My ppt

A SOPHISTICATED RFID APPLICATION ON MULTI –

FACTOR AUTHENTICATION

GUIDED BYNOUSIN

ARUN.M.RREAIEAE007

5/8/2011 1A sophisticated RFID application on multi factor authentication

OUTLINE

• INTRODUCTION

• WHY THIS TOPIC

• RFID APPLICATION ON MULTI FACTOR AUTHENTICATION

• RADIO FREQUENCY IDENTIFICATION TECHNOLOGY

• RFAA PROCESS


OUTLINE

• RFAA ENCRYPTION ALGORITHM

• COMPARISION OF CURRENT AUTHENTICATION TECHNIQUES

• COMPARISION OF SECURITY MEASURES

• MY VIEW ON THIS TOPIC

• CONCLUSION

• REFERENCE5/8/2011 3A sophisticated RFID application on

multi factor authentication

INTRODUCTION• Authentication is the process of verifying a

user’s credentials when they are requesting services from any secure system

• Most commonly form of authentication is single factor authentication

• The improved technique is multi factor authentication


WHY THIS TOPIC

• Technology in our daily lives

• Avoids the information lost through hacking

• Provides more privacy for the user’s information

• Better system for highly confidential information


RFID APPLICATION ON MULTI FACTOR AUTHENTICATION

• Authentication is the process of verifying a user’s credentials when they are requesting services from any secure system

• The two forms of authentication are

-Single factor authentication

-Multi factor authentication


SINGLE FACTOR AUTHENTICATION

• Focuses on only one factor

• Disadvantage is that it proved to be weak method when it comes to protecting data

• One improvement in S-FA is to utilized password management utility

• Insecurity of user’s credentials in single factor authentication can be overcomes by two factor authentication


TWO FACTOR AUTHENTICATION

• Two factor authentication requires an extra factor while using username/password

• The second factor takes the form of a physical security token or smart card

• Example of two factor authentication is ATM

• One factor is the use of ATM card issued by the bank

• Second factor is the PIN number



• Smart card

-A successor of magnetic cards

-They have the same size as credit cards

-only disadvantage of expensive card reader

-the smart card and the reader also require

special middleware application due to the

mismatch between smart card communication

standards and the communication protocols



• Biometrics

-users may biometrically authenticate via their fingerprint

-The device scans, extracts, stores the result

-comparison is made

-By sufficient commonality a pass is achieved

-This technique is expensive5/8/2011 10A sophisticated RFID application on



• Security token

-Security tokens also called OTP tokens

-OTP tokens based on two types of algorithms

-Time synchronized

-event based

-Time synchronized algorithm produces a pseudo random number with a built in pseudo random number generator



• Virtual token

-first introduced in 2005 by a security company

-virtual tokens are a comparably new concept in multi factor authentication

-virtual tokens reduce the cost normally associated with implementation and maintenance of multi-factor solutions



• Software token

-two primary architecture for software tokens

-shared secret

-public-key cryptography

-shared secret architecture is considered more vulnerable than the hardware token

-the configuration file can be compromised if it is stolen and the token is copied



• SofToken technique- SofToken was firstly introduced in 2010 by

Liou and Bhashyam

- The technique significantly improves on

feasibility and deployment cost of the two factor authentication

- SofToken acts as second-factor authentication


RADIO FREQUENCY IDENTIFICATION

TECHNOLOGY

Figure

Fig.1 RFID Reader & Tags


RADIO FREQUENCY IDENTIFICATION TECHNOLOGY• RFID has been widely used in many

technological applications today• It is both inexpensive and small anywhere• The main concept of RFID is to retrieve the

information stored in the tokens using radio signals

• RFID tags will communicate with an electronic reader to emit radio waves and to receive signals back from the tag


RADIO FREQUENCY IDENTIFICATION TECHNOLOGY

• There are three types of RFID tokens

-Active tokens

-Passive tokens

-Battery assisted passive

• The RFID readers and tokens are being used

for variety of tasks


RFAA PROCESS

• RFID technology simply feeds the password into the computer for authentication

• The RFID reader and its respective tokens will act as two factor authentication

• Once a user scans the RFID tags the code word will go through encryption

• The RFAA technique as a more secure form of authentication


RFAA PROCESS

• When request for establishing new user account, the user will receive an RFID token and install client application software onto user’s computers

• The user will also receive a unique activation key, along with entering the username/password and scanning the RFID token, to activate the new user account


RFAA PROCESS

• After the completion of registration process, the user can login to the system by only entering username/password and to scan the provided RFID token

• This activation key will be also used to enhance portability for providing a user to access the server from non-default computers


RFAA PROCESS

Figure 2 The Login Screen


RFAA ENCRYPTION ALGORITHM

Figure 3 Encryption Flow Chart 5/8/2011 22A sophisticated RFID application on



• Blowfish encryption provides even stronger security to the proposed RFAA technique

• In RFAA implementation, RFID tokens contain ten-character codeword long and that is exactly 80 bits for the whole string

• Encryption will be applied twice for 80 bits since Blowfish only allows 64 bits per encryption



Figure 4 The Process of Function F


• Encryption will divide the 80-bits code word into two 40-bits data words• It will pad 40 bits to 64 bits during encryption

and same procedure takes place for other 40 bits

• Encrypted code into 32 bits since each line represents 32bits

• The algorithm keeps two sub keys arrays; eighteen 32bits of P-array and four 32 bits of S-array


COMPARISION OF CURRENT AUTHENTICATION TECHNIQUES

• Hardware requirement

• Deployment complexity

• Portability

• Identity backup

• Lost recovery

• Replacement cost


COMPARISION OF SECURITY MEASURES

• MitM prevention

- Single factor technique is more venerable to this type of attack

• Phishing prevention - RFAA scored strong in this category

• Spoofing prevention - Single factor authentication less effective


MY VIEW ON THIS TOPIC

• In this IT world the technology found to be computerized

• By increasing the advantage of portability of information and online transfer of information the risk of hacking is increasing

• By authentication provides the user’s both privacy and security for their information

• Found to be the most indispensable technique in the upcoming years


CONCLUSION

• The proposed RFAA technique a two factor authentication for more secure identification

• By using soft token RFAA can be used for both online transactions and computer systems

• The comparison between RFAA and the other techniques indicates that the RFAA scores high due to its ability to maintain a higher level of security for the users


REFERENCE

• J.-C. Liou and S. Bhashyam, A Feasible and Cost-effective Two-Factor Authentication, Proc. 2ndInternational Conference on Software Engineering and Data Mining (SEDM ’10), pp. 47 – 51, Chengdu, China, June 2010.

• Bruce Schneier http://www.schneier.com/paper-blowfish-fse.html


THANKS

My ppt

Education

Transcript of My ppt