Upload
aiko-stark
View
29
Download
3
Embed Size (px)
DESCRIPTION
A flexible biometrics remote user authentication scheme. Authors: Chu-Hsing Lin and Yi-Yi Lai. Sources: Computer Standards & Interfaces, 27(1),. pp.19-23, 2004. Adviser: Min-Shiang Hwang. Speaker: Chun-Ta Li ( 李俊達 ). Outline. Introduction The Lee-Ryu-Yoo scheme - PowerPoint PPT Presentation
Citation preview
A flexible biometrics remote A flexible biometrics remote user authentication schemeuser authentication scheme
Authors:Authors: Chu-Hsing Lin and Yi-Yi LaiChu-Hsing Lin and Yi-Yi LaiSources:Sources: Computer Standards & Interfaces, 27(1),Computer Standards & Interfaces, 27(1),
pp.19-23, 2004.pp.19-23, 2004.Adviser:Adviser: Min-Shiang HwangMin-Shiang HwangSpeaker:Speaker: Chun-Ta Li (Chun-Ta Li ( 李俊達李俊達 ))
2
OutlineOutline
• IntroductionIntroduction
• The Lee-Ryu-Yoo schemeThe Lee-Ryu-Yoo scheme
• Cryptanalysis of the Lee-Ryu-Yoo schemeCryptanalysis of the Lee-Ryu-Yoo scheme
• The proposed schemeThe proposed scheme
• ConclusionsConclusions
• CommentsComments
3
IntroductionIntroduction• Remote password authentication – [Lamport, 1981]Remote password authentication – [Lamport, 1981]
– Insecure channelInsecure channel– User authentication (identity & password)User authentication (identity & password)
• Remote password authentication scheme using smaRemote password authentication scheme using smart cards – [Hwang and Li, 2000]rt cards – [Hwang and Li, 2000]– Based on ElGamal’s cryptosystemBased on ElGamal’s cryptosystem– Only one secret key without password tableOnly one secret key without password table
4
Introduction (cont.)Introduction (cont.)• Biometrics remote user authentication scheme using smarBiometrics remote user authentication scheme using smar
t cards – [Lee t cards – [Lee et alet al., 2002]., 2002]– Based on ElGamal’s cryptosystem (two secret keys)Based on ElGamal’s cryptosystem (two secret keys)
– Smart card owner’s fingerprintSmart card owner’s fingerprint• Minutiae extraction – [Bae Minutiae extraction – [Bae et al.et al., 2000], 2000]
• Matching – [Ratha Matching – [Ratha et al.et al., 1996], 1996]
• Lin and Lai point out their scheme is vulnerable to masquLin and Lai point out their scheme is vulnerable to masquerade attackerade attack
• Lin and Lai propose a flexible scheme (change password)Lin and Lai propose a flexible scheme (change password)
5
The Lee-Ryu-Yoo schemeThe Lee-Ryu-Yoo scheme• Three phases in the Lee-Ryu-Yoo schemeThree phases in the Lee-Ryu-Yoo scheme
– Registration phase Registration phase (U(Uii offers offers IDIDii and and fingerprint of Ufingerprint of Uii))
– Login phase Login phase (U(Uii inserts inserts smart cardsmart card and offers and offers IDIDii, , PWPWii and and fingerprfingerprint of Uint of Uii) – ) – fingerprint verificationfingerprint verification [Jain [Jain et al.et al. 1999] 1999]
1.1. Generate Generate rr using minutiae extracted from the imprint fingerprint using minutiae extracted from the imprint fingerprint
2.2. Compute CCompute C1 1 = (ID= (IDii))rr mod P mod P
3.3. Compute t = f(T PW⊕Compute t = f(T PW⊕ ii) mod (P-1)) mod (P-1)
4.4. Compute M = (IDCompute M = (IDii))tt mod P mod P
5.5. Compute CCompute C22 = M(PW = M(PWii))rr mod P mod P
6.6. Send the message C = (IDSend the message C = (IDii, C, C11, C, C22, T) to the remote system, T) to the remote system
PIDID
PIDPW
SKii
SKii
mod)(
mod)(
1
2
Smart card:Smart card: f(.), P and Ui’s fingerprint data
Secure channelSecure channel
6
The Lee-Ryu-Yoo scheme (cont.)The Lee-Ryu-Yoo scheme (cont.)– Authentication phaseAuthentication phase
1.1. The system check the validity of IDThe system check the validity of ID ii
2.2. If (T` If (T` ﹣﹣T) T) >> △ △ T, rejects the login requestT, rejects the login request3.3. The system check the validity of equation as follows:The system check the validity of equation as follows:
CC22(C(C11SK2SK2))-1-1 mod P = (ID mod P = (IDii))
SK1*f(T PW⊕SK1*f(T PW⊕ii))
== M(PWM(PWii))r r * (1/(ID* (1/(IDiirr))SK2SK2) mod P ) mod P
= (ID= (IDii))tt(ID(IDii)) SK2*r SK2*r * (1/ID* (1/IDi i r*SK1*SK2r*SK1*SK2) mod P) mod P
= (ID= (IDii))SK1*f(T PW⊕SK1*f(T PW⊕
ii) ) * ID* IDii
SK1*SK2*rSK1*SK2*r / ID / IDi i r*SK1*SK2r*SK1*SK2 mod P mod P
??
7
Cryptanalysis of the Lee-Ryu-Yoo schemeCryptanalysis of the Lee-Ryu-Yoo scheme
• A legal user UA legal user Uii (owns a pair of ID (owns a pair of IDii and PW and PWi i ))
• UUii wants to masquerade another pair of valid (ID wants to masquerade another pair of valid (IDdd, PW, PWdd) withou) withou
t knowing the two secret keys SK1 and Sk2t knowing the two secret keys SK1 and Sk2– UUii computes ID computes IDdd = ID = IDii
qq mod P mod P
– UUii computes PW computes PWdd = (ID = (IDdd))SK1*SK2SK1*SK2 mod Pmod P
= (ID= (IDiiqq mod P) mod P)SK1*SK2SK1*SK2 mod P mod P
= (ID= (IDiiqq))SK1*SK2SK1*SK2 mod P mod P
= (ID= (IDiiSK1*SK2SK1*SK2 mod P) mod P)qq mod P mod P
= (PW= (PWii))qq mod P mod P
8
The proposed schemeThe proposed scheme• Three phases in Lin-Lai schemeThree phases in Lin-Lai scheme
– Registration phaseRegistration phase (U (Uii offers offers IDIDii, , PWPWii and and fingerprint of Ufingerprint of Uii))1.1. Compute PWCompute PWii` = h(PW` = h(PWii S⊕S⊕ ii), where S), where Sii denotes U denotes Uii’s minutiae template’s minutiae template
2.2. Compute YCompute Yii = (ID = (IDii
Xs Xs mod P) PW⊕mod P) PW⊕ ii`, where Xs denotes the secret key kep`, where Xs denotes the secret key kep
t securely in the systemt securely in the system
− Login phaseLogin phase (U(Uii inserts inserts smart cardsmart card, imprint the , imprint the fingerprifingerprintnt and offers and offers PWPWii) – ) – fingerprint verification [Jain fingerprint verification [Jain et al.et al. 1999]1999]
Smart cardSmart card: h(.), P, Yi, Si and IDi
9
The proposed scheme (cont.)The proposed scheme (cont.)– Login phaseLogin phase
1.1. Generate Generate rr using minutiae extracted from the impr using minutiae extracted from the imprint fingerprintint fingerprint
2.2. Compute PWCompute PWii”” = h(PW= h(PWi i S⊕S⊕ ii ) mod P) mod P
3.3. Compute YCompute Yii` = Y` = Yii PW⊕PW⊕ ii” ”
4.4. Compute CCompute C11 = (ID = (IDii))rr mod P mod P
5.5. Compute M = h(YCompute M = h(Yii` T) mod P⊕` T) mod P⊕6.6. Compute CCompute C22 = M(Y = M(Yii`)`)rr mod P mod P
7.7. Send the message C = (IDSend the message C = (IDii, C, C11, C, C22, T) to the remot, T) to the remote systeme system
10
The proposed scheme (cont.)The proposed scheme (cont.)– Authentication phaseAuthentication phase
1.1. The system check the validity of IDThe system check the validity of IDii
2.2. If (T` If (T` ﹣﹣T) T) >> △ △ T, rejects the login requestT, rejects the login request
3.3. The system check the validity of equation as follows:The system check the validity of equation as follows:
CC22(C(C11
XsXs))
-1-1 mod P = h((ID mod P = h((IDii
Xs Xs mod P) T) mod P⊕mod P) T) mod P⊕
??
= h(Yh(Yii h(PW⊕ h(PW⊕ ii S⊕S⊕ ii) T)*(Y⊕) T)*(Y⊕ i i h(PW⊕h(PW⊕ ii S⊕S⊕ ii))))r r ** (1/(ID(1/(IDii))rXsrXs)) mod Pmod P
= h(((IDh(((IDii
XsXs mod P) h(PW⊕ mod P) h(PW⊕ ii S⊕S⊕ ii)) h(PW⊕)) h(PW⊕ ii S⊕S⊕ ii) T)*(((ID⊕) T)*(((ID⊕ ii
XsXs mod P) h(PW⊕ mod P) h(PW⊕ ii S⊕S⊕ ii))))
h(PW⊕h(PW⊕ ii S⊕S⊕ ii))))r r /(ID/(IDii))rXsrXs mod Pmod P
11
The proposed scheme (cont.)The proposed scheme (cont.)– Change password Change password (U(Uii imprint his imprint his fingerprintfingerprint, pass , pass fingfing
erprint verificationerprint verification, inputs old password , inputs old password PWPWii and the n and the n
ew password ew password PWPWii**))
1.1. Compute PWCompute PWii” = h(PW” = h(PWii S⊕ S⊕ ii) mod P) mod P
2.2. Compute YCompute Yii`̀ = Y= Yi i PW⊕ PW⊕ ii” = ID” = IDiiXsXs mod P mod P
3.3. Compute new YCompute new Yii* = Y* = Yii` h(PW⊕` h(PW⊕ ii* S⊕* S⊕ ii))
4.4. Replace the old YReplace the old Yii with the new Y with the new Yii* on the smart card* on the smart card
12
ConclusionsConclusions• Presented a cryptanalysis of the Lee-Ryu-YPresented a cryptanalysis of the Lee-Ryu-Y
oo schemeoo scheme
• Proposed an improved and flexible scheme Proposed an improved and flexible scheme that allows user to change their password that allows user to change their password
• Needs only to maintain one secret key, withNeeds only to maintain one secret key, without password tables and identity tablesout password tables and identity tables
13
CommentsComments• Biometric keyBiometric key
password-based authenticationpassword-based authentication
fingerprint-based authenticationfingerprint-based authentication
14
Comments (cont.)Comments (cont.)
• Biometric-based security applicationsBiometric-based security applications
Biometric Biometric characteristicscharacteristics
Network Network environmentsenvironments
Information Information securitysecurity
• Key authenticationKey authentication
• Conference keyConference key
• Key hierarchyKey hierarchy
• E-VotingE-Voting
……
• InternetInternet
• Distributed networkDistributed network
• Mobile networkMobile network
… …