In this session, we designed a scientific methodology which enables us to achieve our objectives set so far.
Internal architecture of our proposed architecture has the following components. These are Message formatting module, privacy protection module, message digest generation, message digest exchange, message digest partitioning, encryption key generation, message encryption, distance calculation, intelligent searching operation, grouping of controlled lists. For each component, there are detail description sequentially.
Description
The above Fig. 3.1 describes about the proposed methodology that shows how it works in order to achieve the objectives set so far. The user has android application which collects location details like latitude, longitude and timestamp from GPS. Note that, we are assuming that this location information gathering is done through android app on smart phone. This is just assumption because we are going to design our model, and the central goal of our work is do design secured system with state-of-art algorithm called Tabu searching algorithm [12, 13, 14, 15].
Since the collected information is GPS coordinates which are represented in degree, minute and second, it is impossible to directly process this information. So, it should be formatted into Decimal Degree which converts minute and second into degree. Then, authentication mechanism is started in order to identify who is the user.
The operation of authentication uses Secure Hash Algorithm (SHA-256). The SHA-256 hashing algorithm takes variable-length of message as input and produces fixed-size digest value, 256 bit-size in our case [16, 17]. Its message size should be less than 264 with 512 bit-size block, 32 bit-size word, and 64 number of steps to produce 256 bit-size output. This is simply the procedure how it works. During its digest computation, it takes input from user as usual like password. The thing which specifically identifies our contribution is that during input intake, it takes formatted location information having appended the current hour and minute of respective user. The user should thoroughly enter his current hour and minute by appending with location information. In actual hashing computation, the algorithm takes input message randomly which exposes user to collision attack. But in our methodology, we purposely select the input message in this manner so as to prevent the collision attack which is an occurrence of the same hash value for different message regarding authentication key, token value [18]. Therefore, our selection in this methodology on parameter selectin critically guarantees the user authentication.
In security, key deployment and key exchange is another headache because man-in-middle attack can attack the key during logging into the system. In order to securely store the key, we proposed the hashed key (token) should be stored in separate authentication key as Kerberos server after the key generation at client side. When user enters into the system, he should enter formatted location information with his current hour and minute, then it should be hashed and sent to the server, the server computes a new hash value (token) value by using the same hashing algorithm and compares it with the hash already stored during user registration. If it mismatches, it is understood that the message or hash value has been attacked, if not, it works.
Having said this, the next step is encryption key generation used to encrypt formatted location information to be sent to computation server. The algorithm here we used to be Advanced Encryption Standard (AES). Because AES is secure encryption algorithm which has not been cracked so far by cryptanalyst [19, 20]. The round we used here is 10 rounds with 128-bit size for input data. To make it compatible with encryption key size, we again used 128 bit-size key for encryption.
But the thing is where do we get key for round 0 since we have already input message (formatted location information)? Here is the logic, we purposely get our round 0 key from hashed value which has been utilized for authentication rather than selecting the key randomly. Because random number selection discloses to easy Brute-force attack or cryptanalyst. The reason of generating encryption key in this manner is again the same reason we did for authentication key generation. Since the size of hash value is 256 bit-size, we partition the hash value into two halves, Left-Hand Side (LHS) and Right-Hand Side (RHS) with 128 bit-size each. From this partition, we select LHS as our encryption key for round 0 which is hashed value. This makes our encryption scheme more secure. Since AES is symmetric algorithm having same key shared between two communicating parties, client and server.
At the client side, the respective user should send scrambled location information having logged into the system with their token. Then, the database server stores cipher text of location information blindly. If there is any suspected user recorded in authorized office, Ministry of Health, then the authorized person at server-side searches for suspected user by entering the infected user’s mobile number. Then, the computational server searches the targeted user’s mobile number from database server and calculates distance for all registered users having decrypted the location information by using secret shared key. The parameters used to list all suspected as solution list are calculated distance in meter less or equal to 2 and the timestamp between 5 minutes before and after referencing the infected user. Additionally, we have also used the adaptively computed size for risky area from total problem instance using TS algorithm to predict or show the areas which are considered as risky for the purpose governmental intervention to control the spread of the pandemic disease. By doing so, the model lists all suspected users whose distance in meter is less or equal to 2 and the update of timestamp in ranges of ± 5 in referencing the infected user. The distance computation is performed on plaintext of sent location information by using Euclidean distance which is used to measure the distance between two points [21, 22]. In order to search suspected users efficiently, we used TS technique which is optimized tabu heuristic searching algorithm to get the search of target using tabu tenure and aspiration criteria as main components [13]. The searching technique identifies already visited search list in separate buffer to reduce repeated moving surrounding the related targets. This identified list helps us to predict which area is highly exposed for the spreading of Corona virus at the end.
3.1. Modeling Assurance and Security System for Location Information
In this technology compelled world, information is flowing in-out without our conscious consideration regarding an issue of security. Because, most of the users and providers of digital services think about the security after lunch. This growths in advance and leads to losing and breaching of our information. And it is too difficult task in detecting, protecting and recovering of our valuable information having been disclosed to users who we don’t allow to do so. Billions of people in the world use mobile phones for their daily activities [23]. The progress of mobile users’ increasement is not hesitated; it is increasing and considered as necessity in today’s digital world.
The challenge in smartphone digital arena is securing the information in transit and information sources as well. Undeniably, there are advanced security mechanism like modern cryptographic algorithms can be applied so as to secure the information. But the storage and computation cost of the mobile device is another big challenge nowadays.
Therefore, developing lightweight security mechanism for mobile device is highly recommended research work. The main part of this research work is developing security mechanism for smartphones users using location information.
3.1.1. Message Formatting Procedure for Location Information
Since location information gathered from GPS through specified API is represented in degrees, minutes and second format. So, computing this original collected value is impossible to perform encryption and authentication techniques. Therefore, it is mandatory to format the collected location information (Latitude and Longitude) in the format suitable for our modeling. To do so, we use Decimal Degree system (DD) [24] which expresses geographic coordinates of latitude and longitude in decimal fractions. The decimal degree is alternative way of using degree, minute and second of the geographic coordinates.
$$DD=Degree+\frac{Minute}{60}+\frac{Second}{3600}\dots \dots \dots .\left(1\right)$$
3.1.2. Authentication Key Generation Procedure
Authentication is security service used to identify who is who in order to use the service provided by legitimate server.
In our case, we considered location information like latitude, longitude and timestamp are inputs to generate key rather than selecting the keys randomly. Because in random selection, as the study shows [25] there is HTTP-Brute-force attack which can estimate the number in trial and error.
3.1.3. Symmetric Key Encryption System
In order to secure our location information gathered and stored in user’s smart phone, the data encryption technique is used so as to ensure the data confidentiality from its disclosure. To do this, we followed symmetric key encryption scheme which used shared key between two communicating entities.
Encryption key
In this case, we preferred to select the LHS of result of authentication key which is resulted from location information with time stamp entered by mobile users.
Location Information Encryption Protocol using AES
In our case, we used Advanced Encryption Standard (AES) for data encryption. The reason for choosing of the technique is that AES is not cracked by any cracker as it has been reported in [19].
AES: is symmetric encryption algorithm which uses 128,192, and 256-bit sizes of data for message and encryption key. It amalgamates the different sizes of keys and data for rounds of 10,12 and 14 respective bit sizes.
In our case, we use 128-bit for both plaintext and encryption key and the process has 10 rounds to encrypt the location information.
Encryption key data for round 0 is half of leftmost hashed value of our previous authentication key computed from location information. Since the algorithm used for authentication is SHA-256 whose bit-size is 256. This logic makes our security design special and exceptional so far rather than using random value as key for authentication and encryption mechanisms.
3.1.4. Location Information to Distance Conversion
In order to compute the distance between two GPS coordinates, we have to use Euclidean Distance [21] which is used to measure a distance between two points on plane. The formula for Euclidean distance is here:
$$d=\sqrt{{{(x}_{2}-{x}_{1})}^{2}+{({y}_{2}-{y}_{1})}^{2}}\dots \dots \dots \dots \dots \dots \dots \dots \dots ..\left(2\right)$$
Where \(d\) is distance between two points, x1, x2, y1 and y2 are latitude and longitude of formatted coordinates for two points respectively.
3.2. Modelling Intelligent Searching Algorithm
3.2.1. Tabu Searching Algorithm
The location information gathered from mobile user is sent to storage server having encrypted using symmetric key cryptography. The latitude and longitude of user’s information encrypted is stored at the server with encryption key and mobile phone.
Then, when it is needed to do searching for any suspected user from database, we use Tabu searching algorithm having decrypted location information first.
Tabu search is a metaheuristic algorithm which is used to guide optimization algorithms in the search for a globally optimal solution [26, 27].
The adaptive memory feature of TS allows the implementation of procedures that are capable of searching the solution space economically and effectively. TS contrasts with memoryless designs that heavily rely on semi-random processes that implement a form of sampling.
TS can be directly applied to virtually any kind of optimization problem [26].
The TS is optimized tabu heuristic searching algorithm to get the search of target using tabu tenure and aspiration criteria as main components.
TS begins in the same way as ordinary local or neighborhood search, proceeding iteratively from one point (solution) which is first current solution to another until a chosen termination criterion is satisfied.
There are many application areas for TS algorithms. Some of these [13] are scheduling, telecommunication, probabilistic logic, data mining, graph optimization, routing, production, inventory, investment and more and more. Among these surplus applications, we have chosen data mining and probabilistic logic can be best fit with our application area. Because, in our case we consider multi-modal criteria as location and timestamp information. Since the problem space is very large, from this instance, we look for specific suspected users in relative to infected user according to our satisfaction criteria. So, the probability of searching is conditional. And if its satisfaction criteria is achieved, then we retrieve all suspected users from Tabu active list.
The intelligence of searching in our case is the Tabu list should be stored temporarily. This means if the Tabu move reaches to the end of file in Tabu list, it automatically deletes the contents from memory having stored the solution list and report list before moving to next taboo(move) in the problem instance.