Critical File Access in Wireless Networks Using Multifactor Authentication

Transcription

1 Critical File Access in Wireless Networks Using Multifactor Authentication 1 Critical File Access in Wireless Networks Using Multifactor Authentication Sangheethaa Sukumaran 1, Swathika Rengasamy 2 and S. Sasirekha 3 Department of Information Technology, SSN College of Engineering, Kalavakkam, Chennai sangheethaas@ssn.edu.in, 2 swathikar@ssn.edu.in, 3 sasirekhas@ssn.edu.in ABSTRACT: The exponential increase in the growth of wireless networks has spawned many new threats. Existing Wireless authentication schemes uses pre-shared keys which the clients and Access Point (AP) share which are susceptible to offline dictionary attacks. Hence stronger authentication systems are needed to secure a wireless enterprise. This need for security is further enhanced when access to critical files is necessary. For authentication requirements where cracking is not an acceptable risk, multi-factor authentication is the only real way to provide a strong authentication. In this paper, we demonstrate a scenario where the user needs to access a critical file over a wireless network, and how to secure it. Before access to the file is granted, the client needs to be authenticated. Multi-factor Authentication technique is used to authenticate the users and the two authentication keys used in this paper are One Time Passwords and Fingerprint. Keywords Wireless Networks, Multifactor Authentication, Fingerprint. INTRODUCTION W ireless networks have had a significant impact on the world as far back as World War II. Through the use of wireless networks, information could be sent overseas or behind enemy lines easily and quickly and more reliably. Since then wireless networks have continued to develop and its uses have significantly grown. People and businesses use wireless networks to send and share data quickly whether it be in a small office building or across the world. In future, all communication will be wireless. But a wireless network is susceptible to more type of new attacks. Threats in Wireless Networks A wireless network is more vulnerable [3] because anyone can try to break into a network broadcasting a signal. A wireless network can be affected by hackers, viruses, worms, Trojans. These types of attackers are introduced through attachments, embedded in web pages or transmitted through peer to peer applications. Many networks offer WEP Wired Equivalent Privacy security systems which have been found to be vulnerable to intrusion [2]. Though WEP does block some intruders, the security problems have caused some businesses to stick with wired networks until security can be improved. Another type of security for wireless networks is WPA [6] Wi-Fi Protected Access. WPA provides more security to wireless networks than a WEP security set up. Existing Wireless authentication schemes uses pre-shared keys which the clients and Access Point (AP) share. Pre-shared keys are susceptible to offline dictionary attacks hence stronger authentication systems are needed to secure a wireless enterprise. This need for security is further enhanced when access to critical files is necessary. For authentication requirements where cracking is not an acceptable risk, multi-factor authentication is the only real way to provide a strong authentication. Multifactor authentication Human authentication factors are generally classified into three cases [5]: Something the user has (e.g., ID card, security token, software token, phone, or cell phone). Something the user knows (e.g., a password, pass phrase, or personal identification number (PIN)). Something the user is or does (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), signature or voice recognition, unique bioelectric signals, or another biometric identifier). Often a combination of methods is used, e.g., a bankcard and a PIN, in which case the term two-factor authentication (or multi-factor authentication) is used. In 2006, several scientists at RSA Laboratories published a paper exploring social networking as a fourth factor of human authentication. Historically, fingerprints have been used as the most author itative method of authentication. Other biometric methods such as retinal scans are promising, but have shown themselves to be easily spoof-able in practice. Hybrid or two-tiered authentication methods offer a compelling solution, such as private keys encrypted by fingerprint inside of a USB device. Using more than one factor is also sometimes called strong authentication; using just one factor, for example just a static password, is considered by some to be weak authentication. It should be remembered, how ever, that strong authentication and multifactor authentication are fundamentally different processes. Soliciting multiple answers to challenge questions may be

2 120 Mobile and Pervasive Computing (CoMPC 2008) considered strong authentication but, unless the process also retrieves something you have or something you are, it would not be considered multi-factor. This paper discusses accessing critical files from a server machine in a wireless network by using multifactor authentication mechanism. This paper is organized into following sections. Section 2 gives literature survey. Section 3 gives details about the major parts of the paper like one time password, and G abor filter finger print matching. Section 4 gives implementation details of the paper. And finally section 5 gives the conclusion. LITERATURE SURVEY The major authentication keys used today are passwords, hardware tokens, software tokens, One-time passwords and Biometrics. Passwords The use of passwords for authentication is widely established; both implementers and customers accept them, with the various issues being well documented and understood. However, password systems are susceptible to many attacks and attacks against passwords are generally serious as they usually recover the password. Additional protections for the communication channel can be used to protect the password, but this still does not prevent all attacks. Many security experts now regard passwords, by themselves, as insufficient for online authentication for anything other than low risk services. Hardware Tokens Hardware Tokens are specialized hardware devices that protect secrets (normally cryptographic keys) and perform cryptographic operations. The cryptographic operations support authentication of both parties and the protection of the communication channel used for the authentication exchange. Drawbacks of hardware tokens, compared to other authentication keys, include: increased cost, implementation and deployment complexity and reduced ease of use for customers. Software Tokens Software tokens are essentially software implementations of hardware tokens and so share many of the advantages of hardware tokens. As with hardware tokens, software tokens support authentication of both parties and protection of the communication channel used for the authentication exchange. The major issues with software tokens are: the potential for them to be copied and they may be copied without the owner s knowledge. This results from the lack of a physical container protecting the secrets. The main advantage, compared to hardware tokens, is the lower cost. One-time Passwords One-time password systems rely on a series of passwords generated using special algorithms. Each password of the series is called a one-time password as it is distinct from the others generated and can only be used once. A wide variety of one-time password systems exist that provide varying protection against attacks. Common advantages for one-time passwords systems are: They are easy for customers to use. They have relatively low implementation costs and complexity, when compared to software and hardware tokens. Some of the attacks used against traditional passwords are mitigated with one-time passwords. For example, with discovery attacks (attacks that recover passwords such as phishing attacks). Any (one-time) password obtained may be used only once. With some systems, the (one -time) password obtained can be used only within a very limited time frame. Authentication of the verifier is not usually supported, which can be exploited in attacks. The exposure to copying attacks (where the OTP device itself is copied) depends on the actual solution used. Biometrics Biometrics are well suited to local access control (as with passports in border control) but not as well suited to remote authentication. One of the main reasons is that biometric data is personal data and significant privacy issues arise with the collection, storage and use of such information. With remote authentication, this means special care must be taken to protect transmitted biometric data. The commonly used biometric method is finger printing. Fingerprint Matching Fingerprint recognition or fingerprint authentication refers to the automated method of verifying a match between two human fingerprints. Fingerprint based identification is one of the most important biometric technologies, which have drawn a substantial amount of attention recently [1]. Humans have used fingerprints for personal identification for centuries and the validity of fingerprint identification has been well established. In fact, fingerprint technology is so common in personal identification that it has almost become the synonym of biometrics. Fingerprints are believed to be unique across individuals and across fingers of same individual. Even identical twins having similar DNA, are believed to have different fingerprints. These observations have led to the increased use of automatic fingerprint based identification in both civilian and lawenforcement applications. Characteristics of Fingerprints A fingerprint is the pattern of ridges and furrows on the surface of a fingertip. Ridges and valleys are often run in

3 Critical File Access in Wireless Networks Using Multifactor Authentication 121 parallel and sometimes they bifurcate and sometimes they terminate. When fingerprint image is analyzed at global level, the fingerprint pattern exhibits one or more regions where ridgelines assume distinctive shapes. These shapes are characterized by high curvature, terminations, bifurcations, crossover, etc. These regions are called singular regions or singularities. These singularities may be classified into three topologies; loop, delta and whorl. At local level, there are other important features known as minutiae can be found in the fingerprint patterns. Minutiae mean small details and this refers to the various ways that the ridges can be discontinuous. A ridge can suddenly come to an end, which is called termination, or it can divide into two ridges, which is called bifurcations (Figure 1). align. The global approach to fingerprint representation is typically used for indexing and does not offer reliable fingerprint discrimination. The ridge structure in a fingerprint can be viewed as an oriented texture patterns having a dominant spatial frequency and orientation in a local neighborhood. The frequency is due to inter ridgespacing present in a fingerprint and the orientation is due to the flow pattern exhibited by ridges. Most textured images contain a narrow range of spatial frequencies. For a typical fingerprint images scanned at 500 dpi, there is a little variation in the spatial frequencies among different fingerprints. By capturing the frequency and orientation of ridges in local regions in the fingerprint, a distinct representation of the fingerprint is possible. An example of correlation-based technique is Gabor Filter based Fingerprint matching. CRITICAL FILE ACCESS The application selected for showing the usage of multifactor authentication is file access in a wireless network. This application can be implemented in a company /workplace where restricted employees need to be given access to critical or secret files. By using multi-factor authentication a more secure authentication system is in place. One-Time Passwords Fig. 1: A Typical Fingerprint Finger Print M atching Techniques There are many methods for finger print matching. This section describes 2 such methods from the literature. M inutiae Based Matching Fingerprint matching techniques can be broadly classified as minutiae based and correlation based. Minutiae based technique first locates the minutiae points in a given fingerprint image and matches their relative placements in a stored template fingerprint. A good quality fingerprint contains between 60 and 80 minutiae, but different fingerprints have different number of minutiae. The performances of minutiae-based techniques rely on the accurate detection of minutiae points and the use of sophisticated matching techniques to compare two minutiae fields, which undergo non -rigid transformations. Correlation Based Matching Correlation based techniques compare the global pattern of ridges and valleys to see if the ridges in the two fingerprints One-time password (OTP) systems generate a series of passwords using special algorithms. Each password of the series is called a one-time password, as it can only be used a single time and it is distinct from the other passwords (or at least distinct with very high probability over a given cycle). There are many different one-time password systems available. The comments concerning hardware tokens above also apply to hardware one-time password devices, except those relating to com munication channel protections. Tamper resistance varies across products and this market is still maturing in its use of tamper resistance features. Many one-time password methods are based on a static base secret that is shared between the customer and the verifier. The series of one-time passwords is then generated using this base secret, a nonce (a value that is different with each authentication, preventing replay attacks) and a one-way function. These onetime password systems come as two basic variants, depending on whether the nonce is based on: A time value This requires the device to contain a clock and therefore a battery to run the clock. A window exists for which the one-time password can be used (from 30 seconds to a few minutes). Resynchronizat ion procedures are employed to handle clock drift. A counter The counter is incremented at each use. Solutions also exist that use a combination of these two variants. Other systems are based on a collection of passwords shared between the customer and verifier that

4 122 Mobile and Pervasive Computing (CoMPC 2008) are generated and distributed by the verifier. In this case the collection itself is the base secret. Others use challenge/response with a shared or known function. The function may be simply a printed table or a more sophisticated system based on a one-way function. There is a range of one-time password systems available and the above is only a brief introduction. Advantages One -time password systems can be easy to deploy and may not require any special software to be installed on the customer s computer. One-time password systems are generally acceptable to customers, due to their similarity to password systems. One-time password clock-based devices and challenge/response systems can be used across multiple systems. With hardware one-time password devices and printed lists, the customer is likely to notice the loss if they are stolen. Attacks Mitigated One -time passwords in general mitigate replay, eavesdropper, key logger and shoulder-surfing attacks; because once a one-time password is used it cannot be used again. One-time passwords used across multiple systems cannot completely mitigate these attacks without further protection measures being in place. Using communication channel protections mitigates session hijacking attacks. Gabor Filter based Fingerprint Matching This paper uses a technique called Gabor filter based finger print matching. The scheme first detects the core point in a fingerprint image using two different techniques. Core point is defined as the north most point of innermost ridge line. In practices, the core point corresponds to center of north most loop type singularity. In images where there are no loop or whorl singularities, core is normally associated with the maximum ridgeline curvature. A circular region around the core point is located and tessellated into various sectors. The pixel intensities in each sector are normalized to a constant mean and variance. The circular region is filtered using Gabor filters to produce a set of images. Gabor filter-banks are a well-known technique to capture useful information in specific band pass channels. The average absolute deviation within a sector quantifies the underlying ridge structure and is used as a feature. The feature vector is the collection of all the features, computed from all the sectors, in every filtered image. The matching stage computes the Euclidean distance between the two corresponding feature vectors. In this scheme, translation is taken care of by a reference point, which is core point during the feature extraction stage, and the image rotation is handled by a cyclic rotation of the feature values in the feature vector. Fig. 2: The ROC curve comparing the performance of the Gabor filter based approach with the minutiae based approach The performance comparison between minutiae based systems and Gabor Filter based m atching can be shown as a Receiver Operating Characteristic (ROC) curve that plots the Genuine Accept Rate (GAR) against the False Accept Rate (FAR) at different thresholds on the matching score. As can be seen in Figure 2, our approach outperforms the minutiae based approach over wider range of FAR values. For example, at 1% FAR, the Gabor filter based fingerprint matcher gives a GAR of 91% while the minutiae based matcher gives a GAR of 73%. Secure Socket Layer Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, , Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but the protocol remains substantially the same. The SSL protocol allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom it is communicating. The next level of security in which both ends of the conversation are sure with whom they are communicating is known as mutual authentication. SSL involves three basic phases: Peer negotiation for algorithm support, Key exchange and authentication, Symmetric cipher encryption and message authentication. During the first phase, the client and server negotiate cipher suites, which determine the ciphers to be used, the key exchange and authentication algorithms, as well as the message authentication codes (MACs). The key exchange and authentication algorithms are typically public key

5 Critical File Access in Wireless Networks Using Multifactor Authentication 123 algorithms, or preshared keys could be used. The message authentication codes are made up from cryptographic hash functions using the HMAC construction. Typical algorithms could be: for key exchange: RSA, Diffie- Hellman, DSA, SRP, PSK. For encryption symmetric ciphers: RC4, Triple DES, AES or Camellia. In older versions of SSL, the ciphers RC2, IDEA and DES were also used. For cryptographic hash function, HMAC-MD5 or HMAC-SHA is used, while older versions of SSL also used MD2 and MD4. IMPLEMENTATION This paper is implemented using J2SE 1.6 and Matlab 7.3. This chapter provides an insight into the various packages used in our system and concludes with a few screen shots of the final File Transfer Application. The various packages and technologies used are: Java Swing, Java Socket API and Matlab. Java Swing is used for the creation of Graphical User Interface (GUI). The Socket API takes care of the client server interaction. Matlab is a tool for doing numerical computations with matrices and vectors. We shall review each of these technologies briefly in this chapter. In this paper, Swing has been used extensively to create the GUI, at both the server side and the client side. The Java Socket API provides a set of function calls to establish communication between sockets on two remote machines. When messages are sent, they are queued at the sending socket until the underlying network protocol has transmitted them. When they arrive, the messages are queued at the receiving socket until the receiving process makes the necessary calls to receive them. Secure Socket Layer (SSL) Sockets SSL Socket extends Sockets and provides secure socket using protocols such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Such sockets are normal stream sockets, but they add a layer of security protections over the underlying network transport protocol, such as TCP. Those protections include: Integrity Protection SSL protects against modification of messages by an active wiretapper. Confidentiality In most modes, SSL encrypts data being sent between client and server. This protects the confidentiality of data, so that passive wiretapper won't see sensitive data such as financial information or personal information of many kinds. A cipher suite specifies these kinds of protection, which is a combination of cryptographic algorithms used by a given SSL connection. During the negotiation process, the client and server must agree on a cipher suite that is available in both environments. A negotiation process called handshaking establishes the cipher suite used. When SSL Socket s are first created, no handshaking is done so that applications may first set their communication preferences: what cipher suites to use, whether the socket should be in client or server mode, etc. However, security is always provided by the time that application data is sent over the connection. Matlab OTP is implemented in Java Swing and Fingerprint matching is done using MATLAB and it has been converted to java class files to be incorporated into the File Transfer Application. When the client requests for a file to a server in a wireless environment, his/her authentication details has to be entered. OTP and fingerprint image of the client is sent to the server for verification. If either of the authentication measures fails, then the system will deny access to the critical file. Fingerprint matching using Gabor filters [4] involves the following steps 1. Core Point Detection 2. Tessellation 3. Normalization 4. Filtering 5. Feature Vector Extraction and Matching. Core Point Detection Fingerprints have many conspicuous landmark structures and a combination of them could be used for establishing a reference point. We define the reference point of a fingerprint as the point of maximum curvature of the concave ridges in the fingerprint image. Fig. 3: Concave and convex ridges in a fingerprint image when the finger is positioned upright Tessellation A tessellation or tiling of the plane is a collection of plane figures that fills the plane with no overlaps and no gaps. A square tessellation is applied to the image, with the center of the image corresponding to the core point detected. Normalization Normalization is performed to remove the effects of sensor noise and gray level background due to finger pressure differences. Normalization is the 3 rd major step in Fingerprint matching. After the core point is detected, the Image required for normalization is cropped and the passed to the normalization function. M o and V o are the desired mean and variance values while M i and V i are the estimated mean and variance of gray levels in the sector Si respectively. The formula used for Normalization is as follows:

6 124 Mobile and Pervasive Computing (CoMPC 2008) Fig. 4: Representation of steps involved in Fingerprint matching Filtering Gabor filters optimally capture both local orientation and frequency information from a fingerprint image. They are suited for extracting Texture information from images. An even symmetric Gabor filter has the following general form in the spatial domain: Feature Vector Extraction and Matching A feature vector is composed of an ordered enumeration of the features extracted from the local information contained in each sub image. The Gabor Filter is calculated for 0, 22.5, 45, 67.5, 90, 112.5, 135, degrees. The Normalized Region of Interest is convolved with each of these eight filters to produce a set of eight filtered images. For each sector in these filter images, the feature is the average absolute deviation from the mean. The combination of all features forms a Finger Code. The formula used to calculate the Average Absolute Deviation is V 1 = ni n i iθ Fi θ, ( x y) F iθ The features in the Finger Code are cyclically rotated. Rotation of Finger Code corresponds to rotation of actual fingerprint. For each fingerprint in database, we store templates corresponding to different rotations of the Finger Code. The input test Finger Code is matched with the templates stored in the database. If the matching score (Euclidean Distance) is less then 1000, then the test fingerprint is said to be matched. One-Time Password The user has a secret pass phrase. The secret pass phrase is concatenated with a seed. The seed is sent as clear text to the server. The result of the concatenation is passed on to a secure hash algorithm (SHA) or Message digest algorit hm

7 Critical File Access in Wireless Networks Using Multifactor Authentication 125 (MD5) and is then reduced to 64 bits. A sequence of onetime passwords is produced by applying the secure hash function multiple times to the output of the initial step (called S). That is, the first one-time password to be used is produced by passing S through the secure hash function a number of times (N) specified by the user. The next onetime password to be used is generated by passing S though the secure hash function N 1 times. An eavesdropper who has monitored the transmission of a one-time passw ord would not be able to generate the next required password because doing so would mean inverting the hash function. The server system has a database containing, for each user, the one-time password from the last successful authentication or the first OTP of a newly initialized sequence. To authenticate the user, the server decodes the one-time password received from the generator into a 64- bit key and then runs this key through the secure hash function once. If the result of this operation matches the stored previous OTP, the authentication is successful and the accepted one-time password is stored for future use. CONCLUSION In this paper, we have implemented multi-factor authentication in a wireless network for Critical File Access using Fingerprint and One -Time Password as the two factors of authentication. By transferring the authentication keys through the Secure Socket Layer, the data transfer is secure and eavesdropping is prevented. As a future enhancement to this paper, an extra factor of authentication like hardware token can be included. The Fingerprint matching system using Gabor Filters can be coupled with other minutia based matching so as to obtain a more resilient matching system. REFERENCES [1] Alex Kotlarchyk, Biometric Authentication in Wireless Networks, Florida, Atlantic University, [2] Chris Hurley, Identifying and Responding to wireless attacks, Black Hat Japan, [3] Nicholas.M, /Conferences/Feb2005/ConfPresentations/ Nicholas_Miller.pdf, [4] Muhammad Umer Munir and Dr.Muhammad Younas Javed, Fingerprint Matching Using Gabor Filters, National Conference on Emerging technologies, [5] State Services Commission, New Zealand Government, Guidance on Multifactor Authentication, [6] Frank Bulk, /computer/ wpa_article.pdf, 2004.