An Improved Approach to Secure Authentication and Signing

superfluitysmackoverSécurité

23 févr. 2014 (il y a 3 années et 1 mois)

47 vue(s)



An Improved Approach to Secure Authentication and Signing

David Argles, Alex Pease and Robert John Walters

University of Southampton,

Southampton, UK

{da
,
ap1803
,r
jw1}@ecs.soton.ac.uk



Abstract


We
know how to build secure systems but
for
security
measu
res to be
truly
effective

it
is necessary to use keys which
are far too large for people to commit to memory
.
The
consequence is that
people

avoid using security measures or
they resort to recording their key information somewhere
which they find convenie
nt to access. If any kind of barrier to
unauthorised access
to this store
is used
, it is
invariably
a
username and short password or PIN

combination
. Th
is

compromises the effectiveness of
primary
schemes
by
presenting an
intru
der with a weak point to att
ack.

This paper describes a

hybrid scheme incorporating
an
electronic token and
biometric verification
. The scheme
eliminates the need to rely on
the
user’
s

memory

so

it can use
keys which are long enough to
be effective, yet it is also
quick
and convenie
nt in use and could be adopted anywhere that
presently uses username
-
password arrangements.




1.


I
ntroduction


The effectiveness of any security
scheme
(encryption, signing
,
access cont
r
ol
) depends on the length of the keys which are
used
. Advances in tech
niques and widespread availability of
powerful computers means that

today

these k
eys must be
considerably longer than people are able or willing to commit
to memory.

The result is that many
security
systems us
e
keys
which are too short to be
e
ffective

bec
ause users have to be
capable and willing to memorise them. Where the keys used
are big enough

to be effective
, users
resort
to record
ing

this
vital information because they can’t remember it.
Unfortunately the methods they use are rarely secure and
pres
ent

ideal opportunit
ies
for intruders to attack.

W
e need an alternative to the ubiquitous
user
name
-
password style of access control which
will
permit
the adoption of
much larger encryption keys without imposing
excessive load on the users. There are numbe
r of possibilities
but none in isolation provides a
satisfactory

solution.
W
e
describe a composite system which uses a
combination of a
biometric and an electronic token to provide a system which

avoids the problems of using either alone and is much more
secure that a typical username
-
password system
.
The
approach
is easy to implement, non
-
intrusive and uses
cheap
and widely

available technologies.

It could be implemented
on a wide

scale basis to improve the security of web
-
based
transactions such as e
-
B
anking and e
-
Commerce.


2.


W
eakness
es

of
Current approach
es


H
ow to build secure systems and applications

is well
understood and documented
. For example,
Triple DES, RSA
or Blowfish

can be highly effective
for secure communication

[5]
. However, none of these schemes is effective unless
the
keys
used are long enough.
A
s computers and computing
techniques have progressed
the
keys used have
needed to
grow
to the point where

1
28bit numbers are

common
. Such
numbers are far beyond what people could reasonably be
expected to commit to memory so they are

often
stored in
a
repository
. A
ccess
to this repository is
typically
controlled by

an
other means of
user authentication
, and
this is where the
problem lies: d
espite
significant developments in alternative
systems, the username
-
password approach to authentication
remains widely used
[2]
. The same applies to access control
whether it be for gaining access to a particular item of
equipment such as a computer workstation or a secure system
such as online trading or banking. The control mechanism is
invariably some variation o
f username
-
password.

Unfortunately the protection offered by name
-
password
systems
is
generally
very poor
, especially when
compared with
the
systems they seek to protect
.

The root of the problem is
that
the main
discriminant

in the selection of the size
of the
password
(s)

is what the users will accept rather than what is
necessary to achieve an acceptable level of security. In
practice,
users
insist

on very
s
hort, and hence weak,
passwords
. The problem is exacerbated by
widespread a
buse
of the
systems b
y
users who
select passwords which are easily
guessed,
write

d
own and shar
e

passwords

[1]
.


Despite the

known
weaknesses, few users change their passwords un
til
they
are know to h
ave
been compromised
[4]



when it is
already too late
.
The PIN system being
widely
adopted for
credit card authorisations is a good example

but the same
applies for all kinds of secure access arrangements, including
online ba
nking and other secure services. In the case of credit
car
d
s, th
e PIN is a four digit number so there are
at most
10,000 possibilities and

now that
card holders

are able to self
s
elect
their PIN
,
it is likely that a few hundreds of numbers
account for the

huge majority of PIN
s

in use.


To address this issue, we need

to break the link between
the size of the key and the ability of users to remember: we
need a
form of user identification and authentication which
doesn’t rely on the user’s memory. One possibi
lity is
electronic tokens
. These can be
stored on removable media
such as a smart card
s

(or USB
“pen
drive
s

)
[11]

and operate
just like everyday physical keys.

Authentication is achieved
by the user being able to produce the necessary
token
.
T
his
technique
imposes
a physical barrier to
intruders
:
access is
denied
unless the

user

can produce the
token
.


The
user
doesn’t

need to remember anything and the
level of security available
is determined by the nature of the token. Making such a
system more secure requires more sophisticated
token
s

and
(software)
locks but has no impact on the user.
However

it
has
weaknesses of its own. Notably, nothing
link
s

the user
to t
heir
token

so an
intruder
who is able to steal a
token
(
i.e.,
the media
on which
it is stored) is immediately afforded the sam
e level of
access as
the rightful
user of the key.
Unfortunately, i
t
is
a
feature of human u
sers

that
they do
lose
such tokens

from time
to time
in the same way that they lose other keys

and valuable
items
.

We a
re all unique

so
a
nother alternative to the
user
-
password system is biometrics. A biometric is a measure
of

any of the many f
eature
s

which can be used to identify a
person.
Well known examples include finger prints and iris
recognition

but there are many others

and th
ere are established
criteria b
y which biological measurements qualify as a
biometric
[8]
.


Systems which use biometrics operate in two
phases
.

First,

the distinguishing features of a user’s biometric
are extracted and

a template created.
Then
,
or verification
, the

biometric data

is captured again and
compared w
ith
one or
more
stored
template
s

to find a match

[6]
.

It has been
suggested that a user’s key could be derived from a biometric
[3]
.

Using biometrics
has many
attracti
ons

and they
enjoy
advantage
s

which
arise from the fact that they are
a feature of
who we are, not what we know or what we have in our
possession.
T
he
y are difficult to forge, there is
nothing for the
u
ser to remember

and
there is
no simple way to borrow or steal
a biometric.

However, they have weaknesses too.
T
he
extraction of biometric data using commonly available systems
is not exact
. As a result, if a user’s key were derived from
their biometric
data it is unlikely the
user would be able to
recreate
their

key
reliably
.

Ironically
too,
the very fact that
they are an
intrinsic
part of
who we are
also
lead
s

to
their
biggest problem:
should a biometric

or a key which is derived
from it

be compromised
, there is no equivalent of renewing
passwords or

changing
locks.


3.


Constructing a hybrid approach


A replacement for current username
-
password systems is
needed and two possible alternatives have been described
above

but each has drawbacks. In the case o
f
electronic
token
s
,
they are not tied to the user so the obligation for a

user
to remember their password and keep it safe is
transformed
into
an obligation to keep the toke
n safe since system access is
afforded to anyone who is able to produce a valid to
ken (
at
least
until the loss is
discovered
).

For biometrics, problems
arise from
the difficulty of dealing with compromise

because
of the very feature which makes them so attractive: a biometric
is a property of the individual. Y
ou can’t chang
e or replac
e a
user’s biometric.

Our system combines
these two systems
in
a way which
addresses these drawbacks. The template against which the
user’s biometric is validated is encrypted. It is then divided
into two parts. One is recorded on electronic
media as pa
rt of
the user’s
token and the other is retained in
side

the secured
system. In place of a key generated directly from the user’s
biometric we use a key which is generated independently.
This is also encrypted, split and stored in
the same two
locations.


The division and separate storage of the encrypted
biometric template and user key mean that an intruder who
steals the media is unable to extract either the user’s key or the
template for their biometric as they only have part of the
information. The s
ame is true for an intruder who manages to
compromise the repository of the secured system.

In the event of loss of the token, it can be invalidated by
removal of the matching records within the secured system and
a replacement generated for the user. The

replacement token
will again be tied to the user. As before it will comprise parts
of the users encrypted biometric template and their new key
but, not only will the users key itself be different, the key used
to encrypt it and the template will also hav
e changed.


4.


Operation of the
system


There are two distinct activities involved in using the system.
The first
is enrolment which
involves the capture of the user’s
biometric and generation of their electronic
token
.
Once a
user has been enrolled, they

may then present their token and
biometric when authorisation is required.



4.1.

Enr
olment


T
he user performs an
enrolment
similar to

that of

a standard
b
iometric system
: t
h
ey
present their biometric data a number
of times
from which a standard commercial
sy
stem
generates
a
template against which
later reading of the
biometric
may be
validated
.


Part encrypted key
data stored on
computer or server
Part encrypted key
data stored on
removable media
Creation of
Biometric
Template
Division of
encrypted data
Encryption
Biometric read
from user
Key generated
by system

Figure
1
: Enrolment procedure


The
system then secures this data and creates the user’s
electronic key. The use
r’s biometric template is encrypted

using a key derived from
a variety of factors, including
the
serial number of the media onto which it will be placed.
The
user’s key is then
encrypted using a key which is
again
derived
from
a number of factors which in
clude
the cipher text of the
user’s biometric template. The resulting two pieces of cipher
text are then divided. One portion of each is saved onto the
removable media as user’s electronic token and the remainder
is stored in a secure location within the

protected system. See
Figure
1
.

The algorithms selected to generate the encryption keys
and the division of the cipher should ensure that an intruder
cannot regenerate the keys easily and that neither portion of
the
divided text contains all of the information required to
decode the template or key. Ideally these algorithms should be
kept secret.

The user key used will depend on the details of how the
system is

being used. For example, if the system is used for
sign
ing onto an online system (such as online banking), the
key will be provided by or negotiated with the secured system
as part of the user sign
-
up procedure. It will take the form
demanded by the online system and be communicated in full
or in part

at auth
orisation

as demanded by the system. The key
can be made as long as the online system deems necessary and
the user need never see
it
. Alternatively, as in the
demonstration system, the key could be used to unlock
encrypted
data held
for the user by the s
ystem (such as
encryption keys allocated to them).

With this process complete, the user now has a
n

electronic
token/key which has been created for them on which part of
their encrypted biometric template and part of their encrypted
personal key is stored.

Without this electronic key, the system
cannot match their biometric, nor regenerate their personal
key.


4.2.

Authentication


W
hen the user wishes to gain access to the secured
system
,
they need to pro
duce
the
ir
electronic key

and the right
biometric
. See
Figure
2
.

Th
e

process works as follows
:


1.

The system reads the serial number of the key media
and use
s

the algorithm to reconstruct the key
used to encrypt
the biometric template
.


2.

The encrypted biometric te
mplate is then reassembled
from
the part recovered from the key and the
part already held
within
the system
. This template is then
presented to the
biometric software.

3.

The
software is then able to read the biometric
presented and
decide whether

it is
a m
atch

to the template
and
so
whether to accept o
r

reject the user.

4.

Assuming the user
’s biometric
is accepted, the key
used to encrypt the user’s personal key can be regenerated
from the cipher text of the template. Using this key, the user’s
personal

key can then be extracted from the cipher text
which
is again
reassembled from parts held on the electronic key and
within the system.

5.

Now the secure system has the user’s personal key
which, depending on the application, may be used directly by
being
presented to another system or indirectly to encode or
extract other sensitive data.


Part template
from removable
media
Authorised or
Denied
Template
Decryption
Part template
from system or
server
Combination of
encrypted data
parts
Media Serial no.
User Biometric
Matching by
commercial
software
Extraction of User
Key
Key regeneration
Part key from
system or server
Part key from
removable
media
Key regeneration
Figure
2
: The
authorization and key extraction
process


5.


A

prototype implementation


To
build a prototype, the first
decision is to select an
appropriate biometric (
and
hardware) and an appropriate
technology for the electronic key.

For the biometric we selected a finger print system

for the
following reasons:



F
ingerprints ca
n

be
read quickly and
reliably using
inexpen
sive equipment
.



It is not
invasive
.




It is familiar and accepted by users.


The actual system used was
‘Griaule Fingerprint
Recognition SDK’
[7]

in conjunction with t
he Microsoft
Fingerprint reader.


An inexpensive USB “pendrive” was used as a carrier for
the electronic key.

The user interface of the authentication process
is shown in
Figure
3
. This program uses our authentication scheme to
decide whether to disclose (previously encrypted) data to a
user or not. In the demonstration, a string previously
encrypted using the users key is extracted
and displayed if the
users electronic token and biometric are accepted. The
application also
display
s

trace output
, including
the graphic of
the fingerprint and output from the
fingerprint
software
.

In a

practical application, much
of the interface shown
here
would be concealed and only the outcome would be
communicated to the user.
We also anticipate the user being
prompted to insert their electronic key and place their finger
on the reader in similar style to the familiar request for user
name and passw
ord and prompted again to remove both before
the authentication process is completed. The outcome (
in the
form of allowing or denying access
)

would also be
communicated in the
way that systems currently respond to the
input of
the
username
-
password pair.




Figure
3
: User interface of prototype system


T
h
is
software

was

developed
a
s
a proof of concept

application
. It
uses simple schemes for the separation of the
cipher strings into parts, the derivation of the key for
encrypting
the template from the media serial number and the
derivation of the key for the encryption of the user key from
the template cipher text. Much more sophisticated techniques
which use additional factors could be applied in a full
implementation. However,
this

software has
demonstrated that
the system works and
provided some useful insight into the use
of
this type of s
ystem
. In particular it has confirmed that
the
system is easy to use in practice. Enrolment

is not difficult
n
or
time consuming
. Also,
al
though it does depend on the
biometric and
hardware,
authentication

is
quick and reliable.

Even taking into account time for user to insert their electronic
token
,
we believe
this system
is

at least as quick in use as
eliciting a username
-
password pair f
rom the user.


6.


Discussion


We used an
inexpensive fingerprint reader and a free SDK

so
we expected the reliability of the fingerprint verification to be
problematic
. We were confident that the integration of the
electronic key would eliminate “false posi
tives” allowing
access to unauthorised users but we did expect that genuine
users would suffer significant numbers of “false negatives”.
However, s
everal hundred tests

revealed false negative
s

at
around 7% of verifications

(and
not one false positive
)
fro
m
the fingerprint software
which
matche
s findings of other
studies
[10]
.
Of the false negatives, a

significant proportion
c
an

be attributed to
improp
er

or careless

finger placement on
the reader

by users
. It

seems reasonable to expect that this
would improve as users become more familiar with the
procedure.

For the
electronic key, our
prototype
system

uses a USB
pendrive and
merely requires that it be

present whenever it is
needed.
I
t
might
be preferable to replace this with
a

form of
media which isn’t so readily accessed by users and other
applications

such as a smart card
, but this would necessitate
the addition of suitable hardware
. The system sho
uld
also

insist that the user remove the key
(and finger)
after
authentication
, thus minimizing the opportunity for an intruder
who has achieved some access to the system to read the
contents of the key.

T
he
important
issue here
was

that
we were able to
establish
that our
system is no less usable
and at least as quick in use as
conventional
username
-
password
authorization
systems
.
However
, it is significantly more secure

because

it u
ses a
combination of a biometric and an electronic
token and the
keys us
ed to encrypt sensitive data (notably the user’s key) can
be as long as
necessary
. None of the keys used in our
implementation is less than 128bits

which is far in excess of
anything which the user could be expected to commit to
memory
.
The split of the
encrypted information

between
the
removable token and the
system
means that an intruder

who
steals the key or gains access to the system is not able to
access

users
’ keys or

biometric

template
s
. Should the key be
lost or compromised,
a

user can be re
-
enro
lled into the system
with
a replacement

key

which is different from the lost item;
t
he encryption of the template depends on

the
physical
key so
,
even it the replacement template generated by the biometric
software were to be exactly the same as the origin
al,
the newly
created
token
will be different from the one that is lost. The
lost
media
can be rendered useless by deletion of the
corresponding portion
s

of the template

and user key cipher
text

from the secured system.

We have used the
system to control
access to a laptop

(and
to give demonstrations using a word or phrase of a user’s
choosing)

but
it
could be applied equally well to
any
situation
where
users username
-
password schemes are currently
employed
.
In online situations, the parts of the encrypte
d
cipher texts could be stored on removable media in the exactly
the manner described above with the user’s personal computer
merely acting as go
-
between reading the key and biometric
data and passing this on to the secured system using secure
communicatio
ns techniques. Alternatively, the user’s personal
computer which could then stand in for
(store the data of)
the
removable media.
In this way, user’s access to a secure online
system could be restricted to logons in which the correct
biometric is present
ed from the authorised machine. Loss of
the machine would amount to the loss of the token and would
necessitate re
-
enrolment. A user wishing to use more than on
e

machine would need to enrol from each.


7.

Conclusion

and future work


Username
-
password is a
p
oor
method for securing access
to valuable systems or data

because the length of names and
passwords is severely limited by the necessity for them to be
committed to memory by users
.
Although
this and other
weaknesses
and widespread abuses
are well
docume
nted
,
it is

almost universally used a
nd
it

presents a

vulnerability
for
attac
k

by intruders.


This
work
has taken widely available
,
proven technologies
and combined them to produce a
n
alternative
authorisation

system

which uses an electronic key and a bio
metric in
combination.
Th
e system proposed
eliminates the need for the
user to commit important access information to memory
.
Instead access is controlled by a combination of the user being
able to satisfy a biometric measurement and produce a
matching e
lectronic token.
We used
f
ingerprint
s for a proof of
concept implementation because
the technology involved is
widely available and inexpensive but any biometric could be
used.

Features of our system mean that
i
n the event

of the loss of
an
electronic k
ey, the
system and
data it protects
remains
safe
and the
key

can be replaced.

We believe this system could provide a very
acceptable
and
convenient alternative to the current de
-
facto standard of
username
-
password

(or PIN) systems which is

in

use to secure

all kinds of system access, including personal workstations and
online transactions.


8.


References


[1]

A. Adams and M. A. Sasse, "Users Are Not The Enemy,"
Communications of the ACM,
vol. 42, pp. 40
-
46, 1999.

[2]

E. Bardram, "The troub
le with login: on usability and computer
security in ubiquitous computing,"
Personal and Ubiquitous
Computing,
vol. 9, 2005.

[3]

A. Bodo, "Method for producing a digital signature with aid of
a Biometric," 1994.

[4]

A. M. DeAlvare, "A Framework for Passwor
d Selection," in
Unix Security Workshop II
, Portland, 1998.

[5]

D. Denning, "Protecting Public Keys and Signature Keys,"
IEEE Computer,
vol. 16, pp. 17
-
35, Feb 1983.

[6]

D. Dunlap, "Biometric Technology," Western Carolina
University 2001.

[7]

Griaule, "Gri
aule Fingerprint Recognition SDK."

[8]

A. K. Jain, "Biometric Recognition: How Do I Know Who You
Are?," Department of Computer Science and Engineering, Michigan
State University 2004.

[9]

D. Kresimir and M. Grgic, "A Survey of Biometric Recognition
Methods
," in
46th International Symposium Electronics
, Marine,
Zadar, Croatia, 2004.

[10]

T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino,
"Impact of artificial gummy fingers on fingerprint systems," in
SPIE
-

Optical Security and Counterfeit Deterrence Tec
hniques IV
, 2002.

[11]

SafeNet Inc, "Disk Encryption Belcamp, MD," 2006.

[12]

Y. Sutcu, H. T. Sencar, and N. Memon, "Authentication
protocols: A secure biometric authentication scheme based on robust
hashing," in
7th Workshop on Multimedia and Security at
ACM
Multimedia
, New York, USA, 2005.

[13]

Q. Xiao, "Security Issues in Biometric Authentication," in
IEEE
Workshop in Information Assurance and Security
, U.S. Military
Academy, West Point, NY, 2005.

[14]

N. Yoshiura, Y. Onozato, and H. Kimura, "Application

of one
way function to biometric authentication,"
Transactions of the
Institute of Electical Engeineers of Japan,
vol. 124
-
C, 2004.