Authentication with smartcards and fingerprints
Download
1 / 24

Authentication with Smartcards and Fingerprints - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

Authentication with Smartcards and Fingerprints. Himanshu Khurana Joe Muggli NCSA, UIUC March 30, 2006. Outline. Introduction Smartcards Biometrics: fingerprints Illinois Terrorism Task Force (ITTF) Project Interactive Demonstration. Authentication Goals. Basic Goal

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Authentication with Smartcards and Fingerprints' - daniel_millan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Authentication with smartcards and fingerprints

Authentication with Smartcards and Fingerprints

Himanshu Khurana

Joe Muggli

NCSA, UIUC

March 30, 2006


Outline
Outline

  • Introduction

  • Smartcards

  • Biometrics: fingerprints

  • Illinois Terrorism Task Force (ITTF) Project

  • Interactive Demonstration


Authentication goals
Authentication Goals

  • Basic Goal

    • Verify the unique identity of the requestor

  • Additional goals in a networked world

    • Prevent leak of secrets

    • Prevent replay attacks

    • Global scalability

    • Offline operation capability

    • High assurance


Passwords are not enough
Passwords are not enough

  • Basic Goal

    • Verify the unique identity of the requestor

  • Additional goals in a networked world

    • Prevent leak of secrets

    • Prevent replay attacks

    • Global scalability

    • Offline operation capability

    • High assurance

X

X

  • Passwords are vulnerable to

  • dictionary attacks

  • theft

  • collusion attacks (users can

  • share passwords)

X


Solution multi factor authentication
Solution: Multi-factor Authentication

  • Multi-factor authentication: combination of

    • What you know; e.g., passwords, PINs

    • What you have; e.g., OTP tokens, smartcards

    • What you are (biometrics); e.g., fingerprints, iris scans, face recognition

  • Typically two-factor authentication is used; e.g.,

    • PIN + Card (e.g. ATMs)

    • Password + One-time-password (OTP) token

    • Fingerprint + Smartcard


Public key infrastructure pki
Public-Key Infrastructure (PKI)

  • Public Key Cryptography

    • Sign with private key,

      verify signature with public key

    • Encrypt with public key, decrypt with private key

  • Key Distribution

    • Who does a public key belong to?

    • Certification Authority (CA) verifies user’s identity and signs certificate

    • Certificate is a document that binds the user’s identity to a public key

  • Authentication

    • Signature [ h ( random, … ) ]

Issuer: CA

Subject: CA

signs

Issuer: CA

Subject: Jim

Source: Jim Basney’s MyProxy presentation


Authentication with digital signatures

Signed Nonce

Hash

Verif. key PKA

Match?

Dec

Authentication with Digital Signatures

Request

Bob

Alice

Nonce

Signing key SKA

Nonce

Hash

Enc


Authentication with smartcards and pki
Authentication with Smartcards and PKI

  • Unlike passwords private keys cannot be remembered (typically, 1024 bits)

  • File based storage provides weak security and no mobility

  • Smartcards provide secure, tamper-resistant storage with mobility

    • Less easily shared than passwords

    • Drawbacks: card cost, readers


Smartcards
Smartcards

  • CPU: 8, 16, 32 bit

  • ROM: ~ 1 - 32kb

  • RAM: ~ Several kb

  • EEPROM: ~ 16 - 64 kb

  • Programming

  • Java

  • .Net

  • Various levels of memory access control

    • Protected Memory holds secrets and is accessible

    • only to the cryptoprocessor


Example authentication with smartcards
Example Authentication with Smartcards

Unlocked by

a PIN

Source: Dang et al., AINA’05


Security concerns and authentication goals
Security Concerns and Authentication Goals

  • High assurance

    • Smartcards and PINs can get lost, be stolen, or shared

    • A Solution: combine biometrics with smartcards

Source: Renaudin et al., Design, Automation and Test in Europe Conference and Exhibition, 2004


Biometrics fingerprints
Biometrics: Fingerprints

  • Uniquely refers to an individual using biometric identifiers

  • Pattern recognition system

    • Enrollment captures digital representation (template) of biometric identifier

    • Recognition captures characteristics and matches against template

  • Ideal properties: universal, unique, permanent, collectable

  • Practical properties: performance, acceptability, resistance to circumvention

  • Examples: Face recognition, fingerprints, iris scans, retinal scans, hand geometry, etc.


Minutiae based fingerprint recognition
Minutiae Based Fingerprint Recognition

  • Digital image of fingerprint contain features

    • Ridge bifurcations and endings

    • Called Minutiae

  • Minutiae features represented using location (x,y) and direction 

    • Set of measurements forms template

  • Matching attempts to calculate degree of similarity taking into account

    • Rotation, elastic distortion, sensor noise, etc.

    • Never 100%: false acceptance rate and false rejection rate


Combining fingerprints and smartcards for authentication
Combining Fingerprints and Smartcards for Authentication

  • Replace PINs with fingerprint verification

    • Store template on card

    • Match provided fingerprint on card

      • Reader extracts minutiae features

  • Security and privacy advantages

    • Match-on-card leverages smartcard as trusted computing platform

    • Match-on-card requires no additional trusted entity

      • Mimics PIN verification

    • Template stored on card as opposed to accessible database


Ittf credentialing project
ITTF Credentialing Project*

  • Goal: provide trustworthy identification at secure incident perimeter

  • Requirements: credential based, offline operation, unique identification, counterfeit resistance

  • Approach: smartcard and fingerprint based authentication

* Work done with Jim Basney; Partner Institutions: Illinois State Police, Entrust, U. of Chicago


Ittf background
ITTF Background

  • Provide trustworthy identification of response team members at secure incident perimeter - Fire, EMT, Police, HazMat, Techs, etc.

  • Two factor authentication in the field

  • Offline operation, web portals for registration and authentication

  • Highly usable but also resistant to counterfeiting

  • Prototype not production unit


Featured technologies
Featured Technologies

  • State of Illinois PKI Certificate Authority

  • Web interfaced central authentication service – Entrust GetAccess™ & TruePass™

  • MatchOnCard™ fingerprint templates on smartcards – Precise Biometrics

  • Role based authentication


Credentialing portal roles
Credentialing Portal Roles

  • Team Member

  • Team Leader

  • Card Distributor

  • Credential Review Committee Member

  • Administrator

    One Responder Can Have Multiple Roles


Credentialing portal architecture

Firewall

Open Ports:

SSL 443,9443

SMTP 25

LDAP 389

SQL*Net 1521

PKIX-CMP 829

Entrust 710,

50000,50001

+

Web Server

MS IIS with

Entrust Modules

Credentialing Portal Architecture

Registration

Station

Illinois

Internal

Network

Entrust Servers:

GetAccess

SelfAdmin

TruePass+Portal

IBM Websphere

Internet

ITTF

Database

Oracle 10g

Internet

State of

Illinois PKI

Field

Station


Ittf registration procedure
ITTF Registration Procedure

1. User Logs Into Registration Portal, Edits Record

2. Team Leader Logs In, Approves Team Member

3. Smartcard Produced & Shipped to Card Distributor

4. Card Distributor Meets User, Confirms Identity

5. User Logs Into Portal Using SC & Level I Digital ID

6. Logging In Upgrades Digital ID To Level III

7. User Authenticates to Smartcard Using The

Pre-loaded Fingerprint Template

8. Level IV Digital Certificate Created On User’s SC

9. Portal Date Stamps & Activates Smartcard

10. User Tests Credential Functionality

Registration

Portal Station

Prerequisites

  • Demographic Information

  • Team Membership

  • Portrait

  • Fingerprint Scan

  • Criminal History Review

  • State of Illinois PKI

    Level I Digital ID


Field authentication tasks
Field Authentication Tasks

Windows

Laptop

Pre-event: Team Leader Downloads Updated

Team Member and Certificate Revocation Lists

Event: Using SC & FP Team Leader & Members

Log Into Portal, SC Time & Event Stamped

Post-Event: Team Leader and Members Log

Out Using SC & FP, SC Time Stamped;

Team Leader Uploads Log To ITTF Web Portal

Data

Uplink

+

Windows CE

Handheld


Ncsa pki lab demo
NCSA PKI Lab Demo

  • Windows 2003 Server - Domain Controller & CA

  • Windows XP Clients

  • Safenet (formerly DataKey)

    No Boundaries Login Software &

    Biometric Enabled Smartcards

  • Precise Biometrics Fingerprint & Smartcard Readers

Wireless Network

Registration

Station

Login Test

Station

NCSA PKI Lab

Domain CA


Fingerprint scanning hints
Fingerprint Scanning Hints

  • Don’t Point – Touch the 2 Dots

  • Use the Fleshy Middle of the Fingertip

  • Don’t Drag or Move

  • Place Your Finger Down

  • Like Patting a Dog

    One Time & Only One Finger


Authentication with smartcards and fingerprints1
Authentication with Smartcards and Fingerprints

Any Questions??

http://www.ncassr.org/

http://www.ncsa.uiuc.edu/Projects/cybertechnologies.html#security

http://pkilab.ncsa.uiuc.edu

Himanshu [email protected]

Joe [email protected]


ad