THE DYNAMIC NONCE BASED AUTHENTICATION SCHEME TO DEFEND INTERMEDIARY ATTACK FOR WEB SERVICES

Nowadays, Web services have used drastically for various online applications like banking, e-bill processing. All online services need robust security architecture for handling sensitive data like user name, password. But, The Web service has security problems that need to be solved. The existing security scheme lacks to defend the attacks from replay and password guessing attacks. In this study we proposed a new scheme for a secure authentication procedure for the web service to enhance the security of the existing schemes. The proposed system has been implemented with the Dynamic Nonce for validating the user with username and password which is embedded with WS-Security. The Dynamic Nonce has been implemented with the user’s mouse movement by satisfying the condition given in the proposed scheme. It has changed for every session because it is generated from user’s mouse movements. The system has analyzed with possible attacks. The proposed dynamic nonce based authentication scheme is suitable for lower.


INTRODUCTION
The XML web services need client authentication to prevent attacks. The system needs to share data of user information such as username, password in encrypted format which was implemented using WS-Security framework to provide message level security. WS-Security protects message contents, while transport service intermediaries and gives authentication and authorization control, which protects service provider from malicious requesters (Chang and Lee, 2012). WS-Security does not define any authentication ticket mechanism; instead, it defines how to use plain user name/password, Kerberos and X.509 tickets within the context of a SOAP header.
WS-Trust, WS-SecureConversation and WS-Federation define the protocols that help establish agreements between requester and provider about the kinds of security in use. WS-SecurityPolicy is used to declare a provider's requirements for security like strong authentication (Xu et al., 2012).
WS-Security header can be added to SOAP messages before sending to the service provider. The header should include authentication, authorization, encryption and signature. The provider can validate the credentials of the requester before executing the service. Invalid credentials, typically result in the return of an error message to the requester. Invalid credentials, will be returned to the client by an error message.
A WS-Security Username Token enables theend-user identity to be passed over multiple hops before reaching the destination Web service. The user identity is inserted into the message and is available for processing at each hop on its path. The client user name and password are encapsulated in a WS-Security <wsse:UsernameToken>. When the Enterprise Gateway receives this token, it performs the following tasks, depending on the requirements as shown in Fig. 1: • Ensure that the timestamp on the token is still valid • Authenticate the user name against a repository • Authenticate the user name and password against a repository The WS-Security specification, describes how to secure Web services at the message level, rather than at the transport protocol level or wire level. Existing transport-level solutions such as SSL/TLS provide solid point-to-point data encryption and authentication but have limitations if a message needs to be processed or examined by an intermediate service. For example, many organizations deploy an application-layer-filtering firewall to examine traffic before it is passed along to an internal network (Bertino et al., 2010).

Reviews of Related Schemes
There are many schemes have been proposed in literature, some of the schemes are reviewed in this study. Yang et al. (2005) proposed two password schemes: Time stamp based and nonce based password authentication schemes. This authentication scheme is shown in Fig. 2, which is based on Diffie-Hellman Key Exchange and improves the security of the SIP authentication scheme.

Off-line Password-Guessing Attack on Yang's Scheme
The client sends the messages to the server, an eavesdropping adversary can get the t 1 ⊕F (pw) in step1. Also, in step2, the adversary can get the t 2 ⊕F (pw). Now, the adversary can compute t 1 ⊕t 2 from the obtained messages: The adversary can generate a password f (pw') from the following equation and derive the corresponding t' 1 ⊕t' 2 then verify it by checking:

Review of Kim et al. (2005) Scheme
NONCE based scheme and Time stamp based scheme have been proposed by Kim et al. (2005). Each scheme has to be combined to with stand time stamp and Nonce usage in cryptanalytic attack. The Nonce based scheme needs time stamp to avoid off-line password guessing attack. The time stamp based scheme needs Nonce values to thwart the attacker from brute force attack. Wu and Weaver (2007) used intermediary-based, query-based and hybrid approaches to resolve the issues for different types of information in security tokens and proposes three exchange models accordingly. Authors also provided a comprehensive framework using Web services to exchange security tokens across security domains with suitable approaches and exchange models. Lee et al. (2005) created the sip authentication by using nonce based scheme. The scheme contains the registration phase and login phase. In registration phase, a client uses his identity (id), password (pw) and media address (ma), to construct token1 = (id||pw||ma) and h (token1).After receiving the message from user, the server genereates a random nonce, rs and computes h (rs). In the login and authentication phase of Lee scheme, there is no information to inform that the received data is fresh or replayed data which leads to replay attack.

Review of Shi Scheme
The author Shi and Yoo (2006) proposed siteauthenticated scheme. The system has implemented with exclusive OR operations. The server uses MAC address to protect data before sending which is not secure. The LAN card identifies the destination address in transmitting packet. In the OSI model, the network layer has to use its address to verify the device at destination. So, this scheme is not secure.

MATERIALS AND METHODS
The existing systems provide the static Nonce for user identification. The static Nonce can be easily hackable by brute force attack. The proposed system has been implemented with dynamic Nonce with the use of client's mouse movements.
The proposed system has been developed with one way hash function with Nonce and Time stamp. This scheme is an improved scheme from Yang et al. (2005) schemes. The proposed system provides secure authentication to prevent unauthorized access and to identify users for its session information, but the information returned by existing web services does not signed and encrypted. This system encodes a string that includes the password and a timestamp using the SHA-1 hashing algorithm. Including a timestamp to the password before sending the message will prevent replay attack.

Dynamic Nonce Generation
The Nonce has generated dynamically from the mouse movement of client system. The system calculates the different mouse movements and stores it into database for each session of communication. It collects fresh Nonce for all session. The first value of any X coordinate is treated as initial value and the Y value is considered to be a total number of iteration: • Get X 0 coordinates to set the initial value • Get Y 0 coordinates to set the total number of iterations Dynamic Nonce N 1 = R y n mod p The dynamic nonce has generated using above equation P which is a large prime number. This authentication is based on Diffie-Hellman Key Exchange and improves the security of the original Web service authentication scheme.

Registration and Login Phase
The new user has to register the username and password to become a legitimate user of remote server. The user name and password are stored in the database of remote server. The registration and login phase of the proposed scheme is shown in Fig. 3 and 4.

Registration Phase
A new Client C i sends the ID C , a hashed password F (PW) and T c to the service provider via secure channel.
Then the service provider sends g and p to the respective client. Thus the C i client registers user Id and password with the service provider.

Login Phase
If the Client C i wants get the resources of service provider P, P must authenticate the user U. To accomplish this C and P must perform following steps.
The step by step procedure for an user authentication is given below.

JCS
• C selects private random integer r1 < p and calculates t 1 = g r1 mod p. The value t 1 is public • C sends the service request with a dynamic Nonce N 1 , username, t 1 ⊕F(pw) and T c • Upon receiving message from C, P checks timestamp ∆T > T s -T c is true and stores N 1 into Nonce Table 1 and gets the value t 1 value by xoring. Provider P changes its id for every client from client's id and Nonce value of client • P selects private random integer r2<p and computes t 2 = g r2 mod p. The value t 2 is public. Then Provider P calculates K 1 = t 1 r2 mod p • The provider P sends challenge message to C which holds the data of Challenge(realm,t 2 ⊕F(pw),F(t 1 ,K 1 ),P,N 2 ,T s ) • After receiving message2 from provider, the C i verifies ∆T, N 1 of incoming message and stores N 2 .Then it calculates M by XOR the value of N 1 ,N 2 and K 2 = t 2 r1 mod p • Client C finds the t 2 value from challenge message by XOR F(pw) with (t 2 ⊕F(pw)). Then the client verifies F(t 1 ,K) to authenticate the provider • After authenticating the service provider P, it sends the responds message to Provider P Msg3: Response(username,realm,F(username,realm,K 2 ), (M,T c ) • Service provider receives the response message 3 from Client C. It verifies ∆T and N 2 by XOR operation with M to get N 1 to authenticate the client • Now Client gets the available services from services from service provider

Implementation
The secured system is implemented with C Sharp and WSE3.0 in .net environment to provide role based security. The proposed system supports role-based authorization of SOAP messages by constructing a security token within the SOAP message. The server and client find the incoming message and compare the password digest to a stored digest of the correct password. The timestamp must be recent otherwise the server will reject the user's login. The proposed system use public-key signatures to sign their messages so the server can be sure the contents of the message have not been viewed using diffie-helman key exchange algorithm and dynamic nonce.

RESULTS AND DISCUSSION
The Service provider publishes the server page to consume the service from the client side is shown in Fig.  5. The server maintains all incoming and outgoing message through web.config using WS-Security as shown in Fig. 6 and 7.
The encryption method has been implemented in username token which is implemented in authenticate token. Then, it is accessed through token checker libraries. The TokenCheckerlibrary (dll file) is registered with the web service. Through by adding TokenCheckerLibrary and UserNameToken in add tag which is under SecurityTokenManager tag of Web.Config file in Fig. 8. The add tag consists the details about UserNameToken like type, namespace and local name. The TokenChecker method has been called by service provider to retrieve the password of token Username to get a password from database for the given username. The service provider checks the password returned by TokenChecker and matches with the password in the SOAP header. If the password in SOAP header does not match with server's data, then server sends an exception will to the client. <wsse:UsernameToken> element provides a countermeasure for replay attacks: <wsse:Nonce> and <wsu:Created>. A dynamic nonce is a random value which is created by sender to include in each UsernameToken that it sends. Although using a nonce is an effective countermeasure against replay attacks, it requires a server to maintain a cache of used nonces and consumes the server resources. Combining a nonce with a created timestamp has the advantage of allowing a server to limit the cache of nonces to a "freshness" time period, establishing an upper bound on resource requirements.
A first approach to prevent this could be to specify a timeout value for the token, thus a request with an expired timestamp will not be accepted by the server. If the sender sets a timestamp of 60 seconds and the server receives the message later then 60 seconds after the given <Created>value, it simply rejects the whole request. This is easy to implement, but can also have some problems, like expired messages being accepted due to clock synchronization issues on the server.
Regarding time synchronisation issues, WS-Security provides the <Timestamp> header and for it uses <MouseMove> headers for random number generation. These can be very useful for message creation, receipt and processing. The schema outline for the <Timestamp> and <wsu:MouseMove> element has displayed in Fig. 9.  G<p and g is a primitive root of p C, P The user and the service provider ID x The identity of the entity X ∆T Expected time interval T c , T s Time stamp of client and service provider r x Private key r x <p for entity x T x Public key for entity x K x Secret key of client and provider ⊕ The XOR operator Nonce value of client and provider   Yang et al. (2005) No No Shi and Yoo (2006) No No Proposed Scheme yes yes  Lee et al. (2005) yes no yes no Shi and Yoo (2006) yes yes yes yes Proposed scheme yes yes yes yes Science Publications

Security Analysis
The security robustness of proposed scheme has been analyzed. The comparison with the related reviewed schemes on security properties of proposed scheme is summarized in Table 2 and its performance comparison has been listed in Table 3 and 4.

Replay Attack
The proposed system is a timestamp-based password authentication scheme, the replay attack is prevented by checking the freshness of the message. The expected time interval can be set by service provider. The service provider and client maintain the Nonce table to check the freshness of the random values. If the random value exceeds the expected time interval, that is T x (N2')>∆T, then the message of the attacker will be treated as old. Then the server or client discards the message.

Password Guessing Attack
An attacker tries to give different passwords by brute force or dictionary method from the legitimate user name in the Msg1: Request (username, t 1 '⊕F(pw)', N 1 ', T c '). The server will not respond the attacker's message. It is because attacker needs that exact value of t 1 .

Server Spoofing Attack
In this scheme, the client and service provider preshares the id and password. The message passed between the client and service provider needs id of sender for authentication. Even though the attacker knows the server id, the client rejects the message, because, the client analyses all incoming message for secret values. The attacker sends the message to client Msg2: Challenge (realm', t 2 '⊕F(pw)', F(t 1 ,K 1 )', P', N 2 ', T s ') the received message has checked for expected validity time, freshness of N 1 , F(pw) ⊕(t 2 '⊕F(pw)') will return value t 2 ' and K 2 = t 2 ' r1 mod p'is checked with value of K 1 is found false. The client will interpret that message sent by the server is a spoofed server.

Man-in-the middle Attack
An attacker cannot get the password or key value of client by using the Msg2: Challenge (realm', t 2 ' ⊕F(pw)', F(t 1 ,K 1 )', P', N 2 ', T s '). Because, the client checks the id of the service provider for each incoming message. Also, the client checks the validity of P', N 2 ', Ts'.

CONCLUSION
In a Web Service context, a dynamic business process may involve many applications and services from different organizations and security realms which are combined at runtime and collaborate a peerto-peer way. Web services are a hurriedly growing technology, especially in the service oriented enterprise. Web services have a lot to offer when it comes to creating enterprise-based applications for selling things over the internet. We have developed a new authentication scheme for web services applications in low cost effective method. It is well suitable for all types of systems with lower configurations. The proposed scheme has analyzed for various types of attacks in web services environment.

Future Work
We have planned to implement it using Kerberos token for multiple web services in the federated environment.

ACKNOWLEDGEMENT
The researchers would like to acknowledge the financial support provided by University Grant Commission, Govt of India, New Delhi. (UGC F.No. 41-1363.