1 / 17

FIT3105 Crypto-based identification

FIT3105 Crypto-based identification. Lecture 6. Outline. The importance of crypto-based identification. Secret key crypto based identification. Public key crypto based identification. Performance of crypto-based identification. Challenges of crypto-based identification.

erich-francis
Télécharger la présentation

FIT3105 Crypto-based identification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FIT3105Crypto-based identification Lecture 6

  2. Outline • The importance of crypto-based identification. • Secret key crypto based identification. • Public key crypto based identification. • Performance of crypto-based identification. • Challenges of crypto-based identification. FIT3105 - Security and Identity Management

  3. The need for crypto-based identification • Smart cards and biometrics can be useful for authenticating and identifying people but not very efficient for computer components. • Crypto based methods can be used for authenticating and identifying any entity’s representation which can be digitally stored and processed. • your car • your laptop • your mobile phone • your MP3 player • A program • A computer component FIT3105 - Security and Identity Management

  4. The importance of crypto-based identification • Cryptography can be used to identify most entities including users. However, there are limitations. • It can be used to identify most hardware and software components effectively: • a digital certificate can be used to identify a web server. • a digital certificate can be used to identify a client software contacting a server for sensitive information. • a shared secret key can be used to identify a client or server of a client/server application. FIT3105 - Security and Identity Management

  5. The importance of crypto-based identification systems • It can be used to identify other servers by an authentication server effectively: • An authentication shares secret keys with other servers and can identify other servers by the shared secret keys. • A good example is the Kerberos authentication systems. • A MAC address and secret key can be combined to identify a client computer. FIT3105 - Security and Identity Management

  6. Identification using certificates (e.g) Client Server ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data * Indicates optional or situation-dependent messages that are not always sent. FIT3105 - Security and Identity Management Borrowed from rft2246

  7. Advanced techniques for identification with shared secret keys. • A key distribution centre is created which contains all registered entities that want to identify each other before communicating with each other. • Each entity is given a unique secret key which can be used to communicate with the key distribution centre. • The ID of an entity is its secret key and its personal detail, eg. MAC address, name and address of the person, date and time or a universal number associated with the entity that was created. FIT3105 - Security and Identity Management

  8. Identification with shared secret key – more examples • A smart card can be used to store the key as the id of a person. • A software package’s details are associated with a secrete key as its id. • Details of a piece of hardware/(hybrid h/s) such as product number can be associated with a secret key and the result is its id. This approach can be used to identify: • A router • A firewall • A VPN • A computer network user with her/his personal details can be combined with a secret key and the combination is her/his id. FIT3105 - Security and Identity Management

  9. Can one identify another using shared secret key based approach? • If A wants to identify B and via versus using only shared secret key crypto system. • Is it possible? • How many messages need to be exchanged between A and B and the key distribution centre? • Is it a reliable process? FIT3105 - Security and Identity Management

  10. Advantages and disadvantages of shared secret key identification • Disadvantages: • Key distribution can be a problem without relying on public key system for the distribution. • How can we distribute all the keys to users securely? • Not reliable in associating people with keys. • Keys can be stolen and people can be misidentified because the system identifies people by their key. • Advantages: • Simple to set up and maintain. • Easy to update and extend. • Fast in processing and retrieving. FIT3105 - Security and Identity Management

  11. The advantages and disadvantages in using digital certificates for identification • Advantages • Non-repudiation. • Widely accepted by government organizations and industries. • Well researched and easily verified • Disadvantages • Suffer a similar problem as secret key method when associating a certificate to a person. The system identifies a person by his/her certificate and this can be incorrect even his/her certificate is valid. • Who is the reliable CA? • When dealing with court cases and national identification, certificate method is arguable. FIT3105 - Security and Identity Management

  12. Hybrid approach of crypto-based and smart card based identification • Smart cards can be used to store secret keys or certificates for identification. • Useful for identifying non-human entities and in some human cases. • Smart cards can be used to carry encrypted personal information for identification. • Useful for identifying people. • Smart cards can also be used to carry some data for generating keys which are used to identify an entity. • Useful for users’ initial identification before the complete identification. FIT3105 - Security and Identity Management

  13. Hybrid approach of crypto-based and biometric based identification • A strong identification system may employ different methods separately for each case or combine two or more methods to provide better identification: • Smart cards carrying biometric and cryptographic information. • Biometric information is used to create unique crypto information such as secret keys or hash values for identification. FIT3105 - Security and Identity Management

  14. Challenges of crypto-based identification • There are many challenges to the crypto-based identification method and some of them are: • Association of a key to a user. • Should a new version of a software package be given a new key? • Should hardware upgrade or maintenance affect the identification of the hardware? • key distribution and loss when dealing with secret keys or question of a reliable CA when dealing with certificates. FIT3105 - Security and Identity Management

  15. Research in crypto-based identification • Unique number generated by an individual • Research focuses on the method that maps collected data such as biometric features into a unique number that can identify an entity (e.g one-way hash functions). The method has t be fast, accurate and reliable. • Combine the number (a key or a hash value) with other data to uniquely identify that person • Research to provide accurate techniques for combining more than one form of data to achieve reliable identification. • Combined data must be unique, accurate and easy to collect. • How to quickly collect data such as biometrics? • How to combine biometrics with cryptography for identification accurately? FIT3105 - Security and Identity Management

  16. Research in crypto-based identification • A good method for identifying entities must be extremely difficult to forge or tampered (many existing methods are easy to be forged or tampered). • Cryptography can be strong but by itself is not a reliable method to identify people. • Biometric method is not always reliable. • Combination of both methods is useful but not always possible. • It must be non-repudiation. • Secret key method for identification is not always non-repudiation. • Using digital certificates is a more effective way but it is not always a preferable method for identifying people. FIT3105 - Security and Identity Management

  17. Other Research related to crypto-based identification • The advancement of nano-technology and its support in identification. • A tiny chip carrying personal details embedded in human’s body. • Chips can be used to collect unique feature(s) of human being. • Special devices for reading human features quickly and accurately. • The advancement of real time video and face recognition technology is needed. • The emergence of human brain reading using computer technology should be looked at. FIT3105 - Security and Identity Management

More Related