My ppt

31
A SOPHISTICATED RFID APPLICATION ON MULTI – FACTOR AUTHENTICATION GUIDED BY NOUSIN ARUN.M.R REAIEAE007 5/8/2011 1 A sophisticated RFID application on multi factor authentication

Transcript of My ppt

Page 1: My ppt

A SOPHISTICATED RFID APPLICATION ON MULTI –

FACTOR AUTHENTICATION

GUIDED BYNOUSIN

ARUN.M.RREAIEAE007

5/8/2011 1A sophisticated RFID application on multi factor authentication

Page 2: My ppt

OUTLINE

• INTRODUCTION

• WHY THIS TOPIC

• RFID APPLICATION ON MULTI FACTOR AUTHENTICATION

• RADIO FREQUENCY IDENTIFICATION TECHNOLOGY

• RFAA PROCESS

5/8/2011 2A sophisticated RFID application on multi factor authentication

Page 3: My ppt

OUTLINE

• RFAA ENCRYPTION ALGORITHM

• COMPARISION OF CURRENT AUTHENTICATION TECHNIQUES

• COMPARISION OF SECURITY MEASURES

• MY VIEW ON THIS TOPIC

• CONCLUSION

• REFERENCE5/8/2011 3A sophisticated RFID application on

multi factor authentication

Page 4: My ppt

INTRODUCTION• Authentication is the process of verifying a

user’s credentials when they are requesting services from any secure system

• Most commonly form of authentication is single factor authentication

• The improved technique is multi factor authentication

5/8/2011 4A sophisticated RFID application on multi factor authentication

Page 5: My ppt

WHY THIS TOPIC

• Technology in our daily lives

• Avoids the information lost through hacking

• Provides more privacy for the user’s information

• Better system for highly confidential information

5/8/2011 5A sophisticated RFID application on multi factor authentication

Page 6: My ppt

RFID APPLICATION ON MULTI FACTOR AUTHENTICATION

• Authentication is the process of verifying a user’s credentials when they are requesting services from any secure system

• The two forms of authentication are

-Single factor authentication

-Multi factor authentication

5/8/2011 6A sophisticated RFID application on multi factor authentication

Page 7: My ppt

SINGLE FACTOR AUTHENTICATION

• Focuses on only one factor

• Disadvantage is that it proved to be weak method when it comes to protecting data

• One improvement in S-FA is to utilized password management utility

• Insecurity of user’s credentials in single factor authentication can be overcomes by two factor authentication

5/8/2011 7A sophisticated RFID application on multi factor authentication

Page 8: My ppt

TWO FACTOR AUTHENTICATION

• Two factor authentication requires an extra factor while using username/password

• The second factor takes the form of a physical security token or smart card

• Example of two factor authentication is ATM

• One factor is the use of ATM card issued by the bank

• Second factor is the PIN number

5/8/2011 8A sophisticated RFID application on multi factor authentication

Page 9: My ppt

TWO FACTOR AUTHENTICATION

• Smart card

-A successor of magnetic cards

-They have the same size as credit cards

-only disadvantage of expensive card reader

-the smart card and the reader also require

special middleware application due to the

mismatch between smart card communication

standards and the communication protocols

5/8/2011 9A sophisticated RFID application on multi factor authentication

Page 10: My ppt

TWO FACTOR AUTHENTICATION

• Biometrics

-users may biometrically authenticate via their fingerprint

-The device scans, extracts, stores the result

-comparison is made

-By sufficient commonality a pass is achieved

-This technique is expensive5/8/2011 10A sophisticated RFID application on

multi factor authentication

Page 11: My ppt

TWO FACTOR AUTHENTICATION

• Security token

-Security tokens also called OTP tokens

-OTP tokens based on two types of algorithms

-Time synchronized

-event based

-Time synchronized algorithm produces a pseudo random number with a built in pseudo random number generator

5/8/2011 11A sophisticated RFID application on multi factor authentication

Page 12: My ppt

TWO FACTOR AUTHENTICATION

• Virtual token

-first introduced in 2005 by a security company

-virtual tokens are a comparably new concept in multi factor authentication

-virtual tokens reduce the cost normally associated with implementation and maintenance of multi-factor solutions

5/8/2011 12A sophisticated RFID application on multi factor authentication

Page 13: My ppt

TWO FACTOR AUTHENTICATION

• Software token

-two primary architecture for software tokens

-shared secret

-public-key cryptography

-shared secret architecture is considered more vulnerable than the hardware token

-the configuration file can be compromised if it is stolen and the token is copied

5/8/2011 13A sophisticated RFID application on multi factor authentication

Page 14: My ppt

TWO FACTOR AUTHENTICATION

• SofToken technique- SofToken was firstly introduced in 2010 by

Liou and Bhashyam

- The technique significantly improves on

feasibility and deployment cost of the two factor authentication

- SofToken acts as second-factor authentication

5/8/2011 14A sophisticated RFID application on multi factor authentication

Page 15: My ppt

RADIO FREQUENCY IDENTIFICATION

TECHNOLOGY

Figure

Fig.1 RFID Reader & Tags

5/8/2011 15A sophisticated RFID application on multi factor authentication

Page 16: My ppt

RADIO FREQUENCY IDENTIFICATION TECHNOLOGY• RFID has been widely used in many

technological applications today• It is both inexpensive and small anywhere• The main concept of RFID is to retrieve the

information stored in the tokens using radio signals

• RFID tags will communicate with an electronic reader to emit radio waves and to receive signals back from the tag

5/8/2011 16A sophisticated RFID application on multi factor authentication

Page 17: My ppt

RADIO FREQUENCY IDENTIFICATION TECHNOLOGY

• There are three types of RFID tokens

-Active tokens

-Passive tokens

-Battery assisted passive

• The RFID readers and tokens are being used

for variety of tasks

5/8/2011 17A sophisticated RFID application on multi factor authentication

Page 18: My ppt

RFAA PROCESS

• RFID technology simply feeds the password into the computer for authentication

• The RFID reader and its respective tokens will act as two factor authentication

• Once a user scans the RFID tags the code word will go through encryption

• The RFAA technique as a more secure form of authentication

5/8/2011 18A sophisticated RFID application on multi factor authentication

Page 19: My ppt

RFAA PROCESS

• When request for establishing new user account, the user will receive an RFID token and install client application software onto user’s computers

• The user will also receive a unique activation key, along with entering the username/password and scanning the RFID token, to activate the new user account

5/8/2011 19A sophisticated RFID application on multi factor authentication

Page 20: My ppt

RFAA PROCESS

• After the completion of registration process, the user can login to the system by only entering username/password and to scan the provided RFID token

• This activation key will be also used to enhance portability for providing a user to access the server from non-default computers

5/8/2011 20A sophisticated RFID application on multi factor authentication

Page 21: My ppt

RFAA PROCESS

Figure 2 The Login Screen

5/8/2011 21A sophisticated RFID application on multi factor authentication

Page 22: My ppt

RFAA ENCRYPTION ALGORITHM

Figure 3 Encryption Flow Chart 5/8/2011 22A sophisticated RFID application on

multi factor authentication

Page 23: My ppt

RFAA ENCRYPTION ALGORITHM

• Blowfish encryption provides even stronger security to the proposed RFAA technique

• In RFAA implementation, RFID tokens contain ten-character codeword long and that is exactly 80 bits for the whole string

• Encryption will be applied twice for 80 bits since Blowfish only allows 64 bits per encryption

5/8/2011 23A sophisticated RFID application on multi factor authentication

Page 24: My ppt

RFAA ENCRYPTION ALGORITHM

Figure 4 The Process of Function F

5/8/2011 24A sophisticated RFID application on multi factor authentication

Page 25: My ppt

• Encryption will divide the 80-bits code word into two 40-bits data words• It will pad 40 bits to 64 bits during encryption

and same procedure takes place for other 40 bits

• Encrypted code into 32 bits since each line represents 32bits

• The algorithm keeps two sub keys arrays; eighteen 32bits of P-array and four 32 bits of S-array

5/8/2011 25A sophisticated RFID application on multi factor authentication

Page 26: My ppt

COMPARISION OF CURRENT AUTHENTICATION TECHNIQUES

• Hardware requirement

• Deployment complexity

• Portability

• Identity backup

• Lost recovery

• Replacement cost

5/8/2011 26A sophisticated RFID application on multi factor authentication

Page 27: My ppt

COMPARISION OF SECURITY MEASURES

• MitM prevention

- Single factor technique is more venerable to this type of attack

• Phishing prevention - RFAA scored strong in this category

• Spoofing prevention - Single factor authentication less effective

5/8/2011 27A sophisticated RFID application on multi factor authentication

Page 28: My ppt

MY VIEW ON THIS TOPIC

• In this IT world the technology found to be computerized

• By increasing the advantage of portability of information and online transfer of information the risk of hacking is increasing

• By authentication provides the user’s both privacy and security for their information

• Found to be the most indispensable technique in the upcoming years

5/8/2011 28A sophisticated RFID application on multi factor authentication

Page 29: My ppt

CONCLUSION

• The proposed RFAA technique a two factor authentication for more secure identification

• By using soft token RFAA can be used for both online transactions and computer systems

• The comparison between RFAA and the other techniques indicates that the RFAA scores high due to its ability to maintain a higher level of security for the users

5/8/2011 29A sophisticated RFID application on multi factor authentication

Page 30: My ppt

REFERENCE

• J.-C. Liou and S. Bhashyam, A Feasible and Cost-effective Two-Factor Authentication, Proc. 2ndInternational Conference on Software Engineering and Data Mining (SEDM ’10), pp. 47 – 51, Chengdu, China, June 2010.

• Bruce Schneier http://www.schneier.com/paper-blowfish-fse.html

5/8/2011 30A sophisticated RFID application on multi factor authentication

Page 31: My ppt

THANKS