Biometrics authentication has become popular with the increase in infrastructure facilities and scope of sensor technologies. They are suited due to high security in applications like remote authentication. We are considering a provably secure and blind sort of biometric authentication protocol combined with the advantages of Kerberos's ticket granting. We are using cryptography to make the protocol more secure. It can successfully run over public network for remote access. It can also be implemented to take care of the revoking of registered templates. It is not biometric specific. The main Kerberos part comes in because of the ticket granting mechanism. Kerberos and biometrics are already proven to survive range of attacks. Finally we show a central, already secure, server that can be used for mass authentication and a wide range of applications. REVISE / REFERENCES
1.Introduction
During remote connection we face certain challenges. There are a lot of security concerns. The system we are going to propose for this is cost effective and secure[1][2]. Thus if such technology is available at the user/client end it would be very much efficient for the secure authentication as we will see ahead. Though we are not using remote specifications at all points, we are addressing security issued based on it. First of all the client is to be verified and then the user. The user also has the risk of identity theft due to an unidentified or unsecure server. The database containing the user's information and authentication templates is at risk [3], having the critical information. And finally the network security is to be kept in mind because we will be using an unsecure network. We are implementing a blind authentication protocol [4], using Kerberos sort of methodology. This blind authentication crypto-biometric authentication protocol [4] is the main base and idea of our scheme for remote authentication. We know that how Kerberos has been successful as an authenticating protocol. What we wish to do is make it more secure by integrating it with a crypto-biometric authentication system in place of the password system that Kerberos implements. We will see what problems in Kerberos have been addressed and solved by this kind of methodology. Biometrics authentication has become popular with the increase in infrastructure facilities and scope of sensor technologies. It is efficient against the password guessing threat that we identify in Kerberos. The Secret key from the Kerberos system is now not the only thing that the intruder will need. Both the biometric information as well as the secret keys will be needed. The user's actual biometric data is also not available with the authenticating server. It's only submitted to the registration server. The inclusion of the encrypted biometrics with the registration server, authentication server and the token granting server makes this technique unique. It can guard against almost all kind of possible threats in the scenario. We take care of a) biometric template security b) privacy of the user c) Trust between user and authenticating server and d) Network security related issues[5]. The previous works were generally based on system that provided security by securing the secret key by biometrics. The proposed system does not follow this lead. We divide our task into three steps 1) Registration 2) Authentication 3) Ticket granting. The main aim throughout the authentication will based on three 1) Strong encryption for the user's information with the validating server.2) Authentication between the remote client and server should be non-reputable, and 3) Protection against client side attacks and replay attacks even though a key is compromised. Note that we not only have advantages of Kerberos but also the biometrics. This is a unique way of solving problems for each other. The high performance needed by this level of crypto-biometric system is solved by the token granting system of Kerberos while biometrics takes care of some of the security issues that Kerberos has not been able to solve. We overcome a lot of compromises by designing the classifier in the plain feature space, which allows us to maintain the performance of the biometric. For this we use the randomization scheme. ADD KERBEROS's Requirement (William stallings)
2. The Authentication Protocol
Figure1. The authentication mechanism REGIS AND AS ARE CONNECTE>!!
The overall authentication procedure as explained is divided into the following three major steps i.e. registration authentication and ticket granting. Figure1 shows how the process is divided for the three servers. Alice is our Client that is situated remotely and wants to access Bob from there . We are assuming that she has that hardware required for biom the Alice remotely invokes and authenticates herself to access Bob initially. Alice has to go to a three step procedure initially. Then once a ticket is obtained from the ticket granting server she may skip the initial steps for certain time period because the ticket will work until it expires. Also note the authentication scheme that we are going to publish. We will follow the modulo-operations i.e. all the operations like M operation N are carried out in the encryption domain using the expression (M operation N) mod P .P will be decided by the encryption scheme we employ. EXPLAIN WX<T page 258 sequence diagram IMPROVING KERBEROS DES TECH
Registration Server
This is the basic step of registering the user with the main registration server that has the templates of biometrics provided by all users. The registration server is the trusted server here. We are here assuming that this third party server i.e. the registration server is already safe enough for us. E is the public key of Alice that it lets the server have knowledge about. During the registration, the client/Alice sends samples of her biometric data to the registration server, which generates the classifier for Alice. The parameters generated by the registration server are encrypted and sent back to Alice. The biometric samples from Alice to registration server was digitally marked by the client and the server's public key to protect it hence making it secure.
Algorithm 1: Registration
Alice collects biometric information.
Alice creates the data xi from that.
Alice sends the data xi with her identity and her public key E to the registration server.
Registration server uses xi to compute a parameter (w, t) for the user.
These parameters are encrypted using Alice's public key: E(wi).
E (wi) with Alice's identity, public key E and threshold t are sent to authentication server.
One major benefit this central registration server can provide is that it can act as the registration server for a lot of major authentication servers. The common users to those authentication servers can use the once stored biometric data at this centre for various other servers. We can implement a central secured server like this one and then many smaller groups can share it for authentication, having their own authentication and TG servers .
Authentication Server
Now we need to compute the value wi.xi that requires scalar multiplication, and then the addition of the values obtained. Note that we are using RSA in this method, we know that it follows homomorphism for multiplication[6]. Hence we can compute E (wi xi) = E( wi ) E( xi ) , at the server side because of this property of homomorphism that RSA follows .Though we cannot add the results to compute the authentication function making it safe. Sending the product answers to Alice to do the addition actually reveals the classifier parameters to the Alice , which obviously we do not want. We are using a randomization technique for this purpose. We generate the parameter rij by such randomization .It makes sure that the Alice can do the summation computing while it is not able to decipher any information from the product that she can get hands on. The randomization is done in a way such that the server can compute the final sum to be compared with the value of threshold that was decided earlier. The server here carries out all of its computation in the encrypted domain, and hence does not get any information about the biometric data (xi) or classifier parameter (wi). No one can guess our classifier parameters from the products as they are randomized when multiplied with rij. The server is able to compute the final sum S because of the imposed condition on the values of rij and tjs.
(1)
This condition as shown in equation 1 is what we have been able to imply to calculations as shown in the next set of equation. We should note that the ability of the server to generate random number here which actually define the privacy of the server. Substituting the equality in the final sum i.e. S we get the following
S = = (2)
=
= (3)
This sum of products expression is the only thing that the server is able to obtain. This will reveal if the biometric belongs to the Alice or not while it does not actually reveal the biometric data which may sacrifice the security. It hence provides complete privacy to the user and the biometric data are not stored at any place temporary for template matching. Whatever is revealed is such that if obtained by an untrusted third party cannot be used in a way that it can harm.
Algorithm 2: Authentication
Alice computes E (xi) and sends to Bob.
Authentication server computes an+a random numbers, rji and kj , such that for all i , .
Authentication server computes E ( wi xi rji ) =E( wi ) E(xi ) E( rji )
The an products are sent to the Alice.
Alice decrypts the product to obtain wi xi rji
Alice returns Sj= .
Server computes S= and issues to Alice KTG (Alice, K S) and KS encrypted with KA . Where KA is Alice's key, K S is the session key and K TG is the Ticket granting server's key.
Token Granting Server (TGS)
TGS or the ticket granting server issues a ticket for the Real server (Bob) that Alice wants to access. It provides with the session key KAB between Alice and Bob. Ticket granting adds to performance factor of the Kerberos environment with our combination. The Kerberos ticket is a certificate issued by an authentication server, encrypted using the server key. Among other information, the ticket contains the random session key that will be used for authentication of the principal to the verifier, the name of the principal to whom the session key was issued, and an expiration time after which the session key is no longer valid. The ticket is not sent directly to the verifier, but is instead sent to the client who forwards it to the verifier as part of the application request. Because the ticket is encrypted by the server key, known only by the authentication server and intended verifier, it is not possible for the Alice to modify the ticket without detection. We already have an authentication system that quite space and time consuming and this ticket granting will help us reduce that factor. Although Alice verifies the ID just once with the authentication server, she can contact TGS multiple times for different servers and alternatively access the same server again and again. This benefit covers some part of the lag that we may face in the biometric authentication technique that we are suggesting.
EXPLAIN KEYs KAB??? "SERVERS KNOW EACH OTHERS kEYS"
Algorithm 3: Token Granting
Now TG Server sends two tickets containing K S ( Bob, K AB ) and KB (Alice ,K AB). Alice sends Bob's ticket timestamp encrypted by KAB i.e. KAB (T) and KAB (Alice , KAB ) it received from TG.
Bob confirms with Alice by a response such as KAB ( T +1 ) and confirms the success in ticket granting.
Hence once this ticket is granted no need to authenticate again and again and we can thus increase the performance of the biometrics.
Security And Privacy Provided By This Authentication
We analyze all the scenarios to see how the security risks are handled by this authentication technique.
The hacker gains access to the template database - In this case we know that the templates are encrypted by the public key of the respective clients. Hence it's hard to crack the public key algorithm. Moreover if the template is leaked then a new can be created from the new public-private key encryption algorithm. Even brute force for this would be almost impossible given the chances of getting a hit.
Hacker is in the database server during authentication - hence the hacker has the total view of the protocol and how things are working. But the hacker cannot learn anything from the wi xi or xi values. He can only obtain the S j values from which it is almost impossible to derive the original biometric data. It may reveal some information about wi xi but still most part of the biometric will remain protective. Even if the hacker is in the server over multiple authentication trial by the same user he will have only multiple values of S j. However the values of xi will slightly change during multiple tries. Now his problem is the approximate calculation of wi xi . Thus the two points cover how the server will be protected.
On the client side if the Hacker gains access to the user's biometric or private key - Over here we should note that we are considering the advantages of not only the biometric authentication but also the security of PKC. He needs the private key of the user to understand the biometric information if somehow he gets his hands on the user's biometric. In practice the private key can be stored on a smart card or such a hardware device to increase security and it is very rare to get both these. Even then if the hacker is successful then it will only affect one user and doesn't mean a threat to the whole system.
A passive kind of attack on the user's computer - Hacker is present in user's computer during the login process. But the private key is on the hardware and has no direct access to it. He will thus only come to know the intermediate computation values. He will have an+ n quadratic values with more variables. An effort equivalent to brute force will be needed in this case. Though multiple login attempts can help the hacker to succeed in this way. Though he would not be able to perform an authentication without the private key.
Network security - In this case the network can easily be secured using standard cryptographic methods like symmetric cipher and digital signatures. All traffic is encrypted either by clients public key or random number by the server. Thus no information will be deciphered. No replay attack is possible due to the use of random number generation.
Risks that Kerberos faces - Kerberos makes assumptions that the servers are secured and the password guessing attack is not possible .Kerberos V also implicitly relies on the servers being secure and software being non-malicious[7][8].
The concerns of being tracked at any case during the authentication and revealing personal information to the intruder are secured by the fact that we use different keys for all the three application servers.
The loose synchronization [7][9] that needs to be done for Kerberos V to avoid replay attack is also not a problem when it comes to our model. Replay attack is taken care by itself as explained earlier.
The theft of password problem that Kerberos authentication is vulnerable to [8][9] is solved by the method because of the use of crypto-biometric data. Kerberos does not protect against the theft of a password through a Trojan horse login program on the user's workstation.
Application
As we learned from the proposal we can establish a central registration server and once the user is registered the templates are safe with this server. We can now have a lot of remote connections all being authenticated at this single server. We can include a wide area of authentication like a state or even a country. What we need is one time registration on the users end and then through whosoever's remote link he is connecting his biometrics can be authenticated. Many companied and organizations can share such servers and save a huge amount of spending on such a secure server. Then they can all just establish their own authentication server and use the benefits of such a scheme. This will be both economical and effective. Though this main server will need to have a very high tolerance and performance curves, but it is achievable. Also it will give a great amount of security that many small firms may not be able to implement due to economic and other reasons. This feature can be enhanced in many ways and gives a lot of possibilities. As shown is the figure there is one trusted central server. We have many Authentication(AS) and ticket granting server(TGS) pairs linked to such central server.
( ARE NOT DIRECTLY CONNECTED TO REGISTRAION!!!!!! )
Figure 2. Application in large networks
Basic Simulation
For evaluating the verifier of our system we implement it based on a very simple client-server architecture using GNU-C. We use simple linux GNU-C compiler for our purpose. First we establish a one client and multiple server, in our case being 3, for the process. This client-server socket connection is done using the TCP-IP method, i.e. connection oriented. We can also test it for connection less UDP protocol using simple network programming. We carry out the bind, connect , accept functions as needed. RSA keys can be generated using the implementation available through XySSL. All experiments can be performed on a average configuration workstation of INTEL DUAL CORE processor, with 1.5GB of RAM. The performance of Kerberos is already tested and verified and we are not making any changes with the basic authentication of Kerberos that may affect performance. The biometrics once collected are in form of vectors that act as simple data vectors and do not give rise to performance issues. Though the initial process of biometric identification on the the client side is a considerably heavy process but it is necessary and doesn't affect our servers.
We will show how three mechanisms perform .First one being normal crypto-biometric authentication using two servers. The second is the Kerberos environment. The third is out proposal that involves the ticket granting with the crypto-biometric authentication. NS2 RESULTS
Future Work
Though the system is very apt for security we can increase the factor of authentication by adding a smart card methodology . This can help us improve the mechanism in many ways.
This method gives rise to a very unique idea of a "Central Registration Server" as explained that can act a biometric template matcher for a large number of authenticating server and by doing so a large number of hardware and efficiency costs can be handled. Also many groups together need just one very secure central server. Once such a single server is established then a large number of users can be configured. The system is still vulnerable to Denial of service attack at some points and is one of the drawbacks that need to be handled.
