutoff
priority scheme. The analytical techniques and results can be
easily extended to blocking performance for wireless
multimedia networks with multiple prioritized traffic, in which
corresponding call admission control schemes can be
obtained. We can immediately observe that the analytical
results are valid for wireless networks with two prioritized
traffic.
Let λ denote the arrival rate for new calls,
λ h the arrival rate for handoff calls,
1/μ the average channel holding time for new calls,
1/μ h the average channel holding time for handoff calls,
respectively.
C denotes the total number of channels in a cell.
Here it is assume that the arrival process for new
calls and the arrival process for handoff calls are all Poisson,
and the channel holding times for new calls and handoff calls
are exponentially distributed, respectively.
Although it has been observed [9], [14] that the handoff call
arrival rate is closely related to the new call arrival rate, and
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 203

Proceedings of ICCNS 08 , 27-28 September 2008
that the channel holding times for new calls and handoff calls
also depend on the cell residence time distribution, and here it
is proposed is to show how call-blocking probabilities can be
approximated when the channel holding times for new calls
and handoff calls have different averages. It has been
observed that the channel holding times for new calls and
handoff calls are distinct; even their average values are
different. The current literature does not make such a
distinction; the common assumption is that the channel
holding time for the call arrivals (consisting of new calls and
handoff calls) is exponentially distributed with parameters
equal to the average channel holding time of new calls and
handoff calls together, i.e., both new calls and handoff calls
are distributed with the same distribution. Here the onedimensional
Markov chain model can be used to derive
analytical results for blocking performance.
A. New Call Bounding Scheme:
This scheme limits the admission of new calls into
the wireless networks.
B. Cutoff Priority Scheme:
In this scheme instead of putting limitation on the number
of new calls, it is base on the number of total on-going calls in
the cell to make a decision whether a new arriving call is
accepted or not.
C. New Call Thinning Schemes:
The new call thinning schemes are schemes in which a new
call is admitted with certain probability.
. Special Emphasis on Cutoff Priority Scheme:
In this scheme instead of putting limitation on the number
of new calls, it is base on the number of total on-going calls in
the cell to make a decision whether a new arriving call is
accepted or not. The scheme works as follows.
Let m denote the threshold upon the new call.
If the total number of busy channels is less than m, the new
call is accepted; otherwise, the new call is blocked. The
handoff calls are always accepted unless no channel is
available upon their arrivals. This scheme shows that the
analytical results for call blocking probabilities are obtained
under the assumption that the average new call channel
holding time and average handoff call channel holding time
are equal so that one-dimensional Markov chain theory can be
used. When the average channel holding times for new calls
and handoff calls are different, the approach will not work.
II ANALYTICAL AND SIMULATION MODEL:
Let λ, λh, 1/μ, 1/μh and C be defined as before;
And let m denote the cutoff threshold.
As in the previous section, here the two-dimensional Markov
chain is used to model the system.
Let (n 1 , n 2 ) denote the state, where n 1 and n 2 denote the
numbers of new calls and handoff calls in the cell,
respectively.
Fig: 1 Transition diagram for cutoff priority
scheme.
The state diagram is shown in Fig. 1 with the following
transition rates:
q(n 1 , n 2 ; n 1 -1, n 2 =n 1 μ(0 ≤ n 1 ≤ m, 0 ≤n 1 + n 2 ≤ C)
q(n 1 , n 2 ; n 1 +1, n 2 )= λ (0 ≤ n 1 ≤m,0 ≤ n 1 + n 2 ≤ m)
q(n 1 , n 2 ; n 1 , n 2 -1)= n 2 μ h (0 ≤ n 1 ≤m,0≤n 1 + n 2 ≤ C)
q(n 1 n 2 ; n 1 , n 2 +1 )= λ h (0 ≤ n 1 ≤m,0 ≤ n 1 + n 2 ≤ C)
It is observe that in some states, such as those when,
the flows no longer have the symmetric nature. It is doubtful
whether the detailed balance equations are valid. Indeed, we
do not have the product form for this scheme when μ ≠ μh
Let u(x) denotes the step function, which is defined as
follows:
u (x) = 1 x ≥ 0
u (x) = 0 x < 0 .
Then, from Fig.1, we obtain the following global balance
equations:
⎡⎣u( n1 + n2 − m) λ + u( n1 + n2 − C) λh
+ n1μ + n2μh⎤⎦
p( n1, n2) = u(
n2
−
u ( n − m) μ p( n + 1, n ) + u ( n + n − C)( n + 1) μ p( n , n + 1) + u ( n + n −
2 1 2 1 2 2 h 1 2 1 2
0 ≤ n ≤ m, n + n ≤ C.
1
1 2
Thus, here the global balance equations are solved to
find the steady-state probability distribution, from which
blocking probabilities can be obtained, as done when
multidimensional Markov chain theory is used. However,
solving the global balance equations may be computationally
intensive when the state dimension is large. It will be useful to
find some approximation for the call blocking probabilities.
We now present an approximation based on the following
idea: here an attempt is made to reduce the two-dimensional
Markov chain model to a one-dimensional Markov chain
model by normalizing the average service time for each
stream so that the average service time becomes identical for
both streams. In this way, it can use the one-dimensional
Markov chain theory to find the call blocking probabilities.
Here we use the following approximate model: the new call
arrival stream is Poisson with arrival rate and with service rate
(corresponding channel holding time for new calls) 1 (the
unity). The handoff call arrival stream is also Poisson with
arrival rate and service rate 1.
Let ρ = λ/μ denotes the probability that there are j
busy channels in steady state for the approximate model.
Then, we can obtain the following stationary distribution for
the approximate model:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 204

Proceedings of ICCNS 08 , 27-28 September 2008
⎧ m j − m
a ⎪ ( ρ + ρ h ) ρ
p h
j
= ⎨
p
0
, m + 1 ≤ j ≤ C
⎪
j !
⎩
p
a
0
m 1
( )
C ( )
j m
−
⎡
j
m − ⎤
⎢ ρ + ρ
ρ + ρ
h
h
ρ h ⎥
=
⎢∑
+
j! ∑
j!
⎥
⎢
⎣ j= 0 j= m + 1
⎥
⎦
From this stationary distribution we obtain the blocking
probability for new calls and handoff calls as follows
p
a
nb
a
p
hb
=
=
C m j − m
( ρ + ρ
h
) ρ h
∑
j !
j = m
m j C m j − m
( ρ + ρ )
( ρ + ρ h ) ρ
h
+
h
j ! ∑
j !
j = 0 j = m + 1
∑
m C − m
( ρ + ρ h)
ρ h
C !
m j C m j − m
( ρ + ρ )
( ρ + ρ h ) ρ
h
+
h
j! ∑
j!
j= 0 j= m + 1
∑
Here the above equations approximate the call blocking
probabilities for the cutoff priority scheme. It is observe that
when, m = C the result becomes exact for a non prioritized
scheme.
Blocking Probability
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
10 15 20 25 30 35 40 45 50 55 60
Arrival Rate
Fig. 2 Simulation result for New call and Handoff
call in cutoff priority scheme.
Blocking probability of new call
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
New call blocking probability in the cutoff prioriy scheme
Analytical result
Simulated result
0
10 15 20 25 30 35 40 45 50 55 60
New call traffic load
Fig.3 New call blocking probability in cutoff
priority scheme
Blocking probability of handoff call
4 x 10-3 Handoff blocking probability in the cutoff priority scheme
Analytical result
3.5 Simulated result
3
2.5
2
1.5
1
0.5
0
10 15 20 25 30 35 40 45 50 55 60
New call traffic load
Fig. 4 Handoff call blocking probability in
cutoff priority scheme
III NUMERICAL RESULTS
In this section, we present the simulation results for
comparison purposes. They will show how much discrepancy
may be caused by using approximate model and the traditional
approach (which does not distinguish between new calls and
handoff calls)..
Here, we investigate the. Cutoff priority scheme
choose the following set of parameters: C = 30, m = 25, λ =
1/60 to 1/12, μ h = 1/450 and μ = 1/300.In this we change the
new call arrival rate instead of the channel holding time. The
results shows that in the cutoff priority scheme for low traffic
the new call blocking probability in Fig.2 is increases initially
and for high traffic it is almost constant whereas the handoff
call, the dropping probability is zero throughout. Fig.3 is the
analytical result for new call blocking probability in cutoff
priority scheme. Fig.4 compares the analytical and simulation
results for handoff call blocking probability. In Fig.3 for low
traffic the new call blocking probability is increases sharply
and for high traffic it is moderate and also the analytical and
simulation results both agree with each other. In Fig.4 the
analytical and simulation results both agree with each other
and for traffic up to 35 the call dropping probability is almost
zero and then increases sharply for high traffic. They show
that we can obtain very accurate results for the new call
blocking probability if our approximation approach is
deployed. This paper calls again for the necessity of
reexamining the classical analytical results in traffic theory,
which are used for the analysis and design of wireless mobile
networks.
IV CONCLUSION
In this paper, we investigate the call admission
control strategy for the wireless networks. We point out that
when the average channel holding times for new calls and
handoff calls are significantly different, the traditional onedimensional
Markov chain model may not be suitable; twodimensional
Markov chain theory must be applied. Here the
cutoff priority scheme reduces the handoff call blocking
probability which is the requirement because the customers
are more sensitive to call blocking than to call dropping. We
also propose a new approximation approach to reduce the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 205

Proceedings of ICCNS 08 , 27-28 September 2008
computational complexity. It seems that the new
approximation performs much better than the traditional
approach. Future work includes research on finding out how
good this new approximation is analytically.
FUTURE SCOPE AND MODIFICATION
Next generation networks are designed to support adaptive
multimedia services by controlling individual outgoing flow to
increase or decrease their bandwidth in response to changes in
traffic load. So in this adaptive CAC algorithm is suggested or
proposed to complement resources reservation mechanism and
the ability of robust applications to sustain performance
fluctuation.
In order to overcome the limitations of scarce,
highly fluctuating link bandwidth in wireless multimedia
networks, adaptive multimedia networks has been proposed.
An adaptive multimedia paradigm can play an important role
in mitigating the highly varying resource availability in
wireless multimedia networks.
Adaptation BW algorithm is utilized to adaptive determine the
BW for call admission control. The algorithm will be
triggered whenever there is a call arrival acceptance event or a
service departure event. The objective of this is to minimize
NCBP , HCDP and to efficiently utilize the system resource.
REFERENCES
[1] P. -O. Gaasvik, M. Cornefjord, V. Svensson, “Different
methods of giving priority to handoff traffic in a mobile
telephone system with directed retry,” 41st IEEE
Vehicular Technology <strong>Conference</strong> 'Gateway to the Future
Technology in Motion’ , pp.549 -553, 1991.
[2] D. Hong and S. S. Rapport, “Traffic model and
performance analysis for cellular mobile radiotelephone
systems with prioritized and nonprioritized handoff
procedures,” IEEE Trans. Vehicular Technology, vol VT-
35, pp. 77-92, Aug. 1986
[3] T. Kwon; Y. Choi; C. Bisdikian, M. Naghshineh, "Call
admission control for adaptive multimedia in Simulation time
(min) wireless/mobile networks", IEEE Wireless
Communications and Networking <strong>Conference</strong> vol. 2, pp.
540-544, 1999.
[4] S. S. Rapport and C. Purzynski, “Prioritized Resource
Assignment for Mobile Cellular Communication Systems
with Mixed Services and Platform Types,” IEEE Trans.
Vehicular Technology, vol. 45, no. 3, Aug. 1996.
[5] B. Epstein and M. Schwartz, “Reservation Strategies for
Multimedia Traffic in a Wireless Environment,” IEEE
45th Vehicular Technology <strong>Conference</strong>, Chicago, IL, July
1995.
[6] Huan Chen, Sunil Kumar, and C.-C. Jay Kuo,
"Differentiated QoS Aware Priority Handoff in Cell-based
Multimedia Wireless Network", Electronic Imaging 2000,
IS&T/SPIE’s 12th <strong>International</strong> Symposium, San Jose,
CA, Jan. 2000.
[7] M. Naghshineh and M. Schwartz, “Distributed call
admission control in mobile/wireless networks,” IEEE J.
Select. Areas Commun., vol.14, pp.711-717, May 1996
[8] P. Ramanathan; K. M. Sivalingam, P. Agrawal; S.
Kishore, "Dynamic resource allocation schemes during
handoff for mobile multimedia wireless networks," IEEE
J. Select. Areas in Commun., vol. 17, pp. 1270-1283, July
1999.
[9] A. S. Acampora and M. Naghshineh, “Control and
Quality of Service Provisioning in High-Speed Microcellular
Networks,” IEEE Personal Communications,
Second Quarter 1994, pp.36-43
[10] Arak Sutivong and Jon M. Peha, “Novel Heuristics for
Call Admission Control in Cellular Systems,” IEEE 6th
<strong>International</strong> <strong>Conference</strong> on Universal Personal
Communications, vol.1, pp 129 -133, 1997
[11] R. Ramjee, D. Towsley, and R. Nagarajan, “On optimal
call admission control in cellular networks,” Wireless
Networks, vol. 3, pp. 29–41, 1997.
[12] Y. Fang, I. Chlamtac, and Y. B. Lin, “Channel occupancy
times and handoff rate for mobile computing and PCS
networks,” IEEE Trans. Comput., vol. 47, pp. 679–692, June
1998.
[13] V. K. N. Lau and S. V. Maric, “Mobility of queued call
requests of a new call-queueing technique for cellular
systems,” IEEE Trans. Veh. Technol., vol. 47, no. 2, pp. 480–
488, 1998.
[14] P.V. Orlik and S. S. Rappaport, “A model for teletraffic
performance and channel holding time characterization in
wireless cellular communication with general session and
dwell time distributions,” IEEE J. Select. Areas Commun.,
vol. 16, no. 5, pp. 788–803, 1998.
[15] W. Stallings,” High-Speed Networks: TCP/IP and ATM
Design Principles”.
Englewood Cliffs, NJ: Prentice-Hall, 1998
[16] D. Grillo, R. A. Skoog, S. Chia, and K. K. Leung,
“Teletraffic engineering for mobile personal
communications in ITU-T work: The need to match practice
and theory,” IEEE Personal Commun., vol. 5, pp. 38–58, Dec.
1998.
[17] Y. Fang and I. Chlamtac, “Teletraffic analysis and
mobility modeling for PCS networks,” IEEE Trans. Commun.,
vol. 47, pp. 1062–1072, July 1999.
[18] E. D. Re, R. Fantacci, and G. Giambene, “Handover
queueing strategies with dynamic and fixed channel allocation
techniques in low earth orbit mobile satellite systems,” IEEE
Trans. Commun., vol. 47, no. 1, pp. 89–102, 1999
[19] C. Chang, C. J. Chang, and K. R. Lo, “Analysis of a
hierarchical cellular system with reneging and dropping for
waiting new calls and handoff calls,” IEEE Trans. Veh.
Technol., vol. 48, no. 4, pp. 1080–1091, 1999
[20] M. D. Kulavaratharasah and A. H. Aghvami, “Teletraffic
performance evaluation of microcellular personal
communication networks (PCN’s) with prioritized handoff
procedures,” IEEE Trans. Veh. Technol., vol. 48, no. 1, pp.
137–152, 1999.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 206

A Vigorous Spanning Tree Topology for
Distributed Applications
Ms. Smita A. Attarde 1 ,Ms. Shital K. Dhamal 2 Proceedings of ICCNS 08 , 27-28 September 2008
Abstract- Parallel and distributed systems may operate in an
environment that undergoes unpredictable changes causing
certain system performance features to degrade. Therefore, for
the distributed operating environment, robustness is a
desirable property. In this paper, a robust topology is
described which is for the applications that operate on a
spanning tree overlay network. A proactive approach to
robustness is considered. This topology is capable to
withstand disturbances as well as exhibit good performance.
Both centralized and distributed algorithms to construct the
topology are considered. These robust spanning trees achieve
a desirable trade-off for two opposing metrics where
traditional forms of spanning trees do not.
Keywords- Robustness, distributed computing, graph theory,.
1. INTRODUCTION
The design and implementation of distributed computing
systems has historically been carried out with performance
being the dominant goal. In order to realize the benefits from
performance-oriented designs, the distributed environment in
which the application is deployed must be somewhat
predictable. That is, calculation of the optimal schedule often
requires accurate and a priori knowledge of system load,
communication latencies, and execution times of individual
tasks. With the current trend towards large-scale,
geographically separated systems with shared computational
resources, the assumption of exact knowledge of system
parameters is unrealistic. Hence, there is a need to incorporate
robustness into the design of distributed systems.
Robustness is the degree to which a system can function
correctly in the presence of inputs different from those
assumed [1]. A robust system continues to operate across a
wide range of operational conditions [2]. Robustness,
guarantees the maintenance of certain desired system
characteristics despite fluctuations in the behavior of its
component parts or its environment [3]. Robust systems
perform well across a wide range of operating conditions and
exhibit graceful degradation under anomalous conditions [4].
The importance of robustness in the design of complex and
distributed systems is well-established [5], [6].
1 Lecturer, Comp. Engg. Dept. LTCE, Navi Mumbai
+919987097715smitaattarde@gmail.com
2 Lecturer, Comp. Engg. Dept. LTCE, Navi Mumbai
+919892872002shital_kdhamal@rediffmail.com
Here, the idea is to improve the robustness of a distributed
system for applications that operate on a spanning tree overlay
network. Spanning trees are widely used in communication
networks as a means to disseminate information from one
node to all other nodes and/or to collect information at a
single designated node. The defining characteristic of such
spanning tree topology when compared to other types of
commonly seen spanning trees, is that the resulting trees
perform well for multiple, conflicting metrics. Techniques
such as admission control, system introspection, and adaptive
control are suggested to achieve robustness in distributed
applications [1]. These techniques are all adaptive in nature.
Here, a proactive approach toward robustness is taken, and,
therefore, adaptation is not required. Thus, this is most
appropriate in situations where an immediate change in the
network topology is undesirable.
About Spanning Tree Topology:
For many distributed applications, the routing of data and
messages takes place on a virtual overlay network that is
constructed on top of the underlying physical network. For
example, nodes in peer-to-peer systems are connected via the
physical links in the Internet; however, a node forwards
queries only to nodes in its own list of neighbors, thus
forming an overlay network. Not surprisingly, the topology of
such an overlay network plays a significant role in the
performance and efficiency of the distributed system. Herein,
those distributed systems are addressed, for which the overlay
network is a spanning tree, i.e., a connected network that
contains no cycles. Furthermore, one particular node in the
network is designated as the root node. The root node acts as a
collection point for data (as in a sensor network) and/or as a
load origination point for the distribution of work (as in
divisible load scheduling). Nodes are identified by indices and
the root node is always labeled with the numeral 1.
For a moderately sized network with just a few neighbors per
node, there exist many possible spanning trees. For a dense
network, the number is enormous. Given the numerous
possibilities, the most commonly seen forms of spanning trees
are the following:
Shortest paths:
The distance in edge weights of the path from each node to the
root node is minimum. Such a tree is efficiently constructed
by Dijkstra’s algorithm. This method is designated as SP.
Fewest hops:
The distance in number of hops along the path from each node
to the root node is minimum. This method is equivalent to SP
when all edge weights are equal and, therefore, Dijkstra’s
algorithm may be employed. This method is designated as FH.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 207

Proceedings of ICCNS 08 , 27-28 September 2008
Minimum weight:
The total sum of edge weights is minimum. Such a tree can be
constructed by either Kruskal’s algorithm or by Prim’s
algorithm [7] and does not take into consideration the location
of the root node. This method is designated as MST.
Spanning trees created by FH tend to be shallow and “fat,”
with the average node degree being fairly large. This is
because the only criterion for cost is the distance in hops from
the root with no consideration of edge weights. FH minimizes
the expected value of the amount of data loss when a node or
link fails. However, it is not the best choice for other
performance metrics such as power consumption. MST
produces trees that are very deep and “skinny.” This is natural
since the only criterion is edge weight and the location of the
root node is not taken into consideration. The shape of trees
produced by SP are influenced by the distribution of edge
weights, but they tend to be deeper and have smaller node
degrees than FH trees. In each of the three construction
methods above, the spanning tree that results may not be
unique. Hence, a probabilistic approach is taken to compute
the amount of data that is lost when nodes fail. Any two MST
trees of the same underlying original graph are equivalent in
the sense that they both have the same expected value for the
amount of data loss.
2. ROBUST SPANNING TREE TOPOLOGY
In this tree topology, a method is used in which, the trees that
are relatively immune to data loss when nodes or links fail,
can still be able to maintain good performance. Indeed, this is
the very notion of robustness. Through analysis and
simulation, it is shown that the spanning trees that perform
best for different, and even opposing, metrics are constructed
by considering a weighted combination of hop count and path
weight as follows:
λ x hop count + (1 - λ) x path weight (1)
where 0 ≤ λ < 1.
If more importance is placed on hop count, then the tree will
tend to be fat and shallow. Alternatively, more importance on
path weight means that the tree will be skinny and deep. The
type of tree that performs best depends on the metric of
interest.
In order to construct trees that perform well under a wide
variety of metrics, an attempt is made to make the tree fat near
the root and skinny further away from the root. The intuition
(with respect to data collection) is that, the further a message
has to travel to reach the root node, the more likely it is to
encounter a failed parent somewhere along the way. After a
message has traveled a certain distance, the network has
already “invested” resources (i.e., power and bandwidth) to
get the message that far. When a message gets close to the
root node, we want to give it the best possible chance to make
it the rest of the way so that its payload will be recorded. The
weight λ is really a function of a node’s depth in the tree.
When an edge (i,j) is being considered for inclusion in the tree
and i is the new vertex not already in the tree, then
λ i = 1 – (h i / ε 1 ) (2)
where h i is the hop count of node i from the root and ε 1 is the
eccentricity of the root node.
The eccentricity of a node is the largest of the shortest paths
from that node to all other nodes. Eccentricity is measured in
number of hops, not path weight. Alternatively, eccentricity is
the depth of the deepest leaf in the SP tree. However, note that
the eccentricity of a node is a characteristic of the underlying
graph; it is not a property of the overlay network. Using this
measure of eccentricity in (2) ensures that 0 ≤ λ i < 1 for all i.
It also effects values for λ i that are close to one when selecting
nodes that are near the root and values close to zero when
selecting nodes that are further from the root. This gives the
desired relative importance of hop count versus path weight in
(1). Two algorithms are presented for constructing a robust
spanning tree: a centralized version and a fully distributed
version.
2.1 A Centralized Algorithm
The centralized algorithm is appropriate in situations where
the node on which the algorithm runs has full knowledge of
the nodes and link speeds in the underlying network. This
algorithm is based on Prim’s algorithm for constructing MST.
Prim’s algorithm begins with a single node (the root node in
this case) and, at each iteration, the cheapest edge that
incorporates a new vertex is selected for inclusion in the tree.
For MST, the cheapest edge is simply the one with the
smallest edge weight (ties may be broken randomly). In this
algorithm, the cheapest edge is computed as in (1).
Algorithm 1: A centralized algorithm
Data : graph G = {V,E} with edge weights z i,j
compute the eccentricity of the root node ε 1 ;
initialize the tree with the root node only;
while there are still vertices not yet added to the tree do
for every vertex i not in the tree do
compute λ i = 1 – (h i / ε 1 );
compute ξi = λ i x h i + (1 - λ i ) x (ξ j + z i,j );
store the minimum cost found so far;
end
add the vertex i along edge (i,j) that achieves the
minimum cost;
end
2.2 A Distributed Algorithm
For some applications, it is unrealistic to assume that any
single node will have complete knowledge of the network. For
such applications, a distributed algorithm is required wherein
each node runs the same algorithm and the tree is constructed
after each node exchanges a series of messages with its
neighbors. The well-known Bellman Ford algorithm can be
used in this manner to construct SP and FH trees. To illustrate
the effect of this algorithm, Fig. 1 shows the results of the four
different construction methods that has been discussed. The
underlying graph for this figure is a 100-node random graph
wherein each node has between 20 and 30 neighbors,
uniformly distributed. The edge weights are uniformly
distributed between .1 and 10.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 208

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 2 shows a small sensor network that consists of seven
nodes. An edge between two nodes indicates that they
Fig. 2. A small sensor network.
can communicate directly. The edge weight is the amount of
power required to transmit a single message between the two
nodes. A larger weight indicates a greater distance or an
obstruction. Node 1 is the root node. It is the collection point
to which all other nodes must route their data.
Fig. 1. Spanning trees constructed from a 100-node random
graph. The node degrees of the original underlying graph are
distributed uniformly between 20 and 30 neighbors. Fig. 1d is
the spanning tree constructed by Algorithm 1. All nodes are
just a few hops from the root, which allows shorter paths for
data transmission than the SP and MST trees of Figs. 1a and
1c, respectively. In addition, the relatively low number of
highly connected nodes means that there is less chance of
massive data loss as compared to the fewest hops spanning
tree of Fig. 1b. (a) SP. (b) FH. (c) MST. (d) RB.
Fig. 1d shows the robust spanning tree from our distributed
algorithm. It is closest in form to the FH spanning tree shown
in Fig. 1b; however, the distribution of node degrees is not as
heavy tailed as in FH. Hence, the failure of any particular
node will not result in as much disruption to the network as
the loss of a highly connected node in the FH tree. The RB
tree in Fig. 1d was constructed using the centralized
algorithm. Both versions of the algorithm are heuristic in
nature. They do not necessarily produce the exact same tree;
however, they do produce trees with the same properties since
they both use exactly the same cost function.
3. Application to Sensor Networks
Several different application areas are now employing
wireless sensor networks [8], [9], [10]. The model of data
flow in such systems is many-to-one, which naturally
corresponds to a spanning tree topology. Messages are
forwarded up the tree from child to parent to the root node
which is typically connected to a storage device and/or a
wired network. The overlay network upon which data is
routed affects both the fault tolerance and the longevity (via
battery life) of the system [11]. In this regard, the primary
characteristics are the distribution of node degrees and the
depth of the tree. In general, nodes that transmit over longer
distances or through obstructions consume more power.
Fig. 3. Spanning trees of the sensor network of Fig. 2. (a) SP.
(b) FH. (c) RB.
The SP, FH, and RB spanning trees for this network are
shown in Fig. 3. In this case, the MST tree happens to be the
same as the SP tree. In the next two sections, metrics for data
loss and power consumption are defined. Using these metrics,
the robust spanning tree topology RB is compared with the
SP, FH, and MST topologies.
3.1 Expected Data Loss
Consider a tree T with vertex set V(T) and edge set E(T). Let
m i be the number of nodes in the subtree rooted at node i
(including node i itself) and let q i be the probability that node i
will fail. Then, the expected value of data loss L given that
exactly one node fails is
where
(4)
It is assumed that all nodes have an equal probability of
failure. The expected value of data loss then becomes
E {L | exactly one node fails with equal probabilities}
(5)
(3)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 209

Proceedings of ICCNS 08 , 27-28 September 2008
where n = |V{G}| is the number of nodes in the graph. Using
(5), the expected data loss of the spanning tree in Fig. 3a is
E{L} = 1/6 (6 + 1 + 2 + 1 + 1 + 1) = 2.0. (6)
Similarly, for Fig. 3b, E{L} = 1.5, and for Fig. 3c, E{L} =
1.667. In this case, the FH spanning tree admits the smallest
value for expected data loss. This is intuitive since the depth
of the tree is as small as possible.
3.2 Power Consumption
Nodes consume power when they transmit and receive data.
More power is required to transmit and receive over longer
distances and through obstructions. Let m i be the number of
nodes in the subtree rooted at node i and z i,j be the weight on
the link from node i to its parent node j. Then, the total
network power P required to collect a single data observation
is
(7)
Using the spanning trees of Fig. 3 to illustrate the calculation,
the total network power for the SP tree of Fig. 3a is (going
breadth-first through the tree)
P = (6 x 1) + (1 x 1) + (2 x 2) + (1 x 1) + (1 x 1) + (1 x 1) =
14 (8)
Similarly, P for the FH tree of Fig. 3b is 17, and P for the
robust tree of Fig. 3c is 16. It can be shown that SP trees will
admit the minimal values for P. This is natural since the
weights on the paths to the root node are smallest. Now, the
trade-off between expected data loss and power consumption
can be seen. At one end of the spectrum, SP trees use low
power, but expose the network to greater possibilities of data
loss when nodes fail. At the other end, FH trees minimize
expected data loss, but consume more power on the whole.
5.3 Simulation and Results for Randomly Generated
Networks
Using the metrics that are defined for expected data loss and
power consumption, now the performance and robustness of
different spanning trees is evaluated via simulation on three
categories of randomly generated networks. The three
categories are: Sparse: Each node has between 1 and 10
neighbors; Medium: Each node has between 20 and 30
neighbors; Dense: Each node has between 40 and 50
neighbors. The number of neighbors is uniformly distributed
in the respective ranges. For each category, 100 random
graphs are generated using the method and software described
in [12]. The edge weights for all three categories were
uniformly distributed between 0.1 and 10. For each of the
three categories, the data loss and power consumption metrics
presented in the previous sections were computed for each of
the 100 randomly generated graphs.
Fig. 4. Expected data loss results on randomly generated
networks.
As shown in Fig. 4, with respect to data loss, the RB trees
perform quite well. However, the real benefit of the RB
method comes from the combination of low data loss and
relatively low power consumption. This can be seen in the
results for network power consumed and the maximum power
used by any one node, as shown in Figs. 5a and 5b,
respectively.
4. APPLICATION TO DIVISIBLE LOAD SCHEDULING
Divisible Load Scheduling (DLS) is the process of
simultaneously scheduling the data and computations of a data
parallel application onto multiple processors. In the basic
version of the problem, the data originates at a single
processor (the root node) and the objective is to assign each
processor an amount of data such that the total time to
transmit and process all of the data (the makespan) is
minimized. Thus, the flow of data is reversed when compared
to the data collection operation of sensor networks. To solve
the DLS problem, a technique is used which distributes the
data onto a spanning tree of the underlying network [13].
4.1 Tree-Based Solutions
A technique called RAOLD-OS (Resource Aware Optimal
Load Distribution with Optimal Sequencing), is used for
allocating divisible loads to processors in arbitrary networks.
This method generates a minimum-weight spanning tree
(MST) on the arbitrary network and then solves the DLS
problem on that tree. The principle of optimality in the DLS
literature states that, in the optimal allocation of load, all
processors must stop executing at the same time instant [14].
Otherwise, some processor will be idle and could have
accepted more load, thus reducing load on other processors
and shortening the makespan.
Constructing a spanning tree overlay network on an arbitrarily
complex architecture is a natural approach to
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 210

Proceedings of ICCNS 08 , 27-28 September 2008
show the best performance in terms of makespan. However,
the RB spanning trees exhibit the second-best makespan
values and it is seen in the next section that this performance,
combined with their robustness to network disruptions, makes
them very attractive candidates on which to solve the DLS
problem.
Fig. 6. An example network for the DLS problem.
Fig. 5. Power consumption results on randomly generated
networks. (a) Network power. (b) Max power.
simplifying the problem. So, given an arbitrary network, the
optimal solution to the DLS problem occurs on a spanning
tree [15]. Furthermore, the RAOLD-OS procedure finds the
optimal solution for the particular spanning tree on which it is
executed [13]. Here, the optimality criterion is not addressed
directly, but rather, our goal is to identify spanning trees that
are easy to construct and that exhibit qualities of fast
processing time and robustness to network disruptions. The
spanning trees generated by the centralized Algorithm satisfy
this goal.
Consider examining the optimal solutions for the example
network in Fig. 6 and its associated spanning trees in Fig. 8
when there is no disruption to the network. That is, all
transmission links and processors operate at their prescribed
speeds. For this example, all processors operate at the same
speed of ω = 1.
Node 1 is the load origination point and the total amount of
workload to be transmitted and processed is L = 1,000. The
percentage of the total load assigned to processor i is α i .
Naturally, all of the load allocation percentages must sum to
one. For most DLS problems on arbitrary networks, SP admits
the smallest makespan. However, the network of Fig. 6 serves
as an example that this is not always the case.
The optimal load allocations and makespans listed in Table 1
show that FH and RB give smaller makespan values. Fig. 8
shows more comprehensive results for solving the DLS
problem on two sets of randomly generated networks:
medium-density and dense. The results for sparse networks
are not shown because the performance of all spanning trees
was approximately the same. As indicated earlier, SP trees
Fig. 7. Spanning trees of the network in Fig. 6. (a) SP. (b) FH.
(c) RB.
4.2 Transmission Delay
Similar to the way we measured data loss for sensor networks,
a probabilistic approach is taken to measure transmission
delay for the DLS problem. Let z i,j be the inverse speed of the
link from node i to node j. The units of z i,j are seconds per unit
of work and hence smaller values indicate faster transmission
speeds. T cm is the time to transmit a standard unit of workload.
Now, the expected transmission delay is computed that would
occur if a link (i,j) exhibits congestion and its bandwidth is
reduced to a certain percentage of its full capacity, specified
by k, where 0 < k ≤ 1.
TABLE 1
Optimal Load Allocation Percentages for the Network of Fig.
6
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 211

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 8. Average finish time (or makespan) for the DLS
problem on
randomly generated networks.
Let x i,j be the total amount of workload transmitted on link
(i,j). Let q i,j be the probability that link (i,j) exhibits the
performance degradation specified by k. Then, the expected
value of the total amount of transmission delay D is
(8)
where the summation is over all links in the tree T. Equation
(17) is used to compare the robustness of the spanning trees in
Fig. 7 and a single link congestion in the amount k = .50.
Recall that we do not know in advance exactly which link will
be congested, so, for this example, it is assumed that all links
have an equal probability of being congested, i.e., q i,j = 1/6 for
all links (i,j) in the spanning tree. For the spanning tree of Fig.
7a, setting all processor speeds ω i = 1, L = 1,000, T cm = 1, and
factoring the constant terms gives
E{D| single link congestion, k = .50} =
(9)
The same parameters for the FH spanning tree of Fig. 7b give
E{D}= 74.1 and, for the RB spanning tree of Fig. 7c, give
E{D} = 71.0. SP (which happens to be the same as MST in
this small example), which shows the greatest robustness to
link congestion. Fig. 10a shows the results of expected
transmission delay for the two sets of randomly generated
networks. RB and MST are the most robust, with MST being
slightly better for medium-density networks and RB being
slightly better for dense networks. For both categories of
network density, RB shows more robustness than SP to link
delay. Thus, it is seen that the RB spanning trees of the
centralized Algorithm again achieve a desirable trade-off:
acceptable performance and very good robustness to link
congestion.
5. CONCLUSION
Robustness is an important property for distributed computing
systems. These systems are subject to resource contention and,
hence, node failures and transmission delays are common
enough to warrant their consideration in system design. This is
especially true when the application designer has some control
over the manner in which data is routed and computations are
performed, such as the choice of topology for an overlay
network. In this work, we presented a methodology for
constructing a spanning tree overlay network that exhibits
robustness to network disturbances. The construction
technique employs a weighted formula for hop count and path
weight that changes the relative importance as the distance
from the root node changes. This results in trees that perform
well for a wide variety of metrics. When compared to the most
common forms of spanning trees, our robust trees are closest
in appearance to fewest-hops spanning trees. To construct
such a topology, we presented both centralized and fully
distributed versions of the algorithm.
6. REFERENCES
[1] S.D. Gribble, “Robustness in Complex Systems,” Proc. IEEE
Eighth Workshop Hot Topics in Operating Systems, pp. 21-26, May
2001.
[2] D. England, J. Weissman, and J. Sadagopan, “A New Metric for
Robustness with Application to Job Scheduling,” IEEE Int’l Symp.
High Performance Distributed Computing (HPDC-14 ’05), July
2005.
[3] D. Oppenheimer, V. Vatkovskiy, and D.A. Patterson, “Towards a
Framework for Automated Robustness Evaluation of Distributed
Services,” S.O.S. Survivability: Obstacles and Solutions, Proc.
Second Bertinoro Workshop Future Directions in Distributed
Computing (FuDiCo II), June 2004.
[4] M. Aldana and P. Cluzel, “A Natural Class of Robust Networks,”
Proc. Nat’l Academy of Sciences of the United States of Am., vol.
100, pp. 8710-8714, July 2003.
[5] R. Albert, H. Jeong, and A.L. Baraba´si, “Error and Attack
Tolerance of Complex Networks,” Nature, vol. 406, pp. 378-382,
July 2000.
[6] J.M. Carlson and J. Doyle, “Highly Optimized Tolerance:
Robustness and Design in Complex Systems,” Physical Rev.
Letters, vol. 84, pp. 2529-2532, 2000.
[7] D.B. West, Introduction to Graph Theory, second ed. Prentice
Hall, 2001.
[8] D. Ganesan et al., “Large-Scale Network Discovery: Design
Tradeoffs in Wireless Sensor Systems,” Proc. Symp. Operating
Systems Principles (SOSP ’01), Oct. 2001.
[9] I.F. Akyildiz et al., “A Survey on Sensor Networks,” IEEE
Comm. Magazine, vol. 40, no. 8, pp. 102-116, Aug. 2002.
[10] K. Sohrabi et al., “Protocols for Self-Organization of a Wireless
Sensor Network,” IEEE Personal Comm., pp. 16-27, Oct. 2000.
[11] P. Santi, “Topology Control in Wireless Ad Hoc and Sensor
Networks,” ACM Computing Surveys, vol. 37, no. 2, pp. 164-194,
June 2005.
[12] F. Viger and M. Latapy, “Efficient and Simple Generation of
Random Simple Connected Graphs with Prescribed Degree
Sequence,” Proc. 11th Int’l Computing and Combinatorics Conf.,
Aug. 2005.
[13] J. Yao and B. Veeravalli, “Design and Performance Analysis of
Divisible Load Scheduling Strategies on Arbitrary Graphs,”
Computing, vol. 7, no. 2, pp. 191-207, 2004.
[14] V. Bharadwaj et al., Scheduling Divisible Loads in Parallel and
Distributed Systems. IEEE CS Press, 1996.
[15] D. England, “Robust Design for Distributed Computing
Systems,” PhD dissertation, Dept. of Computer Science and Eng.,
Univ. of Minnesota, Twin Cities, June 2006.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 212

Proceedings of ICCNS 08 , 27-28 September 2008
Hybrid Chaining Scheme for Video-on-Demand
Applications Based on Popularity
R. Roopalakshmi, R. Ashok Kumar
Abstract—A true Video-on-Demand (VoD) service, specifies the
transmission of a dedicated video stream from a video server to the
subscribed user. In proxy assisted transmission schemes, although it
reduces load on server and increases network efficiency, but when
scalability of network increases, server faces significant efficiency
degradations. In this paper, we propose a new popularity based
chaining approach, which allows the clients to serve video streams to
other clients, by means of unicasting. In this way more clients can be
chained together. This hybrid scheme results in: (1) Increase in
servicing capability of a proxy server, (2) Makes good use of clients
uplink bandwidth. (3) Optimum utilization of proxy server resources
and also (4) To provide fast and better video streaming service. Our
simulation results show that, the utilization of proxy server resources
using proposed hybrid scheme are much lower than those of existing
chaining scheme. This hybrid scheme is easily deployable and cost –
effective, in terms of minimizing the rejection rate of movie requests.
Keywords— Chaining, proxy caching, streaming, video-on-demand.
I.INTRODUCTION
The primary challenges of VoD Application are,
To enable efficient transmission, by making
minimum use of network resources & video servers.
To provide scalability, by accommodating huge
number of clients and
On – demand delivery of movie files with low
latencies.
In all VoD applications, transmission bandwidth of server
and network bandwidth are significant factors, and restrict
service scale of given network. Different multicast based
approaches such as Batching [1], Patching [2] techniques have
been proposed. An alternative to multicast based approaches is
proxy based approaches, in which proxy servers are placed
between video servers and client systems. Proxy caching was
originally proposed for WWW (World Wide Web), and now it
is widely deployed. The proxy server is a small size video
server caches and controls the video stream. The proxy based
schemes save network & server bandwidth, balance network
load, reduce network latency and provide better content
availability. These features make proxy based schemes to be
widely useful in context of video streaming. Even in proxy
based schemes [3], [4], [10], and [11] the proxies suffer due to
the given problems,
R. Roopalakshmi is with B.M.S. College of Engineering, Bangalore,
560019, under Visvesvaraya Technological University, INDIA (phone: 99722
46013; fax: 91-80-8362393; e-mail: roopalakshmi@ bmsce.ac.in, r_roopalakshmi@hotmail.com).
R. Ashok Kumar is with VIT University, Vellore, INDIA. (e-mail: rak_bms@hotmail.com).
Proxies can cache only limited movie files at any
instant of time, because of significant larger size of
movie files, compared with typical text files.
Since caching at proxies is limited, it leads to
redirection of more requests to central server.
Servicing of requests by a proxy is mainly influenced
by the servicing capability of given proxy server.
To address above problems, different chaining schemes have
been proposed. The main idea of all these chaining approaches
is, different clients requesting same movie can be chained
together and can be served using single server stream. In
Extended chaining [5] scheme, given client buffer is used as a
backward buffer or backward bridge for succeeding client in
the given video chain. In this scheme, the video chain breaks,
when the backward buffer is smaller than the playback gap
between two consecutive clients, requesting same movie. To
solve this problem Chen et al. [6] introduced an Adaptive
chaining scheme uses two–way bridging technique, by
utilizing both forward & backward client buffers. In this
scheme, unused fragments or segments of client buffers cannot
be used. To address this problem, Te-Chou Su et al. [7]
presented a new technique Optimal Chaining, which utilizes
two way bridging and also allows usage of buffers of other
clients. P-Chaining [8] scheme, mainly focuses on reducing
the server overhead of VCR operations. When the server
receives a new service request, it sends the client the partial
list of candidate nodes playing the demanded video object.
The client selects one of them as a server node instead of the
server. Then, when the client is forced to change its server
node because of VCR operations by itself or its server node, it
does not contact the server but selects another server node
from its local candidate node list. The client requests a new
candidate node list from the server when no nodes in the
current list are available. If there is no candidate node in the
new server list, the server provides the service directly. In this
way, P-chaining reduces significant overhead in server
workload, but still popularity of movies and distance
information about clients are not discussed. In practical
situations, in most of the VoD based applications, the
popularity of given movie can be a significant factor for its
transmission. This paper presents an approach, which
implements chaining operation by considering the popularity
of movies and distance information.
The rest of this paper is organized as follows –
Section II explains proposed approach and algorithm, Section
III presents simulation scenario of given approach, Section IV
presents results and discussion and Section V presents
conclusion and future enhancements of given approach.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 213

Proceedings of ICCNS 08 , 27-28 September 2008
II. PROPOSED APPROACH & ALGORITHM
The proposed VoD system is given in Fig. (1). This
VoD system includes three different hierarchy levels, top level
hierarchy is the central multimedia server, stores and
maintains the entire collection of movies. This central
multimedia server is connected to group of proxy servers.
Each proxy server is connected to limited number of regions,
where each region in turn includes group of end users or client
systems. Within every region the clients are connected to each
other by means of point–to-point links. The architecture of
server and client modules are shown in Fig. (2).The central
multimedia server contains multimedia database, multimedia
distribution controller, and video profile. The proxy server
contains request handler, video buffer, video streaming
controller, cache module, proxy navigation module, chaining
controller, and popularity agent. The client system contains
display module, client video buffer and chaining agent. The
functionalities of these components can be explained as
follows:
Video Profile: This profile contains all movie details, present
in central multimedia server. The movie details like movie id,
movie size, movie duration etc., are stored in video profile.
Multimedia Database: The whole collection of movies of
central multimedia server is stored and maintained in this
multimedia database.
Fig. (1) Video-on-Demand System
Fig. (2) Architecture of Server and Client modules
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 214

Proceedings of ICCNS 08 , 27-28 September 2008
Multimedia Distribution Controller: This distribution
controller contains details about all clients, and all proxy
servers connected to it. The movie requests from proxy servers
are handled by this distribution controller.
Request Handler: This handles clients movie requests. When
a client makes movie request, request handler checks
authorization of given client, by means of verifying login and
subscription details of given client.
Video Streaming Controller: When a movie request comes,
video streaming controller checks the existence of requested
movie in video buffer. In case of existence of requested movie
in video buffer, video streaming controller intimates chaining
controller to proceed with chaining operation. In case of
absence of movie in video buffer, video streaming controller
contacts proxy navigation module, in order to search for
requested movie among its nearest proxies. When popularity
of a movie falls below the threshold value, video streaming
controller deletes given movie from video buffer.
Cache Module: In the absence of requested movie in video
buffer, video streaming controller initiates cache module.
Cache module caches or gets requested movie from central
multimedia server and stores the movie in video buffer.
Chaining Controller: chaining controller maintains given
two different lists of clients, and periodically updates them,
Active Clients List - This list contains movie requests
details, currently serviced by a proxy server. Each
entry in this list includes, requested movie_ id,
requested client_ id, region_id, popularity of given
movie file and status of given streaming operation.
Passive Clients List - This list contains movie
requests details, already serviced by the given proxy
server. Each entry in this list includes, requested
movie_ id, requested client _ id, region _ id,
popularity of given movie file and time stamp details.
Popularity Agent: This agent uses number of hits vs. time
duration metric, and calculates popularity of movie files.
Based upon hit ratio, popularity agent periodically updates
popularity of movies and intimates modified popularity of
movies to all clients. When popularity of a movie file falls
below the threshold value, popularity agent contacts video
streaming controller.
Video Buffer: In our implementation, video buffer is the
database of proxy server and contains all movies received
from central multimedia server. When popularity of a movie
falls below the threshold value, the given movie file is
removed from video buffer.
Proxy Navigation Module: In the absence of requested
movie in video buffer, video streaming controller contacts
proxy navigation module. This module initiates searching
operation, to search requested movie in its nearest proxies.
Display Module: This module controls and plays back movie,
received from proxy server or from other clients.
Client Video Buffer: All movies of a client are stored in this
video buffer .Client system periodically checks {Popularity,
Time stamp} details for every movie file stored in its video
buffer and updates popularity of movies .Whenever popularity
of any movie falls below the threshold value, then the movie
removed from client video buffer.
Chaining Agent: This agent is the main controller of chaining
operation at the client machine and also it handles chaining
requests for movies from proxy server .The chaining agent
always maintains active chaining list of clients, currently
served by this agent. When there is a request for chaining
operation from proxy server, chaining agent checks existence
of requested movie in its video buffer and also checks
region_id of requested client. In case of existence of requested
movie and also region _id of both the clients matches,
chaining agents initiates and controls chaining operation. In
absence of requested movie, chaining agent rejects movie
request.
Hybrid chaining algorithm:
When a movie file is requested by a client, request
handler checks the user details, and passes that request to
video streaming controller. Video streaming controller checks
existence of requested movie in video buffer. If movie exists,
then streaming controller communicates with chaining
controller to proceed the servicing operation. In the absence of
movie in video buffer, chaining controller initiates proxy
navigation module or cache module in order to get requested
movie. The chaining controller checks active and passive list
of clients and intimates client details that stores same movie
(within its region) to requested client system, and thereby
initiates chaining operation. In case of absence of requested
movie in both active and passive list of clients, proxy server
starts streaming operation of requested movie to requesting
client.
Proxy server executes given algorithm, upon
receiving a movie request from a client. First proxy checks
requested movie in its active list of clients (lines 4-7). Then
proxy server checks for requested movie in its passive list of
clients (lines 9-14). In case of absence of requested movie file,
proxy server initiates searching operation in its nearest proxies
(lines 16-17).The proxy server executes pop_check
procedure(lines 1-7) to check popularity of given movie falls
below the threshold values. Proxy server compares
{popularity, time stamp} values to find out the existence of
given movie in client video buffer. If popularity of a movie
increases, automatically the life time of that movie in client
video buffer also increases. In the absence of movie in client
video buffer, proxy server starts streaming operation of movie.
A client system, after receiving a chaining request
from proxy server, executes given client chaining algorithm,
as specified below. Client first checks the region _ id of
requested client .If both the clients belong to same region, and
requested movie exists in client video buffer (lines 1-4) then
chaining operation starts. If both the clients belong to different
region, chaining -not possible message is given to proxy
server (lines 8-9). In the absence of requested movie file in
client video buffer, chaining request is rejected (lines 5-6).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 215

Proceedings of ICCNS 08 , 27-28 September 2008
Nomenclature:
C = {c 1, c 2 ...c n} -> List of Client systems
P = {p 1, p 2,… p m} -> List of Proxy servers
R = {r 1 ,r 2,r 3,.. r x } -> Group of regions under proxy server p i , where each r i -> {c 1, c 2, ...c k } and k List of movie files
Pop = Popularity of given movie file, where Pop min ≤Pop (μ i) ≤Pop max.
S = Status of current streaming operation
T = Time stamp value.
α -> {μ i, c i, r i, Pop, S} -> Active list of clients.
β -> {μ i, c i, r i, Pop, T} -> Passive list of clients.
VB = Proxy server video buffer
VC = Client system video buffer
HYBRID CHAINING –PROXY SERVER AND CLIENT ALGORITHMS:
Proxy Server upon receiving request for μ k from c k of r k:
1 Pop min (μ k) = Pop min (μ k) +1;
2 If μ k is in VB then
3 {
4 If (r k of c k == r i of μ k in α) then /* checks currently streaming same movie to same region*/
5 {
6 chaining starts from ci to ck, where c i, c k є r i
7 }
8 else
9 {
10 If (r k of c k == r j of μ k in β) then /* checks already streamed same movie to same region*/
11 Pop_check ( ); /* calls Pop_ check procedure*/
12 else
13 streaming μ k from p i to c k of r k.
14 }
15 }
16 else
17
m
search for μ k in p i where ∑ i=1 p i. /* search requested movie in other proxy servers*/
1 Procedure Pop_check ( ) /* to check existence of movie in client video buffer*/
2 {
3 check if ((Pop (μ k) > Pop min) & (Pop (μ k) ≤ Pop max)),
4 check {popularity, time stamp} values
5 If μ k exists in VC of c j ,then
6 chaining starts from c j to c k ,where c j, c k є r j
7 }
Client c i , upon receiving chaining request from Proxy server p i, where μ k is requested movie, c k is requested client :
1 If ( r i of c i == r k of c k ) then /* if both the clients belong to same region*/
2 {
3 If μ k exists in VC
4 c i starts chaining μ k to c k, where c i, c k є r k
5 else
6 reject movie request
7 }
8 else /* If clients belong to different regions*/
9 send Chaining – Not Possible message to p i.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 216

Proceedings of ICCNS 08 , 27-28 September 2008
III .SIMULATION MODEL
The proposed chaining scheme is implemented using
Network Simulator, version-3 (ns-3) [9]. This ns-3 is a
discrete-event network simulator targeted primarily for
research and educational use. In ns-3 coding can be done using
C++ Programming language. It is aimed at comprehensively
redesigning and enhancing the popular network simulator ns-
2.
The simulation model consists of central multimedia
server, proxy servers and group of clients which are
distributed in different regions. The clients request arrival
pattern for the movies is randomly generated using triangular
variable distribution method. The time required for real time
transmission of a movie is directly proportional to the actual
size of the movie. The simulation was carried out for 1000
seconds, with one central multimedia server, 2 proxy servers
and 150 client systems. Each proxy server is connected to 5
different regions, where each region consists of 15 client
systems. The server had 100 movie files, where size of these
movies varies between 3 MB to 4MB. The proxy server
buffer was large enough to hold 50% of the data on the server,
effectively 50 movie files. The server to proxy bandwidth was
assumed to be 1Gbps and the proxy to client bandwidth was
assumed to be 10Mbps.
The given chaining algorithm is simulated up to four
levels of chaining operation.(i.e.) single client system can
chain movie file up to four different clients of same region.
The packet size for each movie file transmission is calculated
by using the given formula:
If, movie file size = Ω MB.
Packet size (bytes) = ( 0.1 % of Ω MB ) .For example , if
movie file size is 3.5 MB, then for the transmission of entire
movie,1000 packets, each of size 3500 bytes will be
transmitted. The following parameters were used in the
simulation:
Request arrival pattern
Fig. (3) Snapshot showing Transmission of Movie
Request servicing rate
Request rejection rate
Bandwidth utilization of proxy server
Buffer space of proxy server.
IV. RESULTS AND DISCUSSION
Fig. (3) shows snapshot of trace file, which indicates
transmission of requested movie (i.e.) movie5 to client id 12,
and this client chains the same movie to 4 different client
systems namely client id 0, client id 3, client id 6 and client id
9 respectively.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 217

Proceedings of ICCNS 08 , 27-28 September 2008
The graph, shown in Fig. (4) gives details about
servicing capability of given proxy server, using Hybrid
chaining and P-chaining approaches. The first line in graph
indicates request arrival pattern within specified duration.
Initially, the request servicing rate of proxy server is almost
same in both hybrid chaining and p-chaining approaches (i.e.)
10, 9 out of 10 requests respectively. But graph shows that
latter the servicing rate of proxy using hybrid scheme
increases at the rate of 32, 38, 39 etc., when compared with
that of p-chaining scheme. The simulation results show that,
the hybrid chaining approach increases request servicing rate
of given proxy server.
The graph in Fig. (6) gives details about buffer size
utilization of given proxy server. The maximum buffer size of
proxy server is assumed as 30MB. Initially, both hybrid
chaining and p-chaining approaches are utilizing almost same
amount of buffer space (i.e.) approximately between 550KB to
1120KB of buffer space. But latter, the buffer utilization of
proxy server using hybrid chaining scheme is reduced to
greater extent. The simulation graph shows that proposed
hybrid chaining algorithm, utilizes maximum of 3500KB of
buffer space for its chaining operation, whereas in case of p-
chaining approach, maximum of 17541 KB buffer space is
utilized for its operation, which is comparatively larger than
former approach.
Fig. (4) Request servicing rate
In Fig. (5), the graph shows details about requests
rejected by given proxy server within the specified time
duration of 1000 seconds. Initially number of requests rejected
by given proxy server is same in both the chaining schemes
(i.e.) request rejection rate is 2. But, the graph shows that after
400 seconds, the request rejection rate using hybrid scheme
varies between the range of 5 to 8, whereas in p-chaining
scheme, request rejection rate varies between the range of 12
to 15. The simulation results show that, the proposed hybrid
chaining the proposed hybrid chaining approach minimizes
request rejection rate of given proxy server.
Fig. (6) Buffer space utilization of proxy server
The graph in Fig. (7) explains about bandwidth
utilization of given proxy server. Initially bandwidth
utilization of proxy server is almost same in both the chaining
approaches. (i.e.) approximately between 2300 Kb/s to
2520Kb/s. But latter using proposed hybrid chaining scheme,
the graph shows that bandwidth utilized by proxy server is
reduced to 506.5 Kb/s, when compared to that of p-chaining
scheme.
Fig. (5) Request rejection rate
Fig. (7) Bandwidth utilization of proxy server
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 218

Proceedings of ICCNS 08 , 27-28 September 2008
V.CONCLUSION AND FUTURE ENHANCEMENTS:
Chaining scheme is an effective technique to reduce
the number of required server streams in video streaming
applications. To improve efficiency of chaining approach, in
this paper, we have proposed a hybrid chaining approach,
which makes use of popularity of movies and distance
information about clients for its operation. The simulation
results show that, this algorithm increases servicing capability
of proxy server. The simulation results also show that the
utilization of server resources is comparatively lower than that
of existing chaining scheme. This hybrid scheme is easily
deployable and cost–effective, in terms of minimizing the
rejection rate of movie requests.
Further work is being carried out to include fault–
tolerance features to the proposed algorithm, if video chain
between two clients breaks, then revised algorithm can handle
that situation in a successful manner.
REFERENCES:
[1] W.-F. Poon, K.-T. Lo, and J. Feng, “Adaptive
batching scheme for multicast video-on- demand
systems,” IEEE Trans. Broadcast., vol. 47, no. 1, pp.
66–70, Mar. 2001.
[2] S.Sen, L. Gao, J. Rexford, and D. Towsley, “Optimal
patching scheme for efficient multimedia streaming,”
in Proc. NOSSDAV, Basking Ridge, NJ, Jun. 1999.
[3] Bing Wang, S. Sen, Micah Adler, and Don Towsley,
“Optimal Proxy Cache Allocation for Efficient
Streaming Media Distribution”, IEEE Trans.
Multimedia, vol. 6, no. 2, April 2004
[4] G. Barlas, B. Veeravalli, “Optimized Distributed
Delivery of Continuous-Media Documents over
Unreliable Communication Links “, IEEE Trans.
parallel and distributed systems, vol. 16, no. 10,
October 2005.
[5] S. Sheu, K. A. Hua, and W. Tavanapong, “Chaining:
a generalized batching technique for video-ondemand
systems,” in Proc. IEEE Int. Conf.
Multimedia Computing and Systems, Ottawa,
Canada, 1997.
[6] J. K. Chen and J. L. C. Wu, “Adaptive chaining
scheme for distributed VOD applications,” IEEE
Trans. Broadcast., vol. 45, no. 2, pp. 215–224, Jun.
1999.
[7] Te-Chou Su, Shih-Yu Huang, Chen-Lung Chan, and
Jia-Shung Wang, “Optimal Chaining Scheme for
Video-on-Demand Applications on Collaborative
Networks,” IEEE Trans. multimedia, vol. 7, no. 5,
October 2005 .
[8] Hyunjoo Kim and Heon Y. Yeom, “P-chaining: a
practical VoD service scheme autonomically
handling interactive operations,” Multimedia Tools
Appl, Springer Science, Business Media, LLC 2007.
[9] http://www.nsnam.org/
[10] Frederic Thouin and Mark Coates, McGill
University, “Video- on- Demand Networks: design
Approaches and Future Challenges,” IEEE Network,
March/April 2007.
[11] Yi J. Liang, and Bernd Girod, “ Network-Adaptive
Low-Latency Video Communication Over Best-
Effort Networks ,”IEEE Trans. circuits and systems
for video technology, vol. 16, no. 1, January 2006.
[12] Rocha M ,Maia M , Cunha I, Almeida J, Campos S,
“Scalable media streaming to interactive users,”.
Proc. ACM Multimedia, pp 966–975, November
2005.
[13] SchultzJJ, Znati T,”An efficient scheme for chaining
with client-centric buffer reservation for multi-media
streaming,” Proc. of the 36th Annual Simulation
Symposium (ANSS’03), pp 31–38, 2003.
[14] Hua KA, Tantaoui MA, Tavanapong W “Video
delivery technologies for large-scale deployment of
multimedia applications,” Proc IEEE 92(9):1439–
1451, 2004.
[15] Costa C, Cunha I, Borges A, Ramos C, Rocha M,
Almeida J, Ribeiro-Neto B, “ Analyzing client
interactivity in streaming media,” Proc. of the
<strong>International</strong> World Wide Web <strong>Conference</strong>, pp 534–
543, May 2004.
[16] Do T, Hua KA, Tantaoui M,” P2VoD: providing fault
tolerant video-on-demand streaming in peer-to-peer
environment.” In: Proc. of the IEEE <strong>International</strong>
<strong>Conference</strong> on Communications, pp 1467–1472, June
2004.
[17] Yang XY, Hernandez P, Ripoll A, Suppi R, Luque E,
Cores F ,” Distributed P2P merging policy to
decentralize the multicasting delivery,” Proc. of the
31st EUROMICRO 30-03, pp 322– 329,
conference,(EUROMICRO-SEAA’05), August 2005.
[18] O. Verscheure, C. Venkatramani, P. Frossard, and L.
Amini, “Joint server scheduling and proxy caching
for video delivery,” in Proc. 6th <strong>International</strong>
Workshop on Web Caching and Content Distribution,
June 2001.
[19] S. Sen, L. Gao, and D. Towsley, “Frame-based
periodic broadcast and fundamental resource
tradeoffs,” in Proc. IEEE <strong>International</strong> Performance
Computing and Communications <strong>Conference</strong>, April
2001.
[20] C. Diot, B. Levine, B. Lyles, H. Kassan, and D.
Balsie fien, “Deployment issues for the ip multicast
service and architecture,” IEEE Network, January
2000.
[21] B.Wang, S. Sen, M. Adler, and D. Towsley, “Proxybased
distribution of streaming video over
unicast/multicast connections,” University of
Massachusetts, Amherst, 2001.
[22] H.Schulzrinne,A.Rao,and R.Lanphier, “Real time
streaming protocol(RTSP),request for comments
2326,” April 1998.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 219

Proceedings of ICCNS 08 , 27-28 September 2008
Broadband Network for Live EduSat
Connectivity of <strong>Conference</strong> Proceedings
M.Murugan 1 , N.P.Pathak 2 , A.S.Tavildar 3 and M.J.Khurjekar 4
Abstract: The objective of this article is to present a true broadband
network architecture specially designed and implemented for live
broadcast of the proceedings of the National <strong>Conference</strong> on
Broadband Communication Systems (NCBCS 2006) held during 2 nd -
3 rd September 2006 at Vishwakarma Institute of Information
Technology (VIIT), Pune. The paper describes various entities
involved in this adventure as well as the technical and design aspects
considered for the undisrupted connectivity through the EduSat with
the help of 512K leased line.
Key words: Broadband, edusat, network, proceedings.
I. INTRODUCTION
During the preparation of the National <strong>Conference</strong> on
Broadband Communication Systems, Hon’ble mentor of the
conference Padmashri. Pramod Kale suggested this novel
method of reaching the technical mass through the EduSat link.
With the help of this EduSat link, the viewers at far end will
be able to participate in the conference without going through
the conventional registration process. Also, the academia,
industry and researchers would be able to get the ongoing
activities in the field of broadband communication systems
with the help of the live conference proceedings, without the
hectic schedule of traveling from their work place.
Soon after that, the team of members from Education
Media Research Center (EMRC), Reliance Communications,
VIIT and various departments of University of Pune (UoP)
such as Department of Electronics Sciences, Department of
Bioinformatics, and National Center for Cell Sciences (NCCS)
came together for implementation of this broadband
connectivity involving a variety of existing technologies [1].
The implemented network is a hybrid of wired and wireless
communication systems involving analog and digital signals
of audio and video at various points. The connectivity uses
data communication, radio frequency / microwave
communication, copper cables/ optical communication etc.
M.Murugan, A.S.Tavildar and M.J.Khurjekar are with Department of
Electronics & Telecommunication Engineering of Vishwakarma Institute of
Information Technology, Kondhwa (Bk), PUNE-411 048, India.
Email: murugan_viit@rediffmail.com Fax: +91-20-2693 2500/ 600
N.P.Pathak is with Department of Information Technology of
Vishwakarma Institute of Information Technology, Kondhwa (Bk), PUNE-
411 048, India.
II.EDUSAT
EduSat, launched on 20 th September 2004, is India’s
first exclusive satellite for serving the educational sector. It is
specially configured for audio-visual medium, employing
digital interactive classroom and multimedia multicentric
systems [2]. It is primarily meant for providing connectivity to
school, college and higher levels of education and also to
support non-formal education including developmental
communication. The satellite has multiple regional beams
covering different parts of India — five Ku-band transponders
with spot beams covering northern, north-eastern, eastern,
southern and western regions of the country, a Ku-band
transponder with its footprint covering the Indian mainland
region and six C-band transponders with their footprints
covering the entire country.
EduSat can establish the connectivity between urban
educational institutions with adequate infrastructure imparting
quality education and a large number of rural and semi-urban
educational institutions that lack the necessary infrastructure.
Besides supporting formal education, the purpose of EduSat is
to facilitate the dissemination of knowledge to the rural and
remote population with the help of Satellite Receive Only
Terminal (ROT)/ Satellite Interactive Terminal (SIT). The
application areas of education are technology, health, hygiene
and personality development. It also allow professionals to
update their knowledge base as well. Thus, inspite of limited
trained and skilled teachers, the aspirations of the growing
student population at all levels can be met through the concept
of tele-education.
The SITs are provided EduSat connectivity through
its national beam by various terminals [2]-[3] such as, Indira
Gandhi National Open University (IGNOU), National Center
of Education Research and Training (NCERT), University
Grants Commission (UGC), All India Council for Technical
Education (AICTE) and Indian Council for Agriculture
Research (ICAR) which has about 134, 99, 58, 103 and 50
terminals respectively.
III. CONNECTIVITY
Any satellite communication link connectivity [4]
requires Uplink (Transmitter) and Downlink (Receiver) for an
effective communication to take place between two earth
stations. In our EduSat link, presented here, the transmitting
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 220

Proceedings of ICCNS 08 , 27-28 September 2008
earth station is the EMRC, Pune. The focussed receiving earth
stations unlimited multi-points, who are the SITs of AICTE -
EDUSAT Linkage. In order to provide live coverage of the
conference proceedings, the video and audio signals in
digital/analog form were to be brought upto the EMRC, Pune.
Hence, with the already existing infrastructure for internet
connectivity through Reliance Communications, an Internet
Service Provider (ISP), at both VIIT and UoP had provided
technical support and also routed the signal from VIIT to UoP
through the 512K wireless leased line. The detailed block
diagram of the actually implemented broadband network for
EduSat connectivity with various interfaces connected is
shown in Fig.1.
IV. CONVENTIONAL PERIPHERALS
Peripherals required for connectivity [2]-[3] may vary
for different ends. Equipment other than basic hardwares only
is listed below for simplicity.
A. At Teaching End.
A Desk Top Personal computer (PC), an
Uninterrupted Power Supply (UPS), a Touch screen/ PC
monitor which can be used for on line editing with Glass-pen
as Teaching aid, a SVGA to PAL Converter, as all IP based
data demodulator outputs are viewed normally on PC or a card
which converts SVGA (PC) output to PAL output for viewing
on TV, Video Compression Hardware for compression of
Video and Audio inputs are essential. For video input, a Video
Camera (with USB Port or with Video Output) with good
capture range, zooming capability, position programming,
memory, resolution, etc. are required. It is recommended to
use a camera switch (Multiple input to one output), if more
than two cameras are used simultaneously, for feeding the
video out put to video compression hardware unit, a Studio
Feed for feeding video from studio / from other source such as
DVD Player / VCR / CD Player etc. For audio input a
Microphone (Lapel/collar/push to talk type) is used. There
could be a Loud Speaker (Earphone / wall mounted / PC
attached) in addition with other equipments like LMS web
server for asynchronous teaching.
B. At Satellite Interactive Terminal.
The SIT can be either ‘two-way audio & one-way
video’ (2A-1V) or ‘two-way audio & two-way video’ (2A-2V).
However, the essential peripherals are an UPS, a Video
Compression Hardware (If video interactivity is also required),
Camera (If video interactivity is also required) and a Liquid
Crystal Display (LCD) Projector.
C. Receive Only Terminal.
As the name implies, it is the terminal for receiving
only (Simplex). There is no interactivity permissible. The bare
minimum peripherals are a PC, an UPS and a LCD Projector.
There are various Universities, academic colleges, educational
Institutions have their own SIT or ROT.
V. BROAD BAND NETWORK
As the satellite uplink equipments are fixed in EMRC,
which is in the UoP campus, it is essential to throughput, the
audio and video signals to the RF unit of the Hub at EMRC,
which is located at about aerial distance of 15 kms from VIIT.
Hence the connection for linking two campuses viz. VIIT and
UoP was inevitable and is as shown in Fig.1. Initially, the
analog video taken from the video camera and the analog
audio taken from the microphone are fed to the Osprey card,
which gives the desired digital signal of 128 kbps. This
encoded signal is fed to a VLC player for the streaming
operation. The VLC player used was a high resolution codec
at the EMRC end. This stream of 128 kbps is eventually fed to
the satellite link.
A video compression [5] of 384 Kbps quality is
universally accepted for video conferencing, though it is not a
standard. It can go to any higher data rate as well as some
times it is carried out at as low as 64 Kbps. Similarly, 64 kbps
is very commonly used, whereas 128 kbps is universally
accepted rate for stereo quality. In our experiment we have
used a data rate of 128 kbps in order to have the reduction of
bandwidth at the encoder.
The output of the encoder is the digital ethernet,
which is connected to the CISCO router by a UTP
(Unshielded Twisted Pair) cable used generally for LAN
(Local Area Network). This is basically used to rout the signal
at the desired destination. The CISCO router which has been
configured to handshake to a similar peer router was able to
provide only V.35 output, which was not a standard for
connecting it to the service provider’s link, which was G.703.
So we procured and configured the V.35 to G.703 converter
and then this is finally connected to the Customer Premises
Equipment (CPE) such as LMDS (Last Mile Digital System)
at VIIT. This video internet packets (IP) from VIIT through its
LMDS was handed off to another LMDS at UoP through the
512K wireless leased line. This point to point (P2P)
connection [6] was provided by Reliance Communications as
a gold connectivity through their MPLS network.
In the other end, almost the reverse process takes
place and the UoP campus. The G.703 to V.35 converter is
connected to a CISCO router at NCCS. The intranet of the
UoP connects up to the Department of Bioinformatics (DoB),
whereas the Reliance Data Network connection was only up to
the NCCS. The distance between the NCCS and DoB is about
100 meters. Therefore, an UTP cable was exclusively used to
connect NCCS and DoB. Once the signal was received at DoB,
the same was routed to the EMRC through the intranet of UoP.
Finally the signal was given to the Satellite MODEM and RF
Unit at the hub for up linking the signal to the EduSat.
Prior approval for utilizing the satellite bandwidth
was obtained well before the conference dates, from the
concerned authorities. The telecast was also tested with the
help of ISRO (Indian Space Research Organizations) one day
earlier to the actual usage in order to avoid any last minute
difficulties.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 221

Proceedings of ICCNS 08 , 27-28 September 2008
VI. CONCLUSION
The conference was broadcasted through EduSat,
which was successfully received at almost all ROTs / SITs in
the country. We have also received several
acknowledgements in this connection as well as appreciation
for high quality and uninterrupted connectivity. The
broadband network we implemented is indeed a broadband in
true sense. Although, we faced so many difficulties in
networking different entities, it was a good experience of
networking people for a noble cause. This sort of live
broadcast of technical conferences will really provide a forum
for the young technocrats from rural/urban areas of the
country to get the cutting edge technology [7]. This type of
live coverage of the conferences will also provide a platform
to the researchers for open discussions on current research
activities and to foresee future developments. The authors are
of the opinion that each and every conferences, whether
National or <strong>International</strong>, held in the country should be linked
to EduSat, so that, the science and technology will reach every
single corner of the country, in a larger extent and will add a
little to make the country a fully developed nation.
REFERENCES
[1] T. S. Rappaport, Wireless Communications Principles & Practice, New
Jersey: Prentice Hall, 1996.
[2] http://www.edusat.in
[3] http://www.isro.gov.in/Edusat/Page2.htm
[4] A. S. Manjunath, D. S. Jain, S Rajendra Kumar, and R. V. G. Anjaneyulu,
“Role of Satellite Communication and Remote Sensing in Rural
Development”, IETE Technical Review, Vol 24, No 4, July-August 2007,
pp 215-224.
[5] Amit Chatterjee, “Overview of Digital Video in Broad band Networks”,
IEEE Conf. Proc., pp.378-379, 1998.
[6] Anthony Acampora, David J.Goodman, et al, “Wireless Access Broadband
Networks”, IEEE Journal on Selected Areas in Communications, Vol.16,
No.6, Aug.1998, pp.817-819.
[7] Ashok Jhunjhunwala, David Koilpillai and Bhaskar Ramamurthi,
“Broadband to Empower Rural India” IETE Technical Review
Vol 24, No 4, July-August 2007, pp 195-201.
ACKNOWLEDGMENTS
Authors would like to acknowledg Padmashri. Pramod
P.Kale, Ex.Director, SAC, ISRO for his overall support and guidance,
Prof.G.D.Sharma, Director, CEC, UGC for granting permission to
use EduSat bandwidth, Shri.Milind Kshirsagar and Shri.Doron
Bhastekar of Reliance Infocom Pune, and their team, Mr. Sameeran
D. Walvekar, Director, Mr. Thakar and Mr.Vivek Hebbel of EMRC,
Pune and their team, Dr.S.V.Ghaisas and Dr.Mrs.T.M.Bhave of
University Department of Electronics Sciences, UoP, Department of
Bioinformatics, National Center for Cell Sciences (NCCS) and
Dr.D.G.Kanhere, Director and Mr.Mangesh of CNC, UoP for their
all-round technical supports in all possible means. Finally, authors
are keen to thank the Patron of the conference Shri.Rajkumarji
Agarwal, Chief Trustee, B.R.A.C.T. Pune as well as the conference
Organizing Chairs, Shri.Bharat Agarwal and Prof.S.M.Umrani for
their consistent support by all possible means.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 222

© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 223
Proceedings of ICCNS 08 , 27-28 September 2008

Evolutionary Algorithm for Hybrid Channel
Allocation in Wireless Mobile Network
S. R. Shinde 1 , Dr. G.V. Chowdhary 2 A. M. Jadhav 3 Proceedings of ICCNS 08 , 27-28 September 2008
Abstract. Radio spectrum is limited resource in wireless mobile
communication system. It is necessary to use this resource
efficiently. Hybrid channel assignment for wireless mobile network
combines the features of both static and dynamic approaches to
channel allocation. This scheme tries to achieve an efficient solution
to channel assignment problem by reducing the call blocking
probability. We devised an algorithm for channel allocation using
evolutionary strategy. We also demonstrated how the allocation
distance is efficient for channel allocation in wireless network.
Keywords- Channel interference, Channel Assignment,
Evolutionary Strategy, Radio spectrum, Wireless network.
I. INTRODUCTION
The advent of cellular concept was a major breakthrough in
the development of wireless mobile communication. The
cellular principle divides the covered geographical area into a
set of smaller service areas called cells. During the early part
of the evolution of the cellular concept, the system designers
recognized the concept of all cells with the same shape to be
helpful in systematizing the design and layout of the cellular
system. The 1947 Bell Laboratories discussed four possible
geometric shapes: the circle, the square, the equilateral
triangle, and the regular hexagon. The regular hexagon was
found to be the best over the other shapes. In practice, the cell
sizes are irregular and depend on the terrain and propagation
conditions. Fig. 1 shows a typical mobile communication
network.
Fig. 1: Mobile Network Architecture.
1 S. R. Shinde is Lecturer Assistant Professor in at Department of Computer
Engineering, Vishwakarma Institute of Technology, Pune-37.
2 Dr. G.V> Chowdhary is Assistant Professoe at Department of Computer
Engineering, BATU, Lonere.
3 A.M. Jadhav is Lecurer at Department of Information Technology, Sinhgad
Academy of Engineering, Pune.
Each cell has a base station and a number of mobile
terminals (e.g. mobile phone, palms, laptops, or other mobile
devices). The base station is equipped with radio transmission
and reception equipments. The mobile terminals within a cell
communicate through wireless links with the base station
associated with the cell. A number of base stations are
connected to the Base Station Controller (BSC) via
microwave links or dedicated leased lines. The BSC contains
logic for radio resource management of the base stations
under its control. It is also responsible for transferring an
ongoing call from one base station to another as a mobile user
moves from cell to cell. A number of BSC are connected to
the Mobile Switching Centers (MSC) also known as Mobile
Telephone Switching Office (MTSO). MSC/MTSO is
responsible for setting up and tearing down of calls to and
from mobile subscribers.
The MSC is connected to the backbone wire-line network
such as the public switched telephone network (PSTN),
Integrated Service Digital Network (ISDN) or any LAN-
WAN based network. MSC is also connected to a location
database, which keeps information about the location of each
mobile terminal. The base station is responsible for the
communication between the mobile terminal and the rest of
the information network. A base station can communicate
with mobiles as long as they are within its operating range.
The operating range depends upon the transmission power of
the base station.
In order to establish a communication with a base station,
a mobile terminal must first obtain a channel from the base
station. A channel consists of a pair of frequencies: one
frequency (forward link/ downlink) for transmission from the
base station to the mobile terminal, and another frequency
(reverse link/uplink) for the transmission in the reverse
direction. An allocated channel is released under two
scenarios: the user completes the call or the mobile user
moves to another cell before the call is completed. The
capacity of a cellular system can be described in terms of the
number of available channels, or the number of users the
system can support.
The total number of channels made available to a system
depends on the allocated spectrum and the bandwidth of each
channel. The available frequency spectrum is limited and the
number of mobile users are increasing day by day, hence the
channels must be reused as much as possible to increase the
system capacity. The Allocation of channels to cells or mobile
is one of the fundamental resource management issues in a
mobile communication system. The role of a channel
allocation scheme is to allocate channels to cells or mobiles in
such a way as to minimize the probability that the incoming
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 224

Proceedings of ICCNS 08 , 27-28 September 2008
calls are blocked, the probability that ongoing calls are
dropped, and also to minimize the probability that the carrierto-interference
ratio of any call falls below a pre specified
value.
In literature, many channel allocation schemes have been
widely investigated with a goal to maximize the frequency
reuse. The channel allocation schemes in general can be
classified into three strategies:
• Static Channel Allocation
• Dynamic Channel Allocation
• Hybrid Channel Allocation
FCA allocated channels to each cell permanently. FCA
systems typically allocate channels in a manner that
maximizes frequency reuse. Thus, in a FCA system, the
distance between cells using the same channel is the minimum
reuse distance for that system. In DCA, channels are allocated
dynamically as call arrives. DCA system has higher degree of
randomness but involves complex algorithms. FCA is simpler
and outperforms DCA under heavy load conditions, but FCA
does not adapt to changing traffic conditions [3]. HCA scheme
was proposed by Kahwa et. al. [4], which combines benefits
of both FCA and DCA. In HCA one set of channel is allocated
as in FCA and other set is allocated as in DCA.
II. RELATED STUDY
Many solutions are proposed in the literature to solve
FCA, DCA and HCA problems. This includes Neural
Networks [5], Simulated Annealing [6], and Evolutionary
methods [7], [8]. In following session we discuss our
proposed scheme.
III. PROBLEM STATEMENT
Channel assignment scheme helps to increase the
networks capacity by efficiently distributing channels across
the network. In this paper, we study the problem of hybrid
channel allocation. Channel assignment is made by the
controller of the concern base station according to knowledge
about the neighbors of given cell and overlap between the
channels. The fitness function takes care of soft constraints.
The hard constraints are taken care of by the problem
representation and our proposed new scheme.
IV. PROPOSED ES-HCA ALGORITHM
We consider a cellular radio system with a finite set of
channels and cells. In wireless cellular network, a channel
corresponds to up-link and down-link transmission between
mobiles and base stations. The up-link (mobile to base
frequency) and the down-link (base to mobile frequency) are
assumed not to interfere with each other and are allocated in
the same manner with the same channel assignment scheme.
In this paper we will only consider the down-link frequency
allocation.
Channels are allocated to host cell from a set of channels
which excludes all those channels which are in use in the
interference region. As such the selected channels always
satisfy the co-channel and adjacent channel interference
constraint too.
Let i be the total number of cells in the network and j the
total number of channels in the network. The allocation matrix
is the binary matrix a i*j such that
if channel j is assigned to cell i
a i*j = {
1
0 otherwise
The allocation matrix is updated every time a channel is
allocated and released in the network.
1. Initial Parent and Population
When a call arrives in cell k at time t, we determine the
set of eligible channels I at time t. Here I(k, t) = F\(P(k, t) U
Q(k, t)), where F is total set of available channels, P(k, t) is
the set of channels of the ongoing calls in k at time t, and Q(k,
t) is the set of channels in use in the neighboring area of k at
time t. This information is obtained from the allocation matrix.
The initial parent solution is selected from the set G of λ
solution vectors where λ=| I(k, t) |. Each solution vector in G
is evaluated according to the fitness function, and the
individual with best fitness is selected as initial parent. In
order to find optimal combination of channels for the cell
involved in new call arrival, we preserve the (d-1) channels
allocated to this cell before the arrival of new call in the initial
population. So each solution in G contains a unique integer
selected from I(k, t).
2. Algorithm
The proposed algorithm starts with an initial parent
generated. At every generation the size of population is λ.
These λ individuals of the new population are randomly
generated from the actual parent by the process of mutation.
The fittest individual from the newly generated population
form the parent for the next generation. The fitness of the best
individual child is better than the former parents now it
becomes the parent. The best solution is updated whenever its
fitness is worse than that of the local best solution. The
algorithm terminates when it will get desired solution or a
termination condition occurs. During this process one of the
three possibilities is selected with probability 1/3 and exactly
N mutation. When a call arrives, system looks for channels
which are not in use in the cell and its neighboring area. If no
such a channel found the call is blocked, otherwise ES
algorithm finds a solution. The algorithm for ES Approach is
Algorithm
Begin
Create initial population of λ individuals
Find out the fitness of each individual
Select the best individual as parent
Repeat
Generate λ neighbors of parent by mutation
Find out the fitness of each individual
Select the best individual as best-child
count = 0
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 225

Proceedings of ICCNS 08 , 27-28 September 2008
Do
parent = best-child
mutate new parents
best-child = new fittest individual in
count = count+1
while ((best-child>parent) and count

Proceedings of ICCNS 08 , 27-28 September 2008
Blocking probability
0.25
0.2
0.15
0.1
0.05
D-ring HCA
Proposed HCA
We can use partially overlapped channels for the same
algorithm. In future we can find out the time complexity of the
proposed algorithm. We have not applied crossover operator
in genetic algorithm, so we have more scope to work on this
operator and improve the results.
REFERENCES
0
Fig. 5. Performance of the proposed ES algorithm in terms of
blocking probability, for FCA = 21and DCA = 49
Blocking probability
0 20 40 60 80 100 120 140
Percentage increase of traffic load
Fig. 6. Performance of the proposed ES algorithm in terms of
blocking probability, for FCA = 35 and DCA = 35
Blocking probability
0.25
0.2
0.15
0.1
0.05
0
0.3
0.25
0.2
0.15
0.1
0.05
0 20 40 60 80 100 120 140
Percentage increase of traffic load
D-ring HCA
Proposed HCA
D-ring HCA
Proposed HCA
[1] I. F. Akyildiz and S. M. Ho, “On Location Management
for Personal Communications Netwoks”, IEEE communications
Magazine vol. 34, no. 9, pp. 138-145, 1996.
[2] W.K. Hale, “Frequency Assignment: Theory and
Applications,”Proc. IEEE, vol.68, no.12, pp.1497–1514 ,
1980.
[3] W.K. Lai and G.C. Coghill,“Channel Assignment through
Evolutionary Optimization,” IEEE Transactions on
Vehicular Technology, vol.45, no.1, pp.91–96, 1996.
[4] T.J. Kahwa and N.D. Georgans, “A Hybrid Channel
Assignment Schemes in Large-Scale, Cellular Structured
Mobile Communication Systems”, IEEE Transactions on
Communications, vol.26,pp432–438,1978.
[5] Behrouz A. Fourozan,”Data Communication and
Networking,” Tata McGraw-Hill publication 2006.
[6] Nobuo Funabiki and Yoshiyasu Takefuji,”A Neural
Network Parallel Algorithm for Channel Assignment
Problems in Cellular Radio Networks”,IEEE Transaction
on Vehicular Technology, Vol 41, No. 4, Nov.1992
[7] M.Duque-Anton,D. Kunz, and B.Ruber,”Channel
assignment for cellular radio using simulated annealing”,
IEEE Trans. Veh. Technol.,vol. 42, no.1, pp. 14-21, Feb.
1993.
[8] H.G. Sandalidis, P. Stavroulakis, and J. Rodriguez-Tellez,
“An Efficient Evolutionary Algorithm for Channel
Resource Management in Cellular Mobile Systems”,
IEEE Transactions on Evolutionary Computation, vol.2,
no.4, pp.125-137, 1998.
[9] G.D. Vidyarthi, A.Ngom, and Ivan Stojmenovic, “A
Hybrid Channel Assignment Approach using an Efficient
Evolutionary Strategy in Wireless Mobile Networks”,
IEEE Transactions on Vehicular Technology, vol.54,
no.5, pp.1887–1895, 2005.
[10] Enrico Del Re, Romano Fantacci, Luca Ronga,” A
Dynamic Channel Allocation Technique Based on
Hopfield Neural Networks”, IEEE Transaction on
Vehicular Technology, Vol. 45, No. 1, Feb. 1996.
0
0 20 40 60 80 100 120 140
percentage increase of traffic load
Fig .7. Performance of the proposed ES algorithm in terms of
blocking probability, for FCA = 49 and DCA = 21
VI. CONCLUSIONS AND FUTURE DIRECTION
We proposed an evolutionary strategy that efficiently
combines the objectives of hybrid channel assignment in order
to increase the capacity of wireless mobile network and reduce
the wastage of available spectrum.
The results obtained by this method are better results
compared with a similar method in literature. More research is
required to further reduce the wastage of available spectrum
and to reduce the call blocking and call dropping probabilities.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 227

Proceedings of ICCNS 08 , 27-28 September 2008
Optimum Detection in Block Data Transmission
Systems Using Genetic Algorithm
Sameena Naaz, Afshar Alam
Abstract—In this paper the effect of using genetic algorithm for
block data detection has been studied. The data transmission system
considered is such that the transmitted data signal is divided into
blocks and between two consecutive blocks sufficient time guard
bands are provided that eliminate the intersymbol interference
between two consecutive blocks. By using genetic algorithm the
number of calculations required to reach the global optima decreases
drastically specially for large number of bits in one block. This
difference is so vast that under no circumstances the advantage of
Genetic Algorithm can be overlooked
Keywords— Genetic Algorithm, Intersymbol Interference,
Signal elements.
O
I.INTRODUCTION
ne of the most striking developments in technology has
been the rapid growth of digital communication systems.
In such systems the transmitted signal is a waveform which
may, for instance, be carried by electric current or voltage in a
pair of wires, by electromagnetic radiations in the atmosphere,
by light in a glass fiber, or by high frequency sound waves in
water or the atmosphere. The essential feature of a digital
communication system is that the transmitted waveform is
itself composed of separate signal-elements (often referred to
as symbol, digits, bits or pulses) and these signal-elements
carry the data, which has to be transmitted. A signal-element
is thus a unit of transmitted waveform [4].
Among the most important of the transmission paths that
are used for the transmission of the data are voice frequency
channels over the telephone networks and HF radio links.
Such a channel often introduces a small frequency shift into
the spectrum of the transmitted signal. This causes serious and
additional complications in the detection of the received
signal. Telephone circuits and HF radio links introduce both
noise and distortion, which can have a serious effect on a
transmitted data signal. The noise may include both additive
and multiplicative components, the latter involving both
amplitude and frequency modulation effects. This work takes
into consideration the effects of additive noise only [4].
The effect of distortion in the attenuation-frequency and
group delay frequency characteristics of the transmission path
is to spread out the individual transmitted signal-elements in
time, so that the individual signal-elements at the receiver
input overlap each other. Thus in detection of the received
signal element by matched filter detector, the output signal
from the matched filter contains, in addition to the wanted
signal and the noise, the components that originate from the
neighboring signal-elements. These interfere with the
detection of wanted signal-elements and reduce the tolerance
of the system to noise. They may even prevent the correct
detection of the received signal in the complete absence of the
noise. This type of interference is known as Intersymbol
Interference [4].
Various techniques have been used before for the
detection of these blocks. They take a lot of computational
time and so, cause a significant delay in the online processing.
The various computational techniques previously used have
some limitations. Firstly, some of these techniques may
converge at local optima rather than global optima. Secondly,
these may be inefficient when used for complex problem. To
overcome these shortcomings, Genetic Algorithm was
developed by John Holland and his colleagues at the
University of Michigan [2].
II. SERIAL DATA TRANSMISSION SYSTEM.
The data transmission system considered here is shown in
Fig. 1. It is a serial system where the transmission path is
either a linear baseband channel or else it is a linear bandpass
channel and the modulation and demodulation processes used
are both linear. In the later case the modulator (at the
transmitter) and the demodulator (at the receiver) are both
considered to be part of the transmission path , which is
therefore always a baseband channel. Furthermore, the filter at
the output of the transmitter, that limits the transmitted signal
spectrum to the available frequency band of the transmission
path, and the filter at the input to the receiver that removes the
noise frequency components outside the signal frequency band
are always low-pass filters that operate on a baseband signal.
The transmitter filter, transmission path and the receiver filter
together form a linear baseband channel. It is assumed that this
channel is time invariant so that it’s impulse response does not
vary with time [4].
Sameena Naaz is with the Department of Computer Science Jamia
Hamdard University, New Delhi, India. Phone: 09891206665. E-mail:
snaaz@)jamiahamdard.ac.in
Afshar Alam is with the Department of Computer Science Jamia Hamdard
University, New Delhi, India. E-mail: aalam@jamiahamdard.ac.in
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 228

Proceedings of ICCNS 08 , 27-28 September 2008
g 2
Σ y ( hT ) δ ( t-hT ) (4)
h=g 1
To make this physically realizable, let the first non zero
sample value occur at t=0, so that the sampled impulse
response of the baseband channel becomes,
Fig1. Model of the serial data transmission system
The signal at the input of the transmitter filter is a
sequence of regularly spaced impulses the ith of which occurs
at time t=iT seconds and has a value
s i = ± k (1)
where k is a positive constant. Each impulse Σ s i δ(t-iT) is
a binary polar signal element, and a typical sequence of such
signal elements is shown in Fig 2
Fig. 2 A typical sequence of signal elements at the input to
the baseband channel
The {s i } are statistically independent and are equally
likely to have either binary value. The transmission path itself
could be either a low pass channel with an upper frequency
limit no greater than about 10kHz or else a typical voice
frequency channel with a frequency band no wider than 300 to
3400Hz, such as could be obtained over the telephone network
[4].
Let us assume that the impulse response of the baseband
channel is y(t). Additive White Gaussian noise is introduced at
the output of the transmission path. The noise has zero mean
and a variance of σ 2 , giving the zero mean Gaussian
waveform w(t) at the output of the receiver filter. Thus the
resultant signal at the output of the receiver filter is
r(t) = Σ s i y(t-iT) + w(t) (2)
i
The received signal r(t) at the output of the receiver filter,
is sampled at the time instants t=iT, for all integers i.
The signal distortion introduced by the channel is
assumed to be such that a received signal-element may
introduce intersymbol interference in the sample values of
some or all of the ‘g 1 ’ immediately preceding elements and in
some or all of the ‘g 2 ’ immediately following elements. Most
forms of signal distortion normally experienced are of this
general type [3]. Let,
g=g 1 + g 2. (3)
The sampled impulse response of the baseband
channel(i.e. the transmitter filter, transmission path and the
receiver filter in cascade) is
g
Σ y h δ ( t-hT ) (5)
h=0
where y h = y(hT) is now non zero for some or all values
of the integer h in the range 0 to g, and is zero for all other
values of h. The sampled impulse response of the channel may
simply be written as (g+1) component row vector.
y 0 y 1 y 2 ……………y g (6)
When a continuous stream of signal elements is received
in the presence of noise then neglecting the delay introduced
by the filters for convenience, the sample value of the received
signal at time t=hT is
g
r i = Σ s i-j +w i (7)
j=0
where it can be shown that w are sample values of
statistically independent Gaussian random variables of zero
mean and variance σ 2 [3].
III. MODEL OF THE BLOCK DATA TRANSMISSION SYSTEM.
The serial data transmission system is modified to give
the block data transmission system as shown in Fig. 3.
Fig. 3: Block diagram of data transmission system
The essential feature of this system is that the transmitted
data signal at the input to the baseband channel is no longer a
continuous stream of regularly spaced signal elements
(impulses), instead the signal elements are arranged in
separate groups of m elements with sufficient gaps (time guard
bands) between adjacent groups to ensure that the groups do
not overlap each other at the receiver. Thus there is no
intersymbol interference between different groups at the
receiver. Each received group of signal elements is detected in
a separate process [4].
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 229

Proceedings of ICCNS 08 , 27-28 September 2008
The signal elements at the input and the output of the
buffer store in the transmitter normally have rectangular
waveforms. The buffer store contains two stores, each with m
storage elements. At any instant, one of the two stores is filled
with the corresponding m successive element values of the
incoming data stream, and the other store is receiving the
incoming data stream at the rate of one element value every τ
seconds. When one of the two stores has been filled it’s
storage elements are sampled, in turn, once every T seconds
Where
m . τ
T= -------------------- (8)
m + g
g is the smallest positive integer such that the duration of
the impulse response y(t) of the baseband channel is always
less than (g+1)T. Each output signal s i from the buffer store is
sampled at the appropriate time instant t=iT and is fed to the
baseband channel in the form of the corresponding impulse s i
δ (t-iT). When all m storage elements have been sampled the
next g impulses, fed to the baseband channel at intervals of T
seconds, are all set to zero, so that no signal is transmitted
during this period of gT seconds. By the end of this time the
second of the two stores has been filled with the data element
values, so that this store is now sampled while the other
receives the incoming data and so on. Hence after each group
of m signal elements, at the input to the baseband channel,
there is a time gap of gT seconds. Thus if m=4 and g=2, the
signal could appear as shown in Fig. 4.
Fig.4: Typical transmitted signal
Let us assume that the sampled impulse response of the
baseband channel is
{ y 0 y 1 y 2 ----- y g } (9)
where y i = y(iT). Clearly the effect of the baseband
channel is to spread out each group of signal element so that it
extends over possibly the whole of the following time gap of
gT seconds (but no further) in addition to it’s original mT
seconds. The correct operation of the system relies on the fact
that the impulse response y(t) of a practical channel has
effectively a finite duration and does not for practical purposes
extends to infinity.
The transmitted group of m signal elements Σ s i δ(t-iT)
arrives as the waveform Σ s i y(t-iT) at the receiver input to
give the received waveform
m
r(t) = Σ s i y(t – iT) + w(t) (10)
i=1
where w(t) is the received Gaussian Noise waveform. The
m signal elements are spread out over the m+g received
samples {r i }, for I=1, 2,-----------, m+g, where r i = r(iT). These
samples are independent of the other received groups of
elements and are used for the detection of the m element
values of {s i }. Similarly each of the other received group of m
elements is detected from the corresponding m+g received
samples that depend only on the group. Let,
n=m+g (11)
since there is no intersymbol interference between
different groups of elements at the detector input, for each
received group of m elements there are n sample values which
are dependent only on the m elements and independent of all
other elements. The detector uses these n values in the
detection of the m elements. While one store holds the n
sample values for a detection process, another store is
receiving the next n sample values, so that nT seconds are
available for a detection process [3]. In the detection process,
the m elements of a group are detected simultaneously by
operating on the corresponding n sample values. Each group
of m k-level elements is, in effect, treated as a signal-element
having k m possible values, that is, as a k m level element.
The sum of the received signal-elements in a group, in the
absence of noise is,
m
Σ (s i Y i ) = SY (12)
i=1
where, Y is an m x n matrix of rank m whose ith row is Y i
and,
Y i is an n component row vector given by
i – 1 g + 1 m - i
----------- ------------ -------------- (13)
0, ------, 0 y 0 y 1 ----y g 0, -----, 0
The m components {s i } of the vector S are the values of
the m signal elements of a group. The row vector { y 0 y 1 ----y g }
is the sampled impulse response of the baseband channel. In
the presence of noise, the sample values at the input to the
detecot, corresponding to a group of m received signal –
elements can be represented by the components of the m
component row vector R, where
R = SY + W (14)
W is an n component roe vector whose components { w i }
are sampled values of statistically independent Gaussian
random variable with zero mean and variance σ 2 [3].
Since the m vectors {y i } are linearly independent, they
span an n-dimensional Euclidean vector space containing the
vectors R, SY and W. SY is a linear combination of the m{y i },
so that SY lies in the m-dimensional subspace for all values of
S. The vectors R and W, however do not lie in the subspace.
SY is the orthogonal projection of R on the subspace and
hence is at minimum distance from R. This corresponds to the
noise vector W of minimum length, given the vector R and the
matrix Y, and so corresponds to the most likely value of the
noise vector [4]. The relationship between the vectors R SY
and XY is illustrated in Fig. 5, where of course R – SY = W.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 230

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 5: Relationship between R, SY and XY
In all detection processes, the detector operates on the
received vector R to obtain the detected value of S. In every
case it has an exact prior knowledge of the sampled impulse
response of the channel and hence that of m rows {Y i } of the
matrix Y [3].
IV. THE OPTIMUM DETECTION PROCESS FOR BLOCK DATA
TRANSMISSION SYSTEM
The detector here has prior knowledge both of Y and of
the {|s i |}, so that it knows 2 m possible values of SY. The
detector now selects the possible value of S for which |R – SY|
has the minimum value, where |R – SY| is, of course, the
distance between the vectors R and SY in the n – dimensional
Euclidean vector space containing these vectors. The m
element values {s i } are here detected in a single detection
process, and all m detected values{s i ’} are accepted. It can be
shown that this detection process minimizes the probability of
error in the detection of S from R [4]. At high signal/noise
ratios it also minimizes the probability of error in the detection
of any given s i .
The important property of this detection process is that,
for the given received signal, it achieves the best available
tolerance to Additive White Gaussian noise, so that no other
detection process can give a lower probability of error in the
detection of S from R. The weakness of the detection process
is that it involves 2 m sequential operations, which becomes
excessive when m>10 and the transmission rate approaches
10,000 bits per second [4]. Since in practical systems m is
around 20 – 25, there is a need of an optimization technique,
which can reduce the number of computations and can
converge to global optimum solution in minimum time.
Genetic Algorithm, which is used here, helps in providing the
desired result
V. GENETIC ALGORITHMS.
Evolutionary algorithms are basically search methods that
use the concept of natural biological evolution. Evolutionary
algorithms operate on a population of potential solutions
applying the principle of “survival of the fittest” to produce
better and better approximations to a solution. At each
generation, a new set of individuals is created by, using
different operators burrowed from natural genetics. This
process leads to the evolution of populations of individuals
that are better suited to their environment than the individuals
that they were created from, just as in natural adaptation [1].
The Genetic Algorithm can be divided into two broad
categories:
1. Single population genetic algorithm.
2. Multipopulation genetic algorithm.
At the beginning of the computation a number of
individuals (initial population) are randomly initialized. The
objective function is then evaluated for these individuals. The
first/ initial generation is produced. If the optimization criteria
are not met the creation of a new generation starts. Individuals
are selected according to their fitness for the production of
offspring. Parents are recombined to produce offspring. All
offspring will be muted with certain probability. The fitness of
the offspring is then computed. These offspring’s constitute
the new generation. This cycle is performed until the
optimization criteria are reached.
Such a single population evolutionary algorithm is
powerful and performs well on a broad class of problems.
However, better results can be obtained by introducing many
populations called subpopulations. Every subpopulation
evolves for a few generations isolated (like the single
population evolutionary algorithm) before one or more
individuals are exchanged between sub populations. The
multipopulation evolutionary algorithm models the evolution
of a species in a way more similar to nature than the single
population evolutionary algorithm [2].
The most significant differences between the traditional
search methods and genetic algorithms are:
•Evolutionary algorithms search a population of points
in parallel, not a single point
•Evolutionary algorithms do not require derivative
information or other auxiliary knowledge, only the
objective function and corresponding fitness levels
influence the direction of search.
•Evolutionary algorithms use probabilistic transition
rules, not deterministic ones.
Basic components of genetic algorithm are:
•A population of binary strings or coded possible
solutions (biologically referred to as chromosomes).
•A mechanism to encode a possible solution (mostly
as binary string).
•Objective function and associated fitness evaluation
techniques.
•Selection/ reproduction procedure.
•Cross Over.
•Mutation.
•Reinsertion.
VI. ALGORITHM FOR IMPLEMENTATION.
In the block detection process, for a block of m signalelements,
there are 2 m possible combinations of the noise free
reception matrix SY. So, for evaluating the best estimate of
the transmitted vector S, 2 m computations are required. This
number is manageable till m is around 10 – 12. But beyond
that it requires a lot of computational time, as there are larger
numbers of iterations to be carried out. Since in practical
systems m is around 20 – 25, hence there is a need of an
optimization technique, which can reduce the number of
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 231

Proceedings of ICCNS 08 , 27-28 September 2008
computations and can converge to the global optimum
solution in the minimum time. Genetic Algorithm provides
such a mechanism. The optimum detection process is here
implemented using Genetic and Evolutionary Algorithm
Toolbox (GEATbx) under MATLAB environment. Following
steps are involved in the implementation of the algorithm:
1. Out of the 2 m possible combinations of SY row vector, a
certain number of combinations are selected to constitute
the initial population.
2. Objective function, in this case the distance between R
and each selected combination of SY, is calculated.
3. Fitness of each individual of the current population is
evaluated.
4. Selection of individuals, from the current population, is
carried out to form the mating pool population using
Roulette Wheel Selection, Stochastic Universal Sampling
or Tournament Selection scheme.
5. Single point crossover is applied to mating pool
population to generate new offspring’s.
6. Simple mutation operator is applied to current population
to increase the diversity in the population.
7. If the convergence is achieved, the process is terminated.
Otherwise, the process is repeated from step 2 onwards.
Fig. 7: Mutation Rate Vs. Number of Calculations for m=10
VII. RESULTS AND DISCUSSION
MATLAB is used to implement the genetic and
Evolutionary Algorithm Toolbox (GEATbx). The results are
taken for the data block size of 8, 10, 12, 15 and 20 for
Roulette Wheel Selection (RWS), Stochastic Universal
Sampling (SUS) and Tournament Selection (TOUR) at
different mutation rates and population sizes. Each result is
taken for 50 different blocks of data transmitted and an
average of these is taken to give the number of generations.
These results are plotted in Fig. 6 to 12.
Fig. 8: Mutation Rate Vs. Number of Calculations for m=12
Fig. 9: Mutation Rate Vs. Number of Calculations for m=15
Fig. 6: Mutation Rate Vs. Number of Calculations for m=8
Fig. 10: Mutation Rate Vs. Number of Calculations for m=20
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 232

Proceedings of ICCNS 08 , 27-28 September 2008
Varying the population size for fixed mutation rate has a very
little and insignificant effect on the number of calculations,
but in order to make the search more robust the population
size should be taken to be small.
A comparision of Genetic Algorithm with conventional
method is plotted in Fig. 13, which depicts the strenght of
Genetic Algorithm.
Fig. 11: Population Size Vs. Number of Calculations for m =8
Fig. 13: Data Block Size Vs. Number of Calculations
It can be observed from this Fig. that in case of
conventional method the number of calculations grows
exponentially whereas in case of genetic algorithm it increases
by a very small amount with increase in m. The proposed
method is therefore suitable particularly for on line detection.
Fig.12: Population Size Vs. Number of Calculations for m=10
These figures give a very clear idea of the performance of
various selection schemes at different mutation rates and
population sizes for different data block size. Fig. 6 gives the
relation between the mutation rate and the number of
calculations for Roulette Wheel Selection, Stochastic
Universal Sampling and Tournament Selection and for a
population size of 4 16 and 32. It can be seen from this fig.
that the number of calculations goes on decreasing as the
mutation rate is increased from 0.02 to 0.07, but it starts
increasing when the mutation rate is increased further. This
means that the mutation rate of 0.07 is best if the data block
size is 8. Different selection schemes show no particular trend.
It can be seen from fig. 7 and fig. 8 that the mutation rate of
0.07 is best for data block size of 10 and 12 also. Fig. 9 shows
the relationship between mutation rate and number of
calculation for m=15. From here we see that as we increase
the mutation rate from 0.007 to 0.03, the number of
calculations decreases and on further increasing the mutation
rate the number of calculations increases. Hence we see that
the best mutation rate has gone down from 0.07 to 0.03.
Varying the selection schemes gives no variation in
performance. From Fig. 10 we can see that the mutation rate
of 0.01 is best with selection schemes showing the same
performance.
Population size Vs. Number of calculations has also
studied for data block size of m= 8, 10, 12, 15 and 20.
Different selection schemes at different mutation rates are
considered. Two such plots are shown in Fig. 11 and 12.
VIII REFERENCES
[1] David E Goldberg, “ Genetic Algorithms in Search,
Optimization, and Machine Learning”, Addison Wesley
Longman Inc.
[2] Hartmut Pohlheim, “Evolutionary Algorithms: Overview,
Methods and Operators”, Documentation for GEA toolbox
for use with matlab.
[3] Farid Ghani, “ Orthogonal signaling in Data Transmission
over Voice Frequency Channels”.
[4] A P Clark, “Advanced Data Tansmission Systems”,
Pentech Press London.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 233

Proceedings of ICCNS 08 , 27-28 September 2008
Optimized Bandwidth Sharing for Delay Guarantee
Using Feedback Loop Control
Prem Kumar Nonia and R. Manivasakan
Department Of Electrical Engineering, IIT Madras, Chennai
preminbox@gmail.com, rmani@ee.iitm.ac.in
Abstract—In the current effort to make IP network to support
different services with different quality of service (QoS) requirement,
adaptive bandwidth provisioning with feedback seems to
be an attractive solution. However previous work on feedback
model does not give the system model for GPS scheduler. In this
paper a feed back model for adaptive bandwidth provisioning is
presented in which PGPS Scheduler incorporates time varying
service weights for each queue, which is updated at each control
update interval depending upon the feedback from the receiver.
In this model it is assumed that each streaming session has a
different queue. The update of weight is such that the bandwidth
allocation is optimized among the current flows based on the
QoS objective obtained from the feedback. In this paper we
present an optimization algorithm for weight updation and some
experimental results.
I. INTRODUCTION
Along with Data, real time services such as voice and video
are also converging towards IP network. The real time services
needs certain level of QoS guarantee from the network for the
meaning full delivery of the service. Integrated services (Int-
Serv), Differentiated services (Diff-Serv) and Multi protocol
Label Switching (MPLS) have been proposed to meet various
Quality of Service requirement. Int-Serv is a connection
based architecture and works with RSVP, it involves per
flow management, but when the number of flows are large
it becomes very complex to manage. Diff-Serve on the other
hand provides class based service, it classifies the incoming
traffic into several classes such as expedited forwarding (EF),
assured forwarding (AF) and best effort (BE) classes. But diffserv
only able to provide coarse QoS guarantee to the flows.
This paper is motivated towards finding a solution in between
int-serv and diff-serv to use the advantages of a and class based
services and per flow based services. The model presented in
this paper gives per flow management only to delay sensitive
flows and class based services to other flows. here we consider
delay as a Qos parameter. The delay bound is set by the
receiver but due to random nature of other simultaneous
Internet traffic sometime delay requirement is full filled some
time not, to take care of those instants a feedback is sent to
the intermediate routers to adjust the bandwidth allocation.
Feedback parameter is computed based on the statistics of
the delayed packets. An optimization algorithm is used to
allocate the fair share of bandwidth depending upon the QoS
requirement of the flow which is obtained as the feedback from
the receiver, thus making the system a bit flexible instead of
fixed service rate scheduling.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 234
In [1] and [2] linearized feedback control system model
for end-to-end multiple-link adaptive bandwidth provisioning
was proposed and stability analysis based on adaptive P and
PI controller was given however, they did not give any feedback
model for GPS scheduler. In [3] a similar optimization
algorithm was proposed, but in this paper we propose system
model with feedback based on PGPS scheduling instead of
fluid based GPS system.
The rest of the paper is organized as follows, section II discuss
about the fluid based GPS system originally proposed by
Parekh and Galleger [4], and QoS parameter which constitutes
the basics for this paper. Section III gives the detailed system
model section IV presents the optimization algorithm followed
by simulation results in section V and finally conclusion and
future work in section VI.
II. GPS AND QUALITY OF SERVICE PARAMETERS
The generalized processor sharing scheduling policy based
on fluid flow model, in which a traffic stream is considered
to be a fluid such that a fraction of a bit can also be served.
If we have N number of Queues each with service coefficient
φ 1 , φ 2 , ... φ N then in GPS scheduling discipline
S i (τ, t)
S j (τ, t) ≥ φ i
φ j
(1)
and the minimum service rate applied to a session is
=
φ i
∑ N
i=1 φ i
C (2)
where S i (τ, t) is the served traffic amount of the i-th session
which is continuously backlogged in the interval [τ, t) and C
is the service rate.
Delay violation ratio(DVR): This is a statistical parameter
defined as the probability that end-to-end delay is greater than
the required delay bound
p(D i ≥ d i ) ≤ ε (3)
where, D i is the end-to-end delay of the packet of flow i, d i
is the required end-to-end delay bound of the flow i and ε is
the DVR.
III. SYSTEM MODEL
In the proposed system model, network traffic is broadly
classified as delay sensitive and delay insensitive. Delay
sensitive traffic are real time traffic such as voice, video

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 2.
Time Scale
Fig. 1.
System model
be stated for our case i.e with discrete time as
S i (m, n)
S j (m, n) = ∆φ i(m) + ∆φ i (m + ∆) + ∆φ i (m + 2∆)...∆φ i (n)
∆φ j (m) + ∆φ j (m + ∆) + ∆φ j (m + 2∆)...∆φ j (n)
∑ (6)
n
l=m
≥ ∑ φ i(l)
n
l=m φ (7)
j(l)
and the minimum service rate applied to a session is
and other streaming flows, and flows such as e-mail, file
download, etc are considered as delay insensitive traffics. Each
delay sensitive flows are allocated its own queue which is a
connection oriented service (i.e all the packet follow a single
path and delivered in order) and a separate queue for all the
delay insensitive class of traffic. The weights of the queues
are updated in each update control interval according to the
error signal e(n) received (feedback) from the receiver of the
real time session while the session is in service. A similar
error signal may locally be obtained for delay insensitive class
queue which corresponds to buffer over flow from a desired
buffer level (less than maximum capacity of buffer), because
packet loss is more important for delay insensitive traffic. In
this paper discussion is limited for real time session only (i.e.
considering feedback only from the receiver) assuming all the
sessions are real time. Fig.1 shows the system model based on
which simulation results are obtained. Here error signal from
the receiver for real time services is the parameter which gives
information about the over provisioning or under provisioning
of bandwidth of the associated session. If the received error
signal by the scheduler is positive the associated session is over
provisioned if the error is negative then the associated session
is under provisioned. The weights or the service coefficients
are updated in such a way that a fraction of bandwidth is
taken from the over provisioned (or over satisfied) session
and allocated to the under provisioned (unsatisfied) one. In
other words updating the service coefficients is an optimization
process such that
with the constraint that
N∑
φ i (n) = 1 (4)
i=1
φ min ≤ φ i (n) ≤ φ max (5)
where φ max and φ min is the predetermined maximum and
minimum allowable service ratio (or equivalently bandwidth)
respectively.The limits are imposed because at times there may
be some session which can over consume the bandwidth due
to continuous demand (negative error) leaving behind starving
sessions. The GPS scheduling described by equation (1) may
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 235
=
φ min
∑ N
i=1 φ i(n) C (8)
where, n is the control update interval, which is integer multiple
of the time interval between two successive weight update
timings i.e. ∆ as shown in Fig.2. S i (m, n) is the amount
of traffic served of the i-th session which is continuously
backlogged in the interval [m, n), where m is also the integer
multiple of ∆.
In this model each new session is allocated a separate
queue with a service ratio φ min taking the available bandwidth
from the over provisioned session, if there is not enough
bandwidth corresponding to φ min then connection request will
not be accepted, thus the maximum number of queue possible
is 1/φ min . The receiver on the other hand computes the DVR
of the incoming traffic and generates an error signal e(n)
which is the difference between the desired DVR ˆr and the
computed DVR r(n). This error is fed back to the scheduler
and the scheduler update the service ratio’s according the
algorithm presented in the next section.
IV. OPTIMIZATION ALGORITHM
At each control update interval the algorithm takes the
latest error signal from each receivers [e 1 (n), e 2 (n), ...e N (n)]
as input and gives service ratio vector[φ 1 (n + 1), φ 2 (n +
1), ...φ N (n+1)] as output.At first mean is calculated from the
received error vector and then mean deviation to divide the the
set of error vectors in two parts satisfied(S) and unsatisfied(U).
The mean deviation is calculated to take care of the case
when all the errors are negative or all are positive such that
level of satisfaction and unsatisfaction is shared equally among
the contending flow. The weights are updated at each control
update interval by the following relation
φ i (n + 1) = φ i (n) − α (e i (n) − e(n)) ¯
2 p ∑jεS e(n) (9)
φ i (n + 1) = φ i (n) + α (e i (n) − e(n)) ¯
2 p ∑jεU e(n) (10)
where α is the initial step-size and p is the number of iteration
to reach the optimal set of weights within the desired limit
i.e φ min ≤ φ(n) ≤ φ max , for set U if any of the updated
weight exceed the upper limit φ max then the correction term

Proceedings of ICCNS 08 , 27-28 September 2008
is reduced by half and for the set S if the corrected weight
goes below the lower limit φ min the correction term is again
reduced by half and new corrected set of weight is obtained.
The optimization algorithm is given as follows.
Input: e 1 (n), e 2 (n)...e N (n)
Output: [φ 1 (n + 1), φ 2 (n + 1), ...φ N (n + 1)]
Algorithm:
Total number of session is N
Let S and U be the set of satisfied and unsatisfied
session respectively
mean = (e 1 (n), e 2 (n)...e N (n))/N
mean deviation = [(e 1 (n) − m), (e 2 (n) −
m)...(e N (n) − m)]
for i = 1 to N
set p = 0;
while i ≠ N
do
if mean deviation ≥ 0
φ i (n + 1) = φ i (n) − α (e(n) − e(n)) ¯
2 p Σ jεS e(n)
Fig. 3.
Service ratio
if φ i (n + 1) ≤ φ min
p = p+1;
return;
else
break;
else
φ i (n + 1) = φ i (n) + α (e(n) − e(n)) ¯
2 p Σ jεU e(n)
if φ i (n + 1) ≥ φ min
p = p+1;
return;
else
break;
end
end
V. SIMULATION RESULTS
We have used packet based simulations on Matlab
platform using Simevents which is a event based simulator,
we assumed four session with Poisson distributed traffic,
with mean inter arrival (exponential distribution) time 2.5
sec and packet size of 1000 bits and server service rate is 2
kbps. Each of the sessions has different delay requirement,
session-1 has delay bound of 1.2sec similarly session-2, 3 and
4 has delay bound of 1.4 sec, 1.6 sec, 1.8 sec respectively,
including a link delay of 100 ms. we have taken the delay
violation ratio (DVR) as 0.01 for each session. Initial weights
of all queue is set to 25 and φ max is set to be 50 and φ min
to 10, the initial step size α is kept to be 0.0004. Fig.3 shows
how the weights of the queues changes (keeps optimizing)
to meet the end to end delay requirement with time based
on the feedback. Let us consider session-1, science the delay
requirement is as less as 1.2 sec, it increases from 25 to 50,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 236
Fig. 4.
Delay
similarly weights of other session adjust it self within the
constraint to meet the delay requirement close to the desired
level.
Fig.4 the time average delay of each session, we can
observe that as the session weight increases or decreases the
corresponding session’s delay decreases or increases respectively.
It is also observed that delay does not converge to the
desired delay requirement, it remains at 0.1 sec to 0.2 sec
(a steady state error, generally encountered with feed back
system) more than the required level.

Proceedings of ICCNS 08 , 27-28 September 2008
VI. CONCLUSIONS
In this paper a feedback system model which is a QoS aware
system, to meet the various delay requirement is presented.
A optimization algorithm is used to keep on optimizing the
service weights of the running session based on the feed
back received from the receiver. Simulation results obtained
is based on the packet level simulation instead of fluid simulation,
figure shows how service weights (allocated bandwidth)
changes to meet the desired delay bound, but some steady state
error remains close to the required delay bound. The above
proposed model tries to provide fine QoS guarantee to the
delay sensitive traffic. It can be used with diff-serv to improve
the service guarantee to delay sensitive traffic in the core
transport network. Future work is to improve the optimization
algorithm for better tracking of the receiver feedback.
REFERENCES
[1] H. Wang, C. Huang, and J. Yan, ”A Feedback Control Model for Multiple-
Link Adaptive Bandwidth Provisioning System”, IEEE ICC 2006.
[2] H. Wang, C. Huang, and J. Yan, ”Efficient multiple link Adaptive
Bandwidth Provisioning for End to End Quality of Service”, IEEE
CCECE/CCGEI, Ottawa, May 2006.
[3] W Park, J.Y. Lee and D. K. Sung, ”Bandwidth optimization algorithm
based on bandwidth ratio adjustment in Generalized processor sharing
servers, IEEE ICC 2006.
[4] A. Parekh and R. Gallager, ”A Generalized processor sharing approach
to flow control in integrated services network: The single node case”,
IEEE/ACM Transaction on Networking, vol 1, pp.344-357, June 1993.
[5] A. Parekh and R. Gallager, ”A Generalized processor sharing approach
to flow control in integrated services network: The multiple node case”,
IEEE/ACM Transaction on Networking, vol 2, pp.137-150, April 1994.
[6] J.Y.Lee, S. Kim, D Kim and D K Sung, ”Bandwidth optimization for
internet traffic in generalized processor sharing”,IEEE Transactions on
Parallel and Distributed Systems, Vol. 16, No. 4, April 2005.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 237

Proceedings of ICCNS 08 , 27-28 September 2008
Network Analyzers and Device Management
Thaksen J. Parvat 1 , Dr. Yogesh Singh 2 , Dr. Pravin Chandra 3
Abstract The purpose of this paper to present traffic analyzers and
device management. We have studied the results of traffic analyzers
and SNMP based device control utilities provided by manufacturers.
The results of our analyzer are presented as highlights. We want to
integrate device management feature to traffic analyzer. This will
exploit the limitations of traffic analysis and research will be initiated
to development of software for network administrators and users of
middle size networks.
Keywords—Analysis, Bandwidth, Management, Packet,
Planning, Protocols, SNMP, Traffic Measurement,
I. INTRODUCTION
Network management is challenging due to heterogeneity of
hosts. Network administrators need to collect information all
about his network. Traffic measurement and monitoring is
most fundamental aspect of automated network management.
There is always a need of knowing performance of one’s
network to planning, estimation, traffic engineering and QoS.
Measurement and monitoring tools support activities like
network optimization and planning, device management, and
tackle performance related issues.
The traffic characteristics measurements on network is
categorized in two types[9]:
1. Active Methods: sending controlled probe traffic
along the path on target network and observe it at
receiving host for traffic.
2. Passive Methods: capturing real traffic on target
network at one or more points and analyze data.
II. BACKGROUND
Today most of traffic flow measurement [2] devices based of
data acquisition techniques and has to adopt one of these.
SNMP query, Test Access Ports (TAPs) or SPAN Ports,
Packet sniffing and analyzing flow experts like NetFlow /
SFlow / cflowd / J-Flow / Netstream / IPFIx management.
Network also include routers, L2 switches, firewalls, Accesspoints.
These devices has been controlled by administrator
independently either by GUI support or text based terminal .
These controlled devices running independent OS and web
support. The critical problem is that all devices can’t
communicate each because of policies of network and they are
vendor specific.
1 Sinhgad Institute of Technology, Gat No. 309/310, Kusgaon (Bk.) Off
Mumbai-Pune Expressway, Lonavala, Dt. Pune-410 401 (M.S.) India,
pthaksen@yahoo.com
2& 3 University School of Information Technology, Guru Gobind Singh
Indraprastha University, Kashmere Gate, Delhi-110 403. ys66@ipu.edu ,
pchandra@ipu.edu
The capability to discover a network using SNMP[5] query
and SNMP Agent is working there. Devices use scan methods
to identify network hosts.
Packet sniffer copy and collect the local traffic by capturing
the packets from the interface. It is useful for troubleshooting,
network intrusion detection, and monitoring network usage.
The advantage is the ability it lends to account the actual
traffic by IP address and the protocol. It also cause load to
system.
Simple Network Management Protocol uses SNMP Queries
on SNMP agents running in the network device, to get
information about bandwidth and hosts. SNMP query gives a
consolidated figure, so further it needs to be analyzed like
who, when and what aspects of bandwidth usage. As it is
using pull-technology, it may cause considerable load to
network.
Span pots[9]( Switched Port Analyzer) is a port designed on
switches to mirror traffic received on other ports. Test access
ports are traffic replicators and placed between two routers,
firewalls or switches that sends, a copy of all the network
traffic flow through them. These ports can be used to forward
network traffic to analyzer where network traffic can be
tapped. The main challenge is cost for deployment and
management of all these.
Flow base technology devices working on layer 3 and layer 4
gives packet information. It contains information like
NetFlow, sFlow, cflowd, J-Flow, Netstream, and IPFIX[2]
provides depth view of traffic flow. They offer a scalable and
low cost approach. The extracted data can gives following
details about network. Which provides necessary information
to make planning decisions. Also detect network abuse if any
in monitoring QoS and security attacks up to certain extent.
Devices based on packet capturing library Libcap/WinPacap
Ethereal/ Ntop[6] are also powerful developed by open source
network community. It is used by professionals around the
world for software and protocol deployment , troubleshooting
and network analysis. It runs on all popular computing
platforms. Its features are ability to capture from line
connection. As its base is on libcap library, it is able to read
any other analyzers data. The data can be read from Ethernet,
FDDI, Token- Ring, and Claasical IP over ATM and
Loopback interfaces. The captured data can browse with GUI
support or tty-mode tethereal program. The captured file can
be edited or converted.
III. PRESENT TRAFFIC MEASUREMENT ANALYSIS TOOLS
NeTraMet[1] is an implementation of the guidelines in Realtime
flow measurement. It can be classified as a traffic meter
that utilizes passive methods to collect flow-based traffic
information from networks.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 238

Proceedings of ICCNS 08 , 27-28 September 2008
It has ability to handle flows with different levels of
granularity and to cope with high speed networks. But it is not
affordable to all due to cost.
NetFlow Analyzers are suitable for big enterprises distributed
over a glob and has ability to handle millions of hosts and
users. For this it is offering distributed enterprise version.
Ntop[7 ] : it is network traffic probe gives network usage
based on libcap library. It has web base support with GUI .a
default web browser used to display information. It has very
less configuration and installation. The main advantage is that
required less memory and CPU utilization and varies
according to size of network. It produces RMON like network
statistics. It displays IP traffic subnet matrix. It identifies host
OS. Display traffic statistics etc.
Wireshark / Ethereal [10, 11]: It is open source license allows
talented experts in the networking community to add
enhancements. It runs on all popular computing platforms,
including UNIX, Linux and Windows. It is preferred by
professionals around the word because of its features for
troubleshooting, analysis, software and protocol development,
and education. It supports 759 protocols as on today.
sFlow[4]: It is a leading multi-vendor standard for monitoring
high-speed switched and routed networks. sFlow is
exclusively developed as monitoring technology which is not
like
NetFlow of Cisco: It gives complete visibility of network
activity and enables effective management and control of
network resources. It gives comprehensive network analysis.
It defends against threats of network security and ensure
guaranty of delivery. Most leading network vendors like HP,
Hitachi, NEC products supports sFlow.
WhatsUpGold[11]: It is a easy tool for monitoring TCP/IP,
NetBIOS and IPX networks. Because of its web interface one
can vies network status from a web browser on any computer
on the internet. It notify problems by digital beeper, sounds,
winpops, e-mail or messages. Using discover and map
technique, it can scan entire network. We can also create a
network map by scanning for SNMP information. It uses
following scan methods.
1. Poll devices on network where you are connected.
2. Identify TCP/IP, NetBIOS or IPX devices.
3. Create network map of all devices associated with a specific
address.
Different types of tools and techniques are used for network
management from few hosts to thousands of hosts in
enterprise.
Sufficient care is taken for security purpose. Administrators,
troubleshooters load is reduced up to certain extent. All these
devices are designed to provide following basic
functionalities.
1. Host detection.
2. Protocol usage/ distribution.
3. Bandwidth utilization.
4. Intranet and internet traffic characterization.
5. Device management.
These tools are sophisticated protocol analyzers to simple
light applications. They are either software or hardware.
Important issue is that, solving problem of performance may
not handle other issue like device management.
Large enterprises can deploy individual tools for each task
separately. This is not possible for small business. They need
to have a one offer abele tool able to manage network traffic
as well as all network controlled devices like switches,
routers, firewalls etc. Cisco has provided this feature to its
devices but the problem is when we have other than Cisco.
The campus network can be controlled by developing a light
system without increasing much more load to system.
IV. HIGHLIGHTS OF ANALYSIS
This section summarizes conclusions of selected observations
from the network traffic measurement analysis process of
network.
1) Most of the results show that network connected to Public
network TCP is a dominant protocol but most of the traffic is
UDP packets.
2) Traffic flows are bi-directional and asymmetric. In the
observations, the host-to-host traffic there is always send and
received data but in differ size.
3) Most TCP conversations are short-lived. Over 90% of TCP
conversations transfer less than 10 kb in size.
4) The packet arrival process is unpredictable. The packet
arrival time is random and independent and no two packets
arrive exactly same time. The packet arrival process is bursty;
packets arrive in clumps. This is because of protocols used in
data transmission.
5) Session arrival processes is predictable. Every user operates
independently in network at random, but session arrival
process is defined well.
6) Packet size is in two models. Many of the packets less than
50% are as large as possible that carry maximum size of data
permitted based on MTU (For Ethernet it is 1500 bytes)
parameter defined for a network interface. About 40% packets
are smaller in size only including headers. The rest of
10% are randomly between the lower and upper limits.
7) Packet traffic is not uniform. By analyzing source and
destination addresses carried in TCP/IP packets shows that
packet traffic is highly non-uniformly distributed among the
hosts. Common observation is that 90% traffic is generated by
10% hosts and remaining all.
8) Network traffic continues to change. By observing for time
slot or by no. Of packets, it is always differ i.e. the bandwidth
of network is always changing on every second or on every
packet.
V. PROPOSED WORK
The literature study on network traffic measurement analysis
and device management has evolved following issues:
1. These devices give bandwidth utilization of entire network,
it is necessary to have band width utilization of individual host
in network.
2. These devices are application specific.
3. There is necessity to develop analyzer with device
management idea.
4. There is no choice for user to select particular field from
packet header to be recorded.
5. All these analyzers put load to system.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 239

Proceedings of ICCNS 08 , 27-28 September 2008
It is therefore to conduct experimentation, which will exploit
all above limitations of Network Analyzers. A new smart
software device is to be developed for Network Traffic
Measurement Analysis and Managing Network Control
Devices in the intranet.
Taking advantage of CSMA/CD and using any one data
acquisition method this research review paper titled “smart
network analysis and device management” aims to develop a
software tool which enable one to measure, analyze and
monitor a network. This incorporates the study of various
features like support different protocols viz. TCP/IP optimize,
Ethernet and backbone networks utilization etc.
The second phase is to add feature of device management to
traffic analyzer. Cisco has already this feature to their network
control devices. The ability to explore type of host, operating
system, network interface etc.
WhatsupGold has ability to handle different kind of devices
but it is not affordable to cost wise. We want to add
intelligence to traffic analyzer. For this purpose SNMP based
application added to traffic analyzer.
[10] Ethereal home page : http://www.ethereal.org
[11] http://ipswitch.com
VI. CONCLUSION
The purpose of this paper is to study network measurement
analysis techniques and tools. Network management devices
have monitoring capabilities and they are managed as
individual in network. Different technologies are used for
traffic data collection and analysis.
Advantage of adding device management feature with
network analyzers will be added value to analyzers. The first
step is to review leading traffic analyzers and device
management tool.
Second step is to develop a smart traffic analyzer. Third step
is to add SNMP based device management feature to analyzer.
Finally we are trying to develop a software that will help to
network administrator, troubleshooters to optimize the
performance of medium size networks. The deployment of
this tool will reduce load to administrator and system and
improve the performance.
REFERENCES
[1] NeTraMet home page:
http://auckland.ac.nz/net/NeTraMet
[2] Thomas Linda, Nevil Brownlee- “Integrating Active
Methods and Flow Metwrs” An implementation Using
NetraMet.
[3] IPFIX IETF working group home page:
http://www.ietf.org/html.charters/ipfixcharter.html.
[4] SFlow home page: http://www.sflow.org.
[5] RFC 2720-2724
[6] L. Deri, R. Carbon, S. Suin, Monitoring networks using
Ntops, Proc. IEEE IM, 2001, pp. 199-212, May 2001.
[7] Luca Deri, Finsiel S.P.A., Stefano Suin, University of Pisa,
Effective Traffic Measurement Using ntop, IEEE
Communication Magazine, May 2000.
[8] M. Roesh, “ Snort – Lightweight Intrusion Detection for
Networks ”, Proceeding of LISA ‘99’,1999.
[9] Ilka Milouchava, Ali Nisari, Ulrich Hofmann “next
Genaration Network Initiative” IST-2000-26418 (NGNI)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 240

A Novel Method of Broadcasting using Zone Based
Multicasting AMRoute in Mobile Adhoc Networks
Wg Cdr(Retd) Devasish Pal
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract—Due to high mobility & adhoc nature of mobile nodes
combined with absence of a centralized framework in MANETs
broadcasting is required for reasons of discovering routes, sending
error messages, to erase invalid routes, raising alerts and alarms etc.
Whenever the manet is distributed over a large area it is proposed to
be divided into non overlapping zones using GPS and ―hello‖ packets
as described in the ZBIDS concept. Multicast is a type of
communication used for communicating between groups of
computers. In this paper all nodes in a zone are considered as
members of a user multicast tree as per AMRoute. The interzone
nodes pass the broadcast message to their peers in other zones who in
turn carry out the broadcast following the same procedure as per
AMRoute. Zone wise user multicast trees have their own core node
which is dynamic. Firstly, Zone wise broadcast using AMRoute
eliminates single point of failure of core node. Secondly if a core
node is compromised or fails in its operation due to link failure etc
another node takes over as core node as per core resolution algorithm.
Thirdly, simultaneous zone wise broadcast is much faster and the
overheads are evenly distributed zone wise. Fourthly, mobility of
nodes does not alter the tree structure which reduces the signaling
traffic and packet loss. Finally Multicasting sends single copy of a
packet to all clients and avoids sending multiple copies of a packet
over the same portion of the network. This reduces congestion and
overheads in the system.
Keywords—AMRoute, Core node, gateway node, user multicast
tree.
A
I. INTRODUCTION
mobile ad hoc network [4] enables wireless
communications between anticipating mobile nodes that
are out of one another’s transmission range need the support
of intermediate nodes, which relay messages to set up a
communication between each other. The broadcast operation
is the most fundamental role in ad hoc networks. Broadcast
operation has extensive applications, such as when used in the
route query process in routing protocols, when sending error
messages to erase invalid routes or when used as an efficient
mechanism for reliable multicast in highly dynamic wireless
networks. In general, broadcasting refers to a process of
transmitting a packet so that each node in a network receives a
copy of this packet.
The remainder of the paper is organized as follows:
Section 2 highlights the various broadcast techniques available
for Manet. Section 3 explains in brief about Zonal Based
Intrusion Detection System (ZBIDS). Section 4 mentions the
characteristics and advantages of user multicast AMRoute.
Proposed Zone Based Broadcasting using Multicasting
AMRoute and its Advantages in Mobile Adhoc Networks is
presented in Section 5
A. Simple Flooding
II. RELATED WORK
Simple Flooding requires each node to rebroadcast all
packets. The algorithm for Simple Flooding [5, 6] starts
with a source - broadcasting a packet to all neighbors. Each
of the neighbors in turn rebroadcast the packet exactly one
time and this continues until all reachable network nodes
have received the packet. Here the overheads are high.
B. Probability Based Methods
1) Probabilistic Scheme: This form is similar to
flooding except that nodes only rebroadcast with a predetermined
probability. In dense networks multiple nodes
share similar transmission coverage. Thus, randomly
having some nodes rebroadcast saves node and network
resources without harming delivery effectiveness. In sparse
networks, there is much less shared coverage thus, nodes
won't receive all the broadcast packets with the Probabilistic
scheme unless the probability parameter is high. When the
probability is 100%, this scheme is identical to Flooding.
2) Counter-Based Scheme: Ni et al [8] show an
inverse relationship between the number of times a
packet is received at a node and the probability of that
node being able to reach additional area on a
rebroadcast. This result is the basis of their Counter-
Based scheme. Upon reception of a previously unseen
packet, the node initiates a counter with a value of one
and sets a RAD (which is randomly chosen between 0
and Tmax seconds). During the RAD, the counter is
incremented by one for each redundant packet received. If
the counter is less than a threshold value when the RAD
expires, the packet is rebroadcast. Otherwise, it is simply
dropped. The overriding compelling features of the Counter-
Based scheme are its simplicity and its inherent adaptability
to local topologies. That is, in a dense area of the network,
some nodes won't rebroadcast in sparse areas of the
network, all nodes rebroadcast.
C. Area Based Methods
Suppose a node receives a packet from a sender that is
located only one meter away. If the receiving node
rebroadcasts, the additional area covered by the
retransmission is quite low. On the other extreme, if a node
is located at the boundary of the sender node’s transmission
distance, then a rebroadcast would reach significant
additional area, 61% to be precise [8]. A node using an Area
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 241

Proceedings of ICCNS 08 , 27-28 September 2008
Based Method can evaluate additional coverage area based
on all received redundant transmissions. We note that area
based methods only consider the coverage area of a
transmission; they don't consider whether nodes exist within
that area.
1) Distance-Based Scheme. A node using the
Distance-Based Scheme compares the distance between
itself and each neighbor node that has previously
rebroadcast a given packet. Upon reception of a
previously unseen packet, a RAD is initiated and redundant
packets are cached. When the RAD expires, all source node
locations are examined to see if any node is closer than a
threshold distance value. If true, the node doesn't
rebroadcast.
2) Location-Based Scheme: The Location Based
scheme [8] uses a more precise estimation of expected
additional coverage area in the decision to rebroadcast.
In this method, each node must have the means to
determine its own location, e.g., a Global Positioning
System (GPS). Whenever a node originates or
rebroadcasts a packet it adds its own location to the header
of the packet. When a node initially receives a packet, it
notes the location of the sender and calculates the additional
coverage area obtainable were it to rebroadcast. If the
additional area is less than a threshold value, the node will
not rebroadcast, and all future receptions of the same packet
will be ignored. Otherwise, the node assigns a RAD before
delivery. If the node receives a redundant packet during the
RAD, it recalculates the additional coverage area and
compares that value to the threshold. The area calculation
and threshold comparison occur with all redundant
broadcasts received until the packet reaches either its
scheduled send time or is dropped.
D. Neighbor Knowledge Methods
1) Flooding with Self Pruning: The simplest of the
Neighbor Knowledge Methods is what Lim and Kim
refer to as Flooding with Self Pruning [7]. This
protocol requires that each node have knowledge of
its l-hop neighbors, which is obtained via periodic
―Hello" packets.
A node includes its list of known neighbors in the
header of each broadcast packet. A node receiving a
broadcast packet compares its neighbor list to the sender's
neighbor list. If the receiving node would not reach any
additional nodes, it refrains from rebroadcasting;
otherwise the node rebroadcasts the packet.
2) Scalable Broadcast Algorithm: The scalable
Broadcast Algorithm (SBA) [4] requires that all nodes
have knowledge of their neighbors within a two hop radius.
This neighbor knowledge coupled with the identity of the
node from which a packet is received allows a receiving
node to determine if it would reach additional nodes by
rebroadcasting. 2-hop neighbor knowledge is achievable
via periodic "Hello" packets; each "Hello" packet contains
the node's identifier (IP address) and the list of known
neighbors. After a node receives a "Hello" packet from all
its neighbors, it has two hop topology information centered
at itself.
3) Dominant Pruning: Dominant Pruning also uses 2-hop
neighbor knowledge, obtained via ―Hello‖ packets, for
routing decisions [7]. Unlike SBA, however, Dominant
Pruning requires rebroadcasting nodes to proactively choose
some or all of its 1-hop neighbors as rebroadcasting nodes.
Only those chosen nodes are allowed to rebroadcast. Nodes
inform neighbors to rebroadcast by including their addresses
as part of a list in each broadcast packet header. When a
node receives a broadcast packet it checks the header to see
if its address is part of the list. If so, it uses a Greedy Set
Cover algorithm to determine which subset of neighbors
should rebroadcast the packet, given knowledge of which
neighbors have already been covered by the sender’s
broadcast. The Greedy Set Cover algorithm, as adapted in
[7] from [11], recursively chooses 1-hop neighbors which
cover the most 2-hop neighbors and recalculates the cover
set until all 2-hop neighbors are covered.
4) Multipoint Relaying: Multipoint Relaying [12] is
similar to Dominant Pruning in that rebroadcasting nodes
are explicitly chosen by upstream senders. For example, say
Node A is originating a broadcast packet. It has previously
selected some, or in certain cases all, of it one hop neighbors
to rebroadcast all packets they receive from Node A. The
chosen nodes are called Multipoint Relays (MPRs) and they
are the only nodes allowed to rebroadcast a packet received
from Node A. Each MPR is required to choose a subset of
its one hop neighbors to act as MPRs as well. Since a node
knows the network topology within a 2-hop radius, it can
select 1-hop neighbors as MPRs that most efficiently reach
all nodes within the two hop neighborhood. The authors of
[12] propose the following algorithm for a node to choose
its MPRs:
Find all 2-hop neighbors that can only be reached by one
1- hop neighbor. Assign those 1-hop neighbors as MPRs.
Determine the resultant cover set (i.e., the set of 2-hop
neighbors that will receive the packet from the current
MPR set).
From the remaining 1-hop neighbors not yet in the MPR
set, find the one that would cover the most 2- hop
neighbors not in the cover set.
Repeat from step 2 until all 2-hop neighbors are covered.
In Multipoint Relaying, ―Hello‖ Packets include fields for a
node to list the MPRs it has chosen. Anytime a node
receives a ―Hello‖ packet, it checks if it is a MPR for the
source of the packet. If so, it must rebroadcast all data
packets received from that source. Clearly, the update
interval for ―Hello‖ packets must be carefully chosen and, if
possible, optimized for network conditions.
5) The Ad Hoc Broadcast Protocol (AHBP): In
AHBP[13], only nodes who are designated as a Broadcast
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 242

Proceedings of ICCNS 08 , 27-28 September 2008
Relay Gateway (BRG) within a broadcast packet header are
allowed to rebroadcast the packet. BRGs are proactively
chosen from each upstream sender, which is a BRG itself.
The algorithm for a BRG to choose its BRG set is identical
to that used in Multipoint Relaying (see steps 1-4 for
choosing MPRs).
6) Connected Dominating Set: Peng and Lu describe the
Connected Dominating Set (CDS Based Broadcast
Algorithm, a more calculation intensive algorithm for
selecting BRGs, in [9]. Where AHBP only considers the
source of the broadcast packet to determine a receiving
node’s initial cover set, CDS-Based Broadcast Algorithm
also considers the set of higher priority BRGs selected by
the previous sender [9]. For example, suppose Node A has
selected Nodes B, C and D (in this order) to be BRGs.
When Node C receives a broadcast packet from Node A,
AHBP requires Node C to add neighbors common to Node
A to the initial cover set. CDS-Based Broadcast Algorithm
also requires that Node C adds neighbors common to Node
B, because Node B is a higher priority BRG. Likewise,
Node D is required to consider common neighbors with
nodes A, B and C. Once the initial cover set is determined, a
node then chooses which neighbors should function as
BRGs. The algorithm for determining this is the same as
that for AHBP and Multipoint Relaying (see steps 1-4 for
choosing Multipoint Relays).
7) Lightweight and Efficient Network-Wide Broadcast:
This (LENWB) protocol [10] also relies on 2-hop neighbor
knowledge obtained from ―Hello‖ packets. However,
instead of a node explicitly choosing nodes to rebroadcast,
the decision is implicit. In LENWB, each node decides to
rebroadcast based on knowledge of which of its other one
and two hop neighbors are expected to rebroadcast. The
information required for that decision is knowledge of
which neighbors have received a packet from the common
source node and which neighbors have a higher priority for
rebroadcasting. The priority is proportional to a node’s
number of neighbors; the higher the node’s degree the
higher the priority. Since a node relies on its higher priority
neighbors to rebroadcast, it can proactively compile if all of
its lower priority neighbors will receive.
III. ZONE BASED SELECTION AS PER ZBIDS
Zone Based Intrusion Detection system (ZBIDS) has non
overlapping zones that can be obtained based on geographic
partitioning [3]. With the availability of GPS, it is possible for
a mobile host to know its physical location. It can then
determine its zone ID by mapping its physical location on to a
zone map, which has to be worked out at the design phase. By
some locally broadcast mechanism (Hello messages, e.g.),
each node can know the information of its neighbors.
Therefore it can determine whether it is an interzone node or
intrazone node based on connectivity. Interzone nodes are also
referred as gateway nodes, which exchange information with
their peers in neighbor zones. A node may change its role over
time due to mobility. An example of ZBIDS is depicted in
figure 1.
Selection of the zone size is critical and depends on
factors such as node mobility, network density, transmission
power and propagation characteristics, etc. The zone size
should be neither too large nor too small. Large zone size, the
broadcast alerts may involve large communication overhead.
Likewise, if the zone size is too small, the gateway nodes may
not be of sufficient number, which may lead to single point
failure. In figure 1 nodes 4, 7 and 8 are the gateway nodes of
zone 5.
Gateway nodes in neighboring zones collaborate in order
to perform broadcasting by passing the information to their
corresponding multicast trees. There may exist many gateway
nodes in a zone, thus avoiding the issue of single point of
failure.
Fig. 1 The Zone Based IDS Framework for Mobile Ad Hoc
Networks.
IV. AMROUTE USER MULTICAST TREE
A mesh is created between the members of the group by a
Mesh Creation technique, which involves broadcasting a
Control Packet to identify the members of the Group. This is
an ―Expanded Ring Search‖ algorithm [14]. Each of the mesh
created consists of a Logical Core node, which is responsible
for maintaining the tree and its members. The core is selected
by using a ―Core Resolution‖ algorithm. Once a Mesh is
created, a User Multicast Tree is built from it. This tree is
formed in such a way that the nodes of the tree are the
members of the group.
The next step is to maintain the Tree created. This is done
by periodically sending a message to all the members of the
group. The core node is responsible for sending this packet. It
maintains a TREE_CREATE_TIMER. There is a procedure
for nodes to join and also to leave the group. The logical core
node periodically broadcasts this JOIN_REQ message for new
nodes to join the group. If a node leaves a group, they send out
a single JOIN-NAK message to their neighboring nodes. If
they subsequently receive any data or signaling message for
that group they can send out further JOIN-NAK messages.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 243

Proceedings of ICCNS 08 , 27-28 September 2008
To improve the efficiency of the AMRoute protocol a
Core Migration technique is used. A new core is being elected
periodically so that the core migrates and thereby the tree is
maintained effectively. An AMRoute segment can also have
no core nodes because the core node may disappear (e.g.,
leaves the group) or moves to next zone, an existing segment
is split into multiple disjoint segments (e.g., because of link or
node failure). If a segment does not have a core node, one of
the nodes will designate itself as the core node at some
random time, on not receiving any join or tree creation
messages. A node may move from one zone to another. It
joins the new zone tree as its new member and disconnects
itself from the old tree in its previous zone.
A. Advantages of user multicast tree Amroute
Core node [14] is selected dynamically avoiding single
point failure. Core node resolution algorithm is available to
resolve core node selection when code node fails to operate or
multiple core nodes are available.
Mobility of nodes does not alter the tree structure which
reduces the signaling traffic and packet loss. Unicast tunnels
are used as the tree links to connect neighbors on the user
multicast tree, independent of specific unicast routing
protocol. Hence it can operate seamlessly over separate
domains with different unicast protocols. User multicast tree
also eliminate the need to change the tree as the network
changes.
Core can migrate dynamically according to group
membership and network connectivity.
The main advantage of multicasting is that a sender only
needs to send the data once so that significant resources (e.g.,
network transmission bandwidth) can be saved. The following
functions are to be performed. Sender sends each set of data
only once. Receiver can participate in the multicast at any time
by joining the multicast group and receiving the sent packets.
Multicasting sends single copy of a packet to all clients
and avoids sending multiple copies of a packet over the same
portion of the network. This reduces congestion and overheads
in the system.
V. PROPOSED ZONE BASED BROADCASTING USING
MULTICASTING AMROUTE AND ITS ADVANTAGES IN MOBILE
ADHOC NETWORKS
Whenever the manet is distributed over a large area it is
proposed to be divided into non overlapping zones using GPS
and ―hello‖ packets as described in the ZBIDS concept[3].
Multicast is a type of communication used for communicating
between groups of computers. In this paper all nodes in a zone
are considered as members of a user multicast tree as per
AMRoute. The interzone nodes also called gateway nodes
pass the broadcast message to their peers in other zones who
in turn carry out the broadcast following the same procedure
as per AMRoute. Zone wise user multicast trees have their
own core node which is dynamic. Zone wise broadcast using
multicasting where all nodes within the zone are members of
the user multicast tree eliminates single point of failure of core
node.
Fig. 2 Screen shot of AMRoute tree
Multicasting (AMRoute) sends single copy of a packet to
all clients and avoids sending multiple copies of a packet over
the same portion of the network. This reduces congestion and
overheads in the system.
Simultaneous zone wise broadcast is much faster and the
overheads are evenly distributed zone wise.
If a core node is compromised or fails in its operation due
to link failure etc another node takes over as core node as per
core resolution algorithm.
Mobility of nodes does not alter the tree structure. This
reduces the signaling traffic and packet loss.
Unicast tunnels are used as the tree links to connect
neighbors on the user multicast tree which are independent of
specific unicast routing protocol. Hence it can operate
seamlessly over separate domains with different unicast
protocols.
Core can migrate dynamically according to group
membership and network connectivity.
VI. CONCLUSION
This new concept of broadcasting in MANET zone wise
using multicasting (AMRoute) where all nodes of a zone are
considered as members of a multicast group presents a number
of advantages. Significant among them is that the entire
problem of broadcast over MANET is divided and distributed
zone wise. The overheads get spread equally over the zones.
Broadcasting, simultaneously, the operation is faster. Zone
wise broadcast eliminates single point of failure of core node.
If a core node is compromised or fails in its operation due to
link failure etc another node takes over as core node as per
core resolution algorithm. Mobility of nodes does not alter the
tree structure which reduces the signaling traffic and packet
loss. Multicasting sends single copy of a packet to all clients
and avoids sending multiple copies of a packet over the same
portion of the network. This reduces congestion and overheads
in the system.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 244

Proceedings of ICCNS 08 , 27-28 September 2008
[13] W. Peng and X. Lu. AHBP: An efficient broadcast protocol for
mobile ad hoc networks. Journal of Science and Technology -
Beijiing. China, 2002.
[14] Bommaiah, McAuley, Taplade and Liu ‖AMRoute: Ad hoc Multicast
Routing Protocol‖, draft-talpade-manet-amroute-00.txt, August 6, 1998
[15] Ballardie T., ―Core based Trees (CBT) Mulitcast Routing
Architecture‖, RFC 2201, September,1997.
Fig. 3 Screen shot of MANET divided into six non-overlapping zones
having user multicast trees zone wise.
REFERENCES
[1] Devan Tanvir Ahmed, ―Multicasting in Ad Hoc Networks‖ University
of Ottawa.
[2] Williams, Camp ―Comparison of Broadcasting Techniques for
Mobile Ad Hoc Networks‖ – (2002)
[3] Tiranuch Anantvalee and Jie Wu ―A Survey on Intrusion Detection
in Mobile Ad Hoc Networks Wireless/Mobile Network Security‖
Y. Xiao, X. Shen, and D.-Z. Du (Eds.) pp. 170 - 196 c° 2006 Springer
[4] W. PengandX. Lu. ―On the radiation of broadcast redundancy in
mobile ad hoc networks.‖ In Proceedings of MOBIHOC, 2000.
[5] C. Ho, K. Obracaka, G. Tsudik, and K. Viswanath. ―Flooding for
reliable multicasting in multi-hop ad hoc networks.‖ In
Proceedings of the international Workshop on Discrete Algorithms
and Methods for Mobile Computing and Communication (DIALM),
pages 64—71, 1999.
[6] J. Jetcheva,’Y. Ru, D. Malta, and D. Johnson. ―A simple protocol
for multicast and broadcast in mobile ad hoc networks.‖ Intemet
Draft manet-simple-mbcast-0 1.txt, July 2001.
[7] H. Lim and C. Kim. ―Multicast tree construction and flooding in
wireless ad hoc networks.‖ In Proceedings of the ACM
<strong>International</strong> Workshop on Modeling, Analysis and Simulation of
Wireless and Mobile Systems (MSWIM), 2000.
[8] Tseng, Chen, and. Sheu. ―The broadcast problem in a mobile ad
hoc network.‖ In Proceedings of the ACM/IEEE international
<strong>Conference</strong> on Mobile Computing and Networking (MOBICOM),
pages 151—162, 1999.
[9] W. Peng and X. Lu. ―Efficient broadcast in mobile ad hoc networks
using connected dominating sets.‖ Journal of Software - Bejing.
China, 1999.
[10] J. Sucec and L Marsic. ―An efficient distributed network-wide
broadcast algorithm for mobile ad hoc networks.‖ CAIP Technical
Report 248 - Rutgors University, Sertember 20W.
[11] L. Lovasz. ―On the ratio of optimal integral and fractional covers‖
Discrete Mathematics, 1975.
[12] A.Qayyum, L.Viennot,andA. Laouiti.‖Multipoint relaying: An
efficient technique for flooding in mobile wireless networks.‖
Technical Report 3898, INRIA - Rapport de recherche, 2000.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 245

Proceedings of ICCNS 08 , 27-28 September 2008
Mobile Forensics: the study of collecting digital
evidence from mobile devices
Rizwan Ahmed, Dr. R. V. Dharaskar, and Dr. V. M. Thakare
Abstract—Mobile phone proliferation in our societies is on the
increase. Advances in semiconductor technologies related to mobile
phones and the increase of computing power of mobile phones led to
an increase of functionality of mobile phones while keeping the size
of such devices small enough to fit in a pocket. This led mobile
phones to become portable data carriers. This in turn increased the
potential for data stored on mobile phone handsets to be used as
evidence in civil or criminal cases. This paper examines the nature of
some of the newer pieces of information that can become potential
evidence on mobile phones. It also discusses some of the emerging
technologies and their potential impact on mobile phone based
evidence. The paper will also cover some of the inherent differences
between mobile phone forensics and computer forensics. It also
highlights some of the weaknesses of mobile forensic toolkits and
procedures. Finally, the paper shows the need for more in depth
examination of mobile phone evidence.
Keywords—Mobile forensics, mobile phone evidence, mobile
forensic toolkits, digital device forensics.
I. INTRODUCTION
Mobile phone proliferation is on the increase with the
worldwide cellular subscriber base reaching 3.75 billion by
the year end of 2008 [1]. In India alone, there are 272 million
mobile phone subscribers [33] which are growing at a rapid
pace. India has surpassed United States of America in number
of mobile subscribers to become number 2 in the world which
is only next to China [34]. The Figure 1 shows Company wise
market share in India.
While mobile phones outsell personal computers three to
one, mobile phone forensics still lags behind computer
forensics. Even when comparing sales figures of smart mobile
phone devices which have some Personal Digital Assistant
(PDA) capabilities, to the sale figures of the actual PDA
devices, smart mobile phones sales continued to grow while
the PDA figures continue to decline [2]. Data acquired from
Rizwan Ahmed is with the Anjuman College of Engineering and
Technology, Sadar, Nagpur 440001 (MS) India (phone: +91-712-2582749;
fax: +91-712-2583559; e-mail: rizwanmailbox@ gmail.com).
Dr. R. V. Dharaskar is with the P. G. Department of Computer Science and
Engineering, G. H. Raisoni College of Engineering, Hingna Road, Nagpur
440016 (MS) India (e-mail: rvdharaskar@rediffmail.com).
Dr. V. M. Thakare is with P. G. Dept. of Computer Science, S. G. B.
Amravati University, Amravati (MS) India(e-mail: vilthakare@yahoo.co.in).
mobile phones continues to be used as evidence in criminal,
civil and even high profile cases [3]. However, validated
frameworks and techniques to acquire mobile phone data are
virtually non-existent.
Fig. 1 Company wise Market share in India [33]
A. The need for mobile phone handset forensics
The following section of the paper will discuss the need for
mobile forensics by highlighting the following:
• Use of mobile phones to store and transmit personal
and corporate information
• Use of mobile phones in online transactions
• Law enforcement, criminals and mobile phone
devices
B. Use of mobile phones to store and transmit personal and
corporate information
Mobile phones applications are being developed in a rapid
pace. Word processors, spreadsheets, and database-based
applications have already been ported to mobile phone devices
[4]. The mobile phone’s ability to store, view and print
electronic documents transformed these devices into mobile
offices. The ability to send and receive Short Message Service
(SMS) messages also transformed mobiles into a message
centre. In India alone, nearly 1.5 billion (1,492,400,769) text
messages (SMS) were sent per week between January and
May, 2008, the Mobile Data Association (MDA) said [1].
SMS was further upgraded to Enhanced Messaging Service
(EMS) and saw some added features while the latest upgrade
to Multimedia Messaging Service (MMS) added support for
multimedia objects and seamless integration with email
gateways that enabled users to send content rich emails using
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 246

Proceedings of ICCNS 08 , 27-28 September 2008
the MMS service. In India, more than 10 million (10,734,555)
pictures and video messaging (MMS) were sent per week — a
year on year growth of 30 percent [1].
Furthermore, technologies such as “push e-mail” and
always-on connections added convenience and powerful
communications capabilities to mobile devices. Push e-mail
provided users with instant email notification and download
capability, where when a new e-mail arrives; it is instantly and
actively transferred by the mail server to the email client, in
this case, the mobile phone. This in turn made the mobile
phone an email storage and transfer tool.
Roughly 40% of all Internet users worldwide currently have
mobile Internet access. The number of mobile Internet users
will reach 546 million in 2008, nearly twice as many as in
2006, and is forecast to surpass 1.5 billion worldwide in 2012.
Among mobile Internet users, the most popular online
activities are searching the Web, accessing news and sports
information, downloading music, videos, and ringtones, using
instant messaging, and using Internet email. By 2012,
downloading music, videos, and ringtones will become the
number one activity among mobile Internet users worldwide
[5].
C. Use of mobile phones in online transactions
Wireless Application Protocol (WAP) enabled the use of
mobile phones in online transactions. Technologies such as
digital wallets (E-Wallet) added convenience to online
transactions using a mobile phone. Further enhancements in
connectivity and security of mobile devices and networks
enabled mobile phones to be used securely to conduct
transactions such as stock trading, online shopping, mobile
banking [5] and hotel reservations and check-in [6] and flight
reservations and confirmation [7]. As part of development of
mobile systems [6, 7], the novel idea of mobile forensics came
to our mind and so this research paper is a milestone to
achieve the same objectives.
D. Law enforcement, criminals and mobile phone devices
The gap between law enforcement and organised crime is
still considerable when it comes to the utilisation of mobile
phone technologies. Mobile phones and pagers were used in
the early 1980s by criminal organisations as a tool to evade
capture as well as a means to facilitate everyday operations.
Ironically, while it took decades to convince legitimate
businesses that mobile connectivity can improve their
operations, just about every person involved at any level of
crime already knew in the early 1980s that mobile phones can
provide a substantial return on investment [8].
On the other hand, law enforcement and digital forensics still lag
behind when it comes to dealing with digital evidence obtained from
mobile devices. This is partly due to some of the following reasons
[9]:
• The mobility aspect of the device requires specialized
interfaces, storage media and hardware
• The file system residing in volatile memory versus
stand alone hard disk drives
• Hibernation behaviour in which processes are
suspended when the device powered off or idle but at
the same time, remaining active
• The diverse variety of embedded operating systems
in use today
• The short product cycles for new devices and their
respective operating systems
• These differences make it important to distinguish
between mobile phone and computer forensics.
II. COMPUTER FORENSICS V/S MOBILE PHONE FORENSICS
The following sections of the paper compare computer and
mobile forensics in the following aspects:
• Reproducibility of evidence in the case of dead
forensic analysis
• Connectivity options and their impact on dead and
live forensic analysis
• Operating Systems (OS) and File Systems (FS)
• Hardware
• Forensic Tools and Toolkits Available
A. Reproducibility of evidence in the case of dead forensic
analysis
Digital investigations can involve dead and/or live analysis
techniques. In dead forensic analysis, the target device is
powered off and an image of the entire hard disk is made. A
one-way-hash function is then used to compute a value for
both, the entire contents of the original hard disk and the
forensically acquired image of the entire hard disk. If the two
values match, it means that the image acquired represents a
bit-wise copy of the entire hard disk. After that, the acquired
image is analysed in a lab using a trusted OS and sound
forensic applications. This process is referred to as offline
forensic analysis or offline forensic inspection.
One of the key differences between traditional computer
forensics and mobile phone forensics is the reproducibility of
evidence in the case of dead forensic analysis. This is due to
the nature of mobile phone devices being constantly active
and updating information on their memory. One of the causes
of that is the device clock on mobile phones which constantly
changes and by doing so alters the data on the memory of that
device. This causes the data on the mobile device to
continuously change and therefore causing the forensic hash
produced from it to generate a different value every time the
function is run on the device’s memory [9]. This means that it
will be impossible to attain a bit-wise copy over the entire
contents of a mobile phone's memory.
B. Connectivity options and their impact on dead and live
forensic analysis
Live forensic analysis in this context refers to online
analysis verses offline analysis. Online analysis means that the
system is not taken offline neither physically nor logically
[10]. Connectivity options refer to the ways in which a system
or device is connected to the outside world be it a wired or
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 247

Proceedings of ICCNS 08 , 27-28 September 2008
wireless connection. Even though built-in connectivity options
for computers are limited when compared to the increasingly
developing connectivity options on mobile phone devices,
connectivity options are addressed in both live and dead
computer forensics. On the other hand, live analysis is not
even heard of yet when it comes to mobile phone handset
forensics.
C. Operating Systems and File Systems
Computer forensic investigators are very familiar with
computer operating systems and are comfortable working with
computer file systems but they are still not as familiar with
working with the wide range of mobile OS and FS varieties.
One of the main issues facing mobile forensics is the
availability of proprietary OS versions in the market. Some of
these OS versions are developed by well known
manufacturers such as Nokia and Samsung while some are
developed by little known Chinese, Korean and other regional
manufacturers. Mobile phone operating systems are generally
closed source with the exception of Linux based mobile
phones. This makes developing forensics tools and testing
them an onus task. Moreover, mobile phone manufacturers,
OS developers and even forensic tool developers are reluctant
to release information about the inner workings of their codes
as they regard their source code as a trade secret.
Another issue with mobile OS and FS when compared to
computers is the states of operation. While computers can be
clearly switched on or off, the same can not be said about
some mobile phone devices. This is especially true for mobile
phones stemming from a PDA heritage where the device
remains active even when it is turned off. Therefore, back-toback
dead forensic acquisitions of the same device will
generate different hash values each time it is acquired even
though the device is turned off [11].
A key difference between computers and mobile phones is
the data storage medium. Volatile memory is used to store
user data in mobile phones while computers use non-volatile
hard disk drives as a storage medium. In mobile phones, this
means that if the mobile phone is disconnected from a power
source and the internal battery is depleted, user data can be
lost. On the contrary, with non-volatile drives, even if the
power source is disconnected, user data is still saved on the
hard disk surface and faces no risk of deletion due to the lack
of a power source. From a forensics point of view, evidence
on the mobile phone device can be lost if power is not
maintained on it. This means that investigators must insure
that the mobile device will have a power supply attached to it
to make sure data on the device is maintained.
One of the drawbacks currently facing mobile OS and FS
forensic development is the extremely short OS release cycles.
Symbian, a well known developer of mobile phone operating
systems is a prime example of the short life cycle of each of
its OS releases. Symbian produces a major release every
twelve months or less with minor releases coming in between
those major releases [12]. This short release cycle makes
timely development, testing and release of forensic tools and
updates that deal with the newer OS releases difficult to
achieve.
D. Hardware
Mobile phones are portable devices that are made for a
specific function rather than computers which are made for a
more general application. Therefore, mobile phone hardware
architecture is built with mobility, extended battery life,
simple functionality and light weightiness in mind. This
makes the general characteristics of a mobile phone very
different from a computer in the way it stores the OS, how its
processor behaves and how it handles its internal and external
memory.
The hardware architecture of a typical mobile phone usually
consists of a microprocessor, main board, Read Only Memory
(ROM), Random Access Memory (RAM), a radio module or
antenna , a digital signal processor, a display unit, a
microphone and speaker, an input interface device (i.e.,
keypad, keyboard, or touch screen) and a battery. The OS
usually resides in ROM while RAM is generally used to store
other data such as user data and general user modifiable
settings. The ROM may be re-flashed and updated by the user
of the phone by downloading a file from a web site and
executing it on a personal computer that is connected to the
phone device.
This general architecture does not apply to all models of
mobile phones as mobile phones are very diverse in hardware
architecture and OS varieties [13]. Some mobile devices might
contain additional devices and modules such as a digital
camera, Global Positioning device (GPS), wireless and
network modules, and even a small hard disk. Manufacturers
highly customize operating systems to suit their hardware
devices and the feature sets they want to support on them [14].
This means that a certain version of an OS on a certain
manufacturer’s phone model does not mean that the same
version of the same OS on a different manufacturer’s
hardware will be exactly the same. This is true also for on the
same manufacturer’s phones with different hardware
architectures. Moreover, ROM updates are not only OS
specific but are also hardware specific. Also, some phone
providers add functionality and customization options to their
ROMs which mean that the same version phone of a phone
purchased from two different providers might not be exactly
the same.
Proprietary hardware is another issue facing mobile phone
forensics. Support for such devices is not available from
mobile forensics tools. About 16% of mobile phones in the
market today come from proprietary manufacturers and are
not supported by forensic tools [15]. Moreover, some
manufacturers produce mobile phones that have no interfaces
that are accessible through a computer. This makes
forensically acquiring those mobile phones harder to achieve
if not impossible.
The wide array of connection socket and cable types for
connecting a mobile phone to a computer makes identifying
the right cable for the right phone model an onus task for the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 248

Proceedings of ICCNS 08 , 27-28 September 2008
forensic investigator. Phone chargers also come in different
shapes, sizes and socket types and make identifying the right
charger for the right model a hard task for the investigator.
Short product cycles also contribute to the difficulty in dealing
with mobile phones forensically. Support for newer models by
forensic tools is usually slow. The following section discusses
in more detail some of the mobile forensic tools and their
features and drawbacks when compared to computer based
forensic tools.
E. Forensic Tools and Toolkits Available
Early mobile phones did not have the capacity to store large
amounts of information so law enforcement officers did not
need to access mobile phone handsets to get information on a
suspect. The focus was more on phone records from the
telecommunications companies. Nowadays, mobile phones
have large storage capacity and a wide array of applications
and connectivity options besides connectivity with the
telecommunications provider. Mobile phone forensic tools
and toolkits are still immature in dealing with these advances
in mobile phone technology. Mobile forensic toolkits are
developed by third party companies and the toolkits are not
independently verified or tested for forensic soundness. The
developers of the toolkits admit to using both, manufacturer
supplied and self developed commands and access methods to
gain data access to memory on mobile devices [16]. The tools
often limit themselves to one or more phone manufacturer
handsets with a limited number of devices supported. Some of
the tools are also limited when it comes to connectivity
options when it comes to acquisition of data from the handset.
For example, some tools are limited to wired connections as
opposed to Infrared (IrDA) and Bluetooth access to data on
mobile devices. Moreover, while some toolkits provide
acquisition capabilities, they do not provide examination or
reporting facilities [17]. Moreover, direct access to data on the
mobile phone is not achievable. Phone software and/or
hardware must be used to acquire data from the mobile
phone’s memory as shown in Figure 2.
Fig. 2 Indirect Access to Data in Mobile phone memory via software
and hardware commands and methods [16]
This inherent difference between computer forensics and
mobile phone forensics effects how data acquired from mobile
phones is perceived. To make this data trustable, independent
evaluation of mobile forensic tools has to become an integral
part of their development.The only currently available tools
evaluation document for mobile phone forensics is published
by the National Institute of Standards and Technology (NIST)
in the United States [9]. The document evaluated eight mobile
phone forensic toolkits. It covered a range of devices from
basic to smart phones. It showed that none of forensic toolkits
supported all the mobile phone devices covered in the
document. The document however limited its scope to a set of
scenarios with a definite set of prescribed activities that were
used to gauge the capabilities of each of the eight toolkits
evaluated. The document also tested the toolkits in one set of
conditions which was a virtual machine installed on a
windows machine. This insured toolkit segregation and ruled
out the possibility of conflicts amongst the tools [13].
III. MOBILE PHONE AS DATA EVIDENCE
This section of the paper will highlight some forensic
definitions, principles and best practice guidelines and how
they address mobile phone forensics issues. It will also discuss
some of the forensic guides that cover mobile phone forensics
and mention their shortcomings.
A. Definition of Digital Evidence
According to the Scientific Working Group on Digital
Evidence (SWGDE), Digital Evidence [18] is “information of
probative value that is stored or transmitted in binary form”.
Therefore, according to this definition, evidence is not only
limited to that found on computers but may also extend to
include evidence on digital devices such as telecommunication
or electronic multimedia devices. Furthermore, digital
evidence is not only limited to traditional computer crimes
such as hacking and intrusion, but also extends to include
every crime category in which digital evidence can be found
[19]. However, the Australian Standards HB171 document
titled “Guidelines for the Management of IT Evidence” refers
to IT Evidence as: “any information, whether subject to
human intervention or otherwise, that has been extracted from
a computer. IT evidence must be in a human readable form or
able to be interpreted by persons who are skilled in the
representation of such information with the assistance of a
computer program”. This definition is lacking as it does not
address evidence on digital devices other than a computer
[19]. The latter definition shows that not all digital evidence
definitions or procedures related to them are updated to
address mobile phone evidence. Even the Information
Technology Act 2000 (No. 21 of 2000) is not updated to
include information about mobile phone evidence [30]. This
fact again can be clearly highlighted in view of two big
criminal cases [31, 32] in India which involved mobile phone
evidence. The following section of the paper will cover some
of these definitions and procedures and highlight their
shortcomings.
B. Principles of Electronic Evidence
According to the United Kingdom’s Association of Chief
Police Officers (ACPO) Good Practice Guide for Computer
based Electronic Evidence, Four principles are involved with
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 249

Proceedings of ICCNS 08 , 27-28 September 2008
Computer-Based Electronic Evidence [20]. They are:
• Principle 1: No action taken by law enforcement
agencies or their agents should change data held on a
computer or storage media which may subsequently
be relied upon in court.
• Principle 2: In exceptional circumstances, where a
person finds it necessary to access original data held
on a computer or on storage media, that person must
be competent to do so and be able to give evidence
explaining the relevance and the implications of their
actions.
• Principle 3: An audit trail or other record of all
processes applied to computer based electronic
evidence should be created and preserved. An
independent third party should be able to examine
those processes and achieve the same result.
• Principle 4: The person in charge of the investigation
(the case officer) has overall responsibility for
ensuring that the law and these principles are adhered
to.
ACPO’s guide regards computer based electronic evidence
as no different from documentary evidence and as such is
subject to the same rules and laws that apply to documentary
evidence [20]. The ACPO guide also recognized that not all
electronic evidence can fall into the scope of its guide and
gave an example of mobile phone evidence as evidence that
might not follow the guide. It also mentioned that not
following the guide does not necessarily mean that the
evidence collected is not considered as viable evidence.
However, Principle 1 of the ACPO guide can not be
complied with when it comes to mobile phone forensics. This
is because mobile phone storage is continually changing and
that may happen automatically without interference from the
mobile user [11]. Thus, the goal with mobile phone
acquisition should be to affect the contents of the storage of
the mobile as less as possible and adhere to the second and
third principles that focus more on the competence of the
specialist and the generation of a detailed audit trail [11]. In
adhering with Principle 2, the specialist must be competent
enough to understand both the internals of both hardware and
software of the specific mobile device they are dealing with as
well as have an expert knowledge of the tools they are using
to acquire evidence from the device.
More than one tool is recommended to be used when
acquiring evidence from mobile phone as some tools do not
return error messages when they fail in a particular task [11].
When it comes to adhering with Principle 3, providing a
thorough record of all processes used to obtain the evidence in
a way that can be duplicated by an independent third party is
essential in order for the evidence gathered to be admissible in
court.
When it comes to the recovery of digital Evidence, “The
Guidelines for Best Practice in the Forensic Examination of
Digital Technology” publication by the <strong>International</strong>
Organization on Computer Evidence (IOCE) considers the
following as the General Principles Applying to the Recovery
of Digital Evidence [21]:
i. The general rules of evidence should be applied to all
digital evidence.
ii. Upon seizing digital evidence, actions taken should
not change that evidence.
iii. When it is necessary for a person to access original
digital evidence that person should be suitably
trained for the purpose.
iv. All activity relating to the seizure, access, storage or
transfer of digital evidence must be fully
documented, preserved and available for review.
v. An individual is responsible for all actions taken with
respect to digital evidence whilst the digital evidence
is in their possession.
As with the ACPO principles, principle B can not be strictly
applied to evidence recovered from Smartphone devices
because of their dynamic nature. Furthermore, mobile phone
acquisition tools that claim to be forensically sound do not
directly access the phone’s memory but rather use commands
provided by the phone’s software and/or hardware interfaces
for memory access and thus rely on the forensic soundness of
such software or hardware access methods [16]. Therefore,
when using such tools, the ability to extract that information
in a manner that will not significantly change the mobile
phone’s memory is not verifiable.
C. Mobile Phone Evidence Guides
There are a number of guides that briefly mention potential
evidence on mobile phone devices. In this section, some of
these guides will be highlighted and their shortcomings
explained. The Best Practices for Seizing Electronic Evidence
published by the United States Secret Service (USSS) referred
to mobile phones as “Wireless Telephones” under the “Other
Electronic Storage Devices” heading [22]. The National
Institute of Justice (NIJ), which is under the United States
Department of Justice lists mobile phones under the heading
of “Telephones” in their “Electronic Crime Scene
Investigation: A guide for First Responders” publication [23].
Both of the guides do not provide sufficient details on how to
forensically approach smart phones. This might be in part
because these guides are outdated. Both guides however
mention that mobile phones might have some potential
evidence on them. The extent of the coverage is very limited
and does not address smart phone storage capabilities and
applications on them. The USSS document also lists a set of
rules on whether to turn on or off the device [22]:
• If the device is "ON", do NOT turn it "OFF".
• Turning it "OFF" could activate lockout
feature.
• Write down all information on display
(photograph if possible).
• Power down prior to transport (take any
power supply cords present).
• If the device is "OFF", leave it "OFF".
• Turning it on could alter evidence on device
(same as computers).
• Upon seizure get it to an expert as soon as
possible or contact local service provider.
• If an expert is unavailable, USE A
DIFFERENT TELEPHONE and contact 1-
800-LAWBUST (a 24 x 7 service provided
by the cellular telephone industry).
• Make every effort to locate any instruction
manuals pertaining to the device.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 250

Proceedings of ICCNS 08 , 27-28 September 2008
On the other hand, the NIJ guide for first responders lists
the following as potential evidence [23]: Appointment
calendars/information., password, caller identification
information, phone book, electronic serial number, text
messages, e-mail, voice mail, memos, and web browsers. The
guide however failed to mention that mobile devices could
have external storage attached to them even though it
mentioned that other equipment such as fax machines may
contain such external storage devices. It did however
emphasize that miscellaneous electronic items such as cellular
phone cables and cloning equipment may contain information
of evidentiary value.
Both guides fail to mention that mobile phones could have
electronic documents, handwriting information, or location
information on them. The guides also fail to mention that
phone based applications such as Symbian, Mobile Linux and
Windows Mobile applications could have evidential
significances. Both, Symbian and Windows Mobile based
phones were found to execute malicious code such as Trojans
and viruses especially ones transferred via Bluetooth
technology [16, 24]. Non malicious applications on mobile
phones could also be considered as evidence as they might be
used to conduct illegal activities or can have log files or data
that can be considered as evidence. Therefore all phone
applications and data related to them should be considered as
potential evidence. This includes logs relating Bluetooth,
Infrared (IrDA), Wi-Max and Wi-Fi communications and
Internet related data such as instant messaging data and
browser history data. Java applications should also be
considered as evidence as many mobile phone operating
systems support a version of Java [16].
When it comes to handling instructions for mobile phones,
the United Kingdom’s Association of Chief Police Officers
(ACPO) Good Practice Guide for Computer based Electronic
Evidence lists the following instructions [25]:
• Handling of mobile phones:
• Any interaction with the handset on a mobile phone
could result in loss of evidence and it is important not
to interrogate the handset or SIM.
• Before handling, decide if any other evidence is
required from the phone (such as
DNA/fingerprints/drugs/accelerants). If evidence in
addition to electronic data is required, follow the
general handling procedures for that evidence type
laid out in the Scenes of Crime Handbook or contact
the scenes of crime officer.
• General advice is to switch the handset OFF due to
the potential for loss of data if the battery fails or new
network traffic overwrites call logs or recoverable
deleted areas (e.g. SMS); there is also potential for
sabotage. However, investigating officers (OIC) may
require the phone to remain on for monitoring
purposes while live enquiries continue. If this is the
case, ensure the unit is kept charged and not
tampered with. In all events, power down the unit
prior to transport.
Note that the on/off rules here initially conflict with the
USSS guide but both guides agree to turn off the device
before transport. The ACPO guide contains flowcharts when it
comes to seizure of electronic evidence and PDAs which may
not be applied to mobile phone devices. The charts are
included in the Appendix section as a reference only. An
updated chart for examining mobile phones by NSLEC in the
U.K. contains references to the appropriate action to be taken
when seizing a mobile phone and whether it was turned on or
off when it was seized [26]. The chart is in no way allinclusive
as it refers to only three types of evidence from
mobile phones and they are SMS messages, voicemail and
address book/call history details. The guidelines and
procedures need to be continually updated to cater for future
trends in mobile phones. Some of these trends are mentioned
in the next section.
IV. FUTURE TRENDS
Future trends in mobile phone devices and their
components can be divided to processor speed and
components, battery types and technologies affecting them,
and finally, memory and storage capacities. All of these
components and their developments may have an impact on
mobile device forensics.
A. Processor Components and Speed
Intel has already demonstrated a 1GHz processor for mobile
devices [14]. In addition to this high processing speed, smart
mobile phone devices are showing the trend of using System
on Chip (SoC) technology. This technology allows the
processor to incorporate a set of distinct functionalities in the
same package which reduces the number of chips required by
it as well as incorporating a considerable amount of built-in
memory [13]. This change in processor architecture may have
an undesirable impact on mobile forensics.
B. Battery Life
Mobile phones typically use three types of batteries: NiMH
(nickel metal hydride), Li-ion (lithium-ion), and Li-polymer.
Toshiba announced that it will be releasing a lithium-ion
battery technology that will allow batteries to recharge sixty
times faster than conventional batteries which means that it
will take about a minute for a battery to go from drained to an
80% charge [27]. Other battery types such as fuel cell
batteries have emerged but are not yet available in mass
production. Wireless communications such as the use of Wi-
Fi, Wi-Max, and Bluetooth will drain batteries much more
rapidly than simple computing tasks and this will present
battery manufacturers with more challenges as these
communication and connectivity options are becoming more
natively integrated into today’s smart phones. Battery life can
have a huge impact on a mobile forensic investigation as
volatile data can be lost if the battery is drained.
C. Memory and Storage
Mobile phone's OS and applications are smaller in size than
computer based OS and applications. Therefore, it makes
more sense to store them in RAM, ROM or flash memory.
Current high end mobile phones may have 64 to 128 MB of
static RAM for application code, 128 to 256 MB of flash
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 251

Proceedings of ICCNS 08 , 27-28 September 2008
memory for system code, and more than 128 MB of flash
memory for user data [14]. The amount of RAM, ROM or
flash memory is on the rise which means also that data access
and transfer rates to support them will improve.
Advances in technologies and circuitry enabled external
memory support to become main stream in higher end mobile
phones. The physical sizes of such devices is declining while
their storage capacities rising. The reduction of size has also
made these devices very fragile and easily concealable by
evildoers. Moreover, some mobile phones support the
swapping of external storage memory in and out without
turning off the mobile device or taking out the battery cover.
Auditing such devices on the mobile OS level must be
addressed for mobile forensic reasons.
V. CONCLUDING REMARKS
With increased connectivity options and higher storage
capacities and processing power, abuse of mobile phones can
become more main stream. Mobile phones outsell personal
computers and with digital crime rates rising, the mobile
phone may be the next avenue for abuse for digital crime.
Mobile phones with their increased connectivity options may
become a source of viruses that infect computers and spread
on the internet. Virus writers typically look for operating
systems that are widely used. This is because they want their
attacks to have the most impact. When it comes to mobile
phones and their operating systems, there seems to be certain
operating systems that are dominating the market which
makes them a prime candidate for attacks. According to recent
studies, phone virus and malware infection rates are expected
to increase with newer smart phones [28, 29].
Mobile phone technology is evolving at a rapid pace.
Digital forensics relating to mobile devices seems to be at a
stand still or evolving slowly. For mobile phone forensics to
catch up with release cycles of mobile phones, more
comprehensive and in depth framework for evaluating mobile
forensic toolkits should be developed and data on appropriate
tools and techniques for each type of phone should be made
available a timely manner.
REFERENCES
[1] Paul Doran, MDA (2008). 2008- the year of mobile customers, URL,
http://www.themda.org/documents/PressReleases/General/_MD
A_future_of_mobile_press_release_Nov07.pdf (Accessed in
August 18, 2008).
[2] Canalys (2007). Smart mobile device shipments hit 118 million in 2007,
up 53% on 2006, URL,
http://www.canalys.com/pr/2008/r2008021.htm, (Accessed in
August 18, 2008).
[3] Aljazeera (2005). Phone Dealers in al-Hariri Probe Net, URL,
http://english.aljazeera.net/archive/2005/09/2008410145581139
28.html, (Accessed in August 18, 2008).
[4] Westtek (2008). ClearVue Suite, URL,
http://www.westtek.com/smartphone/, (Accessed in August 18,
2008).
[5] Alex Manfrediz (2008). IDC Press Release. IDC Finds More of the
World's Population Connecting to the Internet in New Ways and
Embracing Web 2.0 Activities, URL,
http://www.idc.com/getdoc.jspcontainerId=prUS21303808,
(Accessed in August 18, 2008).
[6] FoneKey (2008). URL, www.FoneKey.net,
http://www.youtube.com/watchv=qW8MdpZFKUY,
http://www.youtube.com/watchv=BqJiNvQ3xp8,
http://www.youtube.com/watchv=9eAKvCKanH0, (Accessed in
August 18, 2008).
[7] Ducell (2008). URL, www.DuCell.org, (Accessed in August 18, 2008).
[8] Mock, D (2002). Wireless Advances the Criminal Enterprise, URL,
http://www.thefeaturearchives.com/topic/Technology/Wireless_
Advances_the_Criminal_Enterprise.html, (Accessed in August 18,
2008).
[9] Ayers, R., Jansen, W., Cilleros, N., & Daniellou, R. (2007). Cell Phone
Forensic Tools: An Overview and Analysis, URL,
http://csrc.nist.gov/publications/nistir/nistir-7250.pdf, (Accessed
in August 18, 2008).
[10] Carrier, B. D. (2006). Risks of Live Digital Forensic Analysis.
Communications of the ACM, 49(2), 56-61. URL,
http://portal.acm.org/citation.cfmid=1113034.1113069&coll=G
UIDE&dl=GUIDE, (Accessed in August 18, 2008).
[11] Jansen, W., & Ayers, R. (2004). Guidelines on PDA Forensics, URL,
http://csrc.nist.gov/publications/nistir/nistir-7100-
PDAForensics.pdf, (Accessed in August 18, 2008).
[12] Symbian (2008). History, URL,
http://www.symbian.com/about/overview/history/history.html,
(Accessed in August 18, 2008).
[13] Jansen, W., & Ayers, R. (2006). Guidelines on Cell Phone Forensics,
URL, http://csrc.nist.gov/publications/nistpubs/800-101/SP800-
101.pdf, (Accessed in August 18, 2008).
[14] Zheng, P., & Ni, L. M. (2006). The Rise of the Smart Phone. IEEE
Distributed Systems Online, 7(3), art. no. 0603-o3003.
[15] Espiner, T. (2006). Mobile Phone Forensics 'Hole' Reported, URL,
http://news.zdnet.co.uk/hardware/0,1000000091,39277347,00.ht
m, (Accessed in August 18, 2008).
[16] McCarthy, P. (2005). Forensic Analysis of Mobile Phones. Unpublished
Bachelor of Computer and Information Science (Honours) Degree,
University of South Australia, Adelaide.
[17] Jansen, W. (2005). Mobile Device Forensic Software Tools. Paper
presented at the Techno Forensics 2005, Gaithersburg, MD, USA.
[18] SWGDE. (2006). SWGDE and SWGIT Digital & Multimedia Evidence
Glossary, URL,
http://www.swgde.org/documents/swgde2005/SWGDE%20and%20SW
GIT%20Combined%20Master%20Glossary%20of%20Terms%20-
July%2020..pdf, (Accessed in August 18, 2008).
[19] Ghosh, A. (2004). Guidelines for the Management of IT Evidence, URL,
http://unpan1.un.org/intradoc/groups/public/documents/APCIT
Y/UNPAN016411.pdf, (Accessed in August 18, 2008).
[20] ACPO. (2003). Good Practice Guide for Computer based Electronic
Evidence, URL,
http://www.acpo.police.uk/asp/policies/Data/gpg_computer_based_evid
ence_v3.pdf, (Accessed in August 18, 2008).
[21] IOCE. (2002). Best Practice Guidelines for Examination of Digital
Evidence, URL,
http://www.ioce.org/2002/Guidelines%20for%20Best%20Practices%20i
n%20Examination%20of%20Digital%20Evid.pdf, (Accessed in August
18, 2008).
[22] USSS. (2006). Best Practices for Seizing Electronic Evidence, URL,
http://www.ustreas.gov/usss/electronic_evidence.shtml,
(Accessed in August 18, 2008).
[23] NIJ. (2001). Electronic Crime Scene Investigation: A Guide for First
Responders, URL,
http://www.ncjrs.gov/pdffiles1/nij/187736.pdf, (Accessed in
August 18, 2008).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 252

Proceedings of ICCNS 08 , 27-28 September 2008
[24] Keizer, G. (2006). First Mobile Phone Java Trojan on the Loose, URL,
http://www.crn.com.au/story.aspxCIID=35467&r=rstory,
(Accessed in August 18, 2008).
[25] CCIPS. (2002). Searching and Seizing Computers and Related
Electronic Evidence Issues, URL,
http://www.usdoj.gov/criminal/cybercrime/searching.html,
(Accessed in August 18, 2008).
[26] Mellars, B. (2004). Forensic Examination of Moblie Phones. Digital
Investigation: The <strong>International</strong> Journal of Digital Forensics & Incident
Response, 1(4), 266-272.
[27] Becker, D. (2005). Toshiba Reports Battery Breakthrough, URL,
http://news.com.com/2061-10786_3-5649141.htmltag=nl,
(Accessed in August 18, 2008).
[28] Long, M. (2005). Airborne Viruses: Real Threat or Just Hype, URL,
http://www.newsfactor.com/story.xhtmlstory_id=12100002P4
HM, (Accessed in August 18, 2008).
[29] McAfee Mobile Security Report (2008). URL,
http://www.mcafee.com/mobile, (Accessed in August 18, 2008).
[30] The Information Technology Act 2000, India (2000). URL,
http://www.legalserviceindia.com/cyber/itact.html, (Accessed in
August 18, 2008).
[31] Yahoo News India (2008). The Arushi Murder Case: CBI says it has
found the evidence. URL,
http://in.news.yahoo.com/32/20080731/1053/tnl-aarushi-casecbi-says-it-has-found-e_1.html,
(Accessed in August 18, 2008).
[32] Helplinelaw (2007). Pramod Mahajan Murder Trial: SMS cannot be
valid evidence, says defence. URL,
http://news.helplinelaw.com/1207/echo12.php, (Accessed in
August 18, 2008).
[33] India-cellular (2008). http://www.india-cellular.com/Market-
Share.html (Accessed in August 18, 2008).
[34] IndustryWeek (2008). India hits #2 spot in Cellphone market. URL,
http://www.industryweek.com/ReadArticle.aspxArticleID=162
18 (Accessed in August 18, 2008).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 253

ICCNS 08
Cryptography
&
Cryptographic
Protocols

Implementation of Cryptography
using VLSI Technology
to improve Data Security with High Flexibility
Ms. Sheetal N.Raut 1 Mrs.Smita R. Desai 2 Dr.P.M.Patil 3
1,3 Vishwakarma Instt of Technology, Pune, Bibewadi, Pune, 1 sheetal_v80@yahoo.com, 3 hodelex@vit.edu
2 DYPIET, Pune, smita_rdesai@yahoo.co.in
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract -In cryptography basics symmetric and asymmetric
encryption techniques are described with public and private
keys, which based on the DES (Data Encryption Standard)
algorithm. In this paper we have presented a cryptography
algorithm, which uses the four different encryption techniques.
This encryption technique sequentially operates on the
information data stream in different time slots and transmits
the information data serially using the digital transmitter. In
the receiver symmetric algorithm is used in synchronous.
This data security system is implemented through
VLSI technology using web pack project navigator ISE5.1i-pc
in which coding is done through VHDL language. This reduces
the total hardware of the system and as it is single chip solution
leading to high speed and accuracy with compact size and
reduced cost. The developed chip can be used for military and
police wireless communication system.
Keywords – Cryptography, DES algorithm, Data security
system, Encryption technique
I. INTRODUCTION
The dictionary defines cryptography as hidden
writing. It has been around for a very long time. The
Ancient Egyptians, the Arabs and the Romans developed
their own systems.
Cryptography is used whenever someone want to
send a secret message to someone else, in a situation where
anyone might be able to get hold of the message and read it
[1]. It is often used by military. The most famous encryption
machine invented was the Enigma, used in the Second
World War to send military messages [1,2]. With the need
for information security in today's digital systems both acute
and growing, cryptography has become one of their critical
components. Cryptographic services are required across a
variety of platforms in a wide range of applications such as
secure access to private networks, communication in
military and police application, stored value, electronic
commerce, and health care [8,12,18]. Incorporating these
services into solutions presents an ongoing challenge to
manufacturers, systems integrators, and service providers
because applications must meet the market requirements of
mobility, performance, convenience, and cost containment.
This paper focuses on implementing cryptographic
services on the information signal that is to be transmitted
through air, explaining how the implemented cryptography
can not only significantly reduce the cost of overall system,
but also improves the data security and increases the data bit
transfer rate[4].
This paper focuses on implementing cryptographic
services on the information signal that is to be transmitted
through air, explaining how the implemented cryptography
can not only significantly reduce the cost of overall system,
but also improves the data security and increases the data
bit transfer rate.
II. SYSTEM DESIGN
The block diagram of the encryptor and decryptor
is as shown in fig 1. The main consideration that was taken
into account was compactness, high speed, less time to
market and high cost to performance ratio. The software
used for the development of VLSI application are free as
they are IEEE standard i.e. platform independent.
Information Data
Switches
Selection
Fig. 1.Block diagram of encryptor and decryptor
The cryptography technique implemented has the
flexibility of changing the encryption technique if found to
be hacked or intermediate data loss.
A. Encryptor
Encryptor
Mode
Selection
Receiver
Parallel
To Serial
Convertor
Serial To
Parellel
Convertor
Mode Selection
Isolator
Digital
Transmitter
Decryptor
Isolator
The technique designed and developed to encrypt
the data stream is as shown diagrammatically in Fig. 2.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 254

Proceedings of ICCNS 08 , 27-28 September 2008
8 bit data packet + 2 bit header
0 0 0 0 1 1 1 1 0 0
Invertion for Header Bits 00
+
1 1 1 1 0 0 0 0
Fig. 2 Encrypted data stream
The individual data stream is encrypted by 4
different techniques specified by the header in a sequential
manner. For e.g. If the header bit pattern is 00 it indicates
inversion of the 8 bit data, 01 indicates the adding of 8 bit
key to the 8 bit data[8 bit data + 8 bit key],10 means
subtracting the 8 bit key from the 8 bit data and 11 means
inverting and adding of 8 bit key to it.
B. Decryptor
In decryption from received data bit stream the
header are extracted and compared in its control unit.
Depending upon the bit pattern appropriate decryption
technique is applied. These decryption technique are exactly
in reverse manner to the encryption technique i.e. for 00
header bits it again inverts the 8 bit data bits to get original
data, for 01 header bits it subtracts the 8 bit key from the
encrypted 8 bit data, for 10 it adds the 8 bit key to 8 bit
encrypted data bit, for 11 it subtracts and inverts the
encrypted received data bit.
For the encryptor and decryptor technique coding
is dine through VHDL using structural style of
modeling[3,19]. The entire system is clock synchronized
and operates in the range of Giga Hertz. For implementing
this code Spartan II e FPGA chip is used.
Fig. 3 RTL code in webpack navigator
The simulated results using modelsim are shown in
Fig. 4 and 5 for encryption and decryption respectively.
III. SYNTHESIS AND SIMULATION
The RTL code was implemented for the encryptor
and decryptor. The code was synthesized in XILINX Tool
and the results are simulated in Modelsim xilinx edition II v
5.6a.The generated hardware is viewed in Leonardo
Spectrum Exemplar.
Fig. 3 shows the RTL coding which is successfully
synthesized in project navigator.
Fig.4 Encrypted signal Shown in modelsim
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 255

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 5 Simulated results for Decryptor
Fig. 6 shows the forced values applied for getting the
functional simulation of the encryptor and decryptor
modules [22].
IV. CONCLUSION
The cryptography technique designed and implemented uses
the basics of DES algorithms but in cyclic mode with
different encryption methods This makes the whole system
more secure and flexible. The whole system is a single chip
solution which reduces the total cost and size of the system
and maintaining high speed transmission. It is the best
candidate for application in military and police wireless
communication system.
Fig. 6 Forced values for simulation
REFERENCES
[1] Coron J.-S.,”What is cryptography”, Security & Privacy, IEEE
Volume 4, Issue 1, Jan.-Feb. 2006 Page(s):70 – 73
[2] Zhi Zhou, Arce G.R., Di Crescenzo, G.”Halftone visual
cryptography”,Image Processing, IEEE Transactions on Volume 15,
Issue 8, Aug. 2006 Page(s):2441 – 2453
[3] Eslami Y., Sheikholeslami A., Gulak P.G.,Masui S., Mukaida K.,”An
area-efficient universal cryptography processor for smart cards”,Very
Large Scale Integration (VLSI)Systems,IEEE Transactions onVolume
14, Issue 1, Jan. 2006 Page(s):43 – 56
[4] Khalifa O.O., Islam M.D.R., Khan S., Shebani M.S.,”Communications
cryptography” RF and Microwave <strong>Conference</strong>, 2004. RFM
2004. Proceedings5-6 Oct. 2004 Page(s):220 – 223
[5] Seredynski F., Bouvry P., Zomaya A.Y.,”Secret key cryptography with
cellular automata “,Parallel and Distributed Processing ymposium,
2003. Proceedings. <strong>International</strong> 22-26 April 2003 Page(s):7 pp.
[6] Narasimha M.,Tsudik G., Jeong Hyun Yi,”On the utility of distributed
cryptography in P2P and MANETs: the case of membership
control”Network Protocols, 2003. Proceedings. 11th IEEE <strong>International</strong>
<strong>Conference</strong> on 4-7 Nov. 2003 Page(s):336 – 345
[7] Weaver A.C.,” Secure Sockets Layer”ComputerVolume 39, Issue 4,
April 2006 Page(s):88 – 90
[8] Zomaya A.Y., Seredynski F., BouvryP.,” Secret key cryptography with
cellular automata” Computer Systems and Applications, 2003. Book
of Abstracts. ACS/IEEE <strong>International</strong> <strong>Conference</strong> on14-18 July 2003
Page(s):80
[9] Ford W., O'Higgins B.,”Public-key cryptography and open systems
interconnection”,Communications Magazine, IEEEVolume 30, Issue
7, July 1992 Page(s):30 – 35
[10] Yih Huang, Rine D., Xunhua Wang., “A JCA-based implementation
framework for threshold cryptography”, Computer Security
Applications <strong>Conference</strong>, 2001. ACSAC 2001. Proceedings 17th
Annual10-14 Dec. 2001 Page(s):85 – 91
[11] Batina L., Mentens N., Sakiyama, K., Preneel B.,Verbauwhede
I.,”Public-Key Cryptography on the Top of a Needle”,Circuits
and Systems, 2007. ISCAS 2007. IEEE <strong>International</strong> Symposium
on 27-30 May 2007 Page(s):1831 – 1834
[12] Ertaul L.,Chavan N.,”Security of ad hoc networks and threshold
cryptography”, Wireless Networks, Communications and Mobile
Computing, 2005 <strong>International</strong> <strong>Conference</strong> onVolume 1, 13-16 June
2005, Page(s):69 - 74 vol.1
[13] Batina L., Guajardo J., Kerins, T., Mentens N., Tuyls P.,
Verbauwhede I., “Public-Key Cryptography for RFID-
Tags”,Pervasive Computing and Communications workshops, 2007.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 256

Proceedings of ICCNS 08 , 27-28 September 2008
PerCom Workshops '07. Fifth Annual IEEE <strong>International</strong>
<strong>Conference</strong> on19-23 March 2007 Page(s):217 - 222
[14] Garfinkel S.L.,”Public key cryptography”,ComputerVolume 29, Issue
6, June 1996 Page(s):101 – 104
[15] “Book Reviews”,Security & Privacy, IEEEVolume 2, Issue 4, Jul-
Aug 2004 Page(s):10 – 10
[16] Smid M.E., Branstad D.K.,”Data Encryption Standard: past and
future”,Proceedings of the IEEEVolume 76, Issue 5, May 1988
Page(s):550 – 559
[17] Jamil T.,”The Rijndael algorithm”,Potentials, IEEEVolume 23, Issue
2, Apr-May 2004 Page(s):36 – 38
[18] de Canniere C.,BiryukovA., Preneel B.,” An introduction to Block
Cipher Cryptanalysis”,Proceedings of the IEEE Volume 94,
Issue 2, Feb. 2006 Page(s):346 - 356
[19] Iliev V., Dlay S.S., McLauchlan M.R., Koelmans A.M., Kinniment
D.J., “Advanced VLSI validated input security device
employing data and hardware validation features”,Computers and
Digital Techniques, IEE Proceedings -Volume 136, Issue 6,
Nov 1989 Page(s):471 - 477
[20] Nalini N., Raghavendra R.G.,”Cryptanalysis of Block Ciphers via
Improved Simulated Annealing Technique”,Information
Technology, 2006. ICIT '06. 9th <strong>International</strong> <strong>Conference</strong> on18-21
Dec. 2006 Page(s):182 - 185
[21] Shahid B., Tauqeer H., Ilyas M.S., “Hardware Implementation of DES
Encryption Cracker”,Engineering Sciences and Technology, 2005.
SCONEST 2005. Student <strong>Conference</strong> on27-27 Aug. 2005 Page(s):1 - 4
[22] Wilson P.R., Brown A.D.,”DES in four days using behavioural
modeling & synthesis”Behavioral Modeling and Simulation
Workshop, 2005. BMAS 2005. Proceedings of the 2005 IEEE
<strong>International</strong>22-23 Sept. 2005 Page(s):82 - 87
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 257

Proceedings of ICCNS 08 , 27-28 September 2008
Abstract
Keywords
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 258

Proceedings of ICCNS 08 , 27-28 September 2008
A. Network Model
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 259

Proceedings of ICCNS 08 , 27-28 September 2008
B. Sensor’s Energy Model
α trans α amp
α recv
d 2
E tx = (α trans + α amp × d 2 ) × r and E rx = α recv × r
r
r
Max Min Min Max Min
EL
EL
EL
EH
E
H
Min
EH
Max Max
EL
EH
Min
Min
EL
EH
Max Max
Min Min
EL
EH
EL
EH
Min Min
EL
EH
Max
EL
Min
EL
Min
EL
Max
EH
Min
EH
Min
EH
Min Min Min Min
EL
EL
EH
EH
A. Assumptions
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 260

Proceedings of ICCNS 08 , 27-28 September 2008
B. Algorithm
I. Processing (i: Level)
cur Min
Ec
m
£ Ei
Max
Call Ei
Max
II. Election (i: Level, c: Cluster, E
i : Threshold value for candidate
nodes)
Mark
cur Max
En
d
Ei
Mark
Add
cur
Broadcast En
f
cur
Receive En
j
Mark
cur
En
j
Set
E
Max
i
E
E
cur
n j
Max
i
Mark
Mark
I) Election at level-1:
"
Min
EL
Cur Min
E
L
£ EL
Max
EL
Max
EL
E
Max
L
E
cur
L
E
cur
L
E
Max
L
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 261

Energy Consumption in Election (in J)
Numberof Rounds
Election at level-2:
E
Max
L
E
Max
H
A. Simulation Environment
s
m
m
Election overhead
Network lifetime
Proceedings of ICCNS 08 , 27-28 September 2008
I) Election overhead
0.04
0.035
0.03
0.025
0.02
0.015
0.01
0.005
0
EEEP
EEMC
0 10 20 30 40 50 60 70 80 90 100
Time (in second)
II) Network Lifetime
1600
1400
1200
1000
800
600
400
200
0
0 50 100 150 200 250 300
Number of Nodes
Flat Scheme
Single Level
Clustering
Two Level
Clustering
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 262

IEEE Communication Magazine
Computer
Magazine
,
Communications of the ACM
Computer Networks: The <strong>International</strong> Jou rnal of Computer
and Telecommunications Networking,
in: Proceedings
Proceedings of ICCNS 08 , 27-28 September 2008
of the Fifth ACM <strong>International</strong> <strong>Conference</strong> on Mobile Computing and
Networking (MOBICOM’99
in:
Proceedings of the Sixth ACM <strong>International</strong> <strong>Conference</strong> on Mobile
Computing and Networking (MOBICOM’00
IEEE Transactions on
Communications
in:
Proceedings of the IEEE
," IEEE Jour. Selected Areas in Communications
ACM Journal of Wireless Networks
in: Proceedings of the IEEE <strong>International</strong>
<strong>Conference</strong> on Communications (ICC’97
IEEE Transactions on Wireless Communications
IEEE Transactions
on Parallel and Distributed Systems
in: Proceedings of the 15th
<strong>International</strong> Parallel and Distributed Processing Symposium
(IPDPS’01)
in: Proceedings of the 16 th <strong>International</strong> Parallel and
Distributed Processing Symposium (IPDPS’02
IEEE Transactions on
Mobile Computing
Computer
Networks- The <strong>International</strong> Journal of Computer and
Telecommunications Networking
In Proceedings of ICC 2001,
,
IEEE Workshop on Signal Processing Systems
(SiPS '00),
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 263

Proceedings of ICCNS 08 , 27-28 September 2008
Cryptanalysis and Security Comparison of Two
Clock Controlled Generators
Ancy S. Anselam, Deepthi .P.P, Sathidevi.P.S
Department of Electronics and Communication Engineering
National Institute of Technology Calicut
Calicut-673601, Kerala, India
ancy_anselam@yahoo.co.in, deepthi@nitc.ac.in, sathi@nitc.ac.in
Abstract --- Security of two most popular Linear Feedback Shift
Register (LFSR) based key stream generators is analysed and
compared in this paper. Alternating Step Generator (ASG) and
Shrinking Generator (SG) are the widely used clock controlled
generators used in stream cipher design. There are a number of attack
methods available in literature for these keystream generators. This
paper identifies the best attack method and gives a quantitative
comparison of security of the two keystream generators in terms of
time for a successful known plain text attack. This comparative
analysis will be highly helpful for the design of very secure LFSR
based stream ciphers.
Keywords --- Alternating step generator, cryptanalysis,
LFSR, shrinking generator.
I. INTRODUCTION
Stream ciphers are the standard form of encryption over
communications channels such as mobile telephone and the
Internet. Stream ciphers operate by breaking a message into
successive characters and encrypting each character with a
time varying function of the key, contrary to block ciphers that
use blocks of message bits and a fixed encryption
transformation. The low hardware complexity and low power
consumption of stream ciphers made them an attractive choice
over block ciphers in various communication devices.
Possibility of real time operation comes as an added advantage
in stream ciphers which make stream cipher based encryption
more popular in multimedia data transmission.
Linear feedback shift registers as maximal length
sequence generators, are commonly used as part of key stream
generators in synchronous stream ciphers due to their good
statistical properties and low implementation costs. Maximal
length sequences are obtained when the feedback polynomial
of the LFSR is primitive. The secret key k is the initial state of
the shift register. The LFSR as such is seldom preferred as a
keystream generator due to its linearity. The clock control
generators (shrinking generator and alternating step generator)
are LFSR based stream cipher schemes where nonlinearity is
introduced by irregularly clocking one or more LFSRs with
one another LFSR without disturbing the randomness
properties.
Several cryptanalytic attacks for both the schemes are
available in literature, but a detailed comparative analysis of
the two schemes has not been done. This work proposes to
compare the alternating step generator and the shrinking
generator in terms of the time taken and amount of bits in the
known keystream required (data) to mount a least complex
attack on the generators. The differences in the attack time and
the data requirement of the two generators are experimentally
supported in the paper. This would give well-defined criteria
to design very secure LFSR based stream ciphers.
II. LFSR BASED STREAM CIPHERS
Linear Feedback Shift Registers are used in many of the
stream ciphers as keystream generators due to easiness in
hardware implementation. They can produce sequences of
large period and good statistical properties. An LFSR of
length L produces maximal length sequence of periodicity 2 L -1
if the feedback polynomial is primitive. The output sequences
of LFSR are easily predictable due to their linearity and hence
are not cryptographically strong. Cryptographically strong
pseudo-random sequences are produced by using one or more
LFSR and combining them with some methods to introduce
non-linearity.
A. Clock Controlled Generator
Clock-controlled shift registers have become popular
building blocks for keystream generators. Schemes with
clock-controlled shift registers are proposed that ensure large
lower bounds on period and linear complexity, and possess no
obvious flaws in statistical behavior.
The basic building blocks that are used for constructing a
keystream generator consists of a control register CR and a
clock-controlled generating register GR[1]. We denote a(i)
and b(i) as the bits generated by CR and GR at instant i, when
regularly clocked. In the clock controlled generator the GR is
clocked depending on the output of CR. The generating
register is clocked based on a nonnegative integer produced at
the output of the control register [1]. The integer a i at time i is
given as
a
i
=
i
∑
k = 1
a( k)
(1)
In general, the output of the keystream generator at time i is
given as
k i
⎛ ⎞
= ⎜∑ = u( i)
b a(
k)
⎟
(2)
⎝ k = 1 ⎠
The output sequence in a clock controlled generator is the
nonlinearly deci
Clock controlled generator is one method to introduce the
nonlinearity in the keystream and to increase the linear
complexity of the keystream. Two efficient and well known
clock controlled generators are shrinking generator and
alternating step generator.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 264

Proceedings of ICCNS 08 , 27-28 September 2008
A.1 Shrinking Generator
The shrinking generator consists of two regularly clocked
binary linear feedback shift registers (LFSRs). Denote these as
LFSR A and LFSR S , as shown in Fig1, and denote the lengths
of these LFSR's as L A and L S respectively. The shrinking
generator output is a "shrunken" version or subsequence of the
output from LFSR A , with the subsequence elements selected
according to the position of 1's in the output sequence of
LFSR S : the keystream sequence ‘z’ consists of those bits of the
sequence ‘a’ for which the corresponding bit of sequence ‘s’ is
1. The other bits of ‘a’, for which the corresponding bit of ‘s’
sequence is 0, are deleted [2].
∞
Let a = { a i
}
i=
1
denote an LFSR A sequence produced from
A
a nonzero initial state { a L
i}
i= 1
, and let ∞
s = { s i
}
i=
1
denote the
LFSR S sequence produced from a nonzero initial state
Ls
{ si}
i= 1
. Let ∞
Z = { Z i
}
i=
1
denote the output sequence of the
shrinking generator. Then, Z k = a ik ,, where i k is the position of
the k th 1 in the sequence ‘s’. The keystream sequence ‘Z’ is an
irregularly decimated version of the LFSR A sequence ‘a’, with
the decimation controlled by the LFSR S sequence‘s’.
Fig.1 Shrinking Generator
If the LFSR feedback polynomials are primitive, then ‘a’
and ‘s’ are maximum length sequences with periods 2 L A −1
and 2 L S −1, respectively. In addition, if L A and L S are
relatively prime, then the period of ‘Z’ is
L
(2 A Ls
−1
−1)(2
) and the linear complexity (LC) of ‘Z’
LS
−2
LS
−1
satisfies L
A.2
≤ LC ≤ LA.2
. To get high period L A
must be greater than L S .
A.2 Alternating Step Generator
Alternating step generator [3]is another popular clock
controlled generator that uses the principle of stop/go
clocking. At any time a stop/go shift register is clocked once if
the control bit is 1 and not clocked if the bit is 0. The
implemented clock controlled generator is a combination of
three LFSRs, two of which, LFSR l and LFSR 2 , are stop/go
clocked in a special way by the third one, LFSR 3 , which is
regularly clocked. When the clock control sequence is ‘1’,
LFSR l is clocked and LFSR 2 is clocked when the control
sequence is ‘0’. The output of the generator at any time is
modulo-2 sum of the output bits of LFSR l and LFSR 2 .
When the constituent LFSRs have lengths that are pair-wise
relatively prime, the resulting sequence has a period equal to
the product of the period of sequences produced by the
constituent LFSRs. The linear complexity L(k) of the
keystream generated from ASG satisfies the relation
L1 −1
L1
( L
2
+ L3
)2 ≤ L(
k)
≤ ( L1
+ L2
) 2 [3], where L 1 , L 2 ,
and L 3 are the linear complexities of the constituent LFSRs.
Fig. 2 Alternating Step Generator
B. Attack on clock controlled generator
The attacks for clock controlled generators available on the
literature are based on the exhaustive key search on the initial
state of control register or generating register. Improved linear
consistency attack is one among the least complex attacks on
clock controlled generators [4] and works well for both
shrinking generator and for alternating step generator if the
structure is properly modified.
The attack starts with applying a brute force selection on the
initial state of control register. Then by utilizing the linearity
present in the generating registers, an analysis is done to check
the validity of the existence of selected initial state of control
register. After that, initial state of generating register is
retrieved.
B.1 Improved Linear consistency Attack on SG
∞
Let a = { a i
}
i=
1
denote an LFSR A sequence produced from
A
a nonzero initial state{ a L
i}
i= 1
, and let ∞
s = { s i
}
i=
1
denote the
LFSR S sequence produced from a nonzero initial state
Ls
{ si}
i= 1
. Let ∞
Z = { Z i
}
i=
1
denote the output sequence of the
shrinking generator. Then, Z k = a ik ,, where i k is the position of
the k th 1 in the sequence ‘s’. The keystream sequence ‘Z’ is an
irregularly decimated version of the LFSR A sequence ‘a’, with
the decimation controlled by the LFSR S sequence‘s’ [4].
Steps Involved
1. Preprocessing Stage: Analyze the structure of LFSR A .
And, from the generator polynomial g A (x), derive a low
weight cyclic equation λ;
λ : ak
+ ak+ j + ....... + a = 0
(3)
1
k+
jw−1
that holds over all ‘a’ sequence generated by LFSR A for
any k ≥ 0.
2. Guess an initial state for LFSR S. For each guess,
generate the ‘s’ stream and use this ‘s’ stream to restore
the positions of keystream bits in ‘a’ stream. ie. a* =
{*,Z 1 ,*,*,Z 2 ,*…..,Z N } where Z i is the keystream bit and
the stars are the deleted bits corresponding to the ones in
‘s’ sequence.
3. Find ‘m’ entries in a*, where cyclic equation λ is
defined; m≈ L S +10 (to avoid false alarm). From this, we
get the equation set;
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 265

Proceedings of ICCNS 08 , 27-28 September 2008
a * + a * + ....... + * = 0
1 1+ a
k k j 1
k 1+
j w−
1
. .
. .
a a*
+ ....... + a*
0
(4)
* + =
k 2 k 2+ j 1
k 2+
j w−
1
Since every
we can replace
a
k x+
j y
a
k x+
j y
in this equation set is defined in a*,
with the corresponding bit z t in the
keystream ‘z’. Thus, a* is a sequence of pointers to ‘z’
and we can write the equations over ‘z’ as equation set Ω;
Z + Z + ... + Z = 0
t1 ,1
t1 , 2
t1 , w
. .
. .
Z + t
Z + ... +
m , 1 t
Z
m , 2
t m , = 0
(5)
4. If all the equations in the equation set Ω hold, then
accept the guessed initial state of LFSR S as the actual
initial state (key) of LFSR S.
5. After finding the initialization bits of LFSR S , use the
linear equation set derived from LFSR A and identified bits
in a* to find the initialization bits of LFSR A
B.2 Improved Linear consistency Attack on ASG
Improved linear consistency attack on clock controlled
generators begins with restoring the generating sequences
from output sequence based on clock control sequence For
this, a selection logic is required to get the output sequence
from the generating sequences based on the clock control
sequence. But, in ASG there is no such selection logic exist at
the output based on clock sequence. So. It is required to
modify the structure so as to have selection logic at the output
based on clock sequence.
Modified Structure of ASG
When we analyze the structure and working of alternating
step generator it is possible to prove that, for a given clock
control sequence, the first binary derivative of the output
sequence is the interleaved version of first derivatives of the
output sequences of LFSR 1 and LFSR 2 based on the presence
of 1’s and 0’s in the control sequence.
N N
For a binary sequence A = { ai
} i=
1
of length ‘N’, the first
N
~ N −1 1
binary derivative is { ~ N −
A = a } ~ ~ ~
i i = 1 = a 1 , a 2 ,.... a N −1
,
where a
~
i = ai
⊕ ai+
1
.
N + 2 N + 2 N + 2 N + 2
Let X = { xi
} i=
1 andY = { yi}
i=
1 denote
N 1
1
generating sequences, let
+ N +
C = { ci}
i=
1 denote clock
N 1
1
control sequence and let
+ N +
Z = { zi}
i=
1 output sequence as
shown in Fig 2.
To support the possibility of the modification on the
structure of ASG consider following example.
Example-1
N +1
Consider C = 1 0 1 1 0
1
Then, Z N +
= x2
⊕ y1, x2
⊕ y2,
x3
⊕ y2,
x4
⊕ y2,
x4
⊕ y3
N +1
Take first derivative of Z ;
~
Z N = y1 ⊕ y2
, x2
⊕ x3,
x3
⊕ x4
, y2
⊕ y32
=
~
y ,
~
x ,
~
x ,
~
y
(6)
1
2
3
2
Example-2
N +1
Consider C = 0 0 1 0 1
1
Then, Z N +
= x1
⊕ y2, x1
⊕ y3,
x2
⊕ y3,
x2
⊕ y4,
x3
⊕ y4
N +1
Take first derivative of Z ;
~
Z N = y2
⊕ y
~
3,
x1
⊕ x2,
y3
⊕ y4,
x2
⊕ x , x 33 2
=
~
y
~
2 ,
~
x
~
1,
y3,
x2
(7)
From these examples we can see that, the first derivative of
N +1 ~ N N
the output sequence Z is, Z = { ~ zi}
i=
1
and it is a function
1 ~ 1
of
~ N + ,
N
X Y
+ ~ N +1 ~ N ~ N+
1 ~ N+
1 N+
1
and C ,ie. Z = F(
X , Y ; C ) . More
s
clearly, for any1 ≤ s ≤ N , if wt C
+ 1
( ) = l , then
~ z s =
~
x l if c = s+1
1 and
~
y
= s+
1−l
if c = s+1
0 .
Thus, z~ ~ s depends only on x
~ and l ys+1−
l . Which implies that,
Z & &s is obtained by non-uniform interleaving of X ~ l and
~ s+1−l
s+1
Y according toC , where, ~ x is deleted if c = 1
1
1 and
~ y is deleted if c = 0
1
1 due to the step-then-add principle.
Based on this information, we modify the diagram of ASG as
in fig 3.
Fig 3 Modified structure of ASG
Now, it is possible to apply the improved linear
consistency attack [4] on ASG. Here instead of operating with
N 1
1
known keystream bits
+ N +
Z = { zi}
i=
1 it is required to
operate with fist derivative of the known
~ N N
keystream, Z = { ~ zi}
i=
1 .
Steps Involved
Pre-computation phase
1. Derive the low weight cyclic equations λ 1 and λ 2 that can
~ N +1
be defined for all the bits in the X sequences and
~ Y N +1 sequences respectively, such that;
λ : ~ ~ ....... ~
1 xk
+ xk
j + + xk+
j = 0
(8)
+ 1
w−1
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 266

Proceedings of ICCNS 08 , 27-28 September 2008
λ :
~
y +
~
y + ....... +
~
y 0
(9)
2 k k
=
+ j 1
k + j w−1
~ N +1
~ +
2. Formulate the mapping of the bits in X N 1 and Y to
the initial state bits of LFSR 1 and LFSR 2 respectively, in
the form the linear equation set or matrix equations.
Computation phase
~
~
N N
1. Find Z = { ~ zi}
i=
1, where z i = zi
⊕ zi+
1 ; from known
N + 1 N + 1
Z = { zi}
i=
1
2. Guess an initial state for LFSR 3. For each guess, generate
N +1
the C control sequence.
N +1
3. Based on each C sequence deinterleave the first
~ N N
derivative of known keystream Z = { ~ zi}
i=
1 into first
derivative of generating sequences and denote the
~ * ~
obtained sequences as X *
andY .
4. If at least ‘m’ (m≈ Li +10; to avoid false alarm where Li
length of the corresponding LFSR,) consecutive entries in
~
X * ~ *
andY satisfy the cyclic equation λ 1 and λ 2
respectively, then guessed initial state is the correct initial
state for LFSR 3 .
5. After getting the LFSR 3 initial state, use the
~ * ~
corresponding X *
andY sequences and the mapping
formulated in the pre-computation phase to get the initial
states of LFSR 1 and LFSR 2 .
III. EXPERIMENTAL RESULTS
The two LFSR based stream cipher schemes, alternating
step generator and shrinking generator are implemented to
analyze the properties of the keystream generated. Various
attacks available in the literature such as edit distance attack,
probabilistic correlation attack and improved linear
consistency attack are implemented. The fastest of these
attacks, improved linear consistency attack has been used for
both the schemes to analyze and compare the security.
A. Shrinking generator
The shrinking generator as shown in fig 1 consists of two
LFSRs. An LFSR of length 4 and having feedback polynomial
4
x + x + 1 was used as clock control sequence generator.
The generating sequence was obtained from an LFSR of
5 2
length 5 with feedback polynomial x + x + 1. The periodicity
of the generator is 2 8 .
Pre-computation phase
The cyclic equation derived from the feedback
polynomial of LFSR A is,
λ : ak
+ ak + 3 + ak
+ 5 = 0
(10)
The generator matrix for the sequences generating from
LFSR A is,
⎡1
0 0 0 0 1 0 ................ ⎤
⎢
⎢
0 1
⎢0
0
⎢
⎢0
0
⎢
⎣0
0
0 0 0 0 1 ................
⎥
⎥
1 0 0 0 0 ................. ⎥
⎥
0 1 0 1 0 ................. ⎥
0 0 1 0 1 ................. ⎥
⎦
Computation phase
The sequence obtained from the generator corresponding to
the initial states ‘1010’ and ‘10001’ is considered as the
known keystream sequence.
For the LFSR S initial state guess’1010’, the way in which
A* sequence (sequence having the restored bits from known
keystream based on clock control sequence) is formed is
shown below.
Clock sequence, s = [1 0 1 01 1 0 0 1 0 0 0 1 1 ]
Keystream, Z N = [1 0 1 1 1 1 0 1 0 1 0 0 0 1 1 0 1 0 0 1 0
1……]
A*- sequence = [1 * 0 * 1 1 * * 1 * * * 1 0 1 0 * 1 * 0 0 *
* 0 * * * 1 1 …..]
Here, to get the elements in the A*-sequence, the
consecutive bits from known keystream are restored
corresponding to the positions of 1’s in s-sequence and
deletions (*) are placed corresponding to 0’s. The first few
valid entries in A*, where the cyclic equation (10) defined and
satisfied are given below.
a* 13 +a* 16 +a* 18 = 0
a* 15 +a* 18 +a* 20 = 0
λ =
: :
a* 118 +a* 121 +a* 123 = 0
The equation set, Ω is a transformation of λ obtained by
replacing a k + j w
with the corresponding bit Z t in the keystream
Z N . From this it is possible to find the number of bits in the
observed keystream required to mount the attack successfully.
Table I shows the number of valid entries in the A*-sequences
corresponding to all possible guesses of the LFSR S initial state
and the above mentioned known keystream for which the
equation 10) is defined and satisfied. This will help us to find
the value of ‘m’ so as to minimize the false alarm.
TABLE I
NUMBER OF ENTRIES IN A*-STREAMS WHERE λ IS DEFINED
AND SATISFIED
LFSR S
initial
state
No. of
eqns
defined
No. of
eqns
satisfied
LFSR S
initial
state
No. of
eqns
defined
No. of
eqns
satisfied
0001 15 7 1001 15 10
0010 15 12 1010* 15* 15*
0011 15 7 1011 15 11
0100 15 12 1100 15 12
0101 14 9 1101 15 7
0110 14 11 1110 15 9
0111 15 7 1111 15 7
1000 15 12
Z 6 + Z 9 + Z 10 = 0
Z 8 + Z 10 + Z 11 = 0
=> Ω =
: :
Z 63 + Z 64 + Z 67 = 0
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 267

Proceedings of ICCNS 08 , 27-28 September 2008
Table I says that, if the value of m ≤ 12, the probability of
false alarm is ≥ 0.285. To avoid this, the selected value of ‘m’
must be approximately equal to 15. This proves that, to have
the unique retrieval LFSR S initial state of the shrinking
generator, the value of ‘m’ be at least equal to L S +10 (m ≈ L S
+10).
Time complexity analysis
When we mount the improved linear consistency attack on
shrinking generator, the major effort required is to retrieve the
initial state of LFSR S. So, the analysis of time complexity
variation with L S (length of LFSR S ) is necessary. So, we can
say that, attack time increases exponentially with the length of
LFSR S , ie. the time complexity is of the order of 2 Ls (O(2 Ls )).
TABLE II
VARIATION OF ATTACK TIME AND DATAREQUIREMENT WITH
KEY LENGTH
Key
length
(L)
L S
L A
Table II shows the variation of time and data requirement to
mount the attack successfully with respect to the key length of
shrinking generator. In Table II, L A is selected as slightly
greater than L S . This is because, for a given L S + L A , if L A >>
L S then period will be high, but that will reduce the security.
ie. there exist a trade-off between the security and period for a
particular L A + L S .
B. Alternating step generator
The alternating step generator as shown in fig.2. consists of
three LFSRs. An LFSR of length 9 and having feedback
9 4
polynomial x + x + 1 was used as clock control register.
The generating sequences X – sequence and Y- sequence were
generated from LFSR of length 5, feedback
5 2
polynomial x + x + 1 and LFSR of length 7, feedback
7
polynomial x + x + 1 respectively. The period of the
keystream generated is ≈ 2 21 .
Pre-computation phase
The cyclic equations derived for X ~ and Y ~ sequences are,
λ :
~ ~ ~
1 x k + x k + 3 + x k + 5 = 0 &
λ ~
y
~
y +
~
y 0
(11)
2 : k + k+ 6 k+
7 =
Attack
time(sec)
13 6 7 0.4840 123
17 8 9 1.5940 199
19 9 10 4.6880 212
21 10 11 13.109 223
23 11 12 138.849 660
25 12 13 764.128 800
Mapping of the bits in the X ~ and Y ~ sequences to the initial
state bits of corresponding LFSRs are,
N
[ ~ x ~ x ~ x ~ x ....] = [ x x x x ]
1 2 3 4
1 2 3 4
x5
&
[ ~ y ~ y ~ y ~ y ....] = [ y y y y y y ]
1 2 3 4
1 2 3 4 5 6 y7
Computation phase
⎡1
⎢
⎢
1
* ⎢0
⎢
⎢0
⎢
⎣0
⎡1
0
⎢
⎢
1 1
⎢0
1
⎢
* ⎢0
0
⎢0
0
⎢
⎢0
0
⎢
⎣0
0
0
1
1
0
0
0
0
1
1
0
0
0
0
1
1
1
0
0
1
1
... ⎤
...
⎥
⎥
... ⎥
⎥
... ⎥
... ⎥
⎦
0 0 0 0 1 ... ⎤
0 0 0 0 0 ...
⎥
⎥
1 0 0 0 0 ... ⎥
⎥
1 1 0 0 0 ... ⎥
0 1 1 0 0 ... ⎥
⎥
0 0 1 1 0 ... ⎥
0 0 0 1 0 ... ⎥
⎦
The sequence generated from the initial states ‘11111’,
‘1111111’ and ‘101001001’ for LFSR 1 , LFSR 2 & LFSR 3
respectively, is considered as the known keystream for the
attack. For an initial state guess of ‘101010111’ for control
register the steps involved are as follows.
Known keystream, Z =[0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 1
1 0 …………]
Control sequence, S = [1 0 1 0 1 0 1 1 1 1 0 1 1 0 0 0 0 1 1
0 1 …………]
First derivative of Z, Z ~ = [0 0 0 0 0 0 0 0 0 1 1 0 1 1 0 1 1 1
0 1 1…………]
~
X *
= [0 0 0 0 0 0 1 0 1 1 1 1….] &
~ *
Y = [0 0 0 1
1 1 0 1 0 0….]
~ * ~
In X *
& Y sequences corresponding to this particular
guess, the all the entries are not satisfying their cyclic
equations. There fore, ‘101010111’ is not a valid guess for the
initial state LFSR S . But for ‘111111111’, all the entries in
~
X * ~ *
& Y sequences will satisfy the equation 11. Then,
matrix solutions will give the initial states of generating
registers.
Time complexity analysis
Table III gives the time required to mount the attack
successfully, for the alternating step generator with different
key sizes having the lengths of constituent LFSRs pair wise
relatively prime. It says that, if the length L 3 of the clock
control LFSR (LFSR 3 ) remains constant, then the attack time
remains same even if the lengths L 1 and L 2 vary. But, as L 3
increases the attack time increases drastically (exponentially
O(2 L3 )). This implies that, for a given period if L 3 is at its
maximum possible value then, security will be higher
compared to other possibilities. This is because of the brute
force selection on the initial state of LFSR 3 in improved linear
consistency attack.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 268

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE III
VARIATION OF ATTACK TIME WITH KEYLENGTH
12 4 3 5 0.3130
14 4 3 7 0.4060
16 4 5 7 0.4079
18 4 5 9 0.9220
20 4 7 9 0.9380
21 5 7 9 0.9530
22 4 7 11 3.3850
23 5 7 11 3.5310
24 6 7 11 3.5480
C. Security comparison of ASG and SG
Since alternating step generator and shrinking generator are
two variants of clock controlled generators, a security
comparison between these two is necessary to design new
keystream generators based on LFSRs.
Table IV gives a comparison of level of security between
alternating step generator (ASG) and shrinking generator
(SG) for comparable throughput. Throughput is a major
parameter to quantify the fruitfulness of a security system,
which is defined as the ratio of randomness obtained and
randomness consumed.
TABLE IV
ATTACK TIME COMPARISON OF ASG AND SG FOR
COMPARABLE THROUPUT
Attack time in seconds
Throughput Alternating step
generator
Shrinking
generator
3750 0.406 1.594
49,250 0.9380 13.109
177,750 3.4850 138.349
controlled generators based on LFSRs are known to be more
secure than non-linear combination and filter generators. This
paper compares the security of two most promising LFSR
based keystream generators and proposes that stream cipher
designs based on Shrinking Generators will lead to highly
secure stream ciphers.
REFERENCES
[1] Dieter Gollman, William.G.Chambers, Clock-controlled shift registers: A
review, IEEE Journal on Selected Areas in Communications, vol.7, no.4,
May 1989, 525-533.
[2] D. Coppersmith, H. Krawczyk, Y. Mansour, The Shrinking Generator,
Crypto’98
[3] Jovan Dj Golic, Renato Reniococci, Edit Distance Correlation Attack on
the Alternating Step Generator, Advances in Cryptology, CRYPTO 97,
1997, 499-512.
[4] Molland, Improved Linear Consistency Attack on Irregular Clocked
keystream Generators, Fast Software Encryption-FSE’2004, LNCS vol.
3017, Springer- Verlag, (2004), pp. 109-126.
[5] Patrik Ekdahl, On LFSR based stream ciphers, analysis and design, Phd
Thesis, Department of Information Technology, Lund University,
Sweden, October ,2003
[6] T. Johansson, “Reduced complexity correlation attacks on two clockcontrolled
generators”, Advances in Cryptology-ASIACRYPT’98
LNCS, vol. 1514, Springer- Verlag, (1998), pp. 342-357
[7] L. Simpson, J. Dj. Goli´c, “A probabilistic correlation attack on the
shrinking generator”, ACISP’98, LNCS vol. 1438, Springer-Verlag,
(1998),pp.147-158.
[8] J. Dj. Goli´c, “Correlation analysis of the shrinking Generator”,
Advances in Cryptology-Crypto’2001, LNCS vol. 2139 Springer-Verlag,
(2001), pp. 440-457.
In both the generators attack method used is the same, the
improved linear consistency attack. But, the time required to
mount the attack on shrinking generator is very high compared
to that of alternating step generator. This is because, in SG it is
required to operate on more number of known keystream bits
to reach a unique retrieval of initial states than in ASG due to
the deletion operation in key stream generation. And, that
increases the data complexity and time complexity of
shrinking generator. So, it is clear from the table that, as the
period, key length or throughput increases the security offered
by the shrinking generator increases drastically against
alternating step generator.
IV. CONCLUSION
As the popularity of various communication methods such
as mobile telephone, internet etc. is increasing, an increasing
quantity of data is being transferred over various
communication channels. The low hardware complexity and
power consumption of LFSR based stream ciphers make them
an attractive method to ensure integrity and security of data
transmission in handheld communication devices and sensor
networks. Hence design of a secure stream cipher based on
LFSR is gaining more and more importance nowadays. Clock
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 269

Proceedings of ICCNS 08 , 27-28 September 2008
Elliptic Curve Cryptography based Mutual
Authenticated Key Agreement Protocol for secured
wireless communication
Kakali Chatterjee
Delhi College of Engineering (Delhi University)
Bawana Road, Delhi 110042
Email: kakali2008@gmail.com
Abstract- Mutual authenticated key agreement protocol for secure
communication in mobile devices is an important primitive for
session key establishment. We propose a mutual authenticated key
agreement protocol for wireless mobile communication based on
elliptic curve cryptographic techniques. The proposed protocol
requires significantly less bandwidth than the different public key
cryptosystems (such as EIGamal for encryption, and Diffie-Hellman
for key exchanging protocols), and furthermore, it has lower
computational burden and storage requirements on the user side. The
use of elliptic curve cryptographic techniques provide greater security
using fewer bits, resulting in a protocol which requires low
computational overhead, and thus, making it suitable for wireless and
mobile communication systems, including smartcards and handheld
devices. Then we made a performance analysis of various algorithms
on palm OS platform.
Keywords- Elliptic Curve Cryptography (ECC), Elliptic Curve Diffie-
Hellman (ECDH) key exchange, Elliptic Curve Digital Signature
Algorithm (ECDSA).
I. INTRODUCTION
Wireless Networks are quickly becoming ubiquitous in our
day to day life. In wireless networks, mobile nodes
continuously enter and leave the network and change location
with the resulting mobility impacting the degree of security
and communications reliability. In order to have reliable
proper security over the wireless mobile communication,
Elliptic Curve Cryptography (ECC) comes in handy as many
of these portable devices are restricted by some general
computational constraints related to processor speed,
bandwidth, memory etc. Mobile users will use resources at
various locations and may be provided by different service
providers. Certain security measures are required for portable
devices (which use low processing power) by using efficient
encryption algorithm. While considering the efficiency of a
public-key cryptographic system, three distinct factors are-
Computational overheads, Key size, Bandwidth. There are
some environments, such as low-end smart cards which do not
have arithmetic co-processors and only about 8KB of RAM,
where commercial-strength 1024-bit RSA simply cannot be
implemented, while commercial-strength 163-bit ECC can [5].
ECC is based in one of the hardest arithmetic problems, the
elliptic curve discrete logarithm problem, making ECC a
reliable cryptographic technique. In addition to this advantage,
ECC requires smaller key sizes, bandwidth savings and faster
implementation compared to other public key algorithms,
which suggests its use in low-end systems such as PDAs,
smart cards [3].
ECC based mutual authenticated key agreement protocol was
already established for Wireless LAN security [1]. So far,
several protocols have been proposed to provide robust mutual
authentication and key establishment for Wireless LAN. The
significant improved performance of some of the protocols in
computational and communicational load over many other key
agreement protocols were compared and discussed in [6]. We
analyse them how useful they are in mobile devices and then
propose a new mutual authenticated key agreement protocol
suitable in constrained mobile environment.
In our proposed protocol, two entities (mobile) are both
proving their identities to each other and establish a common
session key to make a secure connection. The protocol
described in this paper depends on the security of the so-called
elliptic curve primitives, e.g., key generation, signature
generation, and signature verification. These operations utilize
the arithmetic of points which are elements of the set of
solutions of an elliptic curve equation defined over a finite
field. The security of the protocol depends on the intractability
of the elliptic curve analogue of the discrete logarithm
problem which is a well known and extensively studied
computationally hard problem.
The remaining part of the Paper is organized as follows:
Section II describes security techniques; Section III provides
description of ECDSA, Section IV provides the description of
protocol parameters; Section V provides proposed protocol
and how it works; Section VI provides the implementation
results of proposed protocol on constrained device. The key
conclusion that has been drawn from this Paper are stated in
Section VII.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 270

Proceedings of ICCNS 08 , 27-28 September 2008
II. SECURITY TECHNIQUES
Before proceeding we need to establish some terminology and,
in particular, to define what we mean by a security technique;
in doing so we will distinguish between security features and
security techniques (or security mechanisms, as security
techniques are often known). Security provisions in systems
are present, not for their own sake, but to combat identified
security threats. To combat these threats requires the provision
of specific Security features such as
Confidentiality- to address the threat of unauthorised
disclosure of information by means of eavesdropping, etc.
Data integrity- to address the threat of unauthorised
modification to information.
Origin authentication- to address the threat of information
being spuriously inserted into a network.
Entity authentication -. to address the threat of one entity
masquerading as another.
Non-repudiation - to address the threat of an entity
repudiating its actions (i.e. denying actions it has taken).
These features exist as abstract concepts, and are independent
of the means used to provide them. Features are provided by
security techniques (or mechanisms), which include
Encipherment algorithms - used to help provide
confidentiality features.
Integrity mechanisms - (which include the well-known
MACS), used to help provide data integrity and origin
authentication features.
Digital signature algorithms- which can be used to help
provide non-repudiation features.
Authentication exchanges- used to help provide entity
authentication features.
III. ECDSA FOR AUTHENTICATION
First, an elliptic curve E defined over GF(p) or GF(2k) with
large group of order n and a point P of large order is selected
and made public to all users.
Then, the following key generation primitive is used by each
party to generate the individual public and private key pairs.
Furthermore, for each transaction the signature and
verification primitives are used. We briefly outline the Elliptic
Curve Digital Signature Algorithm (ECDSA) below, details of
which can be found in [4].
ECDSA Key Generation
The user A follows these steps:
1. Select a random integer d є [2,n-2].
2. Compute Q = d ×P.
3. The public and private keys of the user A are (E; P; n; Q)
and d, respectively.
ECDSA Signature Generation: User A signs the message m
using these steps
1) Select a random integer k ε [2,n-2].
2) Compute k × P = (x 1 ,y 1 ) and r = x 1 mod n.
3) Compute k-1 mod n.
4) Computes s = k-1(H(m) + dr) mod n.
Here H is secure hash algorithm.
5) The signature for the message m is the pair of integers(r,s).
ECDSA Signature Verification:
User B verifies A’s signature (r,s) on the message m by
applying the following steps-
1) Compute c = s-1 mod n and H(m).
2) Compute u 1 = H(m)c mod n and
u 2 = rc mod n.
3) Compute u 1 × P + u 2 × Q = (x 0 ,y 0 ) and
v =x 0 mod n
4) Accept the signature if v = r.
IV. DESCRIPTION OF PROTOCOL PARAMETERS
In this paper we use an elliptic curve E defined over a finite
field Fp. The elliptic curve parameters to be selected [9] and
[8]are:
1 -Two field elements a and b є Fp, which define the equation
of the elliptic curve E over Fp (i.e., y 2 = x 3 + ax + b in the case
p ≥ 4, where 4a 3 + 27b 2 ≠ 0.
2 -Two field elements x p and y p in Fp, which define a finite
point P(x p , y p ) of prime order in E(Fp) (P is not equal to O,
where O denotes the point at infinity).
3 -The order n of the point P.
In the following, we will give an introduction to the ECdiscrete
logarithm problem, to Diffie-Hellman key exchange
based on EC and finally to the elliptic curve based digital
signature algorithm (ECDSA).
Let E be an elliptic curve defined over a finite field Fp and let
P ε E(Fp) be a point of order n. Given Q where Q ε E(Fq), the
elliptic curve discrete logarithm problem is to find the integer
l, 0 ≤ l ≤ n − 1, such that Q = l.P. Here p, q are large prime
numbers where p=2.q+1.
The Diffie-Hellman key agreement protocol runs as
follows[10]: User A selects a random number n a and computes
Y a = n a G, where G є E(Fq) with order q. He sends Y a to user
B. Similarly B computes Y b = n b G and sends Y b to A. A and B
generate the same key K = n a Y b = n b Y a = n a n b G.
In general, the main disadvantage of the Diffie-Hellman
protocol is that it may suffer the “man-in-the-middle” attack.
The main goal of our proposed protocol is to achieve mutual
authentication and session key generation in order to establish
a secure channel. This mutual authentication scheme applies
the ECDSA to enhance the safety level and to simplify the
computational and communications load. The protocol is
working in the following steps:-
1) Both party establish their public and private key and then
compute a mutual agreed secret key.
2) For Authentication of the system a message digest is
created using SHA1 hashing algorithm and encrypt the
message digest with the secret key to create the signature.
3) Than both the message and the signature is send to the
server through network. In server side, it is decrypted and
verified.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 271

Proceedings of ICCNS 08 , 27-28 September 2008
V. PROPOSED PROTOCOL
The mutual authentication and key agreement protocols
between the client and the server need to be executed in
realtime [2].
We give the proposed mutual authentication protocol in Figure
1 below:
User(A)
Choose d u є [2,n-2].
Q u = d u × P=(x A ,y A )
Q s send
Receive
Q k = d s × Q u = (d s d u )×P
K=Q k .x: mutual agreed key
Sends Q u and g
Q u ,g,
Receive Y B
Then Computes Y A =h(α)
If (Y A ==Y B ), then A authenticates B
Server(B)
Choose d s є [2,n-2].
Q s = d s × P
receive
Q k = d s × Q u = (d s d u )×P
K=Q k .x: mutual agreed key
Computes w=g -1 mod(n) and
Calculate u 1 ,u 2 ,v
If v==x A , then B authenticates A
Sends Y B =h(β) to A
Figure 1: proposed mutual authentication protocol
Within the second step, A chooses a random
challenge d u , where 1 ≤ d u ≤ n − 2, then computes Q u
where
Q u = d u × P=(x A ,y A ) (2) and calculates α where
α = d u (B − Q) (3) and K= Q k .x where
Q k = d s × Q u . K is called mutual agreed key.
In addition, A calculates r = (x A )mod(n) and computes
g= a −1 (h(α) + x ∗ r)mod(n) (4)
Finally (Q u , g) becomes the signatures pair and A
transfers them to the server.
Within the third step, B computes
β = Q s ∗ Q u (5)
computes K and w=g -1 mod(n) then calculates
u 1 = (h(β) ∗ w)mod(n) (6)
and
u 2 = (x A ∗ w)mod(n) (7)
In addition, B calculates
u 1 ∗ P + u 2 ∗ Q = (x 0 , y 0 ) (8)
and calculates
v = x 0 mod(n) (9)
B checks if (v == x A ), so B authenticates A and
B can be confirmed that A has actually established
the same shared session key. Then B computes:
Y B = h(β) (10)
and finally he sends Y B to A.
In order to authenticate B, A will compute:
Y A = h(α) (11)
and then A will verify the value of Y A by checking that
(Y A == Y B ), if so, if they match, then A authenticates B
and A can be confirmed that B has actually established
the same shared session key with her. Finally, A and B
agree on the common session key Ks where
Ks = h(ID(A)||ID(B)||K) (12)
Both sides will agree on the session Key Ks if all steps are
executed correctly. Once the protocol run completes
successfully, both parties may use Ks to encrypt messages
for subsequent session traffic to create a confidential
communication channel.
The Explanation of the above figure is as follows:-
Before starting the authentication procedure the user A,
select an elliptic curve E(Zp) defined on Zp. A chooses a
random point over the elliptic curve called P with order n.
n is a large prime number. In addition, A chooses a
password pw, computes x = h(pw) and calculates Q where
Q = x ∗ P. Finally, A generates strong number p and q
where p = 2 ∗ q + 1.
Once the following parameters (E, Q, P, p, q, pw) are
generated, A transfers the (E,Q,P, n) to the server in a
secure way. Once this step is done, the session key
generation procedure will be executed as follows:
Within the first step, B chooses a random challenge
b, where 1 ≤ d s ≤ n − 2, then he calculates Q s = d s × P (1)
and he calculates the point B where B= d s ∗ P + Q
Finally he sends Q s to A.
VI. IMPLEMENTATION RESULTS
We implement the algorithm using J2ME (Java 2 Platform,
Micro Edition) which is the perfect platform for mobile clients
for secured data storage and management capabilities. The
modular design of the J2ME architecture enables an
application to be scaled based on constraints of small
computing devices. We include Bouncy castle library [7]
support for ECC public and private key generation. It supports
both ECDSA and ECDH. We implement the proposed
authentication scheme in small handheld devices. Then made a
performance analysis of various algorithm.
Table 1 shows execution times for various ECC and RSA
cryptographic primitives on palm OS platforms:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 272

Proceedings of ICCNS 08 , 27-28 September 2008
Protocols
ECC key
generation
ECC key
expansion
ECDSA
signature
generation
ECDA
signature
verification
Diffie-
Hellman key
agreement
RSA private
encrypt
RSA public
decrypt
RSA public
encrypt
TABLE 1
PalmV (2MB of Remarks
RAM, 16 MHz
Dragonball EZ),
(ms)
514 Faster
350 Faster
713 Faster
1740 Slower
462 Faster
27808 Slower
than ECC
758 Slower
than ECC
798 Slower
than ECC
[3] Sandra Kay Miller “Facing the challenge of wireless security” Technology
news July 2001. [4] IEEE P1363. Standard specifications for public key
cryptography. Draft version 7, September 1998.
[5] K.Lauter, “The Advantages of Elliptic Curve Cryptography for Wireless
Security”, IEEE Wireless Communications Magazine,February 2004.
[6] P.E. ABI-CHAR, A.MHAMED, B. EL-HASSAN, “A Secure
Authenticated Key Agreement Protocol Based on Elliptic Curve
Cryptography”, 2007 IEEE.
[7] V.Gayoso Martinez, C.Sanchev Avila, J.Garcia, L.Hernandez, “Elliptic
Curve Cryptography:Java Implementation Issues”, 2005 IEEE
[8] M. Q. J. S. L. Law, A. Menezes and S. Vanstane, “An efficient protocol
for authenticated key agreement”. In Designs, Codesand Cryptography, vol.
28.
[9] M. Q. J. S. L. Law, A. Menezes and S. Vanstane, “An efficient protocol
for authenticated key agreement”, Technical report CORR98-05, Department
of CO, University of Waterloo,1998.
[10] William Stallings, “Cryptography and Network Security Principles and
Practices.”
VII. CONCLUSIONS
Internet connected mobile devices are used in our daily lives.
An authentication and access control component must be used
in the devices as a security measurement. This paper
introduces a secure authenticated key agreement protocol
based on ECC that provides mutual authentication and session
key establishment. The proposed mutual authenticated key
agreement protocol concurrently offers the mutual
authentication and a secured way of deriving a secret key
where both the entities contribute information for the key
agreement rather than trusting on one party as a key transport
protocol. The security of Elliptic Curve Cryptosystem mainly
depends on the secret key generation. To break this scheme,
an attacker would need to be able to compute k given G and
kG, which is assumed hard. This is referred to as the elliptic
curve logarithm problem. Another advantage is that a
considerably smaller key size can be used for ECC compared
to RSA which provides same level of security. Hence
encrypted message in ECC is smaller. As a result,
computational power is small.
REFERENCES
[1] Mohammad Abdul Azim and Abbas Jamalipour, “An Efficient Elliptic
Curve Cryptography based Authenticated Key Agreement Protocol for
Wireless LAN Security”,2005 IEEE.
[2] M.Aydos, E.Savas, and C.K.Koe “Implementing Network Security
Protocols based on Elliptic Curve Cryptography”.May.1999
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 273

Hardware Efficient Stream Cipher Based on Hash
Function
Lakshmi V.S, Deepthi .P.P, Sathidevi.P.S
Department of Electronics and Communication Engineering
National Institute of Technology Calicut
Calicut-673601, Kerala, India
lakshmivs23@yahoo.co.in, deepthi@nitc.ac.in, sathi@nitc.ac.in
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract—A new stream cipher based on hash functions is
presented in this paper. The developed stream cipher provides very
high periodicity and security. Since the output keystream is a hashed
version of the secret key, the security of the cipher directly depends
on the one-wayness of the hash function. The time delay for
generating the keystream and complexity of implementation of this
new stream cipher are made low compared to the existing hash based
ciphers. The throughput of the cipher is increased much by using
output feedback. The structure of proposed hash based stream cipher
is suitable for both software and hardware implementation.
Keywords—Hash function, Stream Cipher, Pseudorandom
Number Generator, Keystream
I. INTRODUCTION
Secret key cryptographic systems can be either block
ciphers or stream ciphers. Stream ciphers involve time varying
transformation on individual data bits where as block ciphers
are obtained by applying the same transformation on a group
of data bits. In stream cipher based systems, the need for
buffering is limited. A binary additive stream cipher is a
synchronous stream cipher system, which includes key stream,
plaintext and cipher text in the form of binary sequences. The
cipher bits in such a system are obtained by bitwise xor
operation of data bits (plain text) with the key stream bits.
Each secret key K as input to the key stream generator
corresponds to a key stream sequence. Since the secret key K
is shared between the transmitter and the receiver, the receiver
can decrypt by xoring the output of the key stream generator
with the cipher text, obtaining the message sequence.
A cryptographically strong pseudorandom number generator
(CSPRNG) is the heart of any stream cipher. A pseudo
random generator is a deterministic polynomial time algorithm
which expands short seeds into longer bit sequences, such that
the output ensemble is polynomially indistinguishable from
the uniform probability distribution. Two methods of
producing cryptographically strong PRNG are (1) Linear
Feedback Shift Registers based structures and (2) One-way
function based structures.
Linear Feedback Shift Registers (LFSR) is the most
commonly used stream cipher due to the low hardware
complexity and less power consumption. LFSR produces an
output pseudorandom sequence from its initial state depending
upon a feedback polynomial. The maximal length sequence of
period (2 n – 1) can be produced by the LFSR if the feedback
polynomial is primitive of degree n. But the main drawback of
LFSR based stream ciphers is susceptibility to attack due to
the linearity in the structure. According to Berlekamp-Massey
algorithm, the initial state of the LFSR can be generated after
examining only 2n bits of the pseudorandom sequence. So for
better security, one-way function based stream ciphers are
preferred over LFSR stream ciphers.
Blum and Micali [1] introduced the notion of a
cryptographically strong pseudo random number generator
from one-way functions and Yao [2] showed that such a
generator produces output bits which are computationally
indistinguishable from truly random bits. Hash functions can
be used as part of keystream generators in synchronous stream
ciphers due to the high security provided by one-wayness of
hash functions. The security of PRNG depends upon the hash
function used and how the hash function is used. The main
application of hash function is in message authentication. If
hash function is an integral part of the cryptosystem,
implementation complexity of the keystream generator can be
reduced by using a hash function based stream cipher. So
stream ciphers based on one-way hash functions are gaining
importance now a days.
The remainder of the paper is organized as follows: In
Section 2, the background theory of one-way function based
stream ciphers is presented. Section 3 deals with the structural
overview of two hash function based stream ciphers available
in literature. Section 4 describes the structural model of the
proposed stream cipher, while the security analysis of the
proposed model is presented in Section 5. Results are given in
Section 6.
II.
THEORETICAL BACKGROUND
The possibility of the construction of a cryptographically
strong pseudo random number generator (CSPRNG) based on
one-way function was suggested by Blum and Micali [1]. The
output bit sequence of a PRNG should satisfy two properties:
(1) The random bits should be easily generated and (2) The bit
to be generated should be unpredictable. If a PRNG is
cryptographically strong, it will be infeasible to trace the
initial state or ‘key’ of the PRNG from the output keystream.
It is proved that a necessary and sufficient condition for the
existence of PRNG is the existence of one-way function [3].
The main ideas behind the construction of a CSPRNG based
on a function, which is proved to be one-way, can be
discussed as follows. Consider a one-way function f.
Randomly select a seed x and compute f(x). This provides the
first set of output bits. If same seed is used for the next call to
the function f, it will spoil the periodicity of the PRNG. Also,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 274

Proceedings of ICCNS 08 , 27-28 September 2008
if a new seed is used for each call to the function f, the
randomness consumed increases and this will reduce the
throughput of the PRNG. The throughput of a stream cipher is
defined as the ratio of the number of output random bits
produced to the number of input random bits consumed. So to
avoid these two drawbacks, it is required that the elements in
the range of f should be randomly redistributed to the locations
in the domain. This random redistribution should be
deterministic and so the function used for random
redistribution should also be deterministic. So a
cryptographically strong PRNG can be constructed from a
one-way function by randomly redistributing the output of f to
the input in a deterministic way. Thus, the main design idea in
constructing a CSPRNG based on one-way function is finding
a good deterministic function which can randomly select the
input to the one-way function in such a way as to avoid the
loss of periodicity.
A hash function [4] is a computationally efficient function
mapping binary strings of arbitrary length to binary strings of
some fixed length called hash values. In cryptography, hash
functions are used for message authentication. Encrypted hash
value of a message appended to the message as a digital
signature can ensure authenticity as well as integrity in
cryptosystems. The main properties a function should satisfy
for being chosen as a hash functions are
1. one-way property - It is easy to compute hash value,
h for any message x, but given h, it is infeasible to
find x such that. H(x)=h
2. partial preimage resistance - It should be as difficult
to recover any substring as to recover the entire input.
Even if part of the input is known, it should be
difficult to find the remainder.
3. Weak collision resistance - Given x, it is infeasible to
find y such that H(y) = H(x).
4. Strong collision resistance - It is infeasible to find
any x, y such that H(y) = H(x).
Due to the one-wayness of a hash function, a CSPRNG can be
designed based on the hash function.
III.
HASH BASED STREAM CIPHERS
The two stream ciphers based on hash functions that are
available in literature are ARC and HSC [5][6].
A. ARC
ARC is a synchronous stream cipher from iterated hash
function proposed by Angelo P.E.Roseillo and Roberto
Carrozzo [5]. The initial string in ARC stream cipher is the
secret key. In ARC, to get the next string in the sequence, the
previous string is hashed and new random bits are added to
replace the bits lost in hashing. The outputs of different hash
function blocks are concatenated together to form the entire
keystream. Here the output of one hash function block
depends on the output of the previous block. So, as the number
of iterations increases, the time taken for the generation of the
keystream also increases.
Generation of the keystream
During this phase, the whole keystream is generated
constantly depending on the key and it’s hashed versions. The
process is realized by applying two similar functions named p
and q which are defined as follows:
Let p: {0, 1} + → {0, 1} + be a function such that,
p(x) = LSB n (x), |x| /2 ≤ n ≤ |x|
Let q: {0, 1} + → {0, 1} * be a function such that,
q(x) = LSB m (x), 0 ≤ m ≤ |x|
Once that n is fixed it must be the same for all the generation
of the keystream while m can assume different values from a
mono-dimensional matrix M = (m 1 , m 2 ,…m i ) so that
q(x i ) = LSB mi (x i ), ∀ i ≥ 1
The steps that involved in the generation of keystream is as
follows:
y(1) = hash (key )
y(2) = hash (p(y(1)) || key)
y(3) = hash (p(y(2)) || q(y(1)) || key)
.
y(n) = hash (p(y(n - 1)) || q(y(n - 2)) || … || q(y(n – (n – 1))) ||
key)
keystream = y(1) || y(2) || y(3)||…..|| y(n)
Here the y(1), y(2),… represents the hash function outputs
obtained after each iteration. The final keystream is the
concatenation of different hash function outputs. If the length
of the hash function output is h, the authors strongly suggests
to set
n = h/2 and
m 1 + m 2 +…+m i = h/2
to achieve a better security and to let the range of the hash
function theoretically equal the codomain (2 h ). In order to
minimize the collision effects of the hash function, one should
take some bits from different positions of the past keystream
since a collision could compromise the security of the stream
cipher.
The authors claim that the most efficient way to break the
ARC stream cipher is to break the underlying hash function or
through exhaustive search for the keyspace key consisting of k
bits, that requires O(2 k ) operations.
B. HSC
HSC (Hashing Stream Cipher) is proposed by Yong Zhang
et al. [6]. In this algorithm, a number of Hash function blocks
are placed in parallel to generate the output keystream. The
seed input to various hash function blocks are obtained from
the same key by appending a time stamp and a varying
increasing factor. The timestamp is used to make the
keystream different every time it is generated by the same key.
The key and timestamp, which is the current system time,
are concatenated together to form the original vector (OV). An
increasing factor (IF) is iteratively added to the OV and the
sum is then given as input into the core hash function.The
initial value of the increasing factor is decided by the value of
the key and the timestamp. IF is initiated by the following
formula.
IF = ( ΣK p + ΣT j ) % 2
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 275

Proceedings of ICCNS 08 , 27-28 September 2008
Key + Timestamp + IF Key + Timestamp + 2 x IF Key + Timestamp + n x IF
Hash
Function
Hash
Function
Hash
Function
Keystream Block 1 Keystream Block 2 ……….. Keystream Block n
Fig. 1 PRNG of HSC
where the IF represents the Increasing Factor, the K p
represents the p th byte of the key and the T j represents the j th
byte of the timestamp. The IF is the result of the accumulation
of the key bytes and the timestamp bytes mode 2 i . The bit
length of the increasing factor, i directly affect the iteratively
increasing step of the hash input, which may attribute to the
final statistical distribution of the keystream. Because the
increasing factor is decided both by key and timestamp, the
increasing factor is supposed to be different for every
encrypting. To make this change available every time, the
increasing factor should not be zero. Finally, the keystream is
generated by concatenating the fixed-length hash digests block
by block. Fig. 1 shows the Pseudo Random Number Generator
of HSC.
The authors claim that due to the combination of linear
increasing factor and the nonlinear one-way hash function, the
keystream blocks will not occur periodically. The
computational complexity of the algorithm mainly focuses on
the one-way hash function. Every time the keystream block is
generated, the hash rounds are decided by the concatenating
length of the key and the timestamp. When the concatenation
of the key and the timestamp is added by the increasing factor
iteratively, it is taken as a large unsigned integer, so the size of
the concatenation will increase gradually. Once the length of
the hash input exceeds the block size of the hash function, the
hash rounds would increase and the time cost will go up with
it.
IV. PROPOSED MODEL
In the ARC stream cipher that is discussed in section A, it
can be seen that the time delay for generating the keystream
bits increases with the output bits required since the
complexity of operation increases with number of iterations.
In the Hashing stream cipher which is mentioned in section B,
since the Increasing Factor (IF) is produced by modulo 2
addition of the key bits and the timestamp bits, the hardware
or software complexity of implementation of the algorithm
becomes high when the key length or length of the timestamp
is increased. Moreover, when the concatenation of the key and
the timestamp is added by the increasing factor iteratively, the
size of the concatenation will increase gradually and once the
length exceeds the block size of the hash function, the hash
rounds would increase and the time cost will go up with it.
The usage of timestamp as the initial vector (IV) in HSC
demands for higher bandwidth and data transmission overhead
since there should be a time synchronization between the
transmitter and receiver. So this new model aims at reducing
the time delay of ARC and the complexity of HSC. The main
way to reduce the complexity of implementation in HSC is by
avoiding the need for time synchronization and reducing the
memory requirement due to IF overflow. The proposed model
contains only a single hash function block in the generation of
keystream bits. To reduce the delay in generation of keystream
bits compared to ARC, a simpler method to generate random
seeds for different iterations is introduced in this new model of
stream cipher.
The main design criteria in developing a new model for
stream cipher is to identify a method to generate different
random seeds for various iterations. A method to reuse
random bits is mentioned in [7]. The proposed stream cipher
uses the following model for generation of keystream bits. Let
‘key’ be the initial random seed, ‘h’ be the hash function and
x i be the hash function output after i th iteration and s 1 , s 2 , s 3 ,…
be the sequence of strings generated by a deterministic
function ‘f’. To get the next string in the sequence of the
keystream, hash the previous output string together with the
new random bits generated by the deterministic function ‘f’
which are added to replace the bits lost in the hashing. This
can be mathematically represented as below.
x 1 = h(key || s 1 )
x 2 = h((key ⊕ x 1) || s 2 )
:::::::::::::::::::::::::
x i+1 = h((key ⊕ x i )|| s i+1),
::::::::::::::::::::::::::::
x n = h((key ⊕ x n-1) || s n )
keystream = x 1 || x 2 || x 3 ||...||x n (1)
In the proposed stream cipher, the sequence of strings s 1 , s 2 ,
s 3 ,… are obtained from the states of a Linear Feedback Shift
Register (LFSR) and the initial sate of the LFSR can be
considered as the initial vector (IV) of the model. The LFSR
advances its state depending on the initial state and the
feedback polynomial used which is a primitive polynomial.
The key bits are concatenated with the initial state of the
LFSR and are fed as the first input to the hash function.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 276

Proceedings of ICCNS 08 , 27-28 September 2008
Key
…
Hash Function
Keystream
LFSR
Fig. 2 Proposed Model of PRNG
Here, the periodicity of the model is increased by using the
output feedback. If the hash output is fed back as such as the
key or a part of input to the hash function for next iteration, it
will affect the security of the model. If a cryptanalyst is able to
get a few keystream bits in known plain text attack, he directly
gets a portion of the input to hash function for the next
iteration, if the hash output is fedback as such and this makes
cryptanalysis simple. So, the hash output is xored with the
initial key and the advanced state of the LFSR is concatenated
with this xor output and is provided as the next input to the
hash function. The structure of this proposed model is shown
in fig. 2.
The security of the model shown in fig. 2 completely
depends on the security of the hash function used. Due to the
features of the one-way hash function used, it is infeasible for
an attacker to retrieve the initial key and the initial state of the
LFSR The complexity of implementation of HSC is reduced
by the usage of LFSR and the higher time delay of ARC
scheme is brought down by simply using a xored version of
hash output and key as a part of input for next iteration. Even
if the adversary get a keystream block, say n th keystream
block, they have to invert the hash function block ‘n’ times to
retrieve the initial key. But by a single inversion the adversary
can get the initial state of the LFSR, ie, IV from the current
state and by the assumption that the structure of the LFSR is
known. So the rest of this section deals with improving the
security of the LFSR part of the input to the hash function.
A hash function basically maps ‘m’ input bits to ‘n’ output
bits where m>>n. If new ’m’ random bits are given as input to
the hash function every time, the throughput decreases. So a
part of the input to the hash function is fixed as ‘key’
consisting of ‘k’ bits and the rest of the ‘m – k’ bits of the hash
input keep changing during each call to the hash function. The
changing ‘m – k’ bits should satisfy the property that mapping
from one set of ‘m – k’ value to the next value is not easily
traceable and at the same time the mapping should take
through all possible 2 m-k combinations. So the overall
operation for the chosen model can be explained as below.
Take any ‘x’. Compute y 1 = f(x), append key to y 1 and give the
appended value as the input to the hash function H(). Once z 1
= H(key||y 1 ) is computed, increment variable ‘x’ by 1 and
again compute y 2 = f(x+1) and obtain output H((key ⊕ z 1 )
||y 2 ). The keystream is formed by concatenating all the hash
function outputs. Here, f(x) should be chosen such that the
computation of f(x) from a given ‘x’ should be easy, but the
reverse should not be easy. For the security of keystream,
mapping from y 1 to y 2 should be random. Also, the interaction
between functions f() and H() should not spoil periodicity.
There are no clear ways of designing f() for a given H().
The function f() is realized by a combination of counter,
LFSR and division modulo operation circuit. The counter
provides the initial state to the LFSR circuit and depending
upon the initial state and the feedback polynomial, LFSR
produces an output sequence of maximal length. The whole
output sequence is fed as input to the division modulo
operation circuit which divides the output sequence of LFSR
by a dividing polynomial g(x) and gives the remainder of the
division as the output of division modulo circuit. The ‘k’ bit
initial key is concatenated to the output of mod g(x) circuit
and given as input to the hash function block. The initial value
of the counter is kept secret and it represents the initial vector
(IV) of the model. Hash function generates ‘n’ bit output,
where ‘n’ is the message digest length of the hash function.
After producing an ‘n’ bit hash value, the counter is
incremented by ’1’ (counter = counter + 1 mod 2 m-k ) and the
initial state of the LFSR is changed by the incremented value
of the counter. Here, after each computation of the hash value,
the key bits are xored by a portion of the hash function output.
As a result the periodicity of the keystream becomes so high
that we may not be able to measure it. The whole process is
repeated again. The final keystream is obtained by
concatenating all the ‘n’ bit hash outputs. The structure of the
modified proposed model is shown in fig.3.
In the proposed model a combination of LFSR stream
generation and division operation modulo a polynomial is
used as f(x). ‘x’ values are generated through a counter. Let
2
m−1
c(
x)
= a0 + a1x
+ a2
x + .... + a m −1
x be the polynomial
representation of the initial count value of the counter. The
counter provides the initial state of the LFSR. If the feedback
polynomial of LFSR be p(x), then the output sequence
produced by the LFSR can be represented as
a ( x)
= f ( x) / p(
x)
(2)
m
where ∑ − 1⎡ n
= ⎥ ⎥ ⎤
n
f ( x)
= ⎢ ∑ pi an−i
x
(3)
n 0⎢⎣
i = 0 ⎦
2
1 x + p2
x + ....
m−1
−1
p ( x)
= 1+
p
+ p m x
(4)
where m represents the number of bits in the initial state and
a 0 , a1,...
a m −1
represents the initial state of the LFSR.
The a (x)
output of LFSR is given as input to the division
modulo operation circuit, which uses a division polynomial
g(x) of degree ‘n’. The output of modulo division circuit can
be represented as
1
n *
x
* ( x
y ( x)
= x a ( x)[mod
g(
)]
(5)
where a ) represents the reciprocal polynomial of a (x)
.
This means y 1 (x) is the residue obtained after dividing
x n a
* (x) with g(x) , the feedback polynomial of modulo
division circuit.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 277

Proceedings of ICCNS 08 , 27-28 September 2008
Counter
Key
LFSR
mod g(x) circuit
Hash Function
Keystream
Fig. 3 Modified Proposed Model of PRNG
* x
It can be observed that the polynomial a ( ) is a multiple of
feedback polynomial p(x) of LFSR. For example,
3
consider p(x) = x + x + 1. If a0 ,a1,a2
describes initial
state of the LFSR, then
2
f(x) = a0 + (a0
+ a1
)x + (a1
+ a2
)x
(6)
Then output polynomial a(x)
given by f(x)/p(x) is,
2
3
a(x) = a0
+ a1x
+ a2x
+ (a0
+ a2
)x +
4
5
6
(a 0 + a1
+ a2
)x + (a0
+ a1
)x + (a1
+ a2
)x (7)
Then it can be seen that a * ( x)
can be written as,
*
3
3 2
a (x) = (x + x + 1 )( a0
x + a1x
+ (a0
+ a2
)x
+ ( a 1 + a2 ))
= p(x) q(x) (8)
Hence, if the feedback polynomial of division modulo
circuit g(x) is same as that of LFSR p(x), then mod g(x) circuit
output will always be zero. Therefore it is necessary that they
are different.
Now, the working of LFSR mod g(x) combination can be
explained as follows. The initial state of the LFSR is provided
by a ‘m – k’ bit counter. Let the LFSR feedback polynomial
be a primitive polynomial represented by p(x) of degree ‘m –
k’. The choice of primitive polynomial ensures that LFSR
produces a maximal length sequence of period (2 m-k –1). The
output sequence of the LFSR is fed as input to the mod g(x)
circuit. The mod g(x) circuit divides this sequence by a
division polynomial, g(x) and returns the remainder of this
division consisting of ‘m – k’ bits as the output. As the counter
sweeps through 2 m-k -1 (excluding all zero count) possible ‘x’
values, the output of mod g(x) circuit (i.e., f(x)) pass through
the same set of 2 m-k -1 values, but in a different order. For
example, if the counter output, which is the initial state of
LFSR, is ‘101’, then a * (x) = x + x + x + 1 and output of
mod g(x) circuit is ‘111’.
6
V. SECURITY ANALYSIS
The security of a stream cipher depends upon the time taken
to retrieve the original key from keystream. In the case of
ARC and HSC stream ciphers, the key bit portion of the input
to the hash function remains constant for each call to the hash
function. So by a single inversion of hash function block, the
original key can be retrieved in both ARC and HSC. If the
proposed model of stream cipher is used without feedback,
each input to the hash function consists of the key bits. Hence
by single inversion of hash function, key retrieval is possible.
In the proposed model with feedback, key bits are
continuously replaced with the xor sum of key and previous
output of the hash function. Hence in this case, single
inversion of the hash function block is not sufficient to
retrieve the initial key. The security can be further increased
by using the model shown in fig 3. In that case, the linearity
due to the simple LFSR circuit is overcooked by a
combination of counter, LFSR and division modulo circuit. So
the security of this new stream cipher is much higher
compared to ARC and HSC.
4
VI. RESULTS
The ARC, HSC and the proposed stream cipher are
implemented in MATLAB using SHA-1 [8] as the embedded
hash function. The time delay for generating the same
keystream length is noted for ARC, HSC and proposed stream
cipher shown in fig. 2 and the readings are mentioned in table
I. It is found that the time taken for generating the same
keystream length for the proposed stream cipher is slightly
lesser compared to HSC and very low compared to ARC.
TABLE I
COMPARISON OF THE TIME COMPLEXITY OF PROPOSED MODEL
WITH ARC AND HSC USING SHA-1 AS HASH FUNCTION
Keystream
Length
Time Complexity (in secs)
ARC HSC Proposed Model
8000 157.17 33.125 32.781
16000 532.09 65.531 64.766
32000 2168.2 131.328 128.735
The main drawback of the ARC is higher delay due to
sequential operation and the complexity involved in producing
each input to the hash function. The newly designed stream
cipher overcomes the higher time delay of the ARC stream
cipher.
To check the suitability for hardware implementation of the
ARC scheme, a hardware structure is developed based on the
steps involved in the generation of the keystream. The
developed structure for hardware implementation of the ARC
stream cipher is shown in fig 4. For generating ‘n’ keystream
blocks in the case of ARC, ‘n-1’ buffers are needed for storing
the previous hash function outputs. The input to the hash
function when generating the n th keystream block uses a ‘q’
function which takes the previous ‘n-2’ keystream blocks. So
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 278

Proceedings of ICCNS 08 , 27-28 September 2008
the number of buffers needed in the case of ARC is high and
so the time delay for generating the keystream will also be
high.
Fig. 4 PRNG of ARC
The complexity of implementation in the case of HSC
increases when the key length or length of the timestamp is
increased since the Increasing Factor (IF) is produced by
modulo 2 addition of the key bits and the timestamp bits. In
the proposed model, only a single bit modulo 2 addition is
involved in the computation of a hash value to provide the
feedback bit of the LFSR. But in the case of HSC, the number
of modulo 2 bit additions involved in the computation of each
hash value depends upon the number of keystream bits and
timestamp bits. The need for time synchronization circuit in
the case of HSC due to the usage of timestamp is avoided in
the proposed model and hence reduces the bandwidth
overhead. Since the LFSR length is kept constant, the memory
requirement due to IF overflow is also avoided in the new
stream cipher.
The proposed stream cipher combines the advantages of
both ARC and HSC schemes and at the same time it provides
higher security than both these schemes. In addition, it
provides very high periodicity and high throughput. The
randomness properties of the keystream generated by the
proposed model are tested using test cases on pseudo random
number generators provided by NIST [9].
cryptosystem. Thus with very less additional hardware the
proposed stream cipher with very high periodicity can be
developed using SHA hash. So this model can be used for the
software and hardware implementation of PRNG.
This paper suggests an optimized stream cipher based on
hash functions in terms of time delay, security and complexity
of implementation. The complexity of this model is embedded
in the one-way function used. The throughput and periodicity
of the stream cipher can be increased to a great extend by
using the SHA family of hash functions that have higher
message digest length.
REFERENCES
[1] Blum M. and S. Micali: "How to Generate Cryptographically Strong
Sequences of Pseudo-random Bits", SIAM J. on Computing, Vol.13, No
4, pp. 850-864, Nov. 1984.
[2] A.C. Yao: “Theory and Applications of Trapdoor Functions”, In Proc.
23 rd IEEE Symp. on Foundations of Comp. Science, pages 80 – 91,
Chicago, 1982. IEEE.
[3] Goldreich O., H. Krawczyk and M. Luby: "On the Existence of
Pseudorandom Generators", IEEE Symposium on the Foundations of
Computer Science, 29th SFCS, pp. 12-24, 1988.
[4] Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied
Cryptography. CRC Press, 1996.
[5] Angelp P.E. Rosiello, Roberto Carrozo, “ARC: A Synchronous Stream
Cipher from Hash Functions”, Obsidis, ZDNET, Feb 17 th 2006.
[6] Yong Zhang, Xiamu niu, Juncao Li, Chunming Li, “Research on a
Novel Hashing Stream Cipher”, IEEE <strong>Conference</strong> Proceedings, Vol. 2,
3-6, Nov 2006,pp. 1339 – 1344.
[7] R. Impagliazzo and D. Zuckerman, “How to Recycle Random Bits”, In
Proceedings of the 30 th IEEE Symposium on Foundations of Computer
Science, pages 248 – 253, IEEE Computer Society Press
October/November 1989.
[8] National Institute of Standards and Technology (NIST). Federal
Information Processing Standards Publication (FIPS PUB) 180-2,
Secure Hash Standard (SHS), 2002. http://csrc.nist.gov/publications.
[9] A Statistical Suite for Random and Pseudorandom Number Generators
for Cryptographic Applications, NIST Special Publication 800-22, May
15, 2001.
[10] Bruce Schneier, Applied Cryptography, Second Edition: Protocols,
Algorthms, and Source Code in C, Wiley Computer Publishing, John
Wiley & Sons, 01/01/1996.
VII. CONCLUSION
A complete cryptosystem implemented in hardware may
have blocks for three main cryptographic operations. (i) Key
exchange (ii) Message Authentication and (iii) Encryption.
Since hash generation based on SHA is the most popular
authentication method, hardware circuit for generation of SHA
hash is a part of most of the cryptosystems. In such a case, a
stream cipher based on SHA will be a good choice for
encryption operation. This is because the encryption and hash
generation operations are not parallel operations in a
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 279

Proceedings of ICCNS 08 , 27-28 September 2008
The Information Encryption Using Fibonacci Series
Balasaheb S Tarle,
Assistant professor in Computer Engineering , NDMVP Samaj’s College of Engineering Nashik-13.
Dr. Vrinda Tokekar,
Professor and Head of the Information Technology, IET-DAVV, Indore, (MP).
tarlebs@rediffmail.com, Vrindatokekar@yahoo.com
Abstract
Now a day information security becomes
complex and more important problem. Encryption
can be an important tool to help in improving data
security. In this paper work, I developed techniques
for securing data to avoid hacking as well as
providing the user with some additional features such
as key for integrity and validation of user. In this
technique one can secure any type of files using
Fibonacci series. The proposed encryption algorithm
is loss-less, key-dependent. The performance of the
popular symmetric key algorithms including DES,
3DES, AES, Blowfish, are compared with Fibonacci
Series encryption by encrypting input files of varying
contents and sizes. The present Fibonacci encryption
algorithm is implemented in C sharp language, and
tested on two different Intel processors, to compare
its performance. The results reveal that Fibonacci
encryption is the fastest among symmetric
algorithms.
Keywords
Cryptography, Encryption, Keys, Message matrix,
1.1 Overview
1. Introduction
Data security is a much wider term than hardware or
a software feature. In the entire environment of
security, it is necessary to really insure privacy.
Everyone in the group must be aware of the security
goals and be conscientious in achieving them.
Usually security is lost due to slip of security guard.
It must be even maintained during the disposal of
printouts of previously encrypted data.
As data communication is becoming more
pervasive, complex and the use of digital data is
becoming much more widespread, data security has
become a wider, complex and more important
problem. Encryption can be an important tool to help
in improving data security.
The critical concern in designing an encryption
algorithm is the security of the algorithm against
undesirable attacks. In my project, the performance
of the leading secret key algorithms has been
compared on different platforms, using input data
files of varying sizes and formats. While comparing
the performance of algorithms, the time required to
set up the key(s) has been ignored.
1.2 Scope
The requirements of data security of any application
focus on three major questions:
1: What are user’s needs and how does Data security
system meets them
2: What resources are available for a given security
system Is Problem worth solving
3: What is the likely impact of the security system on
the organization How can the
Problem is redefined
Data security algorithm can be used to avoid hacking
of confidential data. Without knowledge of this
software a third person cannot access data. The user
should know the key used for algorithms. This
algorithm is most useful in e-commerce, banking, and
online transaction processing applications, small or
large-scale industry, medical imaging, telemedicine,
and military communication and Banking etc.
1.3 Fibonacci Series
The Fibonacci series is the emerging area in the data
security. The theory of Fibonacci numbers and
Fibonacci series has wide use in theoretical physics
in resent decades. The new class of square Fibonacci
(p+1) (p+1) matrixes are based on Fibonacci p-
numbers (p=0, 1, 2, 3...). It has been proved that the
determinant of any Fibonacci matrix or its power is
equal to ±1.
The general idea of the Fibonacci Series Encryption
Algorithm is similar to the Fibonacci coding and
based on the application of the generalized Fibonacci
matrices, the Qp-matrices, for encryption and
decryption of the initial message.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 280

Proceedings of ICCNS 08 , 27-28 September 2008
V. PROPOSED PROTOCOL
The mutual authentication and key agreement protocols
between the client and the server need to be executed in
realtime [2].
We give the proposed mutual authentication protocol in Figure
1 below:
User(A)
Choose d u є [2,n-2].
Q u = d u × P=(x A ,y A )
Q s send
Receive
Q k = d s × Q u = (d s d u )×P
K=Q k .x: mutual agreed key
Sends Q u and g
Q u ,g,
Receive Y B
Then Computes Y A =h(α)
If (Y A ==Y B ), then A authenticates B
Server(B)
Choose d s є [2,n-2].
Q s = d s × P
receive
Q k = d s × Q u = (d s d u )×P
K=Q k .x: mutual agreed key
Computes w=g -1 mod(n) and
Calculate u 1 ,u 2 ,v
If v==x A , then B authenticates A
Sends Y B =h(β) to A
Figure 1: proposed mutual authentication protocol
Within the second step, A chooses a random
challenge d u , where 1 ≤ d u ≤ n − 2, then computes Q u
where
Q u = d u × P=(x A ,y A ) (2) and calculates α where
α = d u (B − Q) (3) and K= Q k .x where
Q k = d s × Q u . K is called mutual agreed key.
In addition, A calculates r = (x A )mod(n) and computes
g= a −1 (h(α) + x ∗ r)mod(n) (4)
Finally (Q u , g) becomes the signatures pair and A
transfers them to the server.
Within the third step, B computes
β = Q s ∗ Q u (5)
computes K and w=g -1 mod(n) then calculates
u 1 = (h(β) ∗ w)mod(n) (6)
and
u 2 = (x A ∗ w)mod(n) (7)
In addition, B calculates
u 1 ∗ P + u 2 ∗ Q = (x 0 , y 0 ) (8)
and calculates
v = x 0 mod(n) (9)
B checks if (v == x A ), so B authenticates A and
B can be confirmed that A has actually established
the same shared session key. Then B computes:
Y B = h(β) (10)
and finally he sends Y B to A.
In order to authenticate B, A will compute:
Y A = h(α) (11)
and then A will verify the value of Y A by checking that
(Y A == Y B ), if so, if they match, then A authenticates B
and A can be confirmed that B has actually established
the same shared session key with her. Finally, A and B
agree on the common session key Ks where
Ks = h(ID(A)||ID(B)||K) (12)
Both sides will agree on the session Key Ks if all steps are
executed correctly. Once the protocol run completes
successfully, both parties may use Ks to encrypt messages
for subsequent session traffic to create a confidential
communication channel.
The Explanation of the above figure is as follows:-
Before starting the authentication procedure the user A,
select an elliptic curve E(Zp) defined on Zp. A chooses a
random point over the elliptic curve called P with order n.
n is a large prime number. In addition, A chooses a
password pw, computes x = h(pw) and calculates Q where
Q = x ∗ P. Finally, A generates strong number p and q
where p = 2 ∗ q + 1.
Once the following parameters (E, Q, P, p, q, pw) are
generated, A transfers the (E,Q,P, n) to the server in a
secure way. Once this step is done, the session key
generation procedure will be executed as follows:
Within the first step, B chooses a random challenge
b, where 1 ≤ d s ≤ n − 2, then he calculates Q s = d s × P (1)
and he calculates the point B where B= d s ∗ P + Q
Finally he sends Q s to A.
VI. IMPLEMENTATION RESULTS
We implement the algorithm using J2ME (Java 2 Platform,
Micro Edition) which is the perfect platform for mobile clients
for secured data storage and management capabilities. The
modular design of the J2ME architecture enables an
application to be scaled based on constraints of small
computing devices. We include Bouncy castle library [7]
support for ECC public and private key generation. It supports
both ECDSA and ECDH. We implement the proposed
authentication scheme in small handheld devices. Then made a
performance analysis of various algorithm.
Table 1 shows execution times for various ECC and RSA
cryptographic primitives on palm OS platforms:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 272

Proceedings of ICCNS 08 , 27-28 September 2008
more complicated concept, the concept of the
generalized Fibonacci matrix called Q p -matrix.
2.3 Fibonacci Q-Matrix
Fibonacci series was supplemented by the theory of
so-called Fibonacci Q-matrix. The latter presents
itself the simplest 2 x 2 matrix of the following form:
Q 1 1
(2.8)
1 0
The determinant of the Q-matrix is equal -1.
But what relation has the Q-matrix to Fibonacci
numbers
To answer this question it is necessary to take the n-
th power of the Q-matrix.[11] Then we will get:
n Fn
1
Fn
Q
(2.9)
Fn
F
n1
Where F n-1 , F n , F n+1 are the Fibonacci numbers.
But we know that Det (A n ) = (Det A) n . It follows from
this the following property for the determinant of the
Q-matrix:
Det Q n = (-1) n (2.10)
Where n is an integer.
But if we calculate Det Q n using eq.(2.9) and use
eq.(2.10) then we get the following identity
connecting three neighboring Fibonacci numbers:
Table 2.4 Fibonacci numbers shifted one to another in
one column
n 7 6 5 4 3 2 1 0
F n+1 21 13 8 5 3 2 1 1
F n 13 8 5 3 2 1 1 0
n -1 -2 -3 -4 -5 -6 -7
F n+1 0 1 -1 2 -3 5 -8
F n 1 -1 2 -3 5 -8 -13
If we select number n = 1 in the first row of Table 2.4
and then four Fibonacci numbers in two lower rows
we can see that a totality of the four Fibonacci
numbers forms the Q-matrix. Moving along Table 2.4
to the left about Q-matrix we will get consecutively
the matrices Q2, Q3, ..., Qn. Moving to the right
about Q-matrix we will get consecutively the
matrices Q0, Q -1, ..., Q -n. As example we can see in
Table 2.4 the matrix Q 5 and the inverse matrix Q -5 .
2.4 Fibonacci Matrices
One can use the idea of the Fibonacci Q-matrix for
obtaining the general Q-matrix for the p-Fibonacci
numbers [10]. Let's introduce now the following
definition for the Q p -matrix:
2
n1 n1
n
n
D et Q F F F 1 n
(2.11)
Thus, this means that the Q-matrix express one of the
most important properties of Fibonacci numbers
given with eq.(2.11)
Let's represent now the matrix eq.(2.9) in the
following form:
(2.12)
F F F F F F F F
n
Q
n n1 n1 n2 n n1 n1 n2
Fn 1 Fn 2 Fn 2 Fn 3 Fn 1 Fn 2 Fn 2 Fn
3
or Q n = Q n-1 + Q n-2 . (2.13)
Let's write the expression (2.13) in the following
form:
Q n-2 = Q n - Q n-1 . (2.14)
The inverse matrix Q -n has the following form:
Fn
1
F
n
n
Q (2.15)
Fn
Fn
1
Inverse matrix Q -n from the direct matrix Q n it is
necessary to rearrange in eq. (2.2) the diagonal
entries F n+1 and F n-1 and to take them with the
opposite sign that is: Fn
1
F
n
n (2.16)
Q
Fn
Fn
1
Other method to get the matrix Q n follows directly
from the expression of (2.9). For that it is necessary
to present two sequences of Fibonacci numbers
shifted one to another in one column (Table 2.4).
(2.17)
Where the index of p takes the following values: 0, 1,
2, 3,.....Note that the Qp-matrix is the square (p + 1)
(p + 1)-matrix. It contains the p p unit matrix
bordered by the last row of 0's and the first column,
which consists of 0's bordered by 1's. For p = 0, 1, 2,
3, 4 the Q p -matrices have the following forms,
respectively:
Q0 1
1 1
1 1 0
1 1 0 0
1 1 0 0 0
Q1
Q
1 0
Q2
0 0 1 0 0 1 0
Q3
0 0 1 0 0
1 0 0
0 0 0 1 Q4
0 0 0 1 0
1 0 0 0
0 0 0 0 1
1 0 0 0 0
Let's compare the neighboring matrices Q 4 and Q 3 . It
is easy to see that the matrix Q 4 is reduced to the
matrix of Q 3 if we cross out in the matrix Q 4 the last
(5th) column and the next to the last (4s) row. Note
that we have 1 on the crossing out of the 5 th column
and 4 th row. Because the sum 5 + 4 is equal to the
odd number of 9 it means that determinant of the
matrix of Q 3 differs from the determinant of the
matrix of Q 3 only by the sign, that is,
Det Q 4 = - Det Q 3 . (2.18)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 282

Proceedings of ICCNS 08 , 27-28 September 2008
You should believe that the result eq.(2.18) is valid
and that the latter follows from the matrix theory. By
analogy it is easy to prove the following correlations
for determinants of the neighboring Fibonacci Q p -
matrices:
Det Q 3 = - Det Q 2 ; Det Q 2 = - Det Q 1 .
Taking in consideration that Det Q 0 = 1 and Det Q 1 =
-1 we get the following unique mathematical property
of the Q p -matrices in the general case.
Det Q p = (-1) p (2.19)
Thus the determinant of each matrix eq.(2.17)
depends on the value of the index p. If the index p is
even then the Det Q p = 1 for all matrices of the kind
eq.(2.17). In the opposite case (p is the odd number)
Det Q p = 1.
Let's consider now the matrix being the n-
th power of the Q p -matrix.
(2.20)
Thus, the matrix Q is expressed through p-Fibonacci
n
p
numbers resulting from Pascal Triangle, and the
result eq.(2.20) is the new secret of the Pascal
Triangle[11]. And now we will try to calculate the
determinant of the matrix eq.(2.20). it follows from
the matrix theory that
n
n
DetQp
( DetQp)
(2.21)
Using eq.(2.19) we can write the expression (2.21) in
the form:
DetQ 1
np
p
(2.22)
Where p = 0, 1, 2, 3... n = 0, ±1, ±2, ±3...
And now I can express regarding the result of eq.
(2.22) and regarding the power of the mathematical
theories. It is really impossible to image that the p-
Fibonacci numbers resulting from Pascal Triangle
and this can become the basis of the new and infinite
class of the square matrices expressed by eq. (2.17)
and (2.20). The result of eq.(2.22) seems to us
absolutely incredible. It is impossible to imagine that
the determinant of the matrix eq. (2.20) is always
equal to 1 or to (-1) that follows from eq.(2.22).
It is clear that the expressions (2.20) and (2.22) give
unlimited opportunities for the "Fibonacci
investigations" because they allow obtaining the
infinite number of the fundamental correlations
connecting the p-Fibonacci numbers F p (n). For
example for the 2-Fibonacci numbers (p = 2) we have
the following correlation connecting the neighboring
2-Fibonacci numbers:
Det = F 2 (n + 1)[F 2 (n - 2)F 2 (n - 2) - F 2 (n - 1)F 2 (n -
3)] +F 2 (n)[F 2 (n)F 2 (n - 3) - F 2 (n - 1)F 2 (n - 2)] + F 2 (n -
1)[F 2 (n - 1)F 2 (n - 1) - F 2 (n)F 2 (n-2)] = 1.
We cannot predict now the role of the
n
Q -matrices
p
given with (2.20) and their applications in different
branches of mathematics, physics and other sciences.
However I believe that this result can become
fundamental as Pascal Triangle generating p-
Fibonacci numbers and Q -matrices eq. (2.20).
3 Fibonacci Series Encryption
n
p
3.1. Introduction
The Fibonacci series is an emerging area in data
security. The general idea of the Fibonacci series
encryption is based on the application of the
generalized Fibonacci matrices, the Q p -matrices, for
encryption of the initial message. Let us represent an
initial message in the form of the square matrix m of
the size (p+1) (p+1), where p=0, 1, 2, 3, …. Let us
choose the Fibonacci Qp-matrix Q of the size (p+1)
(p+1) as an encryption matrix Table 3.1 demonstrates
the general idea of the Fibonacci encryption
algorithm.
Table 3.1: Fibonacci encryption
Encryption
n
E M Q p
Let us now consider the following transformations
based on matrix multiplication:
The encryption key is the pair of the numbers of p
and n. Since p = 0, 1, 2, 3,.. and n = 1, 2, 3, ... Let's
consider the Fibonacci encryption method:
n
E M Q p
(3.8)
Fibonacci encryption algorithm eq.(3.8) is reduced to
the n times multiplication of the initial matrix M by
the matrix Q p .
Note that for the case p=0 the matrix Qp reduces to
the trivial matrix Q0 = (1) and for this case the
encryption method given by Table 3.1 is trivial. For
the case p=1 the matrix Qp reduces to the classical
Q-matrix eq.(2.8).
Following terms are used in Fibonacci Encryption
matrix.
Where,
M - Message Matrix,
Q - Matrix generated from Fibonacci series.
p - Message matrix i.e. (p+1) (p+1) size and
n – N th power of Q- matrix i.e. key
n
p
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 283

Proceedings of ICCNS 08 , 27-28 September 2008
3.2 Fibonacci Series Coding
To develop new coding theory based on the
n
Q -
p
matrices since the simplest Fibonacci Q-matrix. Let's
consider the following method of coding. Let's
represent the initial message in form of the 2 2
matrixes: m1 m2
M
(3. 1)
m
3 m
4
Let us assume that all elements of the matrix eq.(3.1)
are positive integers, that is:
m1>0; m2>0; m3>0; m4>0
The simplest method e.g. considers a text message is
the sequence of the decimal numerals:
358 091 466 725. (3.2)
Then I can represent this message (3. 2) in the matrix
form: M 358 091
(3.3)
466 725
Suppose now that we have selected for coding a
Fibonacci Q-matrix of the 5th power:
5 8 5
Q (3.4)
5 3
At the preceding pages I have introduced the notion
of the matrix "inverse" to eq.(3.4). Because the
number 5 is odd than the matrix "inverse" to eq. (3.4)
has the following form:
3 5
5
Q
5 8
Then, the Fibonacci coding of the message M given
in the matrix form eq.(3.1) consists of the
multiplication of the initial matrix eq.(3.1) by the
coding matrix eq.(3.4) that is:
' '
5 m1 m2 8 5
8m 15m 2
5m 13m 2
m1 m
2
MQ
E
' '
m3 m
4
5 3
8m 3
5m 4
5m 3
3m
4 m 3
m4
Where,
m 8 m 5 m
m m m
m m m
m m m
'
1 1 2
'
2
5
1
3
2
'
3
8
3
5
4
'
4
5
3
3
4
(3.5)
(3.6)
We remember that the "matrix multiplication" is
mathematical operation distinguished from the
traditional "multiplication". We can see from the
example eq.(3.5) that the product of two square
matrices M and Q 5 is the matrix E of the same size,
which elements are calculated according to
(3..6).Let's apply my calculations to our example
eq.(3.3). Then the procedure of the Fibonacci coding
brings us into the following matrix E:
5 358 091 8 5 8358 591 5358 391 3319 2063
MQ
E
466 725
5 3
8466 5725 5466 3725
7353 4505
After that the coded message
' ' ' '
E m1m2m3m
4
3319206373534505 is sent to
the communication channel.
3.3 Fibonacci Series Encryption algorithm
1. Read the contents of the source file and store it
in one-dimensional array named file.
2. Calculate the number of padding bit required.
3. Get the extension of the source file.
4. Allocate the buffer named File Data. It stores the
adder bit and file extension.
5. Copy the entire content of the file which was
previously stored in, file variable into File Data.
6. Allocate the 2D array of size (p+1) (p+1). Then
copy the content of the File Data into this 2D
array, let us say 2D array as M i.e. Message
Matrix.
7. Generate Fibonacci Series as per the values of p
& n.
8. Create n
Q matrix depending upon the value of p
p
and n from Fibonacci Series l and neg_l, i.e.,
positive and negative series respectively.
9. Convolution of n
Q and M matrix to get the
p
resultant value and store these contents in Binary
format. i.e. Encrypted Data (E).
4 Implementation and Testing
4.1. The C# (dot net) Platform:
C# was used to implement the Fibonacci Encryption
algorithms. The following are some of the main
reasons explaining why C# (dot net) was chosen:
1. C# is considered platform independent because
this feature of C# makes sure that the programs
will run on any platform. Thus, the implemented
algorithm can be tested on a variety of platforms
for comparison purposes.
2. C# provides a large library of built-in classes and
methods that assist the programmer in writing
code for cryptographic algorithms. For example,
the Int32 Integer class in c# Conversion from
integer to string and vice versa. Dot net provides
in built classes File Info Binary Reader, Binary
Writer, Stream Reader, and Stream Writer, are
used for file reading and writing in binary
format.
3. Fibonacci Series algorithm was implemented as
is, using a C sharp language, and was tested on a
different platform.
4.2. Measuring Execution Time Methodology
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 284

Proceedings of ICCNS 08 , 27-28 September 2008
Input file *DES *3DES *AES *BF FC
size (KB)
20.05 2 7 4 2 0
35.16 4 13 6 3 0
44.45 5 17 8 4 0
58.50 7 23 11 6 0
68.00 9 26 13 7 0
134.1 17 51 26 14 0
155.35 20 60 30 16 0
162.50 21 62 31 17 5
187.00 24 72 36 19 10
227.00 30 87 44 24 22
1085.44 - - - - 55
4454.40 - - - - 190
11673.60 - - - - 225
21606.40 - - - - 414
29593.60 - - - - 743
Performance measurements were conducted by
determining the amount of time required to perform
cryptographic operations of an algorithm. I measured
how many bytes of data could be encrypted in one
second. We measured the time taken to perform a
particular operation. We used the stopwatch to
calculate the execution time for data Encrypt [12].
API to calculate the processor time consumed in the
execution of the algorithms. A tick counts which
increments 100 times per second when the algorithm
is in the running mode. This stopwatch is initialized
to zero every time when it is reset. Since the rate of
the tick count is not so high, several iterations of the
same operation are required to be carried out in order
to achieve a finer resolution on the speed of that
operation. Execution time is manipulated after every
10ms .For this algorithm, a number of tests was
conducted.
4.3. Measuring Execution Times
Measuring Execution Times Obtaining accurate and
repeatable execution time measurements proved to be
more difficult than was originally anticipated. After
many experiments, it was decided to settle on the use
of a Pentium-III 700 MHz machine (running
Microsoft Windows operating system) and a
Pentium-4, 2.4 GHz machine (running Microsoft
Windows XP operating system)[12] as the basis for
time measurements. Because the primary goal was to
measure the encryption times of algorithms, the
initialization and key set-up times were excluded
from the comparison.
Table 4.1: Comparative execution times (in sec) of
algorithms in ECB Mode on a Pentium-III, 700 MHz
machine
*All the data above table is according the ref.[8].
Fig 4.1: Performance graph DES and Fibonacci
Table 4.2: Comparative Execution Times (in
seconds) of algorithms in ECB mode on a Pentium-
4.2.4 GHz machine
Input file *DES *3DES *AES *BF FC
size (KB)
20.05 24 72 39 19 6
35.16 48 123 74 35 10
44.45 57 156 94 46 12
58.50 74 202 126 58 15
68.00 83 243 143585 67 20
134.1 160 451 324 135 38
155.35 190 543 355 158 42
162.50 198 569 378 162 44
187.00 227 655 460 176 46
227.00 275 799 228 219 48
1085.44 - - - - 54
4454.40 - - - - 229
11673.60 - - - - 575
21606.40 - - - - 1176
29593.60 - - - - 1598
*All the data above table is according the ref. [8].
Fig. 4.2: Performance graph DES and Fibonacci
Encryption Algorithm on a Pentium 4.2.4 GHz
machine
4.4. Performance Results for Block Ciphers
The execution results of symmetric key algorithms in
ECB (Electronic Codebook) mode are presented first.
These results are shown Table 4.1and Table 4.2, for
execution of code on a Pentium-III 700 MHz
machine, and Pentium-4, 2.4 GHz machine
respectively.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 285

Proceedings of ICCNS 08 , 27-28 September 2008
4.5. Performance Results for Different File
Sizes and Formats
In my paper work, I have tested different sizes of
files and formats with their encryption execution
time. Following table shows the execution time (ms)
with file size (KB). The Fibonacci Encryption
algorithm the execution time was measured to any
type of file format.
Table 4.3: Comparative execution times (in sec) of
Fibonacci Encryption algorithm in different files size
& format mode on a Pentium-4, 3.06 GHz machine
I/P file size File format type
(KB) DOC AVI MP3 PPT DAT
41.00 KB 0.00 0.00 0.00 0.00 0.00
62.00 KB 0.00 0.00 0.00 0.00 0.00
227.00 KB 0.04 0.05 0.05 0.05 0.05
515.00 KB 0.11 0.12 0.11 0.11 0.12
1.06 MB 0.18 0.19 0.20 0.18 0.20
2.32 MB 0.43 0.45 0.45 0.43 0.44
5.10 MB 1.05 1.05 1.04 1.30 1.05
11.70 MB 2.45 2.47 2.44 2.48 2.41
40.4 MB 9.37 9.40 9.38 9.38 9.36
49.30 MB 10.65 10.71 10.68 10.63 10.62
In my paper work, I measured file Encryption time
for different file size as well as different files format,
as per the results was getting to encrypt file the
execution time is same. Only the difference is ±0.05
ms.
5 Conclusion
The Fibonacci encryption algorithm is the main
application of the Fibonacci Qp- matrices. Fibonacci
encryption algorithm reduces to matrix
multiplication, i.e. to well-known algebraic operation,
which is realized very well in modern computers. The
performance of the popular secret key algorithms
including DES, 3DES, AES and Blowfish, is
compared with Fibonacci Series encryption by
encrypting input files of varying contents and sizes.
The present Fibonacci encryption algorithm is
implemented in a C sharp language, and tested on
two different Intel processors, to compare its
performance. At present Fibonacci Series Algorithm
is used for securing input files of varying contents
and sizes. Thus a demo of new techniques of
Encryption to any type file is being presented in my
paper. The results reveal that Fibonacci encryption is
the fastest among symmetric algorithms. Thus the
implemented algorithm finds its place in variety of
applications such as e-commerce, banking, and
online transaction processing applications, small or
large-scale industry, Internet communication,
multimedia systems, medical imaging, telemedicine,
and military communication, Software Developers,
Personal use, Educational, Business, and Banking
etc.
A proposed direction for the future work could be to
analyze the performance/security trade-off in greater
depth. For instance, the impact of these and other
such factors on the overall performance of an
algorithm needs to be measured.
References
[1] W. Diffie and M.E. Hellman ,“New directions in
cryptograph,” IEEE Trans. Inform Theory, vol. IT-
22, pp. 644–654, Nov. 1976.
[2] R. L. Rivest, A. Shamir and L. Adleman , “A
method for obtaining digital signatures and publickey
cryptosystems”, Commun. ACM , vol. 21 , no. 2,
pp, 120–126, Feb.1978.
[3] Gary C. Kessler,” An Overview of
Cryptography”, McGraw-Hill, May 1998.
[4] Duncan S. Wong, Hector Ho Fuentes and Agnes
H. Chan, “The Performance Measurement of
Cryptographic Primitives on Palm Devices”,IEEE
MILCOM 2001 <strong>Conference</strong> Proceedings, Oct 2001.
[5] Schneider B "Description of a New Variable-
Length Key , 64-Bit Block Cipher (Blowfish)", Fast
Software encryption, Cambridge Security Workshop
Proceedings Dec. 1993.
[6]Atul Kahate ,“Cryptography and Network
Security”, Tata McGraw-Hill,2003.
[7] Najib A. Kofahi, Turki Al-Somani and Khalid Ai-
Zamil , “Performance Evaluation of Three
Encryption/Decryption Algoriithms”, 2004 IEEE.
[8] Aamer Nadeem, Dr. M.Y.Younus Javed, “A
Performance Comparison of Data Encryption
Algorithms”, 2005 IEEE.
[9] Christian Nagel, Bill Evjen, Jay Glynn, Morgan
Skinner, Karli Watson, Allen Jones,” Professional
C# 2005”, Wrox , Wiley Publication.
[10] Jiancheng Zou, Rabab K. Ward, Dongxu Qi, “
A New digital image Scrambling method based on
Fibonacci Numbers”, 2004, IEEE.
[11] A.P. Stakhov, “Fibonacci Matrices, A
Generalization of the “Cassini Formula”, and new
coding theory”, Chaos, Solitons and Fractals,
Volume 30, Issue 1, 2006,
[12] A.P. Stakhov , “Fibonacci Matrices, A
Generalization of the “Cassini Formula”, and new
coding theory”, Chaos, Elsevier, Volume 30, Issue 1,
15 Feb 2006.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 286

Proceedings of ICCNS 08 , 27-28 September 2008
Proactive Loss Prediction: A solution to problem
of Packet Reordering in TCP
Pradhan Bagur Umesh and Rio G. L. D’Souza
Abstract— Transmission Control Protocol (TCP) forms the heart
of today’s Internet. One of the bottlenecks to its performance is
Packet Reordering, which happens due to various reasons like
Multipath Routing, Parallel Forwarding, and Link level
retransmissions. In this paper, we explore the problems associated
with packet reordering and weaknesses in TCP congestion control
algorithm pertaining to packet reordering. We propose a proactive
mechanism to predict loss, based on previous history and continuous
learning, which would enable the existing TCP to improve the
probability of making correct decisions by predicting the loss events
with higher accuracy.
Keywords—Fast Retransmit, Loss Prediction, Packet Loss,
Packet Reordering, TCP.
T
I. INTRODUCTION
CP is a reliable transport layer protocol. One of the ways
it provides reliability is by each end acknowledging the
data it receives from the other end. But the data segments and
the acknowledgments can get lost. TCP handles this by setting
a timeout timer when it sends data, and if the data is not
acknowledged when the timer expires, it retransmits the data.
The few, but familiar, assumptions of TCP like in-order
delivery and FIFO queuing, are frequently desecrated in the
Internet. Packet reordering is shown to be a non-pathological
and common behavior in Internet and can cause severe
performance problems [1], especially for TCP. In this paper,
we explore the problems associated with packet reordering,
causes, and weaknesses in the TCP congestion control
algorithm pertaining to packet reordering. We then propose a
proactive mechanism to predict loss, based on previous
history and continuous learning. This mechanism is an
addition to the existing loss prediction mechanism (arrival of
three duplicate acknowledgements (ACK) or timer expiry)
and, when implemented, would improve the accuracy of loss
prediction. This would enable TCP to take correct decisions in
Pradhan Bagur Umesh is with the National Institute of Technology
Karnataka, Surathkal (NITK, Surathkal), Srinivasanagar Post, Mangalore -
575025, India (mobile: 91-9886857647, e-mail: pradhan@ieee.org).
Rio G. L. D’Souza is with the Department of Computer Science and Engg,
St Joseph Engineering College, Vamanjoor Post, Mangalore 575028, India
(phone: 91-824-2263753, fax: 91-824-2263751, mobile: 91-9449470561, e-
mail: rio@ieee.org).
This project was sponsored by Karnataka State Centre for Science and
Technology (KSCST) under Students Project Programe-31 series.
approximately 50% of the instances wherein previously it
would have made incorrect decisions.
The paper begins with a detailed description of the causes
of packet reordering and effects of packet reordering. The
most important concern is false-fast retransmission, which
results in reduced congestion window size, hence resulting in
under-performance of TCP. Later, we answer the question as
to whether the amount of reordering in the Internet is large
enough to attract changes or improvements to TCP. In the rest
of the paper, we present an algorithm to predict loss
proactively, which is based on previous history and
continuous learning and finally we present the results.
II. PACKET REORDERING IN TCP
Packet reordering is a network phenomenon where the
receiver receives some of the packets out of sequence and
hence the sending and the receiving order do not match.
Packet reordering is a common behavior in Internet and can
cause severe performance problems, especially for TCP [1].
A. Causes for Packet Reordering
1. Packet-Level Multipath Routing: Multipath Routing is one
of the load balancing methods where the packets
belonging to the same flow are routed over different
routes to avoid congestion. But different routes may have
different path delays. When two routes have different
propagation delays, packets may often arrive at the
destination out-of-order, depending on whether they were
routed via a shorter route or a longer route.
2. Route Fluttering: The term fluttering is used to describe
rapidly oscillating routing. It occurs when a specific path
in the routing table oscillates between more than one of
the next hops. This causes packets to be forwarded on
different paths and they arrive out-of-order at the
destination.
3. MAC Layer Retransmissions: TCP is mainly designed
keeping in mind wired networks, which hardly have any
transmission losses. Unlike wired networks, wireless
networks have high transmission losses and error rates.
MAC Layer retransmissions are used to make the
transport layer transparent to these losses and errors. The
retransmitted packets are then interspersed with other
packets of the same flow, thus resulting in packet
reordering.
4. Parallel processing in modern routers: Modern routers are
enabled with multi-processors operating in parallel on
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 287

Proceedings of ICCNS 08 , 27-28 September 2008
multiple queues. Any given packet is held on the packet
depending on length of the queue, packet size or security
configurations (additional checks). So the packets which
stay in the queue for shorter duration arrive at the
destination earlier and hence resulting in packet
reordering.
B. Types of Packet Reordering
There are two types of packet reordering:
1. Forward-Path Reordering (Data reordering): In forwardpath
reordering, TCP segments containing data arrive at
the receiver out-of-order.
2. Reverse-Path Reordering (ACK reordering): In reversepath
reordering, TCP ACKs travelling back to sender are
reordered.
C. Problems Caused by Forward Path Packet Reordering
1. Spurious retransmissions and reduction in throughput: This
happens due to the following weakness in the TCP
congestion control algorithm: TCP assumes that loss is an
indication of congestion, but it also wrongly conceives
packet reordering as loss and hence triggers congestion
control mechanisms. Thus, in such cases, it causes
spurious fast retransmission after receiving three
duplicate ACKs.
2. Obscuring of actual packet losses: Due to packet reordering
the actual packet loss may become hidden. This would
happen when packet reordering and packet loss occur
back-to-back. TCP would wrongly fast retransmit the
reordered packet after receiving three duplicate ACKs.
And, by the time the three duplicate ACKs arrive for the
lost packet, its retransmission timer may expire resulting
in obscured packet loss.
3. Reduction in the efficiency of TCP receiver: Data has to be
delivered in-order by TCP to its upper layer. So, TCP has
to store the out-of-order packets, wait for the packets with
lower sequence number which have not been received,
sort them, and then deliver them to the upper layer. Due
to reordering, TCP will deliver data to its upper layer in
bursts.
D. Problems caused by Reverse-Path Reordering
In the absence of reordering, the spacing of the ACKs
returned to the sender is identical to the spacing of the data
segments. This is called self-clocking behavior of TCP. In the
presence of reordering, TCP loses its self-clocking capability.
This leads to the following problem:
Slow growth of congestion window: Due to reverse-path
reordering, the number of ACKS for the unacknowledged data
decreases. This would cause the congestion window to grow
slowly as the TCP sender increases its congestion window
only for each acknowledgement it receives for previously
unacknowledged data.
In the next section we propose our algorithm which is
proactive in nature which uses the variation of RTT to predict
packet loss.
III. PROPOSED ALGORITHM
A. Motivation: Relation between Packet Reordering and
Multipath Routing
Today’s Internet topology contains path diversity. While only
one end-to-end path is used today, measurement study found
that 30% to 80% of the time, an alternate path with lower loss
or smaller delay exists [4]. In a measurement study of a large
ISP, it was found that almost 90% of pairs of Point-of-
Presences (PoPs) have at least four link-disjoint paths between
them [5].
In spite of the impressive statistics outlined above, Internet
has not seen wide spread deployment of Multipath Routing
because different routes can have different RTTs that differ
sufficiently to cause significant packet reordering which
causes throughput degradation [1], [2].
Thus we can conclude that the amount of packet reordering
in the Internet is large enough to attract changes or
improvements to TCP.
As discussed in section II C, spurious fast retransmissions
happen because TCP cannot correctly differentiate between
packet reordering and loss with existing mechanisms, wherein
it fast retransmits on receiving of three duplicate ACKs. In the
next section we propose an algorithm which differentiates
between reordering and loss.
B. The Algorithm
Routers typically drop packets when their queue is full.
Consider a dropped packet p and its preceding packet p’; p’
was the last packet to be put into the queue (which we
henceforth refer to as Penultimate Packet) before the packet
that would be dropped. Here, when we say preceding packet,
we refer to the order of arrival and not the sequence number.
Being the last one in the queue, it would generally have an
RTT much larger than the average RTT value.
Thus, by observing the RTT values we would be in a
position to predict loss with reasonable accuracy. In this
algorithm we keep track of ∆RTT (difference in RTTs of
packets corresponding to two recent successively received
ACKs). We use Exponential Weighted Moving Average
(EWMA) to keep track of ∆RTT. Note that this solution acts
at the sending side.
Estimating the Average: Sample∆RTT is the difference in
RTTs of packets corresponding two recent successively
received ACKs. It may change between successive pair s of
segments due to varying network conditions. So it is necessary
to average out the Sample∆RTT values to get a reliable
estimate, called Estimated∆RTT.
EstimatedΔ RTT = EstimatedΔ RTT + SampleΔ RTT (1)
Estimated∆RTT is a weighted average of the Sample∆RTT
values and more precisely it is an exponential weighted
moving average (EWMA). The word "exponential" appears in
EWMA because the weight of a given Sample∆RTT decays
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 288

Proceedings of ICCNS 08 , 27-28 September 2008
exponentially fast as the updates proceed. The Sample∆RTT
corresponding to loss is not taken in to consideration.
Estimating the threshold (Th∆RTT): The Threshold value
should incorporate some margin for error for the sake of a
better estimate. The margin should be large when there is a lot
of fluctuation in the Sample∆RTT values and it should be
small when there is little fluctuation. Hence we get the
following equation:
ThΔ RTT = EstimatedΔ RTT + z.
Deviation (2)
where, Deviation is an estimate of how much Sample∆RTT
typically deviates from Estimated∆RTT.
Deviation = (1 − y). Deviation + y. | SampleΔRTT
−
(3)
EstimatedΔRTT
|
If the Sample RTT values have little fluctuation, then
Deviation would be small and Th∆RTT would not deviate
much compared to Estimated∆RTT; on the other hand, if there
is a lot of fluctuation, Deviation will be large and Th∆RTT
would deviate considerably compared to Estimated∆RTT.
Here x and y are the weights and z is a multiplication factor.
The values of these variables used in our algorithm is as
explained in the next section.
Now, coming to the procedure for loss prediction, suppose
that a hole is created in the sender’s ACK window due arrival
of a packet with higher sequence number (we shall henceforth
refer to this packet as Arriving Packet), Sample∆RTT is
calculated for Arriving Packet. Sample∆RTT is compared
with previously calculated value of Th∆RTT. If it is larger
than Th∆RTT, then we fast retransmit on receipt of three
dupACKs or else fast retransmission is omitted for that packet
(i.e. expected packet), if at all it is an actual loss, it would be
retransmitted on expiration of timer.
While it would be possible to fine-tune TCP’s congestion
control algorithms to achieve improved balance between
unnecessary fast retransmits and unnecessary delay in
detection loss, it is not be possible to devise a fast retransmit
algorithm that always correctly determines, after the receipt of
a duplicate ACK, whether or not packet loss has occurred [6].
In our algorithm, we have balanced the extent of false
positives (classification of a packet which is not lost as lost)
and false negatives (classification of a packet which is lost as
not lost). If the Penultimate Packet gets in and the queue is not
full yet and then packets of other TCP connections or UDP fill
the queue, then in this case the RTT of the penultimate packet
will not be considerably high because it was not at the end of
the queue, so loss might not be detected.
EWMA is a technique used to analyze time series data
(sequence of data points measured in successive times which
is not necessarily equally spaced). Here, we use EWMA
because the data we use is time series data and our algorithm
is based on change in RTT. As is not possible to observe
change with respect to large number of discrete data points,
we obtain smoothened data using EWMA which can be easily
used for comparisons in our algorithm to observe the changes
in RTT.
IV. RESULTS AND IMPLEMENTATION DETAILS
A. Implementation Details
To improve TCP in the packet reordering scenario, the main
aim is to identify whether a hole in the ACK window of
sender is due to reordering or loss.
Here, using the data collected by continuously pinging
certain websites, we test our algorithm. Though Ping program
uses ICMP packets, its use to test our algorithm is justified
because all we need is the information whether a given packet
is lost (to cross check with our algorithm) and ACKs (here
ICMP reply packets play this role). Firstly, sufficiently large
amount of data is collected. Then using a UNIX shell script
the required data (sequence numbers and RTT) is extracted,
which is the input to the algorithm which predicts loss. The
algorithm is implemented in C language.
The parameters x and y in equation (1) and (3) respectively
is usually a small value and is set as x = 1/8 and y = 1/4
(please note that these values are same as those in the
calculation of retransmission timeout [10]). The value of
parameter z in equation (3) has to be deduced. We plot a
graph to determine the value of ‘z’ for which we use the data
depicted in the following table, the details of which are given
in the next section.
Table I: Accuracy1 and Accuracy2 for different values of ‘z’
z Accuracy1 Accuracy2
-1.0 0.7663 0.2346
-0.8 0.6748 0.3273
-0.6 0.5957 0.4074
-0.5 0.5626 0.4413
-0.4 0.5337 0.4714
-0.3 0.5036 0.4995
-0.2 0.4782 0.5264
0 0.4362 0.5707
0.2 0.3945 0.6157
0.4 0.3463 0.6602
B. Calculation of Optimal value of z
The value of ‘z’ has to be chosen such that there is a balance
between the “false positives” and “false negatives”. To find
‘z’, the following two parameters are defined:
Accuracy1 = cpl
(4)
l
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 289

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 1. Procedure to find the optimal value of z
Accuracy2
cpnl
nl
= (5)
where, ‘cpl’ is number of packets correctly predicted as lost,
‘l’ is number of packets lost, ‘cpnl’ is number of packets
correctly predicted as not lost, and ‘nl’ is number of packets
not lost.
Accuracy1 (in bold curve) and Accuracy2 (in dotted curve)
are plotted V/S ‘z’ (X-axis) and the value of ‘z’ corresponding
to the intersection of the two curves gives the optimal value of
‘z’. From Fig. 1., the optimal value of z is found to be -0.29.
Our results are obtained using z = -0.29.
C. Results
Several data samples consisting of 1000, 5000, 10000, and
15000 packets are collected. The results are plotted in two
graphs using our algorithm on the collected data. The graphs
being (i) Number of Packets correctly predicted as lost Vs
Number of Packets lost and (ii) Number of Packets correctly
predicted as not lost Vs Number of Packets not lost.
The slope at any point of the graph in Fig. 2 and Fig. 3 give
the respective accuracy rate, i.e. Accuracy rate of prediction of
lost packet as lost (Accuracy1) and Accuracy rate of
prediction of a not lost packet as not lost (Accuracy2).
The range of accuracy values and average accuracy rates
are as follows: For Accuracy1, the range is 47.33% to 73.98%
and the average value is 53.77%. And for Accuracy2 range: is
49.35% to 60.64% and average value is 54.61%.
From the Fig. 2 and Fig.3 it can be observed that the
response of the algorithm is consistent and Accuracy2
prediction is relatively more consistent.
V. COMPARISON WITH EXISTING TCP
The existing TCP does not have an explicit loss prediction
mechanism for fast retransmission. It fast retransmits the
packet on receiving three duplicate acknowledgements. By
using the proposed algorithm an average improvement at least
54% for the accuracy of fast retransmission can be achieved.
Please note that the improvement would be “at least 54%”
because the existing mechanism of fast retransmission on
receiving three duplicate acknowledgements is retained in
addition to the lost predicting mechanism and our algorithm is
like an add-on to the existing mechanism.
VI. CONCLUSION
We have presented a proactive mechanism for loss prediction
based on continuous learning. Though this algorithm is
proposed for TCP, it is a general loss prediction mechanism
and can be used for other scenarios where the sender has to
detect loss, provided that the protocol being used provides all
the information needed for our algorithm. Further
improvements can be made by making the learning
mechanism more robust.
ACKNOWLEDGMENT
The first author thanks Dr. Ananthanarayana V. S., Prof and
Head of Dept. of Information Technology of National
Institute of Technology Karnataka, Surathkal for his support
and guidance during the various stages of project especially
during the process of applying for sponsorship from KSCST.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 290

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 2 Number of Packets correctly predicted as lost Vs Number of Packets lost
Fig. 3 Number of Packets correctly predicted as not lost Vs Number of Packets not lost
VII. REFERENCES
[1] J.Bennett, C.Partridge and N.Shectman. “Packet reordering is not
pathological network behavior”. IEEE/ACM Transactions on
Networking, 7(6):789 –798, December 1999.
[2] E.Blanton and M.Allman. "On making TCP more robust to packet
reordering". SIGCOMM Computer Communication Review, 2002.
[3] Sally Floyd, “A Report on Recent Developments in TCP Congestion
Control” IEEE Communications Magazine, April 2001.
[4] S.Savage, A.Collins, E.Hoffman, J.Snell and T.Anderson, “The end-toend
effects of Internet path selection,” in Proc. ACM SIGCOMM,
August1999.
[5] R.Teixeira, K.Marzullo, S.Savage and G.M.Voelker, “Characterizing
and measuring path diversity of Internet topologies, “in Proc. ACM
SIGMETRICS, June 2003.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 291

Proceedings of ICCNS 08 , 27-28 September 2008
[6] Sally Floyd, “A Report on Recent Developments in TCP Congestion
Control” IEEE Communications Magazine, April 2001.
[7] Allman, M., Paxson, V., W. Stevens, “TCP Congestion Control”, RFC
2581, April 1999.
[8] Postel, J., "Internet Control Message Protocol", STD 5,RFC 792,
September 1981.
[9] White, K., "Definitions of Managed Objects for Remote Ping,
Traceroute, and Lookup Operations", RFC 2925, September 2000.
[10] V. Paxson and M. Allman, "Computing TCP's Retransmission
Timer", RFC 2988, November 2000.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 292

R Radhakrishnan, Majid Jamil, Shabana Mehfuz, Moinuddin
Proceedings of ICCNS 08 , 27-28 September 2008
Security Vulnerabilities in mobile IPv6
1
Abstract----Mobile IPv6 is a network-layer mobility protocol
for the IPv6 Internet. Route optimization mechanism in IPv6
makes mobility more efficient than in IPv4.The protocol
includes several security mechanisms, such as the returnroutability
tests for security of route optimization mechanism.
This paper explains the security threats so far perceived due to
address spoofing by a mobile node. This paper brings out an
attack that can be launched by a correspondent node and the
importance of comprehensive verification of all players in
mobile IPv6 namely, correspondent node, home agent and
mobile node.
Keywords---Binding update, Home agent, Mobile node,
Route optimization
I. INTRODUCTION
Mobile IPv6 protocol [1], allows a Mobile Node (MN)
to move from one link to another with packets getting
routed to the MN through its Home Agent (HA), a router
in its parent network link. This happens regardless of
MN’s current point of attachment to the Internet because
MN sends its current address, care of address (CoA), to
HA through Binding Update (BU) packets that are first
authenticated by HA [2]. When a peer for MN, called as
Correspondent Node (CN), unaware of MN’s current
location, first sends packets to MN at its home address, it
is intercepted by HA and forwarded to MN. The MN
sends the packets back to CN via HA or directly from its
new location. Routing the data through a third entity like
HA is not an efficient way of sending data. In Mobile
IPv6, the packets can also be sent directly between the
MN and its CN.
This mode is called Route Optimization [1,3,4], which
is not properly supported in Mobile IPv4 [5]. Route
Optimization (RO) on a global scale between all MNs
CNs is an efficient routing mechanism supported by
Mobile IPv6.
BU and Binding Acknowledgement (BA) between CN
and MN establish RO. However a number of security
threats like traffic redirection, replay attacks, inducing
unnecessary binding updates, forcing of non-optimized
routing and reflection attacks have been identified
relating to improper verification of CoA and Home
address (HoA).
This paper is organized as follows. Section II presents
RO mechanism and BU authentication in MIPv6.
Security threats to binding update are discussed in
section III. This section explains a new threat, called as
amplification attack, that can be launched by a
correspondent node. Section IV discusses importance of
verifying CN, HA and MN for securing mobile IPv6 and
the need for a solution based on PKI for securing mobile
IPv6.
II. ROUTE OPTIMIZATION IN MOBILE IPV6[6]
The basic idea in Mobile IP is to allow a home agent
(HA) to work as a stationary proxy for a mobile node
(MN). Whenever the mobile node is away from its
home network, the HA intercepts packets destined to the
node and forwards the packets by tunneling them using
IPv6 encapsulation [7] to the node's current CoA. The
transport layer (e.g., TCP, UDP) uses the home address
as a stationary identifier for the mobile node. Figure 1
illustrates this basic arrangement.
CN in remote Network
Triangular
routing
Rotue
optimization
R Radhakrishnan is with Krishna Engineering college, Ghaziabad,
UP,India; Email : radhakrishnan@kiet.edu
Majid Jamil is in Department of Electrical Engineering, Jamia Millia
Islamia, New Delhi, India. Email majidjamil@yahoo.com
Shabana Mehfuz is in Department of Electrical Engineering, Jamia
Millia Islamia, New Delhi, India. Email:
mehfuz_shabana@yahoo.com
Moinuddin is with NIT, Jallandhar, India. Email:
Prof_Moin@yahoo.com
HA in Home
Network
MN in Foreign
Network
Fig 1: Illustration of triangular routing between CN, HA & MN
and Route optimization between MN and CN.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 293

Proceedings of ICCNS 08 , 27-28 September 2008
2
The basic solution requires tunneling through the
home agent, thereby leading to longer paths ( shown in
bold paths in fig 1) and degraded performance. To avoid
this degradation, Mobile IPv6 includes Route
Optimization feature ( shown as dotted paths in fig 1)
whereby the MN and CN can directly exchange packets,
bypassing the HA completely after an initial set up phase
in which the CN learns the CoA of MN. After the initial
set up the MN sends a Binding update message by which
CN learns the authenticated CoA of MN.
A. Binding update (BU) and Binding Acknowledgement
(BA)
A Binding Update (BU) is a message sent by a MN to
notify a CN or the mobile node's HA of its CoA at its
new location. A Binding Acknowledgement (BA)
message is optionally sent by CN or HA to MN in
response to the received BU. The danger with BU is that
if the BU is not authenticated then it can be spoofed. As
shown in figure 2, an attacker at the address C sends a
false binding update to B, claiming to be a mobile with
the home address A. If B, acting in the role of a
correspondent, believes the binding update and creates a
binding, it will redirect to C all packets that are intended
for A. Thus, the attacker can intercept packets sent by B
to A. This can lead to the compromise of secrecy and
integrity as well as to denial-of-service because the
target nodes are unable to communicate.
Host A
Attacker C
1 Legitimate
connection
2 False BU
BA
3. Hijacked
connection
Host B
Fig 2 : Attack due to unauthenticated Binding Update.
B. B. Authentication of BU
In order to authorize BU Mobile IPv6 defines a new
IPv6 protocol, using the Mobility Header [1]. This
Header is used to carry the following four messages:
a) Home Test Init (HoTI)
b) Home Test (HoT)
c) Care-of Test Init (CoTI)
d) Care-of Test (CoT)
These four messages are used to perform the return
routability (RR) procedure from the mobile node to a
correspondent node. This RR procedure ensures
authorization of subsequent Binding Updates. Figure 3
below shows the message flow for the return routability
procedure.
MN HA CN
HoTI
HoT
CoT
Fig 3 : RR messages flow.
HoTI
CoTI
HoT
The HoTI message, which is reverse tunneled through
HA, conveys the MN’s home address to the
correspondent node. The MN also conveys its CoA
directly to CN by the CoTI message. The CN on receipt
of HoTI generates a Home keygen token, which is the
first 64 bits of MAC of a secret key of CN ( kcn) and
HoA.
Home keygen token :=
First (64, HMAC_SHA1 (Kcn, (home address |
nonce | 0)))
This home keygen token is sent by CN to MN via the
HA through a HoT message in response to a HoTI
message. The CN on receipt of CoTI generates a Care of
keygen token based on a secret key of CN ( kcn) and
CoA.
Care-of keygen token :=
First (64, HMAC_SHA1 (Kcn, (care-of address
| nonce | 1)))
This Care of keygen token is sent by CN to MN
directly through a CoT message in response to a CoTI
message. When the mobile node has received both the
HoT and CoT messages, the return routability procedure
is complete. To authorize a Binding Update, the mobile
node creates a binding management key Kbm from the
keygen tokens. The mobile node hashes the tokens
together to form a 20 octet binding management key
(Kbm).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 294

Proceedings of ICCNS 08 , 27-28 September 2008
3
Kbm =
SHA1 (home keygen token | care-of keygen
token)
After the mobile node has created the Kbm, it can
supply a verifiable BU to the correspondent node. The
content of BU message include a sequence number,
nonce, CoA and a MAC of (Kbm, (CoA | Address of CN
| BU)).
III. SECURITY THREATS TO BU
AUTHENTICATION
The RR protocol mainly provides two checks. Firstly,
the HoTI and HoT messages authorizes the sender of the
binding update to change the binding for the home
address. Secondly, CoTI and COT messages authorize
the sender of the BU to request data to the care-ofaddress.
Though this RR test solved threats such as
unauthorized traffic redirection, replay attacks and
reflection attacks, there are attacks like state-storage
exhaustion and DOS attack still to be resolved [8].
RR protocol assumes that an attack does not originate
from a CN. Such a situation that an attacker can be a CN
has not been brought out so far. This section brings out
one more attack in which the attacker is CN and the
victims are HoA, MN and node whose address is stolen
by the attacker. This attack we call as Amplification
attack. These attacks are briefly described below.
A. CPU, State-storage exhaustion
Authentication protocols are often vulnerable to
flooding attacks that exploit the protocol features to
consume the target node's computing power. In the case
of RR procedure, a rogue node posing as a MN can flood
a target (CN) with HoTI and CoTI messages that cause
the CN to perform expensive repeated generation of
Home keygen and Care of keygen tokens. This can cause
exhaustion of computing power especially if the CN is a
low-end mobile device.
B. DOS attack
BU authentication is a stateful protocol and it exposes
the protocol participants to denial of service attacks. In
particular, if a host stores a state as a result of an
unauthenticated message, an attacker can initiate the
protocol many times and cause the host to store a large
number of unnecessary protocol states.
Figure 4 shows such an attack relating to BU
authentication protocol. The attacker, a rogue MN, sends
a HoTI message with a false home address and a CoTI
message with false care-of address. The CN responds
with two randomly chosen secret values, which it has to
remember until it receives the authenticated BU. If the
attacker repeats this many times, the victim CN may not
be able to store all the state data and may drop some
initial messages. This may prevent legitimate MNs from
using route optimization with the CN. The attack is
similar to the SYN-flooding attack against the TCP
protocol.
CoT
Unnecessary states
Fig 4: DOS attack
HoT
CN
Flase HoTI
and CoTI
messages
MN
DOS attacker
C. Amplification attack
Figure 5 shows the CN as an attacker. The CN spoofs
the address of a victim node V and sends a message (1)
to a node, which has moved away from its home
network. The HA forwards the CN’s message (2) to MN,
which then initiates the RR protocol for Route
optimization between MN and CN’s spoofed address of
V. Message 3 is HoTI from MN to V. Message 4 is CoTI
from MN to V. In response, V generates Home keygen
and care of keygen tokens and sends messages, 5 and 6,
which are HoT and CoT respectively. MN now
calculates kbm and send BU in message 7. Message 8 is
BA from V to MN.
In this attack a single message from the attacker gets
amplified into 8 unwanted messages and also results in
unwanted computations in MN and victim node V. This
attack can take serious dimensions if the attacker (a CN )
is able to spoof a number of addresses and target many
victims. Presently, RR procedure has no mechanism to
validate a CN. Every new message from a malicious CN
to a MN via an HA will result in 8 unwanted messages
and unnecessary computations at MN and victim nodes.
Further a rogue CN can extend this to many more HA
resulting in a large scale attack across many networks.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 295

Proceedings of ICCNS 08 , 27-28 September 2008
4
IV. CONCLUSION
The RR procedure sets up a secure BU for RO by
validating HA and MN. RR procedure does this without
relying on any external infrastructure support. However,
certain security threats still persist. A CN is not validated
at all in RR procedure resulting in new threats like
amplification attack. In order to remove the security
vulnerabilities in mobile IPv6, all the three players
namely, CN, HA and MN are needed to be
comprehensively authenticated and verified for
reachability. Since IPv6 has end to end addressing
capability, mobile IPv6 will possibly need support from
a Public Key Infrastructure such as UMU-PKIv6
developed by the University of Murcia [9], to strengthen
its security.
CN
Attacker
Victim
V
1
3
6 4 8
5
7
HA
3
5
MN
2
Fig 5: Shows how a single message from attacker CN results in
8 unwanted messages.
REFERENCES
[1]. C. Perkins, Nokia Research Center; J. Arkko, Ericsson; June
2004, RFC 3775 “Mobility Support in IPv6”.
[2]. A.Patel, K. Leung, M. Khalil, H. Akhtar, K. Chowdhury;
Authentication Protocol for Mobile IPv6;RFC 4285, January
2006.
[3] S.H. Hwang, B.K. Lee, Y.H. Han, C.S. Hwang; An adaptive
hierarchical mobile IPv6 with route optimization; In Proceedings
of Vehicular Technology <strong>Conference</strong>, April 2003.
[4] CE Perkins, DB Johnson; Route Optimization for Mobile IP; In
Proceedings of Cluster Computing, 1998 – Springer.
[5] C Perkins; IP Mobility Support for IPv4; RFC 3344, 2002.
[6] P. Nikander, J. Arkko, Ericsson Research NomadicLab; T. Aura,
Microsoft Research, G. Montenegro, Microsoft Corporation, E.
Nordmark, Sun Microsystems; December 2005, RFC 4225,
Mobile IP Version 6 Route Optimization Security Design
Background.
[7] Conta, A. and S. Deering, December 1998. RFC 2473, "Generic
Packet Tunneling in IPv6 Specification".
[8] Tuomas Aura, Michael Roe, Annals of telecommunications, Vol.
61 no:3-4, March-April 2006, Network and information systems
security. Designing the Mobile IPv6 Security Protocol.
[9] Antonio F. Gómez Skarmeta, Gregorio Martínez Pérez, Óscar
Cánovas Reverte. Elsevier Future Generation Computer Systems,
Vol. 19, No. 2, 2003 “New Security Services based on PKI".
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 296

A Study on Comparison and Contrast between IPv6
and IPv4 Feature Sets
J. Hanumanthappa 1 and Manjaiah D.H 2
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract- This document provides an analysis and comparison of
IPv4 and IPv6 under various circumstances. It is well understood
that IPv6 has been designed to replace IPv4. We have done a
feature-by-feature comparison and contrast of IPv6 versus IPv4
and found that IPv6 offers many unique opportunities for
increasing a network architectures efficiency and agility. In some
sense, there is a competition going on between these protocols, as
they are not directly compatible, and network providers and users
are being forced to determine whether to support one or both
protocols for various network services. The new version of IP,(i.e.
IPv6), constitutes an effort to overcome the inborn limitations of
IPv4, in order for the new protocol be able to respond to the new
needs as they shape today in the Internet. This paper is aimed to
discuss about various comparison issues when porting an IPv4
application to IPv6 with focus on issues that an application
developer would face rather than a complete API reference.IPv4 is
the incumbent and currently has the most widespread usage for
conventional Internet applications.IPv6 is a large-scale re-design
and re-engineering of IPv4, based on many lessons learned as the
IPv4-based Internet grew and was used in unforeseen ways.
Keywords- IPv4, IPv6, Multicast, Quality of service (QOS),
Routing.
T
I. INTRODUCTION
HE primary motivation for change arises from the
limited address space. When IPV6 deployed on a large
scale it has solved many current networking problems.
When IP was defined , only a few computer networks has
existed Then the designers decided to use 32 bits for an IP
address because doing so allowed the Internet to include
over a million networks. However, the global Internet is
growing exponentially, with the size doubling in less than a
year. Currently, two versions of the Internet Protocol (IP)
are in use on the Internet. In some sense, there is a
competition going on between these protocols, as they are
not directly compatible, and network providers and users
are being forced to determine whether to support one or
both protocols for various network services. IP version 4
(IPv4) is the incumbent and currently has the most
widespread usage for conventional Internet applications. IP
version 6 (IPv6) is a large-scale re-design and reengineering
of IPv4, based on many lessons learned as the
IPv4-based Internet grew and was used in unforeseen ways.
Hanumanthappa .J., Dos in Computer Science, University of
Mysore, Manasagangothri, Mysore, Karnataka .INDIA ( phone: +091-
821-2419552; fax: +091-0821-2510789,Email: hanums_j@yahoo.com )
Dr.Manjaiah.D.H Reader, Mangalore University,
Mangalagangothri , Mangalore, Karnataka, INDIA. (phone: +091 - 0824 -
2287670; fax: +091 - 0824 - 2287424 Email: ylm321@yahoo.co.in )
Although it would seem obvious that IPv6 is a superior and
valuable protocol to deploy, there is often considerable
resistance to enabling IPv6 because Decision-makers have
difficulty in seeing a business case for IPv6, unsure of how
it can be less costly, more efficient, more productive, etc
than the IPv4 status quo. Also, some analysts have
propagated significant amounts of misinformation about
IPv6 over the last several years. The primary motivation for
the defining a new version of IP arises from the address
space limitation- larger addresses are necessary to
accommodate continued growth of Internet. The secondary
motivation for the changes in IP has arisen from the new
Internet applications. For example, an applications that
deliver audio and video need to deliver data at regular
intervals. In this paper we have also contrasted the various
features of IPv4 and IPv6.
A. The serious problems of IPv4 are as follows
1. Insufficient number of unique “valid” addresses.
2. Routing tables at core are becoming unmanageably
large.
3. Fixed length headers are not flexible enough for new
functionality.
4. Packet size (and Practice of fragmentation) is
inefficient.
B. The next–generation IPv6 has some advantages over
IPv4 that can be summarized as follows
(i). Larger address space: An IPv6 address is 128 bits long.
Compared with the 32-bit address of IPv4, this is a huge
(2 96 ) increase in the address space.
(ii). IPv6 addressing: An IPv6 address consists of 16 bytes
(octets).It is 128 bits long.
To make address more readable, IPv6 specifies
hexadecimal colon notation. In notation 128 bits are divided
into eight sections, each 2 bytes in length. Two bytes in
hexadecimal notation require four hexadecimal digits.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 297

Proceedings of ICCNS 08 , 27-28 September 2008
Therefore address consists of 32 hexadecimal digits with
every four digits separated by a colon. Although the IP
address, even in hexadecimal format, is very long, many of
the digits are zeros. In this we can abbreviate the address.
The leading zeros of a section can be omitted .Only the
leading zeros can be dropped, not the trailing zeros. The
below figure shows abbreviated IPv6 address.
G. Support for more security: The encryption and
authentication options in IPv6 provide confidentiality and
Integrity of the packet.
H. Flow Labeling Capability: A new capability is added to
enable the labeling of packets belonging to particular traffic
“flows” for which the sender requests special handling,
such as non-default quality of service or “real-time”
service.
I. II. COMPARISON AND CONTRAST BETWEEN IPV6
AND IPV4 FEATURE ISSUES
C.Better header format: IPv6 uses a new header format in
which options are separated from the base header and
inserted, when needed, between the base header and the
upper –layer data. This simplifies and speeds up the routing
process because most of the options do not need to be
checked by routers.
D. New options: Changes in the way IP header options are
encoded allows for more efficient forwarding, less stringent
limits on the length of options, and greater flexibility for
introducing new options in the future.
E. Allowance for resource allocation: IPv6 is designed to
allow the extension of the protocol if required by new
technologies or applications.
F. Support for resource allocation: In IPv6, the type –of
service field has been removed, but a mechanism called
flow label has been added to enable the source to request
special handling of the packet. This mechanism can be used
to support traffic such as real-time audio and video.6.IPv6
enables addressing architectures that scale well in terms of
the number of nodes and sub networks, the size of subnet
works, and the degree of change within subnet works this
includes typically-encountered cases where IPv4 becomes
difficult to use robustly. Global routing tables in IPv6 are
potentially much simpler than their IPv4 counterparts, and
thus require lower memory and computational resources. In
resource-constrained environments, IPv6 requires less
processing than IPv4, which can result in reduced power
demands and latencies, especially for routers. 8. The flowlabel
in IPv6 is an enabler for per-flow Quality of Service
with simpler algorithms and more efficient implementations
that also permit the remainder of a packet to be encrypted,
all of which are precluded in IPv4. Network and device
security is boosted in IPv6 based on address manipulation
techniques and secure neighbor discovery features that have
no IPv4 counterparts. Routing for mobile nodes is more
efficient in IPv6 than in IPv4. Smooth handover techniques
for IPv6 also exist with no IPv4 equivalents. Current
standards activities indicate that many future features may
be developed for IPv6, but not necessarily for IPv4
While IPv4 and IPv6 are similar in much of their basic
framework, there are also many differences.
From first glance, there are obviously differences in the
addresses between IPv4 and IPv6. The graphic below
shows an IP address for both versions of IP.
IPv4 Address Example: 125.12.3.65, IPv6 Address
Example: 2145:00D5:2F3B:0000:0000:00FF:EF00:98F3.
Removing zeros can also reduce the IPv6 address. Zeros
can be removed when they are leading in and within any 16
bit block. The address from the previous example could be
reduced using this to the following representation. Note that
in the example the block of EF00 does not lose its zeros
because they are at the end of the block.
IPv6 Address with Leading Zeros Removed:
2145:D5:2F3B:0:0: FF: EF00: 98F3
Compressing zeros can further reduce IPv6 addresses. A
contiguous block of zeros within a 16 bit block can be
removed. The blocks of zeros are then represented by
double colons:: For example, the IPv6 Multicast address of
FF02:0000:0000:0000:0000:0000:0000:0002 can be
reduced to FF02::2 using compression.IPv6 Address with
Compressed and Removed Zeros:
2145:D5:2F3B:: FF: EF00: 98F3 IPv6 performs pretty
much the same functions as IPv4, but in a more reliable
manner, with larger addresses and more flexible and
efficient packet headers. Today the internet has grown to be
a million-network, which is something with startling
consequences. For instance, one of the most publicized
consequences of this growth has been the depletion of the
internet address space. Initially, the Internet’s address space
consisted of 2 32 addresses about 4 billion addresses. Today,
however, that amount is insufficient, even more if we
consider emerging new technologies such as 3G/4G
wireless devices and other wireless appliances [1].However
many issues to be considering while comparing the IPv4
with IPv6.
A. Addressing:
The most obvious difference between IPv6 and IPv4 is that
IPv6 addresses are128 bits [1], whereas IPv4 addresses are
only 32 bits [2]. This increase in the raw number of bits
means that there is a factor of 2 96 more addresses available
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 298

Proceedings of ICCNS 08 , 27-28 September 2008
in IPv6 than in IPv4. Due to the way that the address spaces
are sub netted, scoped, and defined for multicast,
private/experimental use, and other factors, the actual
contrast is less direct than this simple factor. In IPv4 the
addresses are 32 bit addresses represented by using three
notations.1.Dotted-decimal –notation, 2.Hexadecimal
notation, 3.Binary notation. In Dotted-decimal-notation the
IP address is represented as 10.1.3.7., whereas in
Hexadecimal notation the one IP address is represented as
OX810BOBEF or 810BOBEF 16 , whereas in Binary
notation the one IP address is represented as 10000001
0000 1011 0000 1011 1110 11111.
B. IPv6 addressing: An IPv6 address consists of 16 bytes
(octets).It is 128 bits long.
An IPv4 address has 32 bits, whereas an IPv6 address
contains 128 bits. The 128 bits in an IPv6 address are split
between the network and host addresses. There are 64 bits
for the network address and 64 bits for the host address.
Due to the larger address space, the number of available
addresses jumps from 4,294,967,296 in IPv4 to
340,282,366,920,938,463,463,374,607,431,768,211,456 (or
3.4X10^38) in IPv6. IPv6’s address is also separated using
a different format. IPv4 uses a dotted decimal and IPv6 uses
a colon-hex format. The larger address space allows for
clearer addressing and routing. It also allows for multiple
interfaces per host and multiple addresses per interface.
C. Hierarchical addressing: We will use Unicast, broad
cast, and multi cast addresses in IPv4 .In IPv6 there are
three major types of addresses: unicast, multicast, and any
cast addresses. Unicast addresses are assigned to a single
IPv6 node. Multicast addresses are assigned to multiples
nodes within a single multicast group. Packets sent to a
multicast address must be delivered to all members of the
same multicast group. On the other hand, although any cast
addresses are also assigned to groups of nodes, they do not
need to be delivered to all members of the group—it is
sufficient that one node receives the packets. Additionally,
IPv6 defines a new routing infrastructure that provides for
more efficient and smaller routing tables The IPv6 address
space supports three types of address; Unicast, Multicast
and Any cast. IPv6 Multicast addressing absorbs the role of
IPv4’s broadcast addresses, which is no longer present. The
biggest change is the introduction of the any cast address.
Any cast addressing allows multiple nodes to be assigned
the same any cast Address. When packets are sent to this
address routing decides which node is closest to the source
and routes the traffic to it. Anycast addresses could be
useful in setting up mirror websites, with different physical
locations being accessible through the same Anycast
address. A user trying to access this site would then be
routed to the closest site, resulting in a better experience.
Addressing enhancements result in reduced administrative
overhead. The teaming of IPv6 Neighbor Discovery and
address auto configuration allows hosts to operate in any
location without any special support. Renumbering is made
easier, resulting in less manual attention by support and
network administrators. Renumbering also makes transition
from ISP to ISP or network segment to segment much
easier and potentially seamless. Stateless and Stateful
address configuration assist in making IP configuration and
planning easier. Stateless configuration works without a
DHCP server, while Stateful is a configuration that has a
DHCP server present.
Address Auto configuration allows for a node to make use
of router discovery to determine router addresses, network
configuration parameters, on-link prefixes and additional
addresses. What makes Address Auto configuration so
impressive is that while it requires a multicast capable
interface, it is possible without the use of DHCP. Through
proper configuration and planning, this can reduce the
overhead caused by DHCP management in large
organizations and ISP’s.
With a new addressing scheme comes a new way of
handling name resolution through DNS. The DNS changes
required to support IPv6 are specified in RFC 1886. As part
of the interim transition from IPv4 to IPv6, it is possible to
register an IPv6 address on a DNS server as an IPv4
address. This is important if a consumer’s ISP has not
moved to IPv6 for DNS and the consumer would prefer to
use IPv6 DNS. The figure below shows a WHOIS lookup
in which the domain has an IPv6 address and is found
through IPv4 DNS.
This example shows a WHOIS registration record from the
registrar Network Solutions. The initial resolution with
Network Solutions is an IPv4 address, the DNS server from
which the record was retrieved.
(i).Unicast addresses: Aside from a few blocks set aside for
local-use, multicast, or other specific functions, the majority
of the IPv4’s 32-bit address space is designated for global
unicast addresses [3].Unicast addresses identify a single
interface within the scope of a particular type of unicast
address .The scope of an address is the region of the IPv6
network over which the address is unique. With the
appropriate unicast routing topology, packets addressed to a
unicast address are delivered only to a single interface. In
the IPv4 addressing architecture2, IANA delegates
Regional Internet Registries (RIRs) /8 address blocks (8-bit
network identifiers, also historically called “class A”
address blocks), which the RIRs can then divide into
variable-length blocks for further assignment to ISPs or
other registries [6, 7]. In this regime, the maximum address
block that a site can ever be given is a /8, which leaves only
24 bits for sub netting and addressing within the
organization. Historically, large or complex organizations
have required multiple /8s. For instance, at least 7 /8s
belong to the US Department of Defense. Considering there
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 299

Proceedings of ICCNS 08 , 27-28 September 2008
are only 256 such blocks, the IPv4 address space can be
seen as severely limited in its ability to provide unique
addresses to the elements of large organizations worldwide.
To compound matters, even using multiple /8s is a poor
solution, since there is no guarantee that the blocks will be
numerically continuous, and if they are not, then both the
local numbering scheme may be awkward, and multiple
global routing table entries will be stored and propagated
for the same site. In recent years, many IPv4 users have
circumvented these issues by using Network Address
Translators (Nat’s), although this practice is known to be
fraught with problems of its own. Unicast address is a one
address on a single interface and also it is delivery to a
single interface.
The following are types of unicast IPv6 addresses:
Aggregately global unicast addresses. Identified by the
format prefix (FP) of 001, these addresses are equivalent to
public IPv4 addresses. Local-use unicast addresses. Provide
two types of addresses:
(a). Link-local addresses. Identified by the FP of 1111 1110
10, these addresses are
Used by nodes when they are communicating with
neighboring nodes on the same link.
(b). Site-local addresses. Identified by the FP of 1111 1110
11, these addresses are equivalent to the IPv4 private
address space. Use these addresses between nodes that
communicate with other nodes in the same site The
documented policy for the downstream assignment from
RIRs to Local Internet Registries (LIRs) is that each LIR
receive a minimum of a /32, and the minimized address
block that an LIR can then give to a site is a /48 block3.
Since an Ipv6 site can expect at a minimum, a /48, this
allows for 16 bits of sub netting space and 64 bits for
interface identifiers within a subnet (80 bits combined).
Contrast this to an Ipv4 site that can expect a maximum of a
/8 block, leaving only 24 bits of space to be used for sub
netting and host addressing combined. Since in reality, the
vast majority of Ipv4 sites do not get /8s, but rather /16s or
/24s, there are more likely to be only 4 to 8 bits left for
identifying hosts within a subnet, using global addresses.
address of 127.0.0.1.in Class – A, 127.127.0.0 in Class-B,
127.127.127.0 in Class – C.
The Ipv4 loopback address is an integer type
INADDR_LOOPBACK. The Ipv6 loopback address is
an in6_addr structure defined in . For
example:
Header file
sin6.sin6_addr =
in6addr_loopback;
The symbolic constant named
IN6ADDR_LOOPBACK_INIT is defined in
. Use it only when declaring a sockaddr_in6
struct.
For example: struct in6_addr loopbackaddr =
IN6ADDR_LOOPBACK_INIT
A. D. Unspecified address (This host on this network
address):-This is an address in which the prefix part as well
as suffix part are zero. In other words the entire address
consists of zeros. It used only to indicate the absence of an
address, this type of address cannot be assigned to a node.
This type of address is used by a host at bootstrap time
when it does not know its ip address. We can use this type
of address as a source address. The unspecified address
can’t be used as a destination address. The Ipv6 unspecified
address, 0:0:0:0:0:0:0:0 or ::, is equivalent to the Ipv4
unspecified address of 0.0.0.0.
B. E. Concept of Class full v/s Classless addressing: The Ipv4
is broadly divided into Class-A, Class-B, Class-C, Class-D,
and Class-E types, where as Ipv6 Classless is addressing.
C. F. Concept of Netid and Host id:- The Net id is also called
as Prefix part. It is a portion of an IP address that defines a
network. Where as Host id is a portion of an IP address
which identifies a host or router on the network. It is also
called as suffix section. We will use prefix and suffix in
Class-A, Class-B as well as Class-C addresses in Ipv4.The
Netid in Class-A is 8 bits and Hostid is 24 bits, where as in
Class-B the Net id is 16 bits and Host id also 16 bits, and in
Class-C the Netid is 24 bits and Hostid is 8 bits. The netid
and Hostid in Ipv6 are totally different from Ipv4. The first
64 bits address space of an Ipv6 address is considered as
Netid and another 64 bits address space is considered as a
Hostid. The below figure represents a Netid and Hostid in
Ipv4.
(c). Loop back address:-This is as address used by a host to
test itself without going into the network. It is used to
identify a loop back interface, which enables a node to send
packets to it. In this case a message is created in the
application layer, sent to the transport layer, and passed to
the network layer. However instead of going to the physical
network, it returns to the transport layer and then passes to
the application layer. The IPv6 loop back address,
0:0:0:0:0:0:0:1 or :: 1, is equivalent to the Ipv4 loop back
D. G. Address allocation:- Usually in Ipv4, addresses were
allocated by network class. As address space is depleted,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 300

Proceedings of ICCNS 08 , 27-28 September 2008
smaller allocations using Classless Inter-Domain Routing
(CIDR) are made. Allocation has not been balanced among
institutions and nations; where as in Ipv6 Allocation is in
the earliest stages. The Internet Engineering Task Force
(IETF) and Internet Architecture Board (IAB) have
recommended that essentially every organization, home, or
entity be allocated a /48 subnet prefix length. This would
leave 16 bits for the organization to do sub netting. The
address space is large enough to give every person in the
world their own /48 subnet prefix length.
H. Address lifetime : In IPv4 Generally, not an applicable
concept, except for addresses assigned using DHCP, where
as in IPv6 IPv6 addresses have two lifetimes: preferred and
valid, with the preferred lifetime always

Proceedings of ICCNS 08 , 27-28 September 2008
III. CONCLUSIONS
In conclusion, IPv6 offers many potential business case
advantages over IPv4 and is currently possible to use
successfully in production environments with readily
available materials, possibly without even requiring
hardware or software upgrades from currently used
systems. Consumer upgrades are underway, but will take a
long period of time. Consumer products will drive
consumer upgrades. Mobile IP devices, home gaming
systems and other consumer-focused products will begin to
incorporate IPv6, bringing it into the home. IPv6 enables
addressing architectures that scale well in terms of the
number of nodes and sub networks, the size of sub
networks, and the degree of change within sub networks;
including practical cases where IPv4 becomes difficult to
use robustly. Mobile IP devices are already connecting to
802.11 Hot Spots that run IPv6. ISP upgrades to IPv6 will
likely be consumer driven. As some ISP's begin to upgrade
their networks to IPv6, users will see further IPv6
integration in their homes. Without doubt, IPv6 represents a
considerable improvement if compared to the old IPv4
protocol stack. The new suite of protocols provides
innumerable features that improve both the overall
functionality as well as some specific security functions.
Although IPv6 offers better security (larger address space
and the use of encrypted communication), the protocol also
raises new security challenges. Particular aspects of IPv6
that we have positively identified as advances over IPv4
include:
IPv6 implementation and migration cannot and should not
happen overnight. Major changes are required in all areas of
industry to allow migration. Countries and companies, both
large and small, must make the move to IPv6 before overall
migration of the Internet backbones can happen. As
organizations test and complete their migration to IPv6, we
move closer to an IPv6 Internet. Some estimates state that
IPv6 will not be fully implemented until 2030 or as late as
2040. While major steps are being made towards
implementation of the new protocol, a completely IPv6
Internet is many decades away.
[10] Eddy, W. and J. Ishac, “Comparison of IPv6 and IPv4 Features”,
draft-eddy-ipv6- ip4-comparison, Internet-Draft (work in progress),
May - 2006.
[11] Shac, J., “Survey of Header Compression Techniques”, NASA Glenn
Research Center Technical Report TM-2001-211154, September
2001.
[12] Evans, K., “Transition Planning for Internet Protocol Version 6”,
Office of Management and Budget, Memorandum for the Chief
Information Officers M-05- 22, August 2005.
[13] Deering, S. and R. Hinden, “Internet Protocol, Version 6 (IPv6)
Specification”, RFC 1883, December 1996.
[14] Conta, A. and S. Deering, “Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification”,
RFC 2463, December 1998.
[15] Moskowitz, R. and P. Nikander, “Host Identity Protocol (HIP)
Architecture”, RFC 4423, May 2006.
[16] Loughney, J., “IPv6 in 2G and 3G Networks”, North American IPv6
Summit 2004, June 2004.
[17] Davies, J., “Understanding IPv6”, Microsoft Press, Redmond, WA,
2003.
REFERENCES
[1] Deering, S. and R. Hinden, “Internet Protocol, Version 6 (IPv6)
Specification”, RFC 2460, December 1998.
[2] Behrouz.A.Forouzan.TCP/IP Protocol Suite, Third edition
[3] Andrew S.Tanenbaum, Computer Networks.,Fourth edition,2005.
[4] Partridge, C.,“Using the Flow Label Field in IPv6”, RFC 1809, June 5.
[5] Kent, S. and K. Seo, “Security Architecture for the Internet Protocol”,
RFC 4301, December 2005.
[6] Dierks, T. and E.Rescorla,“The Transport Layer Security (TLS)
Protocol Version 1.1”, RFC 4346, April 2006.
[7] Lynn, C., Kent, Sand K. Seo,“X.509 Extensions for IP Addresses and
AS Identifiers”, RFC 3779, June 2004.
[8] Eddy, W., “Comparison of IPv4 and IPv6 Header Overhead”, drafteddy-ipv6-
overhead-00, Internet-Draft (work in progress), May - 06.
[9] Eddy, W. and W. Ivancic, “Assessment of IPv6 Maturity”, Internet-
Draft (work in progress), May 2006.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 302

Proceedings of ICCNS 08 , 27-28 September 2008
Improved Preemptive Multipath On
Demand Routing Protocol for Adhoc
Networks
Sujatha P. Terdal 1 , Dr V.D Mytri 2 , Dr. A Damaodaram 3
Abstract- Mobile ad hoc networks (MANET) very often suffer from
route failures .This effects an ongoing data transmission resulting in
routes becoming invalid. So it is important for a routing protocol to
recover from such failures by providing redundancy of paths which
are robust. With this objective, this paper proposes a novel method to
improve an ondemand routing protocol AODV to store multiple
paths which are also stable(PMAODV). Further having found
stable paths this protocol will detect diminishing signal strengths
between the nodes and proactively switch to pre-discovered path
thus avoiding costly route discovery process. Simulation results
show that this protocol has improved throughput with decreased
reconfiguration of routes.
Keywords- MANET, Multipath AODV, Preemptive Routing,
Power Estimation
1. INTRODUCTION
MANET is a collection of mobile nodes , which can instantly
cooperate together to form a network without any
infrastructure like base stations. Nodes in this network have
the responsibility of performing routing function in addition to
data relaying. MANET nodes are constrained by limited
battery power, channel bandwidth and memory. In addition to
this they face frequent route breaks. Routing protocols have to
be designed to perform under these limitations. Node mobility
would cause precomputed routes getting invalid.
Many routing protocols have been suggested [1][2] for
MANETs. They use ondemand approach for route calculation.
AODV[2] is one such protocol that has been widely used in
MANETs. When a source needs a route it begins by initiating
a Route Discovery process by sending a RREQ packet. RREQ
is flooded on all outgoing links. When this packet is received
by an intermediate node, it checks whether it has a route to the
destination. If so the intermediate node constructs a RREP
packet and sends to the source else the intermediate node
forwards the RREQ packet towards the destination. Duplicate
RREQs are ignored by the nodes to constrain flooding
process.
1 Sujatha P. Terdal Asst Prof. Dept. of CSE PDA College of Engineering
Gulbarga suja_pst@rediffmail.com
2 Dr V.D Mytri Principal GND College of Engineering Bidar
vdmytri2008@rediffmail.com
3 Dr. A Damaodaram Professor Dept. of CSE JNTU college of Engineering
Hyderabad damodarama@gmail.com
When ever a node receives a RREQ packet it copies the
address of the node from which it received the packet forming
a reverse route. On the arrival of a RREQ packet, a destination
node unicasts a RREP packet to the source. An intermediate
node that receives this packet records a forward route to the
destination and forwards the packet to a neighbor node on the
reverse route. The RREP packet finally returns back to the
source node and a data transfer route is established.
An attempt to decrease the number of Route Discoveries is by
learning about Multiple paths from a single Route Discovery.
Multipath extensions to routing protocols have been suggested
in the literature to reduce Route Discovery floods. When all
paths fail only then Route Discovery is initiated. Variations of
Multipath routing protocols like node disjoint, link disjoint
paths store paths that do not have common nodes or links
exist.
A Route Maintenance process is initiated when a node detects
a link failure by broadcasting a RERR packet. This packet
travels through all nodes invalidating corresponding
established routes. When this RERR packet reaches the source
it re-initiates a Route Discovery process. If the failure of a link
can be predicted in advance, the routing protocol can switch to
an alternate path preemptively and save the routing overhead.
The performance of any routing protocol improves if it can
decrease upon the amount of Route Discovery attempts and
Route Maintenance attempts. Thus finding paths that have a
longer lifetime is crucial.
This paper proposes a novel method to store stable multiple
paths and preemptively switch to alternate routes by
predicting future link failures. Storing such multiple paths
enables routes that have longer lifetime thus decreasing
chances of route errors.
The rest of the paper is organized as follows. In section 2, we
review related prior work. In section 3, detailed protocol is
described. Simulation results are presented in section 4, while
conclusions are offered in section 5.
2. REVIEW OF LITERATURE
Recently several implementations of Multipath Routing
Protocols have been proposed .An extension [3]to AODV is
developed which computes loop free link disjoint multiple
paths.In [4] authors propose AODVM which is an extension
for finding node-disjoint paths.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 303

Proceedings of ICCNS 08 , 27-28 September 2008
In this intermediate nodes are not allowed to send a route
reply directly to the source and duplicate RREQ packets are
not discarded by intermediate nodes. But all received RREQ
packets are recorded in RREQ table at the intermediate nodes.
The destination sends an RREP for all the received RREQ
packets. An intermediate node forwards a received RREP
packet to the neighbor in the RREQ table that is along the
shortest path to the source. To ensure that nodes do not
participate in more than one route, whenever a node overhears
one of its neighbors broadcasting an RREP packet, it deletes
that neighbor from its RREQ table. Because a node cannot
participate in more than one route, the discovered routes must
be node-disjoint.
Another work in this area is Split
Multipath Routing SMR[5] that constructs maximally disjoint
multiple paths by enhancing DSR . In this case, simultaneous
data transfer over the multiple routes is evaluated. Along with
finding multiple paths [6] balancing the load on these paths is
done based on RTT measurements.
Signal strength has also been proposed as a metric for
selecting reliable routes in routing protocols for mobile ad hoc
networks [7], [8]. The metrics used is the average signal
strength and route stability, while in [9], the authors suggest a
SNR-based neighbor selection for handling unreliable links.
These approaches utilize Signal strength to indicate strong or
weak channels, without deriving any movement tendency.
Studies on Proactive Route maintenance has received
significant attention as preemptive Route repair would save
upon the cost involved in frequent Route Discoveries.Several
approaches have been used to predict route failures and
consequently switch to a better path.
A solution[7] is given that preemptively finds other paths by
switching to an alternative good path before a break,
minimizing both the latency and jitter and avoiding
inefficiencies due to unnecessary TCP backoff and congestion
avoidance.
Where Pr is received power, Pt is the transmitted power and
Gt & Gr represents transmitter antenna gain and receiver
antenna gain, λ is wave length in metres and d distance, L
denotes system loss factor.
If the power loss is lesser than the threshold value only then
RREQ is further broadcasted.When such RREQ packets reach
the destination it selects paths with minimum power loss .The
destination then constructs a RREP packet and unicasts them
to the source.The source now has multiple paths to the
destination..While an active link is used for a data
transmission the source checks for a warning. Probability of
failure of link is found in cost effective way. Every node waits
for an acknowledgement for the packet it has sent.Our
algorithm uses this acknowledgement packet to detect
diminishing received power. An intermediate node keeps a
watch over the received power and if it falls below the
threshold it sets a warning bit in our modified ACK packet
which is consequently sent to the node upstream.This warning
is further propagated to the source.The source reacts to this by
changing the active path to an alternate path from the multiple
paths.Flow of the proposed work which improves upon the
route discovery and data transfer phase is shown below.
3. DETAILED PROTOCOL
In this section we describe our proposed multipath protocol
that preemptively finds weakening links and switches to a
path that is learnt from the earlier Route Discovery. We have
extended AODV to show the achieved performance
improvement. Standard AODV’s Route Discovery and Data
Transfer process is modified here.
This works in two phases.Initially multiple routes are
computed during Route Discovery which are node disjoint.
Then it proceeds with computing stable paths by estimating
the received power at a node and finally storing these.
Standard AODV RREQ procedure is enhanced to make
flooding more constrained than the original AODV. On the
reception of a RREQ packet a node computes the power loss
Fig : Improved Route Discovery Process
experienced by using the formula given in (1)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 304

Proceedings of ICCNS 08 , 27-28 September 2008
Figure:1
Multipath Routing protocols score over the unicast versions
by showing lesser number of Re-Route configurations which
is evident in Figure 2.
Load v/s Re-Route Configuration
Number of Re-
40
Configuration
30
Route
20
10
0
1 4 7 10
Normal AODV
PMAODV
Fig: Data Transfer Process
4. SIMULATION & RESULTS :
This protocol is designed and simulated in C. A simulation
area of 400x400 is set up where randomly n number of mobile
nodes is placed. A source and a destination is selected
randomly. Free space propagation model is assumed.
Random waypoint algorithm is implemented for mobility. A
mobile selects another node in the network and constantly
moves towards it at a given velocity. Once it reaches there, it
waits for some pause time and selects another node and again
start moving. By observing the performance of the network
under mobility we can test the stability of the design in real
time scenario.For simplicity constant value of threshold power
is assumed.
5. RESULTS
Working of this protocol is compared with the normal AODV.
Figure 1 shows improved throughput under increasing load.
Normal AODV performance degrades with increased load.
The performance of PMAODV is compared with normal
AODV.
Load
figure 2
Another performance parameter considered is mobility.
Throughput does not degrade much with increased Mobility.
Figure 3 shows this.
Figure 3
6. CONCLUSION
The results shows that the performance of the proposed
protocol is better than normal AODV even when the mobility
of the nodes is high. The Route Discovery overhead is also
less compared to the AODV. This is because source would
always have multiple path in it’s repository and if the power
loss in a path degrades then immediately it can select from the
other available paths.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 305

Proceedings of ICCNS 08 , 27-28 September 2008
REFERENCES
[1] J.Broch, D.Johnson, and D. Maltz, “The Dynamic Source
Protocol for Mobile Ad hoc Networks,
http://www.ietf.org/internetdrafts/draft-ieft-manet-dsr-03.txt,
IETF Internet draft (work in progress), Oct.1999.
[2] Charles E. Perkings, Elizabeth M. Belding-Royer, Samir
R.Das, AdHoc On-Demand Distance Vector (AODV)
Routing, http://www.ietf.org/internet-drafts/draft-ietf-manet -
aodv-13.txt, IETF Internet draft, Feb 2003
[3]Marina, M.K., Das, S.R.: On-demandMultipath
DistanceVector Routing in Ad Hoc Networks. Proceedings of
the <strong>International</strong> <strong>Conference</strong> for Network Procotols (2001)
[4] Ye, Z., Krishnamurthy, S.V., Tripathi, S.K.: A Framework
for Reliable Routing in Mobile Ad Hoc Networks. IEEE
INFOCOM (2003)
[5] Lee, S.-J., Gerla,M.: SplitMultipath Routing with
Maximally Disjoint Paths in Ad Hoc Networks. IEEE
<strong>International</strong> <strong>Conference</strong> on Communications, Vol. 10 (2001)
[6] Lei Wang, Yantai Shu, Miao Dong, Lianfang Zhang, and
Oliver W.W. Yang, “Adaptive multipath source routing in ad
hocnetworks,” in Proceedings of the IEEE <strong>International</strong>
<strong>Conference</strong> on communications (ICC), Helsinki, Finland, June
2001, vol. 3, pp. 867–871.
[7] T. Goff, N. B. Abu-Ghuzaleh, D. S. Phatak, and R.
Kahvecioglu, “Preemptive routing in ad hoc networks,” in
Proc. ACM MobiCom, 2001.
[8] R. Dube, C. D. Rais, K. Y. Wang, and S. K. Tripathi,
“Signal stability based adaptive routing (SSA) for ad-hoc
mobile networks,” IEEE Personal Communications, vol. 4,
no. 2, 1997.
[9] K. W. Chin, J. Judge, A. Williams, and R. Kermode,
“Implementation experience with manet routing protocols,”
ACM SIGCOMM Comp. Comm. Review, vol. 32, no. 5, 2001
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 306

Proceedings of ICCNS 08 , 27-28 September 2008
Evaluation and Improving Performance of the Dynamic
Source Routing Protocol for MANETS
*Dr.B.Satyanarayana ** M.Neelakantappa ***Dr. A.Damodharam
Abstract
A Mobile Ad hoc NETwork (MANET) is
a temporary wireless network environment where
in nodes that are in mobility establishes the
network with out aid of any fixed infrastructure.
Routing in the MANET is a major challenging
problem to solve, because of its dynamic topology
and infrastructure less nature., namely Dynamic
Source Routing (DSR) is one of the widely used
routing protocols for MANETS protocol. Several
of the optimizations proposed on the DSR
protocol, tend to hurt the performance especially
in the case of high node mobility and low traffic
load. In this paper the performance issue has been
studied extensively, and DSR is shown to perform
better with certain optimizations turned off. The
paper addresses the performance issue of DSR
(packet delivery rate), which is significantly
improved with the proposed modifications. Using
the simulations, we show that the proposed
techniques provide significant performance
improvements for various network densities and
traffic load. Based on the study of functionality in
other routing protocols, we suggest three simple
and intuitive changes to the DSR to further
performance improvements in non-congested
networks.
Keywords—Mobile Ad hoc Network, routing
protocols, Packet Delivery rate, GloMoSIM.
*Dr.B.Satyanarayana is working as Professor &
Head in Computer Science Dept. of S.K University
Anantapur,AP,India.
**M.Neelakantappa is working as Professor &
Head in CSE Dept. of G.Pullaiah Engineering College,
Kurnool,AP,India. (m_neelakanta@yahoo.com)
***Dr. A.Damodharam is currently working as
Professor & Vice-Principal in University College of Engg.,
JNT Universty, Hyderabad,AP,India.
I. INTRODUCTION
Recent advances in technology have provided
portable computers with wireless interfaces that allow
networked communication among mobile users .The
resulting computing environment, which is often
referred to as mobile computing, no longer requires
users to maintain a fixed and universally known
position in the network And enables almost
unrestricted mobility .A Mobile Ad hoc NETwork
(MANET)is a special type of wireless mobile
network[1,4] in which a collection of mobile hosts
with wireless network interface may form a temporary
network, without aid of any established infrastructure
or centralized administration. The application ranges
from civilian to disaster recovery and military.
Routing in the MANET faces special
challenges because of its infrastructure less network
and its dynamic topology. The tunnel-based triangle
routing of mobile IP works well only for fixed
infrastructure network to support the concept of “home
agent”. But when all hosts move, such a strategy
cannot be directly applied. Traditional routing
protocols for wired networks like distance vector or
link state are no longer suitable for ad hoc wireless
networks. In an environment with mobile hosts as
routers, convergence to new, stable routes after
dynamic changes in network topology may be slow
and this process could be expensive due to low
bandwidth.
Routing protocols for MANETS
can be roughly divided into proactive and reactive.
In proactive routing, each host continuously
maintains complete routing information of the
network. Both link state and distance vector
belong to proactive routing. The reactive scheme,
invokes a route determination procedure only on
demand through a query/reply approach. Dynamic
source routing protocol (DSR)[1] is a reactive
routing protocol. The source determines the
complete path for each routing process. The
approach consists of two steps, route discovery
and route maintenance. Route discovery allows
any host to dynamically discover a route to a
destination host. Each host also maintains a route
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 307

Proceedings of ICCNS 08 , 27-28 September 2008
cache in which it catches source routes it has
learned. Unlike regular routing-table based
approaches that have to perform periodic routing
updates, route maintenance only monitors the
routing process and informs the sender of any
routing errors.
. The Dynamic Source Routing (DSR)
[1,4] is one of the widely used routing protocols
for MANETs. Several previous studies indicate
that some of the route gathering techniques and
optimizations proposed in the original protocol
actually hurt the performance in many situations
and make DSR under perform another commonly
used routing protocol––ad hoc on demand distance
vector (AODV) [2]. Because of source routing,
however, DSR is considered to be desirable from
security aspect [6]. Several previous studies
indicate the benefit of turning off some of the
"optimization" features of DSR to improve its
performance [7].
In this paper, we show that with these
modifications, DSR’s performance is significantly
improved especially at high traffic loads. Using
simulations through GloMoSIM, we show that
these features improve DSR's performance.
II. BASIC DSR PROTOCOL
A. Overview of DSR
Route Discovery and Route Maintenance
of DSR are all operate on-demand. In particular,
unlike other protocols, DSR requires no periodic
packets of any kind at any level within the
network. This entirely on-demand behavior and
lack of periodic activity allows the number of
overhead packets caused by DSR to scale all the
way down to zero, when all nodes are
approximately stationary with respect to each
other and all routes needed for current
communication have already been discovered. As
nodes begin to move more or communication
patterns change, the routing packet overhead of
DSR automatically scales to only that needed to
track the routes currently in use.
We can use the following formula [5] to
denote MANET G:
G= (N, V) (1)
Where N denotes the set all nodes of G, V
denote the set all links of G. Among the elements of
set N, when node s originates a new packet destined to
some other node d, it places in the header of the packet
a source route giving the sequence of hops that the
packet should follow on its way to d . Normally, s will
obtain a suitable source route by searching its Route
Cache of routes previously learned, but if no route is
found in its cache, it will initiate the Route Discovery
protocol to dynamically find a new route to d. We call
s the initiator and d the target. For example, Figure 1
shows an example of Route Discovery, in which a
node a is attempting to discover a route to node e. To
initiate the Route Discovery, a transmits a ROUTE
REQUEST [5] message as a single local broadcast
packet, which is got by all nodes currently within
wireless transmission range of a.
a
{a}
b
{a,b}
c
{a,b,c}
d
{a,b,c,d}
Fig 1: Example of route Discovery with same request
ID
Each ROUTE REQUEST contains a record
listing the address of each intermediate node through
which this particular copy of the ROUTE REQUEST
message has been forwarded. This route record is
initialized to an empty list by the initiator of the Route
Discovery.
When another node receives a ROUTE
REQUEST, if it is the target of the Route Discovery, it
returns a ROUTE REPLY message to the initiator of the
Route Discovery, giving a copy of the accumulated route
record from the ROUTE REQUEST; when the initiator
receives this ROUTE REPLY, it caches this route in its
Route Cache for use in sending subsequent packets to
this destination. Otherwise, if this node receiving the
ROUTE REQUEST has recently seen another ROUTE
REQUEST message from this initiator bearing this same
request id, or if it finds that its own address is already
listed in the route record in the ROUTE REQUEST
message, it discards the REQUEST. Otherwise, this
node appends its own address to the route record in the
ROUTE REQUEST message and propagates it by
transmitting it as a local broadcast packet.
e
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 308

Proceedings of ICCNS 08 , 27-28 September 2008
In returning node e replying back to a, node e will
examine its own Route Cache for a route back to a, and if
found, will use it for the source route for delivery of the
packet containing the ROUTE REPLY. Otherwise, e may
perform its own Route Discovery for target node a, but to
avoid possible infinite recursion of Route Discoveries.
B. Security and Performance Issues
Certain features of DSR hurt its
performance or make it vulnerable to security
attacks.
• No Expiration of Routes: Without an
effective mechanism to remove excessively old
(stale) entries, route caches may contain broken or
non-minimum hop routes. Using stale routes
causes loss of data packets (low delivery rate) and
wastes network bandwidth. Route replies from
intermediate nodes and snooping data packets
exacerbate this problem by polluting caches with
stale routes [6, 9].
• Intermediate-Node (IN) Replies:
Intermediate-node replies make the route learning
process faster because all route requests do not
need to travel all the way to the destination.
Without route freshness indication, however, it
results in polluting caches with stale routes when
node mobility is high and data transmissions are
infrequent [5,8,9].
When a source receives the bad route reply, it
tries to send the waiting data packet along the
route. Upon failure of one of the links along the
route, a route error packet is propagated back to
the source, which then issues a new route request,
starting the process all over again.
• Data Salvaging: If an intermediate node
encounters a broken link and has an alternate route
to the destination in its cache, it can try to salvage
the packet by sending it via the route from its cache. [9].
Data Salvage can be useful in relatively
static networks, in which routes remain stable for
relatively long periods of time. However, in a
MANET, it is likely that the route in the
intermediate node’s cache was older, and hence,
also invalid. Trying to salvage a data packet by
using another bad route would result in a waste of
time and bandwidth. Also, a malicious node may
misroute data packets without risking its detection
under the guise of data salvaging.
• Gratuitous Replies: When a node overhears a
packet addressed to another node, it checks to
see if the packet could be routed via itself to gain a
shorter route. If so, the node sends a gratuitous reply
to the source of the route with this new, better route.
Like data salvaging, gratuitous replies can be
of limited benefit when the routes are fresh and nodes
are not malicious. Otherwise, this feature degrades
performance, security, or both.
III. EVALUATION OF DSR BY SIMULATION
We analyzed the performance of the original DSR
and the impact of turning off some the optimizations
discussed above. To turn off intermediate node replies,
we modified the DSR code so that when an
intermediate node hears a new route request, it simply
rebroadcasts it, even if it has a route to the destination.
To turn off data salvage, we modified the code so that
a data packet that cannot be transmitted to the next hop
specified in the source is dropped and a route error
message is sent to the source. Gratuitous replies are
turned off by not sending route shortening messages to
packet sources.
We also modified the route replies and
request packets to carry timestamps so that we can
keep track of route creation time and ages of routes
used. We give a quantitative measure of the staleness
of routes that has been so widely reported but not
measured in literature.
Simulation environment: All simulations were run on
the GloMoSIM network simulator [10]. The
modifications were made to the implementation of
DSR written for GloMoSIM. A 100 node network in a
field size of 1000m x 1000m was used. The mobility
model used was random waypoint [11] in a
square/rectangular field. In random waypoint, each
node starts its journey from its current location to a
random location within the field. The speed is
randomly chosen to be between 1-19 m/sec. Once the
destination is reached, another random destination is
targeted after a specified pause. We used 0-second
pause time, which results in continuous node mobility
in our simulations.
Twenty-five CBR (constant bit-rate) over
UDP connections (distinct sources and destinations)
were used to generate traffic by injecting 512-byte
packets with average inter-packet time varied
according to the load rate desired. For each
configuration, the network is simulated for 600
seconds.
We used delivery rate, the percentage of
injected packets that are delivered to destinations,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 309

Proceedings of ICCNS 08 , 27-28 September 2008
and average age of routes used to analyze the
performance. At low loads, the delivery rate gives
a measure of route correctness rather than load
balancing or other issues of the protocol. We
indicate route ages since it is frequently mentioned
in literature without quantitative evaluation. In
addition to the original DSR, we simulated 4
variations: intermediate nodes replies off (denoted
as ‘INTNODES off’ in the graphs below), data
salvaging off (DATASALVG off), gratuitous off
(denoted as GRATT off) or all the three off
(denoted as ALL3 off).
Parameter
Routing protocol
Value
DSR
MAC Layer 802.11
Bandwidth 2Mbps
TERRAIN 1000 x 1000
Nodes 100
Node Placement Random
Simulation Time 600 Sec
Mobility Model RWP(1-19 mtrs/sec)
With 0 Pause-time
Data Traffic 25CBR with512B pkts
Traffic Load 12.5,50,125,200,250 kbp
Table1: Simulation parameters in GloMoSIM
/* RoutingDsrSalvageData
*
* Node that detects the route break and
knows another route to the destination
* salvages the data
*/
void RoutingDsrSalvageData(GlomoNode *node
Message *msg)
{
GlomoNetworkIp* ipLayer = (GlomoNetworkIp *
node->networkData.networkVar;
GlomoRoutingDsr* dsr = (GlomoRoutingDsr *
ipLayer->routingProtocol;
IpHeaderType *ipHeader = (IpHeaderType *
msg->packet;
DsrIpOptionType* option;
char *pktPtr;
NODE_ADDR newPath[DSR_MAX_SR_LEN+1];
NODE_ADDR *salvage;
int i, j;
int hop;
salvage = RoutingDsrGetRoute(ipHeader
>ip_dst, &dsr->routeCacheTable);
hop = RoutingDsrGetHop(ipHeader->ip_dst
&dsr->routeCacheTable);
newPath[0] = node->nodeAddr;
for (i = 1, j = 0; j < hop; i++, j++)
{
newPath[i] = salvage[j];
}
for (; i < (DSR_MAX_SR_LEN+1); i++)
{
newPath[i] = ANY_DEST;
}
option = GetPtrToDsrIpOptionField(msg);
option->segmentLeft = hop;
option->salvagedBit = TRUE;
NetworkIpSendPacketToMacLayerWithNewStrictSourc
Route(
node, msg, newPath, hop + 1, TRUE);
dsr->stats.numDataTxed++;
dsr->stats.numSalvagedPackets++;
} /* RoutingDsrSalvageData */
Fig3: DSR Code for Data Salvaging
Fig 2: Snapshot of Simulation
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 310

Proceedings of ICCNS 08 , 27-28 September 2008
Routing
Transmitted Load(Kbps)
Protocol(Pkt.
12.5 50 125 200 250
Delivery Rate)
DSR Org 85.05 88.39 55.04 24.75 25.98
DSR INT 92.42 97.84 76.67 49.54 38.8
NODES Off
DSR DATA 92.32 98.71 59.13 30.24 24.75
SALVG Off
DSR GRATUI- 94.41 99.83 98.73 56.10 38.81
TOUS Off
DSRALL 3 Off 99.83 99.11 98.75 56.45 38.85
Table 2: Packet Delivery rate for DSR Variations
Packet Delivery Ratio(% )
100
80
60
40
20
DSROriginal
DSTINtNODEs 0ff
DATASALVG Off
GRATT Off
0
0 50 100 150 200 250
Offered Load (kbps)
Fig4:Comparison of DSR with certain
optimizations off
Packet Delivery Ratio(%)
100
80
60
40
20
DSROriginal
DSRALL3 0ff
0
0 50 100 150 200 250
Offered Load (kbps)
Fig5: Comparison of DSR with DSR all the 3
optimizations off
Fig 4 shows the packet delivery rate (PDR)
comparison for original DSR with DSR INTNODES
off, DSR DATASALVG off and DSR GRATT off. Fig
5 shows the performance comparison of all the 3
optimizations embedded in the DSR (ALL 3 off) with
original DSR. The PDR is extremely low for the
original DSR. Turning off INTNODES replies and
Gratuitous replies off, improves the throughput
significantly. Data salvage alone does not impact
performance. In conjunction with INTNODES replies
off and gratuitous off, however, data salvage provides
marginal performance benefit. Given that malicious
node detection becomes harder with data salvage,
turning it off is preferable.
IV. CONCLUSIONS
DSR is a widely used routing protocol for
mobile ad hoc networks, but has very low delivery
rates and poor performance in lightly loaded networks
with high node mobility. Several of the modifications
proposed in the literature. This paper presents three
optimization techniques— intermediate nodes replies
off, data salvaging off, gratuitous off. In addition to
the original DSR, we simulated 4 variations:
intermediate nodes replies off, data salvaging off,
gratuitous off, and all the three off. Our simulation
results shows that, without using any complicated
strategies, our proposed techniques perform
significantly better than previously proposed
modifications especially at low traffic loads (100-
200Kbps) and about the same at higher traffic loads.
In future we intend to modify DSR by
intuitive modifications to the routing protocol in noncongested
networks based on our observations of other
protocols. The changes will be like limiting replies
sent by destination, keeping only one route per
destination, and preferring fresher routes over shorter
ones—to further improve the performance of DSR.
References
[1] D. Johnson, D. Maltz and Y. Hu. The dynamic
source routing protocol for mobile ad hoc
networks. IETF MANET Working Group,draft
2003. http://www.ietf.org/internetdrafts/draftietfmanet
-dsr-03.txt,
[2] Samir Das, Charles Perkins, Elizabeth Royer.
Performance Comparison of On-demand Routing
Protocds for Adhoc Networks, IEEE,
INFOCOM2000.http://www.ietf.org/internetdrafts
/dsr.txt,aodv.txt
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 311

Proceedings of ICCNS 08 , 27-28 September 2008
[3] Theodoros Salonidis, Pravin Bhagwat,
Leandros Tassiulas, Richard LaMaire. Distributed
Topology Construction of Bluetooth Personal
Area NetworksJEEE, INFOCQM2001.
[4] Zygmunt J. Haas, Guest Editorial Wireless Ad
Hoc Networks, IEEE JOURNAL ON SELECTED
AREAS IN COMMUNICATIONS, VOL. 17, no.
8, August 1999
[5] D. Johnson and D. Maltz. Dynamic Source
Routing in Ad Hoc Wireless Networks. In Mobile
Computing, edited by Tomasz Emilienski and
Hank Korth, Kluwer Academic Publishers, 1996.
[6] M. K. Marina and S. R. Das. Performance of
Route Caching Strategies in Dynamic Source
Routing. In Proceedings of Int’l Workshop on
Wireless Networks & Mobile Computing , 2001.
[7]D. Chakraborty and A. Joshi, "GSD: A novel
group-based service discovery protocol for
MANETS", In IEEE Conf. on Mobile and
Wireless Communications Networks, Sept’ 2002.
[8]S. Helal, N. Desai, V. Verma, and C. Lee,
"Konark - A Service Discovery and Delivery
Protocol for Ad-Hoc Networks", in Proceedings of
the 3rd IEEE <strong>Conference</strong> on Wireless
Communication Networks (WCNC), March 2003.
[9] D. De Couto, D. Aguayo, J. Bicket, and R.
Morris. A High-Throughput Path Metric for Multi-
Hop Wireless Routing. In Proceedings of
MobiCom 2003.
[10] X. Zeng, R. Bagrodia, and M. Gerla,
“Glomosim: A library for parallel simulation of
large-scale wireless networks,” in Workshop on
Parallel and Distributed Simulation, 1998.
[11] T. Camp, J. Boleng, V. Davies. A survey of
mobility models for Ad Hoc Network Research. In
Wireless Communication and Mobile Computing
(WCMC): Special Issue on Mobile Ad Hoc
Networking: Research, Trends and Applications.
vol. 2, no. 5, 2002.
[12] C. E. Perkins. Mobile IP: Design Principles
and Practices. Addison Wesley, 1997.
[13] Jochen Schiller. Mobile Communications.
Pearson Education,2004.
[14]D.J.Goodman. Wireless Personal
Communications Systems.AddisonWesley,2002.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 312

Proceedings of ICCNS 08 , 27-28 September 2008
Performance Analysis of Routing Protocols in
Wireless Sensor and Actor Networks from an
Actor to Actor Perspective
Gowrishankar.S 1 , T.G.Basavaraju 2 , Manjaiah D.H 3 , Subir Kumar Sarkar 4
Abstract—In recent years there has been a growing interest in
Wireless Sensor Networks (WSN). The next step of evolution from
WSN is Wireless Sensor and Actor Network (WSAN). WSAN is
intertwined by both sensor and actor nodes; where sensor nodes are
low powered nodes with less communication capabilities while actor
nodes are technically superior to sensor nodes with high energy
battery and long range communication capabilities. This paper
provides an overview of WSAN and simulation based performance
analysis of actor to actor routing protocols in WSAN. The routing
protocols considered for performance analysis are AODV, DSDV
and DSR. The metrics considered for performance analysis are
Packet Delivery Ratio, End to End Delay, Throughput and Overhead
Analysis. Routing protocols like AODV, DSDV and DSR designed
for ad hoc networks can be applied for communication between actor
to actor nodes of WSAN as long as the communication overhead
occurring at the sensor nodes due to actor to actor communication is
kept low. Our analysis shows that AODV and DSR can be applied to
a maximum number of WSAN applications while DSDV is the worst
performer from an actor to actor perspective in Wireless Sensor and
Actor Networks.
Keywords—Wireless Sensor and Actor Networks, Sensor
networks, Performance analysis, Research areas.
I. INTRODUCTION
Mobile communications and wireless networking
technology has seen a thriving development in recent years.
Driven by technological advancements as well as application
demands various classes of communication networks have
emerged such as Cellular networks, Ad hoc Networks, Sensor
Networks and Mesh Networks.
Cellular Networks are the infrastructure dependent
networks. Ad hoc networks are defined as the category of
wireless networks that utilize multi hop radio relaying since
1 Professional Member, Association for Computing Machinery.
Email: gowrishankarsnath@acm.org
2 Department of Computer Science and Engineering, Acharya Institute of
Technology, Visvesvaraya Technological University, Belgaum 590014,
Karnataka, India.
Email:tgbasava@hotmail.com
3 Department of Computer Science, Mangalore University, Mangalore
574199, Karnataka, India.
Email: ylm321@yahoo.co.in
4 Department of Electronics and Telecommunication Engineering, Jadavpur
University, Kolkata 700032 , West Bengal, India.
Email: sksarkar@etce.jdvu.ac.in
the nodes are dynamically and arbitrarily located. Ad hoc
networks are infrastructure independent networks.
WSN can be defined as a special class of ad hoc wireless
network that are used to provide a wireless communication
infrastructure that allows us to instrument, observe and
respond to phenomena in the natural environment and in our
physical and cyber infrastructure [1, 2].
WSAN refers to a heterogeneous distributed network
comprising of sensor nodes and actor nodes (or actuators)
which are intertwined together to perform sensing and acting
tasks. Actor nodes have the capability for processing the
sensed data, making decisions and then performing the
appropriate actions.
Even though sensor networks are a special type of ad hoc
networks, the protocols designed for ad hoc networks cannot
be used as it is for sensor networks due to the reasons as listed
in [1, 3, 4, 5].
Also the protocols that need to be designed for WSAN should
consider following criteria’s:
1) WSN consists of only sensor nodes but WSAN consists of
sensor and actor nodes. Sensor nodes are low cost, low
power devices with limited sensing, wireless and
communication capabilities. Actor nodes are resource rich
nodes equipped with better processing capabilities, higher
transmission power and longer battery life.
2) The number of sensor nodes deployed to sense a
phenomenon area is dense and may be in the order of
hundred or thousands of nodes. But the number of actor
nodes deployed may not be that dense since they have
stronger communication capabilities and can access a
larger area.
3) Real time communication is very much important between
sensors and actors to perform the necessary task.
4) Communication between sensors and actors should be
efficient to ensure that the action is not duplicated when
the same events are reported to different actor nodes.
5) Ensure there is synchronization among different sensor
nodes reporting the same events to multiple or a single
actor in order to receive a single response for the entire
region.
In WSN the coordination is between the various sensor
nodes and the sink as shown in fig 1. The functionality of the
sink is to collect and process the reported data.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 313

Proceedings of ICCNS 08 , 27-28 September 2008
Fig 1: Sensor nodes to Sink.
As shown in fig 2, two types of WSAN coordination takes
place namely; Sensor to Actor and Actor to Actor
coordination.
Once the actor nodes receive raw information from the
sensor nodes about the detected phenomenon then the actor
nodes should process the data and take the required action
appropriately. For example, motion monitoring is done to
provide security by observing the motion of objects in art
galleries, shopping malls, museums or any other facilities. If
the sensor nodes detect any movement of artifact in the
museum then the same event is conveyed to the actor nodes,
which in turn take appropriate steps like sounding the burglary
alarm or inform the police of the burglary.
Fig 2: Sensor to Actor or Actor to Actor Coordination
Wireless Sensor and Actor networks have been proposed for
a variety of applications like [1, 3, 6] Intrusion detection and
Tracking along the border of a battle field for battle damage
assessment, nuclear, biological, chemical attack detection,
Habitat monitoring of the of sea birds and monitoring the
microclimate changes in forests due to forest fire, Motion
Monitoring along the bridges or large buildings to understand
earthquake vibration patterns, to analyze the physiological
conditions of a person, to monitor and track vehicles on a
congested road, detection and monitoring of car thefts in busy
traffic and so on.
Routing protocols like AODV [7], DSDV and DSR [8]
designed for ad hoc networks can be applied for
communication between actor to actor nodes of WSAN as long
as the real time requirements are met and the communication
overhead occurring at the sensor nodes due to actor to actor
communication is kept low [9].
Following criteria have been identified in selecting the
routing protocols for various WSAN applications [TABLE 1]:
Deployment: It means setting up an operational Wireless
Sensor and Actor Network in a real environment.
Size: It refers to the number of actor nodes deployed in
Wireless Sensor and Actor Network.
Data Amount: Data amount can be less or more depending
on the application. So we need to choose a corresponding
routing protocol appropriately that can deal with huge amount
of data.
Delay: For real time applications like nuclear power plant
monitoring and military surveillance, delay should be very
less.
Overhead: In energy constrained applications, a protocol
which has minimum overhead needs to be considered.
QOS: Quality of Service is the level of service provided by
the WSAN to its users.
The main contribution of this paper is that we have done
performance analysis of various routing protocols like AODV,
DSDV and DSR from an actor to actor viewpoint of the
wireless sensor and actor networks.
For actor to actor communication, routing protocols
designed for mobile ad hoc networks such as AODV, DSDV
and DSR can be used, provided they are fine tuned to meet the
real time requirements of the WSAN and also the overhead
occurring at the sensor nodes due to actor to actor
communication is minimal.
The rest of the section is divided as follows: In the second
section we present literature survey, simulation setup and
analysis of the results is given in the third and fourth section
and finally we conclude our paper.
II. RELATED WORK
Low Energy Adaptive Cluster Hierarchy (LEACH) is
proposed in [10] that employ’s the technique of randomly
rotating the role of a cluster head among all the nodes in the
network. The operation of LEACH is organized in rounds
where each round consists of a setup phase and a transmission
phase. During the setup phase, the nodes organize themselves
into clusters with one node serving as the cluster head in each
cluster. During the transmission phase, the self elected cluster
heads collect data from nodes within their respective clusters
and apply data fusion before forwarding them directly to the
base station. It has been shown that LEACH provides
significant energy savings and prolonged network lifetime.
S-MAC protocol is an effective energy conserving MAC
protocol designed by Wei Ye et.al [11] for Wireless Sensor
Networks. Majority of the contention based MAC protocols
are based on S-MAC. Conserving energy in S-MAC protocol
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 314

Proceedings of ICCNS 08 , 27-28 September 2008
is done through three novel techniques. A low duty cycle is
implemented in S-MAC which forces the nodes to sleep
periodically instead of listening continuously to an idle
channel. Transceivers are turned off for the time when the
shared medium is used for transmission by other nodes. A
message passing scheme is used for applications that require
store and forward processing thereby reducing latency and
control overhead. Existing MAC protocols for WSN should
be improved to provide real time guarantee and reduce delay.
In [12] Random Asynchronous Wakeup, an energy
management scheme explicitly designed for Wireless Sensor
and Actor Networks is introduced. This protocol achieved
good scalability while reducing energy consumption. A novel
Delay-Energy Aware Routing Protocol (DEAP) is presented in
[13] for Wireless Sensor and Actor Networks. DEAP provides
a flexible range of tradeoffs between the packet delay and the
energy use. Therefore, DEAP supports delay sensitive
applications of heterogeneous sensor and actor networks.
Han Peng et al, [14] propose a novel localization scheme
ECLS: An Efficient Cooperative Localization Scheme for
Wireless Sensor and Actor Networks. ECLS is an event-driven
localization method which is characterized by ideas such as
limited beacons and actors cooperation.
A Fault tolerant model is proposed in [15] to provide
reliable real time communications among sensors, actors and
actuation devices. The authors incorporate a multi-actor/multisensor
(MAMS) model. This paper discusses how to make
WSAN reliable and available by preventing conflicting actions
on multiple actor nodes.
III. SIMULATION ENVIRONMENT
The code has been modified wherever it was deemed
necessary to satisfy our simulation conditions. Also several
parameters have been fine tuned as specified by [21, 22, 23] to
carry our simulation work. For our research we have used NS-
2 [17] and NRLSensorsim [18] in combination. NS-2 is a
popular software package used for Network simulation.
NRLSensorsism is developed at Naval Research Laboratory
(NRL) to extend the NS-2 capability to simulate Sensor
Networks. The simulated sensor area is 501m x 501m
rectangle. In the first run the number of nodes has been varied
from 50 to 100 nodes keeping the simulation time constant at
100 seconds. In the second run, the number of nodes has been
kept constant at 100 nodes, while varying the simulation time
from 20 to 100 seconds. The MAC layer protocol is a
modified IEEE 802.11, which confirms to a sensor network
environment. The size of each of the message transmitted is
100 bytes. The transmission range is 50m.
Various metrics like Packet Delivery Ratio, Average End to
End Delay, Protocol Control Overhead and Throughput of the
Network have been selected to evaluate the performance of the
routing protocols.
Packet Delivery Ratio: It is defined as the ratio of number of
packets received by an actor node to the number of packets
sent from another source actor node. The greater the packet
delivery ratio is, the more reliable the routing protocol and the
less probability of dropping a data packet will be.
Average End to End Delay: This is the average end to end
delay packets i.e. the interval between the data packet
generation time and the time when the last bit arrives at the
destination.
Control Packet Overhead: The number of control packets
sent by all the nodes to discover and maintain routes.
Throughput of the network: Throughput can be defined as
the ratio of total number of bytes received to the simulation
end time.
IV. RESULT ANALYSIS
In this section, the results obtained for various metrics have
been discussed.
6.1 Packet Delivery Ratio
In fig 3, PDR v/s Number of actor nodes has been mapped.
PDR decreases in all the three protocols as the number of
nodes increases in the network.
Fig 3: PDR v/s Number of Actor Nodes
But it is very much less in AODV. Initial PDR of DSR can
be compared to that of AODV but there is a free fall in PDR
once the number of nodes increases >70, which can be
attributed to the number of dropped packets and the amount of
collisions that occur in the network. But still DSR is better
than DSDV. As can be seen in the graph AODV has highest
PDR when compared to other protocols while DSDV is the
worst performer. We find a little fall in PDR of AODV as the
number of actor nodes is increased, since a packet sent from
one actor node to actor node will have more hops to traverse
before reaching the intended actor node thereby increasing the
risk of TTL timeouts.
6.2 End to End Delay
In fig 4, End to End Delay v/s Number of actor nodes has
been mapped. AODV has less end to end delay when
compared to DSDV and DSR. The performance of AODV and
DSR remains consistent when the number of nodes is less but
the end to end delay increases slightly as the node increases.
DSDV has the worst end to end delay as the number of node
increases and performs badly when compared to AODV and
DSR. In DSDV, in order to obtain information about a
particular destination actor node; a node has to wait for a table
update message initiated by the same destination actor node
resulting in delay.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 315

Proceedings of ICCNS 08 , 27-28 September 2008
Fig 4: End to End Delay v/s Number of Actor Nodes
6.3 Overhead
In fig 5, Overhead v/s Number of actor nodes has been
mapped. From the graph we can analyze that DSDV is having
more overhead when compared to AODV and DSR as the
number of nodes increases. The more the overhead the less the
protocol is scalable.
Fig 5: Overhead v/s Number of Actor Nodes
When the number of nodes is less, DSDV has less overhead.
But it tends to increase as the number of nodes increases since
the updates are propagated throughout the network in order to
maintain an up to date view of the network topology at all the
nodes. AODV produces less overhead than DSDV as AODV
tries to discover a routing path only when it is needed. DSR is
having less overhead than other routing protocols as it makes
use of caching mechanism and it is more likely to find the
routes in its cache which results in less number of route
discovery requests than other protocols. Due to low overhead
DSR is more scalable than other protocols which enable us to
use DSR in applications where scalability is needed.
6.4 Throughput
In fig 6, Throughput v/s Number of actor nodes has been
mapped. Both DSR and AODV fare well. If the number of
nodes is less; AODV has highest throughput. But as the
number of nodes increases, both AODV and DSR have more
or less the same throughput, as can be seen from the graph.
DSDV has fewer throughputs which can be attributed to the
excessive channel usage by the regular route table updates.
Hence, we conclude that since bandwidth is a critical issue in
WSAN we consider AODV as the routing protocol for
bandwidth constrained applications.
Fig 6: Throughput v/s Number of Actor Nodes
V. CONCLUSION
In this paper, a comprehensive analysis of various routing
protocols in WSAN from an actor to actor perspective has
been presented. From our analysis we found out that even
though AODV and DSR can be applied to sufficient number of
applications there is nothing like one protocol that can fit to all
the applications. Different protocols need to chosen under
different circumstances depending on the application we
intend to work with. Also from our analysis we can fairly say
that the NRLSensorsim framework used to extend the NS2
capabilities to simulate Wireless Sensor Network has been
optimized for AODV. We have identified various applications
and the actor to actor routing protocols that can be applied to
these applications based on our simulation analysis are shown
in TABLE 1. Some research challenges that need to be
explored in WSAN are:
Enhancing adaptability for real time requirements: Many
applications are delay sensitive and expect the actor nodes to
take action at a very small instance of time. So, we should
optimize the protocols for real time application with less delay.
Multihop Networking: Protocols needs to be designed with
multihop networking among sensor nodes and actor nodes for
conserving energy in an effective manner.
Susceptible to node movement: Protocols designed for
WSAN should be susceptible to the movement of sensor and
actor nodes.
Improving Range and Visibility: Research should include
improving the range and visibility of the sensor and actor
nodes when deployed in various physical phenomenons in
order to detect wrong sensor readings at the earliest and also to
reduce latency and congestion.
Localization algorithms: Design of localization algorithms
should be robust enough to localize the failures and loss of
nodes. It should be tolerant to error in physical measurements.
Robust Synchronization Protocols: The lifetime or the
duration for the nodes which are spread over a large
geographical area needs to be taken into account. Sensor nodes
have higher degree of failures. Thus the synchronization
protocol needs to be more robust to failures and to
communication delay in WSAN.
Calibration: In WSAN calibration is needed for accuracy,
resiliency against random errors, ability to be applied in
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 316

Proceedings of ICCNS 08 , 27-28 September 2008
various scenarios and to address a variety of error models.
Data Aggregation: WSAN are inherently unreliable and
certain information may be unavailable or expensive to obtain;
like the number of nodes present in the network and the
number of nodes that are responding and also it is difficult to
obtain complete and up-to date information.
We like to emphasize that the routing protocols which we
have considered here were designed for ad-hoc networks but
we have considered them for wireless sensor and actor
networks. This explains the substantial difference between the
results which we have obtained by applying the routing
protocols designed for ad-hoc network to WSAN and the
results when the same routing protocols are applied to the
same framework. Also, for the benefit of the research
community, source code and data sheets will be made
available on request. Our future work includes designing a
new protocol that supports the WSAN paradigm. With all
these research challenges we firmly believe that we have a
very exciting time ahead of us in the area of Wireless Sensor
and Actor Networks.
REFERENCES
[1] Jamal N.Al-Karaki and Ahmed E.Kamal,” Routing Techniques in
Wireless Sensor Networks: A Survey”, IEEE Wireless Communications,
December 2004.
[2] I. Akylidiz, W. Su, Sankarasubramaniam, and E.Cayrici, “A survey on
sensor networks”, IEEE Communications Magazine, Volume: 40 Issue:
8, August 2002, pp.102-114.
[3] K. Akkaya and M. Younis, “A survey of Routing Protocols in Wireless
Sensor Networks”, Elsevier Ad Hoc Network Journal, 2005, pp 325-
349.
[4] Q. Jiang and D.Manivannan, “Routing Protocols for Sensor Networks”,
In proceedings of Consumer Communications and Networking
<strong>Conference</strong>, 5-8 January, pp 93-98.
[5] D.Culler, D.Estrin and M.Srivastava, “Overview of Sensor Networks”,
IEEE Computer Society, August 2004.
[6] Ian F. Akylidiz and Ismail H. Kasimoglu,”Wireless Sensor and Actor
Netowrks: Research Challenges”, http://www.sciencedirect.com.
[7] C.Perkins, E.B.Royer and S.Das,”AdHoc On-Demand Distance Vector
(AODV) Routing”, RFC 3561, IETF Network Working Group, July
2003.
[8] E.M.Royer and C.K.Toh, “ A Review of Current Routing Protocols for
Ad-Hoc Mobile Wireless Networks”, IEEE Personal Communications
Magazine, April 1999, pp. 46-55.
[9] M.Conti, .Giordano, G.Maselli, G.Turi, “ Cross-layering in mobile adhoc
network design”, IEEE Computer, Special Issue on Ad hoc
Networks 37 (2) (2004) 48-51
[10] W.R.Heinzelman, A. Chandrakasan and H.Balakrishnan, “Energy-
Efficient Communication Protocol for Wireless Microsensor Networks”,
IEEE Proc. Hawaii Int’l <strong>Conference</strong>. Jan 2000, pp 1-10.
[11] Wei Ye, J. Heidemann and D.Estrin, “ An Energy Efficient MAC
Protocol for Wireless Sensor Networks”, In proceedings of IEEE
Infocom, pp 1567-1576, June 2002.
[12] V.Parachuri, S.Basavaraju, A.Durresis and R.Kannan,”Random
Asynchronous Wakeup Protocol for Sensor Networks”, In proceedings
of BroadNets’04, San Jose, California, October 2004.
[13] Arjan Desai et al., “Delay-Energy Aware Routing for Sensor and Actor
Networks”, Proceedings of the 2005 11 th <strong>International</strong> <strong>Conference</strong> on
Parallel and Distributed Systems (ICPADS’05)
[14] Han Peng et al., “ECLS: An Efficient Cooperative Localization Scheme
For Wireless Sensor and Actor Networks”, In proceedings of the 2005
The Fifth <strong>International</strong> <strong>Conference</strong> on Computer and Information
Technology (CIT’05).
[15] Keiji Ozake, Kenichi Watanabe et al,”A Fault-Tolerant Model for
Wireless Sensor-Actor System”, Proceedings of the 20 th <strong>International</strong>
<strong>Conference</strong> on Advanced Information Networking and Applications
(AINA’06)
[16] D.B.Johnson and D.A.Maltz,”The Dynamic Source Routing Protocol for
Mobile Ad hoc Networks”, Mobile Computing, T. Imielinski and
H.Korth, Eds.,Kluwer Publications, 1996, pp 153-183.
[17] Information Sciences Institute, “The Network Simulator Ns-2”,
Http://www.isi.edu/nanam/ns/, University of Southern California.
[18] NRL’s Sensor Network Extension to NS-
2,Http://www.nrlsensorsim.pf.itd.nrl.navy.mil/.
[19] Dheeraj Reddy et al., “Measuring and Explaining Differences in
Wireless Simulation Models”, Proceedings of the 14 th IEEE
<strong>International</strong> Symposium on Modeling, Analysis and Simulation of
Computer and Telecommunication Systems (MASCOTS’06).
[20] J. Heidemann and N. Bulusu et al., “ Effects of detail in wireless
network Simulation”, In Proceedings of the SCS Multiconference on
Distributed simulation”, January 2001, pp 3-11.
[21] Stuart Kurkowski, Tracy Camp and Michael colagrosso,”MANET
Simulation Studies: The Incredibles”, Special Issue on Medium Access
and Call Admission Control Algorithms for Next generation Wireless
Networks”, volume 9, Issue 4, October 2005.
[22] Chien-Yih Wan, L.Krishnamurthy, “Pump-Slowly, Fetch-Quickly
(PSFQ): A Reliable Transport Protocol for Sensor Networks”, IEEE
Journal on selected areas in Communications, Vol 23, No 4, April 2005.
[23] O.B.Akan and I.F.Akyildiz, “Event To Sink Reliable Transport in
Wireless Sensor Networks”, IEEE/ACM Transactions on Networking,
Vol 13, No 5, October 2005.
[24] A. Mainwaring et al ,”Wireless Sensor Networks for Habitat
Monitoring”, In proceedings of the <strong>International</strong> Workshop on WSN
and applications, Atlanta, Georgia, USA September 2002.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 317

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE 1
ROUTING PROTOCOL SELECTION FOR VARIOUS APPLICATIONS IN WSAN
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 318

Proceedings of ICCNS 08 , 27-28 September 2008
Soft One To One Gateway Protocol
Balachandra G.C 1 and Hanumanathappa J 2
Abstract— The objective of the paper is to demonstrate a soft
one to one gateway switch that describes a call control architecture,
where the intelligence of the call control is outside the gateways and
handled by external call control elements called call agents. The
gateway protocol assumes that these call control elements will
synchronize with each other by sending coherent commands to the
gateways under their control. This gateway switch is master/salve
protocol where the gateways are expected to execute commands sent
by the call control elements. Gateway protocol does not define a
mechanism for synchronizing call control elements.
Keywords— MGCP, MGCI, Gateway, Callagent, endpoint,
NTFY, DLCX, AUEP, AUCX, CRCX, MDCX, RSIP, hairpin.
I. INTRODUCTION
Media gateway control interface describes an abstract
application programming interface (MGCI) and a
corresponding protocol (MGCP) for controlling Media
Gateways from external call control elements called media
gateway controllers or Call Agents. A Media Gateway is
typically a network element that provides conversion between
the audio signals carried on telephone circuits and data packets
carried over the Internet or over other packet networks. MGCP
assumes a call control architecture where the calls control
“intelligence" is outside the gateways and handled by external
call control elements known as Call Agents.
The MGCP assumes that these call control elements, or
Call Agents will synchronize with each other to send coherent
commands and responses to the gateways under their control.
If this assumption is violated, inconsistent behavior should be
expected. MGCP does not define a mechanism for
synchronizing Call Agents.
Media Gateway Control Interface functions provide for
connection control and endpoint control. Connections are
grouped in calls. One or more connections can belong to one
call. Connections and calls are set up at the initiative of one or
more Call Agents. Media gateways should be able to establish
several connections between the endpoint and the packet
networks, or between the endpoint and other endpoints in the
same gateway.
The decomposed gateway consists of a call agent, which
contains the call control” intelligence”, and a media gateway,
which contains the media functions. Media gateways contain
1 Balachandra G.C. Tontadarya College of Engineering,
Mundargi Road , Gadag-582101, Karnataka . INDIA ( Phone: +091-821-
236933, 232445; Fax: +091-08372-232446, Email:
balutech@rediffmail.com, balutech@yahoo.co.in.
2 Hanumanthappa .J., Dos in Computer Science, University of
Mysore, Manasagangothri, Mysore, Karnataka .INDIA ( phone: +091-821-
2419552; fax: +091-0821-2510789,Email: hanums_j@yahoo.com )
endpoints on which the call agents can create, modify and
delete connection in order to establish and control media
sessions with other multi media generate signals. The end
points automatically communicate changes in services state to
the call agent. Furthermore, the call agent can audit endpoints
as well as the connection on endpoints [1], [2].
Block diagram of MGCP
EC1
GW
CA
MGCP
RTP
EC2
GW
Fig 1.1: Block diagram of MGCP
Endpoint and Connection Identifiers
Endpoint identifiers have two components that both are
case- insensitive:
• the domain name of the gateway that is managing the
endpoint
• a local name within that gateway
Endpoint names are of the form:
local-endpoint-name@domain-name
Where domain-name is an absolute domain-name and
includes a host portion, thus an example domain-name could
be: softonetoone.gataway.net
Also, domain-name may be an IP-address of the form
[192.168.1.2]
Both IPv4 and IPv6 addresses can be specified, however
use of IP addresses as endpoint identifiers are generally
discouraged [1], [2].
View of call agent and gateway
Call Agent or
Media Gateway
Controller (MGC)
MGC
Media Gateway
(MG)
CA
SIP
CA : Call agent
GW : Gateway
MGCP: Media Gateway Control
Protocol
RTP: Real Time Protocol
SIP: Session initialization protocol
Fig 1.2: View of call agent and gateway
A point-to-point connection is an association between two
endpoints with the purpose of transmitting data between these
EC
SIP
H.323
Call Agent or
Media Gateway
Controller (MGC)
MGC
Media Gateway
(MG)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 319

Proceedings of ICCNS 08 , 27-28 September 2008
endpoints. Once this association is established for both
endpoints, data transfer between these endpoints can take
place [7],[9].
Call agents instructs the gateways to create connections
between endpoints and to detect certain events, e.g: off-hook,
on-hook etc, and generate certain signals, eg: ringing. It is
strictly upto the call agent to specify how and when
connections are made, between which endpoints they are
made, as well as what events and signals are to be detected
and generated on the endpoints. The gateway, there by,
becomes a simple device, without any call state, that receives
general instructions from the call agent without any need to
worry about or even understand the concept of calls or call
states.
When new services are introduced or customer profiles
changed, the changes are transparent to the gateway. The call
agent implements the changes and generates the appropriate
new mix of instructions to the gateways for the changes made.
In the MGCP model, the gateways focus on the audio
signal translation function, while the call agent handles the
signaling and call processing functions. As a consequences,
the call agent implements the "signaling".
Comm
and
Table 1 :Command Formats
Message Name
Sent
By
AUEP AuditEndpoint CA
AUCX AuditConnection CA
CRCX CreateConnection CA
DLCX DeleteConnection Both
MDCX ModifyConnection CA
RQNT NotificationRequest CA
NTFY Notify GW
RSIP RestartInProgress GW
Description
Determines the status of a
given endpoint.
Retrieves all the parameters
associated with a connection.
Creates a connection between
two endpoints.
From CallManager:
Terminates a current
connection.
From Gateway: Indicates that
a connection can no longer be
sustained.
Changes the parameters
associated with an established
connection.
Instructs the gateway to watch
for special events such as
hooks or DTMF tones. It is
also used to instruct the
gateway to provide a signal to
the endpoint (for example, dial
tone and busy tone).
Informs the Cisco
CallManager when requested
events occur.
Informs the Cisco
CallManager that an endpoint
or group of endpoints are
taken out or placed back into
service.
Sequence of Commands for a Call Establishment
The first command is a NotificationRequest, sent by the Call
Agent to the Gateway Server. The request will consist of the
following lines:
RQNT 1201 endpoint/1@rgw.whatever.net MGCP 0.1
N: ca@ca1.w hatever.net:
X: 0123456789AC
R: hd(E (dl;hu, D/[0-9#*T](D);)
D: 2XXX
The gateway immediately acknowledges the command,
repeating in the acknowledgement message the transaction id
that the Call Agent attached to the query.
200 1201 OK
When the off hook event is noticed, the gateway
provides the dial tone to the line (the delay between off-hook
and dial tone is thus minimal.) The gateway will then start
accumulating digits according to that digit map.
When it has noticed a sufficient set of values, it will
notify the observed string to the Call Agent:
NTFY 2002 endpoint/1@rgw.whatever.net MGCP 0.1
N: ca@ca1.whatever.ne
X: 0123456789AC
O: 2001
The Call Agent immediately acknowledges that notification.
200 2002 OK
The call agent analyzes the called number and
determines that this is a hairpin connection the called party is
located on the same gateway, on endpoint/2. The Call
Agent can prepare two simultaneous Create Connection
commands, creating the two legs of the connection.
The create connection sent to the first endpoint
piggybacks a notification request, to stop collecting digits yet
continue watch for an on-hook transition. The Create
Connection sent to the second endpoint piggybacks a request
to generate ringing and look for off-hook. Both commands can
be sent in a single UDP packet:
CRCX 1204 endpoint/1@rgw.whatever.net MGCP 0.1
C: A3C47F21456789F0
X: 0123456789AD
M: sendrecv
R: hu
v=0
c=LOCAL rgw.whatever.net endpoint/2
m=audio 0 LOCAL 0
CRCX 1205 endpoint/2@rgw.whatever.net MGCP 0.1
C: A3C47F21456789F0
X: 9875659876
M: sendrecv
R: hd
S: rg
v=0
c=LOCAL rgw.whatever.net endpoint/1
m=audio 0 LOCAL 0
We should note that the call agent does not send the local
connection options since it knows that it is a local (a.k.a.
"hairpin") connection are entirely described by the SDP text.
The gateway immediately acknowledges the creations,
sending back in two messages the identification of the newly
created connections:
200 1204 OK
I:FDE234C8
200 1204 OK
I:9867659A
The gateway, at that point, is instructed to look for an
off-hook event on the second endpoint, and to report it. When
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 320

Proceedings of ICCNS 08 , 27-28 September 2008
the gateway notices the off hook event, it sends a Notify
command to the Call Agent:
NTFY 2001 endpoint/1@rgw.whatever.net MGCP 0.1
X: 9875659876
O: hd
The Call Agent immediately acknowledges that notification:
200 2001 OK
The Call agent will now send a Notification Request
command to the gateway, asking to look for an off-hook event
on the second end-point:
RQNT 1206 endpoint/2@rgw.whatever.net MGCP 0.1
X: 987565989A
R: hu
The gateway acknowledges that command:
200 1206 OK
At this point the call is active between the two gateway
users.
When the first user goes off hook, it sends a notification to the
call agent:
NTFY 2010 endpoint/1@rgw.whatever.net MGCP 0.1
X: 987565989A
O: hu
The call agent acknowledges the notification. It can, in a
single UDP message, send the acknowledgement and the
Delete Connection commands that will clear the call.
For the first gateway, the command embeds a
notification request that readies that gateway for the next call:
200 2010 OK
.
DLCX 1210 endpoint/1@rgw.whatever.net MGCP 0.1
C: A3C47F21456789F0
I: FDE234C8
N: ca@ca1.whatever.net
X: 012345673FDE
R: hd(E(dl;hu, D/[0-9#*T](D);)
.
DLCX 1211 endpoint/2@rgw.whatever.net MGCP 0.1
C: A3C47F21456789F0
I: 9867659A
X: A3C5F0
R: hu
The gateway will acknowledge the commands in a single
UDP message that will carry the "local connection" version of
the connection parameters.
250 1243 OK
250 1244 OK
When the second user goes off hook, the gateway sends a
Notify commands
NTFY 2020 endpoint/2@rgw.whatever.net MGCP 0.1
X: A3C5F0
O: hu
The Call agent follows with a notification requests,
transmitted in the same packet as the acknowledgement, in
order to ready the line for the next call:
200 2020 OK
.
RQNT 1220 enpoint/1@rgw.whatever.net MGCP 0.1
N: ca@ca1.whatever.net
X: 0123456793E5
R:hd(E(dl;hu, D/[0-9#*T](D);)
The gateway acknowledges the command, signaling that
the second endpoint is now ready [1], [2].
200 1220 OK
II DESIGN AND ARCHITECTURE
Design of Call Processing and Feature Processing
Also called Call Processor, implements the Call
processing and feature processing code. This module of the
MGCP Call Agent incorporates the basic functionality of the
entire call processing for the MGCP based endpoints. It is a
generic Call Processing, which can work with any kind of
protocol as long as it adheres to the interface message
explained below.
A basic call finite state machine has been designed &
implemented to achieve a stable & real time call processing
between the multiple web clients operating over the LAN.
States Recognosized
• Idlestate
• Dialingstate
• Ringingstate
• Establishedstate
• Terminationstate
Designing Basic Call Flow
Idle
Events
Dialing
Interface
Ringing
STATE
Actions
Established
Fig 2.1: Basic Call FSM with different states
Terminating
Events Interface
This interface contains all the possible physical events
that are sent by the web clients during Call Processing (To
establish a basic call). It also includes some of the other
messages, which are for the internal functioning of the FSM.
List of events possible are
• OnHook
• OffHook
• DigitsDialed
• Flash
• TimedOut
• CallAccepted
• CallTerminated
• CallRequested
The last three messages/events are used for the internal
functioning of the FSM.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 321

Proceedings of ICCNS 08 , 27-28 September 2008
Actions
This interface contains the list of all the generic actions
(applicable to all the end users/clients). In appropriate states
the required action should be processed & rendered to the web
clients
List of actions possible are
• StopTone
• GiveTone
• InvalidEvent
• SendMessage
Other state specific actions are processed in the
respective individual states.
III IMPLEMENTATION
States
The State class implements the two interfaces EVENTS
and ACTIONS. All the states of the basic call FSM are
derived from this common Class STATE.This class adds some
extra member functions, other than implementing the two
Interfaces.
Idle State
The Idle State class is one of the classes of the basic call
FSM. This class overrides some of the methods of it’s base
class STATE which in turn implements the EVENTS and
ACTIONS interface[5][6].
On the occurrence of the following Events appropriate Actions
are taken on the particular Set Object & the Actions taken are
listed below the event names.
The functions or methods that are overridden by the
IdleState class are:
• OnHook( )
InvalidEvent ();
Only when Web Clients goes OffHook a set object is
created which has a state as IdleState
• OffHook( )
Dial Tone is fed to the end client. The corresponding set
object fields are manipulated as follows:
STATE == DIALING;
SUB_STATE == SS_START_DIALING;
TONEFLAG == TRUE;
PREVSTATE == IDLE;
PREVSUBSTATE==NONE;
Update the Hash table with the modified set object
• DigitsDialed( )
InvalidEvent ();
• Flash( )
InvalidEvent ();
• CallRequested( )
Give RING to the set (end client) for which the
message/event has arrived.
Give RING_BACK_TONE to the set from which this
message has come.
Set Object fields changed are:
STATE == RINGINGSTATE;
SUB_STATE == NONE;
RINGFLAG == TRUE;
Change the TONE field of the other set object to
RING_BACK_TONE
Update the two set objects in the HASH table
• CallAccepted( )
InvalidEvent ();
• CallTerminated( )
InvalidEvent ();
• TimeOut( ) : yet to design IdleState specific actions are
taken in each of the above methods / functions.
Dialing State
The Dialing State class is one of the classes of the basic
call FSM. This class overrides some of the methods of it’s
base class STATE which in turn implements the EVENTS &
ACTIONS interface
The functions or methods that are overridden by the
DialingState class & the appropriate Actions are:
• OnHook( )
If (SUB_STATE == SS_CONNECTING)
Send CallTerminated message to the other Set
Object
STATE == IDLE;
SUB_STATE == NONE;
The set object is removed from the Hash Table
• OffHook( )
InvalidEvent ();
• DigitsDialed( )
If (SUB_STATE == SS_CONNECTING) InvalidEvent
();
Else
If (SUB_STATE == SS_START_DIALING)
Stop the Dial Tone to the set;
Read the digits dialed;
SUB_STATE == SS_CONNECTING;
Update the Call Register associated with the set;
Update the Hash table with the modified set object;
• Flash( )
If (SUB_STATE == SS_CONNECTING) Feed
RING_BACK_TONE to the set;
Else if (SUB_STATE == SS_START_DIALING) Feed
DIAL_TONE to the set
• CallRequested( )
Give BUSY_TONE to the set from which the
message/event has arrived;
Get the set object from the Hash Table;
TONE == BUSY_TONE;
Update the Hash Table with this set object
• CallAccepted( )
If (SUB_STATE == SS_CONNECTING)
Stop the RING on the terminating set;
Stop the RING_BACK_TONE to the; originating set
STATE == ESTABLISHEDSTATE;
SUB_STATE == NONE;
Else InvalidEvent ();
• CallTerminated( )
InvalidEvent ();
DialingState specific actions are taken in each of the
above methods / functions
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 322

Proceedings of ICCNS 08 , 27-28 September 2008
Ringing State
The Ringing State class is one of the classes of the basic
call FSM. This class overrides some of the methods of its base
class STATE which in turn implements the EVENTS &
ACTIONS interface
The functions or methods that are overridden & the
appropriate actions taken by the are:
• OnHook( )
InvalidEvent ();
• OffHook( )
Send CallAccepted message to the other set object;
STATE == ESTABLISHEDSTATE;
RING_FLAG == False;
Make the call register handle of the RINGINGSTATE
set object point to the call register of the other
(opponent) set object;
• DigitsDialed( )
InvalidEvent ();
• Flash( )
InvalidEvent ();
• CallRequested( )
Give Tone BUSY_TONE to the set object from where
the message has arrived whose present TONE ==
BUSY_TONE;
Update the Hash Table with the updated set object;
• CallAccepted( )
InvalidEvent ();
• CallTerminated( )
Stop Ring to the set;
STATE == IDLE;
RINGFLAG == false;
Remove the set object from the Hash Table;
• TimeOut( )
yet to design;
RingingState specific actions are taken in each of the
above methods / functions
Established State
The Established State class is one of the classes of the
basic call FSM. This class overrides some of the methods of
its base class STATE which in turn implements the EVENTS
& ACTIONS interface
The functions or methods that are overridden & the
Actions are:
• OnHook( )
Send CallTerminated to the other (opponent) set object
STATE == IDLE;
SUB_STATE == NONE;
Remove the set object from the Hash Table;
• OffHook( )
InvalidEvent ();
• DigitsDialed( )
InvalidEvent ();
• Flash( )
InvalidEvent ();
• CallRequested( )
Give BUSY_TONE to the set from which this
message/event has been received with
CURRENT_TONE == BUSY_TONE;
Update the Hash Table with this set object;
• CallAccepted( )
InvalidEvent ();
• CallTerminated( )
STATE == TERMINATIONSTATE;
SUB_STATE == NONE;
Update the Hash Table with the modified set object;
EstablishedState specific actions are taken in each of the
above methods / functions
Terminate State
The Established State class is one of the classes of the
basic call FSM. This class overrides some of the methods of
its base class STATE which in turn implements the EVENTS
& ACTIONS interface
The functions or methods that are overridden & the
specific Actions are:
• OnHook( )
STATE == IDLE;
Remove the set object from the Hash Table;
• OffHook( )
InvalidEvent ();
• DigitsDialed( )
InvalidEvent ();
• Flash( )
InvalidEvent ();
• CallRequested( )
Give Tone BUSY_TONE to the set from which this
message/event has arrived; CURRENT_TONE ==
BUSY_TONE;
Update the Hash Table;
• CallAccepted( )
InvalidEvent ();
• CallTerminated( )
InvalidEvent ();
TerminationState specific actions are taken in each of
the above methods / functions
State Machine Diagram
The FSM implements the Basic Call FSM.This is the
class, which handles & manipulates the call processing with
the aid of the FSM
The public functions of this class are:
• void startFsm( )
This function is responsible for the start of the Basic Call
FSM.It creates objects of all the classes present in the
FSM.
• void EventDispatcher(Sets handle , InterfaceMessage
iMsgHandle)
This function is responsible for the dispatching of the
events in the appropriate state handles.
• void printCurrentState( )
This function is responsible for printing out in the
console the set object related information & also the call
register related information for testing purposes.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 323

Proceedings of ICCNS 08 , 27-28 September 2008
IV IMPLEMENTATION RESULTS & ANALYSIS
Table 2: State Transition Matrix
STATE
ESTA
RINGI
TERMI
IDL DIALING
BLISH
NG
NATED
EVENT
ED
[8] http://www.ietf.org/rfc.html
[9] http://wwwprotocols.com/pbook/voipfamily
Off- Hook
DIALL
ING
InValid
ESTA
BLISH
ED
InValid
InValid
On- Hook Invalid IDLE InValid IDLE IDLE
Digits
Dialled
Invalid DIALLING Invalid Invalid Invalid
Call
Requested
RINGI
NG
Invalid Invalid Invalid Invalid
Call
Accepted
InValid
ESTABLIS
HED
Invalid Invalid Invalid
Call
Terminated
Invalid Invalid IDLE Invalid Invalid
TimeOut Invalid Invalid IDLE Invalid Invalid
Analysis
The above results are satisfying the requirement of
MGCP 1.0 standard, verified for all the command format of
table 1.1. The webclient is a ‘Browser downloadable secured
Applet’ which can be downloaded from the web server and
used to make VOIP calls with other similar webclients.
Conclusion
If we look at the development of media gateway control
protocols from simple PSTN/VOIP interworking “enables” to
complex media-specific applications, it is clear that the Media
Gateway Control Protocols have an important role to play.
Like IP centric conferencing and media-related application.
The inherent client/server architecture of the protocol provides
room for growth and possibilities of developing flexible,
scalable applications. The decomposed gateway architecture
greatly eases the problems of management and expansion.
Future Enhancement
The media-Oriented Design of the protocols provide the
opportunity for better media management as multimedia
conferencing media-rich application become a greater part of
everyday life (IVR announcement servers, call centre
application). New Package- such as a media server package
that defines events and signals for controlling a media server.
References
[1] Arango, et al. Informational RFC 2705 Media Gateway Control
Protocol (MGCP) 1999,2003.
[2] Network Working Group, Cisco Systems Informational RFC 3661 B.
Foster C. Sivachelvan 2003
[3] Data Communication and Networking 4e-Forouzan
[4] Andrew S. Tanenbaum, Computer Networks., Fourth edition,2005.
[5] Herbert Schildt Complete Reference Java 2 Tata McGraw Hill 2002 5e
[6] E Balaguruswamy Programming with Java A Primer 2000 2e
[7] http://www.voip-info.org/wiki/index.phppage=VOIP+phone
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 324

Proceedings of ICCNS 08 , 27-28 September 2008
VISUAL CRYPTOGRAPHY & BPCS
STEGANOGRAPHY
Mr. M. P. Wankhade, Mr. S.T. Patil
Abstract- In this paper use of cryptography along with
steganography is implemented for the secure transaction. A Visual
cryptography scheme which can decode concealed image without
any cryptographic computation. In the implementation, the image
is split into 2 shares which can be decoded at receiving side by
printing shares on transpierces and staking together. Before
transfer on internet data is embedded into another image using
steganography. BPCS-Steganography (Bit-Plane Complexity
Segmentation Steganography) is a one type of digital
steganography. BPCS uses an image file in true color format for a
cover image. All of the traditional steganographic techniques have
limited information-hiding capacity. They can hide only 10% of
the data amounts of the cover. While BPCS can embed very
large amount of "confidential" data file in the cover image.
The basic difference of the embedding is to replace noisy
areas on each bit-plane of the cover image with the
confidential data. This steganography exploits the characteristics
of human vision system which can't see any shape information in
a very noisy area on an image bit-plane. In the embedding
process the image color value is transformed from the pure
binary code system into the canonical gray code system because
the canonical gray code keeps better image quality than pure
binary code when the cover is embedded with other data. Noisy
area on the bit-plane is segmented according to a complexity
measure for the binary image.
We presented combined use of Visual cryptography along with
BPCS Steganography to provide added security during data
transfer over internet.
Keywords—BPCS, Data Hiding, Steganography, Visual
Cryptography
T
I. INTRODUCTION
ODAY we are in the age of information technology.
Internet communication has become an integral part of
the today’s life. The information communicated comes
in numerous forms and is used in many applications. In a
large number of applications demanded secure data
transactions. Such secret communication ranges from the
obvious cases of bank transfers, corporate
communications, and credit card purchases and e-
communication. But Internet is not a secure medium, and
hacking is always possible for the confidential information.
Encryption provides an obvious approach to information
security. However, encryption clearly marks a message
as containing “interesting” information, and the
encrypted message becomes subject of attack. On the
other hand in many cases it is desirable to send
information without anyone even noticing that information
has been sent.
II. VISUAL CRYPTOGRAPHY
Visual cryptography is an encryption technique to hide
information in images in such a way that it can be
decrypted by the human vision if the correct image shares
are used. This technique was initially proposed in [1]. The
image is composed of black and white pixels. To encrypt,
each pixel is divided into m sub-pixels, and for each pixel
in the secret image, each participant is given m sub-pixels,
some of which are black and some of which are white.
These sub-pixels are so small that the eye averages them to
some shade of grey. Each participant’s share of the image
can be thought of as a transparency with a mixture of black
and white sub-pixels. To combine shares, participants
simply stack their transparencies.
For implementation we have used simplest form, a (2, 2)
visual cryptography scheme to "splits" the original image
into two "shadow images" called "shares." Every pixel in
the original image is expanded to a 2x2 pixel matrix with a
different version in any of the two shares. Any share
contains uniformly distributed random black-and-white
pixels. By analyzing only a single share, you can't obtain
information about the original image. The whole point of
visual cryptography is that in the decryption process, the
original image has to be visually reconstructed. Each share
is printed on a separate transparency and passed to a
participant at the scheme. When the two participants come
together, the secret can simply be reconstructed by stacking
the two transparencies.
Table 1: A (2, 2) Visual Cryptography Scheme
M. P. Wankhade M.Tech (I.T.) student of Bharati Vidyapeeth College
of Engineering, Pune. Presently working with Sinhgad College of
Engineering Pune. (e-mail: mwankhade@yahoo.com).
S.T. Patil is working as Professor in Computer Engg. Dept. of Bharati
Vidyapeeth University College of Engineering, Pune.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 325

Proceedings of ICCNS 08 , 27-28 September 2008
To build the shares, the visual cryptography scheme in this
application uses only considers diagonal matrices as shown
Versions 1 and 2 in Table 1. Figure 1 is an example of the
visual cryptography scheme implemented by the
application.
Figure 1. (A) Secret Data; (B) Recomposed Data
(C ) First Share (D) Second Share
Figure 2. (A) Brain; (B) MSB; (C ) 5 th Bit-plane (D) LSB
III. BPCS STEGANOGRAPHY
Steganography is a technique to hide secret information
in some other data (we call it a vessel) without leaving any
apparent evidence of data alteration. All of the traditional
steganographic techniques have limited information-hiding
capacity. They can hide only 10% (or less) of the data
amounts of the vessel.
BPCS-Steganography (Bit Plane Complexity
Segmentation) uses image segmentation based on the
measure called complexity. The complexity is defined over
a local region within a binary image. Local regions within a
binary image can be classified as “informative” or “noiselike”
by using complexity measure. The human vision is
unable to perceive the replacement of noise-like regions if
the secret data is random pattern. BPCS allows the
replacement of about 50% of cover images with secret data
without any image degradation that can be perceived by
humans.
The bit-planes of natural images display monotonic
increasing complexity from the Most Significant Bit-plane
(MSB) to the Least Significant Bit-plane (LSB). Most of
the LSBs just look like random noise (Figure 2). Following
the separation of the image in bit-planes, every bit-plane is
decomposed in 8x8 mesh and the complexity of the regions
is calculated. There is no general definition for the
complexity of a binary image. Nevertheless, there's a
simple way to calculate the complexity of a region in the
bit-plane just count the number of color changes in every
row and column of the region. To define a coherent scale of
complexities, you normalize this figure such that one plain
color has a complexity of 0 and the checkerboard pattern
has a complexity of 1.
Any region in any bit-plane with a complexity above a
chosen threshold is considered random noise and replaced
by 8 bytes of data.
IV. MODIFIED BPCS STEGANOGRAPHY
It is still possible that an embedded block will not have a
complexity above the threshold value. In this case, the
conjugate of the block must be taken. The conjugate of a
binary image is obtained by XORing the image with the
checkerboard pattern. Obviously, the original data can be
remade by XORing the new image with the checkerboard
pattern again. If necessary, the conjugate is calculated, and
you need a "flag" to mark the region as "conjugated." The
information about this is stored in a “Conjugative map”,
which can be useful as a key during retrieving process at
receiver side.
During the implementation data is written from LSB to
MSB from the first block. As LSB has more noise-like
regions and more data can be stored. A 24-bit true-color
image consists of red, green, and blue (RGB). The human
visual system seems sensitive to green variations and less
sensitive to blue ones. Therefore, I adopt the following
order in embedding data: I start with the first LSB block of
every constituent color and then move to the next plane
until all the embedding information is written. The human
visual system seems sensitive to green variations and less
sensitive to blue ones. Hence the order of the color
components is blue, red and green.
V. IMPLEMENTATION
An implemented model involves a "sender" and
"receivers”. The sender chooses a secret message
represented as a binary black-and-white image and applies
a (2, 2) visual-cryptography scheme on the secret message,
obtaining the two corresponding shares. Every share is
individually embedded into a 24-bit true colors image
(called a "vessel") using the modified BPCS scheme.
Finally, the sender electronically sends the images with
embedded data to the receiver along with Conjugative map
and threshold value. Receivers process the received image
to obtain the embedded share as a binary image, and print
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 326

Proceedings of ICCNS 08 , 27-28 September 2008
the binary image on a transparency. As soon as the
receivers come together, they can visually reconstruct the
secret message by carefully superimposing the two
transparencies.
Visual cryptography-BPCS program is developed using
C language and Visual Basic. The project consists of two
phases – encryption and data hiding. In encryption process
secret gray scale image is spitted into 2 shares using pixel
expansion methods and saved. Then each share is
embedded into cover image using bit plane complexity
segmentation. The complexity threshold is selected by user
at embedding process.
We embed the secret blocks into cover image using the
following steps.
1. Transform the dummy image from PBC to CGC
system.
2. Segment each bit-plane into informative and noise-like
regions by using a threshold value.
3. Insert the details of secret image into first complex
block of the cover image.
4. Group the bytes of secret file into a series of secret
blocks.
5. If a secret block is less complex than threshold, then
conjugate it to make more complex.
6. Embed these blocks into the noise-like regions. If the
block is conjugated, then record this in a conjugation
map.
7. Convert the embedded dummy image from CGC back
to PBC.
8. Save the conjugate map into a text file.
Output of visual cryptography is shown in figure 1. (A)
is original image; (B) is recomposed image while (C) and
(D) are the two shares of the original image. These split
images cannot be easily identified and looks as random
data. These two shares are recomposed we can recover the
data. The recomposed image is double in size of original
image.
The BPCS module is used to embed the shares into the
cover file. The front end to embed the shares is as shown in
figure 3
share file (Mahesh.bmp 37.9 KB). The embedded operation
does not increase the size of the image by even a single
byte. The size of embedded data is 66% of original image.
Yet, even when viewed on the computer monitor, the
images before and after embedding are almost
indistinguishable from one another. But Mean, RMSE and
PSNR values shows that the images are actually different.
Figure 4 Compare Image.
After various test we understand that the data hiding
capacity depends on the cover image size and how complex
the image is. The complexity threshold value selected for
data hiding also plays very important role. As complexity
threshold decreases the data hiding capacity increases.
Table 2 shows the some results. The information hiding
capacity is nearly 50% of the size of the each cover image.
This capacity is 4 to 5 times as large as other
steganographic techniques.
Table 2 : Result Analysis
Secret Image
Pune.bmp
(20 KB)
Face.bmp
(66 KB)
Cover
Image
Brain.bmp
(55 KB)
A3.bmp
(597 KB)
Threshold
Output image
0.3 Brain11.bmp
(55 KB)
0.3 A33.bmp
(597 KB)
Mahesh.bmp
(20 KB)
Lady.bmp
(258 KB)
Brain.bmp
(55 KB)
A3.bmp
(597 KB)
0.3 Brain112.bmp
(55 KB)
0.4 A3lady.bmp
(597 KB)
The Data hiding capacity of any image depends on the
threshold value selected for the complexity and how
complex the image is. Table 3 and Table 4 shows the data
hiding capacity of the brain.bmp (54.1 Kb) image and
flower.bmp (170 Kb) at different complexity threshold.
Figure 3 Embed Share.
Figure 4 shows the original image (Brain.bmp 55KB)
and stego image (Brain112.bmp) after embedding another
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 327

Proceedings of ICCNS 08 , 27-28 September 2008
Table 3 : Data Hiding Capacity of brain.bmp
Threshold Capacity % of Original
0.3 27 KB 50 %
0.4 20 KB 37 %
.05 07 KB 14 %
Table 4 : Data Hiding Capacity of flower.bmp
Threshold Capacity % of Original
0.3 93 KB 54 %
0.4 73 KB 42 %
.05 26 KB 15 %
VI. Conclusion
Experimental result indicates that security provided by
this new approach is high as compare to simple embedding
in an image. The software is applied for the various source
files and cover files having different capacity. The system
gives good results for visual cryptography and BPCS.
Overall, the results went fairly as expected. Increasing the
threshold at which bit planes are determined to be complex
decreased the embedding capacity, but also decreased the
distortion. Embedding at full capacity (based upon the
threshold) of the image including every bit plane proved
to add distortion (although typically worse at lower
thresholds) because the higher bit planes are visually much
less tolerant to change.
References
[1] M. Naor and A. Shamir, Visual Cryptography,
Springer.
[2] C. Blundoet al, “Improved Schemes for Visual
Cryptography,” Designs, Codes and Cryptography,
vol. 24, no. 3, pp. 255–278.
[3] C. Blundo et al, “Visual cryptography schemes with
optimal pixel expansion,” Theoretical Computer
Science,vol. 369, no. 1-3, pp. 169–182.
[4] Eiji Kawaguchi, Principle and applications of BPCS-
Steganography.
[5] Jain, Anil K., Fundamentals of Digital Image
Processing, Prentice Hall, Englewood Cliffs, NJ,
1989.
[6] Kawaguchi, E., Endo, T. and Matsunaga, J., “Depthfirst
picture expression viewed from digital picture
processing”, IEEE Trans. on PAMI, vol.5, pp.373-384,
1988.
[7] Kawaguchi, E. and Taniguchi, R., “Complexity of
binary pictures and image thresholding - An
application of DFExpression to the thresholding
problem”, Proceedings of 8th ICPR, vol.2,
[8] Kawaguchi, E. and Taniguchi, R., “The DF-Expression
as an image thresholding strategy”, IEEE Transaction
SMC, vol.19, no.5, pp.1321-1328, 1989.
[9] Kamata, S, Eason, R. O., and Kawaguchi, E., “Depth-
First Coding for multi-valued pictures using bit- plane
decomposition”, IEEE Trans. on Comm., vo.43, 995.
[10] Kawaguchi, E. and Niimi M, “Modeling Digital Image
into Informative and Noise-Like Regions by
Complexity Measure”, Preprint of the 7th European-
Japanese <strong>Conference</strong> on Information Modeling and
Knowledge Bases, May, Toulouse, 1997.
[11] N. F. Johnson, Z. Duric and S. Jajodia: “Information
Hiding: Steganography and Watermarking – Attacks
and Countermeasures”, Kluwer Academic Publishers,
pp.47–76.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 328

Proceedings of ICCNS 08 , 27-28 September 2008
VoIP Bluetooth Technology
Mrs.F.M.Inamdar , Mrs.S.R.Rathi
Abstract :
Part –I contains Introduction to Voice over internet protocol Here we
will explain what is VoIP It’s features, How it works & it’s
applications.
Part-II contains introduction to Bluetooth technology How it works,
IP over Bluetooth technology, Bluetooth devices & its applications.
Part-III contains1.Conclusion 2.References.
I. INTRODUCTION TO VOIP
VoIP (Voice over Internet Protocol) is simply the transmission
of voice traffic over IP-based networks. The Internet Protocol
(IP) was originally designed for data networking. The success
of IP in becoming a world standard for data networking has
led to its adaption to voice networking. Voice over internet
protocol is the fast emerging and replacement technology for
the voice communication. Many people still want to know that
how it works. Voice over internet protocol costs less than your
regular phone service and for this reason it’s more attractive to
the consumers. VOIP also costs less than a mobile phone’s
monthly cost.
II. VOIP FEATURES
The biggest advantage of VoIP is that the customers can make
calls from anywhere in the world where a broadband internet
connection is available. The customers can take their IP
phones or ATA's with them on national and international trips
and still can manage to access what is essentially an
individual's domestic phone line. Then there are the
softphones, which a software application that loads the VoIP
services onto the desktop or laptop. Some even simulate an
interface that looks like a telephone, with which you can place
VoIP calls to anybody around the world, through a standard
broadband connection. Most VoIP services come with the
caller id, call waiting, call transfer, repeat dialing and threeway
dialing features. For additional features such as call
filtering, forwarding a call, or sending calls directly to the
voice mail, the service provider may assess an additional fee.
Most VoIP services also allow the user to check his/her
voicemail over the web or attach messages to an e-mail that is
sent to his/her PDA or PC. Generally, the facilities and
components provided by VOIP phone system suppliers and
service operators may vary in significant ways. It is advisable
to check the pros and cons before subscribing. Make sure that
you have available technical support for the possible
compatibility issues that could arise between the existing and
new hardware components. How Does VoIP Over Internet
Protocol Works Voice Over Internet Protocol also called
Internet Telephony and internet telephony is the technology
for future. With this technology you can make free of cost and
very cheap long distance calls all over the world. VoIP uses a
broadband Internet connection for routing telephone calls as
opposed to the switching and fiber optics. By this process the
customer can get the higher efficiency and quality of service
as well as low cost. One major and interesting aspect of the
VoIP technology is that there is no major infrastructure is
required. The VoIP infrastructure includes the broadband
Internet connection, regular telephone line and VoIP software
and hardware. Some of renowned companies of the voice over
internet protocol business are Vonage and Skype. These both
companies prove services to their US people as well as people
of the other countries. Cisco systems have also a big name in
providing the VoIP hardware. Application Eliminating Phone
Lines With VoIP service, you can cancel your traditional
phone service through your local telephone company and
place all of your telephone calls over your broadband Internet
connection.
III. ELIMINATING LONG DISTANCE CHARGES
VoIP technology can also save money on long-distance
charges. Most residential and business telephone customers
pay per-minute fees for long-distance telephone calls. VoIP
can reduce or eliminate those long-distance fees. This saving
is especially valuable with <strong>International</strong> calls, where perminute
charges for traditional telephone calls can be very
expensive. Number Portability With VoIP service, you can
take your phone number anywhere you go, easily. If you have
a Chicago number and you move to New York, you can keep
your Chicago number. This is very convenient for friends and
family to keep in contact with you wherever you go. More
than One Way to Make a Call Using VoIP technology, phone
calls can also be made using IP phones between two
computers. IP phones looks like normal standard handsets, but
equipped with an RJ 45 Ethernet connector in place of the
common RJ 11 connectors. These phones come with all the
necessary hardware and software pre-loaded, allowing the
user to directly connect to the router bringing the new user
into the cost effective world of VoIP. PC to PC calls are the
easiest and most inexpensive way to make use of VoIP
technology. There are many companies providing software for
free or at reduced cost to encourage consumer
experimentation with VoIP. When calling from a PC, all the
user may need is a microphone, a suitable sound card and a
reliable internet connection. The service itself may be free of
cost in many cases. The only fee the end user may have is the
monthly fee for the internet service provider and nothing
additional for the actual calls made. Introduction To The
Bluetooth Technology “Bluetooth wireless technology is an
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 329

Proceedings of ICCNS 08 , 27-28 September 2008
open specification for a low power, short-range radio
technology for ad-hoc wireless communication of voice and
data anywhere in the world. to be used to connect both mobile
devices and peripherals that currently require a wire.
Bluetooth technology is a short range wireless technology that
was developed by the collaboration of mobile phones and IT
companies such as Nokia, Intel, Toshiba, Erickson and IBM
IV. HOW DOES IT WORK
Bluetooth is a standard radio frequency chips that can be
plugged into your devices .These chips were designed to take
all of the information that your wires normally send, and
transmit it at a special frequency to something called a
receiver Bluetooth
.
• Each channel is divided into time slots 625 microseconds
long •Packets can be up to five time slots wide Data in a
packet can be up to 2,745 bits in length
The master Bluetooth device can communication with the
seven other Bluetooth enabled devices. Different devices
support different standards of the Bluetooth technology. The
research on the advanced Bluetooth is in progress for the
Bluetooth version 3.0 to provide the high speed connections.
Bluetooth technology also provides support for the VOIP
technology. The Bluetooth headset provides the wireless
extension to the Bluetooth devise. A typical Bluetooth device
consist of RS transceiver, protocol stacks and base bands and
It does not require to install the additional drivers to use the
Bluetooth technology and it can connect all the office
peripheral such as computer with printer, computer with
scanner and computer with laptop. Among the other
advantages of the Bluetooth technology is the automatic
synchronization of the desktops, mobile phones and other
Bluetooth held devices. Another popular use of the Bluetooth
is in the cars and automotives. The most commonly Bluetooth
held devices are mob phones, personal computers, laptops,
headsets, access points, car kits, speaker phone, streaming
video, MP3 players, SIM cards, Push-2-talk, PDA and digital
camera. By this technology, mobile data can be used in the
different applications. It provides the speed of 1-2 Mbps.
Bluetooth’s small microchip can be built in the devices and it
can also be used as the external adapters and used for the
different network communication devices. Bluetooth enabled
devices can change their frequency very rapidly so they can be
saved from the external interference. Bluetooth enabled
devices have built in security features and they use pin code
and 128 encryption. If the two wireless devices follow the
Bluetooth standards they can communicate with each other
without any external devices or wires. The more
enhancements are in progress in this technology to provide
most robust, state-of-the-art, high speed and secure
connections to the mobile users.
Bluetooth Goals & Vision:
• Originally conceived as a cable replacement technology
• Short-Range Wireless Solutions
• Open Specification
• Voice and Data Capability
• Worldwide Usability
• Other usage models began to develop:
• Personal Area Network (PAN)
• Ad-hoc networks
• Data/voice access points
• Wireless telematics
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 330

Proceedings of ICCNS 08 , 27-28 September 2008
4) Bluetooth-enabled Head Set
V. USES
Bluetooth is a standard and communications protocol
primarily designed for low power consumption, with a short
range (power-class dependent: 1 meter, 10 meters, 100
meters) based on low-cost transceiver microchips in each
device. Bluetooth enables these devices to communicate with
each other when they are in range. The devices use a radio
communications system, so they do not have to be in line of
sight of each other, and can even be in other rooms, as long as
the received transmission is powerful enough.
Bluetooth Devices
Bluetooth will soon be enabled in everything from:
• Telephones ,Headsets ,
Computers ,Cameras ,Cars,Etc …
Bluetooth Products
1) Bluetooth-enabled PC Card
• Future of Bluetooth
• Success of Bluetooth depends on how well it is integrated
into consumer products
• Consumers are more interested in applications than
the technology
• Bluetooth must be successfully integrated into
consumer products
• Must provide benefits for consumer
• Must not destroy current product benefits
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 331

Proceedings of ICCNS 08 , 27-28 September 2008
• Key Success Factors
• Interoperability
• Mass Production at Low Cost
• Ease of Use
End User Experience Conclusion: From the different
applications we will prove how useful VoIP over Bluetooth
technology is why it is needed. Then how VoIP on internet
protocol to make calls efficiently with low cost and without
wires. By using Bluetooth technology user can become more
interactive and user friendly with other people so that such
technologies are used in mobiles computer, cameras etc.
REFERENCES:
1. http://www.palowireless.com/bluetooth/
2. http://www.ensc.sfu.ca/~ljilja/cnl/presentations/jeffrey/bt
presentation/tsld005.htm
3. http://www.bluetooth.com
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 332

Proceedings of ICCNS 08 , 27-28 September 2008
Cryptanalysis of RSA Using Mobile Agents
. Prof .Sanjeev .S Sannakki, Prof .D. M.Choudhari & Prof. H.H.Kenchannavar
, Dept. of Computer Science & Engineering
Gogte Institute of Technology,Udyhambhag,
Belgaum.Karnataka. PIN 590008
Phone No.-(+91)9448853277 ,(+91)9449383002
Email ID: sannakkisanjeev@yahoo.co.in
Email ID: dtttry_choudhari@yahoo.co.in
Email ID: harish_14@rediffmail.com
ABSTRACT
Public key cryptosystems led
researchers all over the world to use three major
approaches to cryptanalyse the algorithms: bruteforce,
mathematical and implementation attacks.
Even with mathematical attacks it takes years to
cryptanalyse the algorithm on a single processor.
As the key length increases the time to
cryptanalyse increases exponentially. Distributed
Computing, where the work is divided among
multiple processors reduces the computation
time considerably. In this paper we propose use
of mobile agents for distributed computing. If a
number of agents share the workload the time is
reduced by a considerable factor.
Mobile agent technology offers a new
computing paradigm, in which a program, in the
form of a software agent, can suspend its
execution on a host computer, transfer itself to
another agent-enabled host on the network, and
resume execution on the new host. The mobile
agents can be characterized in a number of ways
ranging from simple distributed objects to highly
organized software with embedded intelligence.
The notion of using mobile agents for
cryptanalysis forms an effective method for
testing the strength of a cryptographic algorithm.
Keywords: CRYPTANALYSIS, RSA,
PRIVATE KEY, PUBLIC KEY, MOBILE
AGENT, AGLET
1. INTRODUCTION
1.1 Public Key Encryption
1.1.1 Introduction of RSA
The RSA algorithm is mainly a public
key based cryptosystem used widely in network
communications like in Virtual Private Networks
(VPNs). In public key encryption technique, a
key is split into two keys and they are called as
public and private keys. Public key is advertised
to the world and private key is kept secret. It is
extremely difficult to generate private key using
the public key. So, someone who knows the
public key cannot decrypt a message after it has
been encrypted using the public key.
1.1.2 Description of the RSA algorithm
RSA algorithm is a block cipher
technique in which plaintext and cipher texts are
integers between ‘0’ and ‘n-1’ for some ‘n’.
Select p and q where p and q are prime
numbers. Calculate n = p x q
Calculate φ (n) = (p-1) x (q-1)
Select integer e such that gcd (φ (n),e)=1; 1

Proceedings of ICCNS 08 , 27-28 September 2008
Encryption process
Plaintext
M < n
Cipher text C = M e (mod n)
Fig. 1.2 ENCRYPTION PROCESS
Decryption process
Cipher text(input ) C
Plaintext M = C d (mod n)
Fig. 1.3 DECRYPTION PROCESS
2. CRYPTANALYSIS
Researchers all over the world used
three major approaches to cryptanalyse the RSA
algorithm: Brute-force, Mathematical and
Implementation attacks. However, to this day all
attempts to devise a potent methodology to break
RSA have failed. This paper is an attempt to
cryptanalyse RSA combining mathematical and
brute-force methods by mapping an equally
correct but smaller in magnitude possible key
space, and exhaustively searching for D', a
congruent value to the private key D. Statistical
report of the algorithm efficiency shows only
number of attempts it takes to obtain suitable
private key D’.
2.1 Factorization Attack
The difficulty of all mathematical
approaches is virtually equivalent to factorization
of modulus N into its two prime factors P and Q.
Once modulus factors are known, Euler function
φ (N) = (P-1) x (Q-1) could be easily constructed
and the private key value D=E -1 mod φ (N)
deduced.
2.2 Quadratic Sieve
2.2.1 The Method
If n is the number to be factored,
Quadratic Sieve (QS) attempts to find two
numbers x and y such that x = y (mod n) and x 2
= y 2 (mod n). This would imply that (x - y)(x +
y) = 0 (mod n), and we simply compute (x – y,
n) using the Euclidean algorithm to see if this is
a nontrivial divisor. There is at least 50% chance
that the factor will be nontrivial. Our first step in
doing so is to define: Q(x) = (x + └ √n ┘) ² -n = x² -
n, and compute Q(x 1 ),Q(x 2 ), : : : ,Q(x k ).
Determining the x i will be explained below.
From the evaluations of Q(x), we want to pick a
subset such that Q(x i1 ), Q(x i2 ), Q(x ir ) is a square,
y 2 . Then note that for all x, Q(x) ≡ x 2 (mod n).
So what we have then is that Q(x i1 )Q(x i2 ) : :
:Q(x ir ) ≡ (x i1 x i2 : : : x ir ) 2 (mod n) and if the
conditions above hold, then we have factors of n.
2.2.2 Setting up a Factor Base and a Sieving
Interval
With the basic outline of the QS in
place, we need an efficient way to determine our
x i , and to get a product of the Q(x i ) to be a
square. Now to check to see if the product is a
square, the exponents of the prime factors of the
product need to be all-even. We will need to
factor each of the Q(x i ). Therefore, we want
them to be small and to factor over a fixed set of
small prime numbers (including -1), which we
call our factor base. To make Q(x) small, we
need to select x close to 0, so we set a bound M
and only consider values of x over the sieving
interval [-M,M]. Now if x is in this sieving
interval, and if some prime p divides Q(x), then
(x + └ √n ┘) ² ≡ n (mod p). So, n is a quadratic
residue (mod p). The primes in our factor base
must be such that the Legendre symbol [6]
A second criterion for these primes is that they
should be less than some bound B, which
depends on the size of n.
2.2.3 Sieving
Once we have a set of primes for our factor base,
we begin to take numbers x from our sieving
interval and calculate Q (x), and check to see if it
factors completely over our factor base. If it
factors, it is said to have smoothness. If it does
not, we discard, and we go on to the next
element of our sieving interval. If we are dealing
with a large factor base, though, it is incredibly
inefficient to consider numbers one at a time and
check all the primes in the factor base for
divisibility. Instead, we will work with the entire
sieving interval at once. If we are working in
parallel, each processor would work over a
different subinterval. Here is how it works. If p
is a prime factor of Q(x), then p ≡ Q(x + p).
Conversely, if x ≡ y (mod p), then Q(x) ≡ Q(y)
(mod p). So for each prime p in our factor base,
we solve Q(x) = s² ≡ 0 (mod p), x ε Z p.
This can be solved using the Shanks-
Tonelli Algorithm [5]. We will obtain two
solutions, which we call s 1p and s 2p = p - s 1p .
Then those Q(xi) with the xi in our sieving
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 334

Proceedings of ICCNS 08 , 27-28 September 2008
interval are divisible by p when xi = s1p; s2p +
pk for some integer k. There are a couple ways to
do the sieving from here. One way is to take a
subinterval (depending on the size of your
memory), and put Q(xi) in an array for each x i in
the subinterval. For each p, start at s1 p and s2 p
and divide out the highest power of p possible
for each array element in arithmetic progression,
recording the appropriate powers (mod 2) of p in
a vector. You will have one vector for each of
the factorable Q(x i ) and each entry corresponds
to a unique prime in the factor base. Once all the
primes have had their turn sieving the interval,
those array elements that are now one are those
that factor completely over the factor base. The
vector of powers of the primes can then be put
into a matrix A. We repeat this process until we
have enough entries in A to continue. This is
explained below.
A second way is less exact, but is much
quicker. Instead of working with the values of Q
(x) over some subinterval, record the number of
bits of the Q(x i ) in an array. For every element in
the particular arithmetic progressions for p,
subtract the number of bits of p. After every
prime in the factor base has had their turn, those
elements with remaining bits close to 0 are likely
to be completely factorable over those primes.
We need to take into account round-of error and
the fact that many numbers are not square free.
For numbers that are not square free, we can
sieve over the subinterval a second time picking
out solutions to Q(x)≡0 (mod p 2 ) and so on.
When all that is done, we set an upper bound on
the number of bits we will consider. There will
likely be fully factorable numbers that slip
through at this point, but the time saved will
more than make up for it. The numbers that meet
this threshold condition will then be factored, by
looking at the arithmetic progressions again so
we can quickly nail down which primes divide
which of the Q(x i ). Most implementations of the
QS do not resieve the interval looking for powers
of primes, so we will look at the sieving at a
slightly deeper level. If we don't resieve with
powers of primes, the threshold value becomes
very important and powers of 2 becomes more
significant. Fortunately we have a trick to deal
with 2 to some extent. If Q(x) = r 2 - n, and we
assume that r is odd, then 2 Q(x). We can work
with n slightly so that a higher power of 2 always
divides Q(x). If we want 8 to always divide Q (x)
when it is even, we consider n (mod 8). If n ≡3,
7 (mod 8), then 2kQ(x) else if n ≡ 5 (mod 8),
then 4kQ(x). Finally, if n≡1 (mod 8), then 8
Q(x). So to make 8 divide Q(x) every time it is
even, set n = 5n if n ≡ 3 (mod 8), set n = 3n if
n≡5 (mod 8), and n := 7n if n ≡ 7 (mod 8). Once
the prime p = 2 is taken care of, sieve for the rest
of the primes, subtracting the logarithms as
above. Our threshold will then be ½ ln (n) + ln
(M) – T ln(p max ) where T is some value around 2
and p max is the largest prime in the factor base.
2.2.4 Building the Matrix
If Q(x) does completely factor, then we
put the exponents (mod 2) of the primes in the
factor base into a vector as described above. We
put all these vectors into the matrix A, so the
rows represent the Q(x i ), and the columns
represent the exponents (mod 2) of the primes
in the factor base. So, for example, if our factor
base was {2, 3, 13, 17, 19 29} and Q(x) =
2*3*17 2 *19, then the row corresponding to this
Q(x) would be (1, 1, 0, 2, 1, 0). Remember that
we want the product of these Q(x i ) to be a perfect
square, so we want the sum of the exponents of
every prime factor in the factor base to be even,
and hence congruent to 0 (mod 2).
There may be several ways to obtain a
perfect square from the Q(x i ), which is good,
since many of them will not give us a factor of n.
So given Q(x 1 ),Q(x 2 ) : : : ,Q(x k ), then we wish to
find solutions to Q(x 1 )e 1 + Q(x 2 )e 2 + : : : +
Q(x k )e k ; where the e i are either 0 or 1. So if a i is
the row of A corresponding to Q(xi), then we
want
This means that we need to solve
where
so via Gaussian elimination we find the spanning
set of the solution space. Therefore we need to
find at least as many Q(xi) as there is primes in
the factor base. Each element of the spanning set
corresponds to a subset of the Q(xi) whose
product is a perfect square. Recall that at least
half of the relations from the solution space will
give us a proper factor. So if the factor base has
B elements, and we have B + 10 values of Q(x),
then we have at least a 1023/1024 probability of
finding a proper factor. So we check solution
vectors to see if the corresponding product of the
Q(x i ) and x i yields a proper factor of n by doing a
GCD calculation described at the beginning. If
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 335

Proceedings of ICCNS 08 , 27-28 September 2008
not, then check the next element in the spanning
set. When a proper factor is found (you actually
then have two factors), test those factors for
primality. If you are factoring an RSA modulus,
then we know the factors are prime, so we are
done.
2.2.5 Parallel algorithm
Fig. 2.1 PARALLEL IMPLEMENTATION
OF ALGORITHM
When considering a parallel implementation of
an algorithm one has to consider the time
complexity for the different parts in the
algorithm. Very often an algorithm has a
“heavy” part and a lot of other parts where the
time complexity is negligible compared to this
heavy part. In the Quadratic Sieve algorithm the
sieving is the heavy part. This part is ideally
suited for parallel implementation. The sieving is
performed over blocks with different intervals.
These blocks are easily distributed to the
different processors. With this kind of
implementation the communication between the
different processors is kept to a minimum
compared to the job that is done by each
processor. A master process collects the results
from all the processors and builds the matrix.
Another time consuming part worth mentioning
is the Gaussian elimination. However, the time
complexity for this is minor compared to the
time complexity for the sieving part. Also,
Gaussian elimination is not very well suited for
parallel implementation. Therefore the master
node performs the Gaussian elimination. To
summarize, an effective Quadratic Sieve
algorithm has a master node that shares the
sieving job to the slave processors. When the
matrix is full, the master node performs the
Gaussian elimination and calculates the result.
An interesting parallel version of this idea has
been constructed by Lenstra and Manasse who
distribute their program and collect the results
via electronic mail. They used a slightly different
version of the Quadratic Sieve that uses different
polynomials. Their idea could have been equally
well used for the ordinary algorithms.
3. MOBILE AGENT
3.1 Introduction
Mobile agents are program instances
that are able to migrate from one agent platform
to another, thus fulfilling tasks on behalf of a
user or another entity [1]. They consist of three
parts: code, a data state (e.g. instance variables),
and an execution state that allows them to
continue their program on the next platform. An
agent is a computer program whose purpose is to
help a user perform some task (or set of tasks).
To do this, it contains persistent state and can
communicate with its owner, other agents and
the environment in general. Agents can do
routine work for users or assist them with
complicated tasks; they can also mediate
between incompatible programs and thus
generate new, modular and problem-oriented
solutions, saving work.
3.2 Benefits of Mobile Agents
Mobile agents roam the network, seek
information, and carry out tasks on behalf of
their senders autonomously. Upon return to their
senders the agents present the results of their
endeavors. Meanwhile the user is freed of the
obligation to permanently monitor the
application’s progress [7]. This makes mobile
agents particularly useful in mobile
environments (disconnected operation), because
no permanent network connection must be
maintained in order to run the agent-based
application. Mobile agents also offer great
benefits to applications in “wired” networks by
adding client-side intelligence and functionality
to server-side services unified under a
homogenous access paradigm [1].
Furthermore, mobile agents offer
considerable network bandwidth savings because
they can migrate to, and process data, at the
source of that data, which therefore need not be
shipped back and forth across the network.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 336

Proceedings of ICCNS 08 , 27-28 September 2008
Applications based on mobile agents are
inherently distributed. Agents are often
independent of a particular hardware or
operating system, and can be deployed in
heterogeneous environments. Several further
advantages were claimed for mobile agent in
addition to those summarized above. In order to
exploit benefits such as the ones described
above, mobile agent frameworks have to cope
with a number of security threats. A mobile
agent’s itinerary in general spans a number of
servers that might be run by competing
operators.
Table 4.2 TIME TAKEN TO CRACK n
Value of n Number
of
Machines
16843009 1
2
8030434459 1
2
3
123712084919 1
2
3
Time Taken
(seconds)
1
1
10
7
5
115
74
50
Fig. 3.1 MOBILE AGENT CODE-DATA
MOVEMENT
4. Result Sheet for time taken to crack
different values of n by our
implementation
.
Table 4.1 Some primes p, q and corresponding n.
P q n (p * q)
257 65537 16843009
8581 935839 8030434459
71333 807151 57576502283
325309 380291 123712084919
41057 31669909 1300271453813
Fig. 5.1 GRAPH OF THE TIME REQUIRED
VS. NUMBER OF MACHINES
The graph above depicts the variation in
the time required to crack the cipher as the
number of machines is increased. All machines
had processor speeds in the range of 1-1.6
GHz. The third parameter is the cipher modulus
(n) cracked. The decrease in the time is almost
exponential as number of machines increase.
Also, time depends on the length of the cipher.
For small n (5-10 digits) the time required is
negligibly small (~ 10 second). The cracking
time increases rapidly with increase in length of
n . The efficiency of our implementation is very
close to the theoretical average-case efficiency of
QS i.e. O(e √ ln n ln ln n ) , where n is the target
modulus to be cracked. This efficiency can be
improved upon for small n by increasing the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 337

Proceedings of ICCNS 08 , 27-28 September 2008
.
level of parallelization. Due to time constraints
on cracking large modulus, we cannot actually
crack them but can only extrapolate the graph to
find the time required to crack them
asymptotically.
5. CONCLUSION
Since cryptanalysis of RSA takes a very
large amount of time (order of years) even for
small key values (order of 20 digits) use of a
single processor is not practical. This paper
proposes to overcome the limitations of a single
system.
The use of Mobile agents to distribute
the workload proved to be one of the best ways
to achieve parallelization. As per the analysis,
use of sufficient number of systems reduces the
time considerably for checking the strength of
RSA for a particular key length. We have shown
that by using mobile agents to distribute the task,
the RSA cryptosystem can be made vulnerable.
Also, QS is appropriate only when n is
large, its use for a number as small as say 1817
(79*23), is an overkill.
REFERENCES
[1] Danny B. Lange and Mitsuru Oshima,
“Developing Mobile Agents using Java”,
Addison Wesley.
[2] Herbert Schildt, “Java TM 2 The Complete
Reference Fifth Edition”, Tata McGraw-Hill, 2002
[3] William Stallings, “Cryptography and Network
Security Third Edition”, Pearson Education, 2003
[4] E Balagurusamy, “Programming with JAVA A
Primer Second Edition”, Tata McGraw-Hill, 1999
[5] D. J.Guan, “Experience in Factoring Large Integers
Using Quadratic Sieve”, August 30, 2003
[6] PlanetMath, “PlanetMath Quadratic Sieve”,
http://planetmath.org/encyclopedia
/QuadraticSieve.html
[7]Jerry Smith, “Aglet Communication”,
http://www.mcs.vuw.ac.nz/courses/COMP471/2003
T2/ aglets/SmithAglets/AgletCommunication.html
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 338

ICCNS 08
Biometrics

Proceedings of ICCNS 08 , 27-28 September 2008
Biometric Security
Swapnaja B. More (Computer Dept.),Amol B. Ubale. (Mechanical Dept.)
Overview- The principles behind biometrics are common and used
in everyday life. People recognize family members by their faces,
and individuals1 know friends by their voices and even their smell.
Although human beings are excellent at doing this complex job, even
they are not perfect – it may be very difficult to distinguish between
identical twins, for example. The challenge for biometrics lies in the
measurement and decision of what exactly is similar. There’s no
arbitrariness in matching a password – it either matches or it doesn’t.
And while biometric technology is advancing rapidly, it is not yet
100% accurate in matching a previously enrolled biometric feature to
a present feature. For this reason, biometrics is still not quite as
natural as human beings recognizing each other. As a field of
analytic technique, biometrics uses physical and behavioral
characteristics such as fingerprints, voice, face, retina, iris,
handwriting and hand geometry to identify and verify authorized
users. Biometrics devices use some measurable feature of an
individual to authenticate their identity. The devices are built on the
premise that physical human characteristics are unique and cannot be
borrowed, misplaced, forged, stolen, duplicated, or forgotten. There
are a number of different human characteristics that can be used in
biometrics recognition like Fingerprints and other too. Biometrics
identification such as fingerprint recognition can eliminate problems
of forgotten passwords or lost cards and is currently becoming more
popular for convenient and secure authentication. This paper in first
part shows how bio-enable security for Operating System is
successfully possible and in second part it explains an approach for
implementing bioenable security for emails.
Keywords: Bio-enable security, fingerprint authentication system,
GINA, hackers, PWD Password
3) System Boots
|
Winlogon
|
Replaced GINA
|
Bio-enable Security
|
CAD
|
System Starts
I. PART I
For providing bio-enable security for
operating system it is necessary to study
logon system. There are 3 possible ways
to logon into operating system as –
1) System Boots -> Winlogon ->
System Starts
2) System Boots
|
Winlogon
|
GINA
|
CAD
|
System Starts
Swapnaja B. More is post graduate student of MGM college Nanded
(Phone:9225248898;e-mail: swapnaja_2283@yahoo.co.in)
Amol B. Ubale is post graduate student of Walchand college
Solapur (e-mail: amol_ubale@yahoo.co.in)
Code of new Gina must contain code for interacting with
Hamster Device for fingerprint Recognition. For this it is
needed to study all the functions and conditions for
implementing new GINA. Here when System Boots firstly it
loads winlogon. Then it calls our replaced Gina and then
according to our replaced Gina it will ask for pressing
Ctrl+Alt+Del (CAD). And then it will ask for password
if password is correct then control gets transferred to Hamster
Device on which are going to perform fingerprint matching. If
result comes identical (threshold 95%) then only it allows us
to access the Operating System.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 339

Proceedings of ICCNS 08 , 27-28 September 2008
Part I provide bio-enable security for Operating system which
will be more secure and considerably free from risk of
hackers[8],[3]. Main steps involved in this project are shown
in figure 1.
II. PART II
Here idea is to implement bio-enable security for emails that
means when user wants to check personal mail user want
security for that instead of only passwords so that no hacker
can hack user emails and read private mails. Here user is
going to obtain bio-enable security to email checking in the
form of fingerprint recognition. As normally happens in case
of sites supporting mail checking at first user has to register
their providing user’s name and other information. This
information gets stored on server as your permanent profile.
At this time user also provide username and passwords with
the help of which users are going to logon to that site. After
that user can send mails, read mails, and also user can do
much more things here as storing your important data, keeping
secret files which user don’t want to share with others. Then
for next time when anyone wants to enter into site that person
provide username and password and that username and
password is passed to the server. Then at the server side
authentication is done based on passwords and username only.
And if it is correct access will be given to perform various
activities. But here there is no provision to know whether the
person dealing with the site is same person previously
registered or the person misusing mails. Again after logging
out it will remain as it is as nothing has happened.
user have to give confidential email address such that mails
from that address will be hidden from hackers when bioenable
security is not there used. In short when user is not
using bio-enable security at that time confidential data of the
user will not get displayed. So if any hacker is there he/she
will not get important information from user. But for this user
has to specify secure data. In the fourth option both security
measures are necessary as passwords and fingerprints in this
case. When user is unable to provide any one it is just
impossible to log on to the site. For storing and matching
users fingerprint user can use Hamster Device. This device at
first will scan the fingerprint and store that image on the users
name. Then this image will be transferred to the server side
and get stored. Then when user want to log in with second,
third or fourth option then again it scans fingerprint of the user
and compare it with stored database in the server. If match is
found (threshold 95%) then it will give access to the user
otherwise access will be denied. One can figure out steps for
fourth option as follows in short:
III. PROPOSED PLAN
For that here the plan is about providing authentication in
form of fingerprint matching [5]. At start while registering
into the site it will ask for one choice. The choices are listed as
• Password only
• Biometric fingerprint scan only
• User choice of fingerprint or password, or
• Both fingerprint and password required
After choosing one option from this it will proceed for further
gathering of information. If the first option is there the
procedure will be same as previously explained. But if the
option is any one among last three then it has to take
fingerprint image of the user [3]. In second option only it will
take fingerprint image and no need of other information as
username, password etc. But for other two options it will take
both username and password as well as fingerprint image of
the user. In second choice it will only scan fingerprint image
and further processing will be similar to the first option.
Suppose hamster device is not available at certain time then in
this case third option will be useful. In third option it will
again provide option whether to depend on both security
measures or only depend on one. If device is not available
then user can also rely only on password. But in the third case
again work will increase, as here is needed two-way security.
If user is not using fingerprint recognition at that time secure
folders or mails which user listed as secure one that is here
IV. CONCLUSION
Now a days also ID- Password based authentication system is
more popular. But as users and number of sites users are going
to handle are increasing day by day it is not only to difficult to
remember ID and passwords but also to manage such a great
database for site manager. Also no one is ready to have risk of
hackers, key loggers etc. Users need more security. So here
focus is on biometric security. Part I of this paper illustrate
successful security mechanism for operating system using bioenable
feature, for keeping operating system secure from
hackers and in Part II it focuses on imposing it on email
security.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 340

Proceedings of ICCNS 08 , 27-28 September 2008
REFERENCES
[1] Beomsoo Park “One Touch Logon Replacing Multiple
Passwords with Single Fingerprint Recognition” The
sixth IEEE <strong>Conference</strong> on Computer and I.T. (CIT06) 2006
[2]Stephen D. wolthusen “Distributed Multipurpose Mail
Guard” in Proceedings of 2003 IEEE Workshop on
Information Assurance United States Military Academy June
2003
[3] Simon Liu, Mark Silverman, "A Practical Guide to
Biometric Security Technology," IT Professional, vol. 03, no.
1, pp. 27-32, Jan/Feb, 2001
[4] Lauren D. Adkins “ Biometrics: Weighing Convenience
and National security against your Privacy” 13 MICH
TELECOM. TECH. L. REV. 541 (2007).
[5]BiometriTech Newsletter “Fingerprint Identification
Roundup” April 17, 2003.
[6]Frank Graf A Capability Based Transparent Cryptographic
File System CW05
[7]Naomani Itoi “NI_Pluggable Authentication Module for
Windows NT Center For I.T. Integration”, University of
Michigan Jan. 1988
[8]http://msdn.microsoft.com/msdmmag/issues/05/05/secutity
briefs
[9]http://en.wikipedia.org/wiki/GINA
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 341

Proceedings of ICCNS 08 , 27-28 September 2008
Comparison of Wavelet Transform and
Optimal Transform [PCA] for Facial
Recognition
First A. Dr. H. B. Kekre, Second B. Ms.Kamal Shah
Abstract—
The goal of this project is to create a face detection system
to identify a person from given database by application of two
different methodologies one is classical approach of optimal
transform (PCA) and second is Wavelet Transform. In
transform domain the coefficients of the database are stored
and transformed coefficients of test image is checked against
that for facial recognition. Result of the proposed method is
outstanding.
better represent the data. In this paper we have tried to
compare the advantages of both the transforms i.e. quickness
of optimal transform and compactness of wavelet transform.
1.1 Face Database Creation
Keywords— PCA, Wavelet transform, Transformed
coefficients, Face recognition.
I. INTRODUCTION
The human capacity to recognize particular individuals
solely by observing the human face is quite remarkable. This
capacity persists even through the passage of time, changes in
appearance and partial occlusion. Because of this remarkable
ability to generate near perfect positive identifications,
considerable attention has been paid to methods by which
effective face recognition can be replicated on an electronic
level.
Many approaches to the overall face recognition problem
have been devised over the years, one of the accurate and
fastest ways to identify faces is to use optimal transform
technique [PCA]. This technique uses a strong combination
of linear algebra and statistical analysis to generate a set of the
eigenfaces--against which inputs are tested.
Wavelets have been successfully used in image processing.
Its ability to capture localized time-frequency information of
image motivates its use for feature extraction. The
decomposition of the data into different frequency ranges
allows us to isolate the frequency components introduced by
intrinsic deformations due to expression or extrinsic factors
(like illumination) into certain subbands. Wavelet-based
methods prune away these variable subbands, and focus on
the subbands that contain the most relevant information to
Fig 1 Database1
Database 1 Specifications
Image Format: BMP
Image Size: 64X64 pixels
No of Images: 45
No of Individuals: 9
No of expressions of each individual: 5
F. A. Dr. H. B. Kekre is Senior Professor working with MPSTME,
NMIMS University, Vileparle(W), Mumbai-56. (phone: 9323557897; e-mail:
hbkekre@yahoo.com).
S. B. Ms.Kamal Shah, is Ph.D. Scholar from MPSTME, NMIMS
University,
Vileparle(W),Mumbai-56.(contacts:9820588729;
shah.kamal@yahoomail.com.)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 342

Proceedings of ICCNS 08 , 27-28 September 2008
2. Average Image
5
Iavg(x,y) = 1/5
3.Zero mean Images
I = Ii – Iavg
Σ Ii(x,y)
i=1
Ia1 Ia2 Ia3 Ia4 Ia5
4. Conversion to one dimension
Image=
1
Fig2 database2
Database 2 Specifications:
Image Format: JPEG
Image Size: 256 X 256 pixels
No of Images: 52
No of Individuals: 26
No of expressions of each individual: 2
Database 3Specifications
NXN
N 2 x1 vector
Thus we obtain 5 images in a vector form
[Φ] =
N 2 x 5
Φ1 Φ2 Φ3 Φ4 Φ5
Fig 3 Database3
Image Format: JPEG
Image Size: 128 X128 pixels
No of Images: 89
No of Individuals: 27
5. We obtain the covariance matrix
A = [Φ t * Φ ]
5 x 5 5x n 2 n 2 x 5
6. Thus we obtain five eigen values and eigen vectors
Ax = λx
Therefore, [ A – λI ] x = 0
Solving this for λ we get five eigen vectors and five eigen
values. Arranging vectors in descending order of the eigen
value magnitudes. Each eigen vector is of size 5X1.
x1 x2 x3 x4 x5
No of expressions of each individual: 3
2.Calcultion of Principle Component [1]
1.Given Images (nxn)
I1 I2 I3 I4 I5
7. Now,
[Φ] xi = fi
N 2 x 5 5 x 1 N 2 x 1
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 343

Proceedings of ICCNS 08 , 27-28 September 2008
8. Convert each fi into 2 dimensional image by reversing the
process of 2 dimension to 1 dimension.
Thus we get 5 Eigen faces Fi
F1 F2 F3 F4 F5
These eigen faces are orthogonal
9. These eigen faces are used as basis images to analyze any
new face
I new = Σ wi Fi + error
then wi = 1/µi < I new | Fi >
= 1/ µi Σ I new (x,y) Fi(x,y)
Then reconstructed new image are obtained as follows
F 1 F 2 F 3 F 4 F 5
W 2
W 3
W 4
W 1 W 5
where J are the stages of the wavelets. The first stage is called
the approximation image, the other three are
called the vertical, horizontal and diagonal images. The
energy of the original image concentrates within the
approximation image. All the databases are checked for
various parameters on decomposition level 1,2,3,4.
4 Combination Algorithm [PCA+DWT] [2]
For the given database the feature extraction method used
the approximation component of the wavelet coefficients in
the principal component analysis. Assuming that the
approximation is ai (_i = 1 to M) and that there are M images
in the training set, then we have an image feature such that
(2)
where the mean image is
M
Imean=1/M Σ (W(i) T (a-A)) (3)
i=1
and w represents the eigenvectors corresponding to large
eigenvalues of the covariance matrix as explain in
topic 3.1
covariance matrix= (a-A) (a-A) T (4)
5. Result analysis
Database are tested for all three algorithms PCA, Wavelet
transform and combination of both PCA+DWT.
Images are tested for different degree of noise as well as
occlusion as displayed in tables.
Table 1 Noise V/S Algorithm
Reconstructed
Image
3 Wavelet Transform Method
Feature extraction on the training set is performed by the
method of wavelet transforms. .The wavelet transform
concentrates the energy of the image signals into a small
number of wavelet coefficients. Using two dimensional
wavelet transforms, an image f (x_y)_ can be represented as
where the two dimensional wavelets are tensor product of the
one dimensional wavelets as below
(1)
Noise PCA DWT
S1
DWT
S2
DWT
S3
DWT
S4
Poission Y Y Y Y Y
Salt & N Y Y N N
Peeper
Gaussia N Y N N N
n
Speckel N Y Y Y N
Table 2 Time and minimum coefficients required for
regeneration for each algorithm
Algorithm Time(sec) Coefficients
PCA 1.6720 64x64x5*
=20480
DWT
stage1
Stage2
Stage3
Stage4
1.8900
0.7790
0.7470
0.7340
1024
256
64
16
PCA+DWT 2.0320 20480
* represents number of eigen faces required to reconstruct the
image with 90% accuracy
Table 3 % Occlusion V/S Algorithm
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 344

Proceedings of ICCNS 08 , 27-28 September 2008
Algorithm
%Occlusion
DWT
stage1
Stage2
Stage3
Stage4
100
80
60
40
20
PCA 25
0
%Occlusion
97.23
95.21
90.33
85.44
PCA+DWT 25
PCA
DWT S1
DWT S2
DWTS3
DWT s 4
PCA + DWT
Fig 6 Graph of % Occlusion Sustained in each algorithm
Above figure shows that Wavelet transformed images can
sustain the attack of occlusion around 90%which is a strong
application of algorithm in the field of surveillance.
Refrences:
[1] M. A. Turk and A. P. Pentland, ”Eigenfaces For
Recognition”, in Journal of Cognitive Neuro- science, 3(1),
pp. 71–96, (1991).
[2] Chi-Fa Chen1 , Yu-Shan Tseng1 and
chiaYenChen2”Combination of PCA and Wavelet Transforms
for Face Recognition on2.5DImages’,
,Image and vision computing NZ,pp 343- 347,(2003)
[3] Ognian Boumbarov, Strahil Sokolov, Georgy Gluhchev”
Combined Face Recognition Using Wavelet Packets and
Radial Basis Function Neural Network”,<strong>International</strong>
<strong>Conference</strong> on Computer Systems and Technologies -
CompSysTech’07
[4] Dao-Qing Dai and Hong Yan”, Wavelets and Face
Recognition”, Sun Yat-Sen (Zhongshan) University and City
University of Hong Kong China
[5] H. Moon, P.J. Phillips, Computational and Performance
aspects of PCA-based Face Recognition Algorithms,
Perception, Vol. 30, 2001, pp. 303-321
6] A. Kadyrov, M. Petrou, The Trace Transform and Its
Applications, IEEE Transactions on Pattern Analysis and
Machine Intelligence, Vol. 23, No. 8, August 2001, pp. 811-
828
Original image 25% 85%
90% 95% 97% Occlusion
Fig 7 Original image along with different percentage of
6.Conclusion
In this paper traditional approach of optimal transform [PCA]
has been compared with suggested method of wavelet
transform. Results of wavelet transform are very promising.
In terms of number of coefficients required to recognize the
person from database1 is only 16 whereas that for PCA is
minimum 4096 (i.e. one eigenface) but time for calculation is
slightly less for PCA as shown in table1.
In terms of occlusion wavelet transform can withstand
maximum occlusion of 80% to 85% where as PCA withstand
only up to 28% to30%
Different kind of noises like Gaussian noise, speckle noise,
salt and pepper noise and Poisson noise also wavelet
transform method had an upper hand over PCA.
So in today’s world for robustness, compactness and
quickness wavelet transform got a lead from optimal
transform.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 345

Proceedings of ICCNS 08 , 27-28 September 2008
Fingerprint Identification using Principle
Component Analysis (PCA)
First A. Dr. H. B. Kekre, Second B. Ms. Tanuja K. Sarode, Jr., and Third C. Ms. Vinaya M. Rawool
Abstract— The biometric technique based on face, iris and
fingerprints are used in order to provide strong security. Out of
which, Fingerprint identification effects far more positive
identifications of persons worldwide than any other human
identification procedure. Fingerprint matching can be placed into two
categories: minutiae-based and correlation-based. In minutiae-based
technique, it is difficult to extract the minutiae points accurately
when the fingerprint is of low quality. Also this method does not take
into account the global pattern of ridges and furrows. Correlationbased
techniques require the precise location of a registration point
and are affected by image translation and rotation. The performance
of correlation-based techniques is affected by non-linear distortions
and noise present in the image. In this paper we propose a technique
which calculates skeleton from Euclidean Distance Transform (EDT)
and then apply the concept of Principle Component Analysis (PCA)
for fingerprint identification. It is observed that PCA is robust. It
works on various percentages of noisy, cropped, scratched images.
Keywords— Biometrics, Eigen fingerprints, Euclidean Distance,
Fingerprint Identification.
W
I. INTRODUCTION
ith the advent of electronics banking, e-commerce, and
smart cards and an increased emphasis on the privacy
and security of information stored in various databases,
automatic personal identification has become a very important
topic [1]. Accurate personal identification is now needed in
wide range of civilian applications involving the use of
passports, cellular telephones, automatic teller machines, and
driving licenses. Traditional knowledge-based [password or
personal identification number (PIN)] and token-based
(passport, driver license, and ID card) identifications are prone
to fraud because PIN’s may be forgotten or guessed by an
imposter and the tokens may be lost or stolen [2].
Biometrics (ancient Greek: bios ="life", metron =
"measure") is the study of automated methods for uniquely
recognizing humans based upon one or more intrinsic physical
or behavioral traits. It refers to identifying an individual based
on his or her physiological or behavioral characteristics and
has the capability to reliably distinguish between an
F. A. Dr. H. B. Kekre is Senior Professor working with MPSTME,
NMIMS University, Vileparle(W), Mumbai-56. (phone: 9323557897; e-mail:
hbkekre@yahoo.com).
S. B. Ms. Tanuja K. Sarode, is Ph.D. Scholar from MPSTME, NMIMS
University, Vileparle(W), Mumbai-56. Assistant Professor working with
Thadomal Shahani Engg. College, Bandra(W), Mumbai-50. (phone:
9869652656; e-mail: tanuja_0123@yahoo.com).
T. C. Ms. Vinaya M. Rawool is Lecturer at K. J. Somaiya College of
Engineering, Vidyavihar(E), Mumbai–77 (phone: 9833051676; e-mail:
vinayarawool@gmail.com).
authorized person and an imposter [1]. Among all the
biometric techniques (e.g., face, fingerprint, hand geometry,
iris, retina, signature, voice print, facial thermo gram, hand
vein, gait, ear, odor, keystroke dynamics, etc. [3]), fingerprintbased
identification is the one of the most mature and proven
technique, and has been extensively used by forensic experts
in criminal investigations [4]. Among all the biometric
indicators, fingerprints have one of the highest levels of
reliability [17,18,19]. Immutability refers to the permanent
and unchanging character of the pattern on each finger.
Individuals refer to the uniqueness of ridge details across
individuals; including identical twins. The probability that two
fingerprints are alike is as low as 0.5× 10 -15 [5].
However, manual fingerprint verification is so tedious, time
consuming and expensive that it is incapable of meeting
today’s increasing performance requirements. An automatic
fingerprint identification system is widely adopted in many
applications such as building or area security and ATM
machines, Electronic Banking, Laptop data security, Network
login, Web access etc.
Fingerprint matching can be placed into two categories [7]:
minutiae-based and correlation-based. Minutiae-based
techniques [6] first find minutiae points and then map their
relative placement on the finger. However, there are some
difficulties when using this approach. It is difficult to extract
the minutiae points accurately when the fingerprint is of low
quality. Also this method does not take into account the global
pattern of ridges and furrows. The correlation-based
techniques compare the global pattern of ridges and furrows to
see if the ridges in the fingerprints align [20, 21]. It has some
of its own shortcomings. Correlation-based techniques require
the precise location of a registration point and are affected by
image translation and rotation. The performance of
correlation-based techniques is affected by non-linear
distortions and noise present in the image [20].
We present a fingerprint identification system that follows
following steps :
Step 1 : Identify Euclidean Distance Transform (EDT)[8].
Step 2 : Identify Skeleton[9].
Step 3: Apply Principle Component Analysis (PCA) approach
for identification process.
This paper is divided into V parts. In section II, we
introduce the preprocessing steps that are, Euclidean Distance
Transformation (EDT) by mathematical morphological
approach and skeleton generation. Fingerprint identification
using Principle Component Analysis (PCA) is described in
section III. The experimental results are given in section IV
while concluding remarks are given in section V.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 346

Proceedings of ICCNS 08 , 27-28 September 2008
II. PREPROCESSING STAGE
A. Euclidean Distance Transform (EDT)
Distance transformation (DT) is used to convert a digital
binary image that consists of object (foreground) and
nonobject (background) pixels into another image where each
object pixel has a value corresponding to the minimum
distance defined by a distance function from the background
[8]. Three distance functions that are city-block, chessboard
and Euclidean distance transformation (EDT) are often used in
digital image processing.
A disadvantage of city-block and chessboard distances is
that both distance measures are very sensitive to the
orientation of an object. The Euclidean distance by definition
is rotation-invariant. Hence among different kinds of distance
transformation, the Euclidean distance transformation (EDT)
is often used because of its rotational invariance property [8].
The Improved Iterative Erosion Algorithm (IIEA) is used to
calculate EDT [8]. This algorithm uses the concept of
mathematical morphology. Mathematical morphology [4],
which is based on set-theoretic concept, extracts the object
features by choosing a suitable structuring shape as a probe.
Morphological operations are set transformations that convert
an image into a quantitative description of its geometrical
structure. Appropriately used, they can eliminate noises or
irrelevancies while preserving the details of the original
image.
The Euclidean distance transformation (EDT) has a wider
range of applications in image analysis. It is a basic operation
in computer vision, pattern recognition, and robotics.
Numerous applications of distance transformations to image
analysis and pattern recognition have been reported and those
related to medical image processing.
EDT is used in skeleton extraction [9,10], shape description
[11], and shape decomposition [12]. The discrete voronoi
diagram [13] on a binary image can be constructed using EDT.
B. Skeleton Generation
The skeleton is an important representation for shape
analysis. A common approach for generating discrete
skeletons takes three steps [9]:
Step 1 : Computing the distance map,
Step 2 : Detecting maximal disks from the distance map, and
Step 3 : Linking the centers of maximal disks (CMDs) into a
connected skeleton. Algorithms using approximate distance
metrics are abundant and their theory has been well
established. However, the resulting skeletons may be
inaccurate and sensitive to rotation [9].
The distance map of a binary figure is a function that maps
each point inside the figure to its shortest distance to the
background. The distance metric used to compute the maps is
crucial because it directly affects the centering of the skeleton
and its sensitivity to rotation. The Euclidean metric is certainly
the most accurate metric.
The skeleton is essential for general shape representation. It
is a useful means of shape description [14] in different areas,
such as content-based image retrieval systems, handwritten or
printed character recognition systems, circuit board inspection
systems, biomedical imagery for shape analysis as well as
fingerprint ridge patterns [15,16]. The extracted skeleton can
be used as a feature to represent the original shape as it has a
more compact representation.
III. PROPOSED TECHNIQUE
The flow diagram of the proposed technique is as shown in
Fig. 1. The sequence to be followed in our technique is as
follows: (i) Preprocess the input image by identifying
Euclidean Distance Transform (EDT) [8], (ii) Identify
Skeleton of the resultant image [9], (iii) Apply Principle
Component Analysis (PCA) approach on skeletonized image,
(iv) Search in feature vector for fingerprint identification
process.
Fig. 1 Flow diagram for the proposed technique.
A.. Feature vector extraction using Principle Component
Analysis (PCA)
Extraction of appropriate features is one of most important
tasks for identification system. The algorithm for Feature
vector extraction using Principle Component Analysis (PCA)
is presented below.
Step 1 : Given Images I 1 , I 2 , I 3 , I 4 , I 5 of size (n×n).
Fig. 2 Given 5 images
Step 2 : Find average of each image.
Step 3 : Find zero mean Images. Subtract average image from
each pixel of an image to find zero mean images.
Fig. 3 Zero mean images
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 347

Proceedings of ICCNS 08 , 27-28 September 2008
Step 4 : Conversion of zero mean images to one dimension
array.
Fig. 7 Eigen images with energy
These eigen fingerprint are orthogonal. They form the basic
coordinate system. Fig. 8 shows eigen fingerprint for few
images.
Fig. 4 Conversion of image to 1D array
Thus we obtain 5 images in a vector form.
Fig. 8 Eigen fingerprints
Step 9 : These eigen fingerprint are used as basis functions to
analyze any new fingerprint.
(7)
Then
(8)
Fig. 5 Vector form for 5 images
Step 5 : Obtain covariance matrix.
Step 6 : Obtain eigen values and eigen vectors for covariance
matrix.
Therefore,
Solving this for λ we get,
Step 7 : Now
Fig. 6 Eigen vector of covariance matrix
Step 8 : Convert each f i into two dimensional image by
reversing the process of two dimensional to two dimension.
Thus we get 5 eigen fingerprint F i and their energy µ i
A set of w i is a feature vector of the new image. This feature
vector is used for fingerprint identification.
B. Fingerprint Matching
Matching an input image with a stored template involves
following steps in proposed technique.
Step 1 : Start.
Step 2 : Input image.
Step 3 : Identify EDT of an image.
Step 4 : Identify Skeleton of an image.
Step 5 : Find average of an image and subtract average from
each pixel of an image.
Step 6 : Conversion to one dimensional image (say I).
Step 7 : Load orthogonal matrix and µ , which are obtained in
feature vector extraction algorithm. Obtain I ' *
Orthogonal matrix. And then divide this result by
each diagonal element of µ, to obtain feature vector.
Step 8 : Compare result with feature vector.
Step 9 : Obtain match.
Step 10 : End.
IV. EXPERIMENTAL RESULT
Our database consists of 168 gray scale fingerprint
impressions of size 256×256. They are divided into 21 classes.
We have selected two representative fingerprints from each
class. Thus forming a set of 42 fingerprints. These 42
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 348

Proceedings of ICCNS 08 , 27-28 September 2008
fingerprints are used to get 42 eigen fingerprints which are
used as basis images. The algorithms are implemented on
Celeron processor 1.73 Ghz, 1 MB cache, 1 GB RAM
machine to obtain results.
Squared Euclidean Distance (SED) is used as a matching
parameter for fingerprint identification process. SED between
feature vector of query image and feature vectors of database
images is computed and threshold kept is 0.22.
Table I shows the SED values for the cropped images with
varying percentage of cropped, with respect to database
images. Centered cropped images are very sensitive but PCA
works well on fingerprint images which are cropped at center
as well. Table II shows the SED values for the scratched
images with varying percentage of scratched, with respect to
database images. Table III shows the SED values for the noisy
images with varying percentage of noise, with respect to
database images. Table IV shows the SED values for the
scratched and cropped image, with respect to database images.
Table V shows the SED values for the rotated images, with
respect to database images. PCA works on rotated image with
+6 o to -6 o . Although SED value is much larger than threshold
value it is still minimum distance. Bold SED values given in
tables represent selection criteria.
TABLE I
COMPARISON OF CROPPED IMAGES FOR VARIOUS PERCENTAGE OF CROPPED WITH RESPECT TO DATABASE IMAGES
Images in
Squared Euclidean Distance (SED)
Database
Center cropped Images
General cropped Images
1_1
1_2
2_1
2_2
3_1
3_2
4_1
4_2
5_1
5_2
6_1
6_2
7_1
7_2
8_1
8_2
9_1
9_2
10_1
10_2
11_1
11_2
12_1
12_2
13_1
13_2
14_1
14_2
15_1
15_2
16_1
16_2
17_1
17_2
18_1
18_2
19_1
19_2
20_1
20_2
21_1
21_2
5.4016% 10.9009% 11.5189% 17.2668% 20.7870% 26.1810%
1.5081
1.3784
1.6268
1.4793
1.3668
1.3189
1.5028
1.3788
1.6277
1.4535
1.3528
1.2993
0.0865
0.1498
0.0440
0.1086
0.1706
0.2004
1.4873
1.3621
1.6362
1.4538
1.3385
1.3102
1.5010
1.3790
1.6340
1.4550
1.3703
1.3307
1.5099
1.3812
1.6168
1.4470
1.3257
1.2849
1.4771
1.3589
1.6247
1.4525
1.3447
1.3093
1.5032
1.3808
1.6219
1.4521
1.3363
1.2964
1.5081
1.3844
1.6465
1.4676
1.3596
1.3105
1.4920
1.3782
1.6263
1.4571
1.3575
1.3181
1.4898
1.3597
1.6339
1.4459
1.3369
1.2948
1.4864
1.3572
1.6191
1.4421
1.3323
1.2985
1.4811
1.3572
1.6137
1.4418
1.3392
1.3000
1.5064
1.3821
1.6156
1.4436
1.3337
1.2948
1.4722
1.3504
1.6245
1.4563
1.3527
1.3148
1.4912
1.3586
1.6267
1.4558
1.3506
1.3062
1.5014
1.3757
1.6256
1.4592
1.3434
1.3091
1.4882
1.3675
1.6140
1.4346
1.3203
1.2858
1.5059
1.3867
1.6225
1.4498
1.3371
1.2979
1.4932
1.3734
1.6324
1.4540
1.3409
1.3067
1.4925
1.3721
1.6394
1.4502
1.3406
1.3080
1.4937
1.3723
1.6118
1.4276
1.3223
1.2861
1.5163
1.3892
1.6475
1.4675
1.3529
1.3217
1.4916
1.3799
1.6265
1.4529
1.3475
1.3209
1.4941
1.3573
1.6299
1.4531
1.3354
1.3090
1.4822
1.3590
1.6462
1.4584
1.3471
1.3034
1.5066
1.3721
1.6316
1.4411
1.3379
1.2999
1.4971
1.3826
1.6035
1.4335
1.3298
1.2901
1.4947
1.3752
1.6334
1.4570
1.3360
1.3014
1.4947
1.3628
1.6342
1.4622
1.3479
1.3188
1.4846
1.3587
1.6206
1.4527
1.3494
1.3089
1.4863
1.3605
1.6276
1.4493
1.3360
1.2923
1.5172
1.4060
1.6142
1.4283
1.3125
1.2752
1.5186
1.4117
1.6221
1.4535
1.3513
1.3049
1.5288
1.4061
1.6172
1.4164
1.3248
1.2674
1.5148
1.4034
1.6139
1.4258
1.3295
1.2844
1.4908
1.3731
1.6149
1.4401
1.3327
1.2992
1.4931
1.3726
1.6275
1.4416
1.3327
1.2913
1.5070
1.3826
1.6343
1.4534
1.3512
1.3096
1.4956
1.3941
1.6203
1.4361
1.3286
1.2915
1.4910
1.3741
1.6173
1.4488
1.3592
1.3072
1.4988
1.3804
1.6110
1.4203
1.3173
1.2690
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 349

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE II
COMPARISON OF SCRATCHED IMAGES FOR VARIOUS PERCENTAGE OF SCRATCHED WITH RESPECT TO DATABASE IMAGES
Images in
Squared Euclidean Distance (SED)
Database
1_1
1_2
2_1
2_2
3_1
3_2
4_1
4_2
5_1
5_2
5.8823% 10.3745% 15.5670% 20.7748%
1.8165
1.7025
1.4762
1.4165
1.8087
1.7043
1.4796
1.4110
0.0102
0.0285
0.0924
0.1213
1.8109
1.7064
1.4791
1.4215
1.8133
1.7165
1.4864
1.4153
1.8157
1.6456
1.4866
1.4267
1.8183
1.6884
1.4798
1.4157
1.8139
1.7047
1.4874
1.4339
1.8111
1.7080
1.4902
1.4262
1.8186
1.7122
1.4872
1.4289
And for the rest of the database images the minimum SED value is 1.3946 and maximum SED value is 1.8297 which is greater
than threshold.
TABLE III
COMPARISON OF NOISY IMAGES FOR VARIOUS PERCENTAGE OF NOISE WITH RESPECT TO DATABASE IMAGES
Images
Squared Euclidean Distance (SED)
in
Database
1_1
1_2
2_1
2_2
3_1
3_2
4_1
4_2
5_1
5_2
1.9638% 4.8813% 7.3837% 9.4788%
1.6712
1.5479
1.4529
1.3931
1.6786
1.5476
1.4525
1.3806
0.0312
0.0652
0.1025
0.1379
1.6753
1.5471
1.4673
1.3980
1.6770
1.5593
1.4732
1.3927
1.6710
1.5518
1.4583
1.3936
1.6744
1.5489
1.4463
1.3807
1.6788
1.5572
1.4592
1.3929
1.6788
1.5555
1.4607
1.3961
1.6756
1.5478
1.4580
1.3791
And for the rest of the database images the minimum SED value is 1.3754 and maximum SED value is 1.6862 which is greater
than threshold.
TABLE IV
COMPARISON OF SCRATCHED AND CROPPED IMAGEWITH RESPECT TO DATABASE IMAGES
Images in Database
1_1
1_2
2_1
2_2
3_1
3_2
4_1
4_2
5_1
5_2
52.2537%
1.3371
1.3261
0.1645
1.3536
1.3430
1.3521
1.3442
1.3485
1.3456
1.3492
And for the rest of the database images the minimum SED value is 1.3101 and maximum SED value is 1.374 which is greater
than threshold.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 350

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE V
COMPARISON OF ROTATED IMAGES (-6 O AND +6 O )WITH RESPECT TO DATABASE IMAGES
Images in
Database
1_1
1_2
2_1
2_2
3_1
3_2
4_1
4_2
5_1
5_2
+6 o -6 o
0.9618
1.0275
0.8891
1.0474
0.9837
0.9566
0.9654
0.9863
0.9923
0.9916
And for the rest of the database images the minimum SED value is 0.906 and maximum SED value is 1.0277 which is greater
than threshold
V. CONCLUSION
We have presented a technique which calculates skeleton
from EDT and then apply the concept of Principle Component
Analysis (PCA) for fingerprint identification. The eigen
fingerprints are used as basis images to represent all
fingerprint images in database. Their weight factors are used
as feature vectors for identification. We have tried PCA on
cropped images (26%), scratched images (20%), noisy images
(9%), cropped and scratched images (52%) when 0.22 is used
as threshold value. However for rotation invariance (-6 o to
+6 o ) the minimum Euclidean distance is taken as selection
criteria. PCA is very robust and can identify fingerprint even if
there is large mutilation. PCA over comes the disadvantage of
minutiae-based techniques and correlation-based techniques.
REFERENCES
[1] A. K. Jain, S. Prabhakar. L. Hong, and S. Pankanti, “Filterbank-based
Fingerprint Matching,” IEEE Trans. Image Processing, Vol. 9, No. 5,
pp. 846-859, May 2000.
[2] Arun Ross, Sarat Dass, Anil Jain, “A deformable model for fingerprint
matching,” Pattern Recognition Vol. 38, pp. 95-103, 2005.
[3] A. K. Jain, L. Hong, Y. Kulkarni “A Multimodel Biometric System using
Fingerprint, Face, and Speech,” Proc.2 nd Int’l <strong>Conference</strong> on Audio- and
Video-based Biometric Person Auhentification, Washington D.C., pp.
182-187, 1999.
[4] Federal Bureau of investigation, The Science of Fingerprints:
Classification and Uses, Washington, D.C., 1984, U.S. Government
Printing office.
[5] F. A. Afsar, M. Arif and M. Hussain, “Fingerprint Identification and
Verification,” pp. 141-146, 2004.
[6] A. K. Jain, L. Hong, S. Pankanti, and R. Bolle, “An identity authentication
system using fingerprints,” Proc. IEEE, Vol. 85, pp. 1365-1388, Sept.
1997.
[7] Y. Kobayashi, H. Toyoda, N. Mukohzaka, N. Yoshida and T. Hara,
“Fingerprint identification by an optical joint transform correlation,”
optical review, Vol. 3(6A), pp. 4.3-405, 1996
[8] Frank Y. Shih, Senior Member, IEEE, and Yi-Ta Wu, ”The Efficient
Algorithms for Achieving Euclidean Distance Transformation,” IEEE
Transactions on Image Processing, vol. 13, no. 8, August 2004.
[9] Yaorong Ge and J. Michael Fitzpatrick “On the Generation of Skeletons
from Discrete Euclidean Distance Maps,” IEEE Trans. Pattern Analysis
and machine Intelligence, vol. 18, No. 11, November 1996.
[10] N.Sudha, S. Nandi, P.K. Bora, K.Sridharan, “Efficient computation of
Euclidean Distance Transform for application in Image processing,”
IEEE Transaction on Image processing, 1998.
[11] P. E. Danielsson, “A new shape factor,” Comput. Graphics Image
Processing, pp. 292-299, 1978.
1.0111
1.0214
0.9046
1.0180
1.0025
0.9833
0.9813
1.0119
0.9791
0.9981
[12] I. Pitas and A. N. Venetsanopoulos, “Morphological shape
decomposition,” IEEE Trans. Pattern Anal. Machine Intell., vol. 12,
no. 1, pp. 38-45, Jan. 1990.
[13] C.Arcelli and G.Sanniti de Baja. “Computing Voronoi diagrams in
digital pictures,” Pattern Recognition Letters, pages 383-389, 1986.
[14] H. Blum and R. N. Nagel, “Shape Description Using Weighted
Symmetric Axis Features,” Pattern Recognition, vol. 10, pp. 167-180,
1978.
[15] Wai-Pak Choi, Kin-Man Lam and Wan-Chi Siu, “ An efficient
algorithm for the extraction of Euclidean skeleton,” IEEE Transaction
on Image processing, 2002.
[16] Frank Y. Shih and Christopher C. Pu, “A maxima-tracking method for
skeletonization from Euclidean distance function,” IEEE Transaction
on Image processing, 1991.
[17] Anil Jain, Arun Ross, Salil Prabhakar, “Fingerprint matching using
minutiae and texture features,” Int’l conference on Image Processing
(ICIP), pp. 282-285, Oct. 2001.
[18] John Berry and David A. Stoney “The history and development of
fingerprinting,” in Advances in Fingerprint Technology, Henry C. Lee
and R. E. Gaensslen, Eds., pp. 1-40. CRC Press Florida, 2 nd edition,
2001.
[19] Emma Newham, “The biometric report,” SJB Services, 1995.
[20] Arun Ross, Anil Jain, James Reisman, “A hybrid fingerprint matcher,”
Int’l conference on Pattern Recognition (ICPR), Aug 2002.
[21] A. M. Bazen, G. T. B.Verwaaijen, S. H. Gerez, L. P. J. Veelenturf, and
B. J. van der Zwaag, “A correlation-based fingerprint verification
system,” Proceedings of the ProRISC2000 Workshop on Circuits,
Systems and Signal Processing, Veldhoven, Netherlands, Nov 2000.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 351

Proceedings of ICCNS 08 , 27-28 September 2008
A Survey On Current Fingerprint Matching
Methods
Bharkad Sangita , and Manesh Kokare
Abstract Contrary to popular belief, despite decades of research in
fingerprints, reliable fingerprint recognition from large database is an
open problem. Extracting features out of poor quality prints is the
most challenging problem faced in this area. For that we need
effective and efficient fingerprint matching algorithms that meet user
requirements, to identifying similarity. This paper gives a brief
survey of current fingerprint matching methods and technical
achievement in this area. The survey includes a large number of
papers covering the research aspects of system design and
applications of fingerprint matching, image feature representation and
extraction. Furthermore future research directions are suggested.
Keyword Review, fingerprint matching, feature extraction, Gabor
filter, wavelet, Euclidian distance, enrollment.
I. INTRODUCTION
With the advent of electronic banking, e-commerce, and
smartcards and an increased emphasis on the privacy and
security of information stored in various databases, automatic
personal identification has become a very important topic.
Accurate automatic personal identification is now needed in a
wide range of civilian applications involving the use of
passports, cellular telephones, automatic teller machines, and
driver licenses. Traditional knowledge-based [password or
personal identification number (PIN)] and token-based
(passport, driver license, and ID card) identifications are prone
to fraud because PIN’s may be forgotten or guessed by an
imposter and the tokens may be lost or stolen. As an example,
Mastercard credit card fraud alone now amounts to more than
450 million U.S. dollars annually [2].
The fingerprints are known used since archeological dates
[10]. In 1684, plant scientist is Nehemiah Grew published first
ever-scientific paper on fingerprint. French Policemen:
Alphonse Bertillon (1882) conceived and then industriously
practiced the idea of using body measurements for solving
crime related problems. The features like height, finger index
and length of arm, leg and index finger along with the
sketches of the subject with the different camera views were
used. In 1983, Home Ministry Office, UK supported the
distinctiveness of fingerprint for criminal identification.
Subsequently the official use of fingerprint as reliable
biometric came into existence. Sir Francis Galton suggested
the minutiae features for the characterization of FP in 1888.
The paper is organized as follows. First we discuss the System
Architecture and Application of Fingerprint matching in
section II. In section III we review various features extraction
techniques to facilitate the fast search in large database
Conclusion and Future research directions are presented in
section IV.
II. SYSTEM ARCHITECTURE AND APPLICATIONS OF
FINGERPRINT MATCHING
A typical fingerprint verification process is shown in fig.1
which works in two phases: fingerprint enrollment phase and
fingerprint matching phase. In the fingerprint enrollment
phase, a sensor captures the fingerprint image from which the
various features of fingerprint image are extracted, processed,
and stored as a “master template.” In the fingerprint
identification phase, the above process repeats, resulting in the
generation of a “live template.” The two templates are
matched to determine a similarity score of the two
fingerprints. Matcher finds the similarity score. Similarity
score can be find out using simple and fast Euclidian distance
between the features of two fingerprint image. Decision is
taken from matching score of two-fingerprint image.
Sensor
Feature
Extraction
Reference
Templates
Archive
Enrollment Identification
Sensor
Feature
Extraction
Matcher
Decision
Fig. 1 Block Diagram of fingerprint matching system
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 352

Proceedings of ICCNS 08 , 27-28 September 2008
Applications: Following are the few applications where
fingerprint as a biometric is used for authentication.
a) Access controller ,Door lock ,Safes ,ATM
b) Personal computer/workstation security
c) Network/enterprise security
d) Internet content security
e) E-commerce ,Electronic transactions
f) Bank and financial systems
g) Medical information systems
h) Any password-based application
III. VARIOUS FEATURE EXTRACTION TECHNIQUES
Feature extraction plays an important role in fingerprint
matching system to support for efficient and fast matching
form large databases. Significant features must first be
extracted from image data. The local and global features
called minutiae of fingerprint are defined as
1) Core: The maximum curvature point [2], these can be
at the most two in given fingerprint type [10].
2) Delta: The triangular portion formed due to the flow,
at the most there can be two deltas in given FP type.
3) Minutiae: Ridge ending or Bifurcation is called as
Minutiae. Above-mentioned categories, i.e. Core,
Delta are called as minutiae; a good quality
fingerprint contains such 60 to 80 points [3].
Advanced features like loops; islands can be formed by
combination of all above minutiae. The input fingerprint
may not be good quality (due to noise in the acquisition
system, dirty fingerprint, variations in pressure applied by
the subject). Before going to matching, the fingerprint is
corrected against these variations by applying simple
spatial filters are discussed in [6]. The technique of
revisiting at the later stages of the validation stage [22]
providing the gray scale information for the reexamination
of gray scale profile I the detected minutiae
profile. The elastic distortion problem in the fingerprint
matching may lead to false correspondence. The
technique of the fingerprint matching with the thin Plate
Spine Modeling is discussed in [5]. This method is used
along with the minutiae based point pattern-matching
algorithm to minimize the effect of the Non-linear
distortion.
Minutiae points such as ridge endings and ridge
bifurcation to distinguish two fingerprint images from
different fingers are used in [16] and proved it is robust to
nonlinear deformation. Genuine problem with this method
is how to introduce more ridge information into the
matching process in a simple way.
Minutiae neither contain nor consider the rich
discriminatory information available in fingerprint. On
the other hand, fingerprint can be viewed as Oriented
Texture as described in [3]. This paper describes the
Novel Gabor Filter bank based method for fingerprint
Verification. Authors claim this method is effective in the
case of the systems where FAR requirement is high. This
method gives feature vector of size 640 bytes, there by
increasing the matching speed. The combination of the
minutiae based and Orientation based methods increases
the reliability of fingerprint matching. This method can be
used to classify the fingerprint images in to five classes
whorl, right loop, left loop, arch, and tented arch with
good accuracy by using two stage classifier [1]. The
method however suffers from the difficulty of the center
point location in case of the Noisy images shown in fig. 2.
This algorithm doesn’t consider the Non linear
deformation due to variations in pressure while
fingerprinting.
Fig. 2 Example of images, which were rejected because a valid
tessellation could not be established
To extract local and global fingerprint information eight
Gabor filters are used in [1]. Fig. 3 shows filtered images
after convolution with sixteen Gabor filters which are used to
capture ridge pattern information, which gives better matching
accuracy [7].
Fig. 3 (a) Filtered Images after convolution with sixteen Gabor Filters of
orientations (0, 11.25, 22.5, 33.75, 45, 56.25, 67.5, 78.75, 90, 101.25, 112.5,
123.75, 135, 146.25, 157.5, 168.75 degrees) (b) Corresponding Feature
vectors of sixteen filtered images
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 353

Proceedings of ICCNS 08 , 27-28 September 2008
Fingerprint friction ridge details are generally described in a
hierarchical order at three different levels, namely, Level 1
(pattern), Level 2 (minutia points), and Level 3 (pores and
ridge contours). To capture level three features high-resolution
scanner is required because 500 dpi not capable to capture
level three features. By using 1000 dpi scanner Anil K. Jain,,
Yi Chen and Meltem Demirkus proposed a high resolution
fingerprint matching using level three features such as pores
and ridge counters[8].
Even Gabor filter is used for enhancement in all above
methods, complex 2D Gabor filter is used in [9]. Results of
this algorithm shown that it provides only marginal
improvements over the real filter through the cost for using the
complex filter are significant. Only a small benefit to be
gained from complex filtering. Transfer function of even
gabor filter is shown below.
⎧
'2
'2
1 x y
⎫
⎪
⎡
⎤
⎪
G ( x,
y;
f , θ ) = exp ⎨ − ⎢ + ⎥ cos ( 2πfx
' ) (1)
2
2 ⎬
2 ⎢σ
' σ ' ⎥
⎪⎩ ⎣ x
y ⎦ ⎪⎭
x
'
= x sin θ +
y cos θ
'
y = x cos θ − y sin θ
Fast fingerprint verification can be achieved by localizing the
matching regions in captured fingerprint images [14]. The
Author claims that accurate fingerprint
matching can be achieved using very small bitmaps, making it
possible to implement very fast fingerprint authentication
systems using the relatively slow embedding processors.
In minutiae based fingerprint matching large number of
spurious pairs are generated which slow downs the matching
process and limits the matching efficiency. Spurious pairs can
be minimized using orientation-based ridge patterns to
improve minutiae features [17]. Also it reduces the error
caused by broken ridges by comparing two minutiae
regardless their types. Ridge bifurcation and its broken
versions are shown in fig. 4.
Fig. 4 Original bifurcation (a) and the three corresponding broken versions (b,
c and d)
Minutiae based fingerprint matching algorithm robust to
nonlinear deformation is discussed in [16]. Genuine problem
with this method is how to introduce more ridge information
into the matching process in a simple way.
Jain, Ross and Prabhakar presented [18] a hybrid matching
algorithm that uses both minutiae (point) information and
texture (region) information for matching the fingerprints and
proved combination of the texture-based and minutiae-based
matching scores leads to a substantial improvement in the
overall matching performance. To enhance the speed it is
required to implement the convolution operation via a
dedicated DSP chip.
The dedicate hardware array executing the algorithm is always
said to be faster than that of the software algorithm, [20]
discuss the FPGA based point pattern Minutiae Processor. The
author claims the matching speed by this method will be 2.6
×10 5 fingerprint matches/sec. But the paper didn’t consider
the communication latency and bandwidth requirements.
The fingerprint classification is the first step to the matching,
[12] describes the structural Approach to the fingerprint
classification. The method discussed is based on the inexact
Graph Matching. Internally it uses the fuzzy classifier to
accurately classify amongst the classes available.
The registration of the two-fingerprint containing noise is
difficult to tackle. None of the above-mentioned methods
speaks about this problem. In [4] discuss the feature space
correlation alignment/ matching without going for the
complex center point detection and extraction of the minutiae
points. The proposed scheme is inferior to the state of art
Minutiae based matching but Author claims that combination
of the Minutiae and correlation-based method performs well.
The binarization of the image before going for segmentation is
generally followed steps, but automatic detection of the
minutiae is very complex method, [11] discuss the minutiae
detection of the minutiae from the ridge following with the
gray scale image. The Author claims for the lesser
computational complexity as for as the binarization and
thinning concerned. The method can be useful for high
efficiency applications like online access control and low cost
biometrics.
The Matching performance of the Fingerprint can be also
addressed at the feature extraction itself. [15] Discuss the
extraction of different global features from the input
fingerprint, which then can be used as indexing mechanism of
the database along with classifier.
Continuing same problem of indexing of database for fast
matcher, [13] gives proprietary of indexing algorithm called
FLASH (Fast Look Up Algorithm for Structural Homology).
It is probabilistic indexing algorithm it is achieved by the table
of indices.
Effective fingerprint matching can be done using ridge count
matching and minutiae subset combination [19]. Matching
results are improved by using orientation based ridge patterns
and counting number of ridges between every two minutiae.
Minutiae points of fingerprint are summarized in following
fig. 5 [8].
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 354

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 5 Minutiae points of fingerprint
IV. CONCLUSION AND FUTURE WORK
Most of the recent efforts in fingerprint matching system
have focused on either minutiae points or texture of
fingerprint image. But only minutiae points or texture
information of fingerprint image give limited knowledge to
fingerprint system to take correct matching decision. Due to
this matching efficiency is affected in few percent. Very few
fingerprint-matching algorithms are based on both local and
global information of fingerprint image. These hybrid
algorithms give better efficiency but it consumes more time
for matching.
In hybrid algorithms bank of Gabor Filters is used for
fingerprint enhancement. Many current fingerprint matching
techniques uses Gabor based enhancement as compared
other existing enhancement algorithms like wavelet based,
knowledge based, neural network based techniques. All
existing enhancement techniques can not improve the
quality poor images and enhancement play a key role in
fingerprint matching system. However most of the current
techniques are suitable for small databases, can not produce
satisfactory results for large databases. So the ways of
improving matching results for large databases are urgently
needed. The final difficulty limiting progress in fingerprint
matching system. Unless there are reliable and widely
accepted ways of measuring effectiveness of new technique,
it will be impossible to judge whether they represent any
advancement on existing methods.
In this paper, we argue that for a fingerprint matching
system to be successful we need to develop approaches
robust to poor quality images, rotation invariant and also
produce good results for huge databases.
REFERENCES
[1] Anil K. Jain,Salil Prabhakar, and Lin Hong, “Multichannel approach to
fingerprint classification”, IEEE Transaction on Pattern Analysis
and Machine Intelligence, Volume 21,No.4, April 1999[p1999].
[ 2 ] A. K. Jain, "Bi om et ri cs", i n The World Book
Encycloped i a
[3] A. K. Jain , Salil Prabhakar, Lin Hong, Shath Pankanti, “Filter Bank
Based Fingerprint Matching”, IEEE Transaction on Image
processing volume 9 number 5 May 2000.
[4] Arun Ross, James Reinsman, A.K.Jain, “Fingerprint Matching with
Feature Space Correlation”, ECCV Workshop on Biometric
Authentication, LNCS 2359, pp. 48 –57, Denmark, June 2002.
[5] Asker M. Bazen, Sahib H. Gerez, Fingerprint Matching by thin-plate
Spline Modeling of Elastic Deformation, Pattern Recognition
Journal Volume 36, Number 8, August 2003 issue, page (1859-
1867).
[6] B. M. Mehtre Fingerprint Identification, Wiley Encyclopedia of EEE,
Volume 7 (527-538).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 355

Proceedings of ICCNS 08 , 27-28 September 2008
[ 7 ] Mu h ammad Umer M u n i r and Dr. M u h ammad You n u s
Javed , “ Fi n g erp rint M atchin g R i d ge Patt ern s” IEEE
Transaction 0-7803-9421-6/05 2005.
[8] Anil K. Jain, Yi Chen, and Meltem Demirkus, “Pores and Ridges:
High-Resolution Fingerprint Matching Using Level 3 Features”,
IEEE Transaction on Pattern Analysis and Machine Intelligence,
Vol. 29, No. 1, January 2007
[.9] M. Horton, P. Meenen, R. Adhani, P. Cox, “ The Cost and Benefits of
2D Complex Gabor Filters in a Filter Based Matching”, IEEE
Transaction 0-7803-7339-1/02 2002
[10] D. Maltoni, D. Maio, A.K. Jain, S. Prabahkar, Handbook of fingerprint
Recognition Springer, New York, 2003.
[11] Dairo Maio, Davide maltoni, “Direct Gary Scale mnitiae Dtection in
fingerprint, ”, IEEE Transaction on Pattern Analysis and Machine
Intelligence, Vol 19 January 1997.
[12] Dairo Maio, Davide maltoni, “Structural Approach to fingerprint
Classificaton”, IEEE Proceeding of ICPR’ 96, Page (578-585).
[13] Gray Taubes New Strategy for matching Game, White paper, IBM
Thomas J. Watson Research center.
[14] K. C. Chan, Y. S. Moon, and P. S. Cheng, “Fast Fingerprint
Verification Using Sub regions of Fingerprint Images”, IEEE
Transactions on Circuits and Systems for Video Technology, Vol.
14, No. 1, January 2004.
[15] Johan de Boer, Asker M. Bazen and Sahib H. Gerez, “Indexing
Fingerprint Database on multiple Features”, ProRISC 2001
Workshop on circuit system and signal processing, Veldhoven,
Netherlands, November 2002.
[16] Xiping Luo, Jie Tian and Yan Wu, “A Minutia Matching Algorithm in
Fingerprint Verification”, 0-7695-0750-6/00 IEEE Transactions
2000.
[17] Lifeng Sha and Xiaoou Tang, “Orientation-improved Minutiae for
Fingerprint Matching”, Proceedings of the 17th <strong>International</strong>
<strong>Conference</strong> on Pattern Recognition (ICPR’04) 1051-4651/04 IEEE.
[18] Ani1 Jain, Arm Ross and Salil Prabhakar, “Fingerprint matching using
minutiae and texture features”, 0-7803-6725-1/01/2001 IEEE
[19] Lifeng Sha, Feng Zhao, and Xiaoou Tang, “Minutiae-based
Fingerprint Matching Using Subset Combination”, The 18th
<strong>International</strong> <strong>Conference</strong> on Pattern Recognition (ICPR'06) 0-7695-
2521-0/06 2006
[20] Ratha N.K., Jain A.K., “FPGA based computing in computer vision
computer Architecture for Machine perception”, 1997. CAMP 97.
Proceedings Fourth IEEE <strong>International</strong> Workshop on , 20-22 Oct.
1997 Pages: 128-137.
[22] Salil Prabhakar, A.K. Jain, Sharath Pankanti, “Learning Fingerprint
Minutiae Location and Type”, Pattern Recognition Journal Volume
36, Number 8, August 2003 issue, page (1847-1857)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 356

Proceedings of ICCNS 08 , 27-28 September 2008
Consistent Key Generation from Fingerprint
Identifier with Probabilistic approach
dynamically
First A. Pallavi Talegaonkar, Second B. Dr. Aditya Abhyankar, and Third C. Prof. Abhijeet Patankar
Abstract— Identification and authentication of a user is the
basic need of today because of steadily increasing online and
offline applications, like online banking, credit card
authorization etc. In traditional cryptosystems, authentication
was done using passwords, PIN’s or tokens which was
vulnerable to attack easily. Next was use of long cryptographic
keys which are again not very user friendly and can be stolen
or shared. Biometric identifiers make use of physiological or
behavioral traits associated with the person. They have an edge
over traditional security methods because they cannot be easily
stolen, forgotten or shared. With the advent of applications
requiring transmission of biometric information using public
network, for personal authentication, it has become necessary
to embed strong security in the system for protection of
biometric template. Different cryptographic key
binding/generation algorithms have been implemented for
protection of biometric. But still original biometric template is
required for matching which has privacy and security threats.
To overcome drawbacks of previous key binding/ generation
techniques this paper presents a new method of generating a
consistent key from biometric itself dynamically. This
approach is purely probabilistic. For this, biometric
information can be statistically learned and probabilistic
matching will be performed to discriminate genuine from
imposters. This paper deals with generating helper data/ key
from a fingerprint identifier which can be used for encryption
of biometric template, as fingerprint-based identification is one
of the most mature, less expensive and proven technique. Main
objective would be to generate a consistent key based on
probabilistic sense dynamically.
Keywords—Biometric Key, Fingerprint Identifier,
Probabilistic matching, Statistical test
A
I. INTRODUCTION
A. Origin of the Research Problem
uthentication or identification of a user is important
in many applications such as credit card
authorization, building access control and bank
ATM access. Passwords, PINs, tokens are traditional
F. A. Pallavi Talegaonkar is studying in D.Y. Patil COE, Akurdi,
Pune India (corresponding author to provide phone: 91-022-;
e-mail: pallavi.talegaonkar@ gmail.com).
S. B.Aditya Abhyankar, is with VIIT, Kondhava, Pune India. He is
now Head R&D with the Department of IT, Pune University, Pune ,
India (e-mail: aditya1210@gmail.com).
T. C. Abhijeet Patankar is with the Computer Engineering
Department, University of Pune, Pune, 411044 India (e-mail:
abhijitpatankarmail@gmail.com).
means of identification and authentication. Short
Passwords are easy to remember and use, but can be
guessed easily. Whereas if they are long, it will be
difficult to remember them, so they will be stored
somewhere and so vulnerable to attack. On the other
hand, if we opt to go for cryptographic keys, they also
need to be stored as they are long and secret. Again to
access them one needs authentication which can be given
through passwords again. So this problem is nothing but
Password System Paradox.
Biometrics can effectively solve this paradox because
they possess ease of passwords as well as complexity of
cryptographic keys. One need not remember the
biometric features as they are inherent and give unique
identification. Biometric identifiers have an edge over
traditional security methods because they cannot be
easily stolen, shared or forgotten unlike passwords. The
consequences of an insecure authentication system in a
corporate or enterprise environment can be catastrophic,
and may include loss of confidential information, denial
of service, and compromised data integrity. Fortunately,
automated biometrics in general, and fingerprint
technology in particular, can provide a much more
accurate and reliable user authentication method.
Biometric information is irrevokable and hence cannot
be compromised. With the advent of applications
requiring transmission of biometric information using
public networks, for personal authentication, it has
become necessary to embed strong security in the
system. This paper deals with ways to generate helper
data/ keys for biometric template by using biometric
information itself instead of using cryptographic ’keys’
for security[1,2].
B. Combining Biometrics with Cryptography
A number of researchers have studied the interaction
between biometrics and cryptography, two potentially
complementary security technologies. Biometrics is
about measuring unique personal features, such as a
subject’s voice, fingerprint, or iris. It has the potential to
identify individuals with a high degree of assurance,
thus providing a foundation for trust. Cryptography, on
the other hand, concerns itself with the secure
transmission of the confidential information from sender
to receiver using different encryption techniques. The
main obstacle to algorithmic combination is that
biometric data are noisy by nature; only an approximate
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 357

match can be expected to a stored template.
Cryptography, on the other hand, requires that keys be
exactly right, or protocols will fail. One bit change will
also affect the performance.
There have been a number of attempts to bridge the gap
between the fuzziness of biometrics and the exactitude of
cryptography, by deriving biometric keys from key
stroke patterns [2], the human voice, handwritten
signatures, fingerprints, and facial characteristics.
However, so far, these attempts have suffered from an
excessive False Rejection Rate (FRR) – usually over
20%, which is unacceptable for practical applications.
Second, many proposals have failed to consider security
engineering aspects, of which the most severe are the
irrevocability of biometrics and their low level of secrecy
[2,5]. The following issues are investigated to design
robust biometric encryption scheme:
– Design of a model to evaluate the performance in terms
of ease of use, computational complexity, reliability,
consistency and user’s privacy
– Improve upon statistical measures for biometric
representation and design a fuzzy matcher to enhance the
performance of the security system
In this framework attacks are possible at two levels,
namely communication level and database level. Also,
the nature of these attacks is twofold. First stolen
information can be used for authentication resulting in a
security breach. 'Security'threat here is referred to as
threat to the application (online banking) and not the
user. Second, the original biometric may be regenerated
from the stolen information resulting in a privacy threat.
Classifying the vulnerability as `privacy-related' or
`security'gives a method of separating the two threats
and thus better assess the vulnerabilities[1]. This paper
makes effort in the same direction i.e. how a biometric
key can be useful for protection of biometric itself. The
biometric template chosen is the fingerprint identifier
which is the most proven, less expensive and mature
modality in biometrics. The fingerprint template of a user
will be used to generate keys based on probabilistic
matching i.e. in parametric sense. So main objective of
this project would be to generate keys from fingerprint
identifier which will be consistent (probabilistic sense)
and will pass the stochasticity test.
II. OVERVIEW OF RELATED WORK
As biometric systems are an integral part of a security
system, its vulnerability must be assessed. Furthermore,
biometrics has an additional requirement to consider
because the biometric information itself reveals private,
personal details about the person’s physiologic or
behavioral characteristics. Thus, biometric information
must not be leaked because of security and privacy
concerns.
each session, i.e. dynamic, to prevent replay attacks.
Existing solutions use key-based encryption, timestamp
based schemes, data hiding schemes , or a modified
challenge-response mechanism [1,2]. Standard
encryption can provide the confidentiality and integrity
Proceedings of ICCNS 08 , 27-28 September 2008
A. Use of Cryptographic keys :
In all previous approaches of biometric encryption a PIN
or cryptographic key was securely bound to a biometric
and key would be retrieved on successful acquisition of
the biometric template. Key is completely independent of
biometric. Drawbacks of this technique are as follows
1) it requires access to biometric templates for biometric
matching and
2) user authentication and key release are completely
decoupled.
Because the system stores biometric template locally, the
design raises concerns about the theft of biometric data.
Another approach was to get one-way transform which is
irrevertible from biometric template and store it in the
database for matching instead of actual biometric
template.
B. Resent Developments
Previous work has shown that it is possible to perform :
(1) replay attacks, i.e. resubmit a stolen template to the
system to achieve authentication[1],
(2) hill climbing attacks, i.e. with knowledge of the
algorithm iteratively guess the template to improve the
match score until a match is achieved , and
(3) reconstruct the original biometric from a stolen
template.
Research has begun to address these issues with the goal
to achieve ”Cancelable”, ”privacy protecting”, and
”dynamic” biometric systems[1,5]. First, cancelable
means numerous biometric templates can be generated
from a single biometric and privacy protecting implies
that the generated biometric passwords leak only
negligible amount of information, if any, about the
original template. Main principle to achieve this in
existing systems is to perform a one-way transformation
of the templates. Recent results indicate that it is feasible
to create cancelable (revocable) templates. For example,
N. Ratha [6] proposed randomized facial image
distortions as the basis for template generation. Other
methods use error-correction codes to derive a secret
from the biometric features and use self-generated data
(i.e. biometric features) to perform the one-way
transformation, termed biometric cryptosystems [1,2].
Many of these systems require pre-alignment of the
biometric templates before the one-way transformation,
which is difficult to achieve in practice. Acquisition
noise in the biometric also poses a challenge to the
design of a robust transformation. Errors in the extracted
biometric features due to the acquisition noise remain to
be modeled.
Second, it is required that the data sent on
communication channel from template generator
(client/encoder) to the matcher (server/decoder) assures
the freshness of the template used for authentication for
to the data, but do not ensure freshness of data.
Encryption can ensure freshness by changing the key for
every session, but this does not guarantee the freshness
of template generation. Inclusion of timestamps and onetime
transformations. requires synchronization of the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 358

clocks. One-time biometrics [1] is a recent proposal that
attempts to combine both concepts of cancelable
biometrics. Biometric authentication system using selfgenerated
helper data/key has been implemented for Iris
template. The system was tested using CASIA iris
database.
III. SYSTEM DESCRIPTION FOR KEY GENERATION FROM
FINGERPRINT
Fortunately, automated biometrics can provide the
security advantages of long passwords while retaining
the speed and characteristic simplicity of short passwords
in authentication systems. Next step is to protect
biometric data using biometric encryption, for which we
have adopted the new method of generating a consistent
key from fingerprint template dynamically. As the key is
self-generated, so no need to remember or store the key
or password.
The current focus is to generate helper data/key from the
fingerprint identifier and making it suitable to work in
the encryption scheme with probabilistic matching.
A Methodology
Following is the block diagram of methodology used for
key generation from fingerprint image taken from the
FVC 2004 database for testing purpose.
Step 1 : Select the fingerprint image
Proceedings of ICCNS 08 , 27-28 September 2008
Right now the images will be selected which are
available in the database. The fingerprint image database
is downloaded from (Fingerprint Verification Contest)
FVC 2004 which is a standard database of fingerprint
images having 8 different images per fingerprint. At a
time single fingerprint image is selected to generate its
key representation. We are handling all grayscale images,
if it is colored image then it is converted into grayscale.
Step 2 : Enhance the fingerprint Image
A fingerprint is the pattern of ridges and valleys on the
surface of a fingertip. Each individual has unique
fingerprint. Uniqueness is exclusively determined by the
local ridge characteristics and their relationships. The
two most common ridge characteristics, called minutiae,
are 1) ridge ending and 2) ridge bifurcation.
In an ideal fingerprint image, ridges and valleys alternate
and flow in a locally constant direction and minutiae are
anomalies of ridges. Many a times acquired fingerprint
images are of poor quality in which ridge structures are
not well-defined. An enhancement algorithm can
improve the clarity of the ridge structures in fingerprint
image. Various visual clues, like ridge orientation, ridge
continuity etc. are obtained to correctly identify the
fingerprint by fingerprint experts.
The goal of an enhancement algorithm is to improve the
clarity of ridge structures of fingerprint images in
recoverable regions and to remove unrecoverable region.
Refer fig. 5 in [3].
Fig. 1. Key Generation Process
Fig. 2. ( a) Original fingerprint image, (b) Core point on fingerprint, (c) ROI, (d)Feature Extraction using Gabor filter in 6 directions
e) responses obtained from Gabor filter in 6 directions
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 359

Steps used are – 1) Normalization, 2) Orientation Image
estimation, 3) Frequency Image Estimation, 4)Region
Mask Generation and 5) Filtering .
Step 3 :Obtain reference point and Region of Interest
Core point of a fingerprint is a reference point which
gives us unique traits of the fingerprint. Region of
Interest is the region of specific radius centered at
reference point from which the characteristic invariant
features can be extracted for smaller key size.
Following parameters will be stored for each image to
store the core point-
(x, y) : Coordinate values of Core point for a fingerprint
θ : Orientation at reference point
In order that a reference point algorithm gracefully
handle local noise in a poor quality fingerprint, the
detection should necessarily consider a large
neighborhood in the fingerprint. To meet these
conflicting requirements of an accurate and reliable
localization, a new method of reference point
determination based on multiple resolution analysis of
the orientation fields as discussed in [4] has been used.
This method locates the reference point more precisely
than the algorithm proposed in [3].
Tessellate image into region of Interest for a fingerprint-
For simplicity the ROI is taken as a rectangle around
the core point in a fingerprint. Core point of a fingerprint
is a reference point which gives us unique
traits of the fingerprint. Region of Interest is the region
of specific radius centered at reference point
(a)
(b)
Fig. 3: (a) Reference point (+), (b) Region Of Interest
, so that we can reduce the size of key to extract this
invariant features.
Step 4 : Feature extraction from ROI using Gabor
filter- Features will be extracted with the help of Gabor
filter.
I – Region of Interest, Sx & Sy : Variances along x and
y-axes respectively, f : The frequency of the sinusoidal
function, and θ : The orientation of Gabor filter
Gabor Filter - The Gabor filter is basically a Gaussian
(with variances sx and sy along x and y-axes
respectively) modulated by a complex sinusoid (with
centre frequencies U and V along x and y-axes
respectively). Gabor filterbanks are a well-known
technique to capture useful information in specific
Proceedings of ICCNS 08 , 27-28 September 2008
bandpass channels as well as to decompose this
information into biorthogonal components in terms of
spatial frequencies. As this filtering is based on
parameters, like variance, direction(θ), and frequency of
sinusoidal function, the parametric matching will be
done in probabilistic sense for the key generated.
Even symmetric Gabor filter can be described by the
following equation –
(1)
where f is the frequency of the sinusoidal plane wave
along the direction θ from the X -axis, and dx’, dy’are
the space constants of the Gaussian envelope along x’
and y’ axes, respectively[4].
Step 5 : Quantization of response to binary
representation.
The output of the Gabor filter is the response obtained
in 6 directions (θ = 0 to 5pi/6 in steps of pi/6). All the
responses are collected together into a double matrix
(6*441) whereas response in single direction gives the
matrix of size 21by21 double. This whole matrix is
converted to unsigned integer where we apply a one way
transformation. So it is difficult to get original details
back. Finally this integer matrix is converted to
equivalent binary form and stored into a text file which
is given as input to the testing suite.
Step 6 : Statistical testing for consistency based on
probabilistic matching
This is the last stage where key pattern generated in
previous stage will be tested by NIST STS testing tool.
This testing will be done based on probabilistic
parametric sense. Total 5 parametric tests have been
used to test the key in binary form. Following are the
details of different tests applied.
Step 7 : Comparison with reference model
In this the output of the testing is the P-value which
gives the status as accept or reject the sequence(key) and
according to the feedback obtained from last stage i.e.
+/- the parameters used for filtering and size of filter
mask will be changed and repeat the process.
B NIST Statistical Test Suite
In this project we are developing a key generator from
a biometric which should meet the requirements of
cryptographic generator, so that it will be suitable for
encryption of biometric. In particular, their output of
generator must be unpredictable in the absence of
knowledge of the inputs. Some criteria for characterizing
and selecting appropriate generators based on parametric
and non-parametric sense is available through NIST
STS.
Some recommended statistical tests are provided in
this test suite. These tests may be useful as a first step in
determining whether or not a generator is suitable for a
particular cryptographic application. However, no set of
statistical tests can absolutely certify a
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 360

generator as appropriate for usage in a particular
application, i.e., statistical testing cannot serve as a
substitute for cryptanalysis. [7].
Following parametric tests are applied :
1. Approximate Enrtopy : Sequences with large
approximate entropy must have substantial fluctuation or
irregularity. Alternatively, small values of this
characteristic imply strong regularity, or lack of
randomness, in a sequence.
2. Block Frequency test : The test is based on the
proportion of zeroes and ones. Specifically, it tests the
closeness of the proportion of ones to 0.5. The
frequency within a block test is a refinement that tests
the proportion of ones within M-value blocks.
3. Overlapping Templates
4. Serial Test
Proceedings of ICCNS 08 , 27-28 September 2008
5. Linear Complexity test : Given a random binary
seed, subsequent bits are generated using X-OR
operator.
Testing procedure: The key generated in previous step
in binary form into text file is given as input to this test
suite. Input mode selected is Hex digits in binary format
and regenerate mode. This text file is treated as m binary
sequences each of length n, where m and n values and
block length vary for each test.
For each statistical test evaluates the sequence and
returns the set of P-values as output. P-values are
probabilistic values which lie in the unit interval of[0,1].
A sequence passes a statistical test whenever the P-value
>= significance level( ). Few tests have been carried
out and giving expected results.
Fig 4 (a)1_3.tif original fingerprint, (b) Image with Core Point of fingerprint, (c) Region of Interest, (d) Gabor Filter response in θ=0, pi/6, pi/3,
pi/2, 2pi/3 & 5pi/6
Fig. 5 (a).1_2.tif original fingerprint, (b) Image with Core Point of fingerprint, (c) Region of Interest, (d) Gabor Filter response in θ=0, pi/6, pi/3,
pi/2, 2pi/3 & 5pi/6
IV. RESULTS
The key generation procedure was tested with
FVC 2004 database. This database has total 8 images
for each fingerprint of different quality. Here are the
results of keys obtained from fingerprints of different
quality starting from highest to lowest.
As shown above Fig. 4 and Fig. 5 show four stages
of key generation for fingerprints of same finger.
The core point is detected accurately as each image is
enhanced before core point detection. Fig. 6 gives the
responses obtained for another fingerprint.
The filter output obtained as shown above is
converted to a text file having binary version of filter
response. This text file is given as input to NIST Statistical
Test Suite to check this output(key pattern) in parametric
sense.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 361

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE I
P-VALUE OBTAINED FOR EACH PARAMETRIC TEST
Sr. Parametric P-value Conclusion
No. Test applied
1. Approximate
Entropy Test
2. Non-periodic
Templates Test
3. Overlapping
Templates Test
4. Linear
Complexity
Test
1.0000 for
all the
sequences
generated
Total 148
data sets
generated
with p-value
= 1.0000
1.0000 for
all the
sequences
generated
1.0000 for
all the
sequences
generated
V. CONCLUSION
Successfully
passed test
for
randomness
Traditional knowledge-based password or Personal
Identification number(PIN) and token-based
identifications are prone to fraud because PIN’s may be
forgotten or guessed by an imposter and the tokens may
be lost or stolen. Biometrics which refers to identifying
an individual based on his/her physiological or
behavioral characteristics has the capability to reliably
distinguish between an authorized person and an
imposter. Among all the biometrics ( e.g. face,
fingerprint, hand geometry, iris, retina, signature, voice
print, ear etc.) fingerprint- based identification is one of
the most mature and proven technique. The project
presents a new method for generating a consistent key
dynamically from biometric identifier (fingerprint ) using
stored statistical representations of the biometric. Key
generated is being tested for Fingerprint database with
probabilistic matching and statistical learning using
NIST Statistical Test Suite.
The advantages of this new method of key generation
can thus be summarized as :
1) Automatic key generation without user intervention
i.e. user need not remember any key or password, so it is
user-friendly.
2) Stored information in the database cannot be used to
authenticate or obtain original biometric signal.
3) We can hypothesize that matcher does not give
information helpful in hill climbing attack.
4) Generated representations are `dynamic', so we can
hypothesize that it will prevent replay attacks.
Keys generated are tested for randomness, unique
reproducibility and acceptance criteria decided. It can be
used in other approaches like, Cancelable biometrics,
biometric cryptosystems and one time biometrics etc.
Key generation process is over and testing for
consistency with different parametric tests is in progress.
Results of testing for intra-class(2 images of same
fingerprint) and inter-class(2 images of different
fingerprints) will be analyzed for matching.
REFERENCES
[1] Encryption of Biometric Templates using Self-generated
and Dynamic Helper Data by Dr. Aditya Abhyankar, Amith
Vijayat, Sunil Kumar and Stephanie Schuckers - American
standard journal central, ID #5432109, Feb 2007, pg no 405-
437.
[2] Biometric Encryption – A white paper by Alex Stoianov,
Ph.D. Biometrics Scientist in March 2007.
[3] Fingerprint Image enhancement : algorithm and
performance evaluation – Lin Hong, Yifei Wan and Anil Jain,
IEEE Transactions on Pattern analysis and machine
intelligence.
[4] Anil K. Jain, Fellow, IEEE, Salil Prabhakar, Lin Hong, and
Sharath Pankanti Filterbank-based Fingercode generation
IEEE transactions on image processing, vol. 9, no. 5, May
2000.
[5] Combining Cryptography with biometrics effectively -
Feng Hao, Ross Anderson, John Daugman in Technical Report
of University of Cambridge, Computer department.
[6] N. Ratha. Enhancing security and privacy in biometricsbased
authentication systems. IBM systems journal,
40:614{6134, 2001}.
[7] Umut Uludag, Sharath Pankanti, Salil Prabhakar, Anil K.
Jain Biometric Cryptosystems: Issues and Challenges-,
Proceedings of IEEE, Vol. 92, No. 6, June 2004.
[8] A Statistical Test Suite For Random And Pseudorandom
Number Generators For
Cryptographic Applications NIST Special Publication 800-22
(with revisions dated May 15, 2001)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 362

Proceedings of ICCNS 08 , 27-28 September 2008
Multimodal Biometric system using shape and texture based Components.
1st A: Mr.Deshmukh Sudarshan S, 2nd B: Prof.Thakore Devendra, 3rd C:Wathap Sapankumar Rajkumar
A: Lecturer, Army Institute Of Technology, Dighi Hills, Pune University, Pune.India,
B: Asst.Professor,B.V.D.U.C.O.E. ,Pune. India.
C:Associate System Engg. IBM India Pvt. Ltd, M.E.(CSE-IT)Pune University, Pune.India
sapan_wathap@yahoo.co.in
Abstract:
In this paper we propose a multimodal biometric
system, which combines shape with texture. The
main problem of the existing system, especially those
that include texture features such as palm print, is the
processing time consumed by the feature extraction
step is very large which is not suitable for real-time
applications. A practical use system requires response
faster than one second or so. In this paper, we
propose a multimodal system based on shape and
texture components of any image components that
enhance the performance of the system and overcome
the above mentioned drawbacks. Also proposed
system utilizes the shape and texture features which
contain about 85% of image features, so extraction
data is tremendously reduced without any effect on
matching criteria of the system. The proposed system
identifies a person in less than a second, so it is
appropriate for real time applications.
I. Introduction:
Numerous applications for personal identification
exist and more are emerging daily. Biometric identity
verification is attracting a lot of people’s attention,
because biometric traits are inherent to the person,
which cannot be lost, stolen, shared, or forgotten [1].
As a result, the area of biometrics will continue to be
an area of interest for many researchers [5].
Unimodal biometric systems are usually affected by
problems including noisy sensor data, non
universality and lack of individuality of the chosen
biometric trait, absence of an invariant representation
for the biometric trait and susceptibility to
circumvention [2, 3]. Some of these problems can be
relieved by using multimodal biometric systems,
which consolidate evidence from multiple biometric
sources [4]
It is generally accepted that ideally a
biometric should satisfy the four criteria of
universality, uniqueness, permanence, and collect
ability [6].The choice of biometric identifiers has a
major impact on the performance of the system.
Some of the major biometric identifiers in use today
are fingerprint [1, pp.43-64], hand geometry [8], iris
[1, pp. 103-121], and face [1, pp. 65-86].The human
hand provides the source for a number of
physiological biometric features. The idea of using
hand features as a means of personal identification is
not new. This approach was proposed as early as the
1970s [15].The features are extracted from hand
geometry, hand contour, hand palm, hand pressure
profile, etc. Hand geometric systems use an optical
camera to capture two orthogonal two dimensional
images of the palm and sides of the hand, offering a
balance of reliability and relative ease of use. They
typically collect more than 90 dimensional
measurements, including finger width, height, and
length; distances between joints; and knuckle shapes
[16]. Hand geometry readers can function in extreme
temperatures and are not impacted by dirty hands (as
fingerprint sensors can be) or dusty environment.
They are commonly used for access control to
facilities, time clocks, or controlled areas. The large
size of the current hand geometry readers restricts
their use in widespread applications such as those
requiring small user interfaces (e.g., home computer
user, keyboard). Hand-geometry readers could be
appropriate where users access the system
infrequently and are perhaps less disciplined in their
approach to the system. A number of commercial
systems which make use of these features are
currently available and used in numerous applications
[17]. The five pairs of fingers to be compared are
extracted from the contours and aligned separately.
The Mean Alignment Error between two sets of
contours is used to quantify the match quality. Hand
palm based authentication systems have also been
proposed [18]. The system acquires the hand palm
image, uses the binarized image to select and
normalize the hand palm region of interest which is
measured as a texture, and a Support Vector Machine
is used as verifier. The combination of the hand palm
measurements with geometric ones provides a
significant improvement in the verification rate.
II. Feature statistics of finger print, hand
geometry, and palm print:
Quality of a image is a kay of matcher performance
before a matcher algorithm. The matcher will
perform not well for poor quality image [11].Two
new quality indices for fingerprint images based on
energy concentration in the frequency domain as a
global feature and spatial coherence in local regions
[12], some other researchers also addressed the
importance of fingerprint image quality in AFIS
[13,14]. Palm-print and fingerprint are texture
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 363

Proceedings of ICCNS 08 , 27-28 September 2008
features, they are inherent possibility characters.
Therefore, we extended the fingerprint image quality
estimation to palm-pint. WSQ method is employed
for us to estimate the fingerprint and palm-print
quality, and then we can check the biometric image
quality to make a decision whether the given image is
suit for the latter subsequent processing or select one
from multimodal biometric database. Based on the
following main requirements that biometric identifier
to recognize a person should satisfy i.
e.(1)Universality ,(3) Distinctiveness (2),
Performance (4), Acceptability, it is shown that
fingerprint and Hand Geometry have a very good
balance of all desirable properties (Table-1).
Biometric Identifier (1) (2) (3) (4)
Hand
Geometry(Shape)
M H M H
Palm (Texture) H M H H
Fingerprint M M H H
Face H H L L
Voice M M L L
Table-1: Biometric identifiers properties
III. Hand shape modeling by active shape
modeling:
A active shape model is defined to fix the two major
difficulties in active shape model [10]. Its problems
are the contour initialization which must be close to
the real form and the model convergence in detection
phase. Classically, the form to detect is defined by a
set of points: the landmarks. In training phase, the
average form and the contour variations are
computed by Principal Components Analysis on an
annotated hands database by these landmarks. In
segmentation phase, the contour is initialized by the
characteristic points of the hand: the five fingertip
points and the four points located in the valley
between two adjacent fingers. These points are
calculated from the probabilities map by contour
analysis. Next, two other points are automatically
added close to wrist from these points. The others
landmarks defining with more precision the hand
shape are disposed between those. Thus, the model X
is defined by the 11 initial points and N intermediate
points between those. X is obtained by
X=[x(0),……,x(11+n*10-1))
where X[i] is the ith landmark. After the initialization
phase, the model is deformed. To control the problem
of model divergence which does not follow the real
hand contours, a weight is applied to deformations to
limit the shape constraints [7]. So that the gradient
only uses the hand contours and thus limits the
possibilities of form divergence, it is computed in
skin color space by Di Zenzo algorithm [9]. Then,
this gradient is balanced by the coefficient of the
probabilities map pixels. The experiments show that
a good compromise between the execution time and
the detection precision is obtained by fixing N at 12.
1) Texture Algorithm:
As mentioned before, a palm print can be represented
by some line features. Different algorithms has been
proposed to extract the principal lines
[22][25][26][27][28]. However, these principal lines
are not sufficient to represent the uniqueness of each
individual's palm print because different people may
have similar lines in their palm prints [29] and
because the lines geometry depends on the fingers
spread [22]. In addition, some palm prints images do
not have clear wrinkles. As a result, we try to extract
texture features from palm print images. First, we
proposed a differential scheme for texture extraction
in [18]. In this paper we have used a 2D Gabor phase
coding scheme for palm print representation, which
has been user in [29] and for iris recognition
[30].Before applying the Gabor filter, we have to
select the palm print area with scale, rotation and
translation invariance. This area is selected as
follows: we calculate the centre of the circumference
that minimize the square error with the 4 valleys
between fingers. An example of the result can be
seen in figure 6.
Once obtained the centre, which is invariant to the
translation, we extract a circle with radius 200 pixels.
To obtain rotation invariance, the hand inclination
angle a is obtained as the slope of the line going from
the valley between little and ring fingers to the valley
between index and heart finger. The hand palm image
is rotated an angle equal to 90-ac. Figure 7 shows an
example of palm image with translation and rotation
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 364

Proceedings of ICCNS 08 , 27-28 September 2008
invariance. The circular Gabor filter is an effective
tool for texture analysis of the palm image, and has
the following general form:
where i=√-1,∞ - u is the frequency of the sinusoidal
wave,0 controls the orientation of the function, and a
is the
standard deviation of the Gaussian envelope. To
make it more robust against brightness, a discrete
Gabor filter G[x, y, 09 it, cr], is turned to zero
average with the application of the following
formula:
be robust the distance between the hand and the
acquisition device. Fusion by characteristics
convolution increases the hand uniqueness. It enables
to distinguish people having hand shapes or palms
very similar.
IV. Performance Review:
By comparing the existing biometrics ,Our current
system that comprises shape and texture properties
evolved the system performance by 87% w.r.t. time
and accuracy.
where (2n + 1)2 is the size of the filter. In fact, the
imaginary part of the Gabor filter has zero average
because of the odd symmetry. The adjusted filter is
used to filter the palm print image It should be
pointed out that the success of 2D Gabor phase
coding scheme depends on the selection of Gabor
filter parameters, 0, a, and u In our system, we
applied a tuning process to optimize the selection of
these three parameters. Finally, we have used a
Gabor filter of size n=10, 9= 7r/4, cr=0.8 and u=0.l.
Additional practical details: We have taken into
account just the real part of the 2D Gabor filter. Once
the palm print image has been filtered, it is crop to
100x1O0 pixels image. We chose the central portion.
Since the filtered image is not binary and automatic
thresholding procedure is applied to convert it to
black and white image. This procedure gives a value
of 1 to the 4000 pixels with the higher value, and the
rest are reset to 0 values. Finally, the image is
reduced to 50x50pixels. The resulting image is the
texture used as feature.
2) Texture and shape fusion
Three combination methods are used in biometric
systems. The combination can be carried out with the
representation by gathering the extracted
characteristics, at the comparison level or at the
decision level. Our fusion is based on the palm
texture convolution with the hand shape features in
order to add a geometrical factor to texture. The
result of this convolution is binarised to limit the
characteristics size and the computing times in
comparison phase. The complete process is defined
by:
S(x,y)= b(C(x,y)*H(x,y)) (1)
Where b(x)=0 if x

Proceedings of ICCNS 08 , 27-28 September 2008
[5] A.K. Jain, R. Bolle, and S. Pankanti, Biometrics:
Personal Identification in Networked Society, Kluwer
Academic Publishers, 2001.
[6] J.D.Woodward, N.M.Orlans, P.T.Higgins,
Biometrics: Identity assurance in the information age,
Mc Graw Hill, 2003
[7] J.Doublet,O.Lepetit, M. Revenu: "Hand detection
for contactless biometrics identification", Cognitive
System with Interactive Sensors, Paris, 2006.
[8] R. Sanchez-Reillo, C. Sanchez-Avila, A.
Gonzalez-Marcos,"Biometric identification through
hand geometry measurements", in IEEE Transactions
on Pattem Analysis and Machine Intelligence, vol.
22, no. 10, pp. 1168-1171, 2000.
[9] S. Di Zenzo, "A note on the gradient of a multiimage",
Computer Vision, Graphics and Image
Processing, 33(1), 1986.
[10] T.F.Cootes,C.J.Taylor,"Statistical models of
appearance for computer vision", Technical
report,University of Manchester, UK,1999.
[11]. Tabassi, E.,Wilson, C.,Watson. Fingerprint
Image Quality[C].NIST research report NISTIR7151
(August,2004)
[12]. Yi Chen, Sarat Dass, and Anil Jain. Fingerprint
quality indices for predicting authentication
performance. In Fifth AVBPA, pages 160-170, Rye
Brook. July, 2005
[13]. Nalini K.Ratha and Ruud M. Bolle. Fingerprint
image quality estimation. IBM computer science
research report RC21622, 1999
[14]. Lim, E., et al. Fingerprint quality and validity
analysis.IEEE <strong>International</strong> conference on Image
Processing, 1,202-207 2002
[15] Ernst, Richard H, Hand 1D System, U.S.Patent
No 3576537,[16] S. Gonzalez, C.M. Travieso, J.B.
Alonso, M.A. Ferrer,"Automatic Biometric
Identification system by hand geometry", 37th IEEE
<strong>International</strong> Carnahan <strong>Conference</strong> on Security
Technology, pp. 39-41, 2003.
[17] D.L.Woodward, Exploiting finger surface as a
biometric identifier, University of Notre Dame,
Indiana, U.S.A.,December 2004.
[18] M.Rafael Diaz, Carlos "Biometric System based
in the feature of hand palm",in 38th IEEE
Intemational Carnahan <strong>Conference</strong> on security
Technology, Albuquerque, New Mexico, pp. 136-
139, October 11-14, 2004.
[19] Marcos Faundez-Zany, "Data Fusion in
Biometrics", in IEEE Aerospace and Electronic
Magazine, pp. 34-38, January 2005.
[20] S. Ribarit, D.Ribaric and N. Pavesi6,
"Multimodal biometric user-identification system for
network-based applications", in IEEE Proceedings on
Vision Image Signal Processing, vol. 150,No. 6, pp.
409-416. December 2003.
[2 1]Slobodan Ribarit, Ivan Fratic, "A Biometric
Identification System Based on EigenPalm and
Eigenfinger Features", in IEEE Transactions on
Pattern Analysis and Machine Intelligence, vol. 27,
no. 11, pp. 1698-1709, November2005.
[22] Junta Doi, Masaaki Yamanaka, "Discrete Finger
and Palmar Feature Extraction for Personal
Authentication", in IEEE Transactions on
Instrumentation and Measurement, vol. 54,no.6, pp.
2213-2219, December 2005.
[23] M. Faindez-Zanuy, Miguel A. Ferrer-Ballester,
Carlos M.Travieso-Gonzalez, Virginia Espinosa-
Dur6, "Hand Geometry Based Recognition with a
MLP Classifier", in Computer Science, vol.
3832/2005, pp. 721-727, ISSN:0302-9743, 2005.
[24] Carlos M Travieso, J. B. Alonso, S. David,
Miguel A. Ferrer,"Optimization of a biometric
system identification by hand geometry" Complex
systems intelligence and modern technological
applications, Cherbourg, France, pp. 581-586,19-22
September 2004.
[25] Chin-Chuan Han, Hsu-Liang Cheng, Chih-Lung
Lin, Kuo-Chin Fan, "Personal authentication using
palm-print features",in Pattern Recognition, vol. 36,
pp. 371-381, 2003
[26]P.A.Recobos-Rodriguez,"Biometric dentification
by dermatoglyphics", in Intemational conference on
Image Processing, vol. 1, pp. 319-322, 1996.
[27] Xiangqian Wu, Kuanquam Wang, "A Novel
Approach of Palm Line Extraction", in Proceedings
of the Third lnternational <strong>Conference</strong> on Image and
Graphics, pp 230-233,2004
[28] Paul S. Wu, Ming Li, "Pyramid edge detection
based on stack filter", in Pattern recognition letters,
vol 18, pp. 239-248,1997
[29] David Zhang, Wai-Kin Kong, Jane You,
Michael Wong,"Online Palmprint Identification", in
IEEE Transactions on pattem analysis and Machine
Intelligence, vol. 25,no.9,pp.1041-1050, Sept 2004.
[30]J,G.daugman, "High Confidence Visual
Recognition of Persons by a Test of Statistical
Independence", in IEEE
Transaction on Pattem Analysis and Machine
Intelligence,vol. 15,no.11, pp. 1148-1161, November
1993.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 366

Proceedings of ICCNS 08 , 27-28 September 2008
DCT Applied to Column Mean and Row Mean
Vectors of Image for Fingerprint Identification
First A. Dr. H. B. Kekre, Second B. Ms. Tanuja K. Sarode, and Third C. Sudeep D. Thepade
Abstract— The paper presents a novel approach of texture
based fingerprint identification using DCT feature vector.
Here we have avoided taking entire fingerprint image DCT.
Instead, we are taking the DCT of column mean vector, row
mean vector and then both column and row mean vectors for
feature extraction. These DCT feature vectors are used for
fingerprint identification.
The identification process becomes faster as the technique
does not need any preprocessing to be dome on fingerprint
images and entire image transform is avoided. The technique
even works on the images with poor quality, that is with
cropping, noise and scratches. The accuracy of results for
verification is best for using both column and row mean
feature vectors. The row mean vector is generated simply as a
vector with averages of all rows in the fingerprint image.
The advantage of using DCT over row mean and column
mean vectors is that, it drastically reduces the number of
computations in feature extraction as compared to DCT
applied over entire image. The biggest advantage of this
method is ease of extension of fingerprint database. Adding
new fingerprint in the database is simple and faster, because
for every new image the DCT feature vector is computed and
inserted in the table of fingerprint feature vectors. This is
easier and takes less time as compared to minutiae based or
principal component analysis based identification.
Keywords—Security using Biometrics, Fingerprint
Verification, Texture Based Technique, DCT, Row mean vector,
Column mean vector.
N
I. INTRODUCTION
ow a days use of Biometric Features in security is
gaining importance due to the properties like uniqueness
for every individual human being and unchangability
throughout the lifespan of human being. Many biometric
F. A. Dr. H. B. Kekre is Senior Professor working with MPSTME,
NMIMS University, Vileparle(W), Mumbai-56. (phone: 9323557897; e-mail:
hbkekre@yahoo.com).
S. B. Ms. Tanuja K. Sarode, is Ph.D. Scholar from MPSTME, NMIMS
University, Vileparle(W), Mumbai-56. Assistant Professor working with
Thadomal Shahani Engg. College,Mumbai(e-mail: tanuja_0123@yahoo.com)
T.C. Sudeep D. Thepade is the Lecturer, IT Department, Thadomal
Shahani Engineering College, Mumbai. Ph.D. Scholar from MPSTME,
NMIMS University, Mumbai-56, India (phone: 9766258833 e-mail:
sudeepthepade@gmail.com)
features are used for verification of human being like face,
signature, voice, retina, hand (palm), gesture and fingerprint.
Out of these fingerprint verification is most widely
researched. Many approaches have been proposed for
fingerprint verification and identification.
Here we have proposed a novel faster and better fingerprint
verification technique which does not need preprocessing of
fingerprint images and even works with poor quality of
images. The extension of the database is not only faster but
also comparatively easier in the proposed method.
II. LITERATURE SURVEY
Numerous biometric techniques [28] like face, fingerprint,
hand geometry, iris, retina, signature, voice print, facial
thermo gram, hand vein, gait, ear, odor, keystroke dynamics
are studied and proposed by researchers. Fingerprint-based
identification is the one of the most mature, proven and
reliable [25,26,27] technique which has been most extensively
used by forensic experts in criminal investigations [29]. The
area of fingerprint verification and identification is very
widely and extensively being researched. People have
explored numerous techniques on feature extraction and
matching algorithms, yet these are still challenging for better,
easier and faster techniques. Fingerprint feature extraction and
matching methods may be broadly classified into two
categories: minutiae based[16] , correlation based [30], and
image-texture based [16]. Even hybrid of these two is
considered in some techniques.
Minutiae based methods [10,13] are the most popular and
widely used. These use a feature vector extracted from
fingerprints as sets of points in a multi-dimensional space. The
feature vector may comprise several characteristics of
minutiae such as type, position, orientation, etc. A typical
minutiae-based method essentially searches for the best
alignment between the template and the input minutiae sets.
Most minutiae-based methods suffer from several
shortcomings. For example, extracting minutiae from a poorquality
fingerprint image may result in low matching
accuracy. In addition, these methods may not fully utilize the
rich discriminatory information available in the fingerprints
with high computational complexity [16]. The minutiae based
approach has many short comings like it is difficult to extract
the minutiae points accurately when the fingerprint is of low
quality and these methods does not take into account the
global pattern of ridges and furrows.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 367

Proceedings of ICCNS 08 , 27-28 September 2008
The correlation-based techniques compare the global
pattern of ridges and furrows to see if the ridges in the
fingerprints align [30, 31]. It has some of its own
shortcomings. Correlation-based techniques require the
precise location of a registration point and are affected by
image translation and rotation. The performance of
correlation-based techniques is affected by non-linear
distortions and noise present in the image [30,31].
The image-texture based methods [1,11,12,22,27,29], use
features other than minutiae points from the fingerprint ridge
pattern, such as local orientation and frequency, ridge shape,
and texture information. These methods mainly deal with
feature like transforms, principal component analysis and
moments. These methods are more reliable than minutiae
because the feature extraction is more steadfast. They usually
require less preprocessing effort than minutiae based methods
using global information from a fingerprint, but they have
limited ability to track variations in position, scale, and
rotation angle of a fingerprint [27]. Invariance to an affine
transform should be included for matching in order to deal
with different input conditions and hence to enhance
matching accuracy. The texture Hybrid methods [2,17,18,21]
using features from both approaches have recently been
explored. These methods have mostly the same problems as
the minutiae-based methods.
In this paper, an image-texture based algorithm using
DCT coefficients feature vector of column mean vector and
row mean vector is proposed. It first finds the column mean
vector by taking average of intensity values of pixels in each
column of fingerprint image and then DCT is applied to this
column mean vector. Even the DCT coefficients of row mean
vector are obtained by the same method. The DCT
coefficients of column mean vector and row mean vector are
considered as features for fingerprint identification.
III. PROPOSED METHOD
A. Column and Row Mean Vectors
The row mean vector is the set of averages of the
intensity values of the respective rows. The column mean
vector is the set of averages of the intensity values of the
respective columns.
If fig.1 is representing the fingerprint image with 4 rows
and 4 columns, the row and column mean vectors for this
image will be as given below.
Row Mean Vector =
[Avg(Row 1), Avg(Row 2), Avg(Row 3), Avg(Row 4)]
Column Mean Vector =
[Avg(Col. 1), Avg(Col. 2), Avg(Col. 3), Avg(Col. 4]
Row
1
Row
2
.
.
Row
n
Col.
1
35
78
…
68
Col. ….
2
34 …
24
…
76
…
…
…
Col
n
25
68
…
45
Fig. 1 Sample Fingerprint Image Template
(with size nxn)
The DCT can be applied to these vectors. The generated
DCT coefficients will be playing the role of feature vectors of
the fingerprint image which can further be used for fingerprint
identification or fingerprint entry in the database. After taking
DCT of row mean or column mean vector we are neglecting
the first coefficient in formation of feature vector as it will be
overall average of all pixel intensity values in the image and
does not represents any texture information of the fingerprint.
B. Algorithm for fingerprint identification
Compute Column
Mean Vector
Feature Vector part1
Apply DCT to
Column Mean Vector
Avg(Row 1)=
(35+34+..+25)/n
Avg(Col. n)=(25+68+..+45)/n
Input
Fingerprint
Image
Feature Vector
Part 1 + Part 2
Match Feature Vector
with feature database
Using SED
Identification
Best Match
Compute Row
Mean Vector
Feature Vector part 2
Apply DCT to
Row Mean Vector
Feature
Database
Fig. 2 Fingerprint Identification Using Proposed Technique
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 368

Proceedings of ICCNS 08 , 27-28 September 2008
The Block diagram of fingerprint identification is shown in
figure 1., and steps 1 to 5 describes the algorithm with all
details. Squared Euclidean Distance (SED) can be used as a
matching parameter for fingerprint identification process. SED
between feature vector of query image and feature vectors of
database images should be computed and some threshold be
kept.
• Step 1 : To prepare column mean vector
Here we take average of all intensity values of
pixels in each column of fingerprint image and
construct a vector of all column means.
• Step 2 : To prepare row mean vector
Here we take average of all intensity values of
pixels in each row of fingerprint image and construct
a vector of all row means.
• Step 3 : DCT Features of column mean vector
Apply DCT on the column mean vector of
fingerprint image and store the DCT coefficients as
feature vector part one.
• Step 4 : DCT Features of row mean vector
Apply DCT on the row mean vector of fingerprint
image and store the DCT coefficients as feature
vector part two.
• Step 5 : Matching of DCT features
The DCT features of part one and two are matched
with all entries in the database DCT features part one
and two respectively. Using minimum squared
Euclidian distance the best match is found.
The technique is faster than all other techniques for
fingerprint identification because no preprocessing is done
here. In other techniques preprocessing steps such as denoising,
de-smudging, and thinning are needed as
prerequisites.
As no preprocessing required, the feature extraction from
fingerprint image becomes faster.
C. Algorithm for adding new fingerprint in database
For the image which is to be added to the fingerprint
database, DCT Features of column mean vector and DCT
Features of row mean vector are computed as part one and
part two using the steps 1 to 4 discussed in III A.
Then these DCT features of part one and two are inserted
into the table of feature vectors of the database. This
completes addition of new image into the fingerprint database.
Compute Column
Mean Vector
Feature vector part 1
Apply DCT to
Column Mean Vector
Input
Fingerprint
Image
Feature Vector
Part 1 + Part 2
Add Feature Vector
In the feature database
Compute Row
Mean Vector
Feature Vector part 2
Apply DCT to
Row Mean Vector
Fig. 3 New Fingerprint Entry in Database
Using Proposed Technique
IV. RESULTS AND DISCUSSION
Feature
Database
The method is applied on the database of 42 fingerprint
images of size 256x256. The column and row mean vectors
are obtained for each image and then the feature vector is
created after applying the DCT on these mean vectors. These
feature vectors were stored in the database feature table.
The dimension of DCT column feature vector is 255, as the
first DCT coefficient value is not considered because it
represents the average intensity of the image and hence it does
not contain any texture information. Similarly DCT row
feature vector is obtained with size 255 by neglecting the first
DCT column value.
Squared Euclidean Distance (SED) is used as a matching
parameter for fingerprint identification process. SED between
feature vector of query image and feature vectors of database
images is computed and threshold kept is 0.02.
Table 1 shows the False Acceptance Ratio (FAR) and
Genuine Acceptance Ratio (GAR) for fingerprint
identification using DCT row feature, DCT column feature
and both methods for poor quality images which are shown in
Fig. 2, Fig. 3, Fig. 4.
With increase in noise FAR is increasing. From table 1 we
can conclude that the technique even works for the images
with poor quality with respect to noise, cropping and
scratching.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 369

Proceedings of ICCNS 08 , 27-28 September 2008
A. Robustness of Proposed Method to Cropping
Fig. 1 Original Fingerprint Image
2.a 11.52% 2.b 17.27% 2.c 20.79% 2.d 26.18%
Fig. 2 Cropping of Fingerprint
Images
In table we can observe that the False Acceptance Ratio
(FAR) is increasing with increase in percentage of cropping in
the fingerprint image and Genuine Acceptance Ratio
(GAR) is decreasing with increase in cropping percentage.
FAR is directly proportional to the cropping percentage in
the fingerprint image. and GAR is inversely proportional.
Further the point to be noted is that FAR is higher when
DCT row feature vector or DCT column feature vector are
considered individually. When DCT column and DCT row
vectors are considered together the FAR is reduced
drastically.
The important observation is that even at very high
cropping as high as 26 %, FAR is very low as 12 % using
DCT row feature vector only and 24% using DCT column
feature vector only but is improved to 2% using DCT row and
DCT column feature vectors together. Also the genuine
image identification chances are 98%, even when only 74 %
of fingerprint image is available.(26% cropped) using both
DCT row and DCT column feature vectors together for
identification. This proves that the technique proposed here is
very robust against cropping of fingerprint image.
Fig. 1 Original Fingerprint Image
2.a 11.52% 2.b 17.27% 2.c 20.79% 2.d 26.18%
Fig. 2 Cropping of Fingerprint
Images
B. Robustness of Proposed Method to Noise
The observations from table 1 for Noise in the fingerprint
image shows that the proposed technique gives 100 % genuine
acceptance (GAR=1) of the fingerprint even if the fingerprint
image is noisy up to 25%. So False Rejection ratio is zero
even if the one fourth of the information in the image is
noisy.
So the proposed technique is very robust to noise in
fingerprint images.
C. Robustness of Proposed Method to Scratching on
Fingerprint Images
Sometimes the fingerprint images may have scratching
on them. The proposed technique gives 98 % accuracy
(GAR) even if scratching has as high as 20% .Thus the
proposed method is also robust to high percentage of
scratching in the fingerprint.
4.a 5.88%
4.b 10.37%
D. Robustness of Proposed Method to Rotation of
Fingerprint Images (both CW and CCW)
4.c 15.57%
4.d 20.77%
Fig. 4 Scratched Fingerprint Images
The proposed method is also applied to the rotated
fingerprint images and it is found that the proposed
technique is robust to the clockwise (CW) and anti
clockwise (CCW) rotation of fingerprint images up to 10
degrees. (i.e. in range +10 to -10 degrees).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 370

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE I
FAR AND GAR FOR POOR QUALITY FINGERPRINT IMAGES
Cropped
Images
Noisy Images
Scratched
Images
Row Column Both
%
Distortion FAR GAR FAR GAR FAR GAR
Fig 2.a 11.52 0.05 0.95 0.02 0.98 0 1
Fig 2.b 17.27 0.05 0.95 0.05 0.95 0 1
Fig 2.c 20.79 0.05 0.95 0.07 0.93 0 1
Fig 2.d 26.18 0.12 0.88 0.24 0.76 0.02 0.98
Fig 3.a 5.73 0 1 0 1 0 1
Fig 3.b 13.88 0 1 0 1 0 1
Fig 3.c 20.28 0 1 0 1 0 1
Fig 3.d 25.43 0 1 0 1 0 1
Fig 4.a 5.88 0 1 0 1 0 1
Fig 4.b 10.37 0 1 0 1 0 1
Fig 4.c 15.57 0 1 0.07 0.93 0 1
Fig 4.d 20.77 0.02 0.98 0.12 0.88 0.02 0.98
KEY OBSERVATIONS :
1. FAR IS LOWER WHEN DCT ROW AND DCT COLUMN FEATURE VECTORS BOTH ARE CONSIDERED TOGETHER THAT INDIVIDUAL
2. FAR IS DIRECTLY PROPORTIONAL TO PERCENTAGE OF CROPPING IN FINGERPRINT IMAGE WHILE GAR IS INVERSELY PROPORTIONAL.
3. EVEN AT HIGH NOISE RATES (AT 255 ) FALSE REJECTION RATE IS 0% AND GENUINE ACCEPTANCE RATE IS 100%
4. GAR IS 98% AT THE SCRATCHING PERCENTAGE OF 20% WHERE FAR IS NEGLIGIBLE (ONLY 2%)
[6] R.C. Gonzalez, R.E. Woods, Digital Image Processing, second ed.,
V. CONCLUSION
Prentice-Hall, 2002, pp. 672–675.
[7] L. Hong, Y. Wan, A.K. Jain, Fingerprint image enhancement: algorithm
and performance evaluation, IEEE Trans. Pattern Anal. Mach. Intell. 20
(1998) 777–789.
[8] P. Howland, H. Park, Generalizing discriminant analysis using the
generalized singular value decomposition, IEEE Trans. Pattern Anal.
Mach. Intell. 26 (8) (2004) 995–1006.
[9] M.K. Hu, Visual pattern recognition by moment invariants, IRE Trans.
Info. Theory IT-8 (1962) 179–187.
[10] A.K. Jain, L. Hong, S. Pankanti, R. Bolle, An identity—authentication
system using fingerprints, Proc. IEEE 85 (9) (1997) 1365–1388
[11] A.K. Jain, S. Prabhakar, L. Hong, S. Pankanti, Filterbank-based
fingerprint matching, IEEE Trans. Image Process. 9 (5) (2000) 846–
859.
[12] A.T.B. Jin, D.N.C. Ling, O.T. Song, An efficient fingerprint
verification system using integrated wavelet and Fourier-Mellin
invariant transform, Image Vis. Comput. 22 (6) (2004) 503–513.
REFERENCES [13] J. Liu, Z. Huang, K. Chan, Direct minutiae extraction from gray-level
fingerprint image by relationship examination, in: <strong>International</strong>
<strong>Conference</strong> on Image Processing, vol. 2, 2000, pp. 427–430.
[14] M. Liu, X.D. Jiang, A. Kot, Fingerprint reference-point detection,
We have proposed a novel faster and better fingerprint
identification technique which does not need preprocessing of
fingerprint images and even works with poor quality of
images. Proposed technique is quite rugged against cropping,
noise, scratches and rotation (range +10 to -10 degrees). The
feature extraction is faster because the computational
complexity is reduced from O(N 3 ) to O(N 2 ). Even the
extension of the database is not only faster but also
comparatively easier in the proposed method.
[1] T. Amornraksa, S. Tachaphetpiboon, Fingerprint recognition using EURASIP J. Appl. Signal Process. 2005 (4) (2005) 498–509.
DCT features, Electron. Lett. 42 (9) (2006) 522–523. [15] M. Liu, X.D. Jiang, A. Kot, Fingerprint retrieval by complex filter
[2] F. Benhammadi, M.N. Amirouche, H. Hentous, K.B. Beghdad, M. Responses, in: <strong>International</strong> <strong>Conference</strong> on Pattern Recognition
Aissani, Fingerprint matching from minutiae texture maps, Pattern (ICPR), Hongkong, 2006, pp. 1042–1045.
Recognit. 40 (1) (2007) 189–197. [16] D. Maltoni, D. Maio, A.K. Jain, S. Prabhakar, Handbook of Fingerprint
[3] S. Chikkerur, A.N. Cartwright, V. Govindaraju, Fingerprint Recognition, Springer, Berlin, 2003, pp. 135–137, 164-165.
enhancement using STFT analysis, Pattern Recognit. 40 (1) (2007) [17] K.A. Nagaty, An adaptive hybrid energy-based fingerprint matching
198–211.
technique, Image Vis. Comput. 23 (2005) 491–500.
[4] O. Duda, P.E. Hart, D.G. Stork, Pattern Classification, second ed., [18] L. Nanni, A. Lumini, A hybrid wavelet-based fingerprint matcher,
Wiley, 2000, pp. 107–110.
Pattern Recognit. 40 (11) (2007) 3146–3151.
[5] R.O. Duda, P.E. Hart, D.G. Stork, Pattern Classification, second ed.,
Wiley, 2000, pp. 157–117.
[19] K. Nilsson, J. Bigun, Localization of corresponding points in
fingerprints by complex filtering, Pattern Recognit. Lett. 24 (2003)
2135–2144.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 371

Proceedings of ICCNS 08 , 27-28 September 2008
[20] A. Ross, A.K. Jain, J. Reisman, A hybrid fingerprint matcher, Pattern
Recognit. 36 (7) (2003) 1661–1673.
[21] L.F. Sha, F. Zhao, X.O. Tang, Improved fingercode for filterbank-based
fingerprint matching, in: <strong>International</strong> <strong>Conference</strong> on Image
Processing, vol. 2, 2003, pp. 895–898.
[22] J. Shi, A. Samal, D. Marx, How effective are landmarks and their
geometry for face recognition, Comput. Vis. Image Underst. 102 (2006)
117–133.
[23] D. Tao, X. Li, S.J. Maybank, X. Wu, Human carrying status in visual
surveillance, in: IEEE <strong>International</strong> <strong>Conference</strong> on Computer Vision
and Pattern Recognition, vol. 2, 2006, pp. 1670–1677.
[24] D. Tao, X. Li, X. Wu, S.J. Maybank, General tensor discriminant
analysis and gabor features for gait recognition, IEEE Trans. Pattern
Anal. Mach. Intell. 29 (10) (2007) 1700–1715.
[25] Anil Jain, Arun Ross, Salil Prabhakar, “Fingerprint matching using
minutiae and texture features,” Int’l conference on Image Processing
(ICIP), pp. 282-285, Oct. 2001.
[26] John Berry and David A. Stoney “The history and development of
fingerprinting,” in Advances in Fingerprint Technology, Henry C. Lee
and R. E. Gaensslen, Eds., pp. 1-40. CRC Press Florida, 2 nd edition,
2001.
[27] Emma Newham, “The biometric report,” SJB Services, 1995.
[28] A. K. Jain, L. Hong, Y. Kulkarni “A Multimodel Biometric System
using Fingerprint, Face, and Speech,” Proc.2 nd Int’l <strong>Conference</strong> on
Audio- and Video-based Biometric Person Auhentification, Washington
D.C., pp. 182-187, 1999.
[29] Federal Bureau of investigation, The Science of Fingerprints:
Classification and Uses, Washington, D.C., 1984, U.S. Government
Printing office.
[30] Arun Ross, Anil Jain, James Reisman, “A hybrid fingerprint matcher,”
Int’l conference on Pattern Recognition (ICPR), Aug 2002.
[31] A. M. Bazen, G. T. B.Verwaaijen, S. H. Gerez, L. P. J. Veelenturf, and
B. J. van der Zwaag, “A correlation-based fingerprint verification
system,” Proceedings of the ProRISC2000 Workshop on Circuits,
Systems and Signal Processing, Veldhoven, Netherlands, Nov 2000.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 372

ICCNS 08
Digital
Watermarking

Proceedings of ICCNS 08 , 27-28 September 2008
AUDIO STEGANOGRAPHY
1. S.M.Bhadkumbhe 2. M.C.Hingane 3. G.M.Bhandari 4.S.B.Choudhari 5. S.V. Phulari
Abstract
Steganography is the science of hiding secret
messages within an otherwise normal, innocent
medium. Steganography has long been in use,
even before the invention of the computer.The
power of steganography is hiding the secret
messages obscurity, hiding its existence in a non
secret files. Now days, messages are typically
hidden within digital images, video and audio.
This paper focuses on one particular popular
technique, Least Significant Bit (LSB)
Embedding, using digital audio as the medium.
The terminology is that a message is hidden
within a cover audio file to produce a stegoaudio
file. First, the mp3 audio format is
discussed. Then, variations of LSB Embedding
are detailed. Finally, the advantages and
disadvantages of LSB Embedding are
summarized. While the MPEG/audio
compression algorithm is lossy, often it can
provide transparent perceptually lossless
compression even with compression factor of 6-1
or more. The algorithm works by exploiting the
perceptual properties of the human auditory
system.
Keywords: Steganography , MPEG Decoder,
LSB Encoding, Binary coding
1 Introduction
1.1 Audio Steganography
There are 2 main ways to hide information
in an audio file: binary encoding and nonbinary
encoding. Binary encoding involves
modifying certain bits of the cover file to
conceal the plaintext secret message while
attempting to make these changes in a way
that will not alter the sound file so much that
the difference is audible to an observer. With
binary encoding, any plaintext type can be
hidden, because the scheme is not sensitive to
message type and encodes arbitrary bitstreams.
Non-binary encoding involves taking
advantage of the properties of the sound waves
themselves to hide information. Since we are
using this scheme with audio files, it is
important that the plaintext file is of a
particular type. This algorithm is applied to
uncompressed-audio (PCM format) WAV
files, at 44,100 samples per second, 16 bits per
sample. A WAV file is composed of several
”chunks”, starting with the format chunk, and
following with the data chunk. The format
chunk contains information about the data
chunk, such as the size of the file, the sample
rate, the number of channels, and the number
of bits per sample. Some of this information is
useful to us in our schemes. The data chunk is
a sequence of integers, one per sample, whose
range is specified by the sample rate. Both of
our schemes involve modifying the data chunk
of the file, leaving the overall file format
intact.
1.2 Binary MP3 Encoding
There is another binary-encoding scheme in
which the algorithm works by inserting a
secret file, in text format, into the carrier MP3
file during the compression process.
MP3Stego is based on manipulating bits in the
MP3 encoding process in order to store
information in the final file. The paper
describes uses the psychoacoustic model to
determine an acceptable amount of noise in the
cover file, and limits the capacity to encode
data to that threshold.
1.3 MPEG/audio Features and Applications
MPEG/audio is a generic audio compression
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 373

Proceedings of ICCNS 08 , 27-28 September 2008
standard. Unlike vocal-tract-model coders
specially tuned for speech signals, the
MPEG/audio coder gets its compression
without making assumptions about the nature
of the audio source. Instead, the coder exploits
the perceptual limitations of the human
auditory system. Much of the compression
results from the removal of perceptually
irrelevant parts of the audio signal. Removal
of such parts results in inaudible distortions,
thus MPEG/audio can compress any signal
meant to be heard by the human ear. In
keeping with its generic nature, MPEG/audio
offers a diverse assortment of compression
modes:
• The audio sampling rate can be 32kHz,
44.1kHz, or 48 kHz.
• The compressed bit stream can support one
or two audio channels in one of 4 possible
modes:
1. a monophonic mode for a single audio
channel,2. a dual-monophonic mode for two
independent audio channels (this is
functionally identical to the stereo mode),
3. a stereo mode for stereo channels with a
sharing of bits between the channels, but no
joint-stereo coding, and 4. a joint-stereo mode
that either takes advantage of the correlations
between the stereo channels or the irrelevancy
of the phase difference between channels, or
both.
• The compressed bit stream can have one of
several predefined fixed bit rates ranging from
32 to 224 kbits/sec per channel. Depending on
the audio sampling rate, this translates to
compression factors ranging from 2.7 to 24. In
addition, the standard provides a "free" bit rate
mode to support fixed bit rates other than the
predefined rates.
• MPEG/audio offers a choice of three
independent layers of compression. This
provides a wide range of tradeoffs between
codec complexity and compressed audio
quality:
Layer I is the simplest and is best suited for
bit rates above 128 kbits/sec per channel. For
example, Philips' Digital Compact Cassette
(DCC) uses Layer I compression at 192 kbits/s
per channel.
Layer II has an intermediate complexity and
is targeted for bit rates around 128 kbits/s per
channel. Possible applications for this layer
include the coding of audio for Digital Audio
Broadcasting (DAB®), for the storage of
synchronized video-and-audio sequences on
CD-ROM, and the full motion extension of
CD-interactive, Video CD.
Layer III is the most complex but offers the
best audio quality, particularly for bit rates
around 64 kbits/s per channel. This layer is
well suited for audio transmission over ISDN.
All three layers are simple enough to allow
single-chip, real-time decoder
implementations.
• The coded bitstream supports an optional
Cyclic Redundancy Check (CRC) error
detection code.
• MPEG/audio provides a means of including
ancillary data within the bitstream.
In addition, the MPEG/audio bitstream makes
features such as random access, audio fast
forwarding, and audio reverse possible.
The key to MPEG/audio compression is
quantization. Although quantization is lossy,
this algorithm can give "transparent",
perceptually lossless, compression. The
MPEG/audio committee conducted extensive
subjective listening tests during the
development of the standard. The tests showed
that even with a 6-to-1 compression ratio
(stereo, 16 bits/sample, audio sampled at 48
kHz compressed to 256 kbits/sec) and under
optimal listening conditions, expert listeners
were unable to distinguish between coded and
original audio clips with statistical
significance. Furthermore, these clips were
specially chosen because they are difficult to
compress. Reference 7 gives the details of the
set up, procedures and results of these tests.
Figure 1 shows block diagrams of the
MPEG/audio encoder and decoder. The input
audio stream passes through a filter bank that
divides the input into multiple subbands of
frequency. The input audio stream
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 374

Proceedings of ICCNS 08 , 27-28 September 2008
simultaneously passes through a
psychoacoustic model that determines the ratio
of the signal energy to the masking threshold
for each subband. The bit or noise allocation
block uses the signal-to-mask ratios to decide
how to apportion the total number of code bits
available for the quantization of the subband
signals to minimize the audibility of the
quantization noise. Finally, the last block takes
the representation of the quantized subband
samples and formats this data and side
information into a coded bit stream. Ancillary
data not necessarily related to the audio stream
can be inserted within the coded bit stream.
The decoder deciphers this bit stream, restores
the quantized subband values, and reconstructs
the audio signal from the subband values.
2 MP3 Decoding
2.1 Decoder Structure
The decoder has the following structure:
Fig 2 Granule structure
The frequency spectrum ranges from 0 to FS/2
Hz. The subbands divide the spectrum into 32
equal parts. The subbands each contain 18
samples that have been transformed to the
frequency domain by a modified discrete
cosine transform (MDCT).
The 576 frequency lines in a granule are also
divided into 21 scale factor bands that have
been designed to match the critical band
frequencies as closely as possible. The scale
factor bands are used primarily for the
requantization of the samples.
The frame consists of four parts: header, side
information, main data, and ancillary data:
Fig 1 MP3 decoder structure
The different parts of the decoder are
described in more detail below.
2.2 Frame Format
The frame is a central concept when decoding
MP3 bitstreams. It consists of 1152 mono or
stereo frequency-domain samples, divided into
two granules of 576 samples each. Each
granule is further divided into 32 subband
blocks of 18 frequency lines apiece:
Fig 3 Frame structure
The length of a frame is constant for a fixed
bitrate, with the possible deviation of one byte
to maintain an exact bitrate. There is also a
variable bitrate format where the frame lengths
can vary according to the momentaneous
demands of the encoder. The main data (scale
factors and Huffman coded data) are not
necessarily located adjacent
to the side information,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 375

Proceedings of ICCNS 08 , 27-28 September 2008
2.2.1 Header
The header is always 4 bytes long and contains
information about the layer, bitrate, sampling
frequency and stereo mode. It also contains a
12-bit syncword that is used to find the start of
a frame in a bitstream, e.g. for broadcasting
applications.
2.2.2 Side Information
The side information section contains the
necessary information to decode the main data,
such as Huffman table selection, scale factors,
requantization parameters and window
Selection. This section is 17 bytes long in
single channel mode and 32 bytes in dual
channel mode.
Fig 4 Bit stream organization
There are two main areas of modification
which are to be considered. First, the storage
environment, or digital representation of the
signal that will be used, and second the
transmission pathway the signal might travel.
2.2.3 Main Data
The main data section contains the coded scale
factor values and the Huffman coded
frequency lines (“main data”). The length
depends on the bitrate and the length of the
ancillary data. The length of the scale factor
part depends on whether scale factors are
reused, and also on the window length (short
or long). The scalefactors are used in the
requantization of the samples,
The demand for Huffman code bits varies with
time during the coding process. The variable
bitrate format can be used to handle this, but a
fixed bitrate is often a requirement for an
application (e.g. for broadcasting). Therefore
there is also a bit reservoir technique defined
that allows unused main data storage in one
frame to be used by up to two consecutive
frames:
3 Data hiding in audio
When developing a data-hiding
method for audio, one of the first
considerations is the likely environments
the sound signal will travel between
encoding and decoding.
Fig 5 Data hiding
There are two critical parameters to most
digital audio representations: sample
quantization method and temporal sampling
rate. The most popular format for representing
samples of high-quality digital audio is a 16-
bit linear quantization, e.g., Windows Audio-
Visual (WAV) and Audio Interchange File
Format (AIFF). Another popular format for
lower quality audio is the logarithmically
scaled 8-bit m-law. These quantization
methods introduce some signal distortion,
somewhat more evident in the case of 8-bit m-
law. Popular temporal sampling rates for audio
include 8 kHz (kilohertz), 9.6 kHz, 10 kHz, 12
kHz, 16 kHz, 22.05 kHz, and 44.1 kHz.
Sampling rate impacts data hiding in that it
puts an upper bound on the usable portion of
the frequency spectrum (if a signal is sampled
at ~8 kHz, you cannot introduce modifications
that have frequency components above 4kHz).
For most data-hiding techniques we have
developed, usable data space increases at least
linearly with increased sampling rate. A last
representation to consider is that produced by
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 376

Proceedings of ICCNS 08 , 27-28 September 2008
lossy, perceptual compression Algorithms,
such as the <strong>International</strong> Standards
Organization Motion Pictures Expert Group—
Audio (ISO MPEG-AUDIO) perceptual
encoding standard. These representations
drastically change the statistics of the signal;
they preserve only the characteristics that a
listener perceives (i.e., it will sound similar to
the original, even if the signal is completely
different in a least squares sense).
4 Methods of Audio Steganography
This section presents some common methods
used in audio steganography. Many software
implementations of these methods are
available on the Web and are listed in the
Links section. Some of the latter methods
require previous knowledge of signal
processing techniques, Fourier analysis, and
other areas of high-level mathematics. Figures
and pseudocode are used in place of exact
mathematical formulas in attempts to make the
theory more accessible to readers possessing
just a basic knowledge of steganography.
1. 1.LSB coding 2. Parity coding 3. Phase
coding 4.Spread spectrum 5. Echo hiding 6.
Audio Steganography Evaluation
audio file. By substituting the least significant
bit of each sampling point with a binary
message, LSB coding allows for a large
amount of data to be encoded. The following
diagram illustrates how the message 'HEY' is
encoded in a 16-bit CD quality sample using
the LSB method. In LSB coding, the ideal
data transmission rate is 1 kbps per 1 kHZ. In
some implementations of LSB coding,
however, the two least significant bits of a
sample are replaced with two message bits.
This increases the amount of data that can be
encoded but also increases the amount of
resulting noise in the audio file as well. Thus,
one should consider the signal content before
deciding on the LSB operation to use. For
example, a sound file that was recorded in a
bustling subway station would mask low-bit
encoding noise.
4.1 The Basic Idea of LSB Embedding
The concept of LSB Embedding is
simple. It exploits the fact that the level of
precision in many image formats is far greater
than that perceivable by average human vision.
Therefore, an altered image with slight
variations in its colors will be
indistinguishable from the original by a human
being, just by looking at it. By using the least
significant bits of the pixels’ color data to
store the hidden message, the image itself will
seem unaltered.
4.2 LSB Encoding
Least significant bit (LSB) coding is the
simplest way to embed information in a digital
Fig 6 LSB Encoding
On the other hand, the same noise would be
audible in a sound file containing a piano solo.
To extract a secret message from an LSB
encoded sound file, the receiver needs access
to the sequence of sample indices used in the
embedding process. Normally, the length of
the secret message to be encoded is smaller
than the total number of samples in a sound
file. One must decide then on how to choose
the subset of samples that will contain the
secret message and communicate that decision
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 377

Proceedings of ICCNS 08 , 27-28 September 2008
to the receiver. One trivial technique is to start
at the beginning of the sound file and perform
LSB coding until the message has been
completely embedded, leaving the remaining
samples unchanged. This creates a security
problem, however in that the first part of the
sound file will have different statistical
properties than the second part of the sound
file that was not modified. One solution to this
problem is to pad the secret message with
random bits so that the length of the message
is equal to the total number of samples. Yet
now the embedding process ends up changing
far more samples than the transmission of the
secret required. This increases the probability
that a would-be attacker will suspect secret
communication.
A more sophisticated approach is to use a
pseudorandom number generator to spread the
message over the sound file in a random
manner. One popular approach is to use the
random interval method, in which a secret key
possessed by the sender is used as a seed in a
pseudorandom number generator to create a
random sequence of sample indices. The
receiver also has access to the secret key and
knowledge of the pseudorandom number
generator, allowing the random sequence of
sample indices to be reconstructed. Checks
must be put in place, however, to prevent the
pseudorandom number generator from
generating the same sample index twice. If this
happened, a collision would occur where a
sample already modified with part of the
message is modified again. The problem of
collisions can be overcome by keeping track of
all the samples that have already been used.
Another approach is to calculate the subset of
samples via a pseudorandom permutation of
the entire set through the use of a secure hash
function. This technique insures that the same
index is never generated more than once.
5 Advantages and Disadvantages of LSB
Encoding
LSB Embedding has the advantage that it is
simple to implement. It also allows for a
relatively high payload, carrying one bit of the
secret message per byte of frame data. In
addition, it is also seemingly undetectable by the
average human if done right. However, the
assumption has been that the stego-audio file is
indistinguishable from the original cover audio
file by the human ear. There have been many
statistical techniques developed to determine if
an audio file has been subjected to LSB
Embedding. The major disadvantage of this
technique is that because of its simplicity the
attacker will suspect secret communication.
Reference:
[1l M. Bosi, K. Brandenburg, Sch. Quackenbush, L.
Fielder, K. Akagiri, H. Fuchs, M. Dietz, J. Herre, G.
Davidson, and Yoshiaki Oikawa. ISO/IEC MPEG-2
Advanced Audio Coding. In Proc. of the 101st AES-
Convention, 1996. Preprint 4382.
[2] K. Brandenburg and Marina Bosi. Overview of
MPEG audio: Current and future standards for low bitrate
audio coding. J. Audio Eng. Soc., 45(1/2):4 –21,
January/February 1997.
[3] K. Brandenburg and G. Stoll. ISO-MPEG-1 Audio: a
generic standard for coding of high quality digital audio.
In N. Gilchrist and Ch. Grewin, editors, Collected Papers
on Digial Audio Bit-Rate Reduction, pages 31 – 42. AES,
1996.
[4] C. Colomes, C. Schmidmer, and W.C. Treurniet.
Perceptual-quality assessment for digital audio: Peaq –
the proposed itu standard for objective measurement of
perceived audio quality. In Proceedings of the AES 17th.
<strong>International</strong> <strong>Conference</strong>, 1999.
[5] MPEG. Coding of moving pictures and associated
audio for digital storage media at up to 1.5 Mbit/s, part 3:
Audio. <strong>International</strong> Standard IS 11172-3, ISO/IEC
JTC1/SC29 WG11, 1992.
[6] MPEG. Information technology — generic coding of
moving pictures and associated audio, part 3: Audio.
<strong>International</strong> Standard IS 13818–3, ISO/IEC JTC1/SC29
WG11, 1994. AES 17
[7] MPEG. MPEG–2 advanced audio coding, AAC.
<strong>International</strong> Standard IS 13818–7, ISO/IEC JTC1/SC29
WG11, 1997.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 378

Proceedings of ICCNS 08 , 27-28 September 2008
Imperceptible and Robust Data Hiding
Suresh N. Mali, Rajesh M. Jalnekar, Mahesh R.Dube
Abstract— This paper represents secured non blind
steganographic scheme for gray scale images, providing robustness
against a set of attacks. The embedding is designed to achieve
efficient tradeoffs among the three conflicting goals of maximizing
information-embedding rate, minimizing distortion between the
cover image and stego image and maximizing the robustness of the
embedding. Though the proposed scheme is non blind
steganographic scheme, it is highly robust with minimum distortion
in stego image. Experimental results show that the proposed scheme
not only increases the perceptual and statistical properties of the
stego-image but also robust against various image manipulation
attacks such as image compression, resizing and tampering attacks.
Keywords—Steganography, data hiding, embedding-rate,
distortion, cover image, stego image, robustness, attacks.
T
I. INTRODUCTION
HERE are several techniques which have been proposed
in the literature that hides information in images [1]–[4].
Breaking a steganographic system has two stages [5]:
1) The attacker can detect usage of Steganography.
2) Attacker is able to read the embedded message.
A steganographic system is insecure if the detection of
steganography is possible (first stage). The three primary
attributes of steganographic scheme are imperceptibility,
capacity and robustness [6]-[7]. The imperceptibility is the
level of concealment, which prevents the attacker from being
distinguish between a modified (stego) image and an
unmodified original (cover) image. It incorporates both
minimizing the visual distortion as well as statistical variations
in stego image. The measure of visual distortion and statistical
variations indicated in this paper are the peak signal to noise
ratio (PSNR) and histogram variation.
Manuscript received May 14, 2008. This work was supported by Technical
Education Quality Improvement Program (TEQIP), a world bank assisted
project.
Suresh N. Mali is working as Assistant Professor in Department of
Computer Engineering, Vishwakarma Institute of Technology, Pune (India).
(Corresponding author phone: 9890009182; Fax: 91-20-24280926; e-mail:
snmali@rediffmail.com).
Rajesh M. Jalnekar is working as Professor and Dean Academics in
Vishwakarma Institute of Technology, Pune (India). (e-mail: e-mail:
rajesh_jalnekar@yahoo.com).
Mahesh R. Dube is working as Assistant Professor in Department of
Computer Engineering, Vishwakarma Institute of Technology, Pune (India) (
e-mail: mahesh.dube@vit.edu).
While designing image data hiding scheme to hide text
information in an image, a critical requirement is high
imperceptibility followed by high capacity. This is because the
attacker must not be able to discern, or suspect the presence of
any hidden information in an image. Robustness is important
in scenarios where the attacker can modify the cover.
Unfortunately, if we try to increase the capacity,
imperceptibility decreases. This is because of embedding more
and more information at the cost of cover image distortion.
The vision for this paper is to address and solve this problem.
If ASCII code is used to represent all characters of the text
information, the binary stream to be embedded will need more
number of bits. However, if we convert all alphabetic characters
into capital characters, then coding is necessary only for capital
characters, numeric characters and few special characters to
represent text. This in tern will not only reduces the number of
bits to represent each character but also eventually increases the
data hiding capacity. Further, if we consider the relative
frequencies of occurrence of characters in English, code can be
assigned more effectively [8]-[9]. Data embedding is done in the
transform domain using Discrete Cosine Transform (DCT), with
the set of transform coefficients in the low and mid frequency
bands selected as possible candidates for embedding (these are
preserved better under compression attacks than high frequency
coefficients). Image-adaptive criteria in addition to statistical
criteria based on information theory [10] have been used to limit
perceivable distortion while hiding large amounts of data. The
approach is based on the idea of not disturbing the sensitive
coefficients so as to achieve good image quality without
compromising robustness. The number of bits hidden is
determined dynamically by the scheme based on the cover
image content. During the process of embedding logical ‘one’
modifies the DCT coefficient by ∆ and logical ‘zero’ keeps DCT
coefficient unchanged. Therefore, the character code having
more number of 1’s affects the image significantly.
Relative to the preceding methods, a key novelty of our
approach is that the designed coding framework modifies very
less number of DCT coefficients which eventually increases
the perceptual and the statistical properties of a cover image.
The only considerable drawback of this scheme is the
requirement of original image at the receiving end which has
to be provided through secured channel. However, for the
applications such as data hiding in medical images, fingerprint
images, photograph pictures robustness is of more concern
than that of security.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 379

Proceedings of ICCNS 08 , 27-28 September 2008
The main ingredients of the designed embedding scheme are
as follows:
1) The text information is embedded in transform domain
(DCT), with a set of transform coefficients in the low
and mid frequency bands selected as possible
candidates for embedding (these are preserved better
under compression attacks than high frequency
coefficients)[10].
2) A novel feature of designed scheme is the modification
of very few DCT coefficients while embedding coded
bits of text characters. This will not degrade the cover
heavily and in tern gives less distortion in stego image.
3) The embedding capacity is increased due to use of only
capital letters, alphanumeric characters and few special
characters reduce the number of coded bits.
4) Even the receiver does not have explicit knowledge of
the locations where the information is hidden. The
embedding key decides various parameters and
receiver guess these locations. Therefore, the scheme is
highly secured due to multiple levels of security.
5) Addition of redundancy in embedded information and
interleaving will spread the coded bits all over the
image. This will increase the robustness against image
tampering attacks.
6) Use of JPEG quantization matrix while selecting the
coefficient for embedding the text information will
increase the robustness against JPEG attack.
Energy thresholding (ET) scheme employed by Kaushal
Solanki [10] for deciding 8 x 8 blocks for embedding text
information have been used. However, the value of energy
threshold is decided by the embedding key along with
randomization, JPEG quality factor and redundancy.
The embedding key plays an important role in deciding various
embedding parameters as shown in figure 1.
Fig. 1 Embedding Key
The parameters decided by the embedding key are as follows:
1) Text Encryption: It assigns code to the text characters
may be either ASCII code or a designed codes
considering frequency of occurrence of characters [8]
in English text (F-code).
2) Valid Block Selection: It computes energy threshold
value w.r.t. Mean value of Energy to decide valid
blocks [10].
3) Randomization: It gives seed of random number
generation which in tern selects valid blocks randomly.
4) Redundancy: It selects the number of times the
embedded bits repeated in embedding bit stream (
1/2/3…).
5) JPEG Quantization: It selects the Quality factor of the
Stego image (1 to 100) corresponding quality of stego
image. Here, 100 means best quality image.
6) Interleaving: It selects the nature of spreading the
stream of bits into the entire cover image.
The rest of the paper is organized as follows:
Section II gives an overall idea about proposed embedding
scheme and how embedding key plays an important role in
deciding embedding parameters. Section III focuses on text
processing phase necessary for compression of code assigned
to the text characters. Section IV is dedicated to experimental
results of effect of encryption method adopted, perceptual
transparency, effect of energy threshold, effect of JPEG
quality factor and histogram variations in stego with respect to
cover. The section also demonstrates performance of shame
under JPEG compression, image resizing and image
tampering attacks.
II. PROPOSED EMBEDDING SCHEME
The proposed data hiding scheme consist of two phases as
shown in figure 2. Text processing phase makes the text
information ready for embedding in the cover image whereas
image processing phase actually embeds the information
provided by the text processing phase.
Fig. 2 Overview of designed Embedding Scheme
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 380

Proceedings of ICCNS 08 , 27-28 September 2008
The receiver must have the decoding algorithm along with
this embedding key and the original image to extract the
embedded information. At the receiving end a similar
image processing phase has to be carried out to determine
valid blocks (VB) and valid coefficients (VC) of stego
image and cover image. By comparing the VCs, we can
extract the embedded bit stream. After removing the
redundancy, we can extract the embedded information in
terms of characters.
III. TEXT AND IMAGE PROCESSING PHASES
The frequency of characters in text messages has often
been studied for use in cryptography [8]. An exact analysis
of this is not feasible, as each person writes slightly
differently. However, an approximate ordering of English
characters by frequency of use is ETAOIN SHRDL
UCMFG YPWBV KXJQZ as shown in the Table I.
During the process of assigning the codes to text characters,
significant care has been taken. Characters having more
frequency of occurrence in given text must have codes (Fcode)
with less number of 1’s, as it will not degrade the stego
image heavily. Character analysis of text messages shows that
‘space’ is most frequently occurring character than any other
characters in any text
TABLE I
FREQUENCY OF CHARACTERS IN TEXT
Cha. Freq. Cha. Freq. Cha. Freq.
‘space’ 0.16635 M 0.02042 2 0.00176
E 0.09439 P 0.02004 J 0.00149
T 0.07065 F 0.01835 Q 0.00130
A 0.05930 G 0.01551 9 0.00125
O 0.05761 B 0.01308 7 0.00105
I 0.05749 Y 0.01086 3 0.00103
S 0.05474 W 0.01036 Z 0.00101
N 0.05460 . 0.00944 0 0.00092
R 0.04923 , 0.00903 4 0.00075
H 0.03558 V 0.00748 8 0.00070
‘CR,LF’> 0.03112 K 0.00401 5 0.00063
L 0.03065 - 0.00305 6 0.00053
C 0.02879 1 0.00291 / 0.00023
D 0.02642 x 0.00253
U 0.02147 0.00189
Therefore, a code assign to a character ‘space’ should not
have more number of 1’s. Table II is an example of
assigning such a code during the process of encryption.
Figure 3 shows the comparison of code assigned to the text
characters. The image processing phase is based on
embedding hidden data in randomly generated sequence of
middle frequency band coefficients of cover image in DCT
domain. The embedding algorithm consists of energy
thresholding [10], quantization using quantization matrix.
It can be observed that compared to ASCII if we assign F-
code, the major distribution reduces to span of 0 to 32 as
shown in figure 3.
TABLE II
F-CODE IN ENCRYPTION PROCESS
Character ASCII F-Code
Space 32 0
A-Z. 0-9 65-90 1-36
10 & 13 37,38
, 44 39
. 46 40
63 41
‘ 39 42
! 33 43
( 40 44
) 41 45
“ 34 46
: 58 47
% 37 48
& 38 49
+ 43 50
- 45 51
* 42 52
Fig. 3 Comparison of code assigned to the text characters
IV. EXPERIMENTATION
Experimentation is performed to check increase in data
hiding capacity and robustness of the scheme under various
attacks (intentional and unintentional). Peak Signal to
Noise Ratio (PSNR) and histogram variations are used as
the perceptual and statistical measure respectively to
quantify the quality of the Stego image. It can be observed
that increase in data hiding capacity is the result of saving
the number of bits while coded the characters (F-code).
Redundancy and interleaving is used to spread the
information in entire cover which in tern increase the
robustness of the embedding scheme adopted.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 381

Proceedings of ICCNS 08 , 27-28 September 2008
A. Effect of effective Encryption
F-code will not degrade the stego image heavily. Table III
gives experimental result of encryption of various text files
having number of characters 1000 to 6000. It shows that
the percentage number of 1’s is drastically getting reduced.
TABLE III
PERCENTAGE NUMBER OF 1’S IN BIT STREAM AFTER CODE ASSIGNMENT
Name of
the Text
File
# Number of
Characters
Percentage Number of 1s in bit
stream after assigning code
ASCII F- Code
Text_11 1000 35.80 20.03
Text_12 2000 35.65 19.78
Text_13 3000 35.73 19.71
Text_14 4000 35.96 20.09
Text_15 5000 35.94 20.06
Text_16 6000 35.97 20.07
Fig. 5 (a) Original baboon image, (b) Stego baboon image
The difference in fixed DCT method and proposed
method is not noticeable at normal size. To visualize the
difference, a small portion of the image is zoomed out in
figure 6. Noticeable distortions can be observed in
embedding with fixed DCT coefficients as compared to
distortions in embedding with local image-adaptive criteria.
Also the number of coding bits (h ) per character must be
as small as possible. The encrypted code consists of 6 bit
per character as that of 7 bits per character in case of ASCII
code. Hence, we are saving 1 bit per character. After the
process of encryption we are adding redundancy ( r ) bits
per coded bit. This is for the robust recovery of embedded
information. Therefore, the total number of bits saved will
be ( h r)
. Figure 4 shows massive number of bits that are
saved because of such a effective encryption. The saving
bits are increases as we increase the redundancy which is
normally the requirement for robustness attacks. Effective
encryption will not only save the number of bits that are
needed to be embedded but also increases the hiding
capacity and also increases PSNR for the same hiding
capacity.
Fig. 4 Number of bits saved with effective encryption.
B. Perceptual Transparency
Figure 5 (b) shows the 512 x 512 baboon image with
38,430 bits embedded using this scheme at quality factor
50.
Fig. 6 Noticeable distortions can be observed in embedding
with fixed DCT coefficients
Applying local image-adaptive criteria [10] is much
essential while embedding text information in images as it
avoids suspicion of attacker towards image. This in tern
prevents the image from getting attacked by the attacker.
Peak Signal to Noise Ratio (PSNR) is used as a perceptual
measure to quantify the quality of the Stego-image. PSNR
is given by an equation
2
⎛ 255 ⎞
PSNR = 10 log
⎜
⎟
(1)
10
⎝ MSE ⎠
MSE stands for average mean squared error between the
original cover image and the stego image. In order to
minimize the visible effect of changes to pixel values
(distortion), the value of PSNR of stego image must be as
high as possible. Table IV shows the comparison of PSNR
with embedding in fixed DCT coefficients and embedding
in local image-adaptive criteria with designed scheme.
Fixed number of bits is embedded in all the three methods.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 382

Proceedings of ICCNS 08 , 27-28 September 2008
Image
TABLE IV
PSNR FOR EMBEDDING WITH F-CODE AND LOCAL IMAGE-ADPATIVE
CRITERIA
PSNR for Embedding with
ASCII character and fixed
DCT Coefficient
PSNR for Embedding with
F-code and local imageadaptive
criteria
Peppers 56.20 58.15
Baboon 66.44 67.62
Lena 56.21 58.00
Bridge 63.01 64.00
Boat 59.74 60.83
Barbara 61.40 64.90
C. Effect of Energy Threshold Factor (w)
Energy threshold factor (w) plays an important role in
deciding PSNR of stego image. Figure 7 shows variation in
PSNR with respect to energy threshold factor. As this
factor decrease, more number of valid blocks and valid
DCT coefficient will be available at the cost of PSNR.
E. Histogram variation
A histogram is often used to describe the data distribution.
The most common form of the image histogram is obtained
by splitting the range of sample values into equal-sized
bins. Then, the number of sample from the image that falls
into each bin is counted. The style of histogram may be
described by
= { h ( i)
i = 1, 2, .......256 }
H (2)
where H is a vector denoting the volume-level histogram
F = f ( i)
i = 1, 2, ....... N and
of intensity signal { }
h ( i),
h(
i)
≥ 0 denotes the number of samples in i
th bin
256
and satisfy ∑ =
( i)
= N
i
1
h .
Figure 9 shows histogram of Cover image and Stego image
and also the difference between the values while using
fixed DCT coefficient method with ASCII code. Figure 10
shows histogram of Cover image and Stego image and also
the difference between the values while using designed
embedding scheme with F-code.
Fig. 7 PSNR w.r.t. energy threshold factor (w)
D. Effect of Quality Factor (QF)
The JPEG quality factor chosen during the process of
embedding also have a impact on PSNR. Figure 8 shows
variation of PSNR with respect to energy threshold factor
for various values of quality factors. One can reduce QF to
get maximum JPEG compression that the hidden image is
supposed to survive.
Fig.9 Histogram variations using Fixed DCT coefficient
method with ASCII code
Fig. 8 Variation in PSNR w.r.t. energy threshold factor (w)
for various values of quality factor (QF).
Fig.10 Histogram variations using designed scheme with
F-code
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 383

Proceedings of ICCNS 08 , 27-28 September 2008
F. JPEG compression Attack
Digital images with hidden content may be compressed as it
changes hands, or as it goes over a low bandwidth link of a
wireless network. The scheme is designed to survive JPEG
compression less than the quality factor chosen while
embedding. Table V shows the performance of the scheme
under JPEG compression attack at different quality factors.
TABLE V
PERFORMANCE WITH AND WITHOUT ERROR CORRECTION OF ET SCHEME
UNDER JPEG ATTACK AT VARIOUS QUALITY FACTORS
QF
Without Redundancy
Attack
compression
Number of
bits
embedded
With Redundancy=3
Attack
compression
Number
of bits
embedded
25 16:1 9120 19:1 3230
50 11:1 14360 13:1 4630
75 6:1 18790 7:1 6310
G. Image Resizing Attack
In image resizing attack, image is shrunk to a smaller size
and scaled back to its original size. During this process,
there is possibility of loss of information. Table VI shows
the performance under image resizing attack using bicubic
interpolation and Table VII shows the performance using
nearest neighbor and bilinear interpolation.
TABLE VI
PERFORMANCE OF SCHEME AT QF=25 FOR 512 X 512 LENA IMAGE UNDER
RESIZING ATTACK USING BICUBIC INTERPOLATION
Percentage Resizing Number of bits
embedded
Redundancy
Required
10 % 4,768 1/3
15 % 4,768 1/3
20 % 4,768 1/3
25% 2,750 1/5
30% 1,920 1/7
TABLE VII
PERFORMANCE OF SCHEME AT QF = 25 FOR 512 X 512 LENA IMAGE UNDER
RESIZING ATTACK USING NEAREST NEIGHBOUR / BILINEAR INTERPOLATION
Percent
Resizing
Nearest neighbor
interpolation
Number of Redundancy
Bits
Bilinear
Interpolation
Number of Redundancy
Bits
2 % 2840 1/5 1544 1/9
5 % 2840 1/5 1158 1/12
10 % 2008 1/7 1158 1/12
H. Image Tampering
The hiding scheme presented here is resilient to image
tampered in various ways. The Table VIII gives the number
of bits hidden in 512x512 Lena image for various values of
percentage tampering. In spite of malicious tampering of
the image, all the embedded bits were recovered
successfully after the attack.
TABLE VIII
PERFORMANCE OF SCHEME AT QF = 25 FOR 512 X 512 LENA IMAGE UNDER
IMAGE TAMPERING ATTACK
Percentage of image Number of Redundancy
tampered
bits
10 % 4,135 1/3
20 % 2,560 1/5
30 % 2,560 1/5
50% 1,475 1/9
VI. CONCLUSION
Many attacks to security constitute a first step towards
performing attacks to robustness. Security does not imply
robustness at all. A Steganography scheme can be
extremely secure, in the sense that it is (almost) impossible
for an attacker to estimate the secret key(s), but this does
not necessarily affect the robustness of the system. As we
are using energy thresholding and JPEG quantization
matrix for qualifying the coefficients for embedding the
information, the possibility of loss of information gets
drastically reduced. However, as level of compression
increases, the number of valid coefficients (VCs) gets
reduced which in tern reduces the data hiding capacity.
Image-adaptive technique with energy thresholding, effective
encryption to suit the DCT coefficient modulation technique
gives better perceptual and statistical results. Effective use of
redundancy and interleaving enhances the robustness of the
designed scheme. However, added redundancy is at the cost
of data hiding capacity.
REFERENCES
[1] M. D. Swanson, M. Kobayashi, and A. H. Tewfik, “Multimedia data
embedding and watermarking technologies,” Proc. IEEE, vol. 86, pp.
1064–1087, Oct. 1998.
[2] F. A. P. Petitcolas, R. J. Anderson, and M. G. Kuhn, “Information
hiding—A survey,” Proc. IEEE, vol. 87, no. 7, pp. 1062–1078, Oct. 1999.
[3] R. B.Wolfgang, C. I. Podilchuk, and E. J. Delp, “Perceptual
watermarks for digital images and video,” Proc. IEEE, vol. 87, pp. 1108–
1126, Oct. 1999.
[4] Ross J. Anderson and Fabien AP Petitcolas, “On the limits of
Steganography,” IEEE Journal on Selected Areas in Communications,
16(4): 474–481, May 1998
[5] J. Zollner, H. Federrath,, H. Klimant, A. Pfitzmann and R. Piotraschke,
“Modeling the Security of Steganographic Systems,” Proceedings of the
Second <strong>International</strong> Workshop on Information Hiding, pp.344 – 354,
1998 .
[6] Y. K. Lee and L.H. Chen, “ High Capacity image steganographic
model,” IEE Proc.-Vis Image Signal Processing, Vol. 152, No. 6, pp. 288-
294, December 2005.
[7] G. Brisbane, R. Safavi-Naini and P. Ogunbona, “High-capacity
Steganography using a shared color palette,” IEE Trans. Image
Processing, vol. 6, pp. 787–792, Dec. 2005.
[8] H. P. Stern, “Compression Techniques for Mobile Data Terminal
Communication,” IEEE Trans., pp. 429-432, 1991
[9] C. E. Shannon, “Prediction and Entropy of Printed English,” Bell
System Technical Journal, pp. 50-64, January 1951.
[10] Kaushal Solanki, Noah Jacobsen, Upamanyu Madhow, B. S.
Manjunath and Sivkumar Chandrasekhar, “ Robust Image-Adaptive Data
Hiding Using Erasure and Error Correction,” IEEE Trans. Image
Processing, Vol. 13, No. 12, pp. 1627-1639, Dec. 2004.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 384

Proceedings of ICCNS 08 , 27-28 September 2008
SMS STEGANOGRAPHY BASED ON
ALPHABETS
Mrs. Shimna Balakrishnan, Mr. Pravin M. Kamde, Mrs. Kirti S. Korabu
Abstract— The Short Message Service (SMS) or text messaging
is the most popular and an affordable service used and adopted
worldwide in mobile phones today. Now most of the communication
takes place in short forms through this service. It is certainly a boon
to the society for easy and quick communication. Steganography, the
latest technology can be used to hide data in SMS to send urgent,
short and secret messages very quickly. There are already existing
methods of hiding messages in SMS-Texting using abbreviations
and in the OTA (Over The Air) images. SMS provides the assurance
of sure delivery and is therefore a very reliable medium of
communication. In this proposed idea, we have put forth a new
method of using steganography in SMS communication. It is based
on the English alphabets. We have identified letters with cuts and
crosses. Now the words using these letters will be encoded as ‘1’
and words without these letters will be encoded as ‘0’. When
compared to the existing methods, this method can carry more bytes
of hidden data. It is more flexible and can vary depending on the
user’s definition of the secret keys. Like in the already existing
methods, a Steganography program to hide the message and
extractor program to extract the hidden information are required.
One more application to give flexibility to the user can be added.
Keywords— SMS Steganography, SMS-Texting, OTA (Over the
Air), SMS (Short Message Service)
.
S
I.INTRODUCTION
MS (Short Message Service) is a globally accepted
wireless service that enables the transmission of
alphanumeric messages between mobile subscribers and
external systems. SMS are text messages of unto 160
characters.
SMS came into existence in 1991 and GSM (Global
System for Mobile Communications), the European Standard
for digital wireless included short message services.
SMS may be sent from one point to another point (called
SMS-PP) or to all devices within a specific geographical
region (called SMS-CB, mainly used to broadcast
information). SMS works on a store-and-forward basis and
are exchanged indirectly through a component known as
SMSC(Short Message Service Center).
The distinguishing characteristics of this service are:
- An active mobile handset can receive/transmit
messages at any time even when a voice call is in
progress.
- Guaranteed message delivery even if the receiving
node is not reachable or switched off.
Mrs. Shimna Balakrishnan, Research Scholar, M.E. [IT] Dept. of Information
Technology, Sinhgad College of Engg, Pune – 41 phone: +919850488325;
(e-mail: shimna.balakrishnan@rediffmail.com)
Mr. Pravin M Kamde, Asst. Prof, Dept of Computer Engg, Sinhgad College
of Engg, Pune-41phone:919423086500(e-mail: pravin_kamde@rediffmail.com)
Mrs. Kirti S Korabu, Asst. Prof, Dept of Information Technology, Sinhgad
College of Engg, Pune-41. phone: +919890029007
- Reliable, low-cost communication mechanism for
concise information.
- E-mail integration
- Creation of user groups
- Delivery of messages to multiple subscribers at a
time
- Integration with other Internet based applications
- Providing various services such as e-commerce
- Receive reports on the status of the SMS message or
even define a validity period for the SMS message.
Steganography is the art of hiding information by
embedding messages within seemingly harmless messages.
Steganography works by replacing bits of useless or unused
data in regular computer files like text, HTML, images, audio
with bits of different, invisible information. This hidden
information can be plain/cipher text or images.
An encrypted file may use steganography to hide the
encrypted message. Steganography can be used where
encryption can not be done or is not permitted.
. Special software is needed for steganography, and there
are freeware versions available at any good download site.
Steganography (covered writing) dates back to ancient
Greece, where common practices consisted of etching
messages in wooden tablets and covering them with wax and
tattooing a shaved messenger's head, letting his hair grow
back, then shaving it again when he arrived at his contact
point.
The advantage of steganography over cryptography is that
messages do not attract attention to themselves, to
messengers, or to recipients. An unhidden coded message, no
matter how unbreakable it is, will arouse suspicion and may
in itself be incriminating, as in countries where encryption is
illegal. Often, steganography and cryptography are used
together to ensure security of the covert message.
A steganographic message (the plaintext) is often first
encrypted by some traditional means, producing a ciphertext.
Then, a covertext is modified in some way to contain the
ciphertext, resulting in stegotext. For example, the letter size,
spacing, typeface, or other characteristics of a covertext can
be manipulated to carry the hidden message, it is only that the
recipient (he must know the technique used) can recover the
message and then decrypt it.
Cryptography — the science of writing in secret codes ,
addresses all of the elements necessary for secure
communication over an insecure channel, namely privacy,
confidentiality, key exchange, authentication, and nonrepudiation
but does not always provide safe communication.
The goal of cryptography is to make data unreadable by a
third party and the goal of steganography is to hide the data
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 385

Proceedings of ICCNS 08 , 27-28 September 2008
from a third party. This is where steganography gains an edge
over cryptography.
II.OVERVIEW OF EXISTING METHODS
A.TEXT STEGANOGRAPHY
Text Steganography is the most difficult because there is
no redundant information in a text file as compared with a
picture or a sound file. In text documents, the structure is
identical to what we see but in images, the structure of the file
is different from what we see. Therefore, it is easy to hide
information in image/sound files than in text.
Text documents occupy lesser memory space,
communicate more information and are cheaper than other
file formats.
a) Word Shifting Method
In word-shift coding, codewords are coded into a
document by shifting the horizontal locations of words within
text lines, while maintaining a natural spacing appearance.
This encoding can also be applied to either the format file or
the page image bitmap. The method, of course, is only
applicable to documents with variable spacing between
adjacent words, such as in documents that have been textjustified.
As a result of this variable spacing, it is necessary to
have the original image, or to at least know the spacing
between words in the not encoded document.
b) Line Shifting Method
In this method, text lines are vertically shifted to encode
the document uniquely. Encoding and decoding can generally
be applied either to the format file of a document, or the
bitmap of a page image.
By moving every second line of document either 1/300 of
an inch up or down, line-shift coding worked particularly
well, and documents could still be completely decoded, even
after the tenth photocopy.
However, this method is probably the most visible text
coding technique to the reader. Also, line-shift encoding can
be defeated by manual or automatic measurement of the
number of pixels between text baselines. Random or uniform
respacing of the lines can damage any attempts to decode the
codeword.
c) Feature Coding Method
A third method of coding data into text suggested by
Brassil et al. is known as feature coding. This is applied
either to the bitmap image of a document, or to a format file.
In feature coding, certain text features are altered, or not
altered, depending on the codeword. For example, one could
encode bits into text by extending or shortening the upward,
vertical end lines of letters such as b, d, h, etc. Generally,
before encoding, feature randomization takes place. That is,
character end line lengths would be randomly lengthened or
shortened, then altered again to encode the specific data. This
removes the possibility of visual decoding, as the original end
line lengths would not be known. Of course, to decode, one
requires the original image, or at least a specification of the
change in pixels at a feature.
Due to the frequently high number of features in
documents that can be altered, feature coding supports a high
amount of data encoding. Also, feature encoding is largely
indiscernible to the reader. Finally, feature encoding can be
applied directly to image files, which leaves out the need for a
format file.
d) Semantic Method
Here, the synonym of words replaces certain words in the
text and thus hide information. A major advantage of this
method is the protection of information in case of retyping or
using OCR programs. For example, the word big might be
given a value of one, the word large a value of zero. Then,
when the word big is encountered in the coded text, a value of
one can be decoded. Further synonyms can mean greater bit
encoding. However, these methods can sometimes interfere
with the nuances of meaning.
e) Open space method
Here, extra white-spaces are added in the text. These
white spaces can be placed at the end of each line, at the end
of each paragraph or between the words. This method can be
implemented on any arbitrary text and is not noticed by the
reader. But the volume of information hidden in this method
is very little. Moreover, some text editors automatically delete
extra white-spaces and thus destroy the hidden information.
f) Syntactic method
This method utilizes punctuation and contractions. In
syntactic methods, multiple methods of punctuation are
harnessed to encode data. For example, the two phrases below
are both considered correct, although the first line has an
extra comma: bread, butter, and milk bread, butter and milk
Alternation between these two forms of listing can be
used to represent binary data. Other methods of syntactic
encoding include the controlled use of contractions and
abbreviations. Although such syntactic encoding is very
possible in the English language, the amount of data that
could be encoded would be very low, somewhere in the order
of a several bits per kilobyte of text.
g) Persian/Arabic Text Steganography Method
Here information is hidden in Persian and Arabic using
certain specific characteristics of the language. The existence
of too many points in these languages helps us in hiding data
by vertical displacement of these points. Though large
amount of data can be hidden in this manner this method is
language-specific.
h) Abbreviation Method
A list of words with the abbreviated form is made. Then
the steganography text is searched for words in the list. For
example, the full form of the word is used in the text to hide a
0 and the abbreviated form is used to hide a 1. Like this, the
intended data is hidden in the text. At the time of extraction
of data, the abbreviated words are identified.
If the word is present in full, it shows bit 0 and if the
abbreviated form is present it shows bit 1. By concatenating
the extracted bits the hidden data is revealed.
As an improvisation to the text methods, steganography in
SMS has come into existence though it is in its nascent stage,
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 386

Proceedings of ICCNS 08 , 27-28 September 2008
it will certainly make way for security of information in the
cheapest form as discussed below.
B.SMS STEGANOGRAPHY
SMS has almost evolved as a new medium of
communication all over the world. SMS being cheap and
reliable is ideal for important communications
a) SMS Steganography in picture messages
In this approach, we send black and white pictures through
SMS. Most of the approaches till now have dealt with color
pictures because B/W pictures are more sensitive to changes
i.e., change in one pixel of the picture in a white area would
be quite visible while in color pictures a slight change will be
hardly noticed.
b) SMS-Texting Steganography
In this method, abbreviations are used in generous amounts
to save time, make typing easy etc. For example, ‘gr8’ is used
instead of ‘great’. ‘c u’ is used in place of ‘see you’. ‘pls’ is
used instead of ‘please’ and so on.
These abbreviations are used in SMS-Texting because of
restricted size of the SMS (160 bytes), lack of proper
keyboard on mobile phones and to increase the typing speed
in writing SMS.
As seen above, SMS-Texting uses a lot of acronyms. So the
abbreviation text steganography method can be made use of
here as well. The words and phrases which are abbreviated in
SMS-Texting have to be identified and the same methodology
explained in abbreviation method is employed.
In this method, the SMS words do not attract any attention
since they are commonly in usage. The list is more enhanced
since SMS-Texting has more abbreviations than in normal
English.
Next, we will see the new approach which I am putting
forth through his paper which has substantially more benefits
when compared to the above existing methods.
III.EXPOSURE TO THE NEW APPROACH
One innovative method I have designed which needs more
of refining is considering all alphabets in the English
languages which have cuts or crosses on them.
A, E, F, H, I, J, T, X are letters identified. Now the hidden
message is converted into a collection of bits using encoding
algorithm.
For example,
HI, KRISHNA PLS GIV. THE FILE.
The words with the above alphabets are considered as 1
and the words without them are considered as 0. But mostly
the words containing A, E, I (the vowels) are more so if a dot
is accompanied by the word then that represents a 0, for
example “GIV.”.
The coded message will be 110011.
In Steganography, the main idea is to hide the fact that
information is hidden.
Now the above message looks absolutely unsuspicious and
attaching a dot to GIV is hardly noticeable.
Just like in the above methods, a Steganography program is
used to hide the message and an extractor program is used to
extract the hidden information. This method is an
enhancement of the SMS-Texting method which can be
further refined by the use of smileys and the mix of Text and
B/W pictures.
The Stealth feature can be implemented into this method
by removing any ‘dots’ or extra detailing attached. As such
the message is very normal and cannot be decoded by a third
person.
One more feature we are intending to add is the flexibility
to the user to decide the letters to be used for coding instead
of the above discussed letters. Then the list will vary
according to the users and it is impossible to find the hidden
message.
There is no list of acronyms stored as in the SMS-Texting
method. So memory usage is minimal.
The above method is in its nascent stage and can be further
enhanced using combinations of any characters.
There will be an encoder and decoder program. The
encoder program gives the user the flexibility to code the
letters as per his choice or retain the parent method. A hashed
key is send if the user selects his own letters. The SMS is
decoded at the receiver’s end and displayed on the screen.
Once the receiver views the code and deletes it, the message
looses its stego status and is just like any other normal
message.
IV.APPLICATIONS
This method is very ideal for sending short, secret
messages like passwords, usernames, VIP details (name,
timings, places etc) etc.
V.ADVANTAGES
1. Larger quantity of data can be send than in the SMS-
Texting method.
2. The message will be more normal than in the SMS-
Texting method since in this method there is
restriction that abbreviations have to be used which
might not be possible in all cases.
3. There is no list of acronyms stored. So memory used
is very less.
4. Stealth feature ensures the safety of the code after the
reception of the message
5. High flexibility since user can choose his own letters
for encoding
6. In black/white picture messages, sensitivity is an
issue. Here there is no such issue.
7. It is a frills-free method.
VI.DISADVANTAGES
The biggest restriction is the size of SMS messages. So
amount of hidden information which can be send is very less.
VII.CONCLUSION
As said in the beginning, since SMS has become a strong,
fast and reliable medium of communication, certainly there is
a need to find methods to send sensitive data over SMS such
that it becomes an official and authenticated medium of
communication. One great constraint is the security feature.
This paper discusses a new approach for SMS steganography
using letters. It is very flexible and can be easily implemented
on both higher and lower end models. Memory requirement is
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 387

Proceedings of ICCNS 08 , 27-28 September 2008
very less making it very ideal for SMS communication. Since
SMS has emerged as a very popular and strong medium of
communication it is very ideal to send short, secret
information across SMS.
Though these methods as of now only support few bytes of
data, it is sure that in the long run these methods when
further enhanced can become a strong medium for
Steganography. More computations and enhanced techniques
as discussed in the new approaches will certainly make this
new methodology a great success.
ACKNOWLEDGMENT
First Author thanks her husband, Mr. Balakrishnan K, for
his unstinted support, her mother, Mrs. M. Chandrika for her
constant encouragement and her daughter, Baby Shreenaya M
for her selfless love which helped me in completing this paper
successfully.
First Author also thanks Mr. P. M. Kamde for his support
in completing this paper.
REFERENCES
[1] An introduction to Steganography by Duncan Sellars, www.totse.com
[2] Y.C. Tseng and H.K. Pan, “Secure and Invisible Data Hiding in 2-Color
Images”. IEEE INFOCOM 2001, pp 887-896
[3] M. Shirali-Shahreza, “Stealth Steganography in SMS”, Proceedings of the
third IEEE and IFIP <strong>International</strong> <strong>Conference</strong> on Wireless and Optical
Communications Networks(WOCN 2006)
[4]M.Shirali-Shahreza and M. H. Shirali-Shahreza, “Text Steganography in
SMS”, IEEE ICCIT 2007, pp 2260-2265
[5] K. Rabah, “Steganography- The Art of Hiding Data”, Information
Technology Jourrnal, vol 3, 2004, pp.245-269.
[6] K. Beare, “SMS-Texting”, English as 2 nd Language, www.esl.about.com
[7] M. Shirali-Shahreza, “An improved method for Steganography on Mobile
Phone”, WSEAS Transactions on Systems, vol 4. Pp. 955-957.
[8] Y.C. Tseng, H.K. Pan and Y.Y. Chen, “A Secure Data Hiding Scheme for
Binary Images”, IEEE Tans. On Communications, Vol. 50. No.8
[9] Y.C. Tseng, H.K. Pan and Y.Y. Chen, “A Secure Data Hiding Scheme for
Two-Color Images”, IEEE Symposium on Computers and
Communications, 2000,pp 887-896.
[10] Digital steganography: hiding data within data Artz, D.; Internet
Computing, IEEE Volume 5, Issue 3, May-June 2001 Page(s):75 - 80
[11] Steganography in MMS Shirali-Shahreza, M.; Multitopic <strong>Conference</strong>,
2007. INMIC 2007. IEEE <strong>International</strong> 28-30 Dec. 2007 Pages:1 – 4
[12] A New Solution for Password Key Transferring in Steganography Methods
by CAPTCHA through MMS Technology Shirali-Shahreza, Mohammad;
Shirali-Shahreza, M. Hassan; Information and Emerging Technologies,
2007. ICIET 2007. <strong>International</strong> <strong>Conference</strong> on 6-7 July 2007 Page(s):1
– 6
[13] Text Steganography by Changing Words Spelling Shirali-Shahreza, M.;
Advanced Communication Technology, 2008. ICACT 2008. 10th
<strong>International</strong> <strong>Conference</strong> on Volume 3, 17-20 Feb. 2008 Page(s):1912 –
1913
[14] A New Synonym Text Steganography Shirali-Shahreza, M. Hassan;
Shirali-Shahreza, Mohammad; Intelligent Information Hiding and
Multimedia Signal Processing, 2008. IIHMSP '08 <strong>International</strong>
<strong>Conference</strong> on 15-17 Aug. 2008 Page(s):1524 – 1526
[15] M. Shirali-Shahreza, "M-Quiz by SMS," Proceedings of the 6th IEEE
<strong>International</strong> <strong>Conference</strong> on Advanced Learning Technologies (ICALT
2006), Kerkrade, The Netherlands, July 5-7, 2006, pp. 726-729.
[16] F. A. P. Petitcolas, R. J. Anderson, and M. G. Kuhn,"Information hiding-a
survey," Proceedings of the IEEE, Vol. 87, Issue 7, July 1999, pp.
1062-1078. [5] L. Bollen, S. Eimler, and H. U. Hoppe, "The use of mobile
computing to support SMS dialogues and classroom discussions in a
literature course," Proceedings of 2004 IEEE <strong>International</strong> <strong>Conference</strong>
on Advanced Learning Technologies, Joensuu, Finland, 30 August-1
September 2004, pp. 550–554.
[17] A. Stone, J. Briggs and C. Smith, "SMS and interactivity some results from
the field, and its implications on effective uses of mobile technologies in
education," Proceedings of 2002 IEEE <strong>International</strong> Workshop on
Wireless and Mobile Technologies in Education (WMTE2002), Växjö,
Sweden, 29-30 Aug. 2002, pp. 147-151.
[18] A. Tretiakov and K. Kinshuk, "Creating a Pervasive Testing Environment
by Using SMS Messaging," 2005 IEEE <strong>International</strong> Workshop on
Wireless and Mobile Technologies in Education (WMTE 2005),
Tokushima, Japan, 28-30 November 2005, pp. 62-66.
[19] K. Curran, K. Bailey, "An Evaluation of Image Based Steganography
Methods," <strong>International</strong> Journal of Digital Evidence, vol. 2, issue 2, Fall
2003, pp. 1-40.
[20] N. Provos and P. Honeyman, "Hide and Seek: An Introduction to
Steganography," Security & Privacy Magazine, May/June 2003, pp.
32-44.
[21] L. M. Marvel, C. G. Boncelet, Jr., and C. T. Retter, "Spread spectrum
image steganography," Proceedings of the IEEE Transactions on Image
Processing, August 1999, pp. 1075-1083.
[11] K. Tanaka, Y. Nakamura, and K. Matsui, "Embedding secret information
into a dithered multi-level image", Proceedings of IEEE Military
Communications <strong>Conference</strong>, 1990, pp. 212-220.
[22] S. H. Low, N. F. Maxemchuk, J. T. Brassil, and L. O'Gorman, "Document
marking and identification using both line and word shifting," Proceedings
of the 14 th Annual Joint <strong>Conference</strong> of the IEEE Computer and
Communications Societies, vol.2, 1995, pp. 853–860.
[23] Y. C. Tseng, Y. Y. Chen, and H. K. Pan, "A Secure Data Hiding Scheme
for Binary Images," IEEE Transaction onCommunications, Vol. 50, No.
8, Aug. 2002, pp. 1227-31
[24] Y. Y. Chen, H. K. Pan, and Y. C. Tseng, "A Secure Data
Hiding Scheme for Two-Color Images," Proceedings of the
IEEE Symposium on Computers and Communications,2000,
pp. 750-755.
[25] M. Wu and B. Liu, "Data Hiding in Binary Image for
Authentication and Annotation," IEEE Transaction
onMultimedia, vol. 6, no. 4, August 2004, pp.528-538.
[26] J.C. Judge, "Steganography: Past, Present, Future", SANS white
paper, November 30, 2001, last visited: 19 February 2007.
[27] G. Doërr and J. Dugelay, "A guide tour of video watermarking",
Signal Processing: Image Communication, vol. 18, no. 4, 2003,
pp. 263-282.
[28] K. Gopalan, "Audio steganography using bit modification",
Proceedings of the IEEE <strong>International</strong> <strong>Conference</strong> on
Acoustics, Speech, and Signal Processing(ICASSP'03), Hong
Kong, vol. 2, April 6-10, 2003, pp.421-424.
[29] N. F. Maxemchuk and S. Low, "Marking Text Documents",
Proceedings of the IEEE <strong>International</strong> <strong>Conference</strong>. on Image
Processing, Santa Barbara, CA, Oct.26-29, 1997, pp. 13-16.
[30] M. Shirali-Shahreza, "Steganography in SMS,"Proceedings of
the 11th <strong>International</strong> CSI Computer<strong>Conference</strong> CSICC’2006),
School of Computer Science, IPM, Tehran, Iran, 24-26 January
2006, pp. 905-910, (in Persian).
[23] M. Shirali-Shahreza, "Stealth Steganography in
SMS,"Proceedings of the third IEEE and IFIP <strong>International</strong>
<strong>Conference</strong> on Wireless and Optical CommunicationsNetworks
(WOCN 2006), Bangalore, India, 11-13 April 2006.
[31] Nokia, "Sending Content over SMS to Nokia Phones", Version
1.0, Forum Nokia, May 2001,http://www.forum.nokia.com, last
visited: 19 February 2007.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 388

Proceedings of ICCNS 08 , 27-28 September 2008
CONTENT BASED IMAGE MINING APPROACH FOR TERRAIN KNOWLEDGE IN REMOTE
SENSING IMAGERY
J.L. Bind, Scientist ‘D’ and Rimmi Devgan, Project Trainee
Defence Terrain Research Laboratory,
Metcalfe House, Delhi-110054, India
Email: jlbind123@yahoo.com
ABSTRACT
In this paper we present a content based image mining approach
for terrain knowledge discovery in remote sensing imagery. A
feature vector is created to describe the terrain objects and features
using visual as well as hidden content. Feature vector comprises
the content, shape, size, texture and processed DN value of remote
sensing to describe the objects and features. The method integrates
machine learning paradigm, especially learning from example
techniques. Construction of sufficient feature vector and
representation of it, to make an efficient and intelligent machine is
also discussed. This work mainly address for feature extraction
from remote sensing data contrary to traditional work on content
based image mining for image retrieval from large image database.
Result is presented in the end of paper.
Index Terms—Knowledge discovery, content based, feature
vector, similarity matching and machine learning
1. INTRODUCTION
There is an increasing demand for systems that can automatically
analyze images and extract semantically meaningful information
from remote sensing data. The task has become complex in nature
to extract smaller terrain feature in high resolution imagery.
Recently a number of soft computing techniques have emerged as
powerful tool to accomplish such task. Image mining deals with
the extraction of knowledge, image data relationship, or other
patterns not explicitly stored in the images. It uses methods from
computer vision, image processing, image retrieval, data mining,
machine learning, database, and artificial intelligence. Image
mining is an area with applications in numerous domains including
remote sensing images, medical images and Arial images. A lot of
work has been carried out in the area of data mining on text data
but very few work have been carried out in the area of image
mining for terrain knowledge in high resolution imagery. Data
mining is a part of the knowledge discovery process and is defined
as the process of discovering meaningful new correlations, patterns
and trends by sifting through large amount of stored data, using
pattern recognition technologies and statistical and mathematical
techniques. In certain literatures data mining has also been used as
a synonym for Knowledge Discovery from Data (KDD). The
outcomes of data mining are also referred to as data mining tasks
or types. Data mining is typically carried out with some end goals
or applications. These can be broadly classified into prediction,
identification, optimization and classification. Here the concept of
content based image mining is extraction of knowledge from
image data. The discovered knowledge may be objects and
features, patterns. Knowledge discovery using content based image
mining technique is the extraction of implicit, useful information
from image data. Knowledge discovery in imagery is a form of
machine learning which discovers interesting knowledge from
image databases and represents the knowledge in a machine
intelligent system. Thus, the basic problem addressed by the image
mining process is one of mapping low level image data which are
typically too voluminous to understand and digest easily into other
forms that might be more compact, more abstract. At the core of
the process is the application of specific image mining methods for
feature discovery and extraction. Content based image mining uses
visual and hidden contents to search objects and features from
large scale image database. Till date it is a challenging research to
create the feature vector of terrain feature and object due to the
complexity involve in it. Terrain feature and object are natural
phenomena and it is very difficult to describe in the remote sensing
images because it varies in all aspect. Content based image mining
uses the visual contents of an image such as color, shape, texture
and spatial layout to represent [3] and hidden content such as DN
value and its correlation. A typical feature vector is described by
multi dimensional feature vector of terrain object and feature. To
discover the features and objects in imagery, similarity/distance
measure between the feature vector and quarry image is calculated.
Features and objects are identified using a threshold limit. Recent
mining systems have incorporated user relevance feedback to
modify the discovery process in order to generate perceptually and
semantically more meaningful retrieved results. In this work a new
concept is given to construct the feature vector to reduce the
complexity involved in terrain features and how to overcome from
uncertainty associated in different objects with similar feature.
2. FEATURE VECTOR OF TERRAIN OBJECTS AND
FEATURES
Feature vector may include visual and hidden content. Visual
content comprises color, texture, shape, spatial resolution. Hidden
content comprises feature extracted from pre-processed image. The
visual contents of image are extracted followed by fusion with
hidden content and described by multi-dimensional feature vectors.
The feature vectors of the images form a feature vector base. A
good visual content descriptor should be invariant to the accidental
variance introduced by the imaging process e.g. the variation of
the illumination of the scene. However, there is a trade of between
the invariance and the discriminative power of visual features,
since a very wide class of invariance loses the ability to
discriminate between essential differences [8]. Invariant
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 389

Proceedings of ICCNS 08 , 27-28 September 2008
description has been largely investigated in computer vision like
object recognition. A visual content descriptor can be either global
or local. A global descriptor uses the visual features of the whole
object, whereas a local descriptor uses the visual feature of object
in parts. To obtain the local visual descriptor, an image of object is
divided into parts first. The simplest way of dividing an image of
object is to use a partition, which cuts the image into tiles of equal
size and shape. A simple partition does not generate perceptually
meaningful regions but is a way of representing the global features
of the image at a finer resolution. A better method is to divide the
image of an object into homogeneous regions according to some
criterion using region segmentation algorithms that have
extensively investigated in computer vision. Currently, automatic
object segmentation for broad domains of general image is
unlikely to succeed [11]. In this section, we will introduce some
widely used techniques for extracting color, texture, shape and
spatial relationship from images.
2.1. Color
Color is the most extensively used visual content for image
mining. Its three dimensional values make its discrimination
potentiality superior to the single dimensional grey values of
images. Before selecting an appropriate color description, color
space must be determined first.
2.1.1. Color Space
Each pixel of the image can be represented as a point in a 3D color
space. Commonly used color space for image mining include
RGB, Munsell, CIE L*a*b*, CIE L*u*v*, HSV (or HSL, HSB)
and opponent color space. RGB space is a widely used color space
for image display. It is composed of three color components red,
green and blue [7].
2.2. Texture
Texture is another important property of images. Various texture
representations have been investigated in pattern recognition and
computer vision. Basically, texture representation methods can be
classified into two categories: structural and statistical. Structural
methods, including morphological operator and adjacency graph,
describe texture by identifying structural primitives and placement
rules. They tend to be most effective when applied to textures that
are very regular. Statistical methods, including Fourier power
spectra, co-occurrence matrices, shift-invariant principal
component analysis (SPCA), Tamura feature, Markov random
field, fractal model, and multi-resolution filtering techniques such
as Gabor and wavelet transform, characterize texture by the
statistical distribution of the image intensity [5].
2.3. Shape
Shape features of the objects or regions are usually described after
images have been segmented. Since robust and accurate image
segmentation is difficult to achieve, the use of shape features has
been limited to special applications where objects or regions are
readily available. The state of art methods for shape description
can be categorized into either boundary based polygonal
approximation, finite element models and Fourier based shape
descriptors or region based methods. A good shape representation
feature for an object should be invariant to translation, rotation and
scaling [1], [2], [7].
2.4. Spatial Information
Regions or objects with similar color and texture properties can be
easily distinguished by imposing spatial constraints. For instance,
regions of desert and snow may have similar color histograms, but
their spatial locations in image are different. Therefore, the spatial
location of regions (or objects) or the spatial relationship between
multiple regions (or objects) in an image is very useful. In such
scenario, the analysis of image to find the terrain type is required.
The most widely used representation of spatial relationship is the
2D strings. It is constructed by projecting images along the x and y
directions. Two sets of symbols, V and A, are defined on the
projection. Each symbol in V represents an object in the image.
Each symbol in A represents a type of spatial relationship between
objects. As its variant, the 2D G-string [4] cuts all the objects
along their minimum bounding box and extends the spatial
relationship into two sets of spatial operators. One defines local
spatial relationships. The other defines the global spatial
relationships, indicating that the projection of two objects are
disjoint, adjoin or located at the space position. In addition, 2D C-
string is proposed to minimize the number of cutting objects. 2D-B
string represents an object by two symbols, standing for the
beginning and ending boundary of the object. A method based on
the random transform, which exploits the spatial distribution of
visual features without a sophisticated segmentation can be
performed.
2.5. Hidden Co-relation
Pre-processing operator is applied to find the co-relation between
different facets of object/feature to generate the feature vector.
Histograms and arithmetic/logical operators are useful preprocessing
tools may be used to create the feature vector.
Depending on the co-relation between various facets of object will
lead for terrain object recognition.
2.6. Terrain type linked Feature Vector
Generally we deal with six different terrain types namely plain,
desert, rann, delta, coastal and mountainous. Feature vector varies
according to the terrain types. Terrain types linked feature vector
base is created.
3. CONTENT BASED SIMILARITY/ DISTANCE MEASURE
In the content based image mining system, patterns available in the
image does the similarity matching from feature vector base to
identify the objects/features. Similarity can be modeled by various
approaches. The retrieval algorithm relies on the indices and the
organization of the memory to direct the search to potentially
useful feature vector. Given a description of a feature vector, a
retrieval algorithm, using the indexes in the feature vector base,
should retrieve the objects/features most similar to the current
pattern in the image. Accordingly, the retrieval result may not a
single object but a list of objects ranked by their similarities with
the query pattern [6]. Here we propose two levels: (1) distance
measure of attribute between object and query pattern and (2)
similarity measure between object and query pattern.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 390

Proceedings of ICCNS 08 , 27-28 September 2008
3.1. Distance Measure of Attribute between Object and Query
Pattern
Many distance measures have been developed for image mining
based on empirical estimates of the distribution of attribute
features in recent year. Distance measure is computed between
attributes of object and query pattern. Some techniques for
distance measure are Minkowski-Form Distance, Quadratic Form
Distance, Mahalanobis Distance, Kullback-Leibler (KL)
Divergence and Jeffrey-Divergence (JD). In this work we have
used Kullback-Leibler Divergence and Jaffrey Divergence. We
denote D(I,J) as the distance measure between the query pattern I
and feature vector J in the feature vector base and ƒ i (I) as the
number of pixels in i of I. The KL divergence measures how
compact one attribute/feature distribution can be coded using the
other one as the codebook. The KL divergence between two
images I and J is defined as
D ( I , J ) = fi ( I ) log ( fi ( I ) / fi ( J ))
∑
i
The KL divergence is used as similarity measure for texture. The
JD divergence is defined as
D( I , J ) = ∑ fi(
I ) log( fi(
I ) / fi)
+ fi(
J ) log( fi(
J ) / fi)
i
where fi = [ fi(
I)
+ fi(
J )]/ 2 in contrast to KL-divergence, JD is
symmetric and numerically more stable when comparing two
empirical distributions. In the case of hidden co-relation distance
measure similar pre-processing operator is applied on query
pattern. Distance is measured based on co-relation in query pattern
and feature vector.
3.2. Similarity Measure between Object and Query Pattern
The similarity between stored feature vectors and the new input
pattern is based on matching a weighted sum of features. The
similarity (that is, the proximity) of the target feature vector to a
source pattern for each attribute is determined. This measure is
multiplied by a weighing factor. Then the sum of similarity of all
attributes is calculated. This can be represented by the equation
Similarity ( T , S ) = ∑ f ( T
i
, S
i
) * W
i
Where T is the target object, S is the source pattern, n is the
number of attributes in each attribute, i is an individual attribute
from 1 to n, ƒ is a similarity function for attribute i in cases T and
S and w is the weighting of the attribute i. Similarity are usually
normalized to fall within a range of 0 and 1.
4. CONTENT BASED IMAGE MINING SYSTEM
Content based image mining system for satellite images is
proposed here. An example of a typical False Color Code (FCC) of
satellite image is given in figure 1. Remote sensing images are
composed of a matrix of picture elements, or pixels, which are the
smallest units of an image. Image pixels are normally square and
represent a certain area on the earth surface. Each pixel comprises
two information namely DN value and RGB value. In this
proposed system, both information levels are exploited to extract
the objects/features. If we analyses this image, then we found that
visible features [4], [9] are easily identifiable but hidden feature is
to be extracted. In typical content based image mining systems is
presented in Figure 2. In this proposed system major efforts lies in
the creation of feature vector. Input image is classified to find the
various patterns. Each pattern is processed by similar operator
which was used for feature vector creation for different attribute
features [10]. Distance Measure of Attribute followed by similarity
measure between Object and Query Pattern is computed.
Accordingly, the retrieval result may not a single object but a list
of objects ranked by their similarities with the query pattern. If
more than one highest ranked object has same value, then
uncertainty arises for class selection. To handle such scenario, a
second level of image classification is proposed. Terrain type
linked feature vector guide for possible object type.
user
Query
Formation
Pre-processing
of Image Data
Extracted
Object and Feature
Image Data
for
Pre-processing
of Image Data
Figure 1: Satellite View
Input
Image
Hidden Content
Description
Visual Content
Description
Retrieval
Visual Content
Description
Hidden Content
Description
Content
Fusion
Feature Vector
Similarity
Comparison
Feature Vector
Database
Content Fusion
Figure 2: Content Based image Mining System
An algorithm for this proposed system is given in Table 1, which
describe the development of complete system.
Table 1
Step 1: Construct the visual feature vector from training image
Step 2: Construct the hidden feature vector from training image
Step 3: Fusion of visual and hidden feature vector and develop the
feature vector base
Step 4: Read the input image RGB and convert to L*a*b* image
lab_img.
Step 5: Classify each pixel p in lab_img using the nearest neighbor
rule
begin
for each color_marker(i) (1 ≤ i ≤ n )
do {
for each pixel p(j,k) (1 ≤ j ≤ M, 1 ≤ k ≤ N ) in lab_img
do { /*calculate Euclidian distance between p(j,k)’s a* b*
value and color_marker (i) and store in a cell array distance */
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 391

Proceedings of ICCNS 08 , 27-28 September 2008
distance(j,k,i) = √(( p(j,k) a* - color_marker(i) a* ) 2 +(
p(j,k) b* - color_marker(i) b* ) 2 ) } }
find the minimum distance value for each pixel among distances
from all color_markers and label the pixel with corresponding
color_label. end
Step 6: Obtain segmented images for each region obtained as
results of the nearest neighbor classification
Step 7: Convert each segmented image to a binary image and
compute the area of the ‘on’ or white pixels
Step 8: Compute the distance measure of each attribute of each
pattern and feature vector
Step 9: Compute the similarity measure and mark the ranking of
retrieved object.
Step 10: If more than one highest ranking feature vector then
search terrain linked feature vector.
Step 11: Compute the over all percentage area occupied by each
region and present as summary
challenges. Application of this work may be extended for Arial
images and medical imaging.
5. RESULTS
Satellite image given in figure 1 is classified for vegetation, built
up, sand cover and water body and results are presented in figure 3
to 7. IRS LISS III image is classified into vegetation, built up area,
sand cover and water body. The summary of result is presented in
figure 7. The software system is developed in Metlab.
Figure 3: Vegetation covers
Figure 5: Sand covers
6. CONCLUSIONS
Figure 4: Built up area
Figure 6: Water body
This paper presents a content based image mining approach for
terrain knowledge discovery in IRS LISS III remote sensing
imagery. Proposed approach for creation of feature vector is very
robust. This approach will be more useful and appropriate for high
resolution imagery where objects and features are clearly visible.
Hence proposed work will be a revolutionary for image processing
of high resolution data, which will be our future task. This work
will have tremendous future application in unmanned vehicle/tank
where real time information is required which is future research
Figure 7: Summary report
7. REFERENCES
[1] K. Arbter, W. E.Snyder, H. Burkhardi and G. Hirzinger,
“Application of affine-invariant Fourier descriptors to recognition
of 3D objects,” IEEE Trans. Pattern Analysis and Machine
Intelligence. Vol. 12, pp. 640-647, 1990.
[2] E.M. Arkin, L.P.Chew, D.P.Huttenlocher, K. Keden and
J.B.S.Mitchell, “An efficiently computable metric for comparing
polygonal shapes,” IEEE Trans. Pattern Analysis and Machine
Intelligence, vol. 13, no. 3, pp. 209-226, 1991.
[3] J. Assfalg, A.D.Bimbo, and P.Pala, “Using multiplt examples
for content based retrieval,” Proc <strong>International</strong> <strong>Conference</strong> on
Multimedia, 2000.
[4] S. K. Chang, E. Jungert and Y. Li, “Representation and
retrieval of symbolic pictures using generalized 2D string,”
Technical Report, University of Pittsburgh, 1988.
[5] T. Chang and C.C.J. Kuo, “Texture analysis and classification
with tree-structured wavelet transform,” IEEE Trans. on Image
Processing, vol.2, no.4, pp.429-441, oct. 1993.
[6] C.Faloutsos et al. “Efficient and effective querying by image
content,” Journal of intelligent information system, vol.3, pp.231-
262, 1994.
[7] T.Gevers and A.W.M.Smeulders, “Pictoseek: Combining color
and shape invariant features for image retrieval,” IEEE Trans. on
image processing, vol.9, no.1, pp.102-119, 2000.
[8] A.K.Jain and F.Farroknia, “Unsupervised texture segmentation
using Gabor filters,” Pattern Recognition, vo.24, no.12, pp.1167-
1186, 1991.
[9] J.R.Smith and S,F.Chang, “VisualSEEK: a fully automated
content based image query system,” ACM Multimedia 96, Boston,
MA, nov.1996.
[10] A.Vailaya, M.A.G.Figueiredo, A.K.Jain and H.J.Zhang,
“Image classification for content based indexing,” IEEE Trans. on
Image Processing, vol.10, no.1, Jan.2001.
[11] H. Voorhees and T.Poggio, “Computing texture boundaries
from images,” Nature, 333:364-367, 1988.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 392

Proceedings of ICCNS 08 , 27-28 September 2008
A New Wavelet Shrinkage Method for
Estimation of Biological Signals
V.V.K.D.V.Prasad, P.Siddaiah, and B.Prabhakara Rao
Abstract— Wavelet shrinkage denoising methods are widely
used for estimation of biological signals from noisy environment.
This paper proposes shrinkage method based on a New Thresholding
filter for denoising of biological signals. We applied this method to
denoise EEG signal. The performance of this method is evaluated
and compared with that of methods using popular Hard and Soft
thresholding filters. Simulation results revealed that this new method
performs superior to Hard and Soft shrinkage methods.
Keywords—denoising, EEG, thresholding filter, wavelet
transform, wavelet thresholding, wavelet shrinkage
I. INTRODUCTION
Nowadays signals or data are collected at ever-increasing
pace by using sensors or computers or instruments. During
signal acquisition or transmission signals are contaminated
with noise. Before carrying out the further analysis of the
signals noise must be reduced. Biological signals are no
exception from this. The random noises uncorrelated with
biological signals can be approximated by additive white
Gaussian noise. Several techniques have been proposed for
estimating biological signals from the noisy environment.
Shrinkage methods based on wavelets have become
increasingly popular because of variable resolution property
of wavelet transforms [1],[2],[3],[4],[5]. In this paper wavelet
shrinkage method based on a New Thresholding filter is
proposed. The performance of this method is evaluated by
using EEG signal corrupted with additive white Gaussian
noise. Mean Square Error (MSE) and Signal to Noise Ratio
(SNR) are used as evaluation criteria for denoising.
II. DENOISING
In the denoising of biological signals using wavelet
shrinkage methods first we apply discrete wavelet transform
on the noisy signal and obtain wavelet coefficients. By using a
thresholding rule we fix the threshold for the coefficients.
Hypothesis Testing thresholding rule [5] is considered here.
The noisy coefficients are thresholded by using a thresholding
filter. Denoised signal is obtained by using inverse wavelet
transform on the thresholded coefficients [6]. While applying
wavelet transform we have to select a wavelet for forward and
inverse transformations [7],[8]. Wavelet Symmlet 8 is chosen
here. By selecting different thresholding rules and
thresholding filters we can get different wavelet shrinkage
methods. In this paper a New Thresholding filter is proposed
for wavelet shrinkage denoising.
A. Hypothesis Testing
The thresholding rules determine the threshold levels. In
this paper threshold is determined by considering Hypothesis
Testing rule [5]. The threshold estimation in this method is
independent of thresholding filter used. It calculates level
dependant thresholds after performing wavelet transformation
on the signal.
Calculation of threshold
Let the wavelet coefficients ω are N s in number at a
particular level and assume that they are normally distributed.
2
Find α -critical value, α ⎧ −1
1
⎫
v =
⎡
⎨ ( 1 ) 1 2
⎤
⎜
⎟
⎞
⎬
⎩
⎢⎣
⎛ − N
N φ α
⎝
+ s /
s
⎠ ⎥⎦ ⎭
where α is error probability parameter. φ ( ) is cumulative
distribution function of standard normal density. Then find the
largest of the squared wavelet coefficients at that level,
2
α
denoted by ω ( N s ) and compare it to the above value v
N s
. If
2 2 α
ω( N )/ ˆ σ > v
s N s
where σˆ is an estimate of the standard
deviation of noise, ω( Ns
)
is retained as signal. Next repeat the
process with the square of second largest (in absolute value)
2
wavelet coefficient ω ( N s −1 ) . If
2
2 α
ω ( N − 1 ) / ˆ σ > v
s N s
, the
− 1
procedure continues until at some point the p th largest (in
absolute value) coefficient satisfies
2 2 α
ω( p) / ˆ σ ≤ v . The
p
threshold at that level is then set as λ = ω ( p)
. The
recommended value for α is 0.05.
B. Thresholding Filters
The noisy wavelet coefficients are filtered by using
thresholding filters. The most commonly known Hard and
Soft filters are considered in this paper (Figs 1and 2).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 393

Proceedings of ICCNS 08 , 27-28 September 2008
3.1. Distance Measure of Attribute between Object and Query
Pattern
Many distance measures have been developed for image mining
based on empirical estimates of the distribution of attribute
features in recent year. Distance measure is computed between
attributes of object and query pattern. Some techniques for
distance measure are Minkowski-Form Distance, Quadratic Form
Distance, Mahalanobis Distance, Kullback-Leibler (KL)
Divergence and Jeffrey-Divergence (JD). In this work we have
used Kullback-Leibler Divergence and Jaffrey Divergence. We
denote D(I,J) as the distance measure between the query pattern I
and feature vector J in the feature vector base and ƒ i (I) as the
number of pixels in i of I. The KL divergence measures how
compact one attribute/feature distribution can be coded using the
other one as the codebook. The KL divergence between two
images I and J is defined as
D ( I , J ) = fi ( I ) log ( fi ( I ) / fi ( J ))
∑
i
The KL divergence is used as similarity measure for texture. The
JD divergence is defined as
D( I , J ) = ∑ fi(
I ) log( fi(
I ) / fi)
+ fi(
J ) log( fi(
J ) / fi)
i
where fi = [ fi(
I)
+ fi(
J )]/ 2 in contrast to KL-divergence, JD is
symmetric and numerically more stable when comparing two
empirical distributions. In the case of hidden co-relation distance
measure similar pre-processing operator is applied on query
pattern. Distance is measured based on co-relation in query pattern
and feature vector.
3.2. Similarity Measure between Object and Query Pattern
The similarity between stored feature vectors and the new input
pattern is based on matching a weighted sum of features. The
similarity (that is, the proximity) of the target feature vector to a
source pattern for each attribute is determined. This measure is
multiplied by a weighing factor. Then the sum of similarity of all
attributes is calculated. This can be represented by the equation
Similarity ( T , S ) = ∑ f ( T
i
, S
i
) * W
i
Where T is the target object, S is the source pattern, n is the
number of attributes in each attribute, i is an individual attribute
from 1 to n, ƒ is a similarity function for attribute i in cases T and
S and w is the weighting of the attribute i. Similarity are usually
normalized to fall within a range of 0 and 1.
4. CONTENT BASED IMAGE MINING SYSTEM
Content based image mining system for satellite images is
proposed here. An example of a typical False Color Code (FCC) of
satellite image is given in figure 1. Remote sensing images are
composed of a matrix of picture elements, or pixels, which are the
smallest units of an image. Image pixels are normally square and
represent a certain area on the earth surface. Each pixel comprises
two information namely DN value and RGB value. In this
proposed system, both information levels are exploited to extract
the objects/features. If we analyses this image, then we found that
visible features [4], [9] are easily identifiable but hidden feature is
to be extracted. In typical content based image mining systems is
presented in Figure 2. In this proposed system major efforts lies in
the creation of feature vector. Input image is classified to find the
various patterns. Each pattern is processed by similar operator
which was used for feature vector creation for different attribute
features [10]. Distance Measure of Attribute followed by similarity
measure between Object and Query Pattern is computed.
Accordingly, the retrieval result may not a single object but a list
of objects ranked by their similarities with the query pattern. If
more than one highest ranked object has same value, then
uncertainty arises for class selection. To handle such scenario, a
second level of image classification is proposed. Terrain type
linked feature vector guide for possible object type.
user
Query
Formation
Pre-processing
of Image Data
Extracted
Object and Feature
Image Data
for
Pre-processing
of Image Data
Figure 1: Satellite View
Input
Image
Hidden Content
Description
Visual Content
Description
Retrieval
Visual Content
Description
Hidden Content
Description
Content
Fusion
Feature Vector
Similarity
Comparison
Feature Vector
Database
Content Fusion
Figure 2: Content Based image Mining System
An algorithm for this proposed system is given in Table 1, which
describe the development of complete system.
Table 1
Step 1: Construct the visual feature vector from training image
Step 2: Construct the hidden feature vector from training image
Step 3: Fusion of visual and hidden feature vector and develop the
feature vector base
Step 4: Read the input image RGB and convert to L*a*b* image
lab_img.
Step 5: Classify each pixel p in lab_img using the nearest neighbor
rule
begin
for each color_marker(i) (1 ≤ i ≤ n )
do {
for each pixel p(j,k) (1 ≤ j ≤ M, 1 ≤ k ≤ N ) in lab_img
do { /*calculate Euclidian distance between p(j,k)’s a* b*
value and color_marker (i) and store in a cell array distance */
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 394

Proceedings of ICCNS 08 , 27-28 September 2008
f ( ω, λ)
N
2 =30
f ( ω,λ )
N
γ 2 =30
0
γ 30
2 = −30
γ 30
γ 2 = −
0
γ 2 = −30
γ 2 = −30
γ 2 =
γ 2 =30
0
− λ
λ ω
− λ 0 λ ω
Fig. 3 New Thresholding Filter: γ 1 = 0
Fig. 4 New Thresholding Filter: γ 1 = 1
IV. RESULTS AND DISCUSSION
This section reports the results obtained on denoising of
EEG signals using Hard, Soft and New Thresholding filters.
EEG signals [11] of sample size 2048 contaminated with
additive white Gaussian noise of different values of standard
deviation (σ) are simulated. Wavelet decomposition of EEG
signal is made up to resolution level of three using Symmlet 8
[7],[12]. After fixing the threshold using Hypothesis Testing
rule [5] the wavelet coefficients are filtered by using a
thresholding filter. The inverse wavelet transform is applied
on the resultant coefficients and denoised signal estimate is
obtained.
MSE and SNR are used as measure of denoising. They are
calculated as given below
1
MSE =
n
SNR = 10 log
10
n
∑
n
∑
i = 1
i=
1
n
( () ()) 2
X i − Xˆ i
∑
i = 1
X
( i )
2
2
( X () i − Xˆ ( i ))
n represents no. of samples, X () i original signal data,
Xˆ () i denoised signal data
The simulation experiment is repeated 100 times and
average values of MSE and SNR are found. These
experiments are conducted on 50 numbers of EEG signals and
found that the results are same. The simulation is implemented
in MATLAB environment. Table I shows the denoising
results of EEG signal F057 obtained using Hard and Soft
dB
thresholding filters for σ=10, 20 and 30. The original and
denoised signals F057 obtained using Hard, Soft and New
Thresholding filters for σ=20 are shown in Figs 5-9.
Results of denoising of EEG F057 for different parameters
of New Thresholding filter are reported in Tables II-IV. For a
noisy signal of σ =10, MSE of 64.47 and SNR of 17.61 are
obtained on denoising using Hard thresholding filter and MSE
of 121.44 and SNR of 14.86 with Soft thresholding filter
(Table I). For New thresholding filter for σ =10, MSE of
64.56 and SNR of 17.60 are found when γ 1 = 0 and γ 2 = 30
(Table II). This indicates the New filter behaves as Hard
thresholding filter at these values of γ 1 and γ 2 for σ =10. MSE
of 120.22 and SNR of 14.90 for σ =10 are obtained for New
filter when γ 1 = 0 and γ 2 = −30
(Table II). It shows its
working is close to Soft thresholding filter at these values of
γ 1 and γ 2 for σ =10. The same behavior of New thresholding
filter is noticed for σ =20 and 30. From the results it is
observed that for EEG signals keeping γ 1 = 0 , if the values of
γ 2 are increased in the positive direction the behavior of New
Thresholding filter approaches that of Hard Thresholding
filter when γ 2 = 30 for σ =10 (Table II) and γ 2 = 20 for σ =
20 and 30 (Tables III-IV). In the negative direction it
approaches Soft Thresholding filter when γ 2 = −30
for σ
=10, 20 and 30 (Tables II-IV). It comprises the features of
both Hard and Soft thresholding filters. Different qualities of
denoising are obtained for different values of γ 1 and γ 2 . It is
noticed that when γ 1 ≠ 0 the denoising performance of the
New filter superior to Hard and Soft filters is obtained. It is
observed that when γ 1 = 1 this New filter gives the best
performance in denoising the EEG signals (values shown
italicized in tables II-IV).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 395

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE I
DENOISING RESULTS OF EEG F057 USING HARD AND SOFT THRESHOLDING FILTERS
σ =10 σ =20 σ =30
MSE SNR MSE SNR MSE SNR
Noisy Signal 99.94 15.70 399.85 9.68 901.43 6.15
Hard 64.47 17.61 157.27 13.74 268.46 11.42
Soft 121.44 14.86 279.47 11.25 466.16 9.02
TABLE II
DENOISING RESULTS OF EEG F057 USING NEW THRESHOLDING FILTER, σ =10
γ -30 -20 -10 0 10 20 30
2
MSE 120.22 118.80 116.46 75.65 65.23 63.95 64.56
γ 1 = 0
SNR 14.90 14.96 15.04 16.92 17.56 17.64 17.60
γ
MSE 114.05 113.43 110.44 68.69 58.88 59.21 59.00
1 = 0.5
SNR 15.13 15.16 15.27 17.33 18.00 17.98 17.99
γ
MSE 108.87 108.19 105.03 64.20 54.57 53.21 53.59
1 =1
SNR 15.34 15.36 15.49 17.63 18.33 18.44 18.41
TABLE III
DENOISING RESULTS OF EEG F057 USING NEW THRESHOLDING FILTER, σ =20
γ 2
-30 -20 -10 0 10 20 30
γ
MSE 280.34 276.40 269.72 180.88 156.55 157.92 156.41
1 = 0
SNR 11.23 11.29 11.40 13.13 13.76 13.72 13.76
γ
MSE 263.34 264.67 260.90 166.59 143.96 145.16 142.58
1 = 0.5
SNR 11.50 11.48 11.54 13.49 14.12 14.09 14.16
γ
MSE 257.03 255.31 253.21 153.95 132.29 134.35 132.66
1 =1
SNR 11.61 11.64 11.67 13.83 14.49 14.42 14.48
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 396

Proceedings of ICCNS 08 , 27-28 September 2008
TABLE IV
DENOISING RESULTS OF EEG F057 USING NEW THRESHOLDING FILTER, σ =30
γ 2
-30 -20 -10 0 10 20 30
γ 1 = 0 MSE
467.78 456.53 466.60 307.41 268. 89 267.58 273.91
SNR 9.01 9.11 9.02 10.83 11.41 11.43 11.33
γ
MSE 441.67 442.30 432.65 277.43 246.12 245.53 245.27
1 = 0.5
SNR 9.26 9.25 9.35 11.28 11.80 11.80 11.81
γ
MSE 425.21 425.22 417.23 266.40 231.20 231.88 230.57
1 =1
SNR 9.42 9.42 9.51 11.45 12.07 12.05 12.08
200
100
0
-100
-200
0 500 1000 1500 2000 2500
300
200
100
0
-100
-200
0 500 1000 1500 2000 2500
Fig. 5 Original EEG
Fig.6 Noisy EEG
200
100
0
-100
-200
0 500 1000 1500 2000 2500
200
100
0
-100
-200
0 500 1000 1500 2000 2500
Fig. 7 Denoised EEG using Hard Thresholding Filter
Fig. 8 Denoised EEG using Soft Thresholding Filter
200
100
0
-100
-200
0 500 1000 1500 2000 2500
Fig. 9 Denoised EEG using New Thresholding Filter γ = 1, γ 10
1 =
2
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 397

Proceedings of ICCNS 08 , 27-28 September 2008
V. CONCLUSION
Wavelet shrinkage method based on a New thresholding
filter is proposed in this paper for denoising of biological
signals. We evaluated the performance of this method using
EEG signals. From the simulation results it is observed that
the proposed method performs superior to shrinkage methods
based on Hard and Soft filters. Different qualities of denoising
are obtained by varying the parameters of the filter.
[12] S. G. Mallat, “A theory for multiresolution signal decomposition: The
Wavelet representation,” IEEE Trans. Pattern Analysis and Machine
Intelligence, vol. 11, pp 674-69,1989.
REFERENCES
[1] B. Vidakovic, Statistical Modeling by Wavelets, Wiley Series in
Probability and Statistics, John Wiley & Sons, Inc., 1999
[2] D. L. Donoho and I. M. Johnstone, “Adapting to unknown smoothness
via Wavelet Shrinkage,” Journal of the American Statistical Association,
vol. 90, no. 432, pp 1200-1224, Dec. 1995.
[3] D. L. Donoho and I. M. Johnstone, “Ideal spatial adaptation via
Wavelet Shrinkage,” Biometrika, vol. 81, pp 425-455,1994.
[4] A. Bruce and H. Gao, Applied Wavelet Analysis with S-PLUS, Springer
Verlag, 1996.
[5] R. T. Ogden, Essential Wavelets for Statistical Applications and Data
Analysis, Birkhauser, 1997.
[6] Carl Taswell, “The what, how and why of wavelet shrinkage denoising,”
Computing in Science and Engineering, pp 12-19, May 2000.
[7] I. Daubechies, Ten lectures on Wavelets, SIAM, 1992.
[8] A. Graps, “An Introduction to wavelets,” IEEE Journal of
Computational Science and Engineering, vol. 2, no. 2, pp 1-17, Summer
1995
[9] Marteen Jansen, Noise reduction by Wavelet Thresholding, vol. 161,
Springer Verlag, 2001.
[10] D. L. Donoho, “Denoising by Soft Thresholding,” IEEE Trans.
Information Theory, vol. 41, no. 3, pp 613-627, May 1995.
[11] Andrzejak R.G, Lehnertz K, Rieke C, Mormann F, David P, Elger CE,
2001, “Indications of nonlinear deterministic and finite dimensional
structures in time series of brain electrical activity: Dependence on
recording region and brain state”, Phys.Rev.E, 64.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 398

Proceedings of ICCNS 08 , 27-28 September 2008
Speaker Identification for the futuristic house
D. Y. Sakhare
M.E. (Digital Systems)
M.I.T, Pune, India
P. S. Mahajani
Dept of E & TC
M.I.T, Pune, India
P.S. Kasliwal
Dept of ETX
M.A.E. Pune, India
Abstract
This paper presents design of Automatic speaker identification
for the futuristic houses from the real-time system point of view.
Speaker specific vocal tract information is used to separate one
speaker model from other. Along with that we use an approach,
which combines the information of the glottis source i.e. pitch.
The approach synchronously takes into account the correlation
between the two sources of information. The speaker specific
vocal tract information is mainly represented by Mel-frequency
cepstrum coefficients (MFCCs). The pitch analysis is done by
using HPS (harmonic product spectrum). In order to analyze
this method in practice we made appropriate software and using
real data we ran several tests.
KEYWORDS: Cepstrum, MFCC, Pitch, HPS, Speaker models
1. Introduction
The current trend is of futuristic automated home
(futuristic House) where human speech is used for handsfree,
secure control and sounds around the house can be
monitored for security and safety. Possible tasks include:
sound-activated light switch, voice-controlled TV remote,
security user authentication by voice, voice-dialing,
recognition. In Home PC Security our home, Speaker
Identification will make it easier for us to log into our
computer, just by saying, "Log me in!" In Office PC
Security, Speaker ID can add an extra level of protection
to our computer, making it even harder for someone to
break in. Not only will they need our password, they will
have to be able to do a great job of imitating our voice. In
the future when our home is electronic, when we say
"Computer, turn ON the radio", it won't just turn the radio
on, it will recognize who we are, and set it to our favorite
station. When our child tells "Computer, turn the
thermostat” the computer will recognize his voice, and
refuse to do it.
In our everyday lives there are many forms of
communication, for instance: body language, textual
language, pictorial language and speech. These
parameters are related to biometrics [Table1]. Amongst
those forms, speech is always regarded as the most
powerful form because of its rich dimensions character
[1]. Except for the speech text (words), the rich
dimensions also refer as the gender, attitude, emotion,
health situation and identity of a speaker. Such
information is very important for an effective
communication. From the signal processing point of view,
speech can be characterized in terms of the signal
carrying message information. The waveform could be
one of the representations of speech, and this kind of
signal has been most useful in practical applications. It
could give three main kinds of information: Speech Text,
Language and Speaker Identity [1].
Table 1: Biometrics
Physical
Behavioral
Biological
Fingerprint
Face
Hand geometry
Iris
Speech and, Signature
DNA and Body odor
The information contents extracted from the speech can
lead to three recognition systems: speech recognition
systems, language recognition systems and speaker
recognition systems [2]. This paper concentrates on
speaker recognition systems (SRS). Speaker recognition is
broad problem and includes both identification and
verification. In speaker verification, the user claims an
identity and the claimed identity is verified. In speaker
identification the identity of the speaker is not known.
Given a sample of speech, it has to be matched with
speech samples already in the database. It must be noted
that the speaker the user may or may not be present in the
database. The Figure 1 shows the taxonomy of speaker
identification. Speaker identification can be classified as
text dependent or independent. Here we implement closed
set speaker identification system.
Figure 1. Speaker Identification taxonomy
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 399
1

Proceedings of ICCNS 08 , 27-28 September 2008
2. Overview:
Figure 2 shows the generic speaker identification system.
At the time of enrollment the speech signal is acquired in
a controlled and supervised manner. The accuracy of the
system relies upon the length and the signal to noise ratio
of the signal. The system then processes the speech signal
for silence removal, loudness equalization and other
operations. Feature extraction is then performed on the
processed signal in order to get speaker discriminatory
information from it. The discriminatory information
forms the speaker model. This model can be stochastic,
Figure 2. Features of speech signal
statistical or simply template [1]. The model must have
higher inter speaker variability and lower intra speaker
variability. At the time of verification a speech sample is
acquired from the user. The recognition system has to
acquire the features from the sample,and compare it
against the models already stored before hand. The
process of feature extraction and speaker modeling is
discussed in following sections.
3. Features of Speech Signal
Since aim of the work is to study features of speech
signals. Features are useful to separate one speaker from
other. The basic features of speech are,
• Pitch
• Formant frequencies
Pitch: Pitch is the most distinctive difference between
male and female speakers. A person’s pitch originates in
the vocal cords/folds, and the rate at which the vocal folds
vibrate is the frequency of the pitch. So, when the vocal
folds oscillate at 300 times per second, they are said to be
producing a pitch of 300 Hz [2]. When the air passing
through the vocal folds vibrates at the frequency of the
pitch, harmonics are also created. The harmonics occur at
integer multiples of the pitch and decrease in amplitude at
a rate of 12 dB per octave – the measure between each
harmonic [4]. The reason pitch differs between sexes is
the size, mass, and tension of the laryngeal tract which
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 400
includes the vocal folds and the glottis (the spaces
between and behind the vocal folds).
Pitch Detection with Harmonic Product
Spectrum: If the input signal is a musical note, then its
spectrum should consist of a series of peaks,
corresponding to fundamental frequency with harmonic
components at integer multiples of the fundamental
frequency [5]. Hence when one compress the spectrum a
number of times (down sampling), and compare it with
the original spectrum, one can see that the strongest
harmonic peaks line up. The method is as follows:
• First divide the input signal into segments by
applying a Hamming window, where the
window size and hop size are given as an input.
• For each window, utilize the Short-Time Fourier
Transform to convert the input signal from the
time domain to the frequency domain.
• Once the input is in the frequency domain, then
apply the Harmonic Product Spectrum technique
to each window.
The HPS involves two steps: down sampling and
multiplication. To down sample, compressed the spectrum
twice in each window by resampling: the first time,
compress the original spectrum by two and the second
time, by three. Once this is completed, multiply the three
spectra together and find the frequency that corresponds
to the peak (maximum value). This particular frequency
represents the fundamental frequency of that particular
window. The pitch histogram is drown based on
fundamental frequency obtained from different windows
Formant frequencies: When sound is emitted from the
human mouth, it passes through two different systems
before it takes its final form. The first system is the pitch
generator, and the next system modulates the pitch
harmonics created by the first system. Scientists call the
first system the laryngeal tract and the second system the
supralaryngeal/vocal tract. The supralaryngeal tract
consists of structures such as the oral cavity, nasal cavity,
velum, epiglottis, tongue, etc.
When air flows through the laryngeal tract, the air
vibrates at the pitch frequency formed by the laryngeal
tract as mentioned above. Then the air flows through the
supralaryngeal tract, which begins to reverberate at
particular frequencies determined by the diameter and
length of the cavities in the supralaryngeal tract. These
reverberations are called “resonances” or “formant
frequencies”. In speech, resonances are called formants.
So, those harmonics of the pitch that are closest to the
formant frequencies of the vocal tract will become
amplified while the others are attenuated. [4]
3.1 Speaker modeling and recognition
Speaker modeling involves the representation of an
utterance as a sequence of feature vectors. Utterances
spoken by the same person but at different times result in
2

Proceedings of ICCNS 08 , 27-28 September 2008
similar yet different sequence of feature vectors,
following are the Front End Processing stages for speech :
• Signal acquisition and selection of sampling
frequency
• Amplification and Removal of dc bias voltage if
any
• Rounding to reduce memory size
• Removal of Non-Speech Signal Durations
(Threshold)
• Companding (A or µ law) to improve SNR
• Windowing and window overlapping [6].
• Spectral analysis using FFT, STFT or
Spectrographic Analysis.
representation of the speech spectrum provides a good
representation of the local spectral properties of the signal
for the given frame analysis [6][8]. As the Mel spectrum
coefficients (and so their logarithm) are real numbers,
convert them to the time domain using the Discrete
Cosine Transform (DCT). Therefore denote those mel
power spectrum coefficients that are the result of the last
Because of its nature, the speech signal is a slowly
varying signal or quasi-stationary. It means that when
speech is examined over a sufficiently short period of
time (20-30 milliseconds) it has quite stable acoustic
characteristics [8]. It leads to the useful concept of
describing human speech signal, called “short-term
analysis”, where only a portion of the signal is used to
extract signal features at one time. It works in the
following way: predefined length window (usually 20-30
milliseconds) is moved along the signal with an
overlapping (usually 30-50% of the window length)
between the adjacent frames. Overlapping is needed to
avoid losing of information. Parts of the signal formed in
such away are called frames. In order to prevent an abrupt
change at the end points of the frame, it is usually
multiplied by a window function. The operation of
dividing signal into short intervals is called windowing
and such segments are called windowed frames (or
sometime just frames)
3.2Mel-frequency cepstral coefficients processor
This is speaker specific feature; efficiently deconvolve the
excitation and impulse response of vocal tract system.
The speech input is typically recorded at a sampling rate
above 10000 Hz. This sampling frequency was chosen to
minimize the effects of aliasing in the analog-to-digital
conversion. These sampled signals can capture all
frequencies up to 5 kHz, which cover most energy of
sounds that are generated by humans. As been discussed
previously, the main purpose of the MFCC processor is to
mimic the behavior of the human ears. In addition, rather
than the speech waveforms themselves, MFCCs are
shown to be less susceptible to mentioned variations [8].
Cepstrum: Separation of the source and the
filter parameters from the mixed output is in general
difficult problem when these components are combined
using not linear operation, but there are various
techniques appropriate for components combined
linearly[2]. The cepstrum is representation of the signal
where these two components are resolved into two
additive parts. In this final step, the log mel spectrum is
converted back to time. The result is called the Mel
frequency cepstrum coefficients (MFCC). The Cepstral
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 401
Figure 4. Block diagram of MFCC processor
~
S k
, k 1,2,...,
K
step are denoted as = ,
K
c~
~ ⎡ 1
n
(log S
k
) cos n
⎛
k
⎞ π ⎤
= ∑
,
k 1 ⎣
⎢ ⎜ − ⎟
=
⎝ 2 ⎠ K ⎥ ⎦ (1)
Where n= 1,2,3…..K
Note that the first component c ~ , is excluded from the
DCT since it represents the mean value of the input
signal, which carried little speaker specific information.
Cepstral features capture the gross shape of the spectrum
which characterizes the shape of the vocal tract and hence
the user [6].
3.3 Model Building
During training, the speaker is asked to speak several
sentences of unconstrained speech (3 sentences in our
case). After feature extraction, each 30ms signal frame is
described using 12 cepstral coefficients. These
coefficients roughly encode the description of the sound
contained in the frame. The number of features depends
on the length of the speech therefore this representation is
variable in length. In order to convert it into fixed length
representation, only gross statistics of the features are
stored in a lieu of the entire collection.
3.3.1 Vector Quantization:
After the enrollment session, the acoustic vectors
extracted from input speech of a speaker provide a set of
training vectors. As described above, the next important
step is to build a speaker-specific VQ codebook, for this
speaker using those training vectors [8]. There is a wellknow
algorithm, namely LBG algorithm [Linde, Buzo
and Gray, 1980], for clustering a set of L training vectors
into a set of M codebook vectors. Intuitively, the LBG
algorithm designs an M-vector codebook in stages. It
starts first by designing a 1-vector codebook, then uses a
splitting technique on the code words to initialize the
search for a 2-vector codebook, and continues the
0
3

Proceedings of ICCNS 08 , 27-28 September 2008
splitting process until the desired M-vector codebook is
obtained. Below diagram shows the above algorithm in
the flowchart form.
able to identify the speaker more accurately. Pitch
information alone is not sufficient for identification when
number of speakers increased (identification 60 – 70%)
but plays excellent role in downsizing the comparison
data for next stage i.e. MFCCs algorithm. Finally,
combined working of pitch information and MFCCs
shows very promising results (identification 81 to 87%)
for text independent speaker identification
Results are very much dependent on type of front end
processing stages. There is improvement in result by
Figure 5. Flowchart for clustering the data (LBG)
The distance from a vector to the closest codeword of a
codebook is called a VQ-distortion. In the recognition
phase, an input utterance of an unknown voice is “vectorquantized”
using each trained codebook and the total VQ
distortion is computed. The speaker corresponding to the
VQ codebook with the smallest distortion is identified [9].
4. Results
The results of the power spectrum of the signal are as
shown if Figure 6. The power spectrum of a speech file is
also computed by using different frames sizes: for
example N = 128, 256and 512 . The experiments are also
carried through different windows [Table2].HPS
algorithm alone itself is sufficient to separate speakers
when all speakers have different pitch. However, there are
situations when two or more speakers have close pitch
shown in Figure 7. Then pitch detector will output
multiple results. This problem is solved using MFCC
algorithm, which efficiently separate two or more
speakers with same pitch shown in Figure 9.
5. Conclusion
Figure 6.Plot of logarithmic power spectrum of signal
rounding, removing of silence durations and threshold
algorithm. The results also depend on clarity of speech
pause between words and pronunciation method.
Table 2. Identification rate with different windows
For N = 128 we have a high resolution of time.
Furthermore each frame lasts a very short period of time.
For N = 256 we have a compromise between the
resolution in time and the frequency resolution. For N =
512 we have an excellent frequency resolution (256
different values) but there are lesser frames, meaning that
the resolution in time is strongly reduced. It seems that a
value of 256 for N is an acceptable compromise.
Furthermore the number of frames is relatively small,
which will reduce computing time.
Mel Frequency Cepstral coefficients are very important
feature for speaker identification. Second, by adding in
the mean pitch information of a person, the network is
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 402
4

Proceedings of ICCNS 08 , 27-28 September 2008
RESULTS:
Figure 7. Two Speakers with same Pitch
Figure 9. Two speakers with same pitch are
discriminate by MFCC correlation
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 403
5

Proceedings of ICCNS 08 , 27-28 September 2008
REFERENCES:
1. “J.R. Deller, J.H.L. Hansen, and J.G.
Proakis, Discrete -Time Processing of
Speech Signals, IEEE Press, 2000.
2. Speaker recognition a tutorial
Campbell, J.P., Jr. Proceedings of the
IEEE Volume 85, Issue 9, Sep 1997
Page(s): 1437 – 1462.
3. ‘Discrete Time Speech Signal
Processing Principles And Practice ’T.
F. Quatieri, Pearson Education Signal
Processing Series.
4. L.R. Rabiner and B.H. Juang,
Fundamentals of Speech Recognition
(Prentice-Hall, Englewood Cliffs, N.J.,
1993).
5. Alexandre Savard, “Overview of
Homophonic Pitch Detection
algorithms” Schulich School of Music –
McGill. University, 555 Sherbrooke St.
West Montreal, QC Canada H3A 1E3,
Jan 2001,pp. 121-138.
6. Sir Ramamurthy and B.
Yegnanarayana, “Combining evidence
from Residual Phase and MFCC
Features for Speaker Recognition”.
IEEE Signal processing letters, vol .13
No.1, January 2006.
7. Wikipedia, “Window functions”,
available:http://en.wikipedia.org/wiki/
Window_function [Viewed on 25th
Sept 2007].
8. P. Hedelin and J. Skoglund, “Vector
quantization based on Gaussian
mixturemodels”, IEEE Transactions on
Speech and Audio Processing, Vol. 8,
No 4, July2000, pp. 385-401.
9. Molau, S, Pitz, M, Schluter, R, and
Ney, H., Mel-frequency coefficients on
Power Spectrum, IEEE ICASSP-2001,
Vol. 1, pp 73-76, May 2001.
10. R.A.COLE “Survey of the State of the
Art in Human Language Technology”,
National science foundation European
commission 1996.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 404

Proceedings of ICCNS 08 , 27-28 September 2008
Real Time Speech Scrambling and Descrambling
in Time and Frequency Domain
1. Sarita Rajput , 2. Khadtare M. S. , 3. Prof. A. J. Patankar, 4. Dr. M. H. Kolekar
Abstract—Secure communication has become the most
demanding from all types of users. The term scrambling is used
to describe the speech encryption process to protect voice
communications. This paper describes different scrambling
techniques implemented in frequency domain as well as in time
domain & proposes new approach which has the combination of
both time domain(TD) and frequency domain(FD). The objective
behind this work is to develop software scrambler/descrambler
and the scope of this work is to implement it on one system only.
Network communication is not the part of this work.
Keywords— FD, MATLAB, scrambling, speech, TD.
I. INTRODUCTION
A rapidly growing interest in development of secure
speech communication, introduced different scrambling
techniques. With the different communication technology
more and more people can now communicate easily at any
time. However, more traffic brings about problems with
cross-talk, voice privacy, etc. One solution to this is the
spectrum (frequency) scrambling. Scrambling comes from
a simple idea that is scrambling the spectrum at the
transmitting end while the receiver de-scrambles to
achieve the original signal. This scrambled speech is then
ready to transmit over the network. Hacker or unauthorized
user listening scrambled speech can not recognize the
original words. At receiver side scrambled speech is first
descrambled then user can listen the original speech.
The speech signal is a slowly timed varying signal (it is
called quasi-stationary). When examined over a
sufficiently short period of time (between 5 and 10 msec),
its characteristics are fairly stationary. However, over long
periods of time (on the order of 1/5 seconds or more) the
signal characteristic change to reflect the different speech
sounds being spoken. Therefore, short-time spectral
analysis is the most common way to characterize the
speech signal. . In section II TD/FD scrambling with
different techniques is discussed Section III describes
. 1.Sarita Rajput is M.E. Computer student of D.Y.Patil college of
Engg.,Akurdi,Pune, India. She is persuing her degree from University of
Pune. (email: saritarajput@yahoo.co.in)
2.Khadtare M.S. has completed M.Tech. from IIT Guwahati.(email:
maheshkha@gmail.com)
3.Prof. A.J. Patankar is with D.Y.Patil college of Engg.,Akurdi,Pune as
Assistant Professor in computer Engineering Department.(email:
abhijitpatankarmail@gmail.com)
4. Dr. Maheshkumar H. Kolekar Post Doctoral fellow University of
Missouri, Columbia, USA( e-mail: mkolekar@gmail.com
the proposed system for speech scrambling and
descrambling. Finally Section IV describes
implementation details and results.
II. TD/FD SPEECH SCRAMBLING
DESCRAMBLING
In time domain a signal changes over time, whereas in
frequency domain the signal lies within each given
frequency band over a range of frequencies. A frequency
domain representation can also include information of he
phase shift that must be applied to each sinusoid in order to
be able to recombine the frequency components to recover
the original time signal.
Approach using DFT[3] in the frequency domain
referred to as DFT scrambling. Because fast algorithms for
doing Fourier transforms are well developed, the DFT
approach simplifies the implementation complexity
significantly. LIN SHAN LEE[7] used the short time
Fourier analysis synthesis technique invented by Schafer
and Rabiner. In this way original speech can be correctly
recovered. Chwan-Wen King have designed the periodic
filter in time domain. They have introduced Unified
Approach to Scrambling Filter Design [3].
III. REAL TIME SCRAMBLIG DESCRAMBLING IN
TD AND FD
Proposed system is implemented a real time scrambling
software without any hardware complexity. It combines
the advantages of scrambling in frequency domain and
time domain, which the different authors has implemented
separately.
However in the proposed system, the input speech signal
is passed through time domain as well as frequency
domain. The input speech will first pass through the time
domain where cosine pattern of input speech is generated
This gives the first version of scrambled speech. It is then
passed through frequency domain to get a another form of
scrambled speech. Hence, the words of original speech can
not be recognized by listening the scrambled speech.
Descrambling is the reverse procedure of scrambling. The
proposed system is implemented using MATLAB.
It will improve the security level of various types of
speech communications. Fig. 1 shows the scrambling and
descrambling process.
A multimedia microphone captures the speaker’s voice.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 405

Proceedings of ICCNS 08 , 27-28 September 2008
Fig 1. Block diagram describing scrambling descrambling.
A sound blaster card translates between computer’s digital
information and outside world’s analog information.
Scrambling and descrambling System is described in the
next section in detail. Speakers are used to listen the
scrambled speech in scrambling system. And descrambled
speech after descrambling.
A. Scrambling System
Fig. 2 shows the detailed system design, Where input
speech first passing through time domain where the first
version of scrambling speech is generated . Output of the
time domain is given as input to
Fig.2 Generic model for scrambling System
frequency domain when the scrambled signal passes
through frequency domain second version of scrambled
speech is generated.
The input speech is passing through time domain as well
as frequency domain high level of security can be
achieved.
1. Input Speech
Input for the scrambling system is taken by recording the
speech. This speech is stored in .wav format. The .wav file
is the input to the scrambling system. Fig.3a shows the
sample input waveform.
2. Time Domain
Scrambling in time domain involves manipulation of a
time delimited block of the signal to be transmitted. In
time domain, scrambling is done two methods first by
generating “Cosine pattern” of the input speech or by
generating and adding random numbers in original speech
signal. The paper describes the TD scrambling using
cosine pattern generation. This concept is coming from the
discrete cosine transform (DCT). This type of transform is
one of the real orthogonal transform is based on converting
an arbitrary sequence into either a symmetric or an
antisymmetric sequence and then extracting the real
orthogonal transform coefficient from the DFT of the
generated sequence with geometric symmetry. Fig 3b and
3c shows the waveforms for the speech scrambled in time
domain and descrambled in time domain. To scramble
speech cosine multiplication is done with input speech.
Fig 3a is signal waveform for the original speech played.
and when it is scrambled in the time domain it sounds
absolutely like noise and also in the graphical
representation the difference between the original signal
and its time scrambled signal is distinctly visible
1
0
-1
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5
0.5
0
a)
x 10 4
-0.5
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
0.5
0
b)
x10 4
-0.5
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
c)
Fig. 3 a)Original speech b) Time domain scrambled speech c)
Speech reconstructed in time domain.
x 10 4
3. Frequency Domain
The speech signal once is scrambled in the time domain
becomes quite undecipherable. But the possibility for it to
get deciphered is still quite high. Hence the time scrambled
speech signal is further processed. It is passed on to the
next module where the entire signal is converted to its
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 406

Proceedings of ICCNS 08 , 27-28 September 2008
frequency domain equivalent. By doing frequency domain
transformation, the possibility to determine the original
speech signal is reduced distinctly thereby resulting in to
an absolute noise signal when the signal after the
frequency domain transform is heard.
There are several methods for implementing the
transformation of the time domain speech signal into
frequency domain. For this implementation transformation
is done by Fast Fourier Transform.
In frequency domain by applying Fast Fourier transform
we are converting signal from time domain into frequency
domain. The output of frequency domain it self gives the
another form of scrambled speech. No separate frequency
domain algorithm for scrambling is used. Output of FD is
scrambled speech which is totally different from input
speech and secure to transmit over the network. Fig 4b and
4c shows the speech scrambled descrambled waveforms in
frequency domain.
4. Scrambled speech
At the sender side before sending the speech it is
scrambled. The words of original speech can not be
recognized by listening the scrambled speech.
B. Descrambling system
At receiver side before listing to the received speech it
should be first descrambled. The scrambled signal is first
descrambled in the frequency domain. In FD ifft is applied
on input scrambled speech. The result of the inverse
frequency transformation is time scrambled speech signal
It is given as input to time domain for descrambling where
descrambling is done again by cosine multiplication with
scrambled speech. Here the signal is descrambled in the
time domain so as to retrieve the original speech signal.
x 10
Magnitude
200
100
0
0 10 20 30 40 50 60 70 80 90 100
0.5
a)
Frequency domain recon Speech
IV. IMPLEMENTATION AND RESULTS
As mentioned in the section III the scrambling system is
implemented in MATLAB. It is a high-performance
language for technical computing. It includes high-level
functions for two-dimensional and three-dimensional data
visualization, image processing, signal processing,
animation, and presentation graphics. The steps involved
in scrambling process and implemented using MATLAB
function are briefly described in TABLE I. Here the steps
are the algorithmic sequence of steps at the scrambling
System and its respective MATLAB function.. Output of
scrambling System is scrambled speech.
A brief discussion of scrambling algorithm is 1 st step
input speech is recorded using waveread function and
stored as in waveform format. To record the time required
to scramble timer is set in step 2 using clock function
before starting the scrambling procedure. Speech is
scrambled in time domain in step 3 using by generating
cosine pattern of input speech using cos function which is
described detail in section III. FFT of time domain
scrambled speech is calculated in step 4 using FFT.
Output of the 4 th step is the final scrambled speech of
scrambling system. Now, the timer is stop and the time in
seconds is displayed using clock function.
Scrambled speech is played in step 6 using function
soundsec. Descrambling algorithm has the reverse
processing steps on the scrambled speech as input. Time
required for descrambling is also calculated which is given
in TABLE II.
Step
TABLE I
SCRAMBLING ALGORITHM
MATLAB Function
1) Record speech(.wav file) Using waveread
2) Set the timer and display
current time in ms.
3) Generate cosine pattern of
input file in time scramble
4) Apply FFT to time_ scramble
speech
5) Stop timer display the time in
ms.
Clock
cos(pi*[1:m])
frequency_scramble=fft
(time_scramble)
Clock
0
6) Play frequency scramble
speech
soundsc(fft_scram, Fs)
-0.5
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
x 10 4
b)
Fig. 4 a)FD scrambled speech b) FD descrambled speech
Fig. 5 is the one example with resultant waveform
describing the scrambling and descrambling system with
input speech ,scrambled speech and descrambled speech.
TABLE I shows the scrambling results of different input files.
The time to scramble and descramble is shown in
milliseconds. The time required is very less for scrambling
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 407

Proceedings of ICCNS 08 , 27-28 September 2008
as well as descrambling. Within few milliseconds input is
ready to transmit over insecure network.
1
0
-1
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5
1
0
Magnitude a)
TimedomainSpeech
x10 4
-1
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5
200
100
b)
Magnitude
x10 4
0
0 10 20 30 40 50 60 70 80 90 100
1
0
-1
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5
1
0
c)
d)
x 10 4
-1
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5
e)
x 10 4
Fig. 5a)Original speech b)TD scramble speech c)FD scramble
speech d) Speech descrambled in frequency domain e) Finally
reconstructed speech in time domain.
V. CONCLUSION
Implementation shows that listening the scrambled
speech one can not recognize the original speech .The
scrambling system presented here draws the best features
of time domain and frequency domain implementations.
Results table shows that time required to scramble and
descramble is acceptable.
Input Wave
File
TABLE II
RESULT TABLE
Scrambling
Time (ms)
Descrambling
Time (ms)
Input1.wav 0.460 0.1720
Input2.wav 0.0160 0.0630
Input3.wav 0.2970 0.5310
Input4.wav 0.5780 2.8120
Input5.wav 0.0320 0.0940
The system is suitable for real-time civil, commercial
and military applications as well as other speech
communication application.
This approach is best as both the TD and FD methods
revealed significantly. This completely a software
scrambler which is applicable in any speech
communication method with less complexity, hardware
independent , also with less time to achieve scrambled and
descrambled speech.
VI. REFERENCES
[1] “Frequency-Domain Speech Scrambling Descrambling Techniques
Implementation and Evaluation on DSP”, Jameer,Nassar National
University of Sciences and Technology, Pakistan
[2] Yoshifumi Chisaki1, Haruki Morinaga1, Katsutoshi Kitajima2,
Mitsuhiro Koba2 and Department of Computer Science, Faculty of
Engineering, Kumamoto University, “Speech encryption system with a
low bit rate coding algorithm for analogue transmission line “ Kurokami
2–39–1, Kumamoto, 860–8555 Japan 2IP Square Corporation.
( Received 20 January 2005, Accepted for publication 21 February 2005
)
[3] IEEE Transactions On Signal Processing, Vol. 43, No. 8, August 1995
1753 “A Unified Approach to Scrambling Filter Design” Chwan-Wen
King and Ching-An Lin
[4]“Theory and applications of scrambling technique for digital light
wave transmission” Manuscript received December 1, 1994; revised July
28, 1995. B. G. Lee is with the Department of Electronics Engineering,
Seoul
[5] ”SS70A Speech Scrambler Kit Instruction Manual” Ramsey
Electronics publication No. MSS70A Revision 1.3, First printing:
September 1995 COPYRIGHT 1995 by Ramsey Electronics, Inc. 590
Fishers Station Drive,
Victor, New York 14564.
[6] H. Morinaga, Y. Chisaki, T. Usagawa, M. Koba and K. Kitajima,
‘‘Performa nce evaluation of encryption for speech signal by means of
subject listening test,’’ Proc. 2003 Kyushu-Youngnam Jt. Conf.
Acoustics, pp. 29–32 (2003).
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 408

Proceedings of ICCNS 08 , 27-28 September 2008
[7]LIN-SHAN LEE,MEMBER IEEE,GER-CHIH CHOU AND CHING-
SUNG CHANG,Vol.COM-32,No.4 “A New Frequency Domain Speech
Scrambling System Which Does Not Require Frame Synchronization ”.
[8] David Dorran,Robert Lawlor, “Audio Time Scale modification Using
A Hybrid Time-Frequency Domain Approach”, IEEE Workshop,October
16-19,2005,New Paltzs,NY
[9]Tilendra Shishir Sinha “ Implementation Of Speech Signal For
Promoting Global Cyber Security Using Stegno graphy techniques”,
IETE Technical Review,Vol 24,No.5,Sep-Oct 2005
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 409

Proceedings of ICCNS 08 , 27-28 September 2008
Steganography in MS Word Document
using its In-built Features
Mrs. V. S. Tidake, Prof. S. G. Pukale, Prof. M. L. Dhore
Abstract— There are plenty of text resources available for text
steganography. Microsoft word being a commonly used
communication medium can be well utilized as a cover document to
hide the data. In this paper, a new steganographic method is
presented which hides data in MSword documents. It uses one
special feature of Microsoft word: change tracking. The process of
data hiding is divided into two steps: message embedding and
message extraction. On the sender’s side, a secret message is
embedded inside a cover document to obtain a stegodocument.
Depending on the data, the position where it should be embedded is
decided. The embedded secret message is revised back again which
makes the cover document look normal and also produces a
stegodocument. On the receiver’s side, the hidden message is
extracted back from the stegodocument. The paper shows
comparison between two encoding techniques used for message
embedding, namely Huffman and block encoding.
II. STEGANOGRAPHY USING CHANGE TRACKING
In the proposed steganographic method, a secret message is
embedded inside a cover document D using change tracking
[1] to obtain a stegodocument S. The process is divided into
two stages, the degeneration stage, and the revision stage, as
shown in fig.1.
Keywords— Text steganography, cover document, change
tracking, message embedding, stegodocument, message extraction.
I. INTRODUCTION
Steganography is the art of sending hidden or
invisible messages. The name came from the Greek word
having meaning “covered writing”. While much of modern
steganography focuses on images, audio signals, and other
digital data, there is also a plethora of text sources in which
information can be hidden. While there are various ways in
which one may hide information in text, there is a specific set
of techniques that uses the linguistic structure of a text [9] as
the space in which information is hidden.
Text steganography uses text as the medium in
which information is hidden. Text steganography can involve
anything from changing the formatting of an existing text, to
changing words within a text, to generating random character
sequences or using context-free grammars to generate
readable texts [10]. With any of these methods, the common
thing is that hidden messages are embedded in characterbased
text.
V. S. Tidake is with the NDMVPS’s College of Engineering, Nashik and is a
student of M.E. (CSE-IT), Vishwakarma Institute of Technolgy, Pune. (e-mail:
vaishalitidake@ yahoo.co.in).
Prof. .S. G. Pukale is with the Vishwakarma Institute of Technolgy, Pune. (email:
shraddhananad.pukale@vit.edu).
Prof. M. L. Dhore is with the Vishwakarma Institute of Technolgy, Pune. (email:
manikrao.dhore@vit.edu).
Fig. 1 Steganography using change tracking
The data embedding is done in such a way that the
stegodocument appears to be the product of a collaborative
writing effort. Text segments in the document are
degenerated such that it appears to be the work of an author
with inferior writing skills and the secret message is
embedded in the choices of degenerations [1]. Then the
degenerations are revised back using the change tracking
feature of MSword, in such a way that it appears as if a expert
author is correcting the mistakes. The change tracking
information contained in the stegodocument allows to recover
the original cover, the degenerated document, and, hence, the
secret message. The extra change tracking information is
added during message embedding so that it appears a normal
collaboration scenario.
As the input data consists of characters, it is first
converted to binary data. Assume that the input message is
converted to an m-bit stream M = b 1 b 2 … b m , where each b i is
a bit. It is converted to the following binary message:
M’ = H b 1 b 2 … b m P = b 1 ’ b 2 ’…
where the header H denotes length m of message and P
denotes padding bits. This message M’ is embedded in the
cover document D.
The message bits can be embedded using different
techniques. This paper concentrates on Huffman coding and
block encoding. Position in cover doc where bits are
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 410

Proceedings of ICCNS 08 , 27-28 September 2008
embedded, is called as embedding place. It is computed using
the secret key K and the bit position in the message.
III. HUFFMAN CODING
This technique uses probabilities of occurrences of
each word to compute its Huffman code [11]. Words having
small probabilities are assigned longer Huffman codes and
those having higher probabilities are assigned smaller
Huffman codes.
A. Message embedding
Message embedding is performed in two stages:
degeneration and revision. In the degeneration stage, first a
cover document D is segmented. Then some of the text
segments in a cover document D are degenerated. For a text
segment d, a degeneration set R d is defined to be the ordered
set of possible degenerated text segments. Let us use set of
synonyms of a word as a degeneration database. R d (j) denotes
the j th element in R d . The term Pr {R d (j)} denotes the
probability of occurrence for R d (j). The probabilities of
occurrences are used during message embedding so that the
system prefers substitutions that occur commonly and, thus,
produces a more natural stegodocument.
Algorithm 1: Message Embedding using Huffman coding
Input: a cover document D partitioned into text segments d 1 ,
d 2 ,…,d n ; a character message to be embedded; and a secret
key K .
Output: a stegodocument S.
Steps:
1) Convert character message to binary as M’ = b 1 ’ b 2 ’ b 3 ’…
2) Initialize the set OF embedding places P to be empty. Also
define an index p to denote the position of the message bit b p ’
which we are currently encoding. Initially p is equal to 1.
3) Compute an embedding place i randomly using K such that
i is in the range of 1≤i≤n and i not in the set P. Now add i to
P.
4) Construct a Huffman tree T for the text segment d i with
degeneration set R d of size c. Use Pr {R d (j)} as weight of a
node initially.
5) Degenerate text segment d i to be d i ’=R d (j) , where the
degeneration choice j is determined by traveling the Huffman
tree T from the root to a leaf node as stated by the current bits
to be embedded.
6) Repeat Steps 3 to 5 until the entire message has been
embedded.
7) Revise each previously degenerated text segment d i ’ back
to d i with the revisions made being tracked to yield stegotext
segments S i for all i in P.
B. Message Extraction
The change tracking information included in the
stegodocument S allows simple recovery of the original
document D and the degenerated document D’, from both of
which the embedded message can be extracted.
Algorithm 2: Message Extraction
Input: a stegodocument S = {s 1 , s 2 ,…s n } and a secret key K.
Output: the extracted message in characters .
Steps:
1) Recover the original document D = {d 1 , d 2 ,…d n } and the
degenerated document D’ = {d 1 ’, d 2 ’,…d n ’} from S using the
change tracking information and the related operations
provided by MSword.
2) Initialize the set of embedding places P to be empty.
3) Define an index p which denotes the position of the
message bit b p ’ which we are currently decoding. Set initially
p = 1.
4) Select the same embedding place i as that in message
embedding using key K and set of embedding places P.
5) Construct a Huffman tree T for the text segment d i with a
degeneration set R di of size c as described in Algorithm 1.
6) Determine the choice of degeneration j such that R d (j) =
d i ’.
7) Decode the message bits encoded in j by traversing the
Huffman tree T from the root to the leaf node n j . Note the
path traversed. It gives the bits embedded at that position.
Convert bits to corresponding characters.
8) Repeat steps 4 to 7 until the entire message has been
extracted.
C. Illustration with example
Working of both the algorithms is illustrated with an
example in this section.
[a] Message embedding
Here the set of synonyms is used as a degeneration
set. The synonym database is available from different
resources like WordNet database [7]. In this paper the
synonym set is constructed from thesaurus available in
MSword itself. For example, let the text segment to be
degenerated is d=“scheme”. Suppose the degeneration set of
“scheme” contains the eight entries scheme, system, plan,
method, format, idea, proposal and design. Probabilities of
their occurrences can be calculated from any related database
[8]. Synonyms of “scheme” and their respective probabilities
are used to find Huffman codes as shown in fig. 2.
j R d (j) Huffman Code
1 Scheme 011
2 System 00
3 Plan 01001
4 Method 10
5 Format 110
6 Idea 0101
7 Proposal 01000
8 Design 111
Fig. 2 Huffman codes for synonyms of “scheme”
By using the occurrence probabilities, construct a
Huffman tree T. Label left branch as 0 and right branch as 1.
Construct Huffman codes for all the leaf nodes, as shown in
fig. 2. Let the code to be embedded at this position is 110…
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 411

Proceedings of ICCNS 08 , 27-28 September 2008
So when the tree is traversed from root visiting the branches
1, 1, 0 respectively, we will reach at a leaf node of “format”.
Hence the text segment d=“scheme” is degenerated to text
segment d’ = “format”. Then track changes feature of
MSword is turned on and d’ = “format” is revised back to d =
“scheme”. It will be shown by stegotext as
S=“formatscheme”.
[b] Message extraction
Given a stegotext segment S = “formatscheme”, we
can recover the original and the degenerated text segments to
be d i = “scheme” and d i ’=“format” respectively. Again
construct the Huffman tree T using the given probabilities to
get the same Huffman codes. Since the degenerated text
segment is “format”, traverse the tree from the root to a leaf
node which denotes “format”. Analyze the path traveled. It
will give the bits “110”. It means that the bits “110” were
embedded at that position.
IV. BLOCK ENCODING
Block encoding is implemented by restricting the
size of synonym set to integral power of 2. If size of the set is
2 raise to k, then k bits are used to encode each entry in the
synonym database uniquely [12].
Algorithms for message embedding and message extraction
Algorithms are very similar to those used in Huffman
coding. The only difference is that instead of constructing
Huffman codes, the synonyms in each set are uniquely
represented using the bit sequence as shown in the following
example.
Illustration with example
Again consider the set of synonyms for “scheme”. As
the size of the set is eight ( that is 2 raise to 3), three bits can
be used to uniquely represent each entry in the set as shown
in fig. 3.
j R d (j) Block Code
1 Scheme 000
2 System 001
3 Plan 010
4 Method 011
5 Format 100
6 Idea 101
7 Proposal 110
8 Design 111
Fig. 3 Block codes for synonyms of “scheme”
a. Message embedding
Let the code to be embedded next 110… So the set is
searched for block code 110 which denotes “proposal”. Hence
the text segment d=“scheme” is degenerated to text segment
d’ = “proposal”. Then track changes feature of MSword is
turned on and d’ = “proposal” is revised back to d =
“scheme”. It will be shown by stegotext as
S=“proposalscheme”.
b. Message extraction
Given a stegotext segment S = “proposalscheme”, we
can recover the original and the degenerated text segments to
be d i = “scheme” and d i ’=“proposal” respectively. Again
construct the same block codes for the same synonym set of
“scheme”. Here the key point is that the each entry in the
synonym set of “scheme” should be represented by same
block code at the time message embedding and the extraction.
Since the degenerated text segment is “proposal”, search it in
the synonym set of “scheme” and analyze the corresponding
block code for “proposal”. It will give the bits “110”. It means
that the bits “110” were embedded at that position.
V. SECURITY CONSIDERATIONS AND LIMITATIONS
For every steganographic system, security is very
important. The following security aspects are considered for
the given system:
1. The synonym database used for degeneration and the secret
key are agreed upon by the sender and receiver beforehand.
2. It is robust against statistical steganalysis [6] because of the
following reasons:
a. In Huffman coding, degenerations are chosen according to
their occurrence probabilities. So even though the adversary
becomes successful to obtain the database, he can not find out
occurrence frequencies because occurrence frequencies may
be computed from personal databases owned only by the
sender and the receiver. In block encoding, the sequence of
words in the database is important to obtain block code.
b. To ensure that statistical properties of the degenerations of
a stegodocument are closer to that of a normal document, the
message can be compressed or encrypted before embedding.
c. To increase robustness in the Huffman coding, we can
change the occurrence probability of degeneration after it has
been used once. So the probability of the same word getting
selected decreases in future and we can achieve the desired
statistical coherence with a normal document.
3. The degeneration database can be modified dynamically
after embedding secret data.
4. After embedding information in a stegodocument using the
proposed method, a sender may manipulate the unused
portions of the stegodocument.
As every coin has two sides, the given system also
has some limitations:
1. The degeneration set and the key must be known only to
the sender and the receiver.
2. The change tracking information used for message
embedding should not be disturbed by anybody knowingly or
unknowingly.
3. The degeneration database should be kept realistic.
VI. IMPLEMENTATION RESULTS
The system is implemented using Microsoft Word
2003 and C\#. The automation techniques of Microsoft Word
are also used for implementation. The degeneration database
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 412

Proceedings of ICCNS 08 , 27-28 September 2008
is constructed using the thesaurus available in Microsoft
Word 2003.
The System is evaluated by comparing the results
obtained using the three coding techniques, namely Huffman,
block and arithmetic coding. The results obtained from these
three techniques are compared with each other as shown in
fig.4. Results show that the system gives better results if block
encoding is used for message embedding instead of Huffman
coding. Further if the message is compressed before
embedding, then the system performance is improved and can
embed more data. Here the arithmetic encoding is used as
compression technique.
[7] WordNet v2.1, a lexical database for the English
language. Princeton Univ., Princeton, NJ, 2005.
http://wordnet.princeton.edu/
[8] Google, Google SOAP Search API (beta), [Online].
Available: http://www.seochat.com/c/a/Google-Optimization-
Help/Using-the-Google-SOAP-Search-AP
[9] K. Bennett, “Linguistic steganography: Survey, analysis,
and robustness concerns for hiding information in text,”
Purdue Univ., West Lafayette, IN, CERIAS Tech. Rep. 2004–
13, May 2004.
[10] J. T. Brassil and N. F. Maxemchuk, “Copyright
protection for the electronic distribution of text Documents,”
Proc. IEEE, vol. 87, no. 7, pp. 1181–1196, Jul. 1999.
[11] P. Wayner, “Mimic functions,” Crypt., vol. XVI, no. 3,
pp. 193–214, 1992.
[12] M. Chapman, I. D. George, and R. Marc, “A practical
and effective approach to large-scale automated linguistic
steganography,” in Proc. Information Security Conf., Malaga,
Spain, Oct. 2001, pp. 156–165.
Fig. 4 Comparison between encoding techniques
VII. CONCLUSION
Though the steganographic method presented in this
paper focuses on Microsoft Word, the idea can be applied to
some other communication mediums also. The robustness of
the system can be increased by increasing randomness in the
input and the degeneration database. As the work appears to
be the effort of collaborative writing, is less likely to be under
close scrutiny. The results obtained from the implementation
show that embedding capacity of the Huffman coding is less
as compared to the block encoding. Better results are obtained
when a message is compressed using arithmetic encoding
before embedding.
REFERENCES
[1] “A New Steganographic Method for Data Hiding in
Microsoft Word Documents by a Change Tracking
Technique”, Tsung-Yuan Liu, Student Member, IEEE, and
Wen-Hsiang Tsai, Senior Member, IEEE.
[3] F. A. P. Petitcolas, R. J. Anderson, and M. G. Kuhn,
“Information hiding—A survey,” Proc. IEEE, vol. 87, no. 7,
pp. 1062–1078, Jul. 1999.
[5] R. Stutsman, C. Grothoff, M. Attallah, and K. Grothoff,
“Lost in just the translation,” in Proc. ACM Symp. Applied
Computing, 2006, pp. 338–345.
[6] F. Johnson and S. Jajodia, “Steganalysis: The
Investigation of Hidden Information,” in Proc. IEEE
Information Technology Conf., Syracuse, NY, Sep. 1998, pp.
113–116.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 413

Proceedings of ICCNS 08 , 27-28 September 2008
WAVELET BASED MEDICAL DATA COMPRESSION FOR
TELEMEDICINE APPLICATION
¹ Bairagi Vinayak , ² Dr A N Gaikwad
¹ Lecturer, Dept. of Electronics Engg. Sinhgad Academy of Engg., Pune
² Principal, Pune Institute of Computer Technology ,Pune
India,
E-mail: vbairagi@yahoo.co.in, arungaikwad@hotmail.com
ABSTRACT
Today the use of computers for handling image data in
the healthcare field is growing. The CT and MR scan are the
modern image generating techniques. Large amount of data is
produced by these techniques. Due to the larger size, these
images require a large storage space. This may be bottleneck
of the system for the transmitting images over a channel with
limited bandwidth especially for rural area. It is there for
necessary to compress these medical images. Digital Imaging
and Communications in Medicine is the most comprehensive
version of an imaging communications standard which is
worldwide accepted in medical field. This paper looks into the
technological issues that are of prime concern in the growth of
telemedicine services and presents one of the efficient ways to
compress the medical images.
KEYWORDS: telemedicine, DICOM, SPIHT,
ultrasound images, Quality measures, speckle noise.
1. Introduction
Telemedicine is a method, by which patients can be
examined, investigated, monitored and treated, with the
patient and the doctor located in different places.
Telemedicine hinges on transfer of text, reports, voice, images
and video, between geographically separated locations.
Medical data may contain X-ray, MRI, CT-scan, Ultra sound
images, Blood slide, ECG signal, pathological reports and
Audio-video clippings. A block diagram representation of a
telemedicine system is shown in fig 1. Here at slave station
ultrasound device is attached to computer. The image
information is transmitted over channel to the master station
where specialist doctors are present.
The CT and MR scan are the modern image generating
techniques. MR and CT produce sequences of images (image
stacks) each a cross-section of an object. The amount of data
produced by these techniques is vast.
The amount of data might be a problem from a storage point
of view or when the data is sent over a network. To overcome
this problem image data can be compressed. Data compression
is the process of converting an input file into another file
having smaller size.
Ultrasound
Device
Ultrasound
Specialist
Computer
Fig1. Telemedicine system [4].
For image data there exist many compression techniques such
as JPEG, GIF and the new wavelet based JPEG2000 standard.
Even though there are various compression technique are
available but they are unable to compress medical image data
very efficiently [2]. There is loss in image data if you want to
compress the image with more compression factor [3].
3.) Bottlenecks of existing system
Communication:
Satellite and/or Terrestrial
Computer
Transreceiver
Transreceiver
a) High initial Investment: Most of the existing health care
solutions require a huge initial investment in technology and
connectivity [8] [11] [16]. The CT and MR scan are the
modern image generating techniques. MR and CT produce
sequences of images (image stacks) each a cross-section of an
object. The amount of data produced by these techniques is
vast. Transmission of such huge data requires high bandwidth
setup [21].
b) Unsecured data: Since telemedicine is concerned with
storage, processing and transmission of sensitive medical
records, it is quite natural that security is of foremost concern
in deployment and usage of such services. The issues related
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 414

Proceedings of ICCNS 08 , 27-28 September 2008
to confidentiality, access right, and integrity of patient related
information in electronic healthcare environment is one of the
important aspects to be considered [9] [12].
c) Lack of standards: The available standards are not
suitable to fulfill the requirement of the rural telemedicine
[23].
d) Lack of scientific evidence: The implementation of
telemedicine in routine health services is being impeded by the
lack of scientific evidence for its clinical and cost
effectiveness.
e) Lowered Quality: The technology used in India is
based on the video conference and telephone calls. But in this
system accurate diagnosis is not possible. It is also observed
that the present system requisite the live transmission and
reception of the medical data. Video-Conferencing based
systems dose not fallow any of the medical standard [10] [11].
f) Need of Embedded medical decision: Special
medical algorithms should be developed to integrate the
medical data arriving from different sensors, to analyse
multiple changes in several parameters. No such algorithms
are in clinical use today at homecare or ambulatory device,
although experiments are being conducted to discover
interrelations between parameters, which can indicate a
dangerous situation in the patients health. The medical
algorithms, usually based on fuzzy logic or neural networks
models, are build upon a medical learning process, in order to
consider all possible data combinations and suggest the best
possible medical diagnosis leading to the timely and most
appropriate medical intervention.
Apart from these, the present system require the end- users to
be enough techno-savvy to use them. Also there is a need of
open software so as to meet the specific requirement of the
users [12]. Legal and ethical issues, Patient safety, Risk
analysis- Biomedical sensors are the some more issues to be
point out.
From above discussion it is clear that there is a need of new
advanced Telemedicine system.
DICOM standard
DICOM (Digital Imaging and Communications in
Medicine) is the most comprehensive version of an imaging
communications standard developed by the American College
of Radiology in conjunction with the National Electrical
Manufacturers Association. The purpose of DICOM is to
provide platform-independent methods of interconnecting all
types of digital medical imaging devices by means of standard
computer networks.
DICOM offers a wide variety of functions for use in
PACS (picture archiving and communication systems);
These functions range from detailed technical and
demographic data to methods for generating work lists and
interacting with hospital information systems.
DICOM format has a header which contains the information
about the image, imaging modality and information about
patent [4]. The header also contains the information about type
of media (CT, MRI, audio recording, etc.) image dimensions.
Body of DICOM standard contains information objects such
as medical reports, audio recordings, and images.
A single DICOM file can contain any amount of images [4].
Proposed system
Image from CT scan or MRI machine is given to the
system. ULTRASONIC IMAGES suffer from a special kind
of noise called ‘speckle’. Speckle significantly degrades the
image quality and, hence makes it more difficult for the
observer to discriminate fine detail of the images in diagnostic
examinations.
Initially noise level is minimized followed by SPIHT
coding. After SPIHT coding we get a bit-stream of ones and
zeros. Such bit stream is again compressed by RLE coding.
Input
image
Quality
Measures
Noise
reduction
DWT
SPIHT
RLE
Coding
Transmission
Output
image IDWT ISPIHT RLE
Decoding
Fig2: Proposed system for telemedicine
At the decoder end exactly reverse procedure is carried out.
And finally we apply quality measures to decoded image.
In image coding system the most frequently used
measures are deviations between original and coded image.
Most popular measures are varieties of mean square error
(MSE) and peak signal to noise ratio (PSNR). These measures
are popular because they are simple to implement and it is
easy to relatively design systems, which minimize mean
square error. These measures work best when the distortions
are due to additive noise. However these measures do not
correspond well with all aspects of the observer’s visual
perception of errors. The fundamental difficulty in testing any
image compression system is to decide which image is to be
used for testing purpose. The image content being viewed
influences the perception of quality. The spatial frequency
measure (SFM) indicates the overall activity level in an image.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 415

Proceedings of ICCNS 08 , 27-28 September 2008
Observations of the proposed system.
1) Choice of wavelet
There are numbers of wavelets available, out of which
Bi-orthogonal wavelets are giving much better results.
Table1: analysis of ultrasound image (SMF=29.64)
Wavelet MSE PSNR SFM
'bior1.1' 3135.439 13.16782 24.6175
'bior1.3' 3495.201 12.69608 26.11527
' bior1.5' 3720.818 12.42442 26.10818
‘bior2.2' 626.8068 20.15947 27.23261
‘bior 2.4’ 749.7808 19.38146 27.54518
' bior2.6' 859.3959 18.78887 27.57578
' bior2.8' 903.0426 18.57372 27.9069
'bior3.1' 19563.39 5.216362 28.03949
'bior3.3' 14983.05 6.374802 25.05197
' bior3.5' 12380.39 7.203461 25.5584
' bior3.7' 10775.92 7.80626 26.1485
'bior3.9' 10094.28 8.090052 26.53259
'bior4.4' 124.7046 27.17198 26.72356
'bior5.5' 4614.177 11.48986 19.37316
' bior6.8' 185.72 25.44222 26.82061
Table2: Overall system analysis @ biorthogonal 4.4 wavelet
bit
rate
(bpp)
PSNR
SFM
w/o
specakle
reduction
with
speckle
reduction
w/o
specakle
reduction
with
speckle
reduction
0.1 20.491901 22.054741 10.95836 11.007262
0.2 23.213888 24.490816 21.283687 18.385752
0.3 24.270852 25.891647 23.063306 20.244006
0.4 24.999792 26.52597 25.731687 20.650775
0.5 25.536343 27.16091 26.152373 21.145766
0.6 25.965997 27.748545 26.670673 21.825241
0.7 26.387577 28.394291 27.590172 21.232276
0.8 26.737106 28.730835 26.359848 21.408151
0.9 26.995525 28.994493 26.429628 21.608045
1 27.234273 29.196561 26.746702 21.835758
Table3: Compression of image (40.1kb)@various bitrates.
bit rate out put bit Compression (%)
(bpp) stream size
0.1 0.92 2.2943
0.2 1.48 3.6908
0.3 2.16 5.3865
0.4 2.8 6.9825
0.5 3.34 8.3292
0.6 4.16 10.374
0.7 4.83 12.045
0.8 5.53 13.791
0.9 6.25 15.586
1 6.91 17.232
Original Image
Decompressed Image using
Biorthogonal 3.1 Biorthogonal 2.8
Biorthogonal 1.3 Biorthogonal 1.5 Biorthogonal 4.4
These are the some of the actual images that we have tested. As
you can see here that for image obtained by using biorthogonal
4.4 wavelet transform is more visually pleasant.
9. Conclusion
It is very clear that, the Telemedicine may turn out to
be the cheapest, as well as the fastest, way to bridge the rural–
urban health divide. From technological considerations, there
is a need of newer system, and to support newer generation
telemedicine services.
Speckle noise is significant in ultrasonic images. By
removing such noise quality of the image can be improved. If
SPIHT algorithm is applied to such quality improved image
them it will result in image with improved PSNR. One can
achieve compression on images based on significant pixel to
be taken into consideration. i.e. compression ratio depends on
number of significant pixels.
Compressed image using proposed system needs less
storage space as that of original one with improved SNR
which is very advantageous in telemedicine application where
bandwidth of network channel is limited (specially in rural
areas). As we are using less storage space, image will take less
time to transmit from transmitting station to the receiving
station over the network channel.
The analysis of choice of particular wavelet shows
that biorthogonal 4.4 wavelets are most suitable for medical
imaging application.
Acknowledgment
Authors acknowledge the help and support from
1 SMT. KASHIBAI NAVALE GENERAL HOSPITAL
& RESEARCH CENTER,NARHE, PUNE
2 BHARATI HOSPITAL & RESEARCH CENTER,
PUNE.
References
[1] Cécile DELGORGE,“ JPEG 2000, an adapted compression
method for ultrasound images A comparative study ”,2001
[2] William A. Pearlman, Asad Islam, Nithin Nagaraj, and
Amir Said, “Efficient, Low-Complexity Image Coding with a
Set-Partitioning Embedded Block Coder”,2002
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 416

Proceedings of ICCNS 08 , 27-28 September 2008
[3] R. C. Gonzalez , R. E Woods, “ Digital image processing ,
2 nd Edition ” , Pearson Education, 2002
[4] B.Ramakrishana,” Compression of DICOM images based
on wavelets and SPIHT for telemedicine applications”,2004
[5] William A. Pearlman, “Medical Image Compression
Systems”, CNGV(Center for Next Generation Video ) Dec
2001
[6] S. Gupta , R. C. Chauhan, S. C. Sexana ,” Wavelet-based
statistical approach for speckle reduction in medical
ultrasound images”, Vol. 42,Medical & Biological
Engineering & Computing, 2004
[7] Amir Said, Pearlman , “ A New ,Fast and Efficient Image
Codec Based on Set Partitioning in Hierarchical Trees ” ,IEEE
transactions on image processing, VOL. 6, June 1996
[8] Amrita Pal,, Victor W. A. Mbarika,, Fay Cobb-Payton,
Pratim Datta, and Scott McCoy, “Telemedicine Diffusion in a
Developing Country: The Case of India (March 2004)”, IEEE
trans. on information technology in biomedicine, Vol. 9, No.
1, pp 59-64, March 2005.
[9] Cliodhna Ni Scanaill, Brian Ahearne, and Gerard M.
Lyons, “Long-Term Telemonitoring of Mobility Trends of
Elderly People Using SMS Messaging”, IEEE transactions on
information technology in biomedicine, Vol. 10, No. 2, pp
412-413 April, 2006
[10] Prof. A. K Jain & Dr. M, O:Sharma, “Web-based
Architecture for low-cost cost versatile Telemedicine”, Indian
Institute Of technology, Kharagpur , Publ IEEE , pp 505-508,
,2004
[11] Paritosh Kumar Srivastava, Sandeep Sahu, “A Cost-
Effective Solution For Telemedicine In Rural Health Care
Using Mobile Ad Hoc Networks”, Proc IEEE-2004
[12] Bengisu Tulu, Samir Chatterjee, “A Taxonomy of
Telemedicine Efforts with respect to Applications,
Infrastructure, Delivery Tools, Type of Setting and Purpose”,
Proc. of the 38th Hawaii <strong>International</strong> <strong>Conference</strong> on System
Sciences – 2005, IEEE Pub., 2005
[13] M. V. M. Figueredo1, J. S. Dias, “Mobile Telemedicine
System for Home Care and Patient Monitoring”, Proc of the
26th Annual <strong>International</strong> <strong>Conference</strong> of the IEEE EMBS San
Francisco, CA, USA , IEEE Proc.,pp 3387-3390, 2004
[14] N Maglaveras, G Gogou, I Chouvarda, V Koutias, “using
contact centers in tele-management and home care of
congestive heart failure patients : the CHS experience”, IEEE
journal on computers in cardiology, pp 281-284, 2002
[15] Heather E. Hudson. , “Rural Telemedicine: Lessons from
Alaska for Developing Regions”,Telemedicine and e-Health.
2005, 11(4): 460-467. doi:10.1089/tmj.2005.11.460.
[16] Alfredo I. Hernández, Fernando Mora, Guillermo
Villegas, Gianfranco Passariello, and Guy Carrault, “Real-
Time ECG Transmission Via Internet for Nonclinical
Applications”, IEEE trans on information technology in
biomedicine, Vol. 5, No. 3, pp 253-567, September 2001
[17] A.Marsh, “The Establishment Of A Common Web-Based
Framework For Telemedical Interaction”, Proceedings of the
20th Annual <strong>International</strong> Conf of the IEEE Engineering in
Medicine and Biology Society, Vol. 20, No 3, 1998
[18] Nigel H. Lovell , Farah Magrabi , Branko G. Celler ,
Khang Huynh , Hugh Garsden, “Web-Based Acquisition,
Storage, and Retrieval of Biomedical Signals”, IEEE
engineering in medicine and biology, pp 38-44, May/June
2001
[20] John Puentes, Basel Solaiman,” Telemedicine in
Perspective: Trends and Challenges”,IEEE Pub.2006
[21] R. C. Gonzalez, R. E Woods, “Digital image processing,
2nd Edition ”, Pearson Education, 2002
[22] Adrian Brown, Digital Archives Analyst. “Image
Compression”, Digital Preservation Guidance Note: 5 , 9 July
2003
[23] Sanjit Bagchi, “Telemedicine in Rural India”, online
journal PLoS Med. journal.pmed.0030082, 2006 March
[24] Dr. K. Ganapathy, “Telemedicine in India-the Apollo
experience”, online information source www.thambraj.com
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 417

Proceedings of ICCNS 08 , 27-28 September 2008
Application of Beamlets to Detect & Extract
Lines in Noisy Images
Suchitra Khoje 1 , Prof. Dr. S.D. Lokhande 2 , Prof. M. L. Dhore 3
Abstract—A linear feature extraction is very important in image
processing and computer vision. Traditional linear feature detectors
based on pixel level processing may fail to detect out lines in image
with low SNR.. In this paper an algorithm based on beamlet
transform is proposed to detect linear features in image. Beamlets
can be generated by recursive dyadic partitioning, vertex marking
and connecting. The beamlet transform is the collection of line
integrals formed by viewing image as a piecewise constant object
and integrating along line segment in beamlet dictionary .The
proposed method can detect lines with any orientation, location, and
length in different scales. The scale parameter can be adaptively
determined by histogram of beamlet energy function distribution. We
have implemented algorithm based on beamlet transform using
MATLAB and present simulation results showing the effectiveness of
the proposed method even in image with low SNR.
Keywords—Beamlet transform, beamlet dictionary, beamlet
energy.
F
I. INTRODUCTION
eature detection is very important in computer vision,
image segmentation and pattern reorganization. Besides
the pixels, there are curves and patterns in the image.
Point singularities are so called zero dimensional singularities
and linear singularities are so called one-dimensional
singularities and so on. So higher dimensional singularity
exists. To extract curves and patterns higher dimensional
singularities processing ability is demanded which is similar
to human eye. Human eyes can recognize objects quickly and
accurately because they extract features such as lines or planes
without distinguishing points one by one.
Wavelet analysis has a great advantage in point feature
extraction, but it is not good at extracting linear features.
Radon transform has too much computation burden and
Hough transform is sensitive to noise. All the methods
mentioned above are reported good results on selected
domains of pixel level detection. It is still difficult to extract
linear features embedded in extremely high noise or when
SNR is so low that none of the pixel values is likely to yield
significance.
II. BEAMLET ANALYSIS
This paper will describe an approach to multiscale
image analysis, which we call beamlet analysis, which offers
Author is a lecturer in computer department of Vishwakarma Institute Of
Technology ( e-mail: suchiamol08@gmail.com).
an interesting contrast to wavelet analysis. While wavelets
offer localized scale/location representation near fixed region
of space with specified scale and location, Beamlets have
localized scale /location/orientation based on dyadically
organized line segments.
The beamlet framework involves 5 central
components, which will be described as below.
1. The beamlet dictionary is a dyadically organized library
of line segment at a range of location, orientation, and scales,
which gives a multiscale approximation to the collection of all
line segments.
2. The beamlet transform is the collection of all line
integrals of the image along Beamlets in the beamlet
dictionary.
3. The beamlet pyramid is the collection of all beamlet
transform coefficients arranged in a data structures with a
hierarchical multiscale nature.
4. The beamlet graph is the graph structure in which
vertices correspond to pixel corners in the underlying image
and the edges correspond to Beamlets joining pairs of such
pixel corners.
5. Beamlet algorithms extract data from the beamlet
pyramid in a way driven by the structure of beamlet graph.
Beamlet methods provide a fundamentally correct data
structures for dealing with noisy filament detection and
boundary finding problems. The beamlet pyramid contains
integrals of the image over line segments at all scales and
locations. In certain signal detection problems the usual
detectors based on pixel level filtering can have very poor
signal to noise ratios, and hence low detection probabilities,
while hiding somewhere in that pyramid can be integrals with
high signal to noise ratio, allowing signal detection which
would not be possible using standard filtering.
III. BEAMLET TRANSFORM
We consider an image as a function residing on a [0, 1]
x[0,1] unit square. It is a piecewise constant, with pixel of side
1/n by 1/n, the collection of Beamlets is a multiscale
collection of a line segments occurring at a full range of
orientation, position, and scales. It is generated as follows.
i) Recursive Dyadic Partitioning: We divide the unit square
into two by two smaller squares with equal dyadic side
lengths. Each sub square is further divided into two by two
smaller squares, still having equal and dyadic side lengths, this
process is repeated until finest scale is reached, even we
continue until we have created all such dyadic sub squares of
a pixel side lengths
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 418

Proceedings of ICCNS 08 , 27-28 September 2008
ii) Vertex Marking. Traversing the boundary (four sides) of
each square, starting from northwest corner, vertices are
marked clockwise at equal distance. The inter distance of the
vertices is fixed in advance, and does not vary with the side
lengths of the sub square.
iii) Connecting. In each subsquare, any pair of vertices on its
boundary determines line segment .This line segment is called
beamlet, the collection of Beamlets is called the beamlet
dictionary. Four Beamlets at different scales are shown in fig
1.
Fig. 1. Beamlets at different scales (squares with different side length).
Continuous beamlet transform
The beamlet transform is simply the collection of all line
integrals formed by viewing the image as a piecewise constant
object and integrating along each line segment in the beamlet
dictionary, the integrals obey a two scale relation: data on line
integrals at finer scales allows to calculate the line integrals at
coarse scales.
Let f(x1, x2) be a continuous function on [0, 1] 2 . The beamlet
transform of f is the collection of all line integrals
f
( b) ∫
T f ( x(
l))
dl
(1)
=
b
The integrals being taken along line segments b; here x(l)
traces out the beamlet b along a unit speed path
Discrete beamlet transform
The digital beamlet transform of a n×n array (f i1,i2 ) is
understood to be the beamlet transform of the function f
defined on continuum by interpolation of the values (f i1,i2 ):
f ( x1 , x2)
= ∑ fi
1 , i
φ
2 i1
, i
( x
2 1,
x2)
, (2)
where (
φ
i1
, i2
i 1 ,i 2
) is a specified family of continuous
interpolation functions. The functions
φi 1 ,i 2
obey the conditions:
2
n ∫ φ
i1 , i
( x
2 1,
x2)
dx1dx2
= δi
1 , i
δ
1 i2
, i
(3)
2
Pixel(
i1
, i2
)
whereδ i 1 ,i 1
is the Kronecker symbol.
So the digital beamlet transform of digital image is
may be chosen to
Tf
i i
b)
1, 2
b i1
, i2
( f φ (4)
= ∫ ( ∑
i i i i
x l dl
1 , 2 1 ,
( ( )) )
2
IV. EXTRACTION OF LINEAR FEATURE
Suppose we have a noisy n-by-n image, perhaps contains
somewhere within it a faint image of a line segment of
unknown length, orientation and position.
We model these data as follow:
yi
1,
i2
= Aφ i1,
i2
+ εZ
i1,
i2
0 < i1,i2 < n (5)
Where ε is a noise level ,Z i1,i2 is white Gaussian noise ,A is
unknown amplitude parameter and φ i1,i2 is the observed effect
at sensor array of an unknown beamlet vov1.
The problem is to test null hypothesis:
H
0
: A = 0
(6)
Against the composite alternative
H
0
: A > 0
(7)
This is highly composite because of the wide range of
possible endpoint pairs being considered.
We the reject H o if beamlet coefficient exceeds a certain
threshold. Fig.2 show the problem of extraction of linear
feature in a noisy picture. Fig.2(a) is the case of underlying
one line segment, Fig.2(b) is beamlet approximation of
ig.2(a), Fig.2(c) is an easy extraction problem of Fig.2(a),
Fig.2(d) is a hard extraction problem of Fig.2(a)
Fig. 2. Extraction of a line segment in a noisy picture.
V. FAST DISCRETE BEAMLET TRANSFORM
Discrete beamlet transform based on interpolation is not easy
to apply in digital image directly, for it need to interpolate
digital image to approach continuous function, and then
transform the continuous function. In order to apply it to
image processing conveniently, we present a fast discrete
beamlet transform algorithm. Donoho's discrete beamlet
transform need to interpolate digital image to approach
continuous function, and then transform the continuous
function. In our method the interpolate procedure is left out
and digital images can be transformed directly.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 419

Proceedings of ICCNS 08 , 27-28 September 2008
Fast discrete beamlet transform procedure processes
as follow:
(1) Set the scale of beamlet squares.
(2) Decompose the image into scale fixed squares
(3) Transform each square as follow:
a) From top left comer point in the square,
mark each point as
p(0), p(1), p(2)...... p(snum -1),
where snum is the number of points in the
boundary of the square.
b) Set startPos = 0, endPos = 1, and p(0) is
start point and p(1) is end point.
c) A start point and an end point correspond to a
line segment. We can locate all pixels in the
line segment through Bresenham algorithm.
Pixels in the line segment are
d(0), d(l), d(2) ......d(num -1) respectively,
where num is the number of pixels in the line
segment.
num
d) ∑ − 1
sum = GrayLevel(
d(
i))
.
i=
0
Here Graylevel(d) denotes the gray level of pixel d.
( b) sum / 255
T f
=
e) If startPos do not equal snum-1,
endPos = endPos+1
{repeat step (c), (d) shown in figure}
Else
{ StartPos = startPos+1
If startPos = snum
(procedure stop}
Else
(Repeat step (c), (d))
}
VI. ADAPTIVE LINEAR FEATURE DETECTION
The potential object line in a square is relative to the
beamlet coefficient. It is necessary to define a energy function
E ( b)
= T ( b) / PixelCount(
b)
(8)
and object line set
B = { b | E(
b)
> max( E(
B))
×θ},
s (9)
b~
s
where, Ө is the choosing factor and 0 < Ө < 1 . PixelCount(b)
denotes the number of point in the beamlet b. For clarity, we
write the beamlet square in the scale known as
S ( hNum,
wNum).
It is very important to set the choosing
factor Ө. Low Ө will increase the target number and high Ө
will leave out some real target. According to Bayes decision,
the most suitable Ө should be the value of abscissa in the
valley of the histogram. But due to object is less than
background so much; the value of abscissa in the valley is not
suitable again. For the number of object beamlets is less than
the background beamlets, we know Ө will be never below 0.5,
and according to our experience, θ ∈[0.6,1].
We developed
an adaptive method to decide the suitable
Adaptive linear feature detection based on fast
discrete beamlet transform follows:
(1) Set the scale j = Jo ,
(2) Partition Height X Width source image into
HeightNum X WidthNum, pieces of beamlet squares
S(0,0), S(0,1), S(0,2)…S(HeightNum - 1, WidthNum – 1)
For the some area of source image has not enough size to
form a beamlet squares with HeightNum X WidthNum ,
they will be split into smaller scale beamlet squares,
where,
⎡ Height ⎤
HeightNum =
⎢
,
j
⎣ 2 ⎥ ⎦
⎡Width
⎤
WidthNum =
⎢
.
j
⎣ 2 ⎥ ⎦
x denotes the biggest integer no more than x. Each
⎡ ⎤
beamlet square is a sub image with
j
2 width.
j
2 height and
(3) After applying fast discrete beamlet transforms to the
image, and we get beamlet coefficients as
S(0,0), S(0,1), S(0,2)………………….S(HeightNum - 1,
WidthNum - 1) in scale j.
(4) Compute the energy of each beamlet
E ( b) = T ( b)
PixelCount(
b)
(10)
(5) Compute Ө adaptively:
a. Calculate histogram of E(b).
b. Calculate relative histogram addition for all gray
levels termed as remainOld
c. Find rising histogram position and set it as fix
position
d. Calculate relative histogram addition for gray levels
e. starting from fix position and termed as
remainNew(i) & set
maxVal
= HistE(
i + 1) − HistE(
i)
,set θ = i
f. If (i max( E(
b))
×θ}
s (8)
b~
S
(7) Visualize result. For each beamlet coefficient surviving
the thresholding operation, draw a line segment depicting
that beamlet.
The whole procedure is structure less, since each
beamlet coefficient lives or dies based on its own value, and
not of others.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 420

Proceedings of ICCNS 08 , 27-28 September 2008
(1)
VII. EXPERIMENTAL RESULTS
To apply beamlet based method to detect linear features in
real images, consider random noise additive image first We
use SNR to embody the strength of noise.
SNR = 20log10 (( σ ( f ( x,
y)) / σ ( n(
x,
y)))
(9)
Where, σ(f(x, y)),σ(n(x, y)) is the standard deviation of
original image and noise.
Experimental results are shown in fig 3,4 and 5.
Fig 3 (a),4(a) and 5(a) are original image of line, doll, Lena
respectively. Fig 3(b), 4(b), 5(b) are noisy images with
different SNR levels and 3(c) , 4(c) and 5(c) shows result of
detection using beamlet transform.
Fig. 5 (a) original image
Fig.5 (b) noisy image with SNR= -7.08db
Fig 5 (c ) Denoised image using beamlets
VIII. CONCLUSION
Fig. 3 (a) original image
Fig.3 (b) noisy image with SNR= -3.47db
A method based on multiscale extraction of linear
fragments is proposed to identify linear & filamentary features
in severely degraded images. Experimental results shows that
beamlet based method can detect line with any length,
orientation & scale in low SNR images with less number of
iterations. But to detect curves it takes more number of
iterations. The fundamental idea that is embedded in the
algorithmic approach could be used to generate a new efficient
methods in many other situations where signal to noise ratio is
extremely.
Fig 3 (c ) Denoised image using beamlets
Fig. 4 (a) original image Fig.4 (b) noisy image with SNR= -7.96db
Fig 4 ( c) Denoised image using Beamlets
REFERENCES
[1] MEI Xiaoming, ZHANG Liang_pei,LI Ping-xiang, “An approach for
Edge detection based on beamlet transform,” in Proceedings of the
fourth <strong>International</strong> <strong>Conference</strong> of the IEEE Image and Graphics
(CIG), 2007.
[2] David L. Donoho,Xiaoming Huo,”Beamlets and nultiscale image
analysis”In Multiscale and multiresolution methods[A],volume 20 of
lecture notes in Computational Science and Engineering[C],New York,
Ny, USA: Springer 2002,20:149-196.
[3] David L. Donoho “Beamlets pyramids: A new form of multiresoltion
analysis, suited for extracting lines, curves and objects from very noisy
image data”[C]In proceeding of SPIE, volume 4119,July 2000.
[4] Xiaoming Huo and J Chen, ”JBEAM: multiscale curve coding voa
Beamlets”[J] IEEE Trasaction Image process,2005 Nov 14(11):1665-77
[5] David L. Donoho “Wedgelets:Nearly mimimax estimation of edges[J].
Annals of ststistics,1999,27(3):859-897.
[6] F. Ye, G. Zhong, J. Cheng, S. Lu, and L. Zhang, “PEAS: A Robust
Energy Conserving Protocol for Long-lived Sensor Networks,” in
Proceedings of the Twenty Third <strong>International</strong> <strong>Conference</strong> on
Distributed Computing Systems, 2003.
[7] Qin-Feng Shi,Yan Ning Zhang,”Adaptive linear feature detection based
on beamlet,” in Proceedings of the third IEEE <strong>International</strong> <strong>Conference</strong>
on Macjine learning and cybernetics,Shanghai,26-29 August 2004
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 421

Fingerprint Based Authentication System using
Convex Hull: Invariant to Geometrical Translation
and Rotation
Jaydeep Howlader, S. Bansal, A. Kundu, Santhosh Y and B. Chakraborty
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract—In this paper, we present a fingerprint minutiae matching
technique based on graph convex hull. Our paper is an attempt to
build a system which provides authentication in case of fingerprint.
We consider the feature points of the fingerprint image to be either
ridge bifurcation or ridge ending point. Firstly, we discuss the feature
extraction technique that extracts the ridge end points and ridge
bifurcation points. Secondly, we present a mapping from feature
points to a set of convex hulls. A vector of convex hulls defines
the signature of the fingerprint. The minutiae matching technique
presented in this paper is invariant to rotation and linear translation
Keywords—fingerprint minutia, authentication, histogram, Convex
Hull, rotation-invariant, translation-invariant.
I. INTRODUCTION
FIngerprint-based identification has been used for a very
long time due to its uniqueness and immutability. Today,
fingerprints are the most widely used biometrics features in
automatic verification and identification. Fingerprint is the
pattern of ridges and valleys on the fingertip. The image of
such fingertip is known as fingerprint. The fingerprint differs
from one another for each individual. The uniqueness and
the immutability property of fingerprint are used to develop
systems for identification, authentication and verification.
The key issue of the fingerprint recognition is the matching
algorithm. Most of the matching algorithms that have been
developed are based of fingerprint features. The feature is the
orientation of the ridges in a local area. The first scientific
study on fingerprint feature classification was due to Francis
Galton (1822-1916), where he had described three classifications
of fingerprint. Later on, Edward Herny [1] refined the
classifications in more numbers (left loop, right loop, whorl,
arch, tented arch, ridge end, bifurcation, etc). The two most
prominent local ridge characteristics are: ridge end point and
ridge bifurcation point. These features are called minutia.
Examples of minutiae are shown in Fig. 1.
The minutiae based fingerprint technique broadly consists
of two parts: the minutiae representation or feature extraction
and feature matching part. There are different techniques
Jaydeep Howlader is in Information Technology Department, National
Institute of Technology, Durgapur, India, email: howlader j123@yahoo.com
S. Bansal was in National Institute of Technology, Durgapur, India, email:
sbshekhar@gmail.com
A. Kundu was in National Institute of Technology, Durgapur, India, email:
kunduarkendu@gmail.com
Santhosh Y was in National Institute of Technology, Durgapur, India, email:
santhoshyathindraster@gmail.com
B. Chakraborty is in Information Technology Department, National Institute
of Technology, Durgapur, India, email: baisakhichak@yahoo.co.in
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 422
Fig. 1. Minutia representing the ridge end point and ridge bifurcation part
and minutiae
proposed in different literatures. Hankley and Tou [2], Moayer
and Fu [3], Rao and Balck [4] described the fingerprint
pattern by a set of terminal symbols and production rules.
In their approaches, they defined a set of formal grammar
for each class of fingerprint and the patterns were parsed
and map to a class. Neural Network based approaches with
self-organizing network [5] and multilayer perception [6], [7]
were also proposed. Roos and Jain [8] described the fingerprint
by the frequency corresponds to the inter-ridges spacing
in a local area. The matching was done in the frequency
domain comparing the power spectrum of the fingerprints.
Affine transformation based system was also proposed by
Chang et al. [9], describing the feature point as a four tuple
G(t x , t y , θ, S) where t x is the translation along the X-axis,
t y is the translation along the Y -axis, θ is the rotational angle
and S is the scaling factor. In their scheme the fingerprint
was represented as a vector of feature points. The elements
of the vector were the four tuples G i , for i = 1, 2, . . . , n
with n feature points. Recently Xiaoguang et al. [10] had
refined the affine transformation based system and introduced
the global characteristics of the minutiae along with the local
characteristics. Graph based approaches were also developed.
Maio and Maltoni [11] developed a graph based fingerprint
representation technique that segmented the fingerprint on the
basis of the direction of the ridges flow. Each segment was
represented as a node and the graph was formed to represent
the fingerprint. In this paper we are presenting a graph based
approach for fingerprint representation and recognition. The
technique is based on minutiae that are either ridge end points

Proceedings of ICCNS 08 , 27-28 September 2008
or ridge bifurcation points. We ensure that the technique is
fast and less storage space is required to store the minutiae
features. The technique is invariant to geometrical transformation.
We consider the scaling factor is 1, as the same device
is used during the fingerprint capturing phase and fingerprint
recognition phase.
In section II, fingerprint is described as a biometric system.
In this section we describe how authentication and verification
systems are implemented using fingerprint. Section III
describes our scheme, how the minutiae are extracted and
represented for further processing. The fingerprint matching
technique is presented in section III.D. Section IV concludes
the paper work.
II. BIOMETRIC SYSTEM AND FINGERPRINT
A biometric system is a pattern matching system that recognizes
a person by determining the special physiological and/or
behavioral characteristics which are unique and immutable
for every individual. The important issue for designing a
biometric system is to determine how an individual would be
recognized. Depending on the application a biometric system
may be designed as either verification/authentication system
or identification system:
• Verification/Authentication system authenticates a person
by capturing his biometric characteristics, processing the
characteristics and comparing the processed characteristics
with the stored biometric templates. A verification/authentication
system either rejects or accepts the submitted
claim.
• Identification system recognizes the person by capturing
his biometric characteristics, processing the characteristics
and then searching the processed characteristics
among the stored biometric templates. The Identification
system results in a possible set of identity for a given
claim.
It is well understood that false verification/authentication is
more venerable then negative response from the verification/authentication
system. If a person gets negative response,
he may ask for a fresh claim of his authenticity. Whereas, if
a fake person is authenticated by the system, then it would be
a huge security threat.
There are different types of biometrics used in various
applications. Each biometric has its strengths and weaknesses
depending on the applications. Most of the applications developed
for recognition system based on biometrics; demand
that the biometrics should have the following properties:
Universality: each person should have the biometric.
Distinctiveness: any two persons should have sufficient
differences in terms of the biometric characteristics.
Immutability: the biometric should remain unchanged for
a sufficiently long period of time.
Acceptability: indicates the extent to which people are
willing to accept a particular biometric in their daily
life.
Performance: is the achievable recognition accuracy,
speed, space, robustness, degree of error due to
environmental changes etc.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 423
Fingerprint recognition systems are the most mature biometric
technologies and are suitable for a wide range of applications.
Fingerprint has a good balance of all the desired properties
for biometric based applications used for recognition. It is
present with every person. The uniqueness of fingerprint is
well established. It is already in use for a long period and many
governmental/nongovernmental organizations have accepted
the fingerprint as a biometric for identification and verification.
Moreover, the size of fingerprint is relatively smaller then
other biometrics. It is also possible to capture good quality
fingerprints using proximity devices. Now a day, there is
a high demand of automated fingerprint based recognition
systems to cope with the identity fraud in the electronically
connecter society. It has been realized that password, PAN
or security codes; those soft keys are difficult to remember,
may be stolen or be colluded. Fingerprint like biometrics are
easy to use and not venerable as soft keys. In the present
scenario, fingerprint is used in many applications like; Forensic:
criminal investigation, terrorist identification; Government:
national ID card, driving license card, banking application,
rural development centers; Communication: computer logon,
physical access control mechanism, medical databases.
III. PROPOSED SCHEME FOR FINGERPRINT RECOGNITION
The fingerprint recognition scheme is divided into three
phases: Image Enhancement and Binarization, Feature Mapping,
Feature Matching.
A. Enhancement and Binarization
The fingerprint enhancement algorithm takes a fingerprint
image as the input and processes the image with a number of
intermediate steps and the output is an enhanced fingerprint
image. The objectives of the enhancement process are to
improve the quality of the image, reduce or eliminate the
noise, sharpen the ridge areas, recover the broken ridge lines.
Lots of enhancement techniques had been developed and
proposed in different literatures [12]. However, with the recent
development in the fingerprint capturing devices, the quality
of the fingerprints are quite satisfactorily. Still some shot
of enhancement is required to fit the captured fingerprint in
the recognition process. We do the enhancement on a gray
image by convoluting the image with spatial sharpening mask
followed by binarization of the gray image into binary image.
The discrete noise are removed by erasing the small connectedcomponents
in 8-neighbourhood.
The sharpening is used to highlight the ridges from the
valleys. A square shaped weighted mask is used for sharpening.
The next step is to binarized the image. To execute the
binarization the histogram of the fingerprint image is computed
and the binary threshold T is determined from the histogram.
All the pixel values those are less then the threshold T are
mapped to binary 0 and those are greater or equal to T are
mapped to binary 1. The binary fingerprint image may contain
some discrete noise. To remove the noise, we compute the
connected component. The connected components that are less
then the minimum weight are deleted from the binary image.
The schematic diagram in Fig. 2. describes the enhancement
process.

Proceedings of ICCNS 08 , 27-28 September 2008
Input Image
Sharpening Filter
Binarization
1 0 0 0 1 0 0 0
1 1 0 1
0 1 1 0 1 0 1 1 0 0 1
0
1 0 0 1 0 1 0 0 1 0 1 0
0 1 0 0 1 0 0 1 0 0 0 0
0 1 1
1 1 1
1 1 0 1 1 1
0 1 0 0 0 0 0 1 0 0 1 0
Eight masks used to detect the bifercation points
Connected Component Labeling
Fig. 4.
The masks used for extracting the bifurcation points
Fig. 2.
Fig. 3.
0
Enhanced Image
Fingerprint enhancement process
0 0
0 0
0 0 0
0 1 1 1 1 0 0 1 0 0
0
0
0
0 0 0
1
0 0 0 0 1
0 1 0 0
1
0 0 1 0 0 1 0
0
0
(a) horizantal ridge end
detection masks
0
0
1
0 0
1
0
0
0
0 0 0
1
0
(b) vertical ridge end
detection masks
0 0
1
0
0 0
Masks used for extracting the ridge end points
The masks used to extract the ridge end points
B. Feature Extraction
0
0
0 0
After getting the binary fingerprint image, we have to extract
the feature points. We consider the minutiae as the feature
points of the fingerprint. We used two different techniques to
extract the minutiae. The first one using run-length code as
proposed in [13]. The second method is based on morphological
operation. The skeleton of the image is computed. The
skeleton of the image depicts the fingerprint with single pixel
ridge width. After then a set of masks are applied on the image
to find the minutiae points. The minutiae points are either ridge
end points or ridge bifurcation points. Eight masks are applied
successively to extract the ridge end points. The masks used
for detecting the horizontal and vertical ridge ends are shown
in Fig. 3(a),(b). Similarly, another eight masks are used to
determine the ridge bifurcation points. Fig. 4. describes the
masks that are used to identify the ridge bifurcation points.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 424
0
0
0
1
C. Feature Mapping
The performance and reliability of the biometric
verification/authentication system depends on the technique
used for representing the biometric feature. In this case the
minutiae are stored by a graph called Convex Hull. A set
of points X in a real vector space, form a convex hull, iff
X is in a minimum convex set. The term convex is defined as:
An object in the Eucledean space is convex if for
every points on a straight line, that joins two points
X and Y within the object, are also within the
object.
For a set of feature points (minutiae) P 1 of a fingerprint, we
construct a Convex Hull C 1 . Let S 1 ⊆ P 1 , is the set of all
feature points that lie on the periphery of the Convex Hull. We
compute the centroid of S 1 i.e. O 1 = (x 1c , y 1c ) as follows:
x 1c = 1 n∑
x i
n
y 1c = 1 n
i=1
n∑
i=1
where (x 1 , y 1 ), (x 2 , y 2 ), . . . , (x n , y n ) ∈ S 1 . The Convex Hull
is represented as a four tuples 〈O 1 , θ 1 , Γ 1 , δ 1 〉. The first
element O 1 is the centroid of the Convex Hull C 1 , θ 1 is
the list of angles ∠v i O 1 v i+1 , where O 1 is the centroid, v i
and v i+1 are the two neighboring points that are in S 1 . Γ 1
is a list of Eucledean distance between the centroid and the
point v i . The two lists are ordered anticlockwise. The first
element of θ 1 is the angle that contains the positive X-axis
and the first element in Γ 1 is the distance l 1 that appears first
in the anticlockwise from X-axis. δ 1 is the angular offset of
the first feature point v 1 from the positive X-axis along the
anticlockwise direction. The figure in fig. 5. describes the
representation of the first convex hull.
The above Convex Hull is represented as follows:
C 1 = 〈O, θ = {θ 1, θ 2, θ 3, θ 4, θ 5, θ 6}, Γ = {l 1, l 2, l 3, l 4, l 5, l 6}, δ 1〉
After computing the first Convex Hull, the set of points in
S 1 are deleted from P 1 . We get a new set P 2 = P 1 − S 1 .
y i

Proceedings of ICCNS 08 , 27-28 September 2008
v 2
v
1
δ
1
θ 1
Q
60 o
l
o
60
o
50
v
3
l 1
6
O
v
X−axis
X−axis
v
4
v
5
O = (X ,Y )
C C
v = ( X ,Y )
i
i
i
fig. (a)
60 o 20
l
Fig. 5. Convex Hull of six points. O is the centroid, l 1 is the distance
between O and v 1 . θ 1 is the ∠v 1 Ov 6 contains the positive X-axis. δ 1 is the
offset of v 1 from X-axis.
O
o
o
60
X−axis
We construct the second Convex Hull with c 2 with P 2 . The
Convex Hull c 2 is represented as 〈O 2 , Γ 2 , θ 2 〉, where θ 2 and
Γ 2 lists are ordered anticlockwise with the angle that contains
the positive X-axis with respect to the centroid. We apply
the above process iteratively unless all the feature points are
mapped to the periphery of some convex hull. A set of convex
hull is generated in this process for the i th fingerprint and
denoted as Ψ i = {C i1 , c i2 , . . . , c ik }, where c ij covers c ik for
all k < j. The fingerprint database is a collection of different
Ψ where each Ψ i defines the i th fingerprint.
fig. (b)
Fig. 6. 6(a) describes a convex hull. The centroied of the convex hull is Q.
6(b) describes the same convex hull of fig. 6(a) with different orientation.
D. Fingerprint Matching
The fingerprint verification/authentication system contains a
fingerprint database. When a verification request comes to the
system, it first extracts the minutiae point set ¯P1 as described
in section III.B. Then the first convex hull ¯C1 is computed
from ¯P 1 . ¯C1 is searched in the database. The searching is done
as follows:
f o r i = 1, 2, . . .
/ / C i1 ∈ Ψ i i s t h e 1 st Convex Hull of Ψ i
/ / θ i , Γ i , δ i ∈ C i1 and ¯θ, ¯Γ, ¯δ ∈ ¯C 1
α = 0
i f ( l e n g t h ( θ i ) = = l e n g t h ( ¯θ ) )
f o r j = 1, 2, . . . , l e n g t h (θ i )
i f ( θ i == theta ¯ AND Γ i == ¯Γ )
α = α + δ i − ¯δ
r e t u r n (SUCCESS)
e l s e i f ( θ i ≠ ¯θ )
α = α + ¯θ[0]
C i r c u l a r R i g h t S h i f t ( ¯θ ) ;
C i r c u l a r R i g h t S h i f t ( ¯Γ ) ;
r e t u r n ( FAILURE)
The process of searching is described in the Fig. 6. The
figure 6(a) is one convex hull, with centroid at Q. The convex
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 425
hull is represented as:
C = 〈Q, θ = {60 o , 60 o , 60 o , 60 o , 60 o , 60 o }, Γ = {l, l, l, l, l}, 50 o 〉
Figure 6(b) is another convex hull, with centroid at O. The
orientation of the convex hull is represented as:
¯C = 〈O, ¯θ = {60 o , 60 o , 60 o , 60 o , 60 o , 60 o }, ¯Γ = {l, l, l, l, l}, 20 o 〉
The searching algorithm first checks that, θ i == ¯θ and
Γ i == ¯Γ, so the angular displacement of C is computed as
α = 50 o − 20 o anticlockwise from ¯C.
After getting a match of ¯C 1 with some C i1 ∈ Ψ i , let S i is the
set of points that lie on the periphery of the convex hull ¯C1 ,
we compute ¯P 2 = ¯P 1 − ¯S 1 . We apply a transformation on ¯P 2
as follows:
[ ] [ ] ⎡
T ¯P2 ¯P2 = ⎣ cos α, − sin α, ¯x ⎤
c − ¯x ic
sin α, cos α, ȳ
1
c − ȳ ic
⎦
0, 0, 1
The transformation restores the set of pixels ¯P2 equivalent
to P 2 . Then we compute the successive convex hulls
¯c 2 , ¯c 3 , . . . , ¯c k and match with c i2 , c i3 , . . . , c ik . The matching
is done by checking whether ¯θ j == θ ij and ¯Γ j == Γ ij hold
or not.

Proceedings of ICCNS 08 , 27-28 September 2008
[9] S. H. Chang, F. H. Chang, W-H. Hsu, G-Z. Wu, Fast Algorithm for Point
Pattern Matching: Invariant to Translation, Rotation and Scale Change,
Pattern Recognition, vol. 30, no. 2, pp. 312-320, 1997.
[10] Xiaoguang He, Jie Tian, Liang Li, Yuliang He, and Xin Yang, Modeling
and Analysis of Local Comprehensive Minutia Relation for Fingerprint
Matching, Trans. on System, Man, and Cybernetics, IEEE, vol. 37, no.
5, 2007.
[11] D. Maio and D. Maltoni, A Structural Approach to Fingerprint classification,
in Proc. ICPR, IEEE, vol. III-7276, pp. 578, 1996.
[12] Lin Hong, Y. Wan, A. Jain, Fingerprint Image Enhancement: Algorithm
and Performance Evaluation, Trans. on Pattern Analysis and Machine
Intelligence, IEEE, vol. 20, no. 8, pp. 777-789, 1998.
[13] J-H. Shin, H-Y. Hwang and S-I. Chien, Minutiae Extraction from
Fingerprint Image Using Run-Length Code, Trans. on ISMIS 03, LNCS-
2871, pp. 577-584, 2003.
[14] R.C. Gonzalez and R.E. Wood, Digital Image Processing, 2 nd ed.
Prentice-Hall, 2002
[15] D.H. Ballard and C.M. Brown, Computer Vision, Prentice-Hall, 1982
[16] M. Berg, O. Cheong, M. Kreveld and M. Overmars, Computational
Geometry: Algorithms and Applications, 3 rd ed. Springer-Verlag, 2008
Fig. 7. Fingerprints are captured from the same finger with different
orientation
IV. CONCLUSION
In this paper we have presented a scheme for authentication
and verification based on fingerprint. The scheme is invariant
to arbitrary translations and rotations. The scaling change is
not addressed in this paper as we propose that the process of
fingerprint capturing and fingerprint matching is done using
same type of hardware. We have reduced the computation
during the matching phase by first checking the outer most
convex hull. If there is a match, then the process is matching
extended further.
We found some problem due to image clipping. Figure 7
shows the same fingerprint with different orientation. In the
first fingerprint image, there are some extra minutiae which are
clipped in the second fingerprint image. This happens due to
the picture frame that clips the captured image. To overcome
the problem we recommend to use either circular or elliptical
picture frame as shown in the Fig. 7.
REFERENCES
[1] E. R. Henry, Classifcation and Uses of Finger Prints, Routledge,
London, (1900).
[2] W. J. Hankley and J. T. Tou, Automatic Fingerprint Interpretation
and Classification via Contextual Analysis and Topological Coding, in
Pictorial Pattern Reorganization, pp. 411-456, 1968.
[3] B. Moayer and K. S. Fu, A Syntactic Approach to Fingerprint Pattern
Recognition, Pattern Recognition, vol. 7, pp. 1-23, 1975.
[4] K. Rao and K. Balck, Type Classification of Fingerprints: A Syntactic
Approach, IEEE Trans. PAMI, vol. 2, pp-223-231, 1980.
[5] K. Moscinska and G. Tyma, Neural Network based Fingerprint Recognition,
in proc. 3 rd Int. Conf. Neural Network, pp 229-232, 1993.
[6] P. A. Hughes and A. D. P. Green, The use of Neural Network for
Fingerprint Classification, in proc. 2 nd Int. Conf. Neural Network, pp.
79-81 1991.
[7] M. Kamijo, Classifying Fingerprint Images using Neural Network:
Deriving the Classification State, in proc. Int. Conf. Neural Network,
pp. 1923-1937, 1992.
[8] A. Ross and A. Jain, A Hybrid Fingerprint Matcher, Pattern Recognition,
vol. 36, no. 7, pp. 1661-1673, 2003.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 426

Proceedings of ICCNS 08 , 27-28 September 2008
Compact Representation for Dynamic Texture
Synthesis Using Multi Way SVD and YCbCr
Color Coding
Premanand P.Ghadekar 1 , Manik L. Dhore 2 , Suresh N. Mali 3 , Dr. Ashok M. Sapkal 4 .
ABSTRACT: - Texture is everywhere in nature. It represents
together with color and shape one of the fundamental
characteristics of object. Texture conveys an idea of repetition of
a certain structure, which is not limited only to the visual
domain. In image processing, a dynamic texture is a sequence of
images showing temporal stationarity. Dynamic texture synthesis
is the process of producing artificial textures starting from a
given texture sample. In the case of dynamic textures, the term
“compact” applied to the model size used for synthesis. We
propose a dynamic texture analysis that is able to obtain a more
compact model starting from the linear model of Soatto and
Doretto. Current methods perform a dimension reduction of the
data by applying the SVD to the video frames unfolded into
column vectors. This permits only to exploit the temporal
correlation. We avoid the unfolding operations and decompose
the signal directly using a multidimensional decomposition
known as Multi-way SVD i.e. Higher-Order SVD (HOSVD).
Chromatic components are exploited more efficiently by
combining the HOSVD decomposition with the Y CbCr color
encoding for the input data. Tests show that the combined model
has required five times lesser parameters than models derived
with other algorithms, for the same visual quality and
approximately the same computational synthesis cost. Our
technique is thus well suited to dynamic texture synthesis on
devices limited by memory and computational power; such as
webcams or mobile phones.
Keywords—Dynamic texture, synthesis, Multi-way, SVD,
HOSVD, YCbCr, Tensor.
I. INTRODUCTION
Dynamic texture synthesis is the process of creating an
artificial texture from a sample image. In this case, the term
“compact” will refer to a texture model having a small number
1 P.P. Ghadekar , Lecturer, Computer Engineering Department
Vishwakarma Institute of Technology,Pune-37
premghadekar@rediffmail.com , India
2 M.L. Dhore , Head & Assistant Professor
Computer Engineering Department
Vishwakarma Institute of Technology, Pune-37
hodcomp@vit.edu, India
3 S.N.Mali, Dean & Assistant Professor
Computer Engineering Department
Vishwakarma Institute of Technology, Pune-37
suresh.mali@vit.edu, India
4 Dr. Ashok M. Sapkal , Professor, E & TC Department
College of Engineering, Pune-05
Ashoksapkal@rediffmail.com , India
of parameters. Image-based models perform synthesis using a
model built from the video sequence representing a dynamic
texture and not a model of the event itself. Even though image
based models are limited, these models have been extensively
studied and used because they have a much smaller synthesis
cost than physics-based model. This is an advantage when the
dynamic texture is synthesized on a general purpose PC,
especially when used in video games.
In this technique parametric image, based approach is used
to build a model of dynamic textures. It is more flexible, more
compact in terms of memory occupation, and usually permits
on-the-fly synthesis. Recently, the parametric model proposed
by Doretto et al. [10], [3] was shown to be a valid approach
for analysis/synthesis of dynamic textures. Each video frame
is unfolded into a column vector and constitutes a point that
follows a trajectory as time evolves. In this model, the SVD
exploits the temporal correlation between the video frames but
the unfolding operations prevent the possibility of exploiting
spatial and chromatic correlations. We use the parametric
approach of [3]. But perform the dynamic texture analysis
with a higher order SVD, which permits to simultaneously
decompose the temporal, spatial and, chromatic components
of the video sequence. In the present work we have stressed
the importance of the compactness of the texture
representation. This section presents two approaches that lead
to a more compact representation of the dynamic texture and a
comparable performance in terms of visual quality and
computational cost.
A. Approach 1: Separating Luminance from Chrominance.
The first strategy is to use a different color encoding than
RGB to represent the video sequences. As briefly suggested in
Doretto’s paper [3], where it was noted that the linear model
can be applied to different color encodings, we have found
that a more compact model can be obtained using a color
space where luminance and chrominance channels are
separated, since chromatic channels can be made more
compact. An example is the Y Cb Cr color encoding. This is a
linear combination of RGB color encoding widely used in
video applications and usually appearing in a compressed
format denoted as 4:2:0, where the chrominance channels are
down sampled both horizontally and vertically. When Soatto-
Doretto’s model is used on the Y CbCr input video in 4:2:0
format, the model matrix obtained in the analysis step has half
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 427

Proceedings of ICCNS 08 , 27-28 September 2008
the size of the one obtained using RGB. Since this matrix is
the major contribution of the model cost in terms of model
parameters, this results in a more compact model. This
strategy exploits in a better way the spatial and color
correlation between pixels, and it is easy to use, since it is just
necessary to convert the input video in a different format
B. Approach 2: The Tensor Decomposition
The second strategy is to avoid the unfolding operations
that precede analysis and decompose the input video in its
native form, i.e., as a multidimensional signal (a so called
tensor). There exist different techniques that decompose a
tensor in its fundamental components. The natural extension
of the SVD used for matrix decomposition to higher
dimensions is the Multi-way SVD i.e. Higher-Order SVD
(HOSVD) [6]. This decomposition is fast to compute and
allows for a dimension reduction by simple principal
component truncation. Although this truncation is suboptimal
from the point of view of energy compaction, the
approximation error is bounded and not much higher than the
minimum error ensured by the optimal solution. By avoiding
the unfolding operations permits to better exploit the pixel
correlation in space, time, and chromatic content in a single
step, eventually leading to a more compact model with fewer
coefficients.
II. THE COMPACT MODEL USING YCBCR
This section shows that a color encoding such as Y CbCr
has two advantages with respect to RGB. First, it permits to
obtain a more compact model where the chromatic channels
are down sampled both horizontally and vertically (4:2:0
format), thus better exploiting the spatial color information.
Second, it allows the design of a system where two
independent models can be used to describe luminance and
chrominance separately. A model of order n1 can be used for
the luminance and another model of order n2 for the
chrominance.
Figure 1 Schematic view of the different luminance-chrominance based input
representation
Since the chrominance channels have also a low frequency
temporal behavior, the order of the second system can be
lower than the one used for luminance and still ensure a good
synthesis. The idea is to allow for flexibility in the choice of
the model order that represents the luminance and the
chrominance channels, in order to find models that are more
compact and have the same or even better performance with
respect to the native RGB model. Combining these two
aspects, there are four different ways to employ Y CbCr color
encoding within the linear model.
This is shown in Figure 1 a) Full” model of order n; (b)
“Full + Split” models of orders n1 and n2; (c) “Half” model of
order n: the chrominance is down sampled; (d) “Half + Split”
models of orders n1 and n2. Model size for four different
models is given in table 1.
Ka=3Ln
Kc =1.5Ln
Model size
Kb= Ln1 + 2Ln2
Kd = Ln1 + 0.5Ln2
TABLE 1: NUMBER OF MODEL PARAMETERS ACCORDING TO THE
CONFIGURATION OF FIGURE 1 USED.
III. THE COMPACT MODEL USING TENSOR
Tensors are a generalization of matrices for orders higher
than 2; a tensor AЄR (I1×I2×...×Ip) has order p and I 1 , I 2 ... Ip are
integer numbers indicating the number of elements for each
dimension. For example, a grayscale video sequence can be
considered a tensor of order 3, with I 1 =N, I 2 =M, and I 3 =τ, if it
is composed by τ video frames of dimension N×M pixels.
From a tensor, it is possible to obtain a matrix by unfolding its
elements along one dimension. This is shown in Figure 2,
where we show the example of unfolding a 3D tensor along its
first dimension. The matrix obtained from unfolding tensor A
along its dimension h is called matrix unfolding, and it is
indicated as A (h). Its columns are called h-mode vectors.
Figure2. Example of unfolding the 3-dimensional tensor A along the first
dimension that produces the matrix unfolding A (1).
IV. DEFINITION OF THE HOSVD
As matrices can be decomposed in singular values using the
SVD, there exists a similar decomposition of tensors. The
standard SVD is depicted schematically in Figure 3 (a). In the
top half, it is formulated according to standard notation, i.e.,
as the matrix product between a left matrix U, a diagonal
matrix S and a right matrix V H , where the symbols H denote
the matrix Hermitian transpose operator. Since bi-dimensional
matrices are a particular case of tensors of order 2, this
product can be also expressed using tensor notation. This is
shown in the bottom half of Figure 3(a).The extension of the
SVD to higher order corresponds to the HOSVD introduced in
[6] as an extension of the three-way Tucker decomposition. A
p-order tensor A is decomposed as:
A=S x1U (1) x 2 U (2) ……....×p U (p) ,
U (1),U(2), . . . ,U(p) are orthogonal matrices that contain the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 428

Proceedings of ICCNS 08 , 27-28 September 2008
orthogonal vectors spanning the column space of the matrix
unfolding A(i) with i = 1, 2, . . . , p and S is the core tensor. It
corresponds to the generalization of the diagonal matrix S of
the standard SVD, with the difference that generally it is a
non-diagonal full tensor. An example of the decomposition of
a 3D tensor is depicted schematically in Figure 3 (b).
Figure 3: Standard and multi-way SVD
V. THE HOSVD IS COMPUTED IN TWO STEPS ACCORDING TO
THE FOLLOWING: ALGORITHM:
1. For i=1,2,...,p, compute the unfolding matrix A(i) from A
and compute its standard SVD: A(i)=USV H ; the orthogonal
matrix U(i) is defined as U(i)=U, i.e. as the left matrix of the
SVD;
2. The core tensor is computed using the inversion
formula:
S=A×1U (1) H × 2 U (2) H ...×p U (p) H ,
Standard SVD is used as a dimension reduction technique.
This is schematically recalled in Figure 3 (a). The product of
the first n columns or rows of the left and right matrices with
the first n element of the diagonal matrix S, produces the best
n-rank approximation matrix for F.
VI. PERFORMANCE EVALUATION
The performance is evaluated by considering the average
one step prediction error. This is an objective measure given
by the average value of the Peak Signal to Noise Ratio
(PSNR) difference between original and the one step
prediction video frames obtained from the model:
τ
PSNR= 1
τ − 1
∑ 10
255 2
j = 2
log 10
RGB
MSE ( I − I ' )
RGB
j
Where I j
RGB
and I’
j
RGB
are the original and predicted video
frames in RGB video format, respectively. The one step image
prediction and the corresponding frame synthesis are
computed as follows:
ˆxj =Hxj−1
j
ˆZj =S× 1U
(n)
. . . ×t ˆxj ×t+1. . . ×n U
(n)
+M,
Where xj−1is the (j−1)-th column of matrix X obtained in
the analysis step, and frame ˆI j
RGB
is obtained from ˆZj by an
appropriate color conversion.
VII. PERFORMANCE PARAMETER OF WORK
The parameters of the HOSVD-based model are the number
of singular values retained from the tensor decomposition.
Since this decomposition considers spatial (horizontal and
vertical), temporal, and chromatic components separately, this
results in a number of 4 parameters in the case of the 4D-
RGB(HOSVD-RGB) data representation and 3 parameters in
the case of 3D-Y CbCr(HOSVD-YCbCr). r1, r2, r3, and r4
the parameters are used which are associated to vertical,
horizontal, temporal, and color dimensions, respectively.
This gives enough freedom to optimize the decomposition
according to the characteristics of the video sequence. However,
to keep the number of parameters comparable to the
other methods and to limit the number of simulations, r1=r2 is
used. Naturally, this penalizes the algorithm performance
when applied to sequences having a clear spatial orientation,
such as the “Grass” video sequence, which is characterized by
strong horizontal frequency and low vertical frequency. Using
r2>r1 would have increased the quality of the predicted
frames, since the horizontal content would have been better
approximated. Moreover, in the case of 4D-RGB, we fixed
r4=3, thus not compressing the color information.
The parameters r1 varied from 5 to N with an interval of 5,
r2 from 5 to M. Since N and M are in general different, r1
differ from r2 when one or the other reaches its maximum
value. In all other cases, the restriction r1=r2 is valid. The
temporal parameter r3 varied from 5 to τ −5, with an interval
of 5, where τ indicates the temporal length of the video
sequence.
Doretto’s algorithm performance varies according to one
single parameter. This is the number of singular values that
are retained from the 2D-SVD in the analysis. This parameter
is called as Nrgb; it is an integer ranging from 1to τ. When
testing the algorithm, Nrgb is varied from 5 to τ − 5 with an
interval of 5.
In order to evaluate the algorithms performance, the error
between original and synthetic frames is considered. Two
factors contribute to this error. The first is the error intrinsic to
the low-rank approximation given by the choice of the number
of singular values. The second is the error introduced when
modeling the texture dynamic with an MAR (1) model. The
latter is properly called prediction error.
Prediction error is called as the total error between an
original frame and its prediction obtained by the models in
final RGB color encoding that is used for display purposes to
evaluate the algorithms performance, consider Prediction
Error Vs Model Size Graph i.e. Prediction Average PSNR
(dB) VS Number of Coefficient. Figure 4 shows graph
(prediction error vs. model size) an example of the algorithms
performance obtained by the proposed HOSVD-RGB &
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 429

Proceedings of ICCNS 08 , 27-28 September 2008
HOSVD-YCBCR algorithm.
The dots indicate simulation results, while the continuous
lines indicate their interpolation. The dashed line corresponds
to the best performance obtained by the algorithm for this
video sequence.
Compared to algorithms were the unfolding operations are
performed in 2D ,this method results in models with on
average five times less coefficients, still ensuring the same
visual quality.
(a)
(a)
(b)
Figure 4. Example of the performance (prediction error vs. model size)
(a) HOSVD-RGB (b) HOSVD-YCBCR algorithm.
Despite being a suboptimal solution for the tensor decomposition,
the HOSVD ensures close-to-optimal energy compaction
and approximation error. The sub optimality derives
from the fact that the HOSVD is computed directly from the
SVD, without using expensive iterative algorithms, such as
done for the optimal solution. This is an advantage, since the
analysis can be done faster and with less computational
power. Figure 5 shows comparison graph (prediction error vs.
model size) for algorithm SVD-RGB, SVD-YCbCr, HOSVD-
RGB, HOSVD-YCbCr & graph for Gain factor vs. Prediction
Average PSNR.
(b)
Figure 5 Comparison graph (Tides)
(a) No. Model Coefficient vs. PSNR (b) PSNR vs. Gain Factor
Figure 6.1-2 shows comparison graphs left part is original
dynamic texture, middle part is dynamic texture created
artificially by using HOSVD, and right part of image is
dynamic texture created by using SVD. Following values are
calculated by using SVD-RGB & HOSVD-RGB algorithm.
PSNR SVD value is - 28.908 (n = 35)
PSNR HOSVD value is - 27.1518
Cost SVD value is -2739182
Cost HOSVD value is- 896889
Cost SVD / Cost HOSVD-3.0541
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 430

Proceedings of ICCNS 08 , 27-28 September 2008
Moreover, the very small memory occupancy favors the use of
the HOSVD based model in architectures characterized by
constraints in memory and computational power complexity,
such as PDAs or mobile phones.
(a) Original (Tides) (b) HOSVD RGB
Figure 6.1 Comparison video (Tides)
(c) SVD RGB
Following values are calculated by using SVD-YCbCr &
HOSVD-YCbCr algorithm.
PSNR SVD YCbCr value is -28.8706 (n = 35)
PSNR HOSVD YCbCr value is- 26.6957
Cost SVDYCbCr value is -1370606
Cost HOSVD YCbCr value is- 288225
Cost SVD / Cost HOSVD Value is- 4.7553
REFERENCES
[1] B. Abraham, O. I. Camps, and M. Sznaier, “Dynamic Texture with
Fourier Descriptors,” Proc. of the 4th <strong>International</strong> Workshop on Texture
Analysis and Synthesis, pp. 53–58, 2005.
[2] B. W. Bader and T. G. Kolda, “MATLAB Tensor Classes for Fast
Algorithm Prototyping,” Proc. of ACM Trans. on Mathematical Software, vol.
32, no. 4, 2006.
[3] G. Doretto, A. Chiuso, Y. Wu, and S. Soatto, “Dynamic textures,” Int.
Journal of Computer Vision, vol. 51, no. 2, pp. 91–109, 2003.
[4] G. Doretto, D. Cremers, P. Favaro, and S. Soatto, “Dynamic Texture
Segmentation,” Proc. of IEEE ICIP 2003, pp. 1236–1242.
[5] G. Doretto and S. Soatto, “Editable Dynamic Textures,” Proc. of IEEE
CVPR 2003, vol. 2, pp. 137–142.
[6] L. De Lathauwer, B. De Moor, and J. Vandewalle, “A Multilinear
Singular Value Decomposition,” Siam J. Matrix Anal. Appl., vol. 21, no. 43,
pp. 1253–1278, 2000.
[7] M. A. O. Vasilescu and D. Terzopoulos, “TensorTextures: Multilinear
Image-Based Rendering,”Proc. Of ACM SIGGRAPH 2004, pp. 336–342.
[8] P. Saisan, G. Doretto, Y. N. Wu, and S. Soatto, “Dynamic Texture
Recognition,” Proc. of IEEE CVPR 2001, vol. 2, pp. 58–63.
[9] R. Costantini, L. Sbaiz, and S. S¨usstrunk, “Dynamic Texture Analysis
and Synthesis using Tensor Decomposition,” Lecture Notes in Computer
Science, vol. 4292, pp. 1161–1170, 2006.
[10] S. Soatto, G. Doretto, and Y. N. Wu, “Dynamic Textures,” Proc. of
IEEE ICCV 2001, vol. 2, pp. 43
(a) Original (Tides) (b) HOSVD YCbCr (c) SVD YCbCr
Figure 6.2 Comparison video (Tides)
VIII. CONCLUSIONS
Existing models for dynamic texture synthesis can be made
more compact by exploiting in a more efficient way the
correlation between the pixels of the video. This can be done
both using a more compact color encoding than the native
RGB, such as Y CbCr, where luminance and chrominance
channels are separated and chrominance can be down
sampled. Moreover, model compactness can derive from the
use of a direct decomposition of the dynamic texture video
considered as a multidimensional signal, thus avoiding the
unfolding operations that shape it into a matrix. Tensor
decomposition offers a solution where spatial, chromatic, and
temporal information can be modeled at once. The few model
parameters permit to perform synthesis in real-time.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 431

Proceedings of ICCNS 08 , 27-28 September 2008
Design Of Optimal MLP Neural Network Classifier For
Intelligent Iris Recognition System For Person
Identification
Sanjay R. Ganorkar
Dr.Ashok A.Ghatol
Abstract-- Design and evaluation of Iris recognition system for
person identification is discussed in this paper. As technology
advances information and intellectual properties are wanted by many
unauthorized personnel. As a result many organizations are searching
ways for more secure authentication methods for the user access. In
network security there is a vital emphasis on the automatic personal
identification. Due to its inherent advantages biometric based
verification especially iris identification is gaining a lot of attention.
Iris recognition uses iris patterns for personnel identification. The
system steps are capturing iris image, localizing iris and the iris
pattern recognition. The iris is extracted from the eye image. Due to
the high degree of freedom in iris pattern only part of the iris
structure is selected for recognition. The proposed method is based
on Discrete Cosine Transform (DCT) coefficient technique that
extracts important features using transformed coefficients. Obtained
features are fed to multiplayer perceptron neural network with
different learning rules and activation functions for person
identification. Experimental results show that the Discrete Cosine
Transform (DCT) based feature extraction technique has an
encouraging performance.
Keywords-- ANN, Biometrics, DCT, Iris recognition, MLP,
Personal identification.
I. INTRODUCTION
The term “Biometrics” refers to a science involving statistical
analysis of one or more physiological or behavioral
characteristics [1]. An individual’s behavioral or physiological
characteristics have the capability to reliably distinguish
between an authorized person and an imposter. Since
biometric characteristics are distinctive, cannot be forgotten or
lost, and the person to be authenticated needs to be physically
present at the point of identification Biometric is inherently
more reliable and are capable than traditional methods..
Traditional methods for personal identification are I) Token
based approach uses something you have to make
identification, such as passport, driver’s licence, an ID card, a
credit card, or keys. II) Knowledge based approach such as
something you know to make identification such as a
password or a Person Identification Number (PIN).
Sanjay R. Ganorkar, Assistant Professor, Sinhgad College of Engineering,
Pune. C1-203, Shivsagar City, Phase –I, Sun City Road, Anand Nagar,
Sinhgad Road, PUNE, Pin- 411051, Maharashtra, India. emailsrgomom@rediffmail.com,
Cell No. 9422514726, Fax 02024357243.
Dr.Ashok A.Ghatol, Vice-Chancellor, Dr. Babasaheb Ambedkar
Technological University, Lonere, Dist. Raigad, Maharashtra, Pin-402103,
India. email-ashok.ghatol@gmail.com, Cell No.9422494101, Fax
02140275040
Since these traditional approaches are not based on any
inherent attributes of an individual to make identification, they
suffer from disadvantages like (i) Token may be lost, stolen,
forgotten, or misplaced, and (ii) PIN may be forgotten by a
valid user or guessed by an imposter. Knowledge based and
token-based approaches cannot differentiate between
authorized person and imposter who fraudulently acquire the
token or knowledge of the authorized person. Hence they are
unsatisfactory mean of achieving the security requirement of
electronically inter connected society. In recent years
biometric personal identification is receiving growing interests
from both academia and industry [2]. Biometrics includes
fingerprints, retina, iris, voice, signatures, facial thermogram
hand geometry, etc. Among all biometrics iris recognition has
attracted a lot of attention because it has various advantages
factors like greater speed, simplicity, and accuracy as
compared to other biometric techniques. Iris recognition relies
on the unique patterns of the human iris to identify or verify
an individual. Because the randomness of iris patterns has
very high dimensionality, recognition decisions are made with
confidence levels high enough to support rapid and reliable
exhaustive searches through national-sized databases [1, 2].
Artificial Neural Networks (ANNs) are programs designed to
simulate the way a simple biological nervous system is
believed to operate. They are based on simulated nerve cells or
neurons, which are joined together in a variety of ways to
form networks. These networks have the capacity to learn,
memorize and create relationships amongst data. ANN is an
information-processing paradigm, implemented in hardware or
software that is modeled after the biological processes of the
brain. An ANN is made up of a collection of highly
interconnected nodes, called neurons or processing elements.
A node receives weighted inputs from other nodes, sums these
inputs, and propagates this sum through a function to other
nodes. This process is analogous to the actions of a biological
neuron. An ANN learns by example. Pattern recognition and
classification are examples of problems that are well suited for
ANN application [3]. In this paper DCT based techniques are
used to extract unique and relevant features of iris structure.
Obtained features are fed to neural network classifier for
identification.
OUTLINE
This paper is organized as follows. The next section
introduces iris as a biometric. Various methods in iris
recognition are discussed in third section.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 432
1

Proceedings of ICCNS 08 , 27-28 September 2008
The fourth section shows the results of the implemented
algorithms. Last section is the discussions.
II. IRIS AS A BIOMETRIC
The iris is the only internal organ of the body, which is
normally externally visible. These visible patterns are unique
to all individuals and it has been found that the probability of
finding two individuals with identical iris patterns is almost
zero. It is the colored part of the eye behind the eyelids, and in
front of the lens. Although the human eye is slightly
asymmetrical and the pupil is slightly off the center [4] for the
most practical cases we think of the human eye is symmetrical
with respect to line of sight. The iris controls the amount of
light that reaches the retina. Due to heavy pigmentation, light
only pass through the iris via pupil, which contracts and
dilates according to the amount of available light. Iris
dimensions vary slightly between the individuals. Its shape is
conical with the papillary margin located more interiorly than
the root. A thickened region called the collarete divides the
anterior surface into the ciliary and pupil zones. Iris is made
up of four different layers. The back layer is heavily
pigmented and makes iris opaque so that light only reaches the
eye through the pupil. The next layer contains the sphincter
and the dilator muscles that allows for contraction and
dilation. The third layer is the stroma, which is loosely
connected tissue containing collagen, melanocytes, most cells
and macrophases. The exterior layer is called the anterior
border layer and is denser than the previous layer with more
pigmentation. The color of the iris is created by different
levels of light absorption in the anterior border layers, little
pigmentation in this layer results in a blue appearance because
light reflects from the back layer of the iris. The more
pigmentation a person has in the anterior border layer, the
darker is the iris. The original eye image is shown in Figure1.
Because is that a grey iris image can provided enough
information to identify different individuals. The block
diagram of proposed iris recognition system is as shown in the
fig 2.
Image
Processing
Neural
Network
Data Bank
Output
Result
Fig. 2 The block diagram of iris recognition system
In proposed method an efficient iris recognition system for
security purpose is implemented by using the appropriate
characteristics of artificial neural network [8]. The iris
identification is basically divided in four steps.
1. Capturing the image and localization and segmentation of
an iris image
2. Features extraction using DCT
3. Training of artificial neural network by using obtained
feature vectors.
4. Implementing recognition process by processing proper
and distorted test data.
A. Capturing the Image
A good and clear image eliminates the process of noise
removal and also helps in avoiding errors in calculation. In
practical applications of a workable system an image of the
eye to be analyzed must be acquired first in digital form
suitable for analysis. Here we have used the Chinese academy
of sciences-Institute of automation (CASIA) [9] iris image
database available in the public domain. The experiments have
been performed on 10 persons. For each person 7 images were
acquired under different conditions. This makes a total of 70
experimental iris samples. Iris image is as shown in Figure 3.
Fig.1 Original eye image
III. ALGORITHMS
Many researchers have worked on various algorithms for
iris recognition. Daugman [1, 4, 5] presented a system based
on phase code using Gabor filters for iris recognition and
reported that it has excellent performance on a diverse
database of many images. Wildes [6] described a system for
personal verification based on automatic iris recognition. It
relies on image registration and image matching, which is
computationally very demanding. Boles et al. [7] proposed an
algorithm for iris feature extraction using zero crossing
representation of 1-D wavelet transform. All these algorithms
are based on grey image, and color information was not used.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 433
2
Fig. 3 Iris image
B. Iris Localization and Segmentation
Iris localization is done by using “Adobe Photoshop” and
digitally stored into the memory in the form of 011.1.1C.bmp,
012.1.1C.bmp,…,and 020.1.1C.bmp…as shown in the Figure
4. The localized iris image is then segmented into16X16
matrix by using blocks processing technique as shown in the
Figure 5.

Proceedings of ICCNS 08 , 27-28 September 2008
D. Training of Artificial Neural Network
Fig. 4 Crop iris image
Fig. 5 Segmented iris image
C. Feature Extraction Using DCT
This system exploits features extraction capabilities of the
discrete cosine transform (DCT) that can be calculated very
fast. The DCT is closely related to the discrete Fourier
transform. It is a loss-less and reversible mathematical
transformation that converts a spatial amplitude representation
of data into a spatial frequency representation. It is a separable
linear transformation; that is, the two-dimensional transform is
equivalent to a one-dimensional DCT performed along a
single dimension followed by a one-dimensional DCT in the
other dimension. One of the advantages of the DCT is its
energy compaction property, that is, the signal energy is
concentrated on a few components while most other
components are zero or are negligibly small. The twodimensional
DCT of an M-by-N image is defined as
π(2m+
1) p π(2n
+ 1) q
cos cos
2M
2
M 1N
1
pq
=
p q∑∑
− −
β α α Amn
m=
0 n=
0 N
0 ≤ p ≤ M − 1
0 ≤ q ≤ N − 1
⎪⎧
p = 0
1 / M ,
α
p
= ⎨
1 ≤ p ≤ M − 1
⎪⎩ 2 / M ,
follows ,
α
q
=
⎪⎧
1 /
⎨
⎪⎩ 2
/
N
N
,
,
q
=
0
1 ≤ q
≤
N − 1
The values B pq are called the DCT coefficients of image. The
two-dimensional DCT uses the fundamental operation of onedimensional
DCT; it assumes 8x8 arrays of pixels are eight
rows of eight pixels. Thus one-dimensional DCT is applied
separately to each row of eight pixels; the result will be eight
rows of frequency coefficients. These eight coefficients are
then taken as eight columns, the first column will contain all
DC coefficients, and the second column will contain the first
AC coefficient from each row, and so on. The length of
obtained feature vector is 128 [10, 11].
Multilayer Perceptron neural network is chosen for training of
artificial neural network. MLP is one of the most widely
implemented neural network topologies. The article by
Lippman [12] is probably one of the best references for the
computational capabilities of MLPs. Generally speaking, for
static pattern classification, the MLP with two hidden layers is
a universal pattern classifier. Moreover, when the weights are
properly normalized and the output classes are normalized to
0/1, the MLP achieves the performance of the maximum a
posteriori receiver, which is optimal from a classification point
of view [13]. In terms of mapping abilities, the MLP is
believed to be capable of approximating arbitrary functions.
This has been important in the study of nonlinear dynamics
[14], and other function mapping problems. MLPs are
normally trained with the back propagation algorithm [13].
Figure 6 illustrates architecture of MLP. The circles are the
PEs arranged in layers. A special class of feed forward
networks is the layered class, which is called the MLP. The
layers without direct access to the external world, i.e.
connected to the input or output, are called hidden layers.
Layers that receive the input from the external world are
called the input layers. Layers in contact with the outside
Inputs
X1
X2
Xn
Fig. 6: A multilayer perceptron
world are called output layers. The lines represent weighted
connections (i.e., a scaling factor) between PEs. By adapting
its weights, the neural network works towards an optimal
solution based on a measurement of its performance. For
supervised learning, the performance is explicitly measured in
terms of a desired signal and an error criterion. For the
unsupervised case, the performance is implicitly measured in
terms of a learning rule and topology constraints [14-16].
E. Performance Measures
The Performance Measures access point of the error criterion
component provides the values that can be used to measure the
performance of the network for a particular data set.
Following performance measures are used to decide the
performance of the networks.
1 Mean Squared Error (MSE)
2 Percentage Error (% Error)
F. Implementing Recognition Process
Software was developed in Matlab 7. 70 input images of 10
persons were used for preparing data set. A computer with
Pentium 4, dual core processor was used. Neuro solution 5 is
used for experimentation.
Y
Output
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 434
3

Proceedings of ICCNS 08 , 27-28 September 2008
EXPERIMENTATION
Procedure for experimentation is as follow;
Prepared data sets was used for training and testing,
Select the columns to be used as input, and desired output.
Select the percentage of number of rows for testing and
training.
Select the topology as multilayer perceptron.
Select the number of hidden layers, and processing elements
in each layer, transfer function (tanh, linear tanh, sigmoid,
linear sigmoid, and softmax), and then select the training
cycle. Select the momentum and step size.
Once the neural network is trained, it is used for testing.
The key performance measures are classification accuracy and
Mean Square Error (MSE).
If the results are not satisfactory i.e. if the error is more than
expectation then parameters needs to be changed.
IV. RESULTS AND DISCUSSIONS
The results obtained are very promising, which are presented
below
Selection of Optimal Number of Transformed Coefficients
In order to find the optimal number of coefficients, neural
network is trained using various number of feature vectors
including the statistical parameters such as average, standard
deviation, contrast, correlation, energy, entropy and
homogeneity of the iris image.A graph in figure 7 indicates the
average classification accuracy on test data for various number
of DCT coefficients. It is observed that the average
classification accuracy is 100% for 8, 16 and 32 numbers of
transformed coefficients. In figure8 the average MSE on test
data for various number of DCT coefficients is shown. Hence
optimal numbers of transformed coefficients selected are 8.
Fig.7 Average classification accuracy for optimal number of
transformed coefficients using DCT feature extraction
technique
Fig.8 Average MSE for optimal number of transformed
coefficients using DCT feature extraction technique
Classification Accuracy and MSE
The most important performance measures so far as the
classifier concerned are classification accuracy and Mean
Square Error (MSE). The values of these measures are shown
for each person when the trained neural network was tested on
the testing data set. Multilayer perceptron neural network with
two hidden layer has been configured as a classifier; the
activation function used in hidden layers as well as the output
layer was sigmoid. It can be inferred from Table 1 that MLP
neural network with sigmoid activation function is able to
estimate the decision boundaries for the given classification
problem very accurately. It is also observed that average
classification accuracy is 100%, and average MSE for sigmoid
is 0.015273718.
Table 1 Performance measures of multilayer perceptron neural
network classifier with learning rule delta bar delta with
activation function sigmoid using DCT feature extraction
technique
Person
Performance measures
Classification
Accuracy in
Percentage
Mean Square Error
(MSE)
P11 100 0.001187669
P12 100 0.004748337
P13 100 0.008546251
P14 100 0.001572649
P15 100 0.010276187
P16 100 0.038770169
P17 100 0.041400287
P18 100 0.030633491
P19 100 0.010697139
P20 100 0.004905001
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 435
4
C. The Plot of Average of Minimum MSE
In order to decide number of neurons in the hidden layer
computer simulation experiment is designed. Following is the
procedure of selection of number of neurons in the hidden
layer one and two for Discrete Cosine Transform feature
extraction technique using MLP neural network.

Proceedings of ICCNS 08 , 27-28 September 2008
Number of neuron is gradually increased from 1 to 30 at the
increment of one. For each setting neural network is retrained
three times with different random initialization of initial
weight. These experiments are performed separately for the
choice of neurons in hidden layer one and hidden layer two. It
is also observed from Figure 9 that when number of neuron is
increased, initially MSE start decreasing, this trend continues
up to 28 neurons because for these neurons MSE is
0.00043915, which is the lowest, and the number of epochs
are 1000. If we continue to increase the neurons beyond this,
MSE start increasing therefore the number of neurons selected
in the hidden layer one should be 28.
The sample of iris images for different persons labeled as
P11,P12,….P20 are given in figure 11.
Iris image of person P11 Iris image of person P12
Iris image of person P13 Iris image of person P14
Figure 9 The plot of average of minimum MSE for DCT
based MLP using learning rule deltabardelta with and
activation function sigmoid, hidden layer one, 1000 epoch,
and 3 runs
For hidden layer two, it is also observed from Figure 10 that
when number of neuron is increased, initially MSE start
decreasing, this trend continues up to 28 neurons because for
these neurons MSE is 0.000408375, which is the lowest, and
the number of epochs are 1000. If we continue to increase the
neurons beyond this, MSE start increasing therefore the
number of neurons selected in the hidden layer one should be
28.
Iris image of person P15
Iris image of person P16
Iris image of person P17
Iris image of person P18
Figure 10 The plot of average of minimum MSE for DCT
based MLP using learning rule deltabardelta with and
activation function sigmoid , hidden layer two, 1000 epoch,
and 3 runs
Iris image of person P19
Iris image of person P20
Fig.11 The sample of iris images for different persons labeled
as P11,P12,….P20 .
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 436
5

Proceedings of ICCNS 08 , 27-28 September 2008
CONCLUSION
In this paper efficient techniques are described for iris
recognition system with high performance. The iris
recognition system is tested using benchmark CASIA image
database. A series of trials were made for determining the
atchitecture of network, appropriate number of neurons in
hidden layers, learning rules and transfer function. For DCT
based feature extraction technique MLP neural network with
sigmoid activation function is able to estimate the decision
boundaries for the given classification problem very
accurately. It is also observed that average classification
accuracy is 100%, and average MSE for sigmoid activation
function is 0.015273718. It is obvious from the exhibited
results that iris features when extracted using DCT approach
should form the basis of the optimal feature vectors. It is also
seen that the
MLP neural network with sigmoidal activation function
having two hidden layer works as an elegant classifier for the
iris recognition for person identification. Further development
of this method is under way and the results will be reported in
the near future. Judging by the clear distinctiveness of the iris
patterns we can expect iris recognition system to become the
leading technology in identity verification.
ACKNOWLEDGEMENTS
Principal author acknowledges his profound gratitude to
Hon’ble Prof. M.N.Navale, Founder President, Sinhgad
Technical Education Society, Pune, and Mrs. (Dr.) S. M.
Navale, Secretary, Sinhgad Technical Education Society, Pune
for extending all support and facilities without which this
research work would not have been completed. Principal
author would like to express his gratitude to Chinese Academy
of Sciences and Institute of Automation for providing the iris
images database. Principal author would like to express his
gratitude to University of Pune for providing financial
assistance required for research work.
[7]. W. W. Boles, B. Bolash, “A human identification
technique using images of the iris and wavelet transform,”
IEEE Transactions on Signal Processing, vol. 46, no.4, April
1998, pp11.85-1188.
[8]. Lye Will Liam, Ali Chekima, “Iris recognition using selforganizing
neural network,” Proceedings of The Student
<strong>Conference</strong> on Research and Development, Shah Alam,
Malaysia, 2002, pp169-172.
Chinese Academy of Sciences – Institute of automation.
Database of 756 greyscale eye images. http://www.
sinobiometrics.com, Version 1.0.
[9]. Gonzalez, Woods, Eddins, “Digital image processing
using matlab,” Pearson Education 2005.
[10]. Proakis Manolakis, “Digital signal processing principles,
algorithms and application,” Prentice-Hall India 2006.
[11]. Lippmann R., “An introduction to computiq with neural
nets,” IEEE ASSP Magazine, vol. 4, no. 2, April 1987, pp 4-
22. Neuro-Solutions Handbook, 2005.
[12]. Zurada J. M, “Introduction to artificial neural systems,”
West Publishing Company, 1992.
[13]. Martin T. Haggn, H. Demuth and M. Beale, “Neural
network design,” PWS Publishing, 1996.
[14]. Haykin S. Neural Network, “A comprehensive
foundation,” Prentice Hall, Englewood Clifts, NJ. 1999.
[15]. S.R.Ganorkar, A.A.Ghatol, “Person identification based
on iris image analysis,” <strong>International</strong> Journal, WSEAS
transaction on signal processing, Issue 2, vol.3, February
2007, pp 220-225 (ISSN 1790-5022).
REFERENCES
[1]. J. Daugman, “High confidence recognition of persons by a
test of statistical independence,” IEEE Trans. on PAMI, vol.
15, no. 11, 1993, pp 1148-1161.
[2]. J. Daugman, “The importance of being random statistical
principles of iris recognition,” Pattern Recognition, vol. 36,
no. 2, 2003, pp 279-291.
[3]. Y. Ozbay and B. Karlik, “A fast training back-propagation
algorithm on windows,” Proceedings of the Third
<strong>International</strong> Symposium on Mathematical and Computational
Applications, Turkey, 4-6 September 2002, pp. 204-210.
[4]. Daugman. “How iris recognition works,” Proceedings of
2002 <strong>International</strong> <strong>Conference</strong> on Image Processing, vol. 1,
2002.
[5]. Daugman, “Recognizing persons by their iris patterns in
biometrics,” Personal Identification in Networked Society,
Kluwer, 1998, pp103-121.
[6]. R. Wildes, “Iris recognition: an emerging biometric
technology”, Proceedings of the IEEE, vol. 85, no. 9,
September 1997.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 437
6

Proceedings of ICCNS 08 , 27-28 September 2008
Entropy Based Fast Fractal Image Compression
Mrs. Pradnya Kulkarni. , Prof.S.N.Mali. And Prof.M.V.Kulkarni
Abstract— there are different methods of fractal image
compression like Fixed Partitioning, Quadtree Partitioning, HV
partitioning and Triangular Partitioning. In this paper Quadtree
Partitioning Method is used as it gives high compression ratio at
good decompression quality and has fast decompression. The Fractal
Image Compression gives many desirable properties like resolution
independence and fast decoding time. But it still suffers from a high
encoding time. Therefore the Entropy Based Fractal Image
Compression algorithm is used to reduce the encoding time. This
Algorithm reduces the size of the domain pool based on the Entropy
value of each domain block, and also trys to get superior
performance over conventional fractal encoding. As the size of the
domain pool increases by choosing the spacing between domains by
one pixel width, we can get best possible image quality. Therefore
the reduction in Encoding time is very important which is the main
focus of this work. Experimental work used in this project tests the
results of encoding time, compression ratio and Peak Signal To
Noise Ratio (PSNR) for Fixed Partitioning, Quadtree Partitioning
and Entropy Based Technique.
Keywords— Fractal Image Compression, Complexity Reduction,
Entropy.
I.INTRODUCTION
With the ever increasing demand for images, sound, video
sequences, computer animations and volume visualization, data
compression remains a critical issue regarding the cost of data
storage and transmission times. Fractal [3] Image Compression is
one of them [2, 5]. It has generated much interest due its promise of
high compression ratios at good decompression. It has one more
Advantage of multiresolution property i.e. image can be decoded at
higher or lower resolutions than the original. Because of these
properties Fractal Image Compression is widely used in multimedia
[7].
Despite of all the above properties of Fractal Image
Compression, the long computing time in the encoding step still
remains the main drawback of this technique. So this paper presents
a method to reduce the encoding time of this technique by reducing
the size of the domain block.
Several methods have been proposed to overcome this problem
[1].One of the approaches for reducing the computational complexity
is the classification scheme. In this scheme range and domain blocks
are grouped in classed according to their common characteristics. In
the encoding phase only blocks belonging to the same class are
compared, thus saving the encoding time. Jacquin [[6]] proposed a
discrete feature classification scheme. The domain blocks are
classified according to their perceptual geometric features. Only
three major types of block are differentiated: shade blocks, edge
blocks and midrange blocks. In the Fisher’s classification method
[2], a given image block is divided into four quadrants. For each
quadrant, the average and the variance are computed. According to
certain combination of these values, 72 classes are constructed. This
method reduces the searching space efficiently. However, it required
large amount of computations and the arrangement of these 72
classes are complicated.
In this paper a new method to reduce the encoding time of
Fractal Image Compression is used [1]. This method is based on
removing the high entropy,∈ domain blocks from the domain pool.
In this way all the useless domains will be removed from the domain
pool achieving a more productive domain pool.
The rest of this paper is organized as follows. Section II, describes
fractal image encoding and the baseline algorithm. In section III
definitions of entropy and using in the proposed method followed by
experimental results and discussion in section IV.The conclusion is
in section V.
II FRACTAL IMAGE CODING
A.Principle of Fractal Coding
In the encoding, the image of size N x N is partitioned into nonoverlapping
range blocks R i , of a predefined size B x B. Then a
domain pool Ω is created from the image taking all the square
blocks D j of size 2B x 2B.The range-domain matching process
consists of a shrinking operation in each domain block that averages
its pixel intensities forming a block of size B X B [2].
For a given range R i , the encoder must search the domain pool Ω
for best affine transformation w i , which minimizes the distance
between the image R i and the image w i (D I). The Root Mean
Square RMS metric is used for computation. For a range block with
n pixels, each with intensity r i and a decimated block with n
pixels,each with intensity d i the objective is to minimize the quality
=∑
n
2
E( Ri,
Di)
( s ⋅di
+ o − ri
)
i=
1
which occurs when the partial derivatives with respect to s and o are
zero. Solving the resulting equations will give the best coefficients s
and o.
With s and o given the square error is
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 438

Proceedings of ICCNS 08 , 27-28 September 2008
Where si and o i are domain index and rotation index
respectively. The coefficients s i represents a contrast factor,
with | s i | ≤ 1.0 while the coefficients o i represents brightness
offset.
B. Baseline encoding algorithm
The encoding algorithm of fractal image compression based
on qudatree partition is as follows:
Step 1: Initialization (domain pool construction)
Divide the input image into N domains, D j
For (j=1; j ≤ N; j++)
Push D j onto domain pool stack Ώ
Step 2: Choose a tolerance level l c;
Step 3: Search for best matches between range and domain
Blocks
For(i=1;i ≤ num_range;i++)
Min_error= l c;
For (j=1;j ≤ num_domain;j++) {
Compute s,o;
If ( 0 ≤ s ≤ 1.0 )
If ( E( R i,D j ) < min_error) {
Min_error = E (Ri, Dj );
Best_domain[i] = j ;}
}
If (min_error = = l c)
Set R i uncovered and partition it into 4 smaller blocks;
Else
Save_coefficients(best_domain,s,o);
}
III.ENTROPY BASED FRACTAL IMAGE COMPRESSION
A.Entropy
Assume that there exists a set of events S ={x1, x2,…,xn},
with the probability of occurrence of each event p(x i) = p i.
These probabilities, P = {p1, p2,…,pn} , are such that each
p i ≥ 0, and ∑ n i=1 pi =1. The function
0=H(1,0,0,0…0) ≤ H(p1,p2,…,pn) ≤ H(1/n,1/n,…,1/n) = logn
Entropy is nothing but minimum number of bits of information
needed to encode the classification of an arbitrary member of set of
events.
It is the impurity of arbitrary collection of examples.
B.Entropy Based Algorithm
Full search problem as mentioned previously is computationally
intensive [1]. One of the simplest ways to decrease encoding time of
this full search problem is to decrease the size of the domain pool in
order to decrease the number of domains to be searched. This
method reduces the encoding time of fractal image compression by
performing less searches as opposed to doing a faster search, by
excluding many of domain blocks from the domain pool. This idea is
based on the observation that many domains are never used in a
typical fractal encoding, and only a fraction of this large domain
pool is actually used in the fractal coding. The collection of used
domains is localized in regions with high degree of structure .Fig.
3.1 shows the domain blocks of size 8x8 that are actually used in the
fractal code of Lena image. As expected the indicated domains are
located mostly along edges and in the regions of high contrast of the
image [1].Analyzing the domain pool, there is a very large set of
domain blocks in the pool with high entropy, which are not used in
the fractal code. Thus, it is possible to reduce the search time by
discarding a large fraction of high entropy blocks [1], which affect
only a few ranges. For these ranges sub-optimal domains with
smaller entropy may be found. In this way, the domain pool is
constructed from blocks with the lowest entropy instead of all
domains. In this case, the encoding time is heavily reduced by a
priori discarding those domains from the pool, which are unlikely to
be chosen for the fractal coding. Entropy value for each domain
block is calculated by using equation 3.1. According to this value a
decision is taken to determine if this domain can become a part of
the domain pool or not. A parameter 2 will control the domain
entropy value in the implementation, with 2 being a quality
parameter since it determines the size of the domain pool [1]. This
method can only reduce the factor of proportionality in the O (N)
complexity, where N is the domain pool size. The baseline
algorithm mentioned above is modified in such a way that the
domain pool contains only domain blocks which have
I (Xi)=-log(P i)
is called the amount of self-information associated with event xi .
This function is a measure of occurrence of the event xi. The
function I focuses on one event at a time.In most situations,
however, and certainly in the context of data compression, one has
to look at the entire set of all possible events to measure content
over the entire set. An important concept introduced by Shannon is
entropy [13] associated with a set of events, which takes the form:
n
H ( p1,
p2,...
pn)
= H ( s)
=−∑p
i
logi
i=
1
Entropy [4] can be defined as the average self-information that is,
the mean (expected or average) amount of information for an
occurrence of an event xi. In the context of coding a message,
entropy represents the lower bound on the average number of bits
per input value. The function H has the following lower and the
upper limits:
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 439

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 3.1 Domains of size 8 X 8 that used for fractal coding of
512 X 512 Lena are shown in black
a certain entropy value. The main steps of the modified encoder
algorithm of fractal image compression can be summarized as
follows:
Step 1: Initialization (domain pool construction)
Choose parameter є;
Divide the input image into N domains, D j
For (j=1; j ≤ N; j++) {
Ent = entropy (Dj);
If ( Ent ≤ є )
Push D j onto domain pool stack Ώ }
Step 2: Choose a tolerance level l c;
Step 3: Search for best matches between range and domain
Blocks
For (i=1; i ≤ num_range;i++) {
Min_error= l c;
For (j=1;j ≤ num_domain;j++) {
Compute s,o;
If ( 0 ≤ s ≤ 1.0 )
If ( E( R i,D j ) < min_error) {
Min_error = E (Ri, Dj );
Best_domain[i] = j ; }
}
If (min_error = = l c)
Set R i uncovered and partition it into 4 smaller blocks;
Else
Save_coefficients (best_domain,s,o);
}
IV. EXPERIMENTS AND RESULTS
This section presents experimental results showing the efficiency
of the method described in section III. The performance tests carried
out for a diverse set of well-known images of 32 x 32, 64 x 64,128 x
128,256 x 256 and 512 x 512 gray levels with 8 bits per pixels, on a
PC with Intel Pentium IV 750 MHz CPU and 256 MB memory
under windows XP operating system using Visual C++6.0 as a
programming language and the time is measured in milliseconds.
The scaling coefficient (contrast) restricted to values between 0 and
1 in order to avoid searching domain pool twice (i.e. allowed only
positive scaling factors in the gray level transformation). To ensure a
compact encoding of the affine transformation [2], the value of
contrast and brightness are quantized using 4 and 6 bits for contrast
and brightness, respectively. This study focuses on the
implementation issues and presents the first empirical experiments
analyzing the performance of benefits of entropy approach to fractal
image compression. The size of the range block [1] is set to be 8x8
pixel, and hence the domain size is 16x16, with domains
overlapping i.e. the domain step L (distance between two
consecutive domains) is divided by 4, And then using quadtree
method [2] the results are noted. and shown in the tables below.
A.Results of quadtree and entropy methods
In the table 5.1 I have shown the results which compare the
encoding time, compression ratio and PSNR using Quadtree
Partitioning technique [2] and Entropy Based Technique [1]. This
table shows that using Entropy based technique encoding time is
reduced as compared with Quadtree Technique. But it also shows
that image quality is degraded which is the drawback of used
technique. The used method is applicable in situations where
extremely fast encodings are desired and some quality degradation
can be tolerated. I have taken 45 different images to analyze the
result. In the following table 5.1 compression ratio1 (CR1),
Encoding time1 (T1) and PSNR1 are for Quadtree and Compression
ratio2 (CR2), Encoding time2 (T2) and PSNR2 are for Entropy
methods.
Table 5.1: Performance of Quadtree partition and Entropy coding of
Different Images
Img Size CR
1
T1 PSN
R1
CR2 T2 PSN
R2
Abe 32x32 1.18 47 15.6 0.82 16 9.40
Abe 64x64 1.13 141 23.9 1.21 78 18.27
Azumi 64x64 1.25 219 19.9 1.08 94 14.20
Abe 128x128 4.96 265 34.1 3.84 218 33.69
Azumi 128x128 3.21 296 32.1 2.63 234 31.56
Collie 256x256 13.4 906 36.0 12.3 812 34.87
Hara 512x512 47.8 3485 30.8 45.8 3250 31.11
B.Results of PSNR and Number of decoding steps using Quadtree
Table 5.2 shows the results of PSNR and number of decoding
steps using Quadtree that is it shows different iterations here 10
iterations for the analysis. After 7th iteration the PSNR remains
same it will not change for Azumi image of size 128 * 128.Its
Graphical representation is also shown. The fig.5.1 shows the graph,
that after 7th iteration the PSNR remains same. In table 5.3 the
same analysis for other image named Abe of size 256 * 256 is
shown, and also its fig 5.2 shows the graph is.
Table 5.2: PSNR Vs No. of Decoding Steps for Azumi (128 * 128)
Image using quadtree method
PSNR(dB)
Sr.No. Iterations PSNR(dB)
1 1 26.81
2 2 28.18
3 3 29.51
4 4 30.22
5 5 31.42
6 6 31.52
7 7 31.55
8 8 31.56
9 9 31.56
10 10 31.56
33
32
31
30
29
28
27
26
PSNR Vs No. Of decoding steps using Quadtree
method
0 5 10 15
Iterations
Fig 5.1: PSNR Vs No. Of Decoding Steps for Quadtree
Azumi Image
Table 5.3: PSNR Vs No. of Decoding Steps for Abe(256 * 256)
Image using Quadtree method
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 440

Proceedings of ICCNS 08 , 27-28 September 2008
Sr.No. Iterations PSNR(dB)
1 1 28.61
2 2 29.80
3 3 30.51
4 4 31.22
5 5 32.20
6 6 32.65
7 7 32.78
8 8 32.80
9 9 32.80
10 10 32.80
PSNR Vs No. of decoding steps Using Quadtree
method
Encoding time
Encoding time Vs Quality parameter for Abe
256 x 256 image
1200
1000
800
600
400
200
0
0 1 2 3 4
Quality parameter
Abe
PSNR(dB)
34
33
32
31
30
29
28
0 2 4 6 8 10 12
Iterations
Abe image
Fig 5.2: PSNR and No. of Decoding steps For Quadtree method
C.Results on basis of Quality Parameter
Results of Quality parameter with Encoding time
Quality Parameter 2[1] controls the domain entropy value [1] in the
implementation. So the table 5.4 shows the result with Quality
Parameter and encoding time for Abe image of size 256*256 . Also
its graph is shown as fig 5.3. The graph I got is linear that is
encoding time scales linearly with quality parameter.
Table 5.4: Quality Parameter Vs encoding time for Abe Image
(256 * 256)
Sr.No. Quality parameter Encoding
time(ms)
1 0 957.336
2 1 913.09
3 1.2 904
4 1.5 855
5 2 722.376
6 2.2 668.176
7 2.5 586.872
8 2.8 501.48
9 3 441.492
10 3.5 295.68
Fig. 5.3: Encoding time Vs Quality Parameter
Comparison among Fixed Partitioning, Quadtree and Entropy
method
The result in the table 5.5 shows the comparison with the
other technique that is fixed partitioning [2]. This technique I
have used only for study. I have used 5 different images of
size 128*128.
Table 5.5: Comparison with Fixed partitioning techniques
Img Size Fixed
Part.PSNR
Quadtree
PSNR
Entropy
PSNR
Insect 128x128 22.75 31.98 31.94
Temple 128x128 32.37 34.12 34.02
Taj 128x128 29.56 33.58 33.48
Trees 128x128 27.74 32.42 31.76
HAra 128x128 31.29 33.48 32.84
In this section the experimental results are shown with the
graphs. And different comparisons are shown which helps to make
the conclusion and prove the results that the encoding time is
reduced using Entropy based technique. Table 5.5 shows the
comparison between three techniques like Fixed Partitioning,
Quadtree Partitioning and Entropy based technique.
V .CONCLUSION
• Fractal Image Compression [2] has high compression ratio at
good quality and as well as it has the advantage of very fast
decompression.
• It has multi resolution property that is image can be decoded
at higher or lower resolutions than the original. These
properties made it a very attractive method for applications in
multimedia.
• In this paper I have used Entropy Based Fast Fractal Image
compression technique [1]. This technique reduces the domain
pool size, by allowing an adjustable number of domains to be
excluded from the domain pool based on the entropy value of
the domain block.
• So it requires less comparison as compared with Quadtree
technique, which in turn reduces the encoding time.
• Experimental results on standard images showed that
removing domains with high entropy from the domain pool
reduces the encoding time.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 441

Proceedings of ICCNS 08 , 27-28 September 2008
• By changing the quality parameter more encoding time is
reduced. But it has little effect on image quality.
A.Future work is:
• Quality parameter controls entropy of the domain blocks. More
work can be done to improve on the Encoding time, such as
using more values of quality parameter. That is by changing
quality parameters encoding time and PSNR can be improved.
• As the drawback of Entropy technique is the poor Image
Quality. So i will try to get the less encoding time as well as
the good image quality. So Code may change little bit.
REFERENCES
[1] M. Hassaballah,M.M.Makky and Youssef B.Mahdy, ”A Fast
Fractal Image Compression Method Based Entropy” Electronic
letters on Computer Vision and Image Analysis 5(1):30-40,2005.
[2] Yuval Fisher (ed.), Fractal Image Compression: Theory and
Application, Springer Verlag, New York, 1995.
[3] Steven Harrington,Computer Graphics: A Programming
Approach, Second edition.
[4] Anil.K.Jain,Fundamentals of Digital Image Processing,PHI
Publication.
[5] http://en.wikipedia.org/wiki/Fractal-Compression
[6] A.E.Jacquin.Image Coding Based on a Fractal Theory of
Iterated Contractive Image transform.IEEE Trans. On Image
Processing,Vol. 1001.
[7] M.Barnsley and L.Hurd.fractal Image Compression. On Image
Processing: Mathematical Methods and applications.pp.183-
210,Clarendon Press,Oxford,1997.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 442

ICCNS 08
Discrete
Streams

Proceedings of ICCNS 08 , 27-28 September 2008
Arm Processor Based Smart Time Attendance
Monitoring & Recording System Using Thumb
Scanner & Smart Card
Mrs. Aarti A.Patil, Prof. Ajay M.Agarkar, Mrs. Anupama V. Patil
Abstract— Biometric is making revolution in the field of time
attendance system. It offers several advantages over traditional &
current method. This is because only biometric authentication is
based on the identification of an intrinsic part of human being . The
advantages of using “Fingerprint” in time attendance system include
widespread public acceptance, convenience and reliability. The key
function offered by system is “Verification Method” in which it
checks previously enrolled data to verify the individual.. This method
provides the best combination of speed and security. It takes little
time & effort to acquire one’s fingerprint. So fingerprint recognition
is considered among the least intrusive of all biometric verification
techniques. There is great accumulation of scientific data supporting
the idea that no two fingerprint are alike. In this paper we suggest the
embedded algorithm which is more convenient and secured as
compared to traditional time attendance method . It always avoid the
fake attendance generally known as “proxy”. The use of smart card
along with fingerprint scanner is make great help to keep record for
administration purposes.
Biometrics information can be used to identify person. The
system consist of
• smartcard easy to carry
compact
• fingerprint recognition unique identity
permanent
II.
A. Block Diagram
FUNCTIONAL SYSTEM
Keywords-Arm7 processor, biometric, fingerprint,Smart-card.
I. INTRODUCTION
IN colleges the attendance of the students is take conventional
method. Here the lecturer takes the registers with him to note
down the attendance
In this system there are lot of problems
• Needs to carry register with them.
• Chance of fake attendance usually known as proxy.
• Time consuming process.
To overcome this difficulties we provide Biometric solution
system in which fingerprint recognition is used along with
ARM processor. Biometrics is an automated method of
recognizing a person based on physical or behavioral
characteristics.
Mrs.A.A Patil is student of M.E.(Digital Electronics) from Shri Sant
Gajanan Maharaj College of Engg. Shegaon,Amravati university, India
444 203(e-mail:suryakant3@rediffmail.com)
Prof. A. M. Agarkar, is an Assistant Professors in Electronics Dept &.
Member of Research Promotion Committee of SGIARC and Chief
Coordinator of PG-PhD Sponsorship Cell of S.S.G.M.C.E.Shegaon.
Amravati university 444203. (e-mail: ajayagarkar@rediffmial.com.)
Mrs. A.V. Patil is Head of Electronics Engineering Department, Dr. D.Y.
Patil College of Engg.Akurdi, Pune-411 044 India Pune University (e-mail:
anupamav4@gmail.com).
Figure 1 Block Diagram of Attendance Monitoring &
Recording System
B. Arm-Introduction
• Advances RISC Machines (known as ARM) was
established by Acorn.
• ARM is the industry's leading provider of 16/32-bit
embedded RISC microprocessor solutions.
• The company licenses its high-performance, low-cost,
power-efficient RISC processors, Peripherals, and
system-chip designs to leading international electronics
companies.
• ARM provides comprehensive support required in
developing a complete system.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 443

Proceedings of ICCNS 08 , 27-28 September 2008
C. Arm-Features
• 32-bit RISC processor (32-bit data & address bus).
• Big and Little Endian operating modes.
• High performance RISC (17 MIPS sustained @ 25 MHz
(25 MIPS peak) @ 3V).
• Low power consumption (0.6mA/MHz @ 3V fabricated
in .8µm CMOS).
• Fully static operation (ideal for power-sensitive app).
• Fast interrupt response (for real-time applications).
• Virtual Memory System Support.
• Excellent high-level language support.
• Simple but powerful instruction set.
D. Arm-Applications
The ARM7 is ideally suited to those applications requiring
RISC performance from a compact, power-efficient processor.
• Telecoms - GSM terminal controller.
• Datacomms - Protocol conversion.
• Portable Computing - Palmtop computer.
• Portable Instrument - Handheld data acquisition unit
• Automotive - Engine management unit
• Information systems - Smart cards
• Imaging - JPEG controller
E. Arm-Architecture
Figure 2 ARM Architecture
F. Arm- Operating Modes
• User mode (usr): The normal program execution state
FIQ mode (fiq): For data transfer or channel process.
IRQ mode (irq): for general purpose interrupt handling.
Supervisor mode (svc): a protected mode for OS
• Abort mode (abt): entered after a data or instruction prefetch
abort.
• Undefined mode (und): entered when an undefined
instruction is executed.
G. Arm-Registers
• Total - 37 registers
31 - general 32 bit registers
06 - status registers
• 16 general registers and one or two status registers are
visible at any time The visible registers depend on the
processor mode.
• The other registers (the banked registers) are switched
in to support IRQ, FIQ, Supervisor, Abort and Undefined
mode processing
H. Arm-Overview
The ARM7 is part of the Advanced RISC Machines
(ARM) family of general purpose 32-bitmicroprocessors,
which offer very low power consumption and price for high
performance devices. The architecture is based on Reduced
Instruction Set Computer (RISC) principles, and the instruction
set and related decode mechanism are much simpler in
comparison with micro programmed Complex Instruction Set
Computers. This results in a high instruction throughput and
impressive real-time interrupt response from a small and costeffective
chip.
The instruction set comprises eleven basic instruction types:
• Two of these make use of the on-chip arithmetic logic
unit, barrel shifter and multiplier to perform high-speed
operations on the data in a bank of 31 registers, each 32
bits wide;
• Three classes of instruction control data transfer between
memory and the registers, one optimized for flexibility of
addressing, another for rapid context switching and the
third for swapping data;
• Three instructions control the flow and privilege level of
execution; and
• Three types are dedicated to the control of external
coprocessors which allow the functionality of the
instruction set to be extended off-chip in an open and
uniform.
The ARM instruction set is a good target for compilers of
many different high-level languages. Where required for
critical code segments, assembly code programming is also
straightforward, unlike some RISC processors which depend
on sophisticated compiler technology to manage complicated
instruction interdependency
Pipelining is employed so that all parts of the processing
and memory systems can operate continuously. Typically,
while one instruction is being executed, its successor is being
decoded, and a third instruction is being fetched from memory.
The memory interface has been designed to allow the
performance potential to be realized without incurring high
costs in the memory system. Speed critical control signals are
pipelined to allow system control functions to be implemented
in standard low-power logic, and these control signals facilitate
the exploitation of the fast local access modes offered by
industry standard dynamic RAM s. ARM7 has a 32 bit address
bus. All ARM processors share the same instruction set, and
ARM7 can be configured to use a 26 bit address bus for
backwards compatibility with earlier processors. ARM7 is a
fully static CMOS implementation of the ARM
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 444

Proceedings of ICCNS 08 , 27-28 September 2008
III. BIOMETRICS
Biometrics refers to identifying an individual based on his
or her physiological or behavioral characteristics, Behavioral
biometrics are generally used for verification while physical
biometrics can be used for either identification or verification
which is the capability to reliably distinguish between an
authorized person and an imposter. The biometric
characteristics are distinctive, cannot be forgotten or lost, and
the person to be authenticated needs to be physically present at
the point of identification. Biometrics is inherently more
reliable and more capable than traditional knowledge-based
and token-based techniques. Biometrics are used for
identification and verification:
Identification is determining who a person is. It involves
trying to find a match for a person's biometric data in a
database containing records of people and that characteristic.
This method requires time and a large amount of processing
power, especially if the database is very large.
Verification is determining if a person is who they say they
are.It involves comparing a user's biometric data to the
previously recorded data for that person to ensure that this is
the same person. This method requires less processing power
and time, and is used for access control
Biometric identifiers offers several advantages over
traditional and current method. This is because only biometric
authentication is based on the identification of an intrisic part
of human being. It provide the security and convenience
needed for todays complex electronic landscape.
A. Principles of Fingerprint Biometrics
A fingerprint is made of a number of ridges and valleys on
the surface of the finger. Ridges are the upper skin layer
segments of the finger and valleys are the lower segments. The
ridges form so-called minutia points: ridge endings (where a
ridge end) and ridge bifurcations (where a ridge splits in two).
Many types of minutiae exist, including dots (very small
ridges), islands (ridges slightly longer than dots, occupying a
middle space between two temporarily divergent ridges), ponds
or lakes (empty spaces between two temporarily divergent
ridges), spurs (a notch protruding from a ridge), bridges (small
ridges joining two longer adjacent ridges), and crossovers (two
ridges which cross each other).The uniqueness of a fingerprint
can be determined by the pattern of ridges and furrows as well
as the minutiae points. Fingerprints are usually considered to
be unique, with no two fingers having the exact same dermal
ridge characteristics.
Fingerprint scanning essentially provides an identification
of a person based on the acquisition and recognition of those
unique patterns and ridges in a fingerprint. The basis of
identification, however, is nearly the same. Standard systems
are comprised of a sensor for scanning a fingerprint and a
processor which stores the fingerprint database and software
which compares and matches the fingerprint to the predefined
database Within the database, a fingerprint is usually matched
to a reference number, or PIN number which is then matched to
a person’s name or account. In instances of security the match
is generally used to allow or disallow access, but today this can
Figure 3 Fingerprint
also be used for something as simple as a time clock or payroll
access.
B. How Does Fingerprint Biometrics Work
The main technologies used to capture the fingerprint
image with sufficient detail are optical, silicon, and ultrasound.
There are two main algorithm families to recognize
fingerprints:
Minutia matching compares specific details within the
fingerprint ridges. At registration (also called enrollment), the
minutia points are located, together with their relative positions
to each other and their directions. At the matching stage, the
fingerprint image is processed to extract its minutia points,
which are then compared with the registered template.
Pattern matching compares the overall characteristics of the
fingerprints, not only individual points. Fingerprint
characteristics can include sub-areas of certain interest
including ridge thickness, curvature, or density. During
enrollment, small sections of the fingerprint and their relative
distances are extracted from the fingerprint. Areas of interest
are the area around a minutia point, areas with low curvature
radius, and areas with unusual combinations of ridges.
.
IV. FINGERPRINT RECOGNITION
The fingerprint is scanned and stored as image that will be
converted into a digital format, which is further processed by
the feature extractor to produce a compact digital
representation. The resulting representation is fed to the
feature matcher, which compares it against the template of a
single user (retrieved from the stored data base). This system
is a semi-automatic, where the biometric acquisition is
obtained.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 445

Proceedings of ICCNS 08 , 27-28 September 2008
A. Project Objectives
V. PROJECT DESIGN
• Two Key Function offered by Biometrics System
Identification :- ‘ 1: N ‘- Comparison set of stored sample
Verification :- ‘ 1: 1 ‘ - Verify previously enrolled data.
• Verification method provide best combination of speed
and security where multiple user are concerned .so we
provide finger print recognition by verification method.
• fingerprint is not image but data points are mapped from
fingerprint and formed into template.
• When you enroll, your fingerprint template is formed and
stored.
• For identification or verification, you present your finger
to form another template, and that template is matched
against the stored template.
B. System Working
The fingerprint is scanned and stored as image
that will be converted into a digital format, which is further
processed by DSP The DSP runs image enhancement, template
extraction and identification and/or authentication algorithms
to match the captured image against stored fingerprint
the users in the system data base On a successful match, the
DSP sends a signal across the RS232 standard to authorize
access to the secured asset along with using some form of
visual or audio signal to let the user and the system know that
the user is verified. On a failed match, some form of visual or
audio signal can be generated using the DSP to alert message
such as "user not identified ."The main parameters
characterizing a digital fingerprint image are: resolution, area,
number of pixels, geometric accuracy, contrast, and geometric
distortion. The scanning operation was done in twice. .
Scan finger Extraction Comparison
Verify individual
Acceptable
level
Ref
minutia graph
for individual
YES
NO
Thin image to
Single pixel
Access to application
registered
Access denied
can’t registered
Figure 5 Fingerprint recognition
C. Registraion
After scanning the user fingerprint, it is registered into
smart card via ARM processor for recording purpose .Smart
card is an integrated circuit consist of EEPROM that transacts
data between user. This data is associated with information
regarding percentage of attendance, eligibility of student
etc..and all updated data are again stored into smart card .All
features and security to various degree that smart card provide.
D. Verification
In the verification task the system compares the
representation of the input biometric against the templates of
all the users in the system database; the output is either the
verify of an enrolled user or an alert message such as "user not
identified." Like way all users are verified and registered their
attendance.
Figure 4 System flow-chart
templates. In the verification task the system compares the
representation of input biometric against the templates of all
E. User friendly operation
The flow of functionality are made easier and user
friendly by ARM processor it includes keypad interfacing for
entering user ID no, time, Date, selection of mode etc.
Keypads are often used as a primary input device for
embedded microcontrollers. The keypads actually consist of a
number of switches. 16X2 LCD is interfaced to processor
for viewing the status of operation. This attendance can be
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 446

Proceedings of ICCNS 08 , 27-28 September 2008
integrated with data collecting System and Performance will
be calculated as per rule defined by college.TCP/IP and COM
port is available to download data from System to Computer
for Reporting Purpose.
Figure 6 Typical model of a fingerprint identification system
VI. RESULT
This system holds fingerprint data for up to 4424registered
users. The system gives the verification of users within less
than one second .Using biometric solution the system provides
good attendance of the student without proxy. The system
gives unique verification of the student. Malpractice is not
occurred
REFERENCES
[1] A real-time matching system for large fingerprint
databases Ratha, N.K; Karu, K.; Shaoyun Chen; Jain, A.K.
Pattern Analysis and Machine Intelligence, IEEE Transactions
on Volume: 18 Issue: 8 Aug 1996
[2] A. K. Jain, L. Hong, S. Pankanti, and R.Bolle, "An
Identity Authentication System Using Fingerprints," Proc.
IEEE, 1997.
[3] A. K. Jain, A. Ross, and S. Prabhakar, "Fingerprint
Matching Using Minutiae and Texture Features",
<strong>International</strong> <strong>Conference</strong> on Image Processing (ICIP), 2001.
[4] Fingerprint features-statistical analysis and system
performance estimates Roddy, A.R.; Stosz, J.D.
Proceedings of the IEEEVolume: 85 Issue: 9 Sep 1997
[5] Fingerprint image enhancement: algorithm and
performance evaluation Lin Hong; Yifei Wan; Jain, A.
Pattern Analysis and Machine Intelligence, IEEE Transactions
on Volume: 20 Issue: 8 Aug 1998
[6] A single-chip fingerprint sensor and identifier
Shigematsu, S.; Morimura, H.; Tanabe, Y.; Adachi, T.;
Machida, K.Solid-State Circuits, IEEE Journal of
Volume: 34 Issue: 12 Dec 1999
[7] ARM system developers guide. By wright A.sloss,D
symes,C. wright
[8] "Key performance indicators", p. 3, ARM annual report
and accounts, 2006. Retrieved May 7, 2007
VII. CONCLUSION
Fingerprint based identification system is extremely
important, and a challenging task in several commercial areas.
Even though several commercial systems exist for fingerprint
verification, the performance has to be improved for a wide
adoption in authentication applications. The various
techniques proposed in this have significantly improved the
overall performance of the fingerprint verification system and
it is accurate to handle the poor quality fingerprint images
gracefully, The developed technique for fingerprint
identification exploits the global characteristics in a fingerprint
image exactly to make the verification process. Each
fingerprint image is filtered This Biometric Time Attendance
System records attendance through finger/thumb Impression.
It can help in stopping the Proxy attendance and gives the
exact timing of In/Out for each student. Student has to put the
finger on sensor only once to verify the Finger when Student
comes in or goes from classroom .
ACKNOWLEDGMENT
Mrs. Aarti Patil have no words to express her sincere
thanks for valuable guidance extreme assistance and
cooperation extended to her by her Internal Guide Prof.A.M.
Agarkar. Mrs.Aarti Patil would like to thank Mrs. Anupama V
Patil for completing this task successfully .
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 447

Proceedings of ICCNS 08 , 27-28 September 2008
Fault Tolerant Grid Computing System
Manik Mujumdar 1 , Meenakshi Bheevgade 2 and Latesh Malik 3
1, 3: G.H. Raisoni College of Engineering, Nagpur, Maharashtra, INDIA.
2 : Visweswaraya National Institute of Technology, Nagpur, Maharashtra, INDIA.
1 gdhopavkar1@rediffmail.com, 2 mbbhivgade@vnit.ac.in
3 lgmalik@rediffmail.com
Abstract
The popularity of the Internet and the availability
of powerful computers and high-speed networks as lowcost
commodity components are changing the way we
use computers today. These technical opportunities
have led to the possibility of using geographically
distributed and multi-owner resources to solve largescale
problems in science, engineering, and commerce.
Recent research on these topics has led to the
emergence of a new paradigm known as Grid
computing. Though after parallelization, computation
had speed up but still the time required for much
application can be very large. Thus reliability of the
grid becomes important issue and implementation of
fault tolerant mechanism becomes essential. The fault
tolerance is a significant and complex issue in grid
computing systems. Various techniques have been
investigated to detect and correct faults in distributed
computing systems.
Key words — Grid, cluster, fault tolerant systems, grid
computing system, meta-computing.
1. Introduction
In today’s pervasive world, information is needed
anytime anywhere. To cater these requirements
distributed computing concepts evolved. Given the fact
that an average computer is idle 90% of the time and
that 99% of its capabilities are never tapped, as
measured by the computational stress on the CPU, there
is a huge opportunity to apply this power in a beneficial
manner. This unused power can be best utilized by using
Grid.
Grid computing is a means of allocating the
computational power of a large number of computers to
a very difficult problem. The goal is to access computers
only when they are needed and to scale the problem so
that even small computers can make a useful
contribution.
A number of teams have conducted experimental
studies on the cooperative use of geographically
distributed resources unified to act as a single powerful
computer. This new approach is known by several
names, such as metacomputing, scalable computing,
global computing, Internet computing, and more
recently peer-to-peer or Grid computing.
A Grid environment is created to address resource
needs. The use of resource(s) like CPU cycles, disk
storage, data, software programs, peripherals is usually
characterized by its availability outside of the context of
the local administrative domain. This 'external
provisioning' approach entails creating a new
administrative domain referred to as a Virtual
organization (VO) with a distinct and separate set of
administrative policies (home administration policies
plus external resource administrative policies equals the
VO administrative policies). The context for a Grid 'job
execution' is distinguished by the requirements created
when operating outside of the home administrative
context. Grid technology is employed to facilitate
formalizing and complying with the Grid context
associated with your application execution.
Grid computing is enabled by relatively highperformance
computers, robust computer networks,
grid management software, and the divisibility of
difficult scientific problems. Together these allow a
job to be subdivided and distributed to thousands or
even millions of computers to calculate a solution.
The Grid computing discipline involves the actual
networking services and connections of a potentially
unlimited number of ubiquitous computing can be most
simply thought of as a massively large power “utility”
grid, such as what provides power to our homes and
business each and every day. Grid computing openly
seeks and is capable of adding an infinite number of
computing devices into any grid environment, adding to
the computing capability and problem resolution tasks
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 448

Proceedings of ICCNS 08 , 27-28 September 2008
within the operational grid environment.
A computational grid is a hardware and software
infrastructure that provides dependable, consistent,
pervasive, and inexpensive access to high-end
computational capabilities.
A grid application can be defined as an application
that operates in a grid environment or is “on” a grid
system. Grid system software (middleware) is software
that facilitates writing grid application and manages the
underlying grid infrastructure.
The concept of Grid computing started as a project to
link geographically dispersed supercomputers, but now
it has grown far beyond its original intent. The Grid
infrastructure can benefit many applications, including
collaborative engineering, data exploration, highthroughput
computing, and distributed supercomputing.
In our research work, we try to implement a novel
fault tolerance mechanism on computational grid.
Fault tolerance in Grids:
In large-scale grids, the probability of a failure is
much greater than in traditional parallel systems [1].
Therefore, fault tolerance has become a crucial area in
grid computing.
Fault tolerance in Grid is a significant and complex
issue to secure a stable and reliable performance.
Section II contains the description of the related work.
In section III, the work done and the section IV,
describes the future work.
Diagrammatic representation of grid
2. Related work
Fault-tolerant computing is the art and science of
building computing systems that continue to operate
satisfactorily in the presence of faults. A fault-tolerant
system may be able to tolerate one or more fault-types
including -- i) transient, intermittent or permanent
hardware faults, ii) software and hardware design errors,
iii) operator errors, or iv) externally induced upsets or
physical damage. Lot of research work has been carried
out on this issue. Most works dealing with random
hardware faults, while a smaller number deal with
software, design and operator faults to varying degrees.
A large amount of supporting research has been
reported.
One of the most difficult tasks in the design of a faulttolerant
machine is to verify that it will meet its
reliability requirements. Performance models for two
fault tolerance methods, checkpoint-recovery (CR) and
wide-area replication (WR), have been developed.
In [1] authors address the problem of fault tolerance
in term of resource failure. They devise a strategy for
fault tolerant job scheduling in computational grid. This
strategy maintains history of the fault occurrence of
resource in Grid Information Service (GIS). Whenever a
resource broker has job to schedule, it uses the resource
fault occurrence history information from GIS and
depending on this information use different intensity of
check pointing and replication while scheduling the job
on resources which have different tendency towards
fault acceptable service.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 449

Proceedings of ICCNS 08 , 27-28 September 2008
In [2] authors evaluate a transparent checkpointrestart
mechanism for commodity operating systems that
checkpoints and restarts multiple processes in a
consistent manner. This system combines a kernel-level
checkpoint mechanism with a hybrid user level and
kernel-level restart mechanism to leverage existing
operating system interfaces and functionality as much as
possible for transparent checkpoint-restart.
As [7] describes the function of fault tolerance to
preserve the delivery of expected services despite the
presence of fault-caused errors within the system itself.
Errors are detected and corrected, and permanent faults
are located and removed while the system continues to
deliver acceptable service.
Executing SPMD [3] applications in a fault tolerant
manner can be achieved by check pointing or
replication. For the purposes of a direct quantitative
comparison, a simple checkpoint model is assumed in
which each SPMD task saves its portion of the data
domain on disk at a set of pre-determined iterations.
Check pointing restart (C/R) is cheaper as compared to
WR for small problems.
In [5], authors define resource as any capability that
must be scheduled, assigned, or controlled by the
underlying implementation to assure non-conflicting
usage by processes.
Scheduling policies for Grid systems can be classified
into space-sharing [6] and time-sharing. It is also
possible to combine these two types of policies into a
hybrid policy to design an on-line scheduling policy.
In [4] the authors have designed a framework that
enables the easy integration of fault-tolerance techniques
into object-based grid applications. Using programming
tools augmented with fault-tolerance capabilities, they
have shown how applications can be written to tolerate
crash failures.
In [9], authors give a fault detection service designed
to be incorporated, in a modular fashion, into distributed
computing systems, tools, or applications. This service
uses well-known techniques based on un-reliable fault
detectors to detect and report component failure, while
allowing the user to tradeoff_ timeliness of reporting
against false positive rates.
In[10], the approach is from user viewpoint of Grid
and consider the nature of Grid faults across the board
based on thread state capturing mechanism, an
exception handling method and mobile agent
technology.
3. Our Approach
a) Cluster
A cluster is defined as “A type of parallel or
distributed system that: consists of a collection of
interconnected whole computers, and is used as a single,
unified computing resource." Therefore, cluster is a
group of computers, bound together into a common
resource pool. A given task can be executed on all
computers or on any specific computer in the cluster.
Lets look into the benefits from clustering:As grid is
collection of clusters, we have built a LAM/MPI cluster
at two different physical locations.
For our project we had five identical Gateway PCs at
our disposal. Each PC had:
Software:
1. Intel Pentium III 550 MHz processor
2. 56 MB of RAM
3. Com 3C905C-TX 100Mbps Ethernet Card
Hardware :
The operating system used for this project is Redhat
Linux 5.
The middleware used to provide communications
between processes was the Local Area Multi-computer
(LAM) implementation of MPI. The reason of selecting
LAM is, it is open source, has very good documentation,
and supports most of the MPI-2 standard, which adds a
great deal of functionality as well as provides bindings
necessary for programming in C++.
The functioning of Cluster is checked by executing
the parallel application on the clusters.
As per the nature of parallel computing to maximize
efficiency, only one user should be running a job at a
time. This is because running multiple jobs at the same
time requires dividing the CPU time between the jobs,
and the benefits of using a cluster will not be realized.
For this reason, we have only created one user (on all
nodes, having the same username) to run MPI jobs.
Building a cluster of this type is relatively
inexpensive, and offers significantly improved
performance for programs written to solve problems that
can be divided to run in parallel. The degree of
improvement depends heavily on the ability of the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 450

Proceedings of ICCNS 08 , 27-28 September 2008
problem to be solved in parallel.
b) Globus Toolkit
We use GLOBUS toolkit to serve as Grid
Middleware. There are many advantages of using the
open source GLOBUS Toolkit.
Globus, is a system that is developed to meet
distributed computing challenges. The Globus system is
intended to achieve a vertically integrated treatment of
application, middleware, and network.
The Globus toolkit comprises a set of modules. Each
module defines an interface, which higher-level services
use to invoke that module's mechanisms, and provides
an implementation, which uses appropriate low-level
operations to implement these mechanisms in different
environments. Currently identified toolkit modules are
as follows.
1. Resource location and allocation.
2. Communications.
3. Unified resource information service.
4. Authentication interface.
5. Process creation.
6. Data access.
Together, the various Globus toolkit modules can be
thought of as defining a meta-computing virtual
machine.
The GLOBUS toolkit is installed on both the cluster’s
Server /Head nodes. Thus two clusters form a grid so
that any parallel computation can be executed on it.
4. Conclusion and Future Work
The main issue in computational grids is the Fault
Tolerance.
In this approach we use the Checkpoint/Restart
mechanism to overcome faults occurring during
execution of a parallel job. The process will be migrated
from a failed node to a spare node instead of restarting
the application using checkpoint policy.
We try to achieve the maximum fault tolerance by
using the said method. With the use of this policy, the
developers of the grid application will not have to take
into account the Fault tolerant issue which will be
automatically handled by our work.
References
[1] Babar Nazir, Taimoor Khan, Fault Tolerant Job
Scheduling in Computational Grid, 2006 IEEE, pp
708-713
[2] Oren Laadan & Jason Nieh, Transparent
Checkpoint-Restart of Multiple Processes on
Commodity Operating Systems, 2007 USENIX
Annual Technical <strong>Conference</strong>
[3] Jon B. Weissman, Fault Tolerant Computing on the
Grid: What are My Options, 99,IEEE
[4] Anh Nguyen-Tuong, Integrating Fault-Tolerance
Techniques in Grid Applications, A Dissertation.
[5] J. H. Abawajy, Fault-Tolerant Scheduling Policy for
Grid Computing Systems, 2004 IEEE
[6] T. Thanalapati and S. Dandamudi. An e.cient
adaptive scheduling scheme for distributed memory
multicomputers. IEEE Transactions on Parallel
and DistributedSystems, 12(7):758–768, July 2001.
[7] A. Avizienis, “The N-version Approach to Fault-
Tolerant Software” - IEEE Transactions on
Software Engineering - vol. 11 1985
[8] J. H. Abawajy and S. P. Dandamudi. Parallel job
scheduling on multi-cluster computing systems. In
Proceedings of the IEEE <strong>International</strong> <strong>Conference</strong>
on Cluster Computing (Cluster 2003), Hong Kong,
China, December 1-4 2003.
[9] Paul Stelling, Ian Foster, Carl Kesselman, Craig
Lee, Gregor von Laszewski , A Fault Detection
Service for Wide Area Distributed Computations,
[10] Jin Liang, Tong WeiQin, Tang JianQuan, Wang Bo,
A Fault Tolerance Mechanism in Grid, 0-7803-
5/04/2003, IEEE pp. 457-461
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 451

Proceedings of ICCNS 08 , 27-28 September 2008
Design of Microwave Drying System with Phase Controller:
A Modified Applicator
A. S. Jambhale, B. V. Barbadekar
Abstract - Microwave energy can be used for
drying purpose. It is unique process. It is distinctly
different from conventional drying process. It is
advantageous over conventional drying / heating
processes. When microwave energy is used for
drying purpose, the process can be accelerated
with a better control to achieve uniform heating,
more conversion efficiency, selective drying and
ultimately improved product quality of the output.
Also, less floor space and compact system are the
added advantages. Existing low power microwave
drying system is to be modified with suitable
applicator. Appropriate sensors are to be used to
measure parameters like moisture, temperature,
weight of sample. Suitable high tech controller is
to be used to control microwave power
continuously from minimum to maximum. Phase -
controller, cycle - controller and PWM - controller
are some of the advanced power control
techniques. It has been proposed to work on
turmeric using high-tech phase controller to
control the microwave power conveniently. The
drying of turmeric with microwave energy
employing phase controller gives better results as
formulated in this paper and hence new approach
of processing turmeric will open future doors of
profit making to allied industries and the farmers.
Keywords: applicator, microwave drying, phase
controller.
1. INTRODUCTION
Drying with Microwave Energy is distinctly
different from conventional methods. Conventional
methods depend upon the slow march of the heat
from surface of the material to
Authors
A. S. Jambhale* SVPM’S College of Engineering, Malegaon, (Bk), Tal-
Baramati, Dist- Pune, Maharashtra (India), Pin- )-413115, Phone: +91-2112-255113,
Mobile: 9421126893, e-mail: jambhale_appasaheb@rediffmail.com
B. V. Barbadekar , Professor, Electronics Engg. V.I.T. Pune, Maharashtra.
(India)
the interior as determined by a change in
temperature from a hot outside to cool inside.
Where as heating with dielectric and microwave
drying is a sort of bulk heating in which
electromagnetic field interact with the material as a
whole. In microwave drying, the oscillating electric
field causes polar molecules to rotate and charged
ions to oscillate. This ionic and molecular
movement with intermolecular friction causes rapid
heating [5]. Heating takes place volumetrically and
water is heated, vaporized within the whole volume
of the food product. The rapidly formed water vapor
creates a large pressure gradient, which is drying
force in microwave drying [4].
1.1. Advantages of Microwave Drying System
Microwave drying presents the following
advantages over conventional thermal
heating/drying methods [8]
Process speed is increased.
Uniform heating may occur throughout the
material.
Energy conversion efficiency is more. In
microwave drying system, energy couples directly
to the material being heated. It is not wasted in
heating the air, the wall of the oven, conveyor etc.
This can lead to sufficient energy saving. Also the
energy source is not hot and plant cooling saving
may be realized.
Better and more rapid process control
occurs.
Floor space requirements are less. It is due
to more rapid heating by microwave energy.
Selective drying may occur. The
electromagnetic field generally couple in to the
solvent and not the substrate. Hence it is the
moisture which is heated; where as the carrier of the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 452

Proceedings of ICCNS 08 , 27-28 September 2008
substrate is heated primarily by conduction. This
avoids heating of the air, open walls, conveyor etc.
Product quality may be improved. Since,
high temperature is not usually generated, there is
an elimination of the over heating of the surface and
case hardening which are common with
conventional heating method. This often leads to
less rejected products.
Desirable chemical and physical effects may
result. Many chemical and physical reactions are
promoted by the heat generated in this method,
leading to the puffing, drying, melting, protein
denaturation, starch gelatinization and the like.
Microwave drying can be conveniently
combined with other methods of drying, such as,
hot air drying, freeze- drying, vacuum drying etc.
2.1 Solar Drying
2. DRYING METHODS
Solar drying has been used to dry fish , meat ,
cloth, grains and has proved to generate food stuffs
of high quality and low spoilage, though, solar
drying is cheap easy and popular method, its
application is restricted by the long drying time and
need for favorable weather . Tulsidas (1994)
showed that 6-9 weeks were required to dry grapes
to a water content of 25 – 30 % and further steps
were required to dry them completely [10].
2.2. Hot Air Convective Drying
The principle of hot air convective drying is
based on conventional heat transfer from heated air
to the material being dried. Hot air is forced through
the material and does the moisture diffusion process
that result in the drying. This method has been
widely used in industries. Different types of dryers
have been developed and employed in commercial
production [6] Heated air is blown through the
material by cross flow or by fan generated flow. As
compared to solar drying, hot air convective drying
can greatly shorten the drying time from several
weeks to several days. However, same studies have
been reported that the taste, color and overall
quality of dried berries could be improved by using
alternative methods, such as microwave drying
(Tulsidas, 1994).
2.3. Freeze- Drying
Some pharmaceuticals are heat sensitive. Some
fruits and vegetables loose their aroma and flavor if
they remain in high temperature for significant
figure of time. For such cases freeze drying is an
alternative. Freeze-drying was introduced on large
scale in world war-II. It was used in production of
dried plasma and blood products [1]. Freeze- drying
requires several successive steps, as pre-freezing,
primary drying, secondary drying, conditioning and
dehydration. It is expensive and requires
sophistication. Hence, it is difficult to apply to all
commercial drying needs.
2.4. Vacuum Drying
There are four essential elements in a vacuum
drying system: a vacuum chamber, vacuum
generating device, system for collecting water vapor
and means for supplying heat required for
vaporization of water [3]. For reasons similar to
freeze-drying vacuum drying is also an expensive
drying method. It is used only for costly products
2.5. Microwave Drying
Microwave Drying is not only faster but also
requires less energy consumption than conventional
drying (Tulsidas 1994). In the drying of osmotically
pre-treated strawberries or blueberries, it has been
showed that microwave drying required shorter
drying time than freeze drying, while maintaining
the same final product quality [11]. Also it has been
reported that the use of microwaves in freeze-drying
could substantially increase drying rate and
consequently, decrease drying time (Sanga - 2000).
It has been compared hot air-drying, freeze-drying,
vacuum drying and a combination of hot air and
microwave drying of cranberries [2]. It was
concluded that microwave-assisted hot air drying
resulted in the shortest drying time and acceptable
color, taste and texture. Also it has been compared
the microwave assisted vacuum-drying to
microwave assisted hot air drying and concluded
that the microwave assisted vacuum-drying offered
a slight advantage in product quality and process
efficiency [9]. It has been dried flowers with
microwave energy in conjunction with a colorprotecting
treatment, which offered a number of
advantages over conventional methods [7]
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 453

Proceedings of ICCNS 08 , 27-28 September 2008
3. MATERIAL AND METHODS
3.1. Microwave drying applicator
Microwave drying applicator was developed /
modified based on Samsung Microwave oven C103
FL with nominal power of 900 W at 2450 MHz as
shown in Fig.1.
The experimental set-up is as shown in Fig. 3
Fig. 1 Microwave oven Samsung C103
FL with sample (Courtesy Samsung)
Microwave oven Samsung C103 FL type has
specification as follows-
Power source: 230V, 50 Hz
Microwave power: 1400Watt
Average maximum power: 900 Watt
Grill (heating element): 1300Watt
Convection (heating energy): 1700Watt
Operating frequency: 2540MHz
Outside Dimensions (WXDXH): 517x511x310 mm
Oven cavity: 336x347x253mm
Volume: 28 liters
Weight: 19Kg
The developmental work included-
Development of microwave and
convective drying system.
Design of a triac phase controlled
power regulator (phase – controller).
Modification of original electrical
circuit, as shown in Fig. 2.
Fig. 2 Modified Electrical Circuit
Fig. 3 Experimental set- up
1.Microwave power controller (phase-controller); 2.
Cooling fan; 3. Magnetron; 4. Heater & blower;
5.Electronic Weighing balance; 6. Personal computer; 7.
Data acquisition & control system; 8. Sample (Turmeric
cubes); 9. Ventilation; 10. Thermocouple; 11. Infrared
temperature sensor; 12. Microwave stirrer.
The hot air was introduced into oven by
electrical heater and the small air blower with
average electric energy consumption of 1 KWh.
Ventilated hot air was not recycled and there was no
heat recovery from the exhausted air. Infrared
temperature sensor and thermocouple (K-type) were
used to measure the surface temperature and core
temperature of turmeric cubes during drying
respectively. Electronic weighing balance was
attached to the tray on which the sample was placed
to monitor the sample weight change during drying.
All the sensors were monitored and saved by
personal computer.
3.2 Sample Preparation
Samples were prepared before each
experimental run. Turmeric rhizomes were pealed
and cut into cubes of 10 x 10 x 10 mm. All sample
cubes were taken from the centre medulla region of
the rhizome tuber for a more uniform cell structure.
The sample cubes were immediately soaked in tap
water to prevent browning before all cubes were
cut. Samples were evenly spaced and placed as a
single layer on the base of the sample holder.
As a first step of each run, the data acquisition
system was switched on. A sample of 500 gm was
used for each run. Sample centre temperature was
monitored. During each trial inlet air and modulated
air temperature, sample weight and sample
temperature were recorded continuously by the data
acquisition system. The drying process was finished
when the sample reached the moisture content of
less than 10%.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 454

Proceedings of ICCNS 08 , 27-28 September 2008
4. RESULTS
Tests were taken for dimensionless moisture
content, drying rate during drying as g/min and
temperature variation during drying process, both
for phase and cycle controlled modes. Using a
sample of 500 gm, observations were noted down as
given in TABLE 1 and TABLE 2 and the graphs were
plotted as shown in Fig. 4, 5, 6, 7, & 8.
Sr.
No.
TABLE 1
MICROWAVE DRYING WITH CYCLE-
CONTROLLED MODE.
Drying
time
(min)
Dimensionless
moisture
content
Drying
rate
(g/min)
Sample
Temp.
( o C)
1 0 1 0.45 25
2 5 1 0.45 34
3 15 0.8 0.85 60
4 25 0.45 0.80 70
5 35 0.25 0.8 68
6 45 0.10 0.62 62
7 55 0.04 0.61 61
8 65 0.02 0.02 61
9 75 0.01 0.0 61
10 85 0.025 0.0 61
11 95 0.0 0.0 61
12 105 0.0 0.0 61
Sr.
No.
TABLE 2
MICROWAVE DRYING WITH PHASE-
CONTROLLED MODE.
Drying
time
(min)
Dimensionless
moisture
content
Drying
rate
(g/min)
Sample
Temp.
( o C)
1 0 1.0 0.3 25
2 5 1.0 0.3 34
3 15 0.8 0.62 42
4 25 0.615 0.6 50
5 35 0.42 0.605 57
6 45 0.25 0.6 59.5
7 55 0.10 0.55 60
8 65 0.02 0.15 61
9 75 0.015 0.1 61
10 85 0.005 0.0 61
11 95 0.0 0.0 60.5
12 105 0.0 0.0 ---
Dimensionless moisture content
1.2
1
0.8
0.6
0.4
0.2
0
0 5 15 25 35 45 55 65 75 85 95 105
Time (min)
Cycle
Phase
Fig. 4 Dimensionless moisture content Vs Time (min)
Dry ing rate g /m in
Sample temperature ( o C)
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0 5 15 25 35 45 55 65 75 85 95 105
Time (min)
Fig. 5: Drying rate (g/min) Vs Time (min)
80
70
60
50
40
30
20
10
0
0 5 15 25 35 45 55 65 75 85 95
Time (min)
Cycle
Phase
Cycle
Phase
Fig. 6 Temperature variation ( 0 C) Vs Time (min)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 455

Proceedings of ICCNS 08 , 27-28 September 2008
D i m e n ti o n l e s s m o i s tu r e c o n te n ts
Dry in g rate (g /m in )
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
1.2
0.8
0.6
0.4
0.2
0
1
0
25 34 60 70 68 62 61 61 61 61 61 61
Sample Temperature ( 0 C)
25 34 60 70 68 62 61 61 61 61 61 61
Sample Temperature ( 0 C)
Cycle
Cycle
Phase
Phase
Fig. 7 Dimensionless moisture content Vs Sample
Temperature ( 0 C)
Fig. 8 Drying rate (g/min) Vs Sample
Temperature ( 0 C)
Higher drying rate is obtained during cycle
controlled microwave applicator process as
compared to phase controlled microwave applicator
drying process. The temperature curve during cycle
controlled microwave applicator drying could be
roughly spited into three different zones. In first
zone the temperature rose, first sharply and then
gradually, to reach a peak value and then decreased
to constant temperature.
The material temperature dropped slowly after
reaching maximum value followed by a steady
temperature period. As shown in drying rate curves,
the first and second temperature zones correspond
to the constant drying rate region where most
moisture loss occurred. Two distinct zones were
observed in temperature curve. During phasecontrolled
mode a gradual temperature rising zone
followed by a stable temperature zone, the zone
nearly matches the constant drying region. Where
as, during cycle-controlled mode there is fast
increase in temperature above stable zone, then it
decreases slightly and comes to stable temperature
zone. Plots for drying time and drying temperature
Vs drying rate & dimensionless moisture content
respectively are identical.
5. CONCLUSION
During microwave drying of turmeric cubes, the
drying rate of cycle-controlled drying is faster /
higher than phase-controlled drying.
More accurate temperature control
could be realized using phase-controlled
mode compared to cycle controlled mode.
In both the drying modes, the drying
time increases with decrease in microwave
power.
The product color and sensory
attributes were not affected by power
controlled method.
Process resulted as uniform heating
and drying.
ACKNOWLEDGEMENT
The authors thank their colleagues from College
of Engineering, Malegaon (Bk) Baramati for
encouraging publishing the paper & University of
Pune for the financial support for the project.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 456

Proceedings of ICCNS 08 , 27-28 September 2008
.
REFERENCES
[1] Barbosa-Canovas, G. V. Vega-Mercado. “Dehydration of foods”. New-York, N.Y: <strong>International</strong> Thomson publishing, 1996.
[2] Beaudry C “Evaluation of drying methods on osmotically dehydrated cranberries”. MS Thesis. Montreal QC: McGill University,
Department of Agriculture and Biosystem Engineering. 2001
[3] Brown, A. H., W. B. VanArsdel, E. Lowe “Drying methods and driers”. In food Dehydration, Vol-II. Edited by W.B.V. Arsdel, M.
J. Copley. Westport, Connecticut: The AVI Publishing company, INC, 1964.
[4] Dorin Bolder, Temperature control of the continuous peanut drying process using Microwave Technology, Ph.D. thesis-2003.
[5] J. Whole, “Microwave Technology and Applications” Transaction of the <strong>International</strong> Microwave Power Institute, Vol-1. Clifton
Vargini 1973-10 pp 40-61.
[6] Jayarama, K. S. and D.K.D. Gupta. “Drying of fruits and vegetables”. Handbook of Industrial drying, 2 nd edition Vol.1. Edited by
A. S. Mujumdar, chapter 21, 1995.
[7] Liang L., Z.Mao, Y. Cheng, “Study on the Application of freeze-drying and microwave drying to flowers.” ASAE paper No.
036075 St. Joseph, Mich.: ASAE, 2003.
[8] Sanga, E., A. S. Mujamdar and G. S. V. Raghavan, “Principals and application of Microwave Drying”. In: Drying technology in
agriculture and food sciences. Edited by A. S. Mujumdar. Enfiled N. H.: Science publishers. Inc. 2000.
[9] Sunjka P. S “Microwave / Vacuum and osmotic drying of cranberries”. M S Thesis. Montreal QC: Mc Grill University department
of Agriculture and Biosystem Engineering, 2003.
[10] Tulsidas, T. N. “Combined convective and microwave drying of grapes. Ph.D. thesis, Montreal QC: McGill University:
Departmental of Agriculture Engineering. 1994.
[11] Venkatachalapathy, K “Combined osmotic and microwave drying of strawberries and bluebarries”. Ph.D. Thesis. Montreal, QC:
McGill University Department Agriculture and Biosystems Engineering. 1998.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 457

Proceedings of ICCNS 08 , 27-28 September 2008
LFSR implementation in CMOS VLSI
Mrs Doshi N.A, Dhobale S.B, Kakade S.R.
Abstract— As chip manufacturing technology is
suddenly on the threshold of major evaluation, which
shrinks chip in size and performance, LFSR (Linear
Feedback Shift Register) is implemented in layout level
which develops the low power consumption chip, using
recent CMOS, sub-micrometer layout tools. Thus LFSR
counter can be a new trend setter in cryptography and is
also beneficial as compared to GRAY & BINARY
counter and variety of other applications.
This paper compares 3 architectures in terms of the
hardware implementation, CMOS layout and power
consumption, using Microwind CMOS layout tool. Thus
it provides solution to a low power architecture
implementation of LFSR in CMOS VLSI.
Keywords - Chip technology, Layout level, LFSR,
Pass transistor.
I. INTRODUCTION
WITH advancements in large scale integration,
millions of transistors can be placed on a single
chip for implementation of complex circuitry. As a
result of placing so many transistors in such a
small space, major problems of heat dissipation
and power consumption have come into the
picture. Research has been conducted to solve
these problems. Solutions have been proposed to
decrease the power supply voltage, switching
frequency and capacitance of transistor [1] LFSR
is used in a variety of applications such as Builtin-self
test (BIST) [2], cryptography, error
correction code and in field of communication for
generating pseudo-noise sequences. In
cryptography it is used to generate public and
private keys. Hence one of the low power
architecture is proposed in this paper.
Today LFSR’s are present in nearly every
coding scheme as they produce sequences with
good statistical properties, and they can be easily
analyzed. Moreover they have a low-cost
realization in hardware.
Counters such as Binary, Gray suffer problem
of power consumption, glitches, speed, and delay
because they are implemented with techniques
which have above drawbacks. They produce not
only glitches, which increase power consumption
but also complexity of design. The propagation
delay of results of existing techniques is more
which reduces speed & performance of system.
Thus we are going to implement these counters
with techniques using different technologies of
CMOS. By studying different implementation
techniques, we conclude to implement LFSR
counters with pass transistor in cryptography.
Unlike most everyday devices whose inputs and
operations are effectively predefined, VLSI chips
must be able to react to a constantly changing
environment.
For layout and simulation at deep submicron
CMOS design tool Micro wind is used. Software
implementations will be considered for further
hardware implementation.
II. LFSR
LFSR is a shift register whose input bit is a
linear function unlike most everyday devices
whose inputs and operations are effectively
predefined, It is a shift register that, when clocked
moves the signal through the register from one flip
flop to next. Some of the outputs are combined in
exclusive-OR configuration to form a feedback
mechanism. A LFSR can be formed by
performing exclusive-OR on the outputs of two or
more of the flip-flops together and feeding those
outputs back into the input of one of the flip flops
as shown in Fig. 1.
Fig 1 Block diagram of LFSR
The initial value of the LFSR is called the seed,
and because the operation of the register is
deterministic, the sequence of values produced by
the register is completely determined by its current
(or previous) state. Likewise, because the register
has a finite number of possible states, it must
eventually enter a repeating cycle. However, a
LFSR with a well-chosen feedback function can
produce a sequence of bits which appears random
in nature & which has a very long cycle.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 458

Proceedings of ICCNS 08 , 27-28 September 2008
A. Working
The list of bits position that affects the next state
is called the tap sequence. In block diagram, the
sequence is [4, 3]
The outputs that influence the input are called
taps. A maximal LFSR produces an n-sequence
(i.e. cycles through all possible 2 n -1 states within
the shift register except the state where all bits are
zero), unless it contains all zeros, in which case it
will never change. The sequence of numbers
generated by a LFSR can be considered a binary
numeral system just as valid as Gray code or the
natural binary code.
Clock
pulse
TABLE I
PATTERN GENERATED BY LFSR
FF1 OUT FF2 OUT FF3 OUT FF4 OUT
1 0 1 1 1
2 0 0 1 1
3 0 0 0 1
4 1 0 0 0
5 0 1 0 0
6 0 0 1 0
7 1 0 0 1
8 1 1 0 0
9 0 1 1 0
10 1 0 1 1
11 0 1 0 1
13 1 0 1 0
14 1 1 0 1
15 1 1 1 0
16 1 1 1 1
17 0 1 1 1
FF1 OUT-output of flip flop 1, FF2 OUT-output
of flip flop 2, FF3 OUT-output of flip flop 3, FF4 OUT-output
of flip flop 4
or 0's. This is called the feedback polynomial or
characteristic polynomial. For example: if the taps
are at the 3rd, 4th, bits the resulting LFSR
polynomial is X 4 + x 3 +1.
The '1' in the polynomial does not correspond to
a tap. The powers of the terms represent the
tapped bits, counting from the left.
If (and only if) this polynomial is a primitive,
then the LFSR is maximal. The LFSR will only be
maximal if the number of taps is even . The tap
values in a maximal LFSR will be relatively prime
There can be more than one maximal tap sequence
for a given LFSR length. Its output for the various
condition of input is expressed in Table [I].
III. DESIGN ASPECTS
We have designed CMOS layout of LFSR
Counter .The logic hardware contains D Flip Flop,
2-input OR gate, 2 input XOR gate and inverters.
The most important component of our LFSR
Counter Design is D Flip Flop. We have designed
D-flip flop by using following different
components
• Nand Gates.
• Transmission gates and
inverter.
• Pass transistors.
A. Design of D Flip Flop
The latches and flip flops are the basic building
blocks of sequential circuits. In ASIC design
environments, latches and flip flops are typically
predefined cells specified by the ASIC vendor.
The D Flip Flop is negative edge triggered. The
D Flip Flop combines a pair of D latches (Master
and slave). The edge-triggered D Flip Flop has a
setup and hold-up time window during which the
D inputs must not change. The negative edge
triggered D Flip Flop simply inverts the clock
input, so that all the action takes place on falling
edge of CLK.
By designing D Flip Flop, we compare the
Power Consumption; from this we decide the most
efficient D Flip Flop implementation.
B. Design of D Flip Flop using NAND gate.
The basic construction of the Master Slave D
Flip Flop is shown in Fig. 2.
The tap sequence of an LFSR can be
represented as a polynomial mod 2. This means
that the coefficients of the polynomial must be 1's
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 459

Proceedings of ICCNS 08 , 27-28 September 2008
Fig 4: D Flip Flop using pass transistors
Fig 2: D Flip Flop using NAND gates
C. Design of D Flip Flop using TRANSMISSION
GATE
From Fig. 3, at the negative edge of the
clk(clock), transistors T1 and T4 are ON and
transistors T2 and T3 are OFF. During this time
the slave maintains a loop through two inverters
I3, I4 and T4. Thus the previous triggered value
from Din is stored in slave. At the same time
master latches next state but as T3 is OFF it is
not passed to slave.
At the positive clock edge T2 and T3 are
turned ON and new latched value passes to slave
through the loop of two inverters I1, I2 and T2.
When we want to reset the circuit, both the
master and slave loops are pulled down to
ground.
IV. LAYOUT ASPECTS
Layout-level environments exist primarily for
the generation of final manufacturing
specifications.
A. Layout of D FLIP FLOP
Before implementing the whole circuit, a gatelevel
schematic in DSCH3 is generated. DSCH3
program is a logic editor and simulator used to
validate the architecture of logical circuit, before
microelectronics started. It provides user friendly
environment for hierarchical logic design and fast
simulation with delay analysis, which allows
design and validation of complex logic structures.
After successful simulation we implemented the
above designs of D Flip Flop with different
components using Microwind 3.1 CMOS layout
tool for its ease of use and availability. The result
of the implementation is detailed below.
a. D Flip Flop layout using NAND GATE
Layout of LFSR counter in which D Flip flop is
implemented using NAND gates is as shown in
Fig. 5.
Fig 3: D Flip Flop using transmission gate
D. Design of D Flip Flop using PASS TRANSISTOR
The most compact implementation of edge trigger
latch is is based on inverters and pass transistors as
shown in fig.4 The two chained inverters are in
memory state when the PMOS loop transistor is on,
that is when clock = 0. Other two chain inverters on
the right hand acts in opposite way, and the reset
function is obtained by direct ground connection of
the master and slave memories, using NMOS devices.
Fig 5: Layout of D Flip Flop using NAND gate
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 460

Proceedings of ICCNS 08 , 27-28 September 2008
b. D Flip Flop layout using TRANSMISSION
GATE
Layout of LFSR counter in which D Flip flop is
implemented using transmission gates is as shown
Fig 6.
Fig 7: Layout of D Flip Flop using Pass transistor
B. Result of LFSR layout implementation-
Fig 6: Layout of D Flip Flop using Transmission gate.
C. D Flip Flop layout using PASS TRANSISTOR
Layouts of LFSR counter in which D Flip Flop
is implemented using transmission gates is as
shown Fig. 7.
In Table [II] and [III] we have compared the
LFSR layouts .The layouts are implemented in
120 nm and 90 nm technology respectively. The
various parameters because of different
technologies and D Flip Flop design is tabulated
for further conclusion and CMOS layout using
pass transistors is as shown in Fig. 8.
Fig. 8: Layout of LFSR in microwind
Compo
nents
TABLE II
LFSR IN 90 nm TECNOLOGY
No. of
transistor
Power
Consumption
(microwatt)
Max
frequency
(GHz)
Layout
Area
(micro sq.
meter)
Compo
nents
TABLE III
LFSR IN 120 nm TECNOLOGY
No. of
transistor
Power
Consumption
(microwatt)
Max
frequency
(GHz)
Layout
Area
(micro sq.
meter)
NAND 148 106.0 1.96 295
NAND 148 169 1.78 224.8
Transmiss
ion Gate
86 99.6 1.7 270
Transmiss
ion Gate
86 155 1.8 390.1
Pass
transistor
68 28.188 1.4 321
Pass
Transistor
68 50.471 1.814 460
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 461

Proceedings of ICCNS 08 , 27-28 September 2008
V. COMPARISON OF LFSR AND GRAY
COUNTER LAYOUT-
From Table [II] and [III] it is clear that LFSR is
optimally implemented layout when compared
with layout of gray counter. A layout of both
counters is implemented using 120 nm and 90 nm
technology. From the layouts various critical
parameters are tabulated in Table [IV].
TABLE IV
GRAY COUNTER IN 90nm AND 120nm TECHNOLOGY.
Tech No. of
nology transistor
Power
Consumption
(microwatt)
Max
frequency
(GHz)
Layout
Area
(micro sq.
meter)
90nm 188 40.25 0.756 949.6
120nm 188 132 3 1367.5
VI. CONCLUSION
This paper concludes that LFSR counter
is best implemented using the pass transistors. In
this the number of transistors required is minimum
i.e. 19, power consumption is 28.188 micro watt ,
Max operating frequency is 1.4 GHz, layout size
area is 321 micro sq. meter. Thus it is preferable
over Gray counters in maintaining the logic
density in fabrication process, power optimization,
reducing the propagation delay & glitches.
Thus LFSR implemented in CMOS chip
technology, is the best illustration of VLSI.
[7] “LFSR Layout” Advance VLSI Design, Dept of Elect
Engg.University of Houston
[8] A Project report of“4017 CMOS LED CHASERCOUNTER”
Layout in Cadence by Arshdeep Singh, Oscar Servin, Edward
Lee, Lutfi Bustami.
[9] A White Paper on “Linear Feedback Shift Registers and Cyclic
Codes” in SAGE Timothy Brian Brock.
[10]A white Paper on “Deterministic Built-in Test Pattern
Generation for High-Performance Circuits Using Twisted-
Ring Counters” by Krishnendu Chakrabarty,Brian T. Murray,
and Vikram Iyengar.
[11]Kazuo Yano,” Top down pass-Transistor Logic Design,”
IEEE Journal of solid-state circuits, vol-31,No-6, june 1996.
[12]Kazuo Yano,” A 3.8 CMOS 16 * 16 –b multiplier using
complementary pass-transistor Logic” IEEE Journal of solidstate
circuits, vol-25,No-2, April 1990.
[13] “Micro wind User Manual”
[14] Advanced CMOS Cell Design” by Etienne Sicard, & Sonia
Delmas Bendhia.
REFERENCES
[1] A circuits & systems perspective “CMOS VLSI
design” by Neil Weste, Harris & Banerjee.
[2] “Basic CMOS Cell Design” by Etienne Sicard & Sonia
Delmas Bendhia.
[3] “CMOS Digital Integrated Circuits-Analysis and design” by
Sung-MO Kang & Yusuf Leblebici.
[4] “Digital Design-Principles and Practices” by John F.
Wakerly
[5] “Principles &Applications of CMOS Logic” by Neil
Weste & Karmran.
[6]James L. Massey, “On the Shift register Synthesis & BCH
Decoding”, IEEE Trans. Inform. Theory, vol. IT-15, n. 1,
pp. 122-127, Jan 1969.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 462

BOOLEAN FUNCTIONS REALIZED USING
QUANTUM GATES WITH TWO LEVEL
IMPLEMENTATION
Pijush Kanti Bhattacharjee
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract—This paper introduces a new concept to realize
universal Boolean functions i.e. thirteen standard Boolean functions
by Nand-Nor-Inverter (NNI) gate and Majority Voter gate based on
nano technology QCA structure in an area efficient way. The
proposed 3-inputs QCA gate is referred to as the Majority Voter as
MV(A, B, C) = AB + BC +CA and Nand-Nor-Inverter gate as
NNI(A,B,C) = MV(A′,B,C′) = A′B+BC′+C′A′. The functional
completeness of NNI is described with the realization of logical
NAND, NOR and Inverter functions. I propose an algorithm that the
experimental data for implementing all the thirteen standard Boolean
functions using NNI and MV gates leads an effective logic area
saving design. To avoid inverter or NOT gate, all the thirteen
standard functions are converted to its equivalent from in such a way
that it is at least NNI gate compatible without any complemented
literal towards the goal of an area efficient design.
Keywords—Quantum-dot Cellular Automata (QCA), Majority
Voter or gate (MV), And-Or-Inverter (AOI) gate, NOT or Inverter
gate, Nand-Nor-Inverter (NNI) gate, QCA tile.
I. INTRODUCTION
The CMOS technology will reach to its fundamental limit in
dimension [1]. The researchers are looking for a radically new
technology under the name of nano technology. Quantum-dot
cellular automata (QCA) [2] – [6], [12]-[20] appear to be the
promising technology for future generation ICs. Such a
technology is expected to achieve a density of 10 12
devices/cm 2 with operating speed in the order of THz.
A number of approaches, targeting design and synthesis of
QCA based logic circuits, have been reported in [4]-[9], [16]-
[20]. I use Karnaugh maps for majority reduction. First of all,
a Karnaugh-map (K-map) representing the desired sum of
product (SOP) formulating 3-inputs and 1-output Boolean
function is constructed. Then I combine the K-map into a
representation of two or more majority voter’s functions in
order to replicate the desired K-maps.
Pijush Kanti Bhattacharjee is an Assistant Professor in the Department of
Electronics and Communication Engineering, Haldia Institute of Technology,
Haldia, Dist-Purba Medinipur, West Bengal, Pin-721657, India. He was Ex
Asssitant Director in the Department of Telecommunications (DoT),
Government of India, India. He has possessed vast working experience in the
field of Telecommunications including Mobile Communications, VLSI etc
last 28 years. (Phone No: +91-33-25954148, 9432166768, Fax No: +91-3224-
252800, 253062, Email: pijushbhatta@hotmail.com)
This procedure gives a two level majority gate circuit
implementing the desired function. The fundamental unit of
such designs is the 3-inputs majority gate or majority voter.
However, the 3-inputs majority voter or gate, MV(A, B, C) =
Maj(A, B, C) = AB + BC + CA, is not a universal gate. It can
not realize the logical NOT operation. The designers have to
consider separate costly QCA cell arrangements for realization
of the logical NOT. All Boolean functions are confined or
simplified by thirteen standard Boolean functions [2]-[6], [9]-
[14]. So, to implement all the thirteen standard Boolean
functions using 3-inputs majority voter needs additional NOT
for inverter functionality. In this way two level
implementation of these standard functions do not give a
convincible solution.
In [10], Momenzadeh et. al. reported a configuration with
seven carefully arranged cells to realize the 5-inputs AOI
(And-Or-Inverter) logic. Functionally, it is a combination of
two majority gates and one of these majority gates works on
complemented inputs. The careful arrangement of cells in AOI
demands proper separation of input or output wires so that
these do not interfere each other. Therefore, the AOI structure
is prone to unreliable implementation of functional logic. The
techniques to realize quantum-dot cellular automata have been
proposed in [5], [11], [20]. The focus on molecular
implementations [12] is the recent development in QCA
manufacturing. Modular QCA blocks [13], [14] are considered
to be well suited for molecular implementations. A tile based
approach (3 X 3 grids) [15] has also been reported. Though
this as well offers versatile logic and interconnection
functions- that is, majority gate, wire, fanout etc. However, the
AOI proposed in [10] and NOT configuration is difficult to
realize with the conventional tile structures.
In Fig. 1, a QCA cell and its binary logic are shown, the
energetically position of the diagonal electrons identifies the
binary logic 0 or 1. This phenomenon is useful in nano
technology which affects high resolution fast electronic
circuits. In this power consumption for changing the charge of
electron is very much less compare to that of general charge
carriers (hole-electron) electronic components. A QCA Cell
with its binary logic creates a new direction in nano
technology [1]-[9]. It requires minimum current or energy
to change any state i.e. previous state. Thus, a minimum
recurring cost is effective in this QCA gates which is
highly applicable in super fast processors. Also power or
heat dissipation, electro magnetic wave radiation etc are
very much less in QCA based gates.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 463

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 3. QCA Majority Voter (MV) Gate
Fig. 1. A QCA cell and its binary logic
The above scenario demands investigation of new structures
realizing the universal quantum gates. In the current work, I
use one such gate with an arrangement of five QCA cells,
called Nand-Nor-Inverter gate i.e. NNI(A, B, C) = MV(A′, B,
C′) = A′B+BC′+C′A′. The realization of standard Boolean
functions with the network of NNI gate or MV with NNI gates
(MV+NNI) together proves that the area required for an NNI
based implementation is comparatively lesser than that of MV
with NOT (MV+NOT) and AOI based implementations. The
next section (Section II) provides the fundamental concepts of
quantum dot cellular automata. In Section III, the algorithm to
implement two level implementation of thirteen standard
functions is explored using universal gate structure with NNI.
An effective area for a particular function using QCA gates
like MV, MV with NOT (MV+NOT), MV with NNI
(MV+NNI), NNI with MV (NNI+MV), NNI etc are
investigated under Section IV. In Section V, the standard
Boolean functions are logically designed with NNI and MV
gates, NNI gates alone without any complemented literals to
have the minimum area and the maximum speed specification.
The electrons can quantum mechanically tunnel among the
dots but cannot come out from the cell. It settles either in
polarization P = -1 or in P = +1 (Fig. 1(b)) representing the
logic value “0” or “1” respectively. The QCA logic elements
[1]-[8] include a QCA wires are shown in Fig. 2. The basic
structure realized with QCA is the majority gate or majority
voter (Fig. 3). The majority voter is expressed as MV(A, B, C)
= Maj(A, B, C) = AB + BC + CA, outputs ‘1’ if there are two
or more 1s in an input pattern. The classical AND and OR
gates can be realized with the majority gate by fixing an input
as 0 and 1 respectively. The majority gate is not a universal
gate. It can not realize the logical NOT operation. The
functionally complete set is {MV, NOT}. Therefore, the
designers have to use separate QCA cell arrangements for
realization of the logical NOT. The 5-inputs (A, B, C, D and
E) AOI [10] gate (Fig. 4) with embedded AND, OR and INV
functions has been proposed to provide the universal gate
function. However, the AOI suffers from the limitation of
proper separation of input or output binary wires – that is, in
fixing the distances d 1 , d 2 and d 3 of Fig. 4.
II. QUANTUM DOT CELLULAR AUTOMATA
A quantum dot is a region where an electron may be
quantum mechanically confined or localized (Fig. 1(a)). A
quantum cell consists of four dots, positioned at the four
corners of a square and contains two extra electrons.
Fig. 4. QCA And-Or-Inverter (AOI) Gate.
Fig. 2. Information propagating through QCA wires.
Thus to implement MV with NOT functions, a new gate
called Nand-Nor-Inverter (NNI) is constructed, where NNI(A,
B, C) = MV(A', B, C') = A'B+B'C+C'A'. It is shown in Fig. 5.
The NNI gate is a universal gate and can be employed for
realizing versatile logic functions. It proves to be as effective
as the AOI (And-Or-Inverter) gate and requires lesser
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 464

Proceedings of ICCNS 08 , 27-28 September 2008
overhead, for setting the variables, than that of an AOI, while
realizing the basic logic gates.
f i = MV(A′, B′, C/0/1) = MV (A′, C/0/1, B′) =
NNI(A, C/0/1, B). [C/0/1 means C or 0 or 1]
(b) (ii) If in f i out of A, B, C, only one variable is in
complemented form and one is 0 or 1; then the complemented
literal and 0 or 1 are to be taken as the 1 st and 3 rd literals,
keeping the uncomplemented literal or 0 or 1 as the 2 nd literal
respectively in NNI conversion, i.e.
f i = MV(A′, B/0/1, 1/0) = NNI(A, B/0/1, 0/1)
(c) (i) If f i consists of all three uncomplemented variables i.e.
f i = MV(A, B, C), then f i is unaltered or unchanged.
Fig. 5. QCA Nand-Nor-Inverter (NNI) Gate
Any combination of the gates or all Boolean logical
functions are realized by NNI (Nand-Nor-Inverter) gate only.
NNI gate ensures very less space comparing to that of the
other gates like MV, AOI and inverter (NOT) gate
In the next section, I propose an algorithm for implementing
thirteen number standard Boolean functions using
combination of NNI and MV gates, lastly with NNI gates
alone. Also all type of Boolean functions is confined within
these thirteen standard Boolean functions.
III. ALGORITHM FOR SYNTHESIS OF STANDARD BOOLEAN
FUNCTIONS
As I have expressed the limitation of MV as well as AOI
gate to implement two levels Boolean function, the difficulties
are solved by using NNI gate and sometimes with MV gate in
the following way.
Input: F = X(f i , f i , f i ), where X is the main Majority Voter or
MV function and f i = MV(A, B, C) or A or 0 or 1; Here A, B,
C are in complemented or uncomplemented literals or
variables.
Step 1: Replace the complemented variables from MV
function by employing Nand-Nor-Inverter (NNI) function.
The following steps are to be carried for converting
complemented literals into uncomplemented or non
complemented literals.
(a) If function F is composed by having two
[e.g. F = ABC+A′B′C+AB′C′+A′BC′
or, F = MV(MV(A, B, C′), MV(A′, B, C), MV(A, B′, C))]
uncomplemented and one complemented variables in each
MV function, the complemented variables can not be changed
to uncomplemented variables in the main function either in
MV(MV+NNI) or in NNI(MV+NNI) or in NNI(NNI) forms.
Therefore, the main function is to be decomposed in the other
suitable form. [above e.g. F = ABC+A′B′C+AB′C′+A′BC′
F = MV(MV(A, B, C′), MV(A′, B, C), MV(B′, 0, 1))
F = NNI(NNI(A, C, B), NNI(B, 0, 0), NNI(B, A, C))]
(b) (i) If f i out of A, B, C, only two literals are in
complemented form and one is uncomplemented or 0 or 1, the
complemented literals or variables are to be considered as the
1 st and 3 rd literals and the uncomplemented literal or 0 or 1 as
the 2 nd literal respectively for NNI conversion, that is,
(c) (ii) In the main Majority function (MV), if two f i functions
contain all the three complemented variables; or two
complemented variables with one 0 or 1; or A′, then these
functions are considered as f 1 or f 3 and f 1 or f 3 are unchanged
or unaltered, that is, f 1 /f 3 = MV(A′, B′, C′) or MV(A′, B′, 1/0)
or A′.
(c) (iii) If in f i , one literal is complemented and the other two
literals are uncomplemented or 0 or 1, then this f i is considered
as f 1 or f 3 . Uncomplemented literals or 0 or 1 are taken as the
1 st and 3 rd terms and the complemented lietral as the 2 nd term
only. Now f 1 and f 3 in MV functions are converted into NNI
functions that contain all complemented terms or 0 or 1.
If f 1 /f 3 = MV(A′, B/1/0, C/0/1) = MV(B/1/0, A′, C/0/1) =
NNI(B′/0/1, A′, C′/1/0)
Step 2: Final conversion of the main MV function to NNI:
In the main MV function, f 1 and f 3 are consisting of either MV
or NNI functions with all complemented variables or 0 or 1 or
A′ and f 2 function either in MV or NNI form with all
uncomplemented variables or 0 or 1 or A, now the main MV
function is converted into main NNI function which contains
no complemented variable.
Ex (i) F 1 = MV(NNI(A′, B′, C′), MV(A, B, C),
NNI(A′, B′, 0/1))
F 1 = NNI(NNI(A, B, C), MV(A, B, C),
NNI(A, B, 1/0))
Ex (ii) F 2 = MV(MV(A′, B′, C′), NNI(A, 0/1, C),
NNI(A′, 0/1, B′))
F 2 = NNI(MV(A, B, C), NNI(A, 0/1, C),
NNI(A, 1/0, B))
Ex (iii) F 3 = MV(NNI(A′, B′, C′), NNI(A, C, B),
NNI(B′, C′, 1/0))
F 3 = NNI(NNI(A, B, C), NNI(A, C, B),
NNI(B, C, 0/1))
In the above examples after NNI conversion, F 1 in Ex (i) and
F 2 in Ex (ii) are composing of MV and NNI functions both,
while F 3 in Ex (iii) is composed by NNI functions only.
The realization of thirteen standard Boolean functions have
been computed and clearly explained in Table-I.
IV. AREA OPTIMIZATION
Area calculation of the standard Boolean functions realized
on the basis of MV with NOT (MV+NOT) and AOI are done
by Momenzadeh et. al. [10]. In Table-I, I calculate the area of
chip implemented using different logics i.e. different quantum
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 465

Proceedings of ICCNS 08 , 27-28 September 2008
gates like MV [MV(MV)], MV with NOT [MV(MV+NOT)],
MV with NNI [MV(MV+NNI) or MV(NNI)], NNI with MV
[NNI(NNI+MV) or NNI(MV)] and NNI [NNI(NNI)] etc.
Implementation of different logics is also shown in column 7 th
of Table-I. We see that MV(MV), MV(MV+NNI), MV(NNI),
NNI(MV+NNI), NNI(MV) and NNI(NNI) functions
implementations are taking less chip area than that of
MV(MV+NOT). Out of different combinations in the
synthesis, the NNI(NNI) realization is easier to fabricate and
takes less chip area. Hence ultimate realization and
optimization of any Boolean function in chip area is adhered
by NNI gates only.
V. LOGIC DESIGN WITH NNI AND MV
This section reports the implementation of standard Boolean
functions with network of NNI and MV gates. The realization
of thirteen important standard Boolean functions in 3-variables
by NNI gate is shown in Fig. 6. The synthesis of those
functions with MV (majority gate) plus NOT gate and AOI
gate have been reported in [10].
The area of an MV, NOT, AOI and NNI in 20 nm X 20 nm
cell technology (with quantum dot size of 5 nm) are
75 nm X 75 nm, 125 nm X 75 nm, 125 nm X 115 nm and
100 nm X 75 nm respectively. I consider 5 nm separation
between two neighboring QCA cells (cell to cell distance) for
MV, NOT, NNI and for the AOI (Fig. 4), d 1 = d 3 = 25 nm and
d 2 = 35 nm [10].
For comparison, the area of a realization is computed in
terms of the area of a majority gate (A mv i.e. 75 nm X 75 nm).
The results of Table-I point to the fact that the realization of
logic circuits with NNI assures the best solution in QCA based
designs.
[6] I. Amlani, A. O. Orlov, G. Toth, C. S. Lent, G. H. Bernstein and G. L.
Sinder, “Digital Logic Gate using Quantum Dot Cellular Automata,” Science,
vol. 284, no. 5412, pp. 289-291, April 1999.
[7] M. T. Niemier, M. J. Kontz and P. M. Kogge, “A Design of and Design
Tools for a Novel Quantum Dot Based Microprocessor,” in Proc. Of Design
Automation <strong>Conference</strong>, pp. 227-232, 2000.
[8] R. Zhang, K. Walus, W. Wang and G. A. Jullien, “A Method of Majority
Logic Reduction for Quantum Cellular Automata,” IEEE Trans on
Nanotechnology, vol. 3, no. 4, pp. 443-450, Dec 2004.
[9] K. Walus, G. Schulhof, G. A. Jullien, R. Zhang, W. Wang, “Circuit Design
Based on Majority Gates for Application with Quantum Dot Cellular
Automata,” IEEE Trans Signals, Systems and Computers, vol. 2, pp. 1354-
1357, Nov 2004.
[10] M. Momenzadeh, M. B. Tahoori, J. Huang and F. Lombardi,
“Characterization, Test and Logic Synthesis of AND-OR-INVERTER (AOI)
Gate Design for QCA Implementation,” IEEE Trans on Computer Aided
Design of Integrated Circuits and Systems, vol. 24, no. 12, pp. 1881-1893,
December, 2005.
[11] C. S. Lent, B. Isaksen and M. Lieberman, “Molecular Quantum Dot
Cellular Automata,” Journal American Chemical Society, vol. 125, pp. 1056-
1063, 2003.
[12] M. Lieberman, S. Chellamma, B. Varughese, Y. Wang, C. S. Lent, G. H.
Bernstein, G. L. Snider and F. Peiris, “Quantum Dot Cellular Automata at a
Molecular Scale,” Annals of the New York Academy of Sciences, vol. 960, pp.
225-239, 2002.
[13] D. Berzon and T. J. Fountain, “A Memory Design in QCAs using the
SQUARES Formalism,” in Proc. Of Great Lakes Symposium on VLSI, pp.
166-169, 1999.
[14] J. Huang, M. Momenzadeh, L. Schiano and F. Lombardi, “Simulation
Based Design of Modular QCA Circuits,” in Proc. of IEEE conference on
nanotechnology, Nagoya, 2005.
[15] V. Vankamamidi, M. Ottavi and F. Lombardi, “Tile Based Design of a
Serial Memory in QCA,” in Proc. of Great Lakes Symposium on VLSI, pp.
201-206, 2005.
[16] C. S. Lent and B. Isaksen, “Clocked Molecular Quantum Dot Cellular
Automata,” IEEE Trans. On Elec. Dev., vol. 50, no. 9, pp. 1890-1896, 2003.
[17] K. Walus et. al., “ATIPS laboratory QCA Designer, Univ. of Calgary,
homepage”, http://www.atips.ca/projects/qcadesigner
VI. CONCLUSION
This paper proposes a QCA structure realizing the universal
gate Nand-Nor-Inverter NNI(A,B,C) = A′B + BC′ + C′A′. The
functional completeness of NNI is demonstrated through
implementation of logical NAND, NOR and Inverter
functions. The characterization of NNI is reported to focus on
the reward of using such gate in designing the QCA based
logic circuits. Thus any Boolean function is realized with NNI
gate only as shown in Fig. 6, by passing inverter (NOT) gate
for highly efficient in area, cost and speed measures.
REFERENCES
[1] <strong>International</strong> Technology Roadmap for Semiconductors: 2001,
Semiconductor Industries Association, San Jose, CA, http://public.itrs.net
[2] C. S. Lent, P. D. Taugaw, W. Porod and G. H. Berstein, “Quantum
Cellular Automata,” Nanotechnology, vol. 4, no. 1, pp 49-57, January 1993.
[3] Z. Kohavi, Switching and Finite Automata Theory, 2 nd Edition, Tata
McGraw Hill Pub Ltd, 2007.
[4] P. D. Taugaw and C. S. Lent, “Logical Device Implementation using
Quantum Cellular Automata,” Journal of Applied Physics, vol. 75, pp. 1818,
1994.
[5] A. O. Orlov, I. Amlani, G. H. Bernstein, C. S. Lent and G. L.
Sinder,”Realization of a Functional Cell for Quantum Dot Cellular
Automata,” Science, vol. 277, no. 5328,.pp 928-930, August 1997.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 466

Proceedings of ICCNS 08 , 27-28 September 2008
Standard
Functions with
Serial Number
(1) F1 = AB'C
(2) F2 = AB
(3) F3 = A'BC
+ A'B'C'
(4) F4 = A'BC
+ AB'C'
(5) F5 = A'B +
BC'
(6) F6 = AB' +
A'BC
(7) F7 = A'BC
+ ABC'
+ A'B'C'
TABLE I
STANDARD BOOLEAN FUNCTIONS SYNTHESIZED WITH DIFFERENT QUANTUM GATES MENTIONING CHIP AREA
MV(MV)
or MV
(MV +
NOT)
with area
MV
(MV +
NNI)
with
area
MV
(NNI)
with
area
NNI
(MV +
NNI) or
NNI(MV)
with area
NNI
(NNI)
with
area
Realization of Standard Functions using different Logic gates and
finally synthesized without complemented (NOT) variable or gate.
3.666 - 2.333 - 2.666 (i) F1 = MV(MV(0, A, B'), C, 0)
F1 = MV(NNI(1, A, B), C, 0)
F1 = NNI(NNI(A, B, 0), C, 1)
(ii) F1 = MV(MV(B', C, 0), MV(A, B', C'), MV(A', B, 0))
F1 = NNI(NNI(C, B, 0), NNI(B, A, C), NNI(B, A, 0))
1 4.333 - - 5.333 (i) F2 = MV(A, 0, B)
(ii) F2 = MV(MV(A', 0, 1), MV(A, B, 0), MV(A, 1, 0))
F2 = MV(NNI(A, 0, 0), MV(A, B, 0), MV(A, 1, 0))
F2 = NNI(NNI(A, 1, B), NNI(A, 0, 0), NNI(A, 0, 0))
8 4.666 3.666 - 5.333 (i) F3 = MV(MV(A', 1, 0), MV(B', C', 0), MV(B, C, 0))
F3 = MV(NNI(A, 1, 1), NNI(B, 0, C), MV(B, C, 0))
F3 = NNI(NNI(0, A, 1), NNI(B, 0, C), NNI(B, 1, C))
(ii) F3 = MV(MV(A', B', C), 0, MV(A', B, C'))
F3 = MV(NNI(A, C, B), 0, NNI(A, B, C))
9 4.666 - 4.666 5.333 F4 = MV(MV(A, B, 1), MV(B', C', 0), MV(A', C, 0))
F4 = MV(NNI (B, 0, C), MV(A, B, 1), NNI(A, C, 1))
F4 = NNI(MV(B, C, 1), MV(A, B, 1), NNI(C, A, 1))
F4 = NNI(NNI(A, 0, B), NNI(B, 0, C), NNI(C, A, 0))
5.333 - 2.333 - 5.333 (i) F5 = MV(0, MV(1, A', C'), B)
F5 = MV(0, NNI(A, 1, C), B)
(ii) F5 = MV(MV(A', B, C'), MV(B, 1, 0), MV(A, B', 0))
F5 = NNI(NNI(B, 0, 0), NNI(A, B, C), NNI(A, B, 0))
7.333 4.666 - 4.666 5.333 F6 = MV(MV(A, B, C), MV(A, B', 0), MV(A', B', 1))
F6 = MV(MV(A, B, C), NNI(B, A, 1), NNI(A, 1, B))
F6 = NNI(NNI(A, B, 0), MV(A, B, C), MV(A, B, 0))
F6 = NNI(NNI(A, 0, B), NNI(B, A, 1), NNI(C, A, 0))
9 4.666 5 - 5.333 (i) F7 = MV(MV(A', C, 0), MV(A', B, C'), MV(A, B', C'))
F7 = MV(NNI(A, C, 1), NNI(A, B, C), NNI(B, A, C))
(ii) F7 = MV(MV(A', B, C'), MV(A, B, C), MV(B', 0, C'))
F7 = MV(NNI(A, B, C), MV(A, B, C), NNI(B, 0, C))
(iii) F7 = MV(MV(A', B, C'), MV(A, B', 1), MV(A', BC, 0))
F7 = NNI(NNI(A, B, 1), NNI(A, B, C), NNI(BC, A, 0))
(8) F8 = A 1 - - - 1.333 F8 = MV(A, 0, 1)
F8 = NNI(0, A, 1)
(9) F9 = AB +
BC + CA
(10) F10 =
A'B + B'C
(11) F11= A'B +
BC + AB'C'
(12) F12 = AB
+ A' B'
(13) F13 =
ABC'+AB'C
+A'BC+A'B'C'
1 4.333 - 4.666 5.333 (i) F9 = MV(A, B, C)
(ii) F9 = MV(MV(A, B, 1), MV(A, B, C), MV(A', B', 0))
F9 = MV(MV(A, B, 1), MV(A, B, C), NNI(A, 0, B))
F9 = NNI(MV(A, B, 1), MV(A, B, C), NNI(A, 0, B))
(iii) F9 = MV(MV(A, B, 1), MV(C, 1, 0), MV(A, B, 0))
F9 = NNI(NNI(A, 0, B), NNI(1, C, 0), NNI(A, 1, B))
6.333 - 3.666 - 4 (i) F10 = MV(MV(A', B, 0), 1, MV(B', C, 0))
F10 = MV(NNI(A, B, 1), 1, NNI(B, C, 1))
F10 = NNI(NNI(B, A, 0), 1, NNI(C, B, 0))
(ii) F10 = MV(MV(A', B, C), MV(A', B', 1), MV(B', C, 0))
F10 = NNI(NNI(B, A, C), NNI(A, 1, B), NNI(C, B, 0))
9 - - 4.666 5.333 F11 = MV(MV(A, B, 1), MV(A', B, C), MV(B', C', 0))
F11 = NNI(NNI(B, A, C), MV(A, B, 1), MV(B, C, 1))
F11 = NNI(NNI(A, 0, B), NNI(B, 0, C), NNI(B, A, C))
6.333 3.333 - 3.333 5.333 (i) F12 = MV(MV(A, B, 0), MV(A', B', 0), 1)
F12 = MV(MV(A, B, 0), NNI(A, 0, B), 1)
F12 = NNI(MV(A, B, 1), MV(A, B, 0), 0)
(ii) F12 = MV(MV(A', B, 1), MV(A', B', 0), MV(A, B, 0))
F12 = NNI(NNI(B, A, 1), NNI(A, 0, B), NNI(A, 1, B))
8 4.666 - - 7.999 (i) F13 = MV(MV(A', B, C'), MV(A, B, C), MV (B', 0, 1))
F13 = MV(MV(A', B, C'), MV(A, B, C), B')
F13 = MV(NNI(A, B, C), MV(A, B, C), NNI(B, 0, 0))
(ii) F13 = MV(MV(A', B, C'), MV(A, B', 1), MV(A'BC, AB'C, 1))
F13 = MV(NNI(A', B', 0), NNI(A, B, C), MV(MV(A', BC, 0), 1,
MV(B', AC, 0)))
F13 = NNI(NNI(A, B, 1), NNI(A, B, C), NNI(NNI(A, BC, 1), 0,
NNI(B, AC, 1)))
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 467

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 6. Standard Boolean functions realized with network of NNI gates.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 468

Proceedings of ICCNS 08 , 27-28 September 2008
Power Management in Wireless Sensor
Networks: An Introductory Survey
Binu G S 1 , K Paulose Jacob 2 Based on the system computation aspects, the
Abstract- Recent advancements in electronics and wireless
communication has enabled the rapid development of sensor
networks. The integration of miniature size, low cost, highly sensitive
sensors and inexpensive low power wireless communication radios
have brought wireless sensor networks to reality. Wireless sensor
networks have a wide range of applications in battlefield,
communication, homeland security, environment monitoring and so
on. Large dense networks for environment sensing and data collection
are formed using wireless sensor networks. One of the important
constraints in wireless sensor networks is the energy efficiency
problem. The current state of the art of sensor networks with respect
to efficient power management is dealt with in this paper. The paper
also points out the research issues and intends to spark new
developments in this field.
Keywords—Energy efficiency, Clustering, Sensors, Network.
I. INTRODUCTION
Wireless sensor networks are composed of a set of highly
planned deployed sensors, which are very sensitive to the
environment and capable of communication with each other
through wireless channels. Sensor networks have many small
devices equipped with sensors, processing circuits and wireless
transceivers. They are dense networks for environment sensing
and data collection. Sensors are equipped with both data
processing and communication capabilities. They measure
different parameters from the environment and transform them
to electric signals. Prime advantage of sensors is their
capability to operate unattended in harsh environments.
Lifetime of sensor nodes depend on the power
consumption in each sensor node. Energy constraint in wireless
sensor networks affects the whole network lifetime and
connectivity. Efficient energy management should be
incorporated in all levels of system hierarchy from hardware to
software architecture and from operating system to the
communication protocols. All system components critically
affect the energy dissipation depending on the application
involved [3]. So energy awareness must be involved in every
level of system design and operation to maintain the
connectivity and lifetime [2], [4], [5], [6] and [7].
Highly efficient power management leads to longer
lifetime since they exist in an unattended environment [1].
System lifetime can be very much extended by applying energy
efficient techniques to all levels of system hierarchy [2]. Much
research has been done to have a significant decrease in energy
consumption in various aspects of hardware design, data
processing, network protocols, and operating system.
*Binu G S, ECE Dept, NSS College of Engg, Palakkad,(e-mail:
binu_g_s@rediffmail.com )
** K Paulose Jacob, Cochin University of Science and Technology, Kochi (email:
kpj@cusat.ac.in )
research efforts prove the following results. Supply
voltage can be actively and adaptively adjusted, in
Dynamic Voltage Scaling (DVS), in conjunction with the
clock frequency, in response to the CPU utilization [21].
Different keys of varying length can be used at the
application layer, by allowing a trade off between the
expended computation energy and security [8]. By the
proper design of the operating system for sensors we can
let the different components of the node enter various
states (idle, sleep, active), to save energy according to the
environmental variations at the expense of some degree of
system performance degradation [9].
The major energy consumers in wireless sensor
networks are the sensing unit, the computation unit, and
the communication unit. Dynamic Modulation Scaling
(DMS), similar to DVS, is proposed in [10], [21].
According to the number of queued packets in the system,
DMS can adaptively change the modulation level, to lower
the overall energy consumption, while bounding packet
delay at an acceptable level. DMS is combined with packet
fair queuing algorithm and this result in an energy efficient
packet scheduling protocol similar to NTP (Network Time
Protocol). It first organizes the wireless sensor networks to
form a hierarchical structure. Along every edge of this tree
like structure network, Synchronizing algorithm based on
two way message exchange is performed by taking the
root node as the reference node. This leads to a simple
implementation but is not of light weight. Every node must
synchronize with the parent node, by pair wise message
transmission similar to NTP. Lot of traffic overhead will
be incurred [11].
The resource available constraints of the wireless
sensor networks impose specific requirements on the
protocol design for time synchronization, which is
essential for the self configuration feature of the wireless
sensor networks. To realise real-time event management
and event monitoring in distributed networks, time
synchronization is highly essential.
Reliability of data transmission should be
reinforced, considering the fluctuation in link quality with
respect to time. This can be by increasing the transmission
power level or adding FEC (Forward Error Correction) to
the raw data. First method leads to the rapid depletion of
sensor energy and produce interference to wireless
transmission at the terminals [3]. Using the second
method, as channel quality changes with time, the amount
of error protection incorporated should also vary with
instantaneous channel condition, to make sure that BER
(Bit Error Rate) rises above the required level. So more
amount of error protection redundancy in the transmitted
packet occurs for poorer wireless links and vice versa [12].
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 469

Proceedings of ICCNS 08 , 27-28 September 2008
The following aspects should be considered, while discussing
the extra energy dissipation incurred to combat the extra
energy consumption.
1. Considering the computation point of view, due to the
packet redundancy more energy is expended for encoding and
decoding data at the two communication sides. This decreases
the battery life.
2. Length of every frame increases on including error
protection. So extra energy is needed for message
communication. For the same transmission rate, all the radio
circuits have to be on for a longer duration. So more energy is
consumed. This makes the design of energy resource
management schemes very much challenging [13].
To have scalability and energy efficiency in a sensor
network, cluster based hierarchy is preferred as the ideal
solution [14], [15]. Data collected by the sensors in close
proximity is highly correlated. Communication between each
sensor and end user is both energy and bandwidth consuming.
So the data should be processed locally to get rid of data
redundancy. The whole network is divided into different
clusters. One sensor node is elected as the cluster head to
perform local information filtering, aggregation and data fusion
for all the sensors in its cluster. Traffic is routed among cluster
heads. Thus the network management gets simplified and also
decreases the energy needed for communicating useful data to
the end user. Different methods for organization of cluster
based networks are discussed in [16], [17], [18], and [41].
II. TOPICS DISCUSSED REGARDING ENERGY EFFICIENCY
Power Management Schemes
To deal with the energy management problem, different
power management schemes are discussed here. The most
important constraint in all wireless sensor networks is the
energy efficiency problem since they are equipped with limited
power sources. So efficient power management should be
adopted.
Dynamic power Management (DPM) is widely used in
wireless sensor networks. This involves shutting down the
sensor node during no event and waking them up when needed.
So good energy saving is achieved. But sensors communicate
using short data packets. So there is more dominance of start
up energy. Therefore DPM should be carefully implemented.
Operation in energy saving mode becomes energy efficient
only if the time spent in that mode is greater than a decided
Threshold. The common DPM policies are:
Predictive policy:
To turn off the system components if the idle time is
greater than or equal to the Timeout Threshold. The
assumption is that it may remain idle for a long time. Idle time
is predicted in [42] using the exponential average method.
Operating system based direct management techniques are
proposed in [21].
Stochastic policy:
It is given in [20]. System is provided with a service
provider, a service requester (both represented by Markov
processes), a power manager and a request queue. Power
manager represents the device state of operation by issuing
proper commands to the service provider.
Energy efficient DPM is proposed in [1]. It uses a
modified sleep state policy combined with OGDC
(Optimal Geographical Density Control) [19], so as to
keep minimum number of sensor nodes in the active mode.
So the network lifetime is prolonged. Power aware sensor
model is proposed which describes the power consumption
in different levels of node sleep states. There can be many
sleep states for a node with many components. Every node
has a latency to transition to that mode. Every sleep mode
is characterized by power consumption and latency
overhead. If a node is in a deeper sleep state, lesser power
is consumed and more latency has to be spent. DPM
should consider the energy consumption needed for
awakening the node back to the active state and how long
it remains idle. Saved energy should always be greater
than the expended transition energy. Simulation results
show that DPM combined with OGDC prolong the
network lifetime than with only DPM. In [21], the energy
and extra time needed to awaken the node is not
considered. In deep sleep state, the sensor cannot detect
any event or receive message from the remaining nodes. In
clustering protocol, the cluster head should never enter the
sleep mode. The possible ways to avoid event missing is
not considered in [1]. Another problem with OGDC is that
each node should have its positional information.
To realise the actual energy saving in a wireless
scenario, the time varying property of the wireless channel
is taken into account in [3]. This had been neglected in
most existing energy saving schemes. Neglecting the
effects of varying channel quality, leads to the loss of
precious battery resources which in turn leads to the
depletion of sensor energy and the partitioning of the
network. A channel adaptive energy management protocol
is proposed here to consider the time varying property of
the wireless link. Each node can intelligently access the
wireless medium according to the current link quality and
the predicted traffic load to produce the efficient
utilization of energy. Results indicate 40% increase in
energy saving compared to other protocols without
channel adaptation. Quality of a wireless link is a time
varying function. So the management of energy resources
is crucial to prolong the network lifetime. Energy aware
packet scheduling schemes for sensor networks are
proposed in a channel fluctuating environment. During
situations of poor channel quality, the packets get buffered
until the channel quality recovers to the required
Threshold. They proposed a network system in which each
sensor can decide the state of the communication
equipment (idle/active/sleep) with respect to current
channel condition. A fair scheduling and queueing
algorithm is designed, in order to avoid the
communication latency and buffer overflow. Thus an
optimum balance between the energy efficiency and
fairness is attained. CAEM ( Channel Adaptive approach
to Energy Management) is a cluster based hierarchy in
which they have assumed the nodes to be static or of low
mobility. Adaptive physical layer design ABICM,
proposed in [12], was adopted in which variable
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 470

Proceedings of ICCNS 08 , 27-28 September 2008
throughput modulator and channel coding are used. When CSI
(Channel State Information) is available at the transmitter, it
does burst by burst throughput adaptation with respect to the
CSI [13] i.e. when CSI indicates a very good quality channel;
the transmitter performs High order modulation and
appropriate error protection to protect the packet transmission.
In CAEM, real time monitoring of the change in CSI of the
wireless link is done for all the sensor nodes. Simplicity of the
traffic mode (from sensor to sink) leads to the simplification of
the design for MAC layer management. Here sensor nodes are
equipped with two radios: a tone radio and a data radio
working at different frequencies. If no data is to be transmitted,
both radios are turned off. If sensor has packets to send, it turns
on the tone radio and senses the channel whether it is free or
not. If sensed negative, (i.e. receives other than idle tones from
the channel head) it keeps monitoring the tone channel. If it
senses the data channel to be free, (i.e. receives idle tone
pulses), it measures the received tone signal strength and
further checks whether it is above the required SNR
measurement. If not, it continues monitoring the tone channel;
otherwise it backs off for a random period of time. After back
off time, the sensor checks whether the channel is free and
whether the quality requirement is satisfied. If both are found
positive, the sensor turns on the data radio and transmits the
buffered packets. If either not positive, the sensor returns to the
sensing state and again monitors the channel. During collision,
the channel head sends collision tone pulses and notifies all the
sensor nodes. During data packet transmission, the sensor node
should keep its tone radio on and on receiving collision tone
pulses; it stops packet transmission by turning off the data
radio and returns to the sensing state. In CAEM, CSMA/CD is
used to detect collision thus reducing the energy wasted in
packet collisions. Simulations proved that the behaviour of
wireless channel can influence the energy consumption.
III. CLUSTERING CONCEPT
Clustering can localize the route set up inside clusters and
reduce the size of the routing table maintained inside a cluster.
It can conserve the communication bandwidth, can stabilize the
network topology, and can implement the optimized
management strategies to enhance the network operation so as
to prolong the network lifetime of the sensors [22]. Cluster
heads can effectively schedule the activities in the cluster so
that its nodes can switch to low power sleep modes most of the
time to reduce energy consumption. Similar packets from
multiple nodes may be aggregated. So the number of
transmissions reduces. Data aggregation combines the data
from different sources by using various functions like
suppression (for eliminating duplicates), min, max, avg [24].
Computation is energy efficient compared to communication.
So aggregation can produce good energy savings.
In the self organizing systems, sensor nodes are scattered
randomly [25], [26], and [27]. In terms of energy efficiency
and performance, the cluster head positioning is very crucial.
Optimal clustering always leads to energy efficient network
operation. Cluster heads are picked from the deployed sensors
in the network of homogeneous sensor nodes [27], [28], and
[29]. Cluster heads are carefully tasked to avoid the energy
from being depleted away unnecessarily. Communication
range and proximity to base station are some important
issues to be considered. If the sensor communication
ranges do not reach the base station, multihop routes have
to be used. Inter cluster head connectivity is an important
factor affecting the clustering schemes [16], [30].
Objective of clustering
(a)Load balancing
Sensors should be evenly distributed among the clusters,
where the cluster head performs data processing and intra
cluster management duties [31]. Load balancing is a
critical issue in wireless sensor networks where the cluster
heads are picked from the currently available sensors [26].
For extending the network lifetime, equal sized clusters
are important. This prevents the exhaustion of energy of a
subset of cluster heads at a high rate and prevents their
premature failure.
(b)Fault tolerance
This is to avoid the loss of important data. To recover from
cluster head failure reclusters the network. But during this
resource burden occurs on the nodes. To recover from
failure, assign backup cluster heads. Neighbouring cluster
heads can adapt sensors in failing clusters if the nodes
have sufficient radio range [32]. Rotating the role of
cluster heads among all the nodes in the cluster can be a
means of fault tolerance [27].
(c)Increased connectivity and reduced delay
Inter cluster head connectivity is a critical requirement
unless the cluster heads have long haul communication
capability.
(d)Maximum network life
Network lifetime is of major concern especially in bad
environments. If cluster heads are richer in resources, the
energy for intra cluster communication can be minimized
[22]. Otherwise cluster heads should be placed very close
to their sensors [33], [34]. If cluster heads are regular
sensors, lifetime can be increased only by limiting their
load. Combined clustering and route setup can be together
considered for maximizing the network lifetime [35].
Adaptive clustering can be used to increase the network
life [36], [37]. LEACH (Low Energy Adaptive Clustering
Hierarchy) is proposed in [27]. It forms clusters based on
the received signal strength and uses cluster head nodes as
the routers to the base station. All data processing is done
local to the cluster. Distributed algorithm is used by nodes
to make autonomous decisions without using centralized
control. Initially a node decides to be the cluster head and
it broadcasts its decision to others. Each non cluster head
node now determines its suitable cluster by choosing the
cluster head that can be reached using least
communication energy. Role of being the cluster head can
be rotated periodically among the nodes of the cluster in
order to balance the load. Rotation is performed by making
each node to choose a random number between 0 and 1. A
node becomes the cluster head for the current rotation if
this number is less than the Threshold. A node with low
energy now gets selected as the cluster head and the
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 471

Proceedings of ICCNS 08 , 27-28 September 2008
cluster heads are assumed to have sufficient communication
range so as to reach the base station directly. Different
clustering strategies and clustering algorithms have been
discussed in [23]. The different clustering schemes were
classified according to their objectives, desired cluster
properties and clustering process.
IV. SECURITY ASPECTS IN WIRELESS SENSOR NETWORKS
Durability of Distributed sensor networks depends on the
energy efficiency. The two important issues for Distributed
sensor networks are security for communication and energy
efficiency. Security aspects can be achieved by
Encryption/Decryption processes. Power control mechanisms
for sensors to operate at a particular energy, efficient multiple
voltage processors are proposed in [2]. Inserting of additional
information to the communication channel to guide the
selection of proper voltage for encryption/decryption and
processing so as to decrease the overall power consumption is
also discussed. Several encryption standards on a wide range of
processors were experimented and sensor networks were
simulated to prove that the lifetime gets extended. Newly
developed DVS technique is also proposed here in the design
of energy efficient distributed sensor networks. This technique
varies the supply voltage and clock frequency based on the
computation load to provide the desired performance with
minimum energy consumption. A practical DVS system was
considered which was capable of switching among different
voltage levels. Additional information about the message is
incorporated in its message header at the beginning of the
message from the message sender sensor. Message header has
all information about the different parameters like the message
length, type, the expected processing time, result length and so
on. This information is utilized by the receiving sensors to
properly select voltage for decryption/encryption and
processing to reduce the energy consumption. The encrypted
data received from the other nodes is received by the reception
electronics and is passed to the microprocessor. This does data
decryption and verification before processing the data. If data
is to be sent to the other nodes, it encrypts and then sends;
otherwise it halts. Some factors to be noted are that the energy
consumption for encryption/decryption is not the same for all
public key algorithms. Moreover the computation requirement
of the message may not be proportional to the message length.
So the message information is stored in the header. Proper
selection of the supply voltage can be taken to decrease the
power consumption. They have proved 60% energy saving
despite the additional overhead of embedding extra information
into the header.
V. ADAPTATION OF LINK LAYER AND PHYSICAL LAYER PARAMETERS
Energy efficient techniques that adapt the underlying
communication parameters are presented in the context of
wireless sensor networks in [2]. Adapting the link layer and the
physical layer parameters like the output transmit power and
error control was examined. Due to the remote nature of the
sensor networks and the size of each node, nodes may not have
access to unlimited energy. So energy efficient algorithms and
protocols should be used to prolong the network lifetime. But
they should be aware of the user specified quality
requirements and data precision. But these factors depend
only on the application. So quality should not be
compromised while minimizing energy consumption.
Reliable data transfer can be obtained by
increasing the output power or by adding FEC to data.
Extra processing is required. Energy cost incurred during
the communication phase is during the transmission of
data and when framing and error correction is done.
µ AMPS wireless sensor node is used. It could properly
scale the energy consumption of different sub components
in response to the changes in the environment, the state of
the network and the application requirements to maximize
system lifetime and decrease the energy consumption at
each node. Thus all the layers of the system can adapt the
layer specific parameters. Data collected by sensor was
processed by Strong ARM microprocessor which had low
power consumption and high performance. It could be
adapted to support DVS. Data is transmitted wirelessly
using radio based on single chip 2.4GHz transceiver with
integrated frequency synthesizer to deliver data to the
neighbouring nodes. In radio model, power amplifier is on
only during communication. During start up time, no data
can be sent/ received by the transceiver. This is because its
internal PLL must be locked to the carrier frequency
before the data can be demodulated successfully. In this
transceiver, power will not vary with the data rate. Start up
time has large impact on average energy/ bit because
sensors communicate using short data packets. So
transceivers require large initial start up time. When
packet size is reduced, energy consumption is dominated
by the starting transient and not the active transient and
receives time. This should be considered while designing
energy efficient protocols. Purposes of link layer discussed
here are to specify encoding and the length limit of the
packet and for reliable transmission. Reliability level for
link depends on the application and the user specified
constraints.
VI. TIME SYNCHRONISATION ASPECT
Time synchronization plays a key role to meet the real
time and improve data fusion and multiplexing efficiency.
Performance limitation of time synchronization for
wireless sensor networks in terms of synchronization
accuracy is discussed in [11]. The sources of
synchronization accuracy are identified and the
mathematical models to analyze Time synchronization
schemes are proposed here. Light weight protocols
proposed are capable of suppressing communication
overheads and approaching the performance limit. Idea is
based on the observation that there always exists
synchronization error correlation between nodes receiving
the same sequence of time synchronized packets.
Theoretical analysis was validated by simulation results.
Time synchronization is essential in distributed
networks to realise real time event management and event
monitoring. Redundant information in the events reported
at the same time from multiple sensors can be removed to
save energy using synchronization clocks. Synchronization
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 472

Proceedings of ICCNS 08 , 27-28 September 2008
clocks can be used to activate sleeping sensor nodes at the
scheduled time and make use of TDMA to improve the overall
throughput of wireless sensor networks. In stand alone
computer applications, precise clock board/ radio clock that
receives time reference transmitted from radio stations
administered by NIST can be used to improve the accuracy of
computer time. GPS can be used to synchronize hardware
clocks with satellites. Both the above methods are costly. For
networked computers, NTP is used to synchronize computer
clocks in a hierarchical way. But its heavy weight
implementation cannot be supported by sensor nodes.
Post factor is a simple method discussed in [38] to
synchronize clocks in a local neighbour hood of sensor nodes.
Nodes are initially unsynchronized. When stimulus arrives,
each node records the receiving time using its local clock.
Immediately afterwards a beacon covering the whole area,
broadcasts a synchronizing signal to all the nodes in the
neighbour hood. With respect to the time reference, receiving
nodes correct their stimulus timestamps. Communication
range of the beacon is the crucial limit in this algorithm.
RBM derived from Post factor, is proposed in [39]. It
keeps the time of the neighbouring nodes synchronized. One
node periodically broadcasts reference beacons without explicit
time stamps, to its neighbours. Receivers use beacon arrival
time as reference to compare their local clock by exchanging
beacon receiving time. So all nodes know clock offset among
each other. Large energy is consumed due to the large number
of packet transmissions.
Tiny sync and Mini sync [43] are proposed to keep global
time in wireless sensor networks by synchronizing any two
nodes in the whole network. A pair of nodes use bidirectional
time stamped packet transmissions to estimate the clock offset
between them thus making two nodes synchronous. To get
synchronized every pair of nodes should perform two way
message exchanges. So large communication overhead
incurred due to large traffic.
Another time synchronizing protocol to maintain global
time is the Time Sync Protocol for Sensor Networks (TPSN)
proposed in [40]. In [11] proposed idea is similar to TPSN. But
communication overhead is reduced considerably because it
requires only some specific adjuster nodes to do the two way
message exchange. Here the time synchronizing algorithm
requires client to follow server. A sequence of reference
packets with timestamps are sent by a node to the receiver.
Four delays in the message transmission path are: Process
delay, Access delay, Propagation delay and Receive delay.
These delays affect the accuracy of the system algorithm.
LESSAR algorithm is also proposed in [11]. A global time is
maintained in wireless sensor networks by organizing the
whole network system into levels. Level discovery is
performed at initial time when the network is deployed. Sink
which collects information from all nodes forms the root and is
assigned level 0. It broadcasts level discovery packet to its
neighbours. Nodes receiving the packets are assigned level
1and broadcast level discovery packet to other nodes. One
node may as a result, receive many packets but it accepts the
only one with the lowest level as its ancestor and takes its
value +1 as its own level. Thus broadcasting continues. All the
sensor nodes are connected in this hierarchial network
topology. When a new node enters, it broadcasts level request
packet to enquire to its neighbours about their current level
values. From the responses obtained, it selects the smallest
one + 1 as its level. On node failure, its children notice
when its timer of observing keep alive message expires.
These nodes broadcast level request packet and redo the
level discovery process again. In LESSAR, nodes are
synchronized level by level. Each node believes that the
clocks in its upper level are accurate than its local clock
and synchronize with them. It only accepts time sync
packets from the upper level and drops all others from the
lower levels. So the whole wireless sensor network
follows the clock of the sink. This will be synchronized by
GPS/NTP. This method has very low resource
consumption and computation complexity.
VII. CONCLUSION
Energy constraints in wireless sensor networks are a
critical issue requiring extensive research. Energy
management is to be implemented at different levels of
sensor system hierarchy. In future, the wide range of
application areas will make the sensor networks an integral
part of our life. However, realization of wireless sensor
networks needs to satisfy the constraints introduced by
power consumption so as to provide efficient energy
management by improving the network lifetime.
REFERENCES
[1] Chuan Lin,Yan-Xiang He,Naixue Xiong “An energy efficient
dynamic power management in wireless sensor networks” in
Proceedings of the fifth <strong>International</strong> symposium on Parallel and
distributed computing, IEEE2006.
[2] Eugene Shih, Benton H Calhoun , Seong Hwan Cho and Anantha P
Chandrakasan “Energy Efficient Link Layer For Wireless Microsensor
Networks” in IEEE 2001.
[3] Xiao-Hui Lin, Yu-Kwong Kwok “CAEM: A channel adaptive
approach to energy management for wireless sensor networks” in
Computer Communications 29(2006).
[4] J.Carle, D.S. Ryl “Energy efficient area monitoring for sensor
networks”, IEEE Trans. Comput. Vol.37 (no. 2) (2004) 40-46.
[5] X. Hong, M. Gerla, R. Bagrodia “The mars sensor network: efficient
energy aware communications,Proc. MILCOM 2001 (2001) 418-422.
[6] V. Raghunathan, C. Schurgers, S.Parg, M. B.Srivastava “Energy
aware wireless microsensor networks”, IEEE Signal
Process.Mag.vol.19(no 2) (2002) 40-50.
[7] F. Ye, G. Zhong, S.Lu, L. Zhang “PEAS: a robust energy conserving
protocol for long lived sensor networks” Proc. ICNP 2002 (2002) 200-
201.
[8] L. Yuang, G. Qu “Design space exploration for energy efficient
secure sensor networks” Proc. ASAP 2002 (2002) 80-97.
[9] C. Schurgers,V. Tsiatsis, S.Ganeriwal,M.B.Srivastava “Optimising
sensor networks in the energy-latency-density design space”IEEE Trans.
Mobile Comput. Vol.1(no. 1)(2002) 70-80.
[10] C. Schurgers, O. Aberthorne, M.B. Srivastava “Modulation scaling
for energy aware communication systems” Proc. ISLPED 2001 (2001)
96-99.
[11] Quing Ye, Yuecheng Chang, Liang Cheng “A study on the optimal
time synchronisation accuracy in wireless sensor networks” in Computer
Networks 48 (2005)(549-566).
[12] Y.K.Kwok, V.K.N.Lau”A novelchannel adaptive uplink access
control protocol for nomadic computing” IEEE Trans. Parallel Distrib.
Syst. Vol. 13(no. 11) (2002) 1150-1165.
[13] E. Cianca, A.Luise, M.Ruggieri, R.Prasad “Channel adaptive
techniques in wireless communications: an overview” Wireless Commn.
Mobile Comput. Vol. 2(no. 8) (2002) 799-813.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 473

Proceedings of ICCNS 08 , 27-28 September 2008
[14] G. Zhou, T. He, S. Krishnamurthy, J. A. Stankovic “Impact of radio
irregularity on wireless sensor networks” Proc. USENIX MobiSys. (2004).
[15] J. Zhao and R. Govindan “Understanding packet delivery performance in
dense wireless sensornetworks” Proceedings of the First ACM conference on
Embedded Networked Sensor Systems(Sensys’03), Nov 2003.
[16] S. Banbyopadhyay, E. J. Coyle “An energy efficient hierarchial clustering
algorithmfor wireless sensor networks”, Proc. INFOCOM 2003 vol 3 (2003)
1713-1723.
[17] A. Hac, “Wireless sensor network designs” John Wiley & sons,2003.
[18] C.C.Shen, C.Srisath Apornphat, C. Jaikaeo, “Sensor information
networking architecture and applications” IEEE Personal Commn. Vol 8 (no.
4) (2000) 52-59.
[19] H.Zhang & J.C.Hou “Monitoring sensing coverage & connectivity in
large sensor networks” in NSF <strong>International</strong> workshop on Theoretical &
Algorithmic Aspects of sensors, Adhoc wireless & peer to peer networks 2004.
[20] L. Benini, A. Bogliolo, G.A.Paleologo and G.De Micheli “Policy
optimisation for dynamic power management” IEEE Transactions on computer
aided design, vol.18,pp. 813-833, June 1999.
[21] A.Sinha, A. Chandrakasan “Dynamic power management in wireless
sensor networks” IEEE Design Test Comput. Vol. 18(no. 2)(2001)62-74.
[22] M.Younis, M. Youssef, K. Arisha “Energy aware management in cluster
based sensor networks” Computer Networks 43(5) (2003)649-668.
[23] Ameer Ahmed Abassi,Mohamed Younis “A survey on clustering
algorithms for wireless sensor networks” Computer commns30(2007)(2826-
2841).
[24] B. Krishnamachari, D. Estrin, S.Wicker “Modelling data certric routing in
wireless sensor networks” in Proc. Of IEEE INFOCOM New York, NY,June
2002.
[25] K. Sohrabi et al “Protocols for self organisation of a wireless sensor
network” IEEE Personal Commn. 7(5)(2000)16-27.
[26] O.Younis, S.Fahmy, “HEED:A hybrid energy efficient distributed
clustering approach for adhoc sensor networks” IEEE Trans. On Mob.
Computing 3(4)(2004)366-379.
[27] W.B.Heinzelman, A.P.Chandrakasan, H. Balakrishnan “Application
specific protocol architecture for wireless microsensor networks” IEEE Trans.
On Wireless Networking 2002.
[28] S. Lindsey, C.S.Raghavendra “PEGASIS:Power efficient gathering in
sensor information system” in Proc. Of IEEE Aerospace conference, Big
Sky,Montana, March 2002.
[29] S.Lindsey, C.S.Raghavendra,K. Sivalingam “Data gathering in sensor
networks using energy delay metric” in Proc. Of ISDPS Workshop on Issues in
wireless networks & Mobile computing, San Fransisco,CA,April 2001.
[30] S. Banerjee, S.Khuller “A clustering scheme for hierarchial control in
multihop wireless networks” in Proc. Of 20 th Joint <strong>Conference</strong> of the IEEE
Computer & Commn Societies(INFOCOM’01) Anchorage, AK,April2001.
[31] G.Gupta, M.Younis “Load balanced clustering in wireless sensor
networks” in Proc of <strong>International</strong> <strong>Conference</strong> on
Commn(ICC2003)Anchorage Alaska, May2003.
[32] G.Gupta, M.Younis “Fault tolerant clustering of wireless sensor networks
in Proc of IEEE Wireless Commn. & Networking conference(WCNC 2003)
New Orleans, Loussiana, March 2003.
[33] E. Ilker, Oyman, Cam Essoy “Multiple sink network design problems in
large scale wireless sensor networks in Proc ofIEEE <strong>International</strong>
conferenceon commn,(ICC 2004), Paris June 2004.
[34] Y.T.Hou,Y Shi, H.D.Sherali “On energy provisioning & relay node
placement for wireless sensor networks” in IEEE Trans. On Wireless Commn.
Vol 4,Sep 2005,2579-2590
[35] K.Dasgupta, M.Kukreja, K.Kalpakis “Topology aware placement & role
assignment for energy efficient information gathering in sensor networks” in
Proc of 8 th IEEE Symposium on Computer & commn.(ISCC 03),Turkey, July
03.
[36] T.Moscibroda, R. Wattenhofer “Maximising the lifetime of dominating
sets in Proc of 19 th IEEE <strong>International</strong> Parallel & Distributed Processing
symposium(IPDPS’05) Denver, Colorado,April 2005.
[37] R.Khanna, H liu, H.H.Chan “Self organization of sensor networks using
genetic algorithms” in Proc. Of 32 nd IEEE <strong>International</strong> <strong>Conference</strong> on
Commn(ICC’06), Istanbul, Turkey, June 06.
[38] J.Elson, D.Estrin “Time synchronisation for wireless sensor networks” in
Proc. Of 2001 <strong>International</strong> Parallel & Distributed computing issues in wireless
networks & Mobile computing, San Franscisco CA USA April 2001,1965-
1970
[39] J.Elson,L.Girod, D.Estrin “Fine grained network time synchronisation
using reference broadcasts” in Proc of 5 th Symposium on Operating Systems
Design & Implementation(OSDI 2002) Boston, MA, Dec2002.
[40] S.Ganeriwal, R.Kumar, M.B.Srivastava “Timing sync protocol for
sensor networks” in Proc of Sensys’03, LosAngeles, CA, Nov2003.
[41] I.F.Akyildig, W.Su, Y. Sankarasubramaniam, E.Cayirci, “A survey
on sensor networks” IEEE Commn. Mag. Vol. 40 (no. 8)(2002)102-114.
[42] V.Raghunathan, S. Ganeriwal, M.Srivastava, “Energy efficient
wireless packet scheduling and fair queueing” ACM Trans. Embedded
Comput. Syst. Vol. 3(no. 1)(2004)3-23.
[43] M.L.Sichitiu, C Veerarittiphan, “Simple accurate time
synchronisation for wireless sensor networks” in Proc. Of the IEEE
Wireless Commn. & Networking <strong>Conference</strong>(WCNC’2003) New
Orleans, LA, March 03.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 474
6

An Improved GPS Location Tracking with
Velocity Estimation
Mohammad Zahaby, Prof. Ganesh D. Bhutkar, and Prof. M. L. Dhore
Vishwakarma Institute of Technology, Pune, India
Proceedings of ICCNS 08 , 27-28 September 2008
Abstract—We present algorithms for estimating the location of
users based on Global Positioning System (GPS) technology. We
propose two algorithms, Kalman Filter and Velocity Renovation,
which can be used in conjunction with GPS location tracking.
The GPS is a satellite-based navigation system made up of a
network of 24 satellites placed into orbit by the United States (US)
Department of Defense (DoD). GPS was originally intended for
military applications, but in the 1980s, the government made the
system available for civilian use. GPS can show you your exact
position on Earth in any weather conditions, anywhere in the world,
24 hours a day. There are no subscription fees or setup charges to
use GPS [5].
The improved location tracking algorithm which uses the Kalman
filter with the velocity renovation process is proposed. The velocity
renovation process consists of a velocity estimator and direction
finder. By this process, the proposed algorithm can use accurately
estimated velocity in the location estimation.
Keywords—GPS, Kalman filter, velocity renovation, direction
finder, velocity estimator.
I. INTRODUCTION
THE location tracking plays an important role in many
applications such as location-based services and the radio
resource management.
In the Kalman filtering method, the smoothing procedure by
linear regression makes the estimated location more accurate
than that of the GPS method. The Kalman filtering method
estimates velocity as well as location and uses them in the
next estimation process. However, the estimated velocity has
large error of estimation.
By the recursive process of the Kalman filtering, the error
of the estimated velocity induces inaccuracy of the location
tracking. Moreover, the Kalman filtering method needs
transient time to reach the reliable estimation, so big location
error is generated at the first part of the location tracking until
enough data come to the filter.
An improved location tracking algorithm which uses the
velocity renovation process with the Kalman filter is proposed
in this paper. By the velocity renovation process, more
accurately estimated velocity can be used in the Kalman
filtering. The accurately estimated velocity will be able to
increase the performance of the location estimation and
shorten the transient time of the estimation.
Mohammd Zahaby is the student of M.E. C.S.E. (I.T.) in the
Vishwakarma Institute of Technology, University of Pune, Pune, India,
email: mohammad zahaby@yahoo.co.uk
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 475
II. ANALYSIS OF LOCATION ESTIMATION
Tracking Service based on geographic and location
information are expanding the business area gradually. This
service collects the location of moving object and present it
on geographic map.
The Global Positioning System (GPS) is a widely-used and
very useful system for position location and tracking but
the GPS relies on radio signals from orbiting satellites that
cannot penetrate structures generally. Moreover, the fifteen
meter location accuracy of the GPS is not entirely sufficient
for close area training purposes. Alternative position tracking
technologies known in the art are also generally unable
to deliver the performance features required for close area
training exercises.
GPS satellite signals can be detected by GPS receivers, which
calculate their locations anywhere on the Earth at any time.
For reduce the error in GPS and get better accuracy from GPS
signal, we used Kalman filter and velocity estimation to get
better accuracy.
The implementation of the Kalman filter has these stages [2],
[3]. The S(k) is contains location data is defined as
S(k) = (X(k), Y (k), V x (k), V y (k)) T (1)
where X(k) and Y (k) are the coordinates (x and y) of a GPS’s
location at time instant k, respectively. V x (k) and V y (k) in
equation (1) denote the x-axis and y-axis directional velocities
of a GPS receiver at time instant k, respectively. The state
model of the Kalman filter is
S(k) = AS(k) (2)
where A is a transformation matrix between the first and next
measurement
⎡ ⎤
1 0 d 0
A = ⎢ 0 1 0 d
⎥
⎣ 0 0 1 0 ⎦
0 0 0 1
and d is the time increasing unit. Based on equation (1) and
(2), the process of Kalman filtering method can be summarized
like this: At first, the predict S(k|k − 1) and the minimum
predicted Mean Square Error (MSE) M(k|k − 1) can be
obtained by
S(k|k − 1) = AS(k − 1|k − 1)
M(k|k − 1) = AM(k − 1|k − 1)A T + BQB T (3)
where B is an optional control input to current state

Proceedings of ICCNS 08 , 27-28 September 2008
B =
⎡
⎢
⎣
0 0
0 0
d 0
0 d
and Q is system dynamic noise. By (3), the Kalman gain can
be described as
K(k|k −1) = M(k|k −1)H T .{R+HM(k −1|k −1)H T } −1
(4)
where R is the receiver noise and H is measurement sensitivity
matrix
[ ] 1 0 0 0
H =
0 1 0 0
Finally, the estimated vectors by the Kalman filtering can be
updated by
S(k|k) = AS(k|k−1)+K(k){L(k)−H(k)AS(k|k−1)} (5)
The L(k) in (5) is defined as
⎤
⎥
⎦
L(k) = (l 1 (k), l 2 (k)) T (6)
where l 1 (k) and l 2 (k) are the coordinates (x and y) of the
estimated location by the GPS.
The process of the Kalman filtering method progresses
recursively whenever new estimated location L(k) of the GPS
comes to the Kalman filter.
The Kalman filtering method estimates velocity as well as
location of a GPS receiver and uses them the estimation at
the next time. The Kalman filtering method uses 0 m/s as
the initial velocity and approaches to the original velocity
of the GPS receiver by the recursive process of the Kalman
filter. By reason of this, the first part of the estimated velocity
has big error and the transient time is needed to reach the
reliable estimation. This also occurs when the velocity of the
GPS receiver is changed. The estimated location and velocity
data affect the next estimation, so the inaccurately estimated
velocity induces the location estimation error of the Kalman
filtering method. To reduce the error, an improved location
tracking algorithm is proposed in the following section.
III. LOCATION TRACKING WITH VELOCITY ESTIMATION
The block diagram of the proposed location tracking
algorithm which uses the velocity renovation process with
the Kalman filter is shown in Fig. 1. The velocity renovation
process is to use the accurately estimated velocity in the
Kalman filter for increasing the accuracy of the location
estimation. It consists of two parts. One is a velocity estimator
and the other is a direction finder. By the estimated velocity
and direction in the velocity renovation process, the x-axis and
y-axis directional velocities can be estimated. The estimated
velocities are passed to the Kalman filter. After that, The
estimated velocities in (5) of the Kalman filtering method are
replaced by the estimated velocities of the velocity renovation
process.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 476
Fig. 1.
The block diagram of the proposed location tracking algorithm.
A. Velocity Estimator
There are many conventional methods for velocity
estimation, but they require the SNR information to
remove noise and interference which affect estimation.
SNR-independent velocity estimation methods which
eliminate the effect of noise and interference without
SNR information are proposed in [1] and [4]. The
IQ-based ACF estimation method in [4], which is one
of the SNR-independent velocity estimation method, is used
as a velocity estimator in the velocity renovation process.
The auto-correlation function of the in-phase component of
the channel is defined as
φ d = E[x(i).x(i + d)]
and the ratio φ1 to φ0 and the ratio of φ2 to φ0
R1 = φ1
φ0 ,
φ2
R2 =
φ0
where φ0, φ1 and φ2 are estimated via [1]
φ0 = 1 N
φ1 = 1
N−1
φ2 = 1
N−2
N∑
E[x i x i ]
i=1
N−1
∑
i=1
N−2
∑
i=1
E[x i x i+1 ]
E[x i x i+2 ]
The maximum Doppler frequency estimated by the IQ-based
ACF estimation method can be defined by
√
D 1 − D 2 − D 3
f m ≈
π 2 (9)
(4D 1 − D 2 )
where D 1 , D 2 and D 3 are
and
D 1 = sinc(B.T s ) − R 1
D 2 = sinc(2B.T s ) − R 2
D 3 = R 2 .sinc(B.T s ) − R 1 sinc(2B.T s )
sinc(x) = sin(πx)
πx
(7)
(8)
(10)
The B and T s , are the bandwidth of receiver and the sampling
period, respectively. By the estimated maximum Doppler

Proceedings of ICCNS 08 , 27-28 September 2008
Fig. 2. Estimated location by the GPS method, the Kalman filtering method
and the proposed algorithm.
Fig. 3. Comparison of ALEE graph for Kalman filter and average GPS
accuracy.
frequency, the velocity of a GPS receiver can be estimated as
V = c.f m
f c
(11)
where c and f c are the speed of propagation and the carrier
frequency, respectively.
B. Direction finder
The direction finder in the velocity renovation process is
simply designed using the differences of estimated locations.
The estimated direction of a GPS receiver can be obtained by
{
tan
θ k =
−1 (D k ), when ˜X(k) > ˆX(k − 1)
tan −1 (D(k)) + π, when ˜X(k) < ˆX(k − 1))
(12)
where D(k) is {Ỹ (k) − Ŷ (k − 1)/ ˜X(k) − ˆX(k − 1)}.
( ˜X(k), Ỹ (k)) is the estimated location coordinates by the
Kalman filtering at time instant k, and ( ˆX(k − 1), Ŷ (k − 1))
is the estimated location coordinates by proposed algorithm
at time instant k − 1. The estimated direction θ k has big
variation because the estimated location coordinates which
are used in (12) are not accurate, especially ( ˜X(k), Ỹ (k)).
Instead of just taking the estimated data, the smoothing
method is applied for reducing the variation of θ k .
The smoothed value of the direction θ k can be calculated by
taking the average of estimated directions within window size
as follows
C. Replacement of the estimated velocity
By (11) and (13), the x-axis and y-axis directional velocities
in the velocity renovation process at time instant k can be
obtained by
(V x (k), V y (k)) T = (V cosθ k , V sinθ k ) T (14)
The x-axis and y-axis directional velocities in the estimated
vector ˜S(k|k) by the Kalman filtering method is replaced by
(ˆV x (k), ˆV y (k)) T in (14). Finally, the estimated vector Ŝ(k|k)
by the proposed algorithm is represented by
Ŝ(k|k) = [ ˜X(k), Ỹ (k), ˆV x (k), ˆV y (k)] T
D. Calculate ALEE and LER
The Average Location Estimation Error (ALEE) is defined
as
ALEE = 1 N
N∑ √
{X(k) − X′ (k)} 2 + {Y (k) − Y ′ (k)} 2
k=1
(15)
where (X(k), Y (k)) and (X ′ (k), Y ′ (k)) are the original
location coordinates and the estimated location coordinates,
respectively.
The Location Error Ratio (LER) is defined as
θ k = 1 W
k∑
i=k−(W −1)
where W is the size of the window.
θ k , when k ≥ W (13)
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 477
LER(α/β) =
ALEE of α
ALEE of β
where α and β are algorithms for comparing.
(16)

Proceedings of ICCNS 08 , 27-28 September 2008
REFERENCES
Fig. 4. Comparison of ALEE graph for Kalman filter and average GPS
accuracy.
IV. PRACTICAL EXPERIENCE
[1] Hyunkyu Yu, Student Member, IEEE, Goohyun Park, Student Member,
IEEE, Hangyu Cho, Student Member, IEEE,Changeon Kang, Senior
Member, IEEE, and Daesik Hong, Member, IEEE, ”SNR-Independent
Methods for Estimating Maximum Doppler Frequency”, IEEE SIGNAL
PROCESSING LETTERS, VOL. 12, NO. 5, MAY 2005
[2] Jemin Lee, Hyungjoon Song, Sungmok Oh and Daesik Hong, ”An
Improved Location Tracking Algorithm with Velocity Estimation in Cellular
Radio Networks”, Information and Telecommunication Lab. (B715),
Dept. of Electrical and Electronic Eng., Yonsei Univ. 2006 IEEE, pg 618
- 622
[3] MOHINDER S. GREWAL, LAWRENCE R. WEILL, ANGUS P. AN-
DREWS, ”GLOBAL POSITIONING SYSTEMS, INERTIAL NAV-
IGATION, AND INTEGRATION”, SECOND EDITION, WILEY-
INTERSCIENCE A John Wiley & Sons, Inc., Publication, 2007
[4] Wei Sheng and Steven D. Blostein, Department of Electrical and Computer
Engineering Queen’s University, Kingston, Ontario, CANADA K7L
3N6, ”SNR-INDEPENDENT VELOCITY ESTIMATION FOR MO-
BILE CELLULAR COMMUNICATIONS SYSTEMS”, IEEE <strong>International</strong>
<strong>Conference</strong> on Acoustics, Speech, and Signal Processing (ICASSP
’02), vol.3, May 2002, pp.III-2469 - III-2472.
[5] http://www8.garmin.com, ”What is GPS”
Practically we moved the GPS receiver in the six different
places in Pune city in India. In TABLE I we can see the
different of the GPS location tracking with the Kalman filter
and velocity estimation in these six places.
Fig.2 shows and compares the estimated GPS location
tracking by the Kalman filtering method and the velocity
renovation in the first location of those six location when we
moved the GPS receiver in the straight line. The estimated
location by the velocity renovation has the smallest error
among others. This result can be shown by the average location
estimation error (ALEE) that is shown in Fig.3 and the location
error ratio (LER) is shown in Fig.4.
GPS ALEE of ALEE of
accuracy Kalman filter velocity renovation
Location 1 96.14 5.33 0.70
Location 2 68.86 2.26 0.61
Location 3 99.43 5.24 0.56
Location 4 93.00 1.60 0.54
Location 5 38.29 2.29 0.30
Location 6 19.38 1.34 0.61
Average 69.18 3.01 0.55
TABLE I
AVERAGE RESULTS OF LOCATION TRACKING FOR SIX DIFFERENT PLACES
(ALL NUMBERS ARE IN METER).
V. CONCLUSION
The location tracking algorithm with the velocity renovation
process has been proposed in this paper. The velocity
renovation process consists of the velocity estimator and the
direction finder, and it is to use more accurately estimated
velocity in the Kalman filtering. The proposed algorithm
reduces the location estimation error into 0.55 meter. In
addition, differently from the Kalman filtering method, the
proposed algorithm estimates location of a GPS receiver
reliably without the transient time by the velocity renovation
process which works independently of the Kalman filter. The
proposed algorithm improves the ability of location tracking
and it is verified by the outage probability and the LER.
© 2008 , Vishwakarma Institute of Technology, Pune , MS, INDIA 478

Author Index
A. Kundu 422 Dr. Ashok A. Ghatol 432
A. M. Jadhav 224 Dr. Ashok M. Sapkal 427
A. S. Jambhale 452 Dr. B. Satyanarayana 124, 307
A. S. Tavildar 220 Dr. H B. Kekre 30, 342, 367
A. Sivagami 156 Dr. J. L. Rana 30
Aarti Patil 443 Dr. M. H. Kolekar 86, 405
Abhinay R. Nagpal 140 Dr. M. M. Naidu 171
Afshar Alam 228 Dr. Manesh Kokare 352
Akshay L. Marathe 73 Dr. P .D. Vyavahare 181
Amol B. Ubale 339 Dr. P. M. Patil 254
Amresh Nikam 119 Dr. Pravin Chandra 238
Ananthanarayana V. S. 161 Dr. R. V. Dharaskar 246
Ancy S. Anselam 264 Dr. V. M. Thakare 246
Andhe Dharani 73 Dr. Vrinda Tokekar 280
Ankush Jain 198 Dr. Yogesh Singh 238
Anupama V. Patil 443 F. M. Inamdar 329
Ashutosh M. Kulkarni 151 G. M. Bhandari 373
B. Chakraborty 422 Ganesh D. Bhutkar 475
B. Prabhakara Rao 393 Gaonjar Paresh 44
B. V. Barbadekar 452 Gowrishankar S. 313
Bairagi Vinayak 414 Hanumantappa J. 297, 319
Balachandra G. C. 319 Harshwardhan S. Mulay 140
Balasaheb S. Tarle 280 J. Howlader 422
Bharath Kumar A. R. 161 J. L. Bind 389
Bharkad Sangita 352 K. Chandra Sekaran 175
Binu G. S. 469 K. Paulose Jacob 469
Brijesh Singh Yadav 50 K. Pavai 156
Chinmay P. Soman 140 Kakade S.R 458
D. Sridharan 156 Kakali Chatterjee 270
D. Y. Sakhare 399 Kamal Shah 342
Deepa S. Garag 1 Karan Singh 97
Deepak M. Zambre 140 Karuna C. Gull 134
Deepthi P. P. 264, 274 Karunendra Verma 20
Deshmukh Sudarshan S. 363 Khadtare M. 192
Dhoble S. B. 458 Khadtare M. S. 405
Doshi N. A. 458 Kishore B. Pawar 103
Dr V. D. Mytri 303 Lakshmi V. S. 274
Dr. A. Damaodaram 11, 124, 303, 307 Lakshmikanth G. 181
Dr. A. N. Gaikwad 414 Latesh Malik 448
Dr. Aditya Abhyankar 357 M. A. Potey 119
Dr. Arpita Gopal 119 M. C. Hingane 373

M. J. Khurjekar 220 Pritesh Patil 147
M. Murugan 220 Prof .D. M. Choudhari 333
M. Neelakantappa 124 Prof. A. Gaiwak 181
M. Neelakantappa 307 Prof. A. J. Patankar 86. 405
M. P. Wankhade 325 Prof. A. M. Agarkar 443
Mahajan S. A. 192 Prof. Abhijeet Patankar 357
Mahesh R. Dube 151, 379 Prof. Dr. S. D. Lokhande 418
Majid Jamil 293 Prof. G. V. Garje, 16
Mamta Narwariya 68 Prof. H. H. Kenchannava 333
Manik Mujumdar 448 Prof. K. S. Korabu 385
Manikrao L. Dhore 151, 410, 427, 418, 475 Prof. M. V. Kulkarni 438
Manjaiah D. H. 297, 313 Prof. P. A. Bamnodkar 16
Manoj Mishra 258 Prof. P. M. Kamde 385
Meenakshi Bheevgade 448 Prof. Prakash H. Patil 113
Meenaxi M. Raikar 1 Prof. Prakash Devale 147
Mike E. Woodward 78 Prof. R. M. Jogdand 134
Mohammad Arif 107 Prof. R.V. Pawar 20
Mohammad Zahaby 475 Prof. Ravindra P. Joshi 113
Mohd. Ashraf 6 Prof. Sahana Bhosale 113
Moinuddin 293 Prof. Sanjeev S. Sannakkir 333
N. P. Pathak 220 Prof. Shimna Balakrishnan 385
N. Z. Tarapore 44 Prof. U. S. Bhadade 167
Nidhi Bansal 258 Prof.Thakore Devendra 363
Nikhil Agrawal 56 R Radhakrishnan 293
Nupur Prakash 128 R. Ashok Kumar 213
P. D. Ganjewar 167 R. C. Joshi 258
P. Neelakantan 171 R. K. Pateriya 30
P. S. Kasliwal 399 R. Manivasakan 234
P. S. Mahajani 399 R. Roopalakshmi 213
P. Siddaiah 393 Raad A. Muhajjar 128
Pallavi Khatri 68,198 Rachana T. Nemade 91
Pallavi Talegaonkar 357 Rajesh M. Jalnekar 379
Pankaj Kulkarni 16 Rama Shankar Yadav 97, 107
Parul Agarwal 50 Rashid Ali 6
Patil S. H. 192 Rekha Patil 11
Pijush Kanti Bhattacharjee 463 Renuka Prasad B. 73
Pradeep B. S. 35 Rimmi Devgan 389
Pradhan B. Umesh 161,287 Rio G. L. D’Souza 287
Pradnya Kulkarni 438 Rizwan Ahmed 246
Prarthana A. G. 175 Rohit A. Khot 25
Prashant B. Swadas 62 S. A. V. Satya Murty 156
Prem Kumar Nonia 234 S. B. Choudhari 373
Premanand P. Ghadekar 427 S. Bansal 422

S. G. Pukale 44, 410 Sonali Patil 119
S. Kazim Naqvi 128 Soumya S. 35
S. M. Bhadkumbhe 373 Sunil J. Soni 62
S. R. Rathi 329 Suresh N. Mali 379, 427, 438
S. R. Shinde 224 Swapnaja B. More 339
S.T. Patil 325 T. G. Basavaraju 313
Sameena Naaz 228 T. P. Sharma 258
Sandeep A. Thorat 25 Tanuja K. Sarode 346
Sanjay R. Ganorkar 432 Tanuja K. Sarode 367
Sanjesh S. Pawale 151 Thaksen J Parvat 238
Sanket Sarang 187 Ursal S. U. 192
Santhosh Y. 423 V. S. Tidake 410
Sarita Bhadoria 68 V. V. K. D. V. Prasad 393
Sarita Rajput 405 Varsha N. Wahane 202
Sathidevi P.S. 264 Vasanth. G., 35
Sathidevi P.S. 274 Venugopal A. G. 35
Shabana Mehfuz 293 Vijayalaxmi Kadroli 202
Sheetal N. Raut 254 Vinaya M. Rawool 346
Sheetal Takale 56 Wathap Sapankumar R. 363
Shital K. Dhamal 207 Wg Cdr(Retd) Devasish Pal 241
Shruthi Viswanath 175 Yogi R. Joshi 86
Shubhank Jain 56
Smita A. Attarde 207
Smita R. Desai 254
Solahuddin B. Shamsuddin 78