Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Secure Email System Based on Fingerprint Authentication Scheme Author : Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu.

Published byWinfred Terry Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A Secure Email System Based on Fingerprint Authentication Scheme Author : Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu."— Presentation transcript:

1 1 A Secure Email System Based on Fingerprint Authentication Scheme Author : Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu Date : 2008-03-04

2 2

3 3 Outline Introduction Fingerprint Authentication Scheme Implementation Manipulation Security Analysis Conclusion References

4 4 Introduction Inherent shortcoming and flaw of PKI –Certificates are not easily located –There need strict online requirement –Validating policy is time-consuming and difficult to administer –Certificates leak data and users must pre- enroll

5 5 Inherent shortcoming and flaw of IBE –It is difficult in prove self-identity to Trust Authority (TA) and authenticate email sender’s identity.

6 6 This paper proposes a new secure email system based on a fingerprint authentication scheme which combines fingerprint authentication technology with IBE scheme.

7 7 Fingerprint Authentication Scheme Setup Encryption Decryption Verification

8 8 Setup TA initializes a secure area Constructs a supersingular elliptic curve satisfying Weil Diffie-Hellman (WDH) TA chooses three secrets s,u,v

9 9 Encryption Step1 –Usb-key A authenticates A Step2 –Usb-key A generates A’s signature FPS A Step3 –Obtains authentication data AUTH A Step4 –CIPH 1 = Enc AB +Hash(Enc AB )+AUTH A +r ‧ P

10 10 Decryption When receiving the email from A, B computes the session key K AB with his private K AB of identifier and uses K AB to decrypt Enc AB to get M.

11 11 Verification When B wants to verify A's identity, TA provides online identity authentication service. Receiving AUTH A sent from B, TA first encrypts it and obtains A's onsite fingerprint summary b A, then verifies the signature FPS A by verification function Ver.

12 12 If Ver is true, TA matches b A with the registered fingerprint summary b A stored in database by function FPM. TA returns the matching result to B after encryption and signature. Finally, B verifies A's identity.

13 13 Implementation TA Email-client

14 14 TA

15 15 User registration Step1 –generate b A Step2 –TA enrolls A’s identifier : ID A Step3 –TA computes A’s fingerprint certificate C A Step4 –TA computes A’s Q FP-A and D FP-A Step5 –TA writes the public params { P,P T-pub, P pub P online, H, H1, H2, Sig } and A's personal params { D FP-A,,C A, R A, b A } into Usb-key A, and handsover into A.

16 16 Usb-key We integrate fingerprint sensor and USB token into one device called Usb-key. The Usb-key is able to capture and process fingerprint image. There is an independent time Besides, it also contains fingerprint summary matching algorithm and Identity-Based Signature algorithm (Sig and Ver ), and be able to be protected against duplication of private key of fingerprint.

17 17 Online Secret-key distribution Step1(B→TA) –CIPH 2 =C pri +Hash(C pri )+c . P Step2 –Use Ver and FPM to authenticate B’s identity Step3(TA→B) –CIPH 3 =C back +Hash(C back ) Step4 –B obtains his private key of identifier from TA

18 18 Online Identity authentication B sends A's authentication data to TA. TA authenticates A's identity and returns matching result to B.

19 19 Online Identifier update Assume B wants to update his identifier, he could apply to TA online for relevant service. B computes C pri which also contains B's new string. Then B sends CIPH 2 to TA. After authenticating B's identity, TA provides update service requested by B.

20 20 TA recomputes B's identifier and fingerprint certificate, encrypts them with the session key and obtains C update, then returns CIPH 4 to B where CIPH 4 = C update +Hash(C update ) B takes new idetifier and figerprint certificate instead of in Usb-key B

21 21 Email-client Local login authentication Encryption and decryption Intercommunication with Usb-key Intercommunication with TA

22 22 Intercommunication with TA Private key of identifier distribution Email sender’s identity authentication Identifier update

23 23 Manipulation Step1 Step2 Step3 Step4 Step5 Step6

24 24 Security Analysis C pretends B to ask TA for B’s private key of identifier Cpretends A to send an email to B B pretends A to send email to other users like D or TA

25 25 C pretends B to ask TA for B’s private key of identifier user C

26 26 C pretends A to send an email to B user C

27 27 B pretends A to send email to other users like D or TA user C

28 28 Conclusion In the system, we user Usb-key to keep secret data and help completing relevant encryption process. Usb-key can only be used by its legitimate owner. Thus the system successfully combines cryptographic key with legitimate users.

29 29 References http://ieeexplore.ieee.org/xpl/RecentCon.js p?punumber=4258655http://ieeexplore.ieee.org/xpl/RecentCon.js p?punumber=4258655 http://zh.wikipedia.org/wiki/Wiki

Download ppt "1 A Secure Email System Based on Fingerprint Authentication Scheme Author : Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
SCSC 455 Computer Security

SCSC 455 Computer Security
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:

Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:
Security Management.

Security Management.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google