Securing e Government Public Key Infrastructure. Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology. Outline. Security Requirements. Symmetric Key Cryptosystem. Asymmetric (Public) Key Cryptosystem. Over View of Digital Signature.
Prof Dr Mohamed Kouta
Chairman Of MIS Department
Arab Academy For Science And Technology
Poly alphabetic Cipher
Consider a key length = 4
Key = BAND
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Plain Text M= E BUS INES S
B AND BAND B
Cipher Text E(M)= G CIW KOSW U
Signer’s Private Key
Remember, a digital signature involves services provided by Certificate Authority (CA)
Verifying the Digital Signaturefor Authentication and Integrity
And so does the process of verifying the validity of a digital signature
Sender’s Private Signature Key
© Prentice Hall, 2000
Sender’s Public Signature Key
© Prentice Hall, 2000
Each certificate contains the
public-key of a user and is signed
with the private-key of a trusted
Certificate management cycle
for key linked with LIR ID
Certificate is included
in the Certificate Revocation List (CRL)
Request a certificate
Send browser form
Send public key
CA never sees the private key
Some time later the user wants to revoke the certificate…
Issues Digital Certificates
Response for Digital Certificate (DC) request
Contains a database for DC and Certificate Revocation List
Handles DC exchange.
A statement of Practices that CA employs in issuing DC.
The citizen (Applicant A) provides his National Security Number Card (NSN) to one of the Service Provider (SP).
SP sends the NSN information to the CA.
CA checks for Applicant already has a DC or revoked with RA.
If A is applying first time, CA asks for authorization from AA.
AA responses for CA.
CA asks A to generate his keys pair.
The Two pairs are generated inside the applicant smart Token.
The public Key is sent to the CA.
The CA generates and sends the DC back to the applicant Token.
The token is trained for the applicant finger print.
2 check validity
1 S wants to communicate with R
Sender (S)Pre Session Stage
1- Selecting the message M to be sent from the sender PC
2- According to the Hashing Algorithm (HA) stored in the
SPC , M will be hashed and the message digest (MD)
will be generated.
3- The message digest MD is transferred from the SPC to
the sender Smart Token (SST).
6- Using a random number generator (RNG), a session
key (SK) will be generated inside the SPC.
7- Encrypting M+SDS+SDC using symmetric key
encryption algorithm SKEA and Sk as encryption key
and call it the encrypted signed message (ESM).
8- Extracting the receiver public key (RPUK) from the
RDC available in the SCL.
9- Encrypt the SK with RPUK using PKUK to create Digital
Envelop (DE) send ESM+DE.
4- Using public key cryptographic
algorithm (PKCA) ,the MD is
encrypted with the sender
private key (SPRK) to get the
sender digital signature (SDS).
5- The SDS+ a copy from the
sender digital certificate (SDC)
are sent back to the SPC.
ESM + DE
Encrypted Signed message (ESM)
Encrypted session key
By receiver public key (DE)
Sender sideThird Process
is Decryptedby the
RPRK to get the
session key SK.
3- Send SK back to the
1-DE is sent to the receiver smart
4- By the SK the message will be Decrypted
using the same SKEA Now we have :
M+ SDS + SDC.
5- The SDC received from CA is compared
with SDC received from the sender to
assure its validity. If its valid the procedure
continue , aborted otherwise.
6- Decrypt the SDS by the sender public key
SPUK contained in the SDC to get MD. Call
8- Using M generate a message digest MD
using the same HA. Call it MD2.
7- Compare the two digests MD1 and MD2. If
MD1 and MD2 are identical then message
accepted otherwise the message is
ESM + DE
1- RSA Encryption/decryption Algorithm.
2- USB Interface.
3- Biometric sensor.
4- Image processing.
5- Feature extraction & recognition.
USB including power supply
Token Block Diagram
Processing and result storage
Certificate contain Public Key
Finger print of the owner
RSA En /Dec Algorithm
& Key Generation
Feature extraction & recognition
SMART TOKEN BLOCK
Ridge ending and ridge bifurcation.
• The presence of undesired spikes and breaks present in a thinned ridge map may lead to many spurious minutiae being detected.
• Therefore, before the minutiae detection, a smoothing procedure is applied to remove spikes and to join broken ridges.
Alignment of the input ridge and the template ridge
(a) input minutiae set
(b) template minutiae set
(d) matching result where template minutiae and their correspondences are connected by green lines.
(c) alignment result based on the minutiae marked with green circles
Note: It is up to the application to deploy the smart token.