1 A Secure Email System Based on Fingerprint Authentication Scheme Author ： Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu.

Slides:

Advertisements

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Advertisements

AUTHENTICATION AND KEY DISTRIBUTION

SCSC 455 Computer Security

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Digital Certificate Installation & User Guide For Class-2 Certificates.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Public Key Management and X.509 Certificates

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

1 Identity-Based Encryption form the Weil Pairing Author ： Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date ：

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:

Security Management.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Authentication Approaches over Internet Jia Li

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Identity Based Encryption Debdeep Mukhopadhyay Associate Professor Dept of Computer Sc and Engg, IIT Kharagpur.

Brian Padalino Sammy Lin Arnold Perez Helen Chen

An Efficient Identity-based Cryptosystem for

Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.

Cryptography, Authentication and Digital Signatures

Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)

James Higdon, Sameer Sherwani

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Overview of Key Establishment Techniques: Key Distribution, Key Agreement and PKI Wade Trappe.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Computer Science CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Public Key Encryption.

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

DIGITAL SIGNATURE.

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Fall 2006CS 395: Computer Security1 Key Management.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

Lecture 14 Public Key Cryptography and RSA. Summary principles of public-key cryptography principles of public-key cryptography RSA algorithm, implementation,

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Key management issues in PGP

Authentication.

PKI (Public Key Infrastructure)

Presentation transcript:

1 A Secure System Based on Fingerprint Authentication Scheme Author ： Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu Date ：

2

3 Outline Introduction Fingerprint Authentication Scheme Implementation Manipulation Security Analysis Conclusion References

4 Introduction Inherent shortcoming and flaw of PKI –Certificates are not easily located –There need strict online requirement –Validating policy is time-consuming and difficult to administer –Certificates leak data and users must pre- enroll

5 Inherent shortcoming and flaw of IBE –It is difficult in prove self-identity to Trust Authority (TA) and authenticate sender’s identity.

6 This paper proposes a new secure system based on a fingerprint authentication scheme which combines fingerprint authentication technology with IBE scheme.

7 Fingerprint Authentication Scheme Setup Encryption Decryption Verification

8 Setup TA initializes a secure area Constructs a supersingular elliptic curve satisfying Weil Diffie-Hellman (WDH) TA chooses three secrets s,u,v

9 Encryption Step1 –Usb-key A authenticates A Step2 –Usb-key A generates A’s signature FPS A Step3 –Obtains authentication data AUTH A Step4 –CIPH 1 = Enc AB +Hash(Enc AB )+AUTH A +r ‧ P

10 Decryption When receiving the from A, B computes the session key K AB with his private K AB of identifier and uses K AB to decrypt Enc AB to get M.

11 Verification When B wants to verify A's identity, TA provides online identity authentication service. Receiving AUTH A sent from B, TA first encrypts it and obtains A's onsite fingerprint summary b A, then verifies the signature FPS A by verification function Ver.

12 If Ver is true, TA matches b A with the registered fingerprint summary b A stored in database by function FPM. TA returns the matching result to B after encryption and signature. Finally, B verifies A's identity.

13 Implementation TA -client

14 TA

15 User registration Step1 –generate b A Step2 –TA enrolls A’s identifier ： ID A Step3 –TA computes A’s fingerprint certificate C A Step4 –TA computes A’s Q FP-A and D FP-A Step5 –TA writes the public params { P,P T-pub, P pub P online, H, H1, H2, Sig } and A's personal params { D FP-A,,C A, R A, b A } into Usb-key A, and handsover into A.

16 Usb-key We integrate fingerprint sensor and USB token into one device called Usb-key. The Usb-key is able to capture and process fingerprint image. There is an independent time Besides, it also contains fingerprint summary matching algorithm and Identity-Based Signature algorithm (Sig and Ver ), and be able to be protected against duplication of private key of fingerprint.

17 Online Secret-key distribution Step1(B→TA) –CIPH 2 =C pri +Hash(C pri )+c ． P Step2 –Use Ver and FPM to authenticate B’s identity Step3(TA→B) –CIPH 3 =C back +Hash(C back ) Step4 –B obtains his private key of identifier from TA

18 Online Identity authentication B sends A's authentication data to TA. TA authenticates A's identity and returns matching result to B.

19 Online Identifier update Assume B wants to update his identifier, he could apply to TA online for relevant service. B computes C pri which also contains B's new string. Then B sends CIPH 2 to TA. After authenticating B's identity, TA provides update service requested by B.

20 TA recomputes B's identifier and fingerprint certificate, encrypts them with the session key and obtains C update, then returns CIPH 4 to B where CIPH 4 = C update +Hash(C update ) B takes new idetifier and figerprint certificate instead of in Usb-key B

21 -client Local login authentication Encryption and decryption Intercommunication with Usb-key Intercommunication with TA

22 Intercommunication with TA Private key of identifier distribution sender’s identity authentication Identifier update

23 Manipulation Step1 Step2 Step3 Step4 Step5 Step6

24 Security Analysis C pretends B to ask TA for B’s private key of identifier Cpretends A to send an to B B pretends A to send to other users like D or TA

25 C pretends B to ask TA for B’s private key of identifier user C

26 C pretends A to send an to B user C

27 B pretends A to send to other users like D or TA user C

28 Conclusion In the system, we user Usb-key to keep secret data and help completing relevant encryption process. Usb-key can only be used by its legitimate owner. Thus the system successfully combines cryptographic key with legitimate users.

29 References p?punumber= http://ieeexplore.ieee.org/xpl/RecentCon.js p?punumber=