Beruflich Dokumente
Kultur Dokumente
Presented by: Sanjay G. Kanade Institut Mines TELECOM: TELECOM SudParis, Dpartement Electronique et Physique, Evry, France
Outline
Motivation Related Works Multi-biometrics Based Crypto-biometric Session Key Generation and Sharing Protocol Proposed Protocol for Establishing Secure Session Between Two Parties Conclusions and Perspectives
A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients
September 2, 2013
Motivation
Crypto-biometric systems:
Combine techniques from biometrics and cryptography
revocability, template diversity, privacy protection strong link between a persons identity and his cryptographic keys
Need of sharing crypto-biometric keys Hypothesis 1: communication between two parties unknown to each other Hypothesis 2: the two parties do not wish or are unable to use a common biometric characteristic
September 2, 2013 A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients 3
September 2, 2013
A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients
Ueshige and Sakurai (one-time authentication protocol), Bringer et al., Barni et al. (privacy preserving authentication)
Only for authentication, no generation of keys
Our Previously Proposed BSKGS Protocol Authentication between Client and Server
Party 1 Shuffling key K ish (on a smart card or from password) Auth. Req., user ID, security level, modalities Request accept Capture fresh biometric data, apply shuffling, and create locked code lock from a random key K r Locked code lock and H ( H ( K r )) Party 2 (server) Shuffling key part K i and stored cancelable template ic
x
H ( K r )
) If H ( K r ) H ( K r Kr Kr
Kr
Previously published in: S.G. Kanade, D. Petrovska-Delacrtaz, and B. Dorizzi, Multi-biometrics Based Crypto-biometric Session Key Generation and Sharing Protocol, In ACM Workshop on Mumtimedia and Security (MM&Sec), 2011
Link between them is unprotected Biometric data not stored in classical form; must be revocable Protocol should achieve mutual authentication Should be able to use single or multiple biometrics
September 2, 2013 A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients 7
Data transferred through the channel does not pose privacy threat
No storage or exchange of classical biometric data Mutual authentication between client and server Session specific crypto-biometric keys Single or multiple biometrics can be used depending on usage scenario
September 2, 2013 A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients 8
September 2, 2013
A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients
Proposed Protocol for Establishing Secure Communication Session between Two Clients
Central Authority for Registration and Authentication (CARA)
c x A , KA
c x B , KB
Client A
Shuffling keys
s KA
s KB
Client B
Shuffling keys
sh x KB , KB
K ,K
sh A
x A
Client A and Client B authenticate themselves with the CARA and s s obtain individual session keys: K A ; K B Request templates of the other party to the CARA CARA sends
s KA A
c s x f ( A , KA ) and K A
to Client B and
s KB B
BSKGS protocol
10
Protocol involves authentication using biometrics and a token (shuffling key) revocability and diversity easily attainable
Multiple biometric cues higher difficulty for attackers Can also be integrated with classical cryptographic protocols such as TLS Entropy of the crypto-biometric key depends on the algorithm used in BSKGS
September 2, 2013 A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients 11
Thank you !