authentication with smartcards and fingerprints n.
Download
Skip this Video
Download Presentation
Authentication with Smartcards and Fingerprints

Loading in 2 Seconds...

play fullscreen
1 / 24

Authentication with Smartcards and Fingerprints - PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on

Authentication with Smartcards and Fingerprints. Himanshu Khurana Joe Muggli NCSA, UIUC March 30, 2006. Outline. Introduction Smartcards Biometrics: fingerprints Illinois Terrorism Task Force (ITTF) Project Interactive Demonstration. Authentication Goals. Basic Goal

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Authentication with Smartcards and Fingerprints' - daniel_millan


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
authentication with smartcards and fingerprints

Authentication with Smartcards and Fingerprints

Himanshu Khurana

Joe Muggli

NCSA, UIUC

March 30, 2006

outline
Outline
  • Introduction
  • Smartcards
  • Biometrics: fingerprints
  • Illinois Terrorism Task Force (ITTF) Project
  • Interactive Demonstration
authentication goals
Authentication Goals
  • Basic Goal
    • Verify the unique identity of the requestor
  • Additional goals in a networked world
    • Prevent leak of secrets
    • Prevent replay attacks
    • Global scalability
    • Offline operation capability
    • High assurance
passwords are not enough
Passwords are not enough
  • Basic Goal
    • Verify the unique identity of the requestor
  • Additional goals in a networked world
    • Prevent leak of secrets
    • Prevent replay attacks
    • Global scalability
    • Offline operation capability
    • High assurance

X

X

  • Passwords are vulnerable to
  • dictionary attacks
  • theft
  • collusion attacks (users can
  • share passwords)

X

solution multi factor authentication
Solution: Multi-factor Authentication
  • Multi-factor authentication: combination of
    • What you know; e.g., passwords, PINs
    • What you have; e.g., OTP tokens, smartcards
    • What you are (biometrics); e.g., fingerprints, iris scans, face recognition
  • Typically two-factor authentication is used; e.g.,
    • PIN + Card (e.g. ATMs)
    • Password + One-time-password (OTP) token
    • Fingerprint + Smartcard
public key infrastructure pki
Public-Key Infrastructure (PKI)
  • Public Key Cryptography
    • Sign with private key,

verify signature with public key

    • Encrypt with public key, decrypt with private key
  • Key Distribution
    • Who does a public key belong to?
    • Certification Authority (CA) verifies user’s identity and signs certificate
    • Certificate is a document that binds the user’s identity to a public key
  • Authentication
    • Signature [ h ( random, … ) ]

Issuer: CA

Subject: CA

signs

Issuer: CA

Subject: Jim

Source: Jim Basney’s MyProxy presentation

authentication with digital signatures

Signed Nonce

Hash

Verif. key PKA

Match?

Dec

Authentication with Digital Signatures

Request

Bob

Alice

Nonce

Signing key SKA

Nonce

Hash

Enc

authentication with smartcards and pki
Authentication with Smartcards and PKI
  • Unlike passwords private keys cannot be remembered (typically, 1024 bits)
  • File based storage provides weak security and no mobility
  • Smartcards provide secure, tamper-resistant storage with mobility
    • Less easily shared than passwords
    • Drawbacks: card cost, readers
smartcards
Smartcards
  • CPU: 8, 16, 32 bit
  • ROM: ~ 1 - 32kb
  • RAM: ~ Several kb
  • EEPROM: ~ 16 - 64 kb
  • Programming
  • Java
  • .Net
  • Various levels of memory access control
    • Protected Memory holds secrets and is accessible
    • only to the cryptoprocessor
example authentication with smartcards
Example Authentication with Smartcards

Unlocked by

a PIN

Source: Dang et al., AINA’05

security concerns and authentication goals
Security Concerns and Authentication Goals
  • High assurance
    • Smartcards and PINs can get lost, be stolen, or shared
    • A Solution: combine biometrics with smartcards

Source: Renaudin et al., Design, Automation and Test in Europe Conference and Exhibition, 2004

biometrics fingerprints
Biometrics: Fingerprints
  • Uniquely refers to an individual using biometric identifiers
  • Pattern recognition system
    • Enrollment captures digital representation (template) of biometric identifier
    • Recognition captures characteristics and matches against template
  • Ideal properties: universal, unique, permanent, collectable
  • Practical properties: performance, acceptability, resistance to circumvention
  • Examples: Face recognition, fingerprints, iris scans, retinal scans, hand geometry, etc.
minutiae based fingerprint recognition
Minutiae Based Fingerprint Recognition
  • Digital image of fingerprint contain features
    • Ridge bifurcations and endings
    • Called Minutiae
  • Minutiae features represented using location (x,y) and direction 
    • Set of measurements forms template
  • Matching attempts to calculate degree of similarity taking into account
    • Rotation, elastic distortion, sensor noise, etc.
    • Never 100%: false acceptance rate and false rejection rate
combining fingerprints and smartcards for authentication
Combining Fingerprints and Smartcards for Authentication
  • Replace PINs with fingerprint verification
    • Store template on card
    • Match provided fingerprint on card
      • Reader extracts minutiae features
  • Security and privacy advantages
    • Match-on-card leverages smartcard as trusted computing platform
    • Match-on-card requires no additional trusted entity
      • Mimics PIN verification
    • Template stored on card as opposed to accessible database
ittf credentialing project
ITTF Credentialing Project*
  • Goal: provide trustworthy identification at secure incident perimeter
  • Requirements: credential based, offline operation, unique identification, counterfeit resistance
  • Approach: smartcard and fingerprint based authentication

* Work done with Jim Basney; Partner Institutions: Illinois State Police, Entrust, U. of Chicago

ittf background
ITTF Background
  • Provide trustworthy identification of response team members at secure incident perimeter - Fire, EMT, Police, HazMat, Techs, etc.
  • Two factor authentication in the field
  • Offline operation, web portals for registration and authentication
  • Highly usable but also resistant to counterfeiting
  • Prototype not production unit
featured technologies
Featured Technologies
  • State of Illinois PKI Certificate Authority
  • Web interfaced central authentication service – Entrust GetAccess™ & TruePass™
  • MatchOnCard™ fingerprint templates on smartcards – Precise Biometrics
  • Role based authentication
credentialing portal roles
Credentialing Portal Roles
  • Team Member
  • Team Leader
  • Card Distributor
  • Credential Review Committee Member
  • Administrator

One Responder Can Have Multiple Roles

credentialing portal architecture

Firewall

Open Ports:

SSL 443,9443

SMTP 25

LDAP 389

SQL*Net 1521

PKIX-CMP 829

Entrust 710,

50000,50001

+

Web Server

MS IIS with

Entrust Modules

Credentialing Portal Architecture

Registration

Station

Illinois

Internal

Network

Entrust Servers:

GetAccess

SelfAdmin

TruePass+Portal

IBM Websphere

Internet

ITTF

Database

Oracle 10g

Internet

State of

Illinois PKI

Field

Station

ittf registration procedure
ITTF Registration Procedure

1. User Logs Into Registration Portal, Edits Record

2. Team Leader Logs In, Approves Team Member

3. Smartcard Produced & Shipped to Card Distributor

4. Card Distributor Meets User, Confirms Identity

5. User Logs Into Portal Using SC & Level I Digital ID

6. Logging In Upgrades Digital ID To Level III

7. User Authenticates to Smartcard Using The

Pre-loaded Fingerprint Template

8. Level IV Digital Certificate Created On User’s SC

9. Portal Date Stamps & Activates Smartcard

10. User Tests Credential Functionality

Registration

Portal Station

Prerequisites

  • Demographic Information
  • Team Membership
  • Portrait
  • Fingerprint Scan
  • Criminal History Review
  • State of Illinois PKI

Level I Digital ID

field authentication tasks
Field Authentication Tasks

Windows

Laptop

Pre-event: Team Leader Downloads Updated

Team Member and Certificate Revocation Lists

Event: Using SC & FP Team Leader & Members

Log Into Portal, SC Time & Event Stamped

Post-Event: Team Leader and Members Log

Out Using SC & FP, SC Time Stamped;

Team Leader Uploads Log To ITTF Web Portal

Data

Uplink

+

Windows CE

Handheld

ncsa pki lab demo
NCSA PKI Lab Demo
  • Windows 2003 Server - Domain Controller & CA
  • Windows XP Clients
  • Safenet (formerly DataKey)

No Boundaries Login Software &

Biometric Enabled Smartcards

  • Precise Biometrics Fingerprint & Smartcard Readers

Wireless Network

Registration

Station

Login Test

Station

NCSA PKI Lab

Domain CA

fingerprint scanning hints
Fingerprint Scanning Hints
  • Don’t Point – Touch the 2 Dots
  • Use the Fleshy Middle of the Fingertip
  • Don’t Drag or Move
  • Place Your Finger Down
  • Like Patting a Dog

One Time & Only One Finger

authentication with smartcards and fingerprints1
Authentication with Smartcards and Fingerprints

Any Questions??

http://www.ncassr.org/

http://www.ncsa.uiuc.edu/Projects/cybertechnologies.html#security

http://pkilab.ncsa.uiuc.edu

Himanshu Khuranahkhurana@ncsa.uiuc.edu

Joe Mugglijmuggli@ncsa.uiuc.edu