Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Chapter 14 – Authentication Applications

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Akshat Sharma Samarth Shah

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Lecture 23 Internet Authentication Applications

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Grid Security. Typical Grid Scenario Users Resources.

Securing the Broker Pattern Patrick Morrison 12/08/2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Core Web Service Security Patterns

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Overview of Security Standards in the Grid CSE 225 High Performance and Computational Grids Spring 2000 Prepared By

IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

Web services security I

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Chapter 10: Authentication Guide to Computer Network Security.

Storage Security and Management: Security Framework

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

Kerberos Guilin Wang School of Computer Science 03 Dec

3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements.

Lecture 24 Wireless Network Security

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Providing secure mobile access to information servers with temporary certificates Diego R. López

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

National Computational Science National Center for Supercomputing Applications National Computational Science Integration of the MyProxy Online Credential.

Web Services Security Patterns Alex Mackman CM Group Ltd

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

Doc.: IEEE /292 Submission September 2000 Bob Beach and Jesse WalkerSlide 1 An Overview of the GSS-API and Kerberos Bob Beach, Symbol Technologies.

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao.

Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Secure Connected Infrastructure

SFS-HTTP: Securing the Web with Self-Certifying URLs

Security in Networking

Presentation transcript:

Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic

Need for Security in Distributed Systems Security Threats –Information Compromise –Integrity Violations –Denial of Service –Repudiation –Malicious misuse Vulnerabilities –Access control bypass –Benign user gaining access to unauthorized information –Eavesdropping –Lack of accountability –Disrupting communication between objects –Lack of user identification –User impersonation and spoofing

Biometrics in Large Scale Information Systems Remote File System(s) Grid Portal CORBA Client Computer Grid Portal BIOMETRIC TEMPLATES FOR AUTHENTICATION PASSPHRASE FILE SYSTEM MOUNT CREDENTIALS DELEGATION CLIENT IDENTITY & ORB AUTHORIZATION TEMPORARY CREDENTIALS Client Credential Repository Biometric Device GRID

Mounting A Remote File System NFS 3 Client NFS 3 Server SFS SERVER SFS CLIENT Client Machine Server Machine User Application Agent NFS 3 TCP Connection with mandatory access controls Authentication Server NFS 3 System Call NFS 3 Key exchange Validation User Authentication Server Authentication User Authentication Biometric Authentication Biometric Device Biometric Device Biometric Authentication

The Role of Biometrics Biometric templates can be used in the place of passwords to retrieve self certifying pathnames securely from a remote server. A Biometric Identification Record(BIR) will be used with the SRP protocol to retrieve self certifying pathnames from server. Allows consistency and integration with the rest of the system.

Remote File System Self certifying file system developed at MIT. Other similar custom file systems can be built using the UFS (user level file system) toolkit. Works over NFS3 protocol. Complete remote file system can be encrypted. Access of multiple remote file systems concurrently through easy authentication.

Key Negotiation Client Server Location, HostID KSKS K C, (k C1,k C2 } KS (k s1,k s2 } Kc Kc - Short lived client public key Ks - Server public key Kc1, Kc2 - Random key halves of client key Ks1, Ks2 - Random key halves of server key *Self Certifying File System Implementation

Mounting Remote File System Mounted upon authentication of the user by agent. Authentication server validates user request and sends user credentials. Self Certifying File Names - contain all information necessary for secure communications with remote server.

CORBA CORBA Security Features Authentication Encryption Access Control Non-repudiation Audit User Credentials User Sponsor User Login Program Principal Authenticator Current Execution Context CORBA credentials are user credentials converted into CORBA Objects SOURCE: OMG

CORBA Integration with BIO-API GSI Framework adheres to GSS API described in IETF RFC 2478 will be the backbone of the implementation Certificate - A central in GSI authentication PKCS #11 - tokens and PKCS #12 personal information exchange syntax will be used extensively to transport the Biometric Certificates CORBA will act as the intermediary

Plan of Development Develop Authentication Mechanisms and protocols that use Biometric templates to retrieve self certifying pathnames from remote server. Develop and Integrate Biometric Authentication Mechanism into the server to validate user requests