{"title":"机场信息系统的安全身份认证和逻辑访问控制","authors":"M. David, G. Hussein, K. Sakurai","doi":"10.1109/CCST.2003.1297578","DOIUrl":null,"url":null,"abstract":"We propose identity authentication by using a contactless smart card (CSC) with multiple biometric features for secure logical access to improve airport security. Proper identification of a cardholder with reliable data securely stored in a CSC provides a means to validate and audit access into a computer or communications network. We recommend the CSC because it facilitates fast, secure physical access to airport facilities, and offers lower mechanical complexity of the reader/writer (r/w) unit, thereby affording higher reliability and less field maintenance. The two-stage random number generator (TSRG) cryptosystem hybrid scheme algorithm is proposed for secure identity authentication between the cardholder and the workstation. This hybrid cryptosystem is based on an attack-oriented design to satisfy all security services. For enrollment, the user's live biometrics is scanned and, the unique characteristics are extracted from the biometric image to create the user's biometric template. The TSRG cryptosystem generates the appropriate seed that is called basic random data, random key and data key. Using the previous random data, instantaneous real time one time pad (OTP)-like data with lengths equal to that of the template is generated and combined with the template, then encrypted using the data key. A collision resistant hashing scheme is used for hashing the encrypted template to be used in the signature. The hash value is appended to the random key and data key. To generate the signature block, these three values are encrypted using the public key algorithm. The result is concatenated with the encrypted basic random data and template then stored in the smart card. For authenticating the user, the smart card is positioned onto a reader/writer. The stored file of the encrypted biometric template is retrieved. The identity verification process starts with placing the user's biometric feature on the scanner. The unique characteristics are extracted from the biometric image to create the users \"live\" biometric template. This new template is then compared with the template previously and a numeric matching score is generated, based on the percent of matching between the live and stored template. System designers determine the threshold value for this identity verification score based upon the security threat to the system.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"52 3-4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Secure identity authentication and logical access control for airport information systems\",\"authors\":\"M. David, G. Hussein, K. Sakurai\",\"doi\":\"10.1109/CCST.2003.1297578\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose identity authentication by using a contactless smart card (CSC) with multiple biometric features for secure logical access to improve airport security. Proper identification of a cardholder with reliable data securely stored in a CSC provides a means to validate and audit access into a computer or communications network. We recommend the CSC because it facilitates fast, secure physical access to airport facilities, and offers lower mechanical complexity of the reader/writer (r/w) unit, thereby affording higher reliability and less field maintenance. The two-stage random number generator (TSRG) cryptosystem hybrid scheme algorithm is proposed for secure identity authentication between the cardholder and the workstation. This hybrid cryptosystem is based on an attack-oriented design to satisfy all security services. For enrollment, the user's live biometrics is scanned and, the unique characteristics are extracted from the biometric image to create the user's biometric template. The TSRG cryptosystem generates the appropriate seed that is called basic random data, random key and data key. Using the previous random data, instantaneous real time one time pad (OTP)-like data with lengths equal to that of the template is generated and combined with the template, then encrypted using the data key. A collision resistant hashing scheme is used for hashing the encrypted template to be used in the signature. The hash value is appended to the random key and data key. To generate the signature block, these three values are encrypted using the public key algorithm. The result is concatenated with the encrypted basic random data and template then stored in the smart card. For authenticating the user, the smart card is positioned onto a reader/writer. The stored file of the encrypted biometric template is retrieved. The identity verification process starts with placing the user's biometric feature on the scanner. The unique characteristics are extracted from the biometric image to create the users \\\"live\\\" biometric template. This new template is then compared with the template previously and a numeric matching score is generated, based on the percent of matching between the live and stored template. System designers determine the threshold value for this identity verification score based upon the security threat to the system.\",\"PeriodicalId\":344868,\"journal\":{\"name\":\"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.\",\"volume\":\"52 3-4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-10-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2003.1297578\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2003.1297578","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Secure identity authentication and logical access control for airport information systems
We propose identity authentication by using a contactless smart card (CSC) with multiple biometric features for secure logical access to improve airport security. Proper identification of a cardholder with reliable data securely stored in a CSC provides a means to validate and audit access into a computer or communications network. We recommend the CSC because it facilitates fast, secure physical access to airport facilities, and offers lower mechanical complexity of the reader/writer (r/w) unit, thereby affording higher reliability and less field maintenance. The two-stage random number generator (TSRG) cryptosystem hybrid scheme algorithm is proposed for secure identity authentication between the cardholder and the workstation. This hybrid cryptosystem is based on an attack-oriented design to satisfy all security services. For enrollment, the user's live biometrics is scanned and, the unique characteristics are extracted from the biometric image to create the user's biometric template. The TSRG cryptosystem generates the appropriate seed that is called basic random data, random key and data key. Using the previous random data, instantaneous real time one time pad (OTP)-like data with lengths equal to that of the template is generated and combined with the template, then encrypted using the data key. A collision resistant hashing scheme is used for hashing the encrypted template to be used in the signature. The hash value is appended to the random key and data key. To generate the signature block, these three values are encrypted using the public key algorithm. The result is concatenated with the encrypted basic random data and template then stored in the smart card. For authenticating the user, the smart card is positioned onto a reader/writer. The stored file of the encrypted biometric template is retrieved. The identity verification process starts with placing the user's biometric feature on the scanner. The unique characteristics are extracted from the biometric image to create the users "live" biometric template. This new template is then compared with the template previously and a numeric matching score is generated, based on the percent of matching between the live and stored template. System designers determine the threshold value for this identity verification score based upon the security threat to the system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
