1 / 29

A Secure Email System Based on Fingerprint Authentication Scheme

A Secure Email System Based on Fingerprint Authentication Scheme. Author : Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu Date : 2008-03-04. Outline. Introduction Fingerprint Authentication Scheme Implementation Manipulation

thor
Télécharger la présentation

A Secure Email System Based on Fingerprint Authentication Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Secure Email System Based on Fingerprint Authentication Scheme Author:Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu Date:2008-03-04

  2. Outline • Introduction • Fingerprint Authentication Scheme • Implementation • Manipulation • Security Analysis • Conclusion • References

  3. Introduction • Inherent shortcoming and flaw of PKI • Certificates are not easily located • There need strict online requirement • Validating policy is time-consuming and difficult to administer • Certificates leak data and users must pre-enroll

  4. Inherent shortcoming and flaw of IBE • It is difficult in prove self-identity to Trust Authority (TA) and authenticate email sender’s identity.

  5. This paper proposes a new secure email system based on a fingerprint authentication scheme which combines fingerprint authentication technology with IBE scheme.

  6. Fingerprint Authentication Scheme • Setup • Encryption • Decryption • Verification

  7. Setup • TA initializes a secure area • Constructs a supersingular elliptic curve satisfying Weil Diffie-Hellman (WDH) • TA chooses three secrets s,u,v

  8. Encryption • Step1 • Usb-keyA authenticates A • Step2 • Usb-keyA generates A’s signature FPSA • Step3 • Obtains authentication data AUTHA • Step4 • CIPH1 = EncAB+Hash(EncAB)+AUTHA+r‧P

  9. Decryption • When receiving the email from A, B computes the session key KAB with his private KAB of identifier and uses KAB to decrypt EncAB to get M.

  10. Verification • When B wants to verify A's identity, TA provides online identity authentication service. • Receiving AUTHA sent from B, TA first encrypts it and obtains A's onsite fingerprint summary bA , then verifies the signature FPSA by verification function Ver .

  11. If Ver is true, TA matches bA with the registered fingerprint summary bA stored in database by function FPM . TA returns the matching result to B after encryption and signature. Finally, B verifies A's identity.

  12. Implementation • TA • Email-client

  13. TA

  14. User registration • Step1 • generate bA • Step2 • TA enrolls A’s identifier:IDA • Step3 • TA computes A’s fingerprint certificate CA • Step4 • TA computes A’s QFP-A and DFP-A • Step5 • TA writes the public params { P,PT-pub, Ppub Ponline, H, H1, H2, Sig } and A's personal params { DFP-A,,CA, RA, bA } into Usb-keyA, and handsover into A.

  15. Usb-key • We integrate fingerprint sensor and USB token into one device called Usb-key. The Usb-key is able to capture and process fingerprint image. There is an independent time • Besides, it also contains fingerprint summary matching algorithm and Identity-Based Signature algorithm (Sig and Ver ), and be able to be protected against duplication of private key of fingerprint.

  16. Online Secret-key distribution • Step1(B→TA) • CIPH2=Cpri+Hash(Cpri)+c.P • Step2 • Use Ver and FPM to authenticate B’s identity • Step3(TA→B) • CIPH3=Cback+Hash(Cback) • Step4 • B obtains his private key of identifier from TA

  17. Online Identity authentication • B sends A's authentication data to TA. TA authenticates A's identity and returns matching result to B.

  18. Online Identifier update • Assume B wants to update his identifier, he could apply to TA online for relevant service. • B computes Cpri which also contains B's new string. Then B sends CIPH2 to TA. After authenticating B's identity, TA provides update service requested by B.

  19. TA recomputes B's identifier and fingerprint certificate, encrypts them with the session key and obtains Cupdate, then returns CIPH4 to B where CIPH4= Cupdate +Hash(Cupdate) • B takes new idetifier and figerprint certificate instead of in Usb-keyB

  20. Email-client • Local login authentication • Encryption and decryption • Intercommunication with Usb-key • Intercommunication with TA

  21. Intercommunication with TA • Private key of identifier distribution • Email sender’s identity authentication • Identifier update

  22. Manipulation • Step1 • Step2 • Step3 • Step4 • Step5 • Step6

  23. Security Analysis • C pretends B to ask TA for B’s private key of identifier • Cpretends A to send an email to B • B pretends A to send email to other users like D or TA

  24. C pretends B to ask TA for B’s private key of identifier user C

  25. C pretends A to send an email to B user C

  26. B pretends A to send email to other users like D or TA user C

  27. Conclusion • In the system, we user Usb-key to keep secret data and help completing relevant encryption process. Usb-key can only be used by its legitimate owner. Thus the system successfully combines cryptographic key with legitimate users.

  28. References • http://ieeexplore.ieee.org/xpl/RecentCon.jsp?punumber=4258655 • http://zh.wikipedia.org/wiki/Wiki

More Related