1 / 1

Emir Habul (0613713) Supervisor: Assoc. Prof. Dr. Sheroz Khan

APPLICATION OF SMART CARD TECHNOLOGY FOR AUTHENTICATION. Emir Habul (0613713) Supervisor: Assoc. Prof. Dr. Sheroz Khan. Faculty of Engineering, International Islamic University Malaysia, PO BOX 10, Kuala Lumpur, 50728, Malaysia Phone: 03-6196-4557, Fax: 03-6196-4455.

geraldine-aguirre
Télécharger la présentation

Emir Habul (0613713) Supervisor: Assoc. Prof. Dr. Sheroz Khan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APPLICATION OF SMART CARD TECHNOLOGY FOR AUTHENTICATION Emir Habul (0613713) Supervisor: Assoc. Prof. Dr. Sheroz Khan Faculty of Engineering, International Islamic University Malaysia, PO BOX 10, Kuala Lumpur, 50728, Malaysia Phone: 03-6196-4557, Fax: 03-6196-4455 Distributed Authentication Systems A distributed system consists of multiple autonomous nodes that communicate through a computer network. Properties of distributed systems are given by a CAP theorem (Figure 2): Abstract – In this project, I discuss the importance of authentication, and influence of cryptography to authentication using smart cards. Various existing schemes are examined and for their reliability and resistance to attacks and tampering. Authentication protocol analyzed and improved to fix existing vulnerability. New approach proposing a use of geometric approach in distributed authentication systems. Explored the development and testing environment for Java card 3. Results include a working software implemented in Python and Java card programming languages; performance indicators such are graphs and primitive count are given; and analysis for resistance to attacks of tampering, replay, denial-of-service, etc. Introduction Smart cards have been used all over the world in a variety of applications. Their use to convey subscription and identification information for GMS cellular telephones is widespread, as is their use also includes actions to convey account information for credit, debit, and cash services. Aims and Objectives In this project, plan is to perform a comprehensive study of authentication protocols for smart cards, in order to determine their strengths and weaknesses. Goals of this project are: • explain the theory behind the authentication protocols; • develop and simulate applications implementing those protocols; • explore their strengths and weaknesses; • implement a reliable and efficient protocol. Remote log-in Authentication Scheme based on Geometric Approach Based on simple geometric properties on the Euclidean plane, Wu (1995) proposed an efficient smart card oriented remote log-in authentication scheme. • Chien-Jan-Tseng (2001) made an improvement to withstand forgery attack • Ku, Chen, Chang and Hwang (2005) significant improvement against offline password guessing, they also described the password change procedure • I have given an improvement to withstand replay attack in Distributed systems. Figure 2. CAP theorem in Distributed systems Geometric approach allows for Available and Consistent Registration of users in distributed authentication systems, and Available and Partition tolerant Login phase in Distributed Authentication Systems, also Available and Consistent Password change in Distributed Authentication Systems. Replay attack During login phase server will issue a timing sequence T, in Distributed Authentication Systems this presents an opportunity for replay attacks if timers of two servers are synchronizes (Figure 3). Figure 3. Possible distant replay attach in distributed systems Proposed improvement Server will generate a random binary string S and new value of T is given (1) (1) Results and conclusion Improved authentication protocol is implemented in Python and time measurement in shown in Figures 4 and 5. It shows that time complexity is polynomial (linear) in number of bits on the other hand, key space is increasing exponentially. Geometric approach has very good properties (Requires no verification table, password is not revealed to the server or CA, only requires hardware for modular multiplication and not exponentiation). I used MASH-1 hashing algorithm based on modular arithmetic instead of regular SHA-1 to reduce cost of hardware. Geometric approach is applicable for Authentication in Distributed Systems. Replay attack in Distributed systems can be blocked by including additional binary string in servers. Figure 1. Illustration of login phase in geometric approach Figure 4. Login time for different sizes (bits) of keys Figure 5. Registration time for different sizes (bits) of keys

More Related