Public Key Infrastructure is a widely deployed security technology for handling key distribution and validation in computer security. Despite PKI’s popularity as a security solution, Phishing and other Man-in-the-Middle related attacks are accomplished with ease throughout our computer networks. The major problems with PKI come down to trust, and largely, how much faith we must place in cryptographic keys alone to establish authenticity and identity.
In this paper, we look at a novel biometric solution that mitigates this problem at both the user and certificate authority levels. More importantly, we examine the trouble with the application of unprotected biometric features directly into PKI, and propose the integration of a secure, revocable biometric template protection technology that supports transactional key release. A detailed explanation of this new Biometric application is provided, including composition, enrollment, authentication, and revocation details. The Biometric provides a new paradigm for blending elements of physical and virtual security to address pesky network attacks that more conventional approaches have not been able to stop.
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
1. CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
Rama Krishna Pankaj Rane
120851923010
120851923024
Venkatesh
120851923027
Abstract - Public Key Infrastructure is a widely deployed
security technology for handling key distribution and
validation in computer security. Despite PKI’s popularity as a
security solution, Phishing and other Man-in-the-Middle
related attacks are accomplished with ease throughout our
computer networks. The major problems with PKI come down
to trust, and largely, how much faith we must place in
cryptographic keys alone to establish authenticity and identity.
In this paper, we look at a novel biometric solution that
mitigates this problem at both the user and certificate authority
levels. More importantly, we examine the trouble with the
application of unprotected biometric features directly into PKI,
and propose the integration of a secure, revocable biometric
template protection technology that supports transactional key
release. A detailed explanation of this new Biometric
application is provided, including composition, enrollment,
authentication, and revocation details. The Biometric provides
a new paradigm for blending elements of physical and virtual
security to address pesky network attacks that more
conventional approaches have not been able to stop.
1. INTRODUCTION
Public Key Infrastructure or PKI can be a very complex but
important subject. We’ll give you a PKI overview to help you
understand what PKI is and how it can help you. PKI is a
loaded term that involves the hardware, software, policies, and
standards that are necessary to manage SSL certificates. A PKI
lets you:
Manikanta
Devi Sree
120851923019 120851923014
using their trusted root certificate (or an intermediate of it) to
create a "chain of trust" so the browser will trust the entity’s
certificate. Basically, web browser developers are saying "We
trust this certificate authority and they say that this is the
entity's public key so, if we use it, we know we are talking to
the right entity."
Biometrics (or biometric authentication) refers to the
identification of humans by their characteristics or traits.
Biometrics is used in computer science as a form of
identification and access control. It is also used to identify
individuals in groups that are under surveillance. Biometric
identifiers are the distinctive, measurable characteristics used
to label and describe individuals. Biometric identifiers are
often categorized as physiological versus behavioral
characteristics. A physiological biometric would identify by
one's voice, DNA, hand print or behavior. Behavioral
biometrics are related to the behavior of a person, including but
not limited to: typing rhythm, gait, and voice. Some researchers
have coined the term behaviometrics to describe the latter
class of biometrics. More traditional means of access control
include token-based identification systems, such as a driver's
license or passport, and knowledge-based identification
systems, such as a password or number. Since biometric
identifiers are unique to individuals, they are more reliable in
verifying identity than token and knowledge-based methods;
however, the collection of biometric identifiers raises privacy
concerns about the ultimate use of this information.
i) Authenticate users more securely than standard
usernames and passwords.
ii) Encrypt sensitive information.
iii) Electronically sign documents more efficiently.
A PKI allows you to bind public keys (contained in SSL
certificates) with a person so in a way that allows you to trust
the certificate. Public Key Infrastructures most commonly use
a Certificate Authority (also called a Registration Authority) to
verify the identity of an entity and create unforgeable
certificates. Web browsers, web servers, email clients, smart
cards, and many other types of hardware and software all have
integrated, standards-based PKI support that can be used with
each other. A PKI is only as valuable as the standards that are
established for issuing certificates.
Certificate Authorities
An SSL Certificate Authority (also called a trusted third party)
is an organization that issues digital certificates to
organizations or individuals after verifying their identity. The
information that it verifies is included in the signed certificate.
It is also responsible for revoking certificates that have been
compromised. Many Certificate Authorities have their root
certificates embedded in web browsers so your web browser
automatically trusts them. They will sign an entity’s certificate
2. PKI BASED APPLICATIONS
2.1 E-BANKING IN CORPORATE LEVEL
In normal transaction we use user ID, password to authenticate
the person. Through this user name and password any one can
login if they know our confidential details.
due to this if they perform any transaction without knowing us
then we have the problem. To resolve this we use Digital
certificate.
If we enable the Digital certificate to transact the amount and
also enable the Digital certificate for login it provides some
security. Let see the process now
ENABLE THE DIGITAL CERTIFICATE
1. Login with your Corporate Id, User Id and Login
Password
2. Enable the Digital Certificate Registration
2. 3. Click upload button System will automatically pick
up the desired details form the certificate file.
4. Select whether you require digital certificate for
login, for transaction or for both
LOGIN THE USER AND TRANSACT WITH THE HELP OF
DIGITAL CERTIFICATE
1. Click on the link Corporate User (With Digital
Certificate) link.
2. You will be prompted for selecting the digital
certificate
3. Enter your Corporate Id, User Id and login ID and
password.
4. Now you will be able to use Corporate Internet
Banking with additional security of Digital Certificate
5. Perform the operations (Transactions) with the help
of additional security
2.2 E-CORPORATION
If anyone wants to start a company they must register the
details of company and personal details in the ministry of
corporate affairs.
These ministries of corporate affairs newly implemented the
process to register the company with the help of Digital
certificate. Let see the process now...
To register a company, you need to first apply for a Director
Identification Number (DIN) which can be done by filing
eForm for acquiring the DIN.
You would then need to acquire your Digital Certificate and
register the same on the portal.
Thereafter, you need to get the company name approved by the
Ministry.
Once the company name is approved, you can register the
company by filing the incorporation form depending on the
type of company
2.3 E-LICENCING
If we want to renewal the license we apply the renewal
application through by online.
if we want to apply online we register first and login the
username and password and enter the details and perform the
transactions but if anyone knows our confidential information
they can use it for wrong things. To solve this problem we use
the Digital Certificate. Let see the process now..
1. Applicant must have digital certificate.
2. Applicant authentication will be done by uploading personal
certificate and enter the pin of the certificate.
3. Enter the details like
1. Provide the particulars of register owner and vehicle.
2. Upload required support documents
1. Vehicle registration document.
2. Certificate of roadworthiness.
3. Third party Risk Insurance Policy.
3. Providing Residential address.
4. Provide digital signature and enter pin of certificate to sign
the application.
5. Make payment using your credit card.
6. Obtain acknowledgement slip.
Normally if we want to use online transaction, some sites can't
provide secure transaction. Suppose if we want to send the
confidential information to any one if transaction is not secure
then our confidential information will be damaged. To
overcome the situation we use the PKI.
Here the customer, who is going to renewal the
LICENCE is transferring the confidential information and also
he is transferring the amount have to be paid for the
government such that we have to enable PKI.To achieve this
the customer must have Digital Certificate. The data from
sender side will be encrypted.
3. BIOMETRIC BASED APPLICATIONS
3.1. BIOMETRIC ATM
We all know of ATM's that accept our credit/debit card and the
PIN number to dispense cash. Biometric ATM's are the latest
inventions to help us avoid fraud and duplication. If somebody
steals our card and also knows our PIN they can easily
withdraw cash from our account. In case of biometric ATM's
they cannot. Usually the PIN for bio ATM's is the finger print
of the card holder or his eye retina scan etc. These cannot be
duplicated and hence they are very safe and secure. But they
are very costly when compared to traditional ATM machines
and hence they are not very widely used now.
Japanese bank palms off customers with biometric ATMs:
Japan-based Ogaki Kyoritsu Bank is claiming to be the first in
the world set to offer its customers the option of using ATM
services without the need for a cash card or passbook, thanks to
palm-scanning biometric technology from Fujitsu. The
technology works by mapping and identifying the unique
pattern of veins in the user’s palm. Although biometric
scanners are used in some Japanese banks. With the tag-line
"You are the cash card", the technology will be rolled-out from
September in ten branches including the major city of Nagoya,
as well as a drive-through cash point (yes, they have them too)
and two mobile banking units. Ogaki Kyoritsu – which is a
regional bank centered in Gifu prefecture west of Tokyo – was
quick to point out that a card-less authentication system could
have helped survivors of the recent Tohoku earthquake and
tsunami who, having lost cards and passbooks, were stranded
unable to access their accounts. One of the bank’s mobile units
operates as a “rescue” bank for just such occasions. The system
is pretty straightforward. Initially the user must associate their
palm scan with their account by inputting PIN and birth date,
after which time they are free to access their account via the
scan alone to withdraw or deposit money or check account
balance.
•
•
•
•
•
Poland's
cooperative
BPS
(Bank
Polskiej
SpoldzielczosciSA) bank says it's the first in Europe to
install a biometric ATM --allowing customers to
withdraw cash simply with the touch of a fingertip.
The digit-scanning ATM, introduced in the Polish
capital of Warsaw, runs on the latest in “finger vein"
technology.
Developed by Japanese tech giant Hitachi.
In this technology an infrared light is passed through
the finger to detect a unique pattern of micro-veins
beneath the surface - which is then matched with a preregistered profile to verify an individual's identity.
Finger veins are impossible to replicate because they
are beneath the surface of the skin.
3. Airports, Train stations, Trade-centers, Stadiums, and public
malls. With these recent APS update, Ayonix’s APS product
now greatly benefits from the additional performance boost
provided by the new image processing algorithm, as evidenced
by recent tests. More specifically, the processing speed in APS
ver2.1 has been 10 times faster than other releases. Users can
now achieve real-time face recognition in public locations. And
whereas previously it was difficult to recognize identities while
people were walking, APS ver2.1 now makes a walk-through
facial recognition feasible.
Fig 3.1 a) Customer enrollment for biometric scan at bank
•
•
•
•
•
Face Recognition identify a person uniquely in crowd.
Face Recognition can be deployed in any crowd places
such as railways, public malls, airports, stadiums etc…
This technology was first introduced in JAPAN by
Ayonix, Inc. Japan, a leading Image technology
solution provider.
As U.S. airports installed face-recognition systems to
prevent terrorism in the wake of the Sept. 11 attack.
Developed by herta security known as Bio surveillance.
Fig 3.1 b) Customer accessing biometric ATM
3.2. FACE RECOGNITION FOR
SURVEILLANCE
Biometrics is the digital analysis using cameras or scanners of
biological characteristics such as facial structure, fingerprints
and iris patterns to match profiles to databases of people such
as suspected terrorists. Some experts say face recognition is
perhaps the most promising biometric technique for
overcrowded airports because it relies on distant cameras to
identify people--not finger scanners or other devices requiring
people to click, touch or stand in a particular position.
Several airports are adopting such face-recognition software in
an effort to beef up security after the suicide bombings on the
World Trade Center and the Pentagon. In addition to the Logan
airport in Boston, Oakland International Airport in Oakland,
Calif.; T.F. Green Airport in Providence, R.I.; and Fresno
Yosemite International Airport in California are among those
adopting identification technology to check passengers.
Visionics' technology can scan about 15 faces a second,
compiling 84 bytes of data for each face detected in a frame of
video. It maps the landmarks of the face including nose, eyes
and mouth to create a digital "face print" of a person. The face
print is then compared to a database of tens of thousands of
other biometric IDs representing criminals, terrorists or other
people for whom security is looking.
Ayonix, Inc. Japan, a leading Image technology solution
provider, today announced the release of Ayonix Public
Security (APS ver2.1), a new real-time facial detection and
recognition surveillance product aimed at safely identifying
criminals as well as suspects in public locations such as
Fig.3.2 Workflow for face recognition for surveillance
at Airport
4.
PKI
AND
APPLICATIONS
BIOMETRIC
BASED
4.1. e-PASSPORT
A biometric passport, also known as an e-passport, ePassport or a digital passport, is a combined paper and
electronic passport that contains biometric information that can
be used to authenticate the identity of travelers. It uses
contactless smart card technology, including a microprocessor
chip (computer chip) and antenna (for both power to the chip
and communication) embedded in the front or back cover, or
center page, of the passport. Document and chip characteristics
are
documented
in
the
International
Civil
AviationOrganization's (ICAO) Doc 9303. The passport's
critical information is both printed on the data page of the
passport and stored in the chip. Public Key Infrastructure (PKI)
is used to authenticate the data stored electronically in the
passport chip making it expensive and difficult to forge when
all security mechanisms are fully and correctly implemented.
The currently standardized biometrics used for this type of
identification system are facial recognition, fingerprint
recognition, and irisrecognition. These were adopted after
assessment of several different kinds of biometrics including
retinal scan. The ICAO defines the biometric file formats and
communication protocols to be used in passports. Only the
digital image (usually in JPEG or JPEG2000 format) of each
biometric feature is actually stored in the chip. The comparison
of biometric features is performed outside the passport chip by
electronic border control systems (e-borders). To store
biometric data on the contactless chip, it includes a minimum
4. of 32 kilobytes of EEPROM storage memory, and runs on an
interface in accordance with the ISO/IEC 14443 international
standard, amongst others. These standards intend
interoperability between different countries and different
manufacturers of passport books.
Fig.4.1 a) Countries with biometric passports
Fig.4.1 b) Workflow of biometric passport
4.2 BIOMETRIC ENABLED PROXY SIM
Normally proxy sim contains inbuilt PKI(that means public and
private keys). Suppose if we want to send a message
confidentially to any one we can send the message to them
with the help of PKI (encrypt the message whatever we send to
him).
If anyone knows the password of PKI, they can use this mobile
and they can send the message through our mobile with
enabled PKI. To overcome this Situation we can use this
BIOMETRIC ENABLED PROXY SIM.
What we are proposing in this system is not even if
anyone knows our password they must want our
BIOMETRICS(already stored in that sim which is cant open by
any way) that means without using BIOMETRICS they cannot
use PKI.
If authorized user want to perform any sms/transaction,
If authorized user wants to send the sms through the
PKI, he type the sms and send the sms to destination. Before
going to destination it asks the Biometrics (fingerprint) and it
asks to enter the private key pin number. First enter the finger
print and then type the pin number. Due to this Destination
person can understood that confidential matter is sent by the
authorized person.
If authorized user wants to transact an amount to any
account, he must login in to his account and transact the
amount. Before complete the transaction mobile asks the
biometrics that means finger print and then it asks the private
key to complete the transaction. Due to this the transaction is
done by the authorized person.
•
•
•
http://www.theregister.co.uk/2012/04/12/ogaki_palm_s
canning_cash/
http://news.cnet.com/2100-1023-275313.html
http://www.dhs.gov/e-passport
•
•
hthttp://www.mca.gov.in/MCA21/
http://www.netpnb.com/index.html#
5 References
•
•
•
http://en.wikipedia.org/wiki/Biometric_passport
http://www.dhs.gov/e-passports
http://www.gov.hk/en/residents/transport/vehicle/renew
vehiclelicense.