Biometrics-based RSA Cryptosystem for Securing Real-Time Communication Source : sustainability, Vol. 10, Nol. 10 , pp. 1-15, Oct. 2018 Authors : Xiao-long Liu, Wei-Bin Lee, Quy-Anh Bui, Chia-Chen Lin Speaker : Feng-yu Chiu Date : 2019/4/25 1.福建農林大學 2. 3. 逢甲大學 4.靜宜大學

Outline Introduction Related works Proposed scheme Security analysis Conclusions

Introduction(1/2)

Introduction(2/2)

Related works – RSA and unbalanced RSA(1/2) Generate large prime p, q G(generator) t = G(u) (5000bits) Compute N = pq, φ(N) = (p-1)(q-1) p (500 bits) Select e q ([a, a+ 2 50 ]), a ≥ t/p (4500bits) Compute d, ed = 1(mod φ(N)) s = N – t , publish s Public key (N, e) ; private key d C = 𝑀 𝑒 (mod 𝑁) M = 𝐶 𝑑 (mod 𝑁)

Related works –Fuzzy extractors(2/2) Gen. 𝑃 ∈ {0,1} ∗ 𝑏 R ∈ {0,1} 𝑙 𝑏′ Rep. If d𝑖𝑠 𝑏, 𝑏 ′ ≤𝑡ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 R ∈ {0,1} 𝑙 𝑃 ∈ {0,1} ∗

Proposed scheme -Notation Notion Description Gen. Generator of Fuzzy Extractors Rep. Reproduction of Fuzzy Extractors b Biometric information P A helper string for Fuzzy Extractors R An extracted string for Fuzzy Extractors p, q The prime numbers for RSA N A modules for RSA 𝛼 A security parameter

Proposed scheme –Initialization phase 2-1) Capture 𝑏 𝐵 1-1) Capture 𝑏 𝐴 Alice 1-2) Gen( 𝑏 𝐴 ) = 𝑃 𝐴 , 𝑅 𝐴 Bob 2-2) Gen( 𝑏 𝐵 ) = 𝑃 𝐵 , 𝑅 𝐵 1-3) 𝑡 𝐴 = G( 𝑅 𝐴 ) 𝑃 𝐴 , 𝑠 𝐴 2-3) 𝑡 𝐵 = G( 𝑅 𝐵 ) 1-4) Choose 𝑝 𝐴 2-4) Choose 𝑝 𝐵 𝑃 𝐵 , 𝑠 𝐵 1-5) 𝑎 𝐴 = 𝑡 𝐴 / 𝑝 𝐴 2-5) 𝑎 𝐵 = 𝑡 𝐵 / 𝑝 𝐵 1-6) Choose 𝑞 𝐴 in [ 𝑎 𝐴 , 𝑎 𝐴 + 2 ∝ ] 2-6) Choose 𝑞 𝐵 in [ 𝑎 𝐵 , 𝑎 𝐵 + 2 ∝ ] 1-7) 𝑁 𝐴 = 𝑝 𝐴 ∗ 𝑞 𝐴 2-7) 𝑁 𝐵 = 𝑝 𝐵 ∗ 𝑞 𝐵 2-8) 𝑠 𝐵 = 𝑁 𝐵 − 𝑡 𝐵 1-8) 𝑠 𝐴 = 𝑁 𝐴 − 𝑡 𝐴

Proposed scheme –Authentication and key agreement phase 3-1) Capture 𝑏 𝐵 ′ Rep( 𝑏 𝐵 ′, 𝑃 𝐵 )= 𝑅 𝐵 4-1) Capture 𝑏 𝐴 ′ Rep( 𝑏 𝐴 ′, 𝑃 𝐴 )= 𝑅 𝐴 Alice Bob 3-2) 𝑡 𝐵 = G(𝑅 𝐵 ) 𝐶 𝐴 1 , 𝐶 𝐴 2 4-2) 𝑡 𝐴 = G(𝑅 𝐴 ) 3-3) 𝑁 𝐵 = 𝑡 𝐵 + 𝑠 𝐵 4-3) 𝑁 𝐴 = 𝑡 𝐴 + 𝑠 𝐴 3-4) Choose 𝐾 𝐴 , 𝑁 𝑎 𝐶 𝐴 1 = 𝐾 𝐴 𝑒 𝐵 mod 𝑁 𝐵 𝐶 𝐴 2 = ( 𝑁 𝑎 ||ℎ 𝐶 𝐴 1 ) 𝑑 𝐴 mod 𝑁 𝐴 4-4) 𝐾 𝐴 = ( 𝐶 𝐴 1 ) 𝑑 𝐵 mod 𝑁 𝐵 𝑁 𝑎 ||ℎ 𝐶 𝐴 1 = ( 𝐶 𝐴 2 ) 𝑒 𝐴 mod 𝑁 𝐴 4-5) Choose 𝐾 𝐵 , 𝑁 𝑏 𝐶 𝐵 1 = 𝐾 𝐵 𝑒 𝐴 mod 𝑁 𝐴 𝐶 𝐵 2 = ( 𝑁 𝑏 ||ℎ 𝐶 𝐵 1 ) 𝑑 𝐵 mod 𝑁 𝐵 𝐾 𝐴𝐵 =H( 𝐾 𝐴 || 𝐾 𝐵 ) = K 5-1) 𝐾 𝐵 = ( 𝐶 𝐵 1 ) 𝑑 𝐴 mod 𝑁 𝐴 𝑁 𝑏 ||ℎ 𝐶 𝐵 1 = ( 𝐶 𝐵 2 ) 𝑒 𝐵 mod 𝑁 𝐵 𝐾 𝐵𝐴 =H( 𝐾 𝐴 || 𝐾 𝐵 ) = K 𝐶 𝐵 1 , 𝐶 𝐵 2

Security analysis(1/3) Comparisons of Attack resistance for various cryptosystem schemes. [26] Younsung Choi, Youngsook Lee, Jongho Moon ,Dongho Won, “security enhanced multi-factor biometric authentication scheme using bio-hash function,” PLOS ONE, Vol. 12, Nol. 5, May 2017 [27] Ashok Kumar Das, “secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor,” International Journal of Communication System, Vol. 30, Nol. 1, Jan. 2017

Security analysis(2/3) Replay attack 3-4) Choose 𝐾 𝐴 , 𝑁 𝑎 𝐶 𝐴 1 = 𝐾 𝐴 𝑒 𝐵 mod 𝑁 𝐵 𝐶 𝐴 2 = ( 𝑁 𝑎 ||ℎ 𝐶 𝐴 1 ) 𝑑 𝐴 mod 𝑁 𝐴 Server masquerading attack 4-4) 𝐾 𝐴 = ( 𝐶 𝐴 1 ) 𝑑 𝐵 mod 𝑁 𝐵 𝑁 𝑎 ||ℎ 𝐶 𝐴 1 = ( 𝐶 𝐴 2 ) 𝑒 𝐴 mod 𝑁 𝐴 Mutual authentication Biometric recognition error User impersonation attack

Security analysis(3/3) Database capture attack 3-4) Choose 𝐾 𝐴 , 𝑁 𝑎 𝐶 𝐴 1 = 𝐾 𝐴 𝑒 𝐵 mod 𝑁 𝐵 𝐶 𝐴 2 = ( 𝑁 𝑎 ||ℎ 𝐶 𝐴 1 ) 𝑑 𝐴 mod 𝑁 𝐴 Smart card attack Man-in-the-middle attack 4-4) 𝐾 𝐴 = ( 𝐶 𝐴 1 ) 𝑑 𝐵 mod 𝑁 𝐵 𝑁 𝑎 ||ℎ 𝐶 𝐴 1 = ( 𝐶 𝐴 2 ) 𝑒 𝐴 mod 𝑁 𝐴 Vulnerability to a DoS attack Session key agreement 𝐾 𝐴𝐵 =H( 𝐾 𝐴 || 𝐾 𝐵 ) = K

Conclusions Biometrics-based Without Public Key Infrastructure(PKI)