1 / 26

On the Generation of X.509v3 Certificates with Biometric Information

On the Generation of X.509v3 Certificates with Biometric Information. Motivation. Public Key Cryptography. Conceptually, it was invented in 1976 by Diffie and Hellman. In 1977 (30 years ago!) RSA the first practical public key cryptosystem was invented. Public Key Cryptography.

kamin
Download Presentation

On the Generation of X.509v3 Certificates with Biometric Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On the Generation of X.509v3 Certificates withBiometric Information

  2. Motivation

  3. Public Key Cryptography • Conceptually, it was invented in 1976 by Diffie and Hellman. • In 1977 (30 years ago!) RSA the first practical public key cryptosystem was invented.

  4. Public Key Cryptography • Some major examples of public key cryptosystems are: • RSA • DSA • ECC • NTRU • Although public key cryptography allows the definition of digital signatures and their verification in a reliable way, this mechanism is not enough for preventing attacks.

  5. Secure Key Authentication Avoids attacks such as man-in-the-middle Key Revocation A certificate indicates valid periods of operation Non-repudiation A user cannot deny his/her public key. Policy Applications It helps to concert security policies among a large community Digital Certificate Benefits

  6. X.509 certificates version 3, were defined as an IETF standard [RFC2459, 1999]. It is composed by three main structures: TBS certificate (TBSCertificate), algorithm identifier (signature-Algorithm) and digital signature (signatureValue). The TBS certificate and algorithm identifier consists of ten common fields, six of them mandatory and four optional. Additionally, an X.509v3 certificate must be formatted according to the (Abstract Syntax Notation One) ASN.1 language X.509v3 Certificate

  7. X.509 v3 Digital certificate

  8. By incorporating biometric information, it allows a stronger and more robust authentication. For certain applications will be important to make sure that the biometric information presented to a system really belongs to a given user and that that biometric data has been certificated by an authority. Similarly, it may help to avoid that a user denies his biometric information Biometric Digital Certificate: Why?

  9. we present the kernel implementation of a Mobile Certification Authority (MCA), with the following features: Our MCA kernel is able to issue digital certificates fully complying with the X.509v3 standard; it supports either RSA or ECDSA as a public key cryptosystem engine and; it can incorporate biometric-based user identification information (in the form of fingerprint recognition) to the digital certificate. Technical Contributions

  10. We provide a performance comparison between RSA and elliptic curve cryptosystems as a public key crypto-engines. Among the NIST-recommended elliptic curves we establish which one is the more suitable for mobile devices such as PDAs. We assessed the space/bandwidth needed for a X.509v3 certificate with and without biometric information. We give a concrete example of a biometric ECC/RSA certificate fully complying with the X.509v3 standard. Research Contributions

  11. Generating/validating X.509v3 Certificates

  12. TBS Certificate Generation

  13. X.509v3 Certificate Generation.

  14. X.509v3 certificate Parsing

  15. X.509v3 certificate Verification

  16. Mobile Certification Authority

  17. Main Architecture

  18. Elliptic Curve Cryptography Library

  19. PDA Specification

  20. PDA Application

  21. Experimental Results

  22. Biometric ECC X.509v3 Digital ASN.1

  23. Key Generation Timings

  24. Digital Signature/Verification Timings

  25. Certificates sizes comparison with and without biometric information.

  26. fingerprint biometric information increases the size of all certificates considered by about 1K byte, but there is room for improvements. A rather surprising result was that the size difference between the RSA-based and ECDSA-based digital certificates is fairly small. We confirmed that ECDSA is more efficient than RSA. Concretely, when working with constrained computational environments and/or wireless applications, the NIST-163K-ECDSA appears to be the ideal selection. Conclusions

More Related