Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420413 | P a g eMobile SMS Banking Security Using Elliptic CurveCryptosystem In Binary FieldProf.Avinash Wadhe, Miss Namrata A.SableG.H Raisoni College Of engineering & Management, Amravati(MS)SummaryOver the past many years several leading banks inIndia have launched SMS banking services. However,the security of mobile SMS payment and banking hastopped the list of concerns for most of the customers.In this paper the security loopholes in SMS bankingand propose a system to make mobile SMS bankingsecure using Elliptic Curve Cryptosystem(ECC) inbinary field is investigated. Also, another aim is todesign an API to implement ECC algorithm.Key words:SMS, Elliptic Curve, Digital Signature, ECCBanking Module.I. IntroductionMobile SMS banking is a term used forperforming balance checks, account transactions,payments etc. via a mobile device such as a mobile phone.SMS banking is a new and modern service rendered bymost banks in India.The Mobile SMS banking system isbased on the exchange of SMS messages betweencustomers and the bank. Mobile banking today is mostoften performed via SMS. Mobile usage has seen anexplosive growth in India. The main reason that MobileSMS Banking scores over Internet Banking is that itenables „Anywhere Banking. Customers now dont needaccess to a computer terminal to access their banks, theycan now do so on the go – when they are waiting for theirbus to work, when they are traveling or when they arewaiting for their orders to come through in a restaurant.There are two methods of SMS banking services widelyused today; they are the push and pull SMS messages.Push SMS message is the message that the banksends out to a customers mobile phone, without thecustomer initiating a request for the information. Anexample of push message could be a withrawal alert ( SBIbank, India), which alerts the user when a withrawal ismade from his account.Pull SMS message is a request initiated by thecustomer, using a mobile phone, for obtaininginformation or performing a transaction in the bankaccount.This is a full duplex communication systemwhere a user sends a request to the bank and the bankreplies with theinformation sought by the user. An example of pull SMSmessage is an account balance enquiry made by a user.The other way to categorize the mobile SMSbanking services, by the nature of the service, gives us twokinds of services – Enquiry based and Transaction based.So a request for your bank statement is an enquiry basedservice and a request for your fund transfer to some otheraccount is a transaction based service. Transaction basedservices are also differentiated from enquiry based servicesin the sense that they require additional security across thechannel from the mobile phone to the banks data servers.Based upon the above classifications, the followingtaxonomy of the services listed below can be arrived at.Table 1: Mobile SMS banking serviceclassificationPush Based Pull BasedBased->Fund Transfer->Bill PaymentTransaction->Other financialservicelike shared trading>Credit/DebitAlerts. ->Account BalanceEnquiry->MinimumBalanceAlerts ->Account StatementBasedEnquiry->Bill PaymentAlertEnquiry->Cheque StatusEnquiry->Cheque BookRequests->Recent transactionhistory
Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420414 | P a g eII. The Need for SMS bankingWith the rapid growth in the number of mobilephone users in India banks have been exploring thefeasibility of using mobile phones as an alternativemedium of delivery of banking services. Moreover, theReserved Bank of India(RBI) has acknowledged Banks asan important partner in offering mobile services in India asit always has issues on someone other than bank collectingmoney from the public. But due to the nature ofconnectivity between bank and its customers ,it would beimpractical to expect customers to regularly visit banks orconnect to the bank‟s web site for regular business likebalance check or account transfer. With mobile SMSbanking , users can now conveniently carry out bankingtransactions 24hrs a day .This is because a user has accessto his mobile phone all day, at all times, hence the needfor SMS banking.III. How SMS worksThe Short Message Service (SMS) is a GSMtechnology that allows exchange of text messages up to160 characters among mobile phones through the shortmessage service Center (SMSC) of the particular networkoperator. The relative ease of the use of SMS makes it themost wanted means of communication among mobileusers.SMS uses the GSM special signaling channelinstead of voice channel and is therefore a very cheap andreliable media channel. The SMSC receives the messagefrom the mobile device and routes it to the destinationdevice. The operation of SMSC is offered as a service bymany service providers. The SMS processing computersusually run on corporate servers that are connected to theSMS network through specialized routers and gatewaysconnected to the SMS centers of the mobile operators.These servers are assigned short numbers usually 3 to 6digits long. These numbers are operator specific.IV. Security Problems with SMSThe initial idea for SMS usage was intended forthe subscribers to send non-sensitive text messages acrossthe open GSM network. Mutual authentications, textencryptions, end-to-end security, non-repudiation andmany security concerns for SMS were omitted during thedesign of GSM architecture. The only encryption involvedduring transmission is the encryption between the basetransceiver station and the mobile station. End-to-endencryption is currently not available. The encryptionalgorithm used is A5 which is proven to be vulnerable.Therefore, a more secure algorithm is needed.V. Analysis of the Traditional Mobile SMSBanking SystemIn compliance with the directive of the ReservedBank of India, presently, customers have to walk in to thebank to submit the registration form by giving their mobilenumber, account number and transaction details. Thepresence of the customer in the bank is required. Eachcustomer is given a 4-digit number for authentication (mayvary bank to bank) . The customer can receive his accountbalance and transactions only when the request is receivedfrom the mobile number registered with the bank and dulyauthenticated by the 4-digit number. The mobile numberand the 4-digit number serve as a User ID and passwordfor authentication. The 4-digit code number has thereforeto be kept confidential. Data carried across the mobilenetwork are protected by the standard GSM securityprotocols at the communication layer. The subscriberidentity is also protected across this chain. But the risk intransporting data across the GSM channel may be found inthe number of stops the data make before reaching thebank as shown in the block diagram in figure 2. Acustomer would initiate a transaction by sending SMS tothe bank using the bank‟s SMS short code as a terminatingaddress. The SMS would be automatically stored on thehandset and be available to anyone that looks at thecustomer‟s phone. The SMS would then pass through theencrypted GSM channel, through the base stations andterminate at the mobile network operator, where it istypically stored unencrypted. Unlike the fix linecommunication, data being carried across the mobilenetwork jumps from one base station to the next, whichmeans that the chain of encrypted communication betweenthe customer and the bank is broken. As can be seen , thereare many points of exposure. So, current mobile bankingservices offered by banks are not secure enough to protectconfidential data.Figure 2: Mobile SMS Banking ArchitectureVI. The Proposed System-ECC BankingModuleAfter a thorough study of the above traditionalsystem, a system that would provide security at thesatisfaction of the customers is proposed. This system iscalled the ECC Banking module. This ECC Banking
Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420415 | P a g emodule receives the text messages from the clients/banksand processes them and sends the output back to thebanks/users as and when required. This ECC Bankingmodule provides secure data encryption and decryptionusing public key cryptography .The technology isperfectly secure and GPRS is not mandatory. Not manyphone users in India subscribes to GPRS and even fewerhave phones that can support GPRS. Around 70 percentof the 350 million handset connections in India arewithout GPRS . Due to lack of GPRS connectivity, secureSMS based applications will be prominent in the mobilebanking. The block diagram for the new system is givenin figure 3.Figure 3:Proposed Mobile SMS Banking ArchitectureThe silent features of the new system are enumeratedbelow:-(i) A strong cryptographic technology called the EllipticCurve Cryptography, instead of traditional RSA, is used.We use public and private keys for encryption /decryptionpurpose. A quick discussion on Elliptic CurveCryptography is given in the next section.(ii) Two ECC Banking modules, one in the handsetand another in the bank, are used.(iii) A Digital signature using ECC technology mayoptionally be used in each module to provide messageauthentication, message integrity and non-repudiation.Mobile SMS banking in India does not provide these.The ECC Banking module in the handset is oneof the design issues in this very proposed system and isaddressed here. One solution proposed in this paper is tohouse the ECC Banking module as a SIM ApplicationToolkit(SAT) . The SAT is standard of the GSM systemwhich enables the SIM to initiate actions which can beused for various services. The SAT consists of a set ofcommands programmed into the SIM card, which defineshow the SIM should interact directly with the outsideworld and initiates commands independently of thehandset and the network. This enables the SIM to build upan interactive exchange between a network applicationand the end user, and access or control access to thenetwork. The STK has been deployed by many mobileoperators around the world for many applications. Thechallenge in SIM based applications is getting theapplication onto a SIM card that already exists in themarket. The service provider has the option of sendingthe application Over The Air (OTA), which entails thedelivery of several encrypted SMS messages that self-configure the application on the SIM, or, provisioning anew SIM card with the application already embeddedwithin the SIM. The latter has an economic impact onthe network operator and the existing customer wouldhave to obtain a new SIM card in order to use theapplication. Once the ECC Banking module is on theSIM, message from the customers can be encrypted, andtransported by SMS to the service provider or bank. Abenefit of SIM Based Applications is the ability of thenetwork operator or bank to own a piece of the realestate on the SIM Card.Another option to house the ECC Bankingmodule is in the handset itself. New handset can comewith pre-built ECC Banking module. Existing handsetsmay be reprogrammed to house the ECC Bankingmodule.VII. Cryptography with Elliptic CurvesFor those unfamiliar with the basic theory ofelliptic curves, this paper discusses a brief introduction tothis field; more complete introductions appear in, forexample, Silverman , Koblitz, and TiborJuhas[ 2007].In 1985 Victor Miller, who was then at IBM,and Neil Koblitz from the university of Washington firstintroduced the Elliptic Curve Public Key Cryptographysystem, a method based on the Discrete Logarithmicproblem over the points on an elliptic curve. Theprincipal attraction of ECC compared to RSA is that itoffers equal security for a far smaller key size, therebyreducing processing overhead. The ECC has receivedconsiderable attention from mathematicians around theworld, and no significant breakthroughs have been madein weaknesses in the algorithm.An elliptic curve is the set of equations of the formy2= x3+ax+b (1)ory2+xy = x3+ax2+b (2ory2+y = x3+ax+b (3)where x and y are variables, a and b are constants.However, these values are not necessarily real numbers;instead they may be values from any field. Forcryptography purposes we always use a finite fieldVIII. Elliptic curve over a Galois fieldUsing the real numbers for cryptography have alot of problem as it is very difficult to store them
Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420416 | P a g eprecisely in computer memory and predict how muchstorage will be needed for them. The difficulty can besolved by using Galois fields. In a Galois field, thenumber of elements is finite. Since the number ofelements if finite, we can find a unique representation foreach of them, which allows us to store and handle theelements in an efficient way. Galois showed that thenumber of elements in a Galois field is always a positiveprime power, pnand is denoted by GF(pn). Two specialGalois fields are standard for use in Elliptic Curvecryptography. They are GF(p) when n=1 and GF(2n) whenp=2.IX. Elliptic curve over a GF(2n)Let us look at the elliptic curve over GF(2n).Thatmeans our constants are either polynomial or normal basisnumbers. It also means we cannot use the elliptic equationwhich we used for real numbers. The mathematicians tellus that we need to use either this versiony2+xy = x3+ax2+b (5)or this versiony2+y = x3+ax+b (6)Note that the value of x,y,a, and b are polynomialsrepresenting n-bit words.Mathematicians say that the second form above,equation (6), is called a “supersingular” curve. Theseforms have the advantage that they can be computedquickly. However, being a special class of curves, theyhave some very special properties. These properties makesupersingular curves unsuitable for cryptography. Thecurves of equation (5) are Called “nonsupersingular”. Tilldate, no method of attack is known to be less than fullyexponential in time. Curves of this form are excellent forcryptographic applications. One must be careful inchoosing the coefficients to get maximum benefit ofsecurity. A poor choice can create a curve that is easier forthe cryptanalysis to attack.For equation (5) to be valid, b must never be zero.However, a can be zero.The rules for adding two points in GF(2n) is slightlydifferent from the rules for GF(p).1.If P=(x1,y1) , Q=(x2,y2), -PQ,PQ, ThenR(x3,y3)=P+Q can be computed as=(y2+y1)/(x2+x1)x3=2++x1+x2+ay3=(x1+x3)+ x3+ y12. If P=Q, then R(x3,y3)=P+P (or R=2P) can becomputed as=y1/x1+x1 x3=2++ay3=(+1)x3+ x12The multiplication by –1 converts P to –P by adding x tothe y coordinate of P i,e the negative of P=(x,y) gives –P=(x,x+y).X. ECC Encryption/DecryptionSeveral methods have been used to encrypt anddecrypt using elliptic curves. This paper describes amethod based on the simulation of the EIGamelcryptosystem using an elliptic curve over GF(2n). Thefollowing are the steps involved in the process.12.1 Generating public and private keys1. Bob chooses E(a,b) with an elliptic curve overGF(2n).2. Bob chooses a generator point, e1(x1,y1) on thecurve.3. Bob chooses an integer d.4. Bob calculates e2(x2,y2)=dxe1(x1,y1).Multiplication here means multiple additions of points.5. Bob announces E(a,b),e1(x1,y1) and e2(x2,y2) ashis public key; he keeps d as his private key.12.2 Representation of message as elliptic curvepointLet us assume that si is an integer in F(2m) andsi+y=x3+ax2+b. The probability that si=x3+ax+b is asquare n is ½. Let r is an integer so that a failure rate 1/2ris acceptable when trying to encode a message as a point.The method can be defined as follows:1. Express the message as number m, m≥0, suchthat m x r <n .2. Assume xi=mxr+i for i Є [0,r] and computesi+y=xi3+ax2i+b until we get si(n-1)/2=n.3. Compute the 2 power n of si as yi.4. The point P=(xi,yi) is the representation of themessage.12.3 EncryptionAlice selects P, a point on the curve, as her plaintext,P. She then calculates a pair of points on the text asciphertexts:C1=rxe1 C2=P+r x e2We may wonder how an arbitrary plaintextcan be a point on the elliptic curve. This is one of thechallenging issues in the use of the elliptic curve forsimulation. Alice needs to use an algorithm to find a one-to-one correspondence between a block of text and thepoints on the curve.12.4 Decryption12.5 Representaation of elliptical curve point as
Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420417 | P a g emessage1. Compute m=[xi/r].2. Convert m into messageDigital signatureWe are all familiar with the concept of asignature. We sign a document to show that it originatedfrom us or was approved by us. The signature is the proofto the recipient that the document comes from the correctsender.A conventional signature is included in thedocument itself; it is a part of the document. When wesign a cheque, the signature is on the cheque; it is not aseparate document; on the other hand, when we sign adocument digitally, we send the signature as a separatedocument. The sender sends two documents; the messageand the signature. The recipient receives both documentsand verifies that signature is of the sender.It is to be noted there is a distinction betweenprivate and public keys as used in digital signature andpublic and private keys as used in cryptosystem. In acryptosystem, we use the private and public keys of therecipient; in a digital signature, we use the private andpublic keys of the sender.I consider here the elliptic curve digitalsignaturescheme, which is a digital signature algorithm (DSA)based on elliptic curves. This scheme sometimes isreferred to as ECDSA (elliptic curve DSA). The ECDSAconsists of the following three steps:1) Key generation2) Signing3) Verifying13.1 Key GenerationKey generation follows these steps:1. Alice chooses and elliptic curve E(2n)(a,b)with n is a integer length at most n bit2. Alice chooses another integer of length n bits isq to be used in the calculation.3. Alice chooses an integer d as the private key.4. Alice chooses a point e1 on the curve.5. Alice calculates e2 = d x e1 as another point onthe curve.6. Alice‟s public key is (a, b, n, q, e1, e2) and herprivate key is d.13.2 SigningThe signing process consists mainly of choosinga secret random number, creating a third point onthe curve, calculating two signatures. Andsending the message and the signatures.1. Alice chooses a secret random number rbetween 1 and q-1.2. Alice selects a third point on the curve,P(u,v)=rxe1.3. Alice uses the first coordinates of P(u,v) tocalculate the first signature S1. This meansS1=u+y.4. Alice uses the digest of the message, herprivate key, and the secret random number r, and the S1 tocalculate the second signature S2=(h(M)+dxS1)r-1+y.5. Alice sends M, S1, S2.13.3 VerifyingThe verification process consists mainly of-reconstructing the third point and verifying that the firstcoordinate is equivalent to S1 in 2 power of n. The thirdpoint was created by the signer using the secret randomnumber r. The verifier does not have this value. He needsto make the third point from the message digest, S1 and S2.1. Bob uses M, S1, and S2 to create two intermediateresults, A and B:A = h(M) S2-1+y and B = S2-1S1+y.Bob then reconstructs the thirdpoint T(x,y) =A x e1 + B xe2.2. Bob uses the first coordinate of T(x, y) to verify themessage. If x = S1 mod q, the signature is verified;XI. Development of APIThere is the question about where the encryptiongear should be located. There are two approaches: linkencryption and end-to-end encryption. With linkencryption, each vulnerable communications link isequipped on both ends with an encryption device. Thus, alltraffic over all communication links is secured. One of itsdisadvantages is that the message must be decrypted eachtime it enters a switch because the switch must read theaddress in the message header in order to route the data.Thus, the message is exposed at each switch. This isundesirable in our Mobile SMS banking.With end-to-end encryption, the encryptionprocess is carried out at the two end systems. The data inencrypted form are transmitted unaltered across thenetwork to the destination terminal. Thus the end-to-endencryption relieves the customers of concerns about thedegree of security of networks. Thus, end-to-endencryption makes user data secure.
Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420418 | P a g eH1 H2 H3 DATA TEncrypted PortionFigure 5. Network Layer Encryption. In this case, data andmore headers are encrypted. Here H1, H2 and H3 areheaders and T is trailer.H1 H2 H3 DATA TEncrypted PortionFigure 6. Transport Layer Encryption. In this case, dataand less headers are encrypted. Here H1, H2 and H3 areheaders and T is trailer.H1 H2 H3 DATA TEncrypted PortionFigure 7. Application Layer Encryption. In this case, onlydata portion is encrypted. Here H1, H2 and H3 areheaders and T is trailer.An interesting way of viewing the encryptionalternatives as given in the above figures is that as wemove up to theAPI layers, less information is encrypted butit is more secure.For end-to-end encryption, several choices arepossible for the placement of the encryptionis at the application layer. . We can place it in the networklayer or transport layer. The user data portion and someheaders of all frames are encrypted. See figures 5 and 6given above. However, if the message passes through anode or gateway, the line connection is terminated and anew connection is opened for the next hop or node. Thus,encrypted data (our message + some headers) aredecrypted at the gateway. Before transmission to the nextnode, it is again encrypted. So, our data are not secure atthe intermediate nodes like gateways.For application that has a store-and-forwardcapacity, the only place to achieve end-to-end encryptionis at the application layer. A drawback of application layerencryption is that the number of entities increasesconsiderably. A network that supports hundreds of hostsmay support many users and processes. So, many moresecret keys need to be generated and distributed.With application level encryption, only the user dataportion of a segment is encrypted. See figure 7 givenabove. The headers are all clear and visible. So, nodecryption and encryption of data take place at theintermediate nodes or gateways. Thus, our data are stillsecure at the intermediate nodes. For this reason it isdesirable to create an API that implements encryption anddecryption at the application layer. As the model suggests,the ECC API is intended to be used in the application layerto automatically encrypt/decrypt all data that flows to orfrom the lower layers.Figure 8: Where the API fits in the overall networrkXII. Security of ECCThe security of ECC depends on the difficulty ofElliptic Curve Discrete Logarithmic Problem. Let P and Qbe any two points on an elliptic curve such that kP=Q,where k is a scalar. Then the Elliptic Curve DiscreteLogarithmic Problem is to determine k given P and Q. It isApplicationLayerTransportLayerNetworkLayerOtherLayerECCAPI
Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420419 | P a g erelatively easy to calculate Q given k and P,but it is veryhard to determine k given Q and P. As an example considerthe group E23(9,17),defined by the elliptic curve equationy2(mod 23) =(x3+9x+17) mod 23. What is the discretelogarithm k of Q=(4,5) to the base P=(16,5)? The brute-force method is to compute multiples of P until Q is found.Thus,P=(16,5); 2P=(20,20);3P=(14,14); 4P=(19,20);5P=(13,10) ; 6P=(7,3) ;7P=(8,7) ; 9P=(4,5).Because 9P=(4,5)=Q, the discrete logarithm ofQ=(4,5) to the base P=(16,5) is k=9. In a real application, kwould be so large as to make the brute-force methodinfeasible.XIII. Easier calculationAnother aspect which distinguishes elliptic curvecryptosystem from other cryptosystem (say RSA) is theeasier calculations required for producing thecryptographic parameters. Therefore, elliptic curvecryptosystem better fits for implementations on deviceswith reduced resources such as mobile phones.XIV. Advantages and Limitations of MobileSMS banking.17.1 Advantages:(i) Mobile SMS Banking can be done from any GSMhandset as all GSM handsets support SMS.(ii) Mobile SMS Banking saves a lot of customers‟time as they need not go to banks for enjoyingtransactions.(iii) Relatively, Mobile SMS Banking reduces costs asthe cost of sending an SMS is very cheap.(iv) Mobile SMS Banking makes a lot ofconveniences to the customers as they canperform transaction anywhere and anytime.17.2 Limitations:(i) An SMS message may consist of a maximum of160 characters. This is one of the limitations inMobile SMS Banking.19. Future WorkIn the course of this work, I identified areas that areneeded to carry out our future work. Area like theplacement of the ECC Banking module in the SIMs orhandsets needs future work for proper implementation.(ii) The SMS is a store-and-forward based system. So,it does not guarantee delivery of messages.(iii) Some locations may not have network coverageresulting in the unavailability of Mobile SMSBanking(iv) Most SIM cards have limited space (about 32Kb)hence low function.XV. ConclusionThis paper studied Mobile SMS banking securityby means of elliptic curve cryptographic technique.Approaches based solely on data encryption provide asecurity that depends on the place encryption/decryption isactually performed. As the security of the proposed systemis very hard , it is very clear that the proposed Mobile SMSBanking will dominate banking sector in India. It has beenmentioned in many literatures that a considerably smallerkey size can be used for ECC compared to RSA. Alsomathematical calculations required by elliptic curvecryptosystem are easier, hence, require a low calculationpower. Therefore ECC is a more appropriate cryptosystemto be used on small devices like mobile phones.I have also developed an API that implements ECC,allowing it to be used in banking sectors.References Silverman,The arithmetic of elliptic curves, InGraduate Texts in Mathematics, vol.106,1986 N. Koblitz, Elliptic Curve Cryptosystems,Mathematics of computation, No.48,1987,203-209. Tibor Juhas,The Use of Elliptic Curves inCryptography, MasterThesis,Universityof Tromso,2007. T. EIGamal,A public key cryptosystem and asignature scheme based on discretelogarithms,IEEE Transactions on InformationTheory, Vol.31,1985 N.P. Smart,The Discrete logarithm Problem onElliptic curves of Trace One, Journal ofCryptology, Vol.12,1999 Stalling W,Cryptography and NetworkSecurity,Prentice-Hall, 2001. Stalling W.cryptography and network securityPrentice-Hall, 2001. Kumanduri and Romero, Number Theory andComputer Applications, Prentice- Hall, 2001. A. Lenstra and E. Verheul, Selecting Cryptographickey size,Journal of kryptography 14 ,2001,255-293. IEEE P1363, Standard Specifications for Public-Key Cryptography, Institute of Electrical andElectronics Engineers 2000. Blake,Seroussi, and Smart, Elliptic Curves inCryptography,Cambridge University Press,1999.
Prof.Avinash Wadhe, Miss Namrata A.Sable / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.413-420420 | P a g eProf. Avinash P. Wadhe:Received the B.E from SGBAU Amravatiuniversity and M-Tech (CSE) From G.HRaisoni College of Engineering, Nagpur(an Autonomous Institute). He is Currentlyan Assistant Professor with the G.HRaisoni College of Engineering and Management,AmravatiSGBAU Amravati university. His research interest includeNetwork Security , Data mining and Fuzzy system .He hascontributed to more than 20 research paper. He had awardedwith young investigator award in international conference.Namrata Sable received the B.E. fromRTMNU, Nagpur university and pursuing ME(CSE) fromG. H. Raisoni College Of Engineering & Management,Amravati.Her Research interest include Network Security ,Data mining and Fuzzy system .He has contributed to morethan 20 research paper. He had awarded with younginvestigator award in international conference.