Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.

Published byBrook Farmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic."— Presentation transcript:

1 Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic

2 Need for Security in Distributed Systems Security Threats –Information Compromise –Integrity Violations –Denial of Service –Repudiation –Malicious misuse Vulnerabilities –Access control bypass –Benign user gaining access to unauthorized information –Eavesdropping –Lack of accountability –Disrupting communication between objects –Lack of user identification –User impersonation and spoofing

3 Biometrics in Large Scale Information Systems Remote File System(s) Grid Portal CORBA Client Computer Grid Portal BIOMETRIC TEMPLATES FOR AUTHENTICATION PASSPHRASE FILE SYSTEM MOUNT CREDENTIALS DELEGATION CLIENT IDENTITY & ORB AUTHORIZATION TEMPORARY CREDENTIALS Client Credential Repository Biometric Device GRID

4 Mounting A Remote File System NFS 3 Client NFS 3 Server SFS SERVER SFS CLIENT Client Machine Server Machine User Application Agent NFS 3 TCP Connection with mandatory access controls Authentication Server NFS 3 System Call NFS 3 Key exchange Validation User Authentication Server Authentication User Authentication Biometric Authentication Biometric Device Biometric Device Biometric Authentication

5 The Role of Biometrics Biometric templates can be used in the place of passwords to retrieve self certifying pathnames securely from a remote server. A Biometric Identification Record(BIR) will be used with the SRP protocol to retrieve self certifying pathnames from server. Allows consistency and integration with the rest of the system.

6 Remote File System Self certifying file system developed at MIT. Other similar custom file systems can be built using the UFS (user level file system) toolkit. Works over NFS3 protocol. Complete remote file system can be encrypted. Access of multiple remote file systems concurrently through easy authentication.

7 Key Negotiation Client Server Location, HostID KSKS K C, (k C1,k C2 } KS (k s1,k s2 } Kc Kc - Short lived client public key Ks - Server public key Kc1, Kc2 - Random key halves of client key Ks1, Ks2 - Random key halves of server key *Self Certifying File System Implementation

8 Mounting Remote File System Mounted upon authentication of the user by agent. Authentication server validates user request and sends user credentials. Self Certifying File Names - contain all information necessary for secure communications with remote server.

9 CORBA CORBA Security Features Authentication Encryption Access Control Non-repudiation Audit User Credentials User Sponsor User Login Program Principal Authenticator Current Execution Context CORBA credentials are user credentials converted into CORBA Objects SOURCE: OMG

10 CORBA Integration with BIO-API GSI Framework adheres to GSS API described in IETF RFC 2478 will be the backbone of the implementation Certificate - A central in GSI authentication PKCS #11 - tokens and PKCS #12 personal information exchange syntax will be used extensively to transport the Biometric Certificates CORBA will act as the intermediary

11 Plan of Development Develop Authentication Mechanisms and protocols that use Biometric templates to retrieve self certifying pathnames from remote server. Develop and Integrate Biometric Authentication Mechanism into the server to validate user requests

Download ppt "Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic."

Similar presentations

Authentication.

Authentication.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Core Web Service Security Patterns

Core Web Service Security Patterns
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Similar presentations

Ads by Google