SECURE FOR HANDHELD DEVICES AGAINST MALICIOUS

SOFTWARE IN MOBILE NETWORKS USING MD5

Ms. K.Surya
Department Of CSE,
PG scholar, Kalasalingam Institute of Technology
Mail id:suryaa9210@gmail.com
ABSTRACTAs
malware
attacks
become more frequently in mobile
networks, deploying an efficient defense
system to protect against infection and to
help the infected nodes to recover is
important to prevent serious spreading
and outbreaks. Our scheme targets both
the MMS and proximity malware at the
same time, and considers the problem of
signature distribution. Second, all these
works assume that malware and devices
are
homogeneous,
we
take
the
heterogeneity of devices into account in
deploying the system and consider the
system resource limitations. From the
aspect
of
malware,
since
some
sophisticated malware that can bypass the
signature detection would emerge with
the development of the defense system,
new defense mechanisms will be required.
At the same time, our work considers the
case of OS-targeting malware. Although
most of the current existing malware is
OS targeted, cross-OS malware will
emerge and propagate in the near future.
How to efficiently deploy the defense
system with the consideration of cross-OS
malware is another important problem.
Introduce an optimal distributed solution
to efficiently avoid malware spreading
and to help infected nodes to recover.To
encounter and diffuse the detected
malware using MD5 algorithm. It helps
us to evaluate the malware free
transmission between nodes even helper
nodes are also present.

I.INTRODUCTION
Malware is often disguised as a game, patch,
utility, or other useful third-party software
application. Malware can include spyware,
viruses, and Trojans. Once installed,
malware can initiate a wide range of attacks
and spread itself onto other devices.The
target landscape for malware attacks (i.e.,
viruses, spambots, worms, and other
malicious
software)
has
moved
considerably from the large-scale Internet to
the growingly popular mobile networks [1],
with a total count of more than 350 known
mobile malware instances reported in early
2007. This is mainly because of two reasons.
One is the emergence of powerful mobile
devices, such as the iPhone, Android, and
Blackberry devices, and increasingly
diversified mobile applications, such as
multi-media messaging service (MMS),
mobile games, and peer-to-peer file sharing.
The other reason is the emergence of mobile
Internet, which indirectly induces the
malware.
A mobile virus is malicious software
that targets mobile phones or wirelessenabled Personal digital assistants (PDA),
by causing the collapse of the system and
loss or leakage of confidential information.
As wireless phones and PDA networks have
become more and more common and have
grown in complexity, it has become
increasingly difficult to ensure their safety
and security against electronic attacks in the
form of viruses or other malware. The
Mobile phones differ from conventional
desktop, in mobile devices/handheld

devices, the resources are limited in terms of

power, consumption of energy and memory.
A malicious (or) malware application targets
mainly this weakness.
In the defense system, we use some special
nodes named helper to distribute the
signatures into the network. Generally
speaking, the deployed helpers can be
stationary base stations or access points.
However, since mobile nodes are more
efficient to disseminate content and
information in the network.we focus on the
case of mobile helpers. Consequently, there
is limitation in storage on each mobile
device for deploying the defense system.
Although currently most smartphones have
gigabytes of storage, users usually will not
allocate all of them for the usage of malware
defense. Our goal is to minimize the
malware infected nodes in the system by
appropriately allocating the limited storage
with the consideration of different types of
malware.Defense system distribute the
optimal signature using special nodes.To
deploy an efficient defense system to help
infected nodes to recover and prevent
healthy
nodes
from
further
infection.Avoiding
whole
network
unnecessary redundancy using distribute
signatures.The efficiency of our defense
scheme in reducing the amount of infected
nodes in the system.Security and
authentication mechanisms should be
considered.

Approach,To deploy an efficient defense

system to help infected nodes to recover and
prevent healthy nodes from further
infection.Introduce an optimal distributed
solution to efficiently avoid malware
spreading and to help infected nodes to
recover.To encounter and diffuse the
detected malware using digest algorithm.
Create a mobile networks including a
number of nodes. First defined number of
nodes and also defined source node,
destination node, intermediate nodes. The
network contains heterogeneous devices as
nodes. Mobile nodes are more efficient to
disseminate content and information in the
network.Helper nodes are referred to as
special nodes.This node is used to

II.RELATED WORK
In Existing System ,Develop a simulation
and analytic model for Bluetooth worms,
and show that mobility has a significant
impact on the propagation dynamics.The
former one has the limitations that signature
flooding costs too much and the local view
of each node constrains the global optimal
solution.Not using design of defence System
to detect malware. Could not optimally
distribute the signature. In Proposed

focusing the all nodes.Helper node is

intermediate node for every nodes in the
network. File can be transmit from source
node to destination node through the help of
helpers node.Analyzing the malware nodes
through passing the signatures. This
signatures distributed for every intermediate
node from source node to destination node
with the help of the special node. The
special node is the helper node. Helper node
distribute the signatures for every
intermediate nodes based on the file contents

Fig:Architecture Diagram

key will be generated.Detect the malware

with the help of a content based signatures.
Exponential parameter obtained from the
contact records between helpers and general
nodes.Every intermediate node receive the
signatures from helper node and which
intermediate nodes receiving the signatures
twice.This time to detecting the malware
spreading nodes and recovering the infected
nodes.
Digital signatures are often used to
implement electronic signatures, a broader
term that refers to any electronic data that
carries the intent of a signature, but not all
electronic
signatures
use
digital
signatures In some countries, including the
United States, India, Braziland members of
the EuropeanUnion, electronic signatures
have legal significance.
Digital
signatures
employ a type
of asymmetric cryptography. For messages
sent through a nonsecure channel, a properly
implemented digital signature gives the
receiver reason to believe the message was
sent by the claimed sender. In many
instances, common with Engineering
companies for example, digital seals are also
required for another layer of validation and
security. Digital seals and signatures are
equivalent to handwritten signatures and
stamped seals. Digital signatures are
equivalent to traditional handwritten
signatures in many respects, but properly
implemented digital signatures are more
difficult to forge than the handwritten type.
Digital signature schemes, in the sense used
here, are cryptographically based, and must
be implemented properly to be effective.
Digital signatures can also provide nonrepudiation, meaning that the signer cannot

successfully claim they did not sign a

message, while also claiming their private
key remains secret; further, some nonrepudiation schemes offer a time stamp for
the digital signature, so that even if the
private key is exposed, the signature is valid.
Digitally signed messages may be anything
representable as a bit string: examples
include electronic mail, contracts, or a
message sent via some other cryptographic
protocol.one of the main differences
between a digital signature and a written
signature is that the user does not "see" what
he signs. The user application presents a
hash code to be signed by the digital signing
algorithm using the private key. An attacker
who gains control of the user's PC can
possibly replace the user application with a
foreign substitute, in effect replacing the
user's own communications with those of
the attacker. This could allow a malicious
application to trick a user into signing any
document by displaying the user's original
on-screen, but presenting the attacker's own
documents to the signing application.
To protect against this scenario, an
authentication system can be set up between
the user's application (word processor, email
client, etc.) and the signing application. The
general idea is to provide some means for
both the user application and signing
application to verify each other's integrity.
For example, the signing application may
require all requests to come from digitally
signed binaries.

III.Message Digest Algorithm

MD5 algorithm can be used as a digital
signature mechanism.MD5 algorithm was

developed by Professor Ronald L. Rivest in

1991. According to RFC 1321, MD5
message-digest algorithm takes as input a
message of arbitrary length and produces as
output a 128-bit "fingerprint" or "message
digest" of the input.The MD5 algorithm is
intended for digital signature applications,
where a large file must be "compressed" in a
secure manner before being encrypted with a
private (secret) key under a public-key
cryptosystem such as RSA.

Fig:MD5Algorithm Structure
Comparing to other digest algorithms, MD5
is simple to implement, and provides a
"fingerprint" or message digest of a message
of arbitrary length.It performs very fast on
32-bit machine.MD5 is being used heavily
from large corporations, such as IBM, Cisco
Systems, to individual programmers. MD5
is considered one of the most efficient
algorithms currently available.MD5 is an
algorithm that is used to verify data integrity
through the creation of a 128-bit message
digest from data input (which may be a

message of any length) that is claimed to be

as unique to that specific data .The
algorithm takes as input a message of
arbitrary length and produces as output a
128-bit "fingerprint" or "message digest" of
the input. It is conjectured that it is
computationally infeasible to produce two
messages having the same message digest,
or to produce any message having a given
prespecified target message digest. The
MD5 algorithm is intended for digital
signature applications, where a large file
must be "compressed" in a secure manner
before being encrypted with a private
(secret)
key
under
a
public-key
cryptosystem such as RSA.The MD5
algorithm is designed to be quite fast on 32bit machines. In addition, the MD5
algorithm does not require any large
substitution tables; the algorithm can be
coded quite compactly.The MD5 algorithm
is an extension of the MD4 message-digest
algorithm. MD5 is slightly slower than
MD4, but is more "conservative" in design.
MD5 was designed because it was felt that
MD4 was perhaps being adopted for use
more quickly than justified by the existing
critical review; because MD4 was designed
to be exceptionally fast, it is "at the edge" in
terms of risking successful cryptanalytic
attack. MD5 backs off a bit, giving up a
little in speed for a much greater likelihood
of ultimate security. It incorporates some
suggestions made by various reviewers, and
contains additional optimizations. MD5 is
very common hash function designed by
Ronald Rivest.Nowadays, it is being
commonly used for file integrity checking
and as a message digest in digital signature
schemes.A simple hash function takes some
input, usually of indefinite length, and

produces a small number that is significantly

shorter than the input. The function is many
to one, in that many (possibly infinite)
inputs may generate the same output value.
The function is also deterministic in that the
same output value is always generated for
identical inputs. Hash functions are often
used in mechanisms that require fast lookup
for various inputs, such as symbol tables in
compilers and spelling checkers.A message
digest is also a hash function. It takes a
variable length input - often an entire disk
file - and reduces it to a small value
(typically 128 to 512 bits). Give it the same
input, and it always produces the same
output. And, because the output is very
much smaller than the potential input, for at
least one of the output values there must be
more than one input value that can produce
it; we would expect that to be true for all
possible output values for a good message
digest algorithm.
There are two other important properties of
good message digest algorithms. The first is
that the algorithm cannot be predicted or
reversed. That is, given a particular output
value, we cannot come up with an input to
the algorithm that will produce that output,
either by trying to find an inverse to the
algorithm, or by somehow predicting the
nature of the input required. With at least
128 bits of output, a brute force attack is
pretty much out of the question, as there will
be 1.7 x 1038 possible input values of the
same length to try, on average, before
finding one that generates the correct output.
Compare this with some of the figures given
in "Strength of RSA" earlier in this chapter,
and you'll see that this task is beyond
anything anyone would be able to try with

current technology. With numbers as large as

these,
the
idea
that
any
two different documents produced at random
during the course of human history would
have the same 128-bit message digest is
unlikely!The second useful property of
message digest algorithms is that a small
change in the input results in a significant
change in the output. Change a single input
bit, and roughly half of the output bits
should change. This is actually a
consequence of the first property, because
we don't want the output to be predictable
based on the input. However, this aspect is a
valuable property of the message digest all
by itself.
Common Digest Algorithms
There are many message-digest
functions available today. All of them work
in roughly the same way, but they differ in
speed and specific features.

1.MD2, MD4, and MD5

One of the most widely used

message digest functions is the MD5
function, which was developed by Ronald
Rivest, is distributed by RSA Data Security,
and may be used freely without license
costs. It is based on the MD4 algorithm,
which in turn was based on the MD2
algorithm.TheMD2, MD4, and MD5
message digest functions all produce a 128bit number from a block of text of any
length. Each of them pads the text to a fixedblock size, and then each performs a series
of mathematical operations on successive
blocks of the input.MD2 was designed by

Ronald Rivest and published in RFC 1319.

There are no known weaknesses in it, but it
is very slow. To create a faster messagedigest, Rivest developed MD4, which was
published in Internet RFCS 1186 and 1320.
The MD4 algorithm was designed to be fast,
compact, and optimized for machines with
"little-endian" architectures.Some potential
attacks against MD4 were published in the
cryptographic literature, so Dr. Rivest
developed the MD5 algorithm, published
in RFC 1321.It was largely a redesign of
MD4, and includes one more round of
internal operations and several significant
algorithmic changes. Because of the
changes, MD5 is somewhat slower than
MD4. However, it is more widely accepted
and used than the MD4 algorithm.Internet
RFCs are a form of open standards
documents. They can be downloaded or
mailed, and they describe a common set of
protocols
and
data
structures
for
interpretability.As of early 1996, significant
flaws have been discovered in MD4. As a
result, the algorithm should not be used.
2 .SHA
The Secure Hash Algorithm was
developed by NIST with some assistance by
the NSA. The algorithm appears to be
closely related to the MD4 algorithm, except
that it produces an output of 160 bits instead
of 128. Analysis of the algorithm reveals
that some of the differences from the MD4
algorithm are similar in purpose to the
improvements added to the MD5 algorithm
(although different in nature).
3 .HAVAL

The HAVAL algorithm

is
a
modification of the MD5 algorithm,
developed by YuliangZheng, Josef Pieprzyk,
and Jennifer Seberry. It can be modified to
produce output hash values of various
lengths, from 92 bits to 256. It also has an
adjustable number of "rounds" (application
of the internal algorithm). The result is
that HAVAL can be made to run faster than
MD5, although there may be some
corresponding decrease in the strength of the
output. Alternatively, HAVAL can be tuned
to produce larger and potentially more
secure hash codes.
4 .SNEFRU

SNEFRU was designed by Ralph

Merkle to produce either 128-bit or 256-bit
hash codes. The algorithm can also be run
with a variable number of "rounds" of the
internal algorithm. However, analysis by
several
cryptographers
has
shown
that SNEFRU has weaknesses that can be
exploited, and that you can find arbitrary
messages that hash to a given 128-bit value
if the 4-round version is used. Dr. Merkle
currently recommends that only 8round SNEFRU be used, but this algorithm
is significantly slower than the MD5
or HAVAL algorithms.

IV.GREEDY ALGORITHM:
A greedy algorithm for an
optimization problem always makes the
choice that looks best at the moment and

adds it to the current subsolution. Examples

already seen are Dijkstras shortest path
algorithm
and
Prim/Kruskals MST
algorithms .Greedy algorithms dont always
yield optimal solutions but, when they do,
theyre usually the simplest and most
efficient algorithms available.
In this section, we present numerical
results with the goal of demonstrating that
our greedy algorithm for the signature
distribution, denoted OPT, achieves the
optimal solution and yields significant
enhancement on the system welfare
compared with prior heuristic algorithms.
Related to the heuristic algorithms, we
consider 1) Important First (IF), which uses
as many helpers as possible to store the
signature of the most popular malware, 2)
Uniform Random (UR), where each helper
randomly selects the target signatures to
store, and 3) Proportional Allocation (PA),
which is a heuristic policy that assigns
signatures with the uniform distribution
proportional to the market sharing and the
weights of different malware.. To simulate a
more realistic scenario, we model the
malware in the system according to the
market share of different handset OS of
2009. In the simulation, we change the
malware killing rate and spreading rate, and
consider a system with nodes that can be
infected by five different types of malware,
which are RIM targeted malware 36 percent;
Android targeted 28 percent; iPhone 21
percent; Windows Mobile 10 percent, and
others 5 percent. We set N 500 and have
100 helpers with uniform random storage
size from one to five signatures to deploy in
the
antimalware
software.
In
the

experimental setup, the number of initial

infected nodes is set to be 10 percent of all
nodes. Related to the utility function and
weighting factors, we set Gk_kL __kL, L
2 _ 104 s and w 1=2; 1=4; 1=8; 1=16;
1=16& to differentiate the system
contributions of different malware defending
effects by considering the factor that usually
the malware spreading in the largest market
sharing OS would result in the most serious
damage.The simulation results are shown in
Fig. 2. Fig. 2a shows the number of infected
nodes according to the malware recovering
rates caused by the signature distribution in
the centralized greedy algorithm. We can
observe that the number of infected nodes
decreases with the increase of recovering
rate. Among different algorithms, IF
provides the worst performance. Compared
with other heuristic algorithms, our OPT
algorithm reduces the number of infected
nodes by 355.6, 127.3, and56 percent over
the FI, UR, and PA on average, respectively.

V.CONCLUSION
Some malware coping schemes have been
proposed to defend mobile devices against
malware propagation. To prevent the
malware spreading by MMS/ SMS, Zhu et
al. propose a counter-mechanism to stop the
propagation of a mobile worm by patching
an optimal set of selected phones by
extracting a social relationship graph
between mobile phones via an analysis of
the network traffic and contact books. This
approach only targets the MMS spreading
malware and has to be centrally
implemented and deployed in the service
providers network. To defend mobile
networks from proximity malware by
Bluetooth, Zyba et al. explore three
strategies, including local detection,

proximity signature dissemination, and

broadcast signature dissemination. For
detecting and mitigating proximity malware,
Li
etal.propose
a
community-based
proximity malware coping scheme by
utilizing the social community structure
reflecting a stable and controllable
granularity of security. These two works
both target the proximity malware. The
former one has the limitations that signature
flooding costs too much and the local view
of each node constrains the global optimal
solution. Although the aftermath scheme
integrates short term coping components to
deal with individual malware and long-term
evaluation components to offer vulnerability
evaluation toward individual nodes, the
social community information still need to
be obtained in a centralized way. Khouzani
et al investigate the optimal dissemination of
security patches in mobile wireless network
to counter the proximity malware threat by
contact. In this paper, we investigate the
problem of optimal signature distribution to
defend mobile networks against the
propagation of both proximity and MMSbased malware. We introduce a distributed
algorithm that closely approaches the
optimal system performance of a centralized
solution. Through both theoretical analysis
and simulations, we demonstrate the
efficiency of our defense scheme in reducing
the amount of infected nodes in the system.
At the same time, a number of open
questions remain unanswered. For example,
the malicious nodes may inject some
dummy signatures targeting no malware into
the network and induce denial-of-service
attacks to the defense system. Therefore,
security and authentication mechanisms
should be considered. From the aspect of
malware, since some sophisticated malware
that can bypass the signature detection
would emerge with the development of the
defense system, new defense mechanisms
will be required. At the same time, our work

considers the case of OStargeting malware.

Although most of the current existing
malware is OS targeted, cross-OS malware
will emerge and propagate in the near future.
How to efficiently deploy the defense
system with the consideration of cross-OS
malware is another important problem.

VI.REFERENCES
[1] P. Wang, M. Gonzalez, C. Hidalgo, and
A. Barabasi, Understanding the Spreading
Patterns of Mobile Phone Viruses, Science,
vol. 324, no. 5930, pp. 1071-1076, 2009
.
[2] M. Hypponen, Mobile Malwar, Proc.
16th USENIX Security Symp., 2007
.
[3] Z. Zhu, G. Cao, S. Zhu, S. Ranjan, and
A. Nucci, A Social Network Based
Patching Scheme for Worm Containment in
Cellular Networks, Proc. IEEE INFOCOM,
2009.
[4] G. Zyba, G. Voelker, M. Liljenstam, A.
Mehes, and P. Johansson, Defending
Mobile Phones from Proximity Malware,
Proc. IEEE INFOCOM, 2009.
[5] M. Khouzani, S. Sarkar, and E. Altman,
Dispatch then Stop: Optimal Dissemination
of Security Patches in Mobile Wireless
Networks, Proc. IEEE 49th Conf. Decision
and Control (CDC), pp. 2354-2359, 2010.
[6]E. Altman, A.P. Azad, and F. De
Pellegrini,
Optimal Activation
and
Transmission Control in Delay Tolerant
Networks, Proc. IEEE INFOCOM, 2010.
[7] Yong Li, Pan Hui, Depeng Jin, Li Su,
and LieguangZeng, Optimal Distributed
Malware Defense in Mobile Networks with
Heterogeneous
Devices
IEEE
TRANSACTIONS
ON
MOBILE
COMPUTING, VOL. 13, NO. 2,
FEBRUARY 2014

sed as a digital