a secure email system based on fingerprint authentication scheme
DESCRIPTION
A Secure Email System Based on Fingerprint Authentication Scheme. Author : Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu Date : 2008-03-04. Outline. Introduction Fingerprint Authentication Scheme Implementation Manipulation - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/1.jpg)
1
A Secure Email System Based on Fingerprint Authentication Scheme
Author: Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang
Prestented by Chia Jui Hsu Date: 2008-03-04
![Page 2: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/2.jpg)
2
![Page 3: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/3.jpg)
3
Outline
• Introduction
• Fingerprint Authentication Scheme
• Implementation
• Manipulation
• Security Analysis
• Conclusion
• References
![Page 4: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/4.jpg)
4
Introduction
• Inherent shortcoming and flaw of PKI– Certificates are not easily located– There need strict online requirement– Validating policy is time-consuming and
difficult to administer– Certificates leak data and users must pre-
enroll
![Page 5: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/5.jpg)
5
• Inherent shortcoming and flaw of IBE– It is difficult in prove self-identity to Trust
Authority (TA) and authenticate email sender’s identity.
![Page 6: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/6.jpg)
6
• This paper proposes a new secure email system based on a fingerprint authentication scheme which combines fingerprint authentication technology with IBE scheme.
![Page 7: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/7.jpg)
7
Fingerprint Authentication Scheme
• Setup
• Encryption
• Decryption
• Verification
![Page 8: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/8.jpg)
8
Setup
• TA initializes a secure area• Constructs a supersingular elliptic curve s
atisfying Weil Diffie-Hellman (WDH)
• TA chooses three secrets s,u,v
![Page 9: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/9.jpg)
9
Encryption
• Step1– Usb-keyA authenticates A
• Step2– Usb-keyA generates A’s signature FPSA
• Step3– Obtains authentication data AUTHA
• Step4– CIPH1 = EncAB+Hash(EncAB)+AUTHA+r P‧
![Page 10: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/10.jpg)
10
Decryption
• When receiving the email from A, B computes the session key KAB with his private KAB of identifier and uses KAB to decrypt EncAB to get M.
![Page 11: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/11.jpg)
11
Verification
• When B wants to verify A's identity, TA provides online identity authentication service.
• Receiving AUTHA sent from B, TA first encrypts it and obtains A's onsite fingerprint summary bA , then verifies the signature FPSA by verification function Ver .
![Page 12: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/12.jpg)
12
• If Ver is true, TA matches bA with the registered fingerprint summary bA stored in database by function FPM . TA returns the matching result to B after encryption and signature. Finally, B verifies A's identity.
![Page 13: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/13.jpg)
13
Implementation
• TA
• Email-client
![Page 14: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/14.jpg)
14
TA
![Page 15: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/15.jpg)
15
User registration
• Step1– generate bA
• Step2– TA enrolls A’s identifier: IDA
• Step3– TA computes A’s fingerprint certificate CA
• Step4– TA computes A’s QFP-A and DFP-A
• Step5– TA writes the public params { P,PT-pub, Ppub
Ponline, H, H1, H2, Sig } and A's personal params { DFP-
A,,CA, RA, bA } into Usb-keyA, and handsover into A.
![Page 16: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/16.jpg)
16
Usb-key
• We integrate fingerprint sensor and USB token into one device called Usb-key. The Usb-key is able to capture and process fingerprint image. There is an independent time
• Besides, it also contains fingerprint summary matching algorithm and Identity-Based Signature algorithm (Sig and Ver ), and be able to be protected against duplication of private key of fingerprint.
![Page 17: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/17.jpg)
17
Online Secret-key distribution
• Step1(B→TA)– CIPH2=Cpri+Hash(Cpri)+c. P
• Step2– Use Ver and FPM to authenticate B’s identity
• Step3(TA→B)– CIPH3=Cback+Hash(Cback)
• Step4– B obtains his private key of identifier from TA
![Page 18: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/18.jpg)
18
Online Identity authentication
• B sends A's authentication data to TA. TA authenticates A's identity and returns matching result to B.
![Page 19: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/19.jpg)
19
Online Identifier update
• Assume B wants to update his identifier, he could apply to TA online for relevant service.
• B computes Cpri which also contains B's new string. Then B sends CIPH2 to TA. After authenticating B's identity, TA provides update service requested by B.
![Page 20: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/20.jpg)
20
• TA recomputes B's identifier and fingerprint certificate, encrypts them with the session key and obtains Cupdate, then returns CIPH4 to B where
CIPH4= Cupdate +Hash(Cupdate)
• B takes new idetifier and figerprint certificate instead of in Usb-keyB
![Page 21: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/21.jpg)
21
Email-client
• Local login authentication
• Encryption and decryption
• Intercommunication with Usb-key
• Intercommunication with TA
![Page 22: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/22.jpg)
22
Intercommunication with TA
• Private key of identifier distribution
• Email sender’s identity authentication
• Identifier update
![Page 23: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/23.jpg)
23
Manipulation
• Step1
• Step2
• Step3
• Step4
• Step5
• Step6
![Page 24: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/24.jpg)
24
Security Analysis
• C pretends B to ask TA for B’s private key of identifier
• Cpretends A to send an email to B
• B pretends A to send email to other users like D or TA
![Page 25: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/25.jpg)
25
C pretends B to ask TA for B’s private key of identifier
user C
![Page 26: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/26.jpg)
26
C pretends A to send an email to B
user C
![Page 27: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/27.jpg)
27
B pretends A to send email to other users like D or TA
user C
![Page 28: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/28.jpg)
28
Conclusion
• In the system, we user Usb-key to keep secret data and help completing relevant encryption process. Usb-key can only be used by its legitimate owner. Thus the system successfully combines cryptographic key with legitimate users.
![Page 29: A Secure Email System Based on Fingerprint Authentication Scheme](https://reader036.vdocuments.mx/reader036/viewer/2022062309/56814f63550346895dbd188a/html5/thumbnails/29.jpg)
29
References
• http://ieeexplore.ieee.org/xpl/RecentCon.jsp?punumber=4258655
• http://zh.wikipedia.org/wiki/Wiki