183 An Identity-Based Mutual Authentication with Key Agreement

Now days mobile networks are rapid development by performing the e-commerce transaction such as online shopping, internet banking and epayment. So that to provide secure communication, authentication and key agreement is important issue in the mobile networks. Hence, schemes for authentication and key agreement have been studied widely. So that to provide efficient and more secure techniques is necessary. In this paper we are proposed random prime order key agreement protocol proposed for authentication and key agreement. Another technique is used to provide security of transferred data using key xor data transpose technique. By using this technique, we provide more security and more efficiency for transferring data.


INTRODUCTION
During secure communication, authentication should be performed to protect users and a secret session key should be established for confidentiality. As the development of cryptography, schemes for authentication and key agreement develop accordingly. Early schemes are based on passwords. The first password authentication scheme to authenticate a remote user over an insecure channel was proposed by Lamport. Introducing public key cryptography into cryptography, Diffie and Hellman proposed the first key agreement scheme. Many authentication and key agreement schemes based on traditional public key cryptography were constructed. Despite the vulnerability and lackness of authentication, Diffie and Hellman's key agreement scheme is the foundation for other schemes and most of key agreement schemes use Diffie and Hellman's technique. Since the introduction of identity based cryptography by Shamir , many identity-base cryptosystems were presented in application. It is not until Boneh and Franklin proposed an identity-base encryption scheme with bilinear pairings on elliptic curves that identity-base cryptography develops rapidly.
Cryptography is the study of "mathematical" systems involving two kinds of security problems: privacy and authentication. A privacy system prevents the extraction information by unauthorized parties from messages transmitted over a public channel, thus assuring the sender of a message that it is being read only in conventional cryptographic by the intended recipient. An authentication system prevents the unauthorized injection of messages into a public channel, assuring the receiver of a message of the legitimacy of its sender A channel is considered public if its security is inadequate for the needs of its users. A channel such as a telephone line may therefore be considered private by some users and public by others. Any channel may be threatened with eavesdropping or injection or both, depending on its use. In telephone communication, the threat of injection is paramount, since the called party cannot determine which phone is calling. Eavesdropping, which requires the use of a wiretap, is technically more difficult and legally hazardous. In radio, by comparison, the situation is reversed. Eavesdropping is passive and involves no legal hazard, while injection exposes the illegitimate transmitter to discovery and prosecution. Having divided our problems into those of privacy and authentication we will sometimes further subdivide authentication into message authentication, which is the problem defined above, and user authentication, in which the only task of the system is to verify that an individual is who he claims to be.

Existing System
During secure communication, authentication should be performed to protect users and a secret session key should be established for confidentiality. As the development of cryptography, schemes for authentication and key agreement develop accordingly. Early schemes are based on passwords. The first password authentication scheme to authenticate a remote user over an insecure channel was proposed by Lamport. Introducing public key cryptography into cryptography, Diffie and Hellman proposed the first key agreement scheme. Many authentication and key agreement schemes based on traditional public key cryptography were constructed. Since Diffie and Hellman's scheme lacks authentication and it is vulnerable to Man-in-the middle attack, then authentication with key agreement is necessary and attractive in practical implementation. Despite the vulnerability and laciness' of authentication, Diffie and Hellman's key agreement scheme is the foundation for other schemes and most of key agreement schemes use Diffie and Hellman's technique. Since the introduction of identity based cryptography by Shamir, many identity-base cryptosystems were presented in application. It is not until Boneh and Franklin proposed an identity-base encryption scheme with bilinear pairings on elliptic curves that identity-base cryptography develops rapidly. Various identity-based authentication and key agreement schemes are constructed and made into application. Some authentication schemes can be found in . However, these schemes do not provide mutual authentication and key exchange between the client and the server, which is required in mobile client-server environment.

PROPOSED SYSTEM
The proposed system contains mainly two concepts for the authentication, key agreement and security of transferring data. By implementing those concepts we can perform mutual authentication of users and key agreement in both users.
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 Page: 969 The process of mutual authentication and key agreement as follows.
Random prime order key agreement protocol: SA = for(int i=1;i<=Sa;i++) temp=(temp*SR)%P; 6. Send public key,SRand SAto Receiver. 7. The receiver also perform the step 1 to 5. 8. After that we can calculate RB value using following steps. RB = for(int i=1;i<=VB;i++) temp=(temp*SR)%P; 9. The Receiver will send RBvalue to Sender. 10. The sender will receive the RB value and calculate SA1and acknowledgment. 11. After calculating the sender will send to receiver . 12. The receiver will retrieve the both values and perform the authentication status. 13. After that the sender will generate key by using following equation. Key=for(int i=1;i<=RV;i++) temp=(temp*RB)%P; 14. The receiver will generate key by using following equation.
After generating shared key the sender will perform the encryption process as follows Key for data transpose technique: 1. The transferring message can be converted into 32 X 32 matrix format. 2. After generating matrix format we transpose into rows and columns. 3. After transpose matrix that data can be converted into Ascii values. 4. The transpose data AND key can be xor again convert into binary format. 5. After that binary data can be converted into ascii format and that data can be sended to receiver. 6. The receiver will retrieve that cipher data and perform the reverse process. 7. After completion of reverse process we can get original message.

Rquirement Analysis
Software Requirements: Functional requirements: It includes a set of use cases that describe all the interactions the users will have with the software.
Non-functional requirements: requirements which impose constraints on the design or implementation (such as performance engineering requirements, quality standards, or design constraints).

SOFTWARE DEVELOPMENT LIFE CYCLE
The Systems Development Life Cycle (SDLC), or Software Development Life Cycle in systems engineering, information systems and software engineering, is the process of creating or altering systems, and the models and methodologies that people use to develop these systems.
In software engineering the SDLC concept underpins many kinds of software development methodologies. These methodologies form the framework for planning and controlling the creation of an information system the software development process.

Software Model or Architecture Analysis: THE GENERAL MODEL
Software life cycle models describe phases of the software cycle and the order in which those phases are executed. There are tons of models, and many companies adopt their own, but all have very similar patterns. The general, basic model is shown below: The steps for Spiral Model can be generalized as follows:

Figure 1 System Development Life Cycle
The new system requirements are defined in as much details as possible. This usually involves interviewing a number of users representing all the external or internal users and other aspects of the existing system. A preliminary design is created for the new system. A first prototype of the new system is constructed from the preliminary design. This is usually a scaled-down system, and represents an approximation of the characteristics of the final product.
A second prototype is evolved by a fourfold procedure: 1. Evaluating the first prototype in terms of its strengths, weakness, and risks. 2. Defining the requirements of the second prototype. 3. Planning an designing the second prototype. 4. Constructing and testing the second prototype.
At the customer option, the entire project can be aborted if the risk is deemed too great. Risk factors might involve development cost overruns, operating cost miscalculation, or any other factor that could, in the customer's judgment, result in a less-than-satisfactory final product. The existing prototype is evaluated in the same manner as was the previous prototype, and if necessary, another prototype is developed from it according to the fourfold procedure outlined above.
The preceding steps are iterated until the customer is satisfied that the refined prototype represents the final product desired.
The final system is constructed, based on the refined prototype. The final system is thoroughly evaluated and tested. Routine maintenance is carried on a continuing basis to prevent large scale failures and to minimize down time.

SPIRAL LIFE CYCLE MODEL:
The spiral model is similar to the incremental model, with more emphases placed on risk analysis. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called Spirals in this model). The baseline spiral,starting in the planning phase, requirements are gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral. Requirements are gathered during the planning phase. In the risk analysis phase, a process is undertaken to identify risk and alternate solutions. A prototype is produced at the end of therisk analysis phase. Software is produced in the engineering phase, along with testing atthe end of the phase. The evaluation phase allows the customer to evaluate the output of the project to date before the project continues to the next spiral. In the spiral model, the angular component represents progress, and the radius of the spiral represents cost.

TESTING
Software testing can also be stated as the process of validating and verifying that a software program/application/product: 1. meets the business and technical requirements that guided its design and development; 2. Works as expected; and 3. Can be implemented with the same characteristics. software according to the applicable requirements. Thus, the tester inputs data into, and only sees the output from, the test object. This level of testing usually requires thorough test cases to be provided to the tester, who then can simply verify that for a given input, the output value (or behavior), either "is" or "is not" the same as the expected value specified in the test case. Specification-based testing is necessary, but it is insufficient to guard against certain risks.

CONCLUSION
This paper proposes random prime order key protocol and key xor data transpose technique for mobile client server environment. Compared with known our scheme is more efficient and good properties against for various types of attacks. This paper also provides more security of transferring data. So that by implementing those techniques we can improve efficiency given project and also provide more security for transferring data.