SECURE FOR HANDHELD DEVICES AGAINST MALICIOUS

SOFTWARE IN MOBILE NETWORKS USING MD5

Ms. K.Surya

Department Of CSE,

PG scholar, Kalasalingam Institute of Technology Mail id:suryaa9210@gmail.com

ABSTRACTAs malware attacks become more frequently in mobile

networks, deploying an efficient defense

system to protect against infection and to

help the infected nodes to recover is

important to prevent serious spreading

and outbreaks. Our scheme targets both

the MMS and proximity malware at the

same time, and considers the problem of

signature distribution. Second, all these

works assume that malware and devices

are homogeneous, we take the

heterogeneity of devices into account in

deploying the system and consider the

system resource limitations. From the

aspect of malware, since some

sophisticated malware that can bypass the

signature detection would emerge with

the development of the defense system,

new defense mechanisms will be required.

At the same time, our work considers the

case of OS-targeting malware. Although

most of the current existing malware is

OS targeted, cross-OS malware will

emerge and propagate in the near future.

How to efficiently deploy the defense

system with the consideration of cross-OS

malware is another important problem.

Introduce an optimal distributed solution

to efficiently avoid malware spreading

and to help infected nodes to recover.To

encounter and diffuse the detected

malware using MD5 algorithm. It helps

us to evaluate the malware free

transmission between nodes even helper

nodes are also present.

I.INTRODUCTION

Malware is often disguised as a game, patch,

utility, or other useful third-party software

application. Malware can include spyware,

viruses, and Trojans. Once installed,

malware can initiate a wide range of attacks

and spread itself onto other devices.The

target landscape for malware attacks (i.e.,

viruses, spambots, worms, and other

malicious software) has moved

considerably from the large-scale Internet to

the growingly popular mobile networks [1],

with a total count of more than 350 known

mobile malware instances reported in early

2007. This is mainly because of two reasons.

One is the emergence of powerful mobile

devices, such as the iPhone, Android, and

Blackberry devices, and increasingly

diversified mobile applications, such as

multi-media messaging service (MMS),

mobile games, and peer-to-peer file sharing.

The other reason is the emergence of mobile

Internet, which indirectly induces the

malware.

A mobile virus is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and

loss or leakage of confidential information.

As wireless phones and PDA networks have

become more and more common and have

grown in complexity, it has become

increasingly difficult to ensure their safety

and security against electronic attacks in the form of viruses or other malware. The Mobile phones differ from conventional

desktop, in mobile devices/handheld

devices, the resources are limited in terms of

power, consumption of energy and memory.

A malicious (or) malware application targets

mainly this weakness.

In the defense system, we use some special

nodes named helper to distribute the

signatures into the network. Generally

speaking, the deployed helpers can be

stationary base stations or access points.

However, since mobile nodes are more

efficient to disseminate content and

information in the network.we focus on the

case of mobile helpers. Consequently, there

is limitation in storage on each mobile

device for deploying the defense system.

Although currently most smartphones have

gigabytes of storage, users usually will not

allocate all of them for the usage of malware

defense. Our goal is to minimize the

malware infected nodes in the system by

appropriately allocating the limited storage

with the consideration of different types of

malware.Defense system distribute the

optimal signature using special nodes.To

deploy an efficient defense system to help

infected nodes to recover and prevent

healthy nodes from further

infection.Avoiding whole network

unnecessary redundancy using distribute

signatures.The efficiency of our defense

scheme in reducing the amount of infected

nodes in the system.Security and

authentication mechanisms should be

considered.

II.RELATED WORK

In Existing System ,Develop a simulation

and analytic model for Bluetooth worms,

and show that mobility has a significant

impact on the propagation dynamics.The

former one has the limitations that signature

flooding costs too much and the local view

of each node constrains the global optimal

solution.Not using design of defence System

to detect malware. Could not optimally

distribute the signature. In Proposed

Approach,To deploy an efficient defense

system to help infected nodes to recover and

prevent healthy nodes from further

infection.Introduce an optimal distributed

solution to efficiently avoid malware

spreading and to help infected nodes to

recover.To encounter and diffuse the

detected malware using digest algorithm. Create a mobile networks including a

number of nodes. First defined number of

nodes and also defined source node,

destination node, intermediate nodes. The

network contains heterogeneous devices as

nodes. Mobile nodes are more efficient to

disseminate content and information in the

network.Helper nodes are referred to as

special nodes.This node is used to

Fig:Architecture Diagram

focusing the all nodes.Helper node is

intermediate node for every nodes in the

network. File can be transmit from source

node to destination node through the help of

helpers node.Analyzing the malware nodes

through passing the signatures. This

signatures distributed for every intermediate

node from source node to destination node

with the help of the special node. The

special node is the helper node. Helper node

distribute the signatures for every

intermediate nodes based on the file contents

key will be generated.Detect the malware

with the help of a content based signatures.

Exponential parameter obtained from the

contact records between helpers and general

nodes.Every intermediate node receive the

signatures from helper node and which

intermediate nodes receiving the signatures

twice.This time to detecting the malware

spreading nodes and recovering the infected

nodes.

Digital signatures are often used to

implement electronic signatures, a broader

term that refers to any electronic data that

carries the intent of a signature, but not all

electronic signatures use digital

signatures In some countries, including the

United States, India, Braziland members of

the EuropeanUnion, electronic signatures

have legal significance.

Digital signatures employ a type

of asymmetric cryptography. For messages

sent through a nonsecure channel, a properly

implemented digital signature gives the

receiver reason to believe the message was

sent by the claimed sender. In many

instances, common with Engineering

companies for example, digital seals are also

required for another layer of validation and

security. Digital seals and signatures are

equivalent to handwritten signatures and

stamped seals. Digital signatures are

equivalent to traditional handwritten

signatures in many respects, but properly

implemented digital signatures are more

difficult to forge than the handwritten type.

Digital signature schemes, in the sense used

here, are cryptographically based, and must

be implemented properly to be effective.

Digital signatures can also provide non-

repudiation, meaning that the signer cannot

successfully claim they did not sign a

message, while also claiming their private

key remains secret; further, some non-

repudiation schemes offer a time stamp for

the digital signature, so that even if the

private key is exposed, the signature is valid.

Digitally signed messages may be anything

representable as a bit string: examples

include electronic mail, contracts, or a

message sent via some other cryptographic

protocol.one of the main differences

between a digital signature and a written

signature is that the user does not "see" what

he signs. The user application presents a

hash code to be signed by the digital signing

algorithm using the private key. An attacker

who gains control of the user's PC can

possibly replace the user application with a

foreign substitute, in effect replacing the

user's own communications with those of

the attacker. This could allow a malicious

application to trick a user into signing any

document by displaying the user's original

on-screen, but presenting the attacker's own

documents to the signing application.

To protect against this scenario, an

authentication system can be set up between

the user's application (word processor, email

client, etc.) and the signing application. The

general idea is to provide some means for

both the user application and signing

application to verify each other's integrity.

For example, the signing application may

require all requests to come from digitally

signed binaries.

III.Message Digest Algorithm

MD5 algorithm can be used as a digital

signature mechanism.MD5 algorithm was

developed by Professor Ronald L. Rivest in

1991. According to RFC 1321, MD5 message-digest algorithm takes as input a

message of arbitrary length and produces as

output a 128-bit "fingerprint" or "message

digest" of the input.The MD5 algorithm is

intended for digital signature applications,

where a large file must be "compressed" in a

secure manner before being encrypted with a

private (secret) key under a public-key

cryptosystem such as RSA.

Fig:MD5Algorithm Structure

Comparing to other digest algorithms, MD5

is simple to implement, and provides a

"fingerprint" or message digest of a message

of arbitrary length.It performs very fast on

32-bit machine.MD5 is being used heavily

from large corporations, such as IBM, Cisco

Systems, to individual programmers. MD5

is considered one of the most efficient

algorithms currently available.MD5 is an

algorithm that is used to verify data integrity

through the creation of a 128-bit message

digest from data input (which may be a

message of any length) that is claimed to be

as unique to that specific data .The

algorithm takes as input a message of

arbitrary length and produces as output a

128-bit "fingerprint" or "message digest" of

the input. It is conjectured that it is

computationally infeasible to produce two

messages having the same message digest,

or to produce any message having a given

prespecified target message digest. The

MD5 algorithm is intended for digital

signature applications, where a large file

must be "compressed" in a secure manner

before being encrypted with a private

(secret) key under a public-key

cryptosystem such as RSA.The MD5

algorithm is designed to be quite fast on 32-

bit machines. In addition, the MD5

algorithm does not require any large

substitution tables; the algorithm can be

coded quite compactly.The MD5 algorithm

is an extension of the MD4 message-digest

algorithm. MD5 is slightly slower than

MD4, but is more "conservative" in design.

MD5 was designed because it was felt that

MD4 was perhaps being adopted for use

more quickly than justified by the existing

critical review; because MD4 was designed

to be exceptionally fast, it is "at the edge" in

terms of risking successful cryptanalytic

attack. MD5 backs off a bit, giving up a

little in speed for a much greater likelihood

of ultimate security. It incorporates some

suggestions made by various reviewers, and

contains additional optimizations. MD5 is

very common hash function designed by

Ronald Rivest.Nowadays, it is being

commonly used for file integrity checking

and as a message digest in digital signature

schemes.A simple hash function takes some

input, usually of indefinite length, and

produces a small number that is significantly

shorter than the input. The function is many

to one, in that many (possibly infinite)

inputs may generate the same output value.

The function is also deterministic in that the

same output value is always generated for

identical inputs. Hash functions are often

used in mechanisms that require fast lookup

for various inputs, such as symbol tables in

compilers and spelling checkers.A message

digest is also a hash function. It takes a

variable length input - often an entire disk

file - and reduces it to a small value

(typically 128 to 512 bits). Give it the same

input, and it always produces the same

output. And, because the output is very

much smaller than the potential input, for at

least one of the output values there must be

more than one input value that can produce

it; we would expect that to be true for all

possible output values for a good message

digest algorithm.

There are two other important properties of

good message digest algorithms. The first is

that the algorithm cannot be predicted or

reversed. That is, given a particular output

value, we cannot come up with an input to

the algorithm that will produce that output,

either by trying to find an inverse to the

algorithm, or by somehow predicting the

nature of the input required. With at least

128 bits of output, a brute force attack is

pretty much out of the question, as there will

be 1.7 x 1038

possible input values of the

same length to try, on average, before

finding one that generates the correct output.

Compare this with some of the figures given

in "Strength of RSA" earlier in this chapter,

and you'll see that this task is beyond

anything anyone would be able to try with

current technology. With numbers as large

as these, the idea that any

two different documents produced at random

during the course of human history would

have the same 128-bit message digest is

unlikely!The second useful property of

message digest algorithms is that a small

change in the input results in a significant

change in the output. Change a single input

bit, and roughly half of the output bits

should change. This is actually a

consequence of the first property, because

we don't want the output to be predictable

based on the input. However, this aspect is a

valuable property of the message digest all

by itself.

Common Digest Algorithms

There are many message-digest

functions available today. All of them work

in roughly the same way, but they differ in

speed and specific features.

1.MD2, MD4, and MD5

One of the most widely used

message digest functions is the MD5

function, which was developed by Ronald

Rivest, is distributed by RSA Data Security,

and may be used freely without license

costs. It is based on the MD4 algorithm,

which in turn was based on the MD2

algorithm.TheMD2, MD4, and MD5

message digest functions all produce a 128-

bit number from a block of text of any

length. Each of them pads the text to a fixed-

block size, and then each performs a series

of mathematical operations on successive

blocks of the input.MD2 was designed by

Ronald Rivest and published in RFC 1319.

There are no known weaknesses in it, but it

is very slow. To create a faster message-

digest, Rivest developed MD4, which was

published in Internet RFCS 1186 and 1320.

The MD4 algorithm was designed to be fast,

compact, and optimized for machines with

"little-endian" architectures.Some potential

attacks against MD4 were published in the

cryptographic literature, so Dr. Rivest

developed the MD5 algorithm, published

in RFC 1321.It was largely a redesign of

MD4, and includes one more round of

internal operations and several significant

algorithmic changes. Because of the

changes, MD5 is somewhat slower than

MD4. However, it is more widely accepted

and used than the MD4 algorithm.Internet

RFCs are a form of open standards

documents. They can be downloaded or

mailed, and they describe a common set of

protocols and data structures for

interpretability.As of early 1996, significant

flaws have been discovered in MD4. As a

result, the algorithm should not be used.

2 .SHA

The Secure Hash Algorithm was

developed by NIST with some assistance by

the NSA. The algorithm appears to be

closely related to the MD4 algorithm, except

that it produces an output of 160 bits instead

of 128. Analysis of the algorithm reveals

that some of the differences from the MD4

algorithm are similar in purpose to the

improvements added to the MD5 algorithm

(although different in nature).

3 .HAVAL

The HAVAL algorithm is a

modification of the MD5 algorithm,

developed by YuliangZheng, Josef Pieprzyk,

and Jennifer Seberry. It can be modified to

produce output hash values of various

lengths, from 92 bits to 256. It also has an

adjustable number of "rounds" (application

of the internal algorithm). The result is

that HAVAL can be made to run faster than

MD5, although there may be some

corresponding decrease in the strength of the

output. Alternatively, HAVAL can be tuned

to produce larger and potentially more

secure hash codes.

4 .SNEFRU

SNEFRU was designed by Ralph

Merkle to produce either 128-bit or 256-bit

hash codes. The algorithm can also be run

with a variable number of "rounds" of the

internal algorithm. However, analysis by

several cryptographers has shown

that SNEFRU has weaknesses that can be

exploited, and that you can find arbitrary

messages that hash to a given 128-bit value

if the 4-round version is used. Dr. Merkle

currently recommends that only 8-

round SNEFRU be used, but this algorithm

is significantly slower than the MD5

or HAVAL algorithms.

IV.GREEDY ALGORITHM:

A greedy algorithm for an

optimization problem always makes the

choice that looks best at the moment and

adds it to the current subsolution. Examples

already seen are Dijkstras shortest path algorithm and Prim/Kruskals MST algorithms .Greedy algorithms dont always yield optimal solutions but, when they do,

theyre usually the simplest and most efficient algorithms available.

In this section, we present numerical

results with the goal of demonstrating that

our greedy algorithm for the signature

distribution, denoted OPT, achieves the

optimal solution and yields significant

enhancement on the system welfare

compared with prior heuristic algorithms.

Related to the heuristic algorithms, we

consider 1) Important First (IF), which uses

as many helpers as possible to store the

signature of the most popular malware, 2)

Uniform Random (UR), where each helper

randomly selects the target signatures to

store, and 3) Proportional Allocation (PA),

which is a heuristic policy that assigns

signatures with the uniform distribution

proportional to the market sharing and the

weights of different malware.. To simulate a more realistic scenario, we model the

malware in the system according to the

market share of different handset OS of

2009. In the simulation, we change the

malware killing rate and spreading rate, and

consider a system with nodes that can be

infected by five different types of malware,

which are RIM targeted malware 36 percent;

Android targeted 28 percent; iPhone 21

percent; Windows Mobile 10 percent, and

others 5 percent. We set N 500 and have

100 helpers with uniform random storage

size from one to five signatures to deploy in

the antimalware software. In the

experimental setup, the number of initial

infected nodes is set to be 10 percent of all

nodes. Related to the utility function and

weighting factors, we set Gk_kL __k

L, L

2 _ 104 s and w 1=2; 1=4; 1=8; 1=16;

1=16& to differentiate the system

contributions of different malware defending

effects by considering the factor that usually

the malware spreading in the largest market

sharing OS would result in the most serious

damage.The simulation results are shown in

Fig. 2. Fig. 2a shows the number of infected

nodes according to the malware recovering

rates caused by the signature distribution in

the centralized greedy algorithm. We can

observe that the number of infected nodes

decreases with the increase of recovering

rate. Among different algorithms, IF

provides the worst performance. Compared

with other heuristic algorithms, our OPT

algorithm reduces the number of infected

nodes by 355.6, 127.3, and56 percent over

the FI, UR, and PA on average, respectively.

V.CONCLUSION Some malware coping schemes have been

proposed to defend mobile devices against

malware propagation. To prevent the

malware spreading by MMS/ SMS, Zhu et

al. propose a counter-mechanism to stop the

propagation of a mobile worm by patching

an optimal set of selected phones by

extracting a social relationship graph

between mobile phones via an analysis of

the network traffic and contact books. This

approach only targets the MMS spreading

malware and has to be centrally

implemented and deployed in the service

providers network. To defend mobile networks from proximity malware by

Bluetooth, Zyba et al. explore three

strategies, including local detection,

proximity signature dissemination, and

broadcast signature dissemination. For

detecting and mitigating proximity malware,

Li etal.propose a community-based

proximity malware coping scheme by

utilizing the social community structure

reflecting a stable and controllable

granularity of security. These two works

both target the proximity malware. The

former one has the limitations that signature

flooding costs too much and the local view

of each node constrains the global optimal

solution. Although the aftermath scheme

integrates short term coping components to

deal with individual malware and long-term

evaluation components to offer vulnerability

evaluation toward individual nodes, the

social community information still need to

be obtained in a centralized way. Khouzani

et al investigate the optimal dissemination of

security patches in mobile wireless network

to counter the proximity malware threat by

contact. In this paper, we investigate the

problem of optimal signature distribution to

defend mobile networks against the

propagation of both proximity and MMS-

based malware. We introduce a distributed

algorithm that closely approaches the

optimal system performance of a centralized

solution. Through both theoretical analysis

and simulations, we demonstrate the

efficiency of our defense scheme in reducing

the amount of infected nodes in the system.

At the same time, a number of open

questions remain unanswered. For example,

the malicious nodes may inject some

dummy signatures targeting no malware into

the network and induce denial-of-service

attacks to the defense system. Therefore,

security and authentication mechanisms

should be considered. From the aspect of

malware, since some sophisticated malware

that can bypass the signature detection

would emerge with the development of the

defense system, new defense mechanisms

will be required. At the same time, our work

considers the case of OStargeting malware.

Although most of the current existing

malware is OS targeted, cross-OS malware

will emerge and propagate in the near future.

How to efficiently deploy the defense

system with the consideration of cross-OS

malware is another important problem.

VI.REFERENCES [1] P. Wang, M. Gonzalez, C. Hidalgo, and

A. Barabasi, Understanding the Spreading Patterns of Mobile Phone Viruses, Science, vol. 324, no. 5930, pp. 1071-1076, 2009

.

[2] M. Hypponen, Mobile Malwar, Proc. 16th USENIX Security Symp., 2007

.

[3] Z. Zhu, G. Cao, S. Zhu, S. Ranjan, and

A. Nucci, A Social Network Based Patching Scheme for Worm Containment in

Cellular Networks, Proc. IEEE INFOCOM, 2009.

[4] G. Zyba, G. Voelker, M. Liljenstam, A.

Mehes, and P. Johansson, Defending Mobile Phones from Proximity Malware, Proc. IEEE INFOCOM, 2009.

[5] M. Khouzani, S. Sarkar, and E. Altman,

Dispatch then Stop: Optimal Dissemination of Security Patches in Mobile Wireless

Networks, Proc. IEEE 49th Conf. Decision and Control (CDC), pp. 2354-2359, 2010.

[6]E. Altman, A.P. Azad, and F. De

Pellegrini, Optimal Activation and Transmission Control in Delay Tolerant

Networks, Proc. IEEE INFOCOM, 2010.

[7] Yong Li, Pan Hui, Depeng Jin, Li Su,

and LieguangZeng, Optimal Distributed Malware Defense in Mobile Networks with

Heterogeneous Devices IEEE TRANSACTIONS ON MOBILE

COMPUTING, VOL. 13, NO. 2,

FEBRUARY 2014

sed as a digital