SECURE FOR HANDHELD DEVICES AGAINST MALICIOUS SOFTWARE IN MOBILE NETWORKS USING MD5Ms. K.SuryaDepartment Of CSE,PG scholar, Kalasalingam Institute of TechnologyMail id:suryaa9210@gmail.com

ABSTRACTAs malware attacks become more frequently in mobile networks, deploying an efficient defense system to protect against infection and to help the infected nodes to recover is important to prevent serious spreading and outbreaks. Our scheme targets both the MMS and proximity malware at the same time, and considers the problem of signature distribution. Second, all these works assume that malware and devices are homogeneous, we take the heterogeneity of devices into account in deploying the system and consider the system resource limitations. From the aspect of malware, since some sophisticated malware that can bypass the signature detection would emerge with the development of the defense system, new defense mechanisms will be required. At the same time, our work considers the case of OS-targeting malware. Although most of the current existing malware is OS targeted, cross-OS malware will emerge and propagate in the near future. How to efficiently deploy the defense system with the consideration of cross-OS malware is another important problem. Introduce an optimal distributed solution to efficiently avoid malware spreading and to help infected nodes to recover.To encounter and diffuse the detected malware using MD5 algorithm. It helps us to evaluate the malware free transmission between nodes even helper nodes are also present.

I.INTRODUCTIONMalware is often disguised as a game, patch, utility, or other useful third-party software application. Malware can include spyware, viruses, and Trojans. Once installed, malware can initiate a wide range of attacks and spread itself onto other devices.The target landscape for malware attacks (i.e., viruses, spambots, worms, and other malicious software) has moved considerably from the large-scale Internet to the growingly popular mobile networks [1], with a total count of more than 350 known mobile malware instances reported in early 2007. This is mainly because of two reasons. One is the emergence of powerful mobile devices, such as the iPhone, Android, and Blackberry devices, and increasingly diversified mobile applications, such as multi-media messaging service (MMS), mobile games, and peer-to-peer file sharing. The other reason is the emergence of mobile Internet, which indirectly induces the malware. Amobile virusis malicious software that targetsmobile phonesor wireless-enabledPersonal digital assistants(PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security againstelectronic attacksin the form of viruses or othermalware. The Mobile phones differ from conventional desktop, in mobile devices/handheld devices, the resources are limited in terms of power, consumption of energy and memory. A malicious (or) malware application targets mainly this weakness. In the defense system, we use some special nodes named helper to distribute the signatures into the network. Generally speaking, the deployed helpers can be stationary base stations or access points. However, since mobile nodes are more efficient to disseminate content and information in the network.we focus on the case of mobile helpers. Consequently, there is limitation in storage on each mobile device for deploying the defense system. Although currently most smartphones have gigabytes of storage, users usually will not allocate all of them for the usage of malware defense. Our goal is to minimize the malware infected nodes in the system by appropriately allocating the limited storage with the consideration of different types of malware.Defense system distribute the optimal signature using special nodes.To deploy an efficient defense system to help infected nodes to recover and prevent healthy nodes from further infection.Avoiding whole network unnecessary redundancy using distribute signatures.The efficiency of our defense scheme in reducing the amount of infected nodes in the system.Security and authentication mechanisms should be considered.

II.RELATED WORKIn Existing System ,Develop a simulation and analytic model for Bluetooth worms, and show that mobility has a significant impact on the propagation dynamics.The former one has the limitations that signature flooding costs too much and the local view of each node constrains the global optimal solution.Not using design of defence System to detect malware. Could not optimally distribute the signature. In Proposed Approach,To deploy an efficient defense system to help infected nodes to recover and prevent healthy nodes from further infection.Introduce an optimal distributed solution to efficiently avoid malware spreading and to help infected nodes to recover.To encounter and diffuse the detected malware using digest algorithm.Create a mobile networks including a number of nodes. First defined number of nodes and also defined source node, destination node, intermediate nodes. The network contains heterogeneous devices as nodes. Mobile nodes are more efficient to disseminate content and information in the network.Helper nodes are referred to as special nodes.This node is used to

Fig:Architecture Diagramfocusing the all nodes.Helper node is intermediate node for every nodes in the network. File can be transmit from source node to destination node through the help of helpers node.Analyzing the malware nodes through passing the signatures. This signatures distributed for every intermediate node from source node to destination node with the help of the special node. The special node is the helper node. Helper node distribute the signatures for every intermediate nodes based on the file contents key will be generated.Detect the malware with the help of a content based signatures. Exponential parameter obtained from the contact records between helpers and general nodes.Every intermediate node receive the signatures from helper node and which intermediate nodes receiving the signatures twice.This time to detecting the malware spreading nodes and recovering the infected nodes.Digital signatures are often used to implementelectronic signatures, a broader term that refers to any electronic data that carries the intent of a signature,but not all electronic signatures use digital signaturesIn some countries, including the United States, India, Braziland members of theEuropeanUnion, electronic signatures have legal significance.Digital signatures employ a type ofasymmetric cryptography. For messages sent through a nonsecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. In many instances, common with Engineering companies for example, digital seals are also required for another layer of validation and security. Digital seals and signatures are equivalent to handwritten signatures and stamped seals.Digital signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes, in the sense used here, are cryptographically based, and must be implemented properly to be effective. Digital signatures can also providenon-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming theirprivate keyremains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid. Digitally signed messages may be anything representable as abit string: examples includeelectronic mail,contracts, or a message sent via some othercryptographic protocol.one of the main differences between a digital signature and a written signature is that the user does not "see" what he signs. The user application presents a hash code to be signed by the digital signing algorithm using the private key. An attacker who gains control of the user's PC can possibly replace the user application with a foreign substitute, in effect replacing the user's own communications with those of the attacker. This could allow a malicious application to trick a user into signing any document by displaying the user's original on-screen, but presenting the attacker's own documents to the signing application.To protect against this scenario, an authentication system can be set up between the user's application (word processor, email client, etc.) and the signing application. The general idea is to provide some means for both the user application and signing application to verify each other's integrity. For example, the signing application may require all requests to come from digitally signed binaries.III.Message Digest AlgorithmMD5 algorithm can be used as a digital signature mechanism.MD5 algorithm was developed by Professor Ronald L. Rivest in 1991. According to RFC 1321, MD5 message-digest algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.

Fig:MD5Algorithm StructureComparing to other digest algorithms, MD5 is simple to implement, and provides a "fingerprint" or message digest of a message of arbitrary length.It performs very fast on 32-bit machine.MD5 is being used heavily from large corporations, such as IBM, Cisco Systems, to individual programmers. MD5 is considered one of the most efficient algorithms currently available.MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data .The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.The MD5 algorithm is designed to be quite fast on 32-bit machines. In addition, the MD5 algorithm does not require any large substitution tables; the algorithm can be coded quite compactly.The MD5 algorithm is an extension of the MD4 message-digest algorithm. MD5 is slightly slower than MD4, but is more "conservative" in design. MD5 was designed because it was felt that MD4 was perhaps being adopted for use more quickly than justified by the existing critical review; because MD4 was designed to be exceptionally fast, it is "at the edge" in terms of risking successful cryptanalytic attack. MD5 backs off a bit, giving up a little in speed for a much greater likelihood of ultimate security. It incorporates some suggestions made by various reviewers, and contains additional optimizations. MD5 is very common hash function designed by Ronald Rivest.Nowadays, it is being commonly used for file integrity checking and as a message digest in digital signature schemes.A simplehash function takes some input, usually of indefinite length, and produces a small number that is significantly shorter than the input. The function ismany to one, in that many (possibly infinite) inputs may generate the same output value. The function is alsodeterministicin that the same output value is always generated for identical inputs. Hash functions are often used in mechanisms that require fast lookup for various inputs, such as symbol tables in compilers and spelling checkers.A message digest is also a hash function. It takes a variable length input- often an entire disk file- and reduces it to a small value (typically 128 to 512 bits). Give it the same input, and it always produces the same output. And, because the output is very much smaller than the potential input, for at least one of the output values there must be more than one input value that can produce it; we would expect that to be true for all possible output values for a good message digest algorithm.There are two other important properties of good message digest algorithms. The first is that the algorithm cannot be predicted or reversed. That is, given a particular output value, we cannot come up with an input to the algorithm that will produce that output, either by trying to find an inverse to the algorithm, or by somehow predicting the nature of the input required. With at least 128 bits of output, a brute force attack is pretty much out of the question, as there will be 1.7 x 1038possible input values of the same length to try, on average, before finding one that generates the correct output. Compare this with some of the figures given in "Strength of RSA" earlier in this chapter, and you'll see that this task is beyond anything anyone would be able to try with current technology. With numbers as large as these, the idea that any twodifferentdocuments produced at random during the course of human history would have the same 128-bit message digest is unlikely!The second useful property of message digest algorithms is that a small change in the input results in a significant change in the output. Change a single input bit, and roughly half of the output bits should change. This is actually a consequence of the first property, because we don't want the output to be predictable based on the input. However, this aspect is a valuable property of the message digest all by itself.Common Digest AlgorithmsThere are many message-digest functions available today. All of them work in roughly the same way, but they differ in speed and specific features.

1.MD2, MD4, and MD5One of the most widely used message digest functions is the MD5 function, which was developed by Ronald Rivest, is distributed byRSAData Security, and may be used freely without license costs. It is based on the MD4 algorithm, which in turn was based on the MD2 algorithm.TheMD2, MD4, and MD5 message digest functions all produce a 128-bit number from a block of text of any length. Each of them pads the text to a fixed-block size, and then each performs a series of mathematical operations on successive blocks of the input.MD2 was designed by Ronald Rivest and published inRFC1319. There are no known weaknesses in it, but it is very slow. To create a faster message-digest, Rivest developed MD4, which was published in InternetRFCS1186 and 1320. The MD4 algorithm was designed to be fast, compact, and optimized for machines with "little-endian" architectures.Some potential attacks against MD4 were published in the cryptographic literature, so Dr. Rivest developed the MD5 algorithm, published inRFC1321.It was largely a redesign of MD4, and includes one more round of internal operations and several significant algorithmic changes. Because of the changes, MD5 is somewhat slower than MD4. However, it is more widely accepted and used than the MD4 algorithm.Internet RFCs are a form of open standards documents. They can be downloaded or mailed, and they describe a common set of protocols and data structures for interpretability.As of early 1996, significant flaws have been discovered in MD4. As a result, the algorithm should not be used.2 .SHATheSecure Hash Algorithm was developed byNISTwith some assistance by theNSA. The algorithm appears to be closely related to the MD4 algorithm, except that it produces an output of 160 bits instead of 128. Analysis of the algorithm reveals that some of the differences from the MD4 algorithm are similar in purpose to the improvements added to the MD5 algorithm (although different in nature).3 .HAVALTheHAVALalgorithm is a modification of the MD5 algorithm, developed by YuliangZheng, JosefPieprzyk, and Jennifer Seberry. It can be modified to produce output hash values of various lengths, from 92 bits to 256. It also has an adjustable number of "rounds" (application of the internal algorithm). The result is thatHAVALcan be made to run faster than MD5, although there may be some corresponding decrease in the strength of the output. Alternatively,HAVALcan be tuned to produce larger and potentially more secure hash codes.4 .SNEFRUSNEFRUwas designed by Ralph Merkle to produce either 128-bit or 256-bit hash codes. The algorithm can also be run with a variable number of "rounds" of the internal algorithm. However, analysis by several cryptographers has shown thatSNEFRUhas weaknesses that can be exploited, and that you can find arbitrary messages that hash to a given 128-bit value if the 4-round version is used. Dr. Merkle currently recommends that only 8-roundSNEFRUbe used, but this algorithm is significantly slower than the MD5 orHAVALalgorithms.

IV.GREEDY ALGORITHM:A greedy algorithm for an optimization problem always makes the choice that looks best at the moment and adds it to the current subsolution. Examples already seen are Dijkstras shortest path algorithm and Prim/Kruskals MST algorithms .Greedy algorithms dont always yield optimal solutions but, when they do, theyre usually the simplest and most efficient algorithms available.In this section, we present numerical results with the goal of demonstrating that our greedy algorithm for the signature distribution, denoted OPT, achieves the optimal solution and yields significant enhancement on the system welfare compared with prior heuristic algorithms. Related to the heuristic algorithms, we consider 1) Important First (IF), which uses as many helpers as possible to store the signature of the most popular malware, 2) Uniform Random (UR), where each helper randomly selects the target signatures to store, and 3) Proportional Allocation (PA), which is a heuristic policy that assigns signatures with the uniform distribution proportional to the market sharing and the weights of different malware.. To simulate a more realistic scenario, we model the malware in the system according to the market share of different handset OS of 2009. In the simulation, we change the malware killing rate and spreading rate, and consider a system with nodes that can be infected by five different types of malware, which are RIM targeted malware 36 percent; Android targeted 28 percent; iPhone 21 percent; Windows Mobile 10 percent, and others 5 percent. We set N 500 and have 100 helpers with uniform random storage size from one to five signatures to deploy in the antimalware software. In the experimental setup, the number of initial infected nodes is set to be 10 percent of all nodes. Related to the utility function and weighting factors, we set Gk_kL __kL, L 2 _ 104 s and w 1=2; 1=4; 1=8; 1=16; 1=16& to differentiate the system contributions of different malware defending effects by considering the factor that usually the malware spreading in the largest market sharing OS would result in the most serious damage.The simulation results are shown in Fig. 2. Fig. 2a shows the number of infected nodes according to the malware recovering rates caused by the signature distribution in the centralized greedy algorithm. We can observe that the number of infected nodes decreases with the increase of recovering rate. Among different algorithms, IF provides the worst performance. Compared with other heuristic algorithms, our OPT algorithm reduces the number of infected nodes by 355.6, 127.3, and56 percent over the FI, UR, and PA on average, respectively.

V.CONCLUSIONSome malware coping schemes have been proposed to defend mobile devices against malware propagation. To prevent the malware spreading by MMS/ SMS, Zhu et al. propose a counter-mechanism to stop the propagation of a mobile worm by patching an optimal set of selected phones by extracting a social relationship graph between mobile phones via an analysis of the network traffic and contact books. This approach only targets the MMS spreading malware and has to be centrally implemented and deployed in the service providers network. To defend mobile networks from proximity malware by Bluetooth, Zyba et al. explore three strategies, including local detection, proximity signature dissemination, and broadcast signature dissemination. For detecting and mitigating proximity malware, Li etal.propose a community-based proximity malware coping scheme by utilizing the social community structure reflecting a stable and controllable granularity of security. These two works both target the proximity malware. The former one has the limitations that signature flooding costs too much and the local view of each node constrains the global optimal solution. Although the aftermath scheme integrates short term coping components to deal with individual malware and long-term evaluation components to offer vulnerability evaluation toward individual nodes, the social community information still need to be obtained in a centralized way. Khouzani et al investigate the optimal dissemination of security patches in mobile wireless network to counter the proximity malware threat by contact. In this paper, we investigate the problem of optimal signature distribution to defend mobile networks against the propagation of both proximity and MMS-based malware. We introduce a distributed algorithm that closely approaches the optimal system performance of a centralized solution. Through both theoretical analysis and simulations, we demonstrate the efficiency of our defense scheme in reducing the amount of infected nodes in the system. At the same time, a number of open questions remain unanswered. For example, the malicious nodes may inject some dummy signatures targeting no malware into the network and induce denial-of-service attacks to the defense system. Therefore, security and authentication mechanisms should be considered. From the aspect of malware, since some sophisticated malware that can bypass the signature detection would emerge with the development of the defense system, new defense mechanisms will be required. At the same time, our work considers the case of OStargeting malware. Although most of the current existing malware is OS targeted, cross-OS malware will emerge and propagate in the near future. How to efficiently deploy the defense system with the consideration of cross-OS malware is another important problem.

VI.REFERENCES[1] P. Wang, M. Gonzalez, C. Hidalgo, and A. Barabasi, Understanding the Spreading Patterns of Mobile Phone Viruses, Science, vol. 324, no. 5930, pp. 1071-1076, 2009.[2] M. Hypponen, Mobile Malwar, Proc. 16th USENIX Security Symp., 2007.[3] Z. Zhu, G. Cao, S. Zhu, S. Ranjan, and A. Nucci, A Social Network Based Patching Scheme for Worm Containment in Cellular Networks, Proc. IEEE INFOCOM, 2009.

[4] G. Zyba, G. Voelker, M. Liljenstam, A. Mehes, and P. Johansson, Defending Mobile Phones from Proximity Malware, Proc. IEEE INFOCOM, 2009.

[5] M. Khouzani, S. Sarkar, and E. Altman, Dispatch then Stop: Optimal Dissemination of Security Patches in Mobile Wireless Networks, Proc. IEEE 49th Conf. Decision and Control (CDC), pp. 2354-2359, 2010.

[6]E. Altman, A.P. Azad, and F. De Pellegrini, Optimal Activation and Transmission Control in Delay Tolerant Networks, Proc. IEEE INFOCOM, 2010.

[7] Yong Li, Pan Hui, Depeng Jin, Li Su, and LieguangZeng, Optimal Distributed Malware Defense in Mobile Networks with Heterogeneous Devices IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 13, NO. 2, FEBRUARY 2014

sed as a digital