ISSN Vol.03,Issue.03, March-2014, Pages:

Transcription

1 ISSN Vol.03,Issue.03, March-2014, Pages: A Generic Frame Work for Three Factor Authentication Preserving Security and Privacy in Distributed System K. SURESH BABU 1, ALRADDADI FAISAL SALEEM S 2 1 Asst Prof, Dept of CSE, School of IT, JNT University, Hyderabad, Andhrapradesh, India, Kare_suresh@yahoo.co.in. 2 Reserch Scholar, Dept of CNIS, School of IT, JNT University, Hyderabad, Andhrapradesh, India, FFF882@gmail.com. Abstract: As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This project investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest. Keywords: Authentication, Distributed Systems, Security, Networks. I. INTRODUCTION The main contribution of this project is a generic framework for three-factor authentication in distributed systems. The proposed framework has several merits as follows: First, we demonstrate how to incorporate biometrics in the existing authentication based on smart card and password. Our framework is generic rather than instantiated in the sense that it does not have any additional requirements on the underlying smart-card-based password authentication. Not only will this simplify the design and analysis of three-factor authentication protocols, but also it will contribute a secure and generic upgrade from twofactor authentication to three-factor authentication possessing the practice-friendly properties of the underlying two-factor authentication system. Second, authentication protocols in our framework can provide true three-factor authentication, namely a successful authentication requires password, smart card, and biometric characteristics. In addition, our framework can be easily adapted to allow the server to decide the authentication factors in user authentication instead of all three authentication factors. II. PREVIOUS WORK Authentication ensures that a system s resources are not obtained fraudulently by illegal users. Password based authentication is one of the most simple and convenient authentication mechanisms over insecure networks. In 1981, Lamport proposed a remote password authentication scheme by employing a one-way hash chain, which Haller later used to design the famous S/KEY one-time password system. However, one weakness of their scheme is that a verification table should be maintained on the remote server in order to validate the legitimacy of the requesting users; if an intruder can somehow break into the server, the contents of the verification table may be easily modified. Therefore, many password authentication schemes have recognized this problem, and solutions based on smart cards have been proposed, where a verification table is no longer required. In a typical smart card based password authentication scheme, remote users are authenticated with their smart cards as identification tokens. The card takes as input a password from the user, creates a login message from the given password, and sends the message to a remote server, which then checks the validity of the login message before allowing access to any services or resources. This way the administrative overhead of the authentication server is reduced, and the user only needs to remember his password. Recently, some biometrics-based remote user authentication schemes have been designed. In 2002, Lee et al. proposed a fingerprint-based scheme using smart cards. It is based on ElGamal s public key cryptosystem, which also does not require password table for authentication as shown in fig.1. The scheme is novel in that biological information and two secret keys are employed to improve the security. However, Lin et al. and Ku et al. pointed out in 2004 and 2005 respectively that Lee et al. s scheme cannot withstand the masquerade attack, in which an adversary can impersonate a legitimate user without knowing the password and passing the fingerprint verification. Later, in ISPEC 2006, Khan et al. also showed that Lee et al. s scheme was vulnerable to the server spoofing attack. Furthermore, they proposed an improved scheme to enhance 2014 SEMAR GROUPS TECHNICAL SOCIETY. All rights reserved.

2 K. SURESH BABU, ALRADDADI FAISAL SALEEM S the security. Based on the one-way hash function and fingerprint verification, Khan et al. s scheme needs only to maintain one secret key, and a password verification table is not required on the server. They claimed that their scheme achieved mutual authentication between the user and the server, and thus eliminated the drawback of Lee et al. s scheme. [1] Fig.1. Biometrics-based remote user authentication schemes. Content owners (such as authors and authorized distributors) are losing billions of dollars annually in revenues due to illegal copying and sharing of digital media. Digital rights management (DRM) systems are being deployed to address this problem. The user authentication, which is an essential part of a DRM system, determines whether a user is authorized to access the content. In a generic cryptographic system the user authentication is possession based. That is, possession of the decrypting key is a sufficient evidence to establish user authenticity. Because cryptographic keys are long and random, (e.g., 128 bits for the advanced encryption standard (AES), they are difficult to memorize. As a result, the cryptographic keys are stored somewhere (for example, on a computer or a smart card) and released based on some alternative authentication (e.g., password) mechanism, that is, upon assuring that they are being released to the authorized users only. Most passwords are so simple that they can be easily guessed (especially based on social engineering methods) or broken by simple dictionary attacks. It is not surprising that the most commonly used password is the word password! Thus, the multimedia protected by the cryptographic algorithm is only as secure as the passwords (weakest link) used for user authentication that release the correct decrypting key(s). Simple passwords are easy to crack and, thus, compromise security; complex passwords are difficult to remember and, thus, are expensive to maintain.1 Users also have the tendency to write down complex passwords in easily accessible locations. Further, most people use the same password across different applications and, thus, if a single password is compromised, it may open many doors. Finally, passwords are unable to provide non repudiation; that is, when a password is shared with a friend, there is no way to know who the actual user is. This may eliminate the feasibility of countermeasures such as holding conniving legitimate users accountable in a court of law. Many of these limitations of the traditional passwords can be ameliorated by incorporation of better methods of user authentication. Biometric authentication refers to verifying individuals based on their physiological and behavioral characteristics such as face, fingerprint, hand geometry, iris, keystroke, signature, voice, etc. It is inherently more reliable than password-based authentication, as biometric characteristics cannot be lost or forgotten (cf. passwords being lost or forgotten); they are extremely difficult to copy, share, and distribute (cf. passwords being announced in hacker websites) and require the person being authenticated to be present at the time and point of authentication (cf. conniving users denying having shared the password) as shown in fig.2. Fig.2. The complete authentication mechanism. It is difficult to forge biometrics (it requires more time, money, experience, and access privileges) and it is unlikely for a user to repudiate having accessed the digital content using biometrics. Finally, one user s biometrics is no easier to break than another s; that is, all users have a relatively equal security level, hence, there are not many users who have easy to guess biometrics, that can be used to mount an attack against them. Thus, biometrics-based authentication is a potential candidate to replace passwordbased authentication, either by providing the complete authentication mechanism or by securing the traditional cryptographic keys that contain the multimedia file in a DRM system. A. Biometrics A number of biometric characteristics have been in use in various applications. Each biometric has its strengths and

3 A Generic Frame Work for Three-Factor Authentication Preserving Security and Privacy in Distributed System weaknesses, and the choice depends on the application. No single biometric is expected to effectively meet all the requirements (e.g., accuracy, practicality, cost) of all the applications (e.g., DRM, access control, welfare distribution). In other words, no biometric is optimal. The Comparison of Various Biometric Technologies Based on the Perception of the Authors. High, Medium, and Low are Denoted by H, M, and L, Respectively match between a specific biometric and an application is determined depending upon the requirements of the application and the properties of the biometric characteristic. A brief comparison of some of the biometric identifiers based on seven factors is provide. Universality (do all people have it?), distinctiveness (can people be distinguished based on an identifier?), permanence (how permanent is the identifier?), and collectability (how well can the identifier be captured and quantified?) are properties of biometric identifiers. Performance (speed and accuracy), acceptability (willingness of people to use), and circumvention (foolproof) are attributes of biometric systems. Use of many other biometric characteristics such as retina, infrared images of face and body parts, gait, odor, ear, and DNA in commercial authentication systems is also being investigated. The following example illustrates how different biometric identifiers may be appropriate in different scenarios. If one would like to provide just-intime secure access to the documents for write/modify operations to authorized users, e.g., brokers bidding on commodity items using a keyboard both for repudiability as well as security the most natural biometric for authenticating the bid document would be either keystroke dynamics or having fingerprint sensors on each key of the keyboard. If the brokers were bidding vocally, the bid voice segments could be authenticated using voice (speaker) recognition. If the application is intended for providing read-only access to a top secret for your eyes only document, ideal authentication would be iris or retina recognition of the authorized reader as she reads the document (contents can perhaps be projected directly onto their retina). Thus, depending upon the operational situation, different biometric characteristics are suitable for different DRM applications. B. Biometric (In)Variance Password-based authentication systems do not involve any complex pattern recognition and, hence, they almost always perform accurately as intended by their system designers. On the other hand, biometric signals and their representations (e.g., facial image and its computer representation) of a person vary dramatically depending on the acquisition method, acquisition environment, user s interaction with the acquisition device, and (in some cases) variation in the traits due to various path physiological phenomena. Below, we present some of the common reasons for biometric signal/representation variations. 1. Inconsistent Presentation The signal captured by the sensor from a biometric identifier depends upon both the intrinsic identifier characteristic as well as the way the identifier was presented. Thus, an acquired biometric signal is a nondeterministic composition of physiological trait, the user characteristic behavior, and the user interaction facilitated by the acquisition interface. For example, determined by the pressure and contact of the finger on the image acquisition surface, the three-dimensional shape of the finger gets mapped onto the two-dimensional surface of the sensor surface. Since the finger is not a rigid object and since the process of projecting the finger surface onto the sensor surface is not precisely controlled, different impressions of a finger are related to each other by various transformations. Further, each impression of a finger may possibly depict a different portion of its surface. This may introduce additional spurious fingerprint features. In the case of a face, different acquisitions may represent different poses of a face. Hand geometry measurements may be based on different projections of hand on a planar surface. Different iris/retina acquisitions may correspond to different nonfrontal projections of iris/retina on to the image planes. 2. Irreproducible Presentation Unlike the synthetic identifiers e.g., radio frequency identification (RFID), biometric identifiers represent measurements of biological trait or behavior. These identifiers are prone to wear and tear, Imperfect acquisition: three different impressions of a subject s finger exhibiting poor-quality ridges due to extreme finger dryness. Accidental injuries, malfunctions, and patho physiological development. Manual work, accidents, etc., inflict injuries to the finger, thereby changing the ridge structure of the finger either permanently or semi permanently. Wearing of different kinds of jewelry (e.g., rings) may affect hand geometry measurements in an irreproducible way. Facial hair growth (e.g., sideburns, mustache), accidents (e.g., broken nose), attachments (e.g., eyeglasses, jewelry), makeup, swellings, cyst growth, and different hairstyles may all correspond to irreproducible face depictions. Retinal measurements can change in some pathological developments (e.g., diabetic retinopathy). The gait of a pregnant woman is significantly different from that of a woman who is not pregnant. Inebriation results in erratic signatures. The common cold changes a person s voice. All these phenomena contribute to dramatic variations in the biometric identifier signal captured at different acquisitions. 3. Imperfect Signal/Representational Acquisition The signal acquisition conditions in practical situations are not perfect and cause extraneous variations in the acquired biometric signal. For example, non uniform contact results in poor-quality fingerprint acquisitions. That is, the ridge structure of a finger would be completely captured only if ridges belonging to the part of the finger being

4 K. SURESH BABU, ALRADDADI FAISAL SALEEM S imaged are in complete physical/optical contact with the image acquisition surface and the valleys do not make any contact with the image acquisition surface. However, the dryness of the skin, shallow/worn-out ridges (due to aging/genetics), skin disease, sweat, dirt, and humidity in the air all confound the situation, resulting in a non ideal contact situation. In the case of inked fingerprints, inappropriate inking of the finger often results in noisy low-contrast (poor-quality) images, which lead to either spurious or missing minutiae. Different illuminations cause conspicuous differences in the facial appearance. Backlit illumination may render image acquisition virtually useless in many applications. Depending upon ergonomic conditions, the signature may vary significantly. The channel bandwidth characteristics affect the voice signal. The feature extraction algorithm is also imperfect and introduces measurement errors. Various image processing operations might introduce inconsistent biases to perturb feature localization. Two biometric identifiers extracted from two different people can be very similar because of the inherent lack of distinctive information in the biometric identifier or because the representation used for the biometric identifiers is too restrictive. As a result of these complex variations in the biometric signal/representations, determining whether two presentations of a biometric identifier are the same typically involves complex pattern recognition and decision making. Another ramification (compared to password-based authentication systems) is that the design of biometric cryptosystems must take into account the effects of these variations. C. Biometric Matcher For various reasons mentioned in the earlier section, unlike password or keys, the exact match of biometric identifiers is not very useful. Typically, a practical biometric matcher undoes some of the variations in the biometric measurements to be matched by aligning them with respect to each other. Once the two representations are aligned, an assessment of their similarity is measured based on acceptable variations within the aligned representations and is typically quantified in terms of a matching score; the higher the matching score, the more similar are the representations. Let us consider a concrete example of fingerprint matching. The most widely used local features (ridge ending and ridge bifurcation) are based on minute details (minutiae) of the fingerprint ridges. The pattern of the minutiae of a fingerprint forms a valid, compact, and robust representation of the fingerprint and it captures a significant component of information in fingerprints. The simplest of the minutiae-based representations constitute a list of triplets, where represents the spatial coordinates in a fixed image-centric coordinate system and represents the orientation of the ridge at that minutia. Typically, a goodquality live-scan fingerprint image has minutiae. Only in the highly constrained fingerprint systems could one assume that the input and template fingerprints depict the same portion of the finger and both are aligned (in terms of displacement from the origin of the imaging coordinate system and of their orientations) with each other; given two (input and template) fingerprint representations, the matching module typically aligns the input and template minutiae and determines whether the prints are impressions of the same finger by identifying corresponding minutiae within an acceptable spatial neighborhood of the aligned minutiae. The number of corresponding minutiae is an effective measure of similarity between the matched prints. Fig. 5 illustrates a typical matching process. Even in the best of practical situations, all minutiae in input and template prints are rarely matched due to spurious minutiae introduced by dirt/leftover smudges, variations in the area of finger being imaged, and displacement of the minutia owing to distortion of the print from pressing the elastic finger against the flat surface of the acquisition device.[2] The biometrics authentication system offers several advantages over other security methods. Passwords might be divulged or forgotten, and smart cards might be shared, lost, or stolen. In contrast, personal biometrics, such as fingerprints or iris scans, have no such drawbacks. It is ideally suited for both high security and remote authentication applications due to the nonreturnable nature and user convenience. Remote authentication is a form of e- authentication in which user credentials, as proof of identities, are submitted over a network connection. Remote authentication poses unique security challenges given its open, uncontrolled and unsupervised nature. There are two problems in applying personal biometricsto remote authentication. One of the most important is obtaining easily some biometric characteristics, so that the results can never be changed. Another is the difficulty of checking whether the device is capable of verifying that a person is alive since the biometric capture devices are remotely located. Because of such problems, the best approach is to integrate biometrics with passwords and smart cards to construct a secure three-factor authentication scheme. Several threefactor authentication schemes have been proposed in the literature. In 2010, based on the one-way hash function, biometrics verification and smart card, proposed an efficient biometricbased remote user authentication scheme, in which the computation cost is relatively low compared with other related schemes. Recently, showed that Li and Hwang s scheme neither provides proper authentication nor resists the man-in-the-middle attacks. They then presented an improved scheme to fix the problem. In above schemes, the user chose a random number RC, and computed M2 = h(idijjxs) RC for the output of user login phase. In this article, we show that h(idijjxs) can easily be obtained by an attacker obtaining an obsolete value of RC. Then, without

5 A Generic Frame Work for Three-Factor Authentication Preserving Security and Privacy in Distributed System user s password and personal biometrics, the attacker can succeed in either impersonating the user or obtaining the session key. In these schemes, once the template fi is leaked, the biometrics authentication is facing a dilemma of how to identify a forgery. In addition, they suffer from replay attacks and DoS attacks. We remedy this situation by suggesting an enhanced scheme. We also demonstrate how the enhanced scheme is efficient. Furthermore, the security of the enhanced scheme will be demonstrated by formal proofs.[3] The rapid progress of networks facilitates more and more computers connecting together to exchange great information and share system resources. Security is then an important issue for computer networks. Entity authentication is one of the most important security services. It is, necessary to verify the identities of the communication parties when they start a connection. The concept of IDbased cryptosystems was first proposed by Shamir. The IDbased cryptosystems have the following advantages: neither secret nor public keys need be exchanged, the public key directory table is not needed, and the assistance of a trusted third parry is not needed. The secret key corresponding to an ID is fixed and cannot be changed in Shamir's ID based scheme. Therefore, a user with an assigned ID cannot choose his password by himself. Actually, a user's password is generated by the password generation center, rather than by the user himself. However, users are used to choosing their own passwords. This approach is against of the users' habits. Based on ElGama1's signature and Shamir's ID-based schemes, the concept of timestamps is used in Wang et al. scheme and Lee et al. scheme. These schemes are all based on ID-based schemes; they share the problem that a user cannot change his password after registration. A user could not use his current ID but needs to choose a new one after his password is compromised. Lee et al. proposed fingerprint-based remote user authentication scheme using smart cards based on a synchronized system clock. Time-stamp based authentication scheme can withstand the attack of replaying previously intercepted messages using the systems' timestamp. However, the scheme requires system clock synchronization otherwise the scheme will not work properly. Since network environment and transmission delay is unpredictable, a potential replay attack exists in all schemes that employ the concept of timestamps. [4] III. PROPOSED SYSTEM A. Three Factor Initialization In this module we describe the initialization phase in the proposed framework. This phase generates a public parameter and a secret parameter for three-factor authentication. The 2-Factor-Initialization is the initialization algorithm in the underlying protocol. Given a security parameter k, which is the size of the public and secret keys, the authentication server S in our framework runs 2-Factor- Initialization twice to generate two separate PK and SK. The two pairs (PK1; SK1) and (PK2; SK2) are generated in an independent manner. The public parameter in three-factor authentication is the pair (PK1; PK2), and the corresponding secret parameter is the pair (SK1; SK2). B. Three Factor Registrations In this module the registration in our framework is made up of the following steps. In the module we use h as cryptographic hash function chosen by the client C. and An initial password PW1 is chosen by the client C. The function Gen BioData is computed where a pair R; P is generated using C s biometric template BioData and the algorithm Gen in the fuzzy extractor. We assume there is a device extracting the biometric template and carrying out all calculations in the fuzzy extractor. This step does not involve any interaction with the authentication server. Let PW2 be the second password. The second password PW2 is calculated from the random string R. R will be deleted immediately once the calculation of PW2 is complete. Then C (using PW1) and S (using SK1) first execute the 2- Factor-Reg protocol. Let Data1 be the data generated by S at this step. C and S have another run of 2-Factor-Reg protocol, where C registerspw2 and S uses SK2 to generate the corresponding data Data2. PW2 will be deleted immediately once the registration is complete. S generates a smart card SC which contains Data1 and Data2. The client C is given SC which is the smart card. C updates the data in the smart card SC by adding Data3 which contains the auxiliary string P, the description of the hash function h, the reproduction algorithm. C. Three Factor Login Authentications The client C first retrieve the smart card SC data from the card reader, which will extract the data Data1; Data2; Data3. After that, C inputs the password PW1 and his/her biometric data. Let BioData be the biometric template extracted at this phase. Then it calculate R; P and PW2. A random string R is calculated from the biometric template BioData and the auxiliary string P by running the algorithm. The random string R will be the same as the one generated at the registration phase if BioData is close to BioData. C (using PW1 and Data1) and S (using SK1) first execute the 2- Factor-Login-Auth protocol of SCPAP. C and S have another run of 2-Factor-Login-Auth, where C uses PW2 and Data2, and S uses SK2. The protocol outputs 1 if and only if both executions of 2-Factor-Login-Auth protocol output 1. Otherwise, the protocol outputs 0. D. Three Factor Password and Biometric Changing After a successful login, the client and the server can execute 2-Factor-Password- Changing of protocol and change the password PW1 to PW1 and update the data in the smart card accordingly. Similarly, one can change the biometrics used in the authentication. To do that, the client

6 K. SURESH BABU, ALRADDADI FAISAL SALEEM S can generate a new password PW2 determined by the new biometrics by running certain steps in the registration phase. After that, the client and the server can execute 2- Factor-Password- Changing of SCPAP to change PW2 to PW and update the data in the smart card accordingly. As in the registration, PW2 will be deleted immediately once this phase is complete. IV. RESULTS Fig.6. Screen:2 Fig.3. object based time instance. Fig.7. Screen:3 Fig.4. Memory based time instance. Fig.5. Screen:1 The concept of this paper is implemented and different results are shown below, The proposed paper is implemented in Java technology on a Pentium-IV PC with minimum 20 GB hard-disk and 1GB RAM. The propose paper s concepts shows efficient results and has been efficiently tested on different Datasets shown in figs 3 and 4. V. CONCLUSIONS Preserving security and privacy is a challenging issue in distributed systems. This project makes a step forward in solving this issue by proposing a generic framework for three-factor authentication to protect services and resources from unauthorized use. The authentication is based on password, smart card, and biometrics. Our framework not only demonstrates how to obtain secure three-factor authentication from two-factor authentication, but also addresses several prominent issues of biometric authentication in distributed systems (e.g., client privacy and error tolerance). The analysis shows that the framework satisfies all security requirements on three-factor

7 A Generic Frame Work for Three-Factor Authentication Preserving Security and Privacy in Distributed System authentication and has several other practice-friendly properties (e.g., key agreement, forward security, and mutual authentication). The future work is to fully identify the practical threats on three-factor authentication and develop concrete three factor authentication protocols with better performances. VI. REFERENCES [1] D. Maltoni, D. Maio, A.K. Jain, and S. Prabhakar, Handbook of Fingerprint Recognition. Springer-Verlag, [2] Ed. Dawson, J. Lopez, J.A. Montenegro, and E. Okamoto, BAAI: Biometric Authentication and Authorization Infrastructure, Proc. IEEE Int l Conf. Information Technology: Research and Education (ITRE 03), pp , [3] J.K. Lee, S.R. Ryu, and K.Y. Yoo, Fingerprint-Based Remote User Authentication Scheme Using Smart Cards, Electronics Letters, vol. 38, no. 12, pp , June [4] C.C. Chang and I.C. Lin, Remarks on Fingerprint- Based Remote User Authentication Scheme Using Smart Cards, ACM SIGOPS Operating Systems Rev., vol. 38, no. 4, pp , Oct [5] C.H. Lin and Y.Y. Lai, A Flexible Biometrics Remote User Authentication Scheme, Computer Standards Interfaces, vol. 27, no. 1, pp , Nov [6] M.K. Khan and J. Zhang, Improving the Security of A Flexible Biometrics Remote User Authentication Scheme, Computer Standards Interfaces, vol. 29, no. 1, pp , Jan [7] C.J. Mitchell and Q. Tang, Security of the Lin-Lai Smart Card Based User Authentication Scheme, Technical Report RHULMA20051, /techrep/2005/rhul-ma pdf, Jan [8] E.J. Yoon and K.Y. Yoo, A New Efficient Fingerprint- Based Remote User Authentication Scheme for Multimedia Systems, Proc. Ninth Int l Conf. Knowledge-Based Intelligent Information and Eng. Systems (KES), [9] Y. Lee and T. Kwon, An improved Fingerprint-Based Remote User Authentication Scheme Using Smart Cards, Proc. Int l Conf. Computational Science and Its Applications (ICCSA), [10] H.S. Kim, J.K. Lee, and K.Y. Yoo, ID-Based Password Authentication Scheme Using Smart Cards and Fingerprints, ACM SIGOPS Operating Systems Rev., vol. 37, no. 4, pp , Oct