Secure Authentication for Group Communication

Gauravjeet Singh , Poonamjeet Kaur

P.G.Department Of Computer Science & Applications, Khalsa College,Amritsar, Punjab, India

The most popular authentication scheme is a certificate-

Abstract - Security is a primary concern in group based authentication which is called “something you have.” A
communication, and secure authentication is essen tial to user who has a proper certificate that is issued by a Trust
establishing a secure group communication. Most Third Party (TTP) is granted as a legitimate user. There is one
conventional authentications consist of knowledge-based premise that all users must agree to trust the TTP in a
and token-based methods. One of the token-based methods is certificate-based authentication system. Even though all users
a X.509 certificate, which is used under a Public Key agree to trust the TTP, eventually the TTP will only be able to
Infrastructure (PKI); it is the most well-known authentication verify the ownership or belonging of the certificate [8]. This
system in a distributed network environment. However, it has is a major problem in a certificate-based authentication. To
a well-known weakness, which only proves the belonging of a address this problem, we propose a secure certificate with
certificate. PKI cannot assure identity of a person. The biometric information to compensate for the weakness of a
conventional knowledge-based and token-based methods do certificate-based authentication.
not really provide positive personal identification because
they rely on surrogate representations of the person’s identity. 2 X.509 Certificate with Biometric
Therefore, we propose a secure X.509 certificate with biometric
information to assure the identity of the person who uses the
Information
X.509 certificate in a distributed computing environment. There are extensions on the X.509 v4 standard
certificates. Users can define their own extensions and include
Keywords: Secure certificate, secure authentication, network
them in certificates they issue. These extensions are called
security.
private, proprietary, or custom extensions and they carry
1 information unique to their organization or business [9]. In
this research, a user’s biometric information as a fingerprint
Introduction will be put into the extension of X.509 certificate version 4 or
Group communications have been developed higher for the additional assurance of user authentication. I
explosively through the Internet since the World Wide Web propose and prove secure authentication in a certificate-based
was invented. Actually, computer networking was started authentication system by implementing a user’s biometric
from early in 1960s. At that time the group communications information on the extension of a conventional certificate. A
was text-based communications such as Newsgroups, Mailing user’s biometric information is an additional security feature
lists, and text-based chatting. The Internet has provided more on a X.509 version 4 certificate in order to identify a person.
user friendly interfaces for people who want to communicate This research approach is based upon identifying a person.
with each other. Due to user friendly and graphical interfaces, Such an approach supports user authentication by focusing on
group communications have been developed in popularity “who you are” and “what you have”. Therefore, we expect
with the development of the Internet. that our proposed authentication enhancements have the
A local area network is a computer network covering a potential to reduce the risks to participants in group
small local area. The Internet is a collection of all communications, protect users’ priv acy, and ultimately
interconnected local area networks. There are neither global improve trust between community users.
administrations nor control systems on the Internet. In The general format of an X.509 version 4 certificates is
general, the network is not secure because an adversary may shown in Figure 1, below. It can be seen that the certificate
try to eavesdrop messages over the network while messages contains a version, a serial number, the issuer name, a
are being transferred. Transferring messages over the network signature algorithm identifier, a subject name, the public key
are not guaranteed to be delivered to the destination nor information, the issuer’s unique identifier, the subject’s
message integrity. Therefore, security plays a major role in unique identifier, any extensions, and the CA’s signature [1].
group communication over the insecure network. Due to I make use of the option to include extensions to the
insecure networks, the Public Key Infrastructure (PKI) was certificate to improve security by providing more stringent
proposed for message integrity over the insecure networks. If rules for authentication. Specifically, we propose that digital
a PKI is being used, then a secure group communication is certificates be issued with a user’s biometric information as a
guaranteed. Nevertheless, a secure authentication problem fingerprint included in the “extensions” portion of the digital
still has remained unsolved questions, in that, what factors certificate.
must be identified for a secure user authentication.
 virtual community from a variety of locations, on a variety of
systems, and with a variety of different devices is not a
significant issue. While biometric information is specifically
identified with a actual person who is participating in a group
communication.
By using the model presented here, biometric certificate-
based authentication becomes a strong solution to the security
problems posed by malicious users in group communications.
The application of such a technique has the potential to
influence users’ trust perceptions and further aid the growth
of group communication.

3 Performance
Validation
Tradeoffs always exist between security and
performance. System performance can be degraded when
there is an overemphasis on security. To ensure that our
proposed authentication scheme enhances security without
appreciably degrading system performance, we have
conducted tests comparing our proposed method to
conventional certificate-based authentication by measuring
the overhead introduced. The authentication processes are
Figure 1: Format of X.509 Version 4 Certificate generally also a performance bottleneck since other security
procedures which are authorization and access control cannot
The authentication process we propose is depicted in Figure proceed unless the identifications of those involved can be
2. An example of X.509 certificate is shown in Figure 3. established [6]. Therefore, it is important to measure the
Suppose two network parties, Alice and Bob, agree to overheads in the proposed authentication for proving a secure
communicate with each other. When Alice’s system initiates and efficient authentication.
contact with Bob’s system, his X.509 digital certificate, which The overhead is given by the sum of execution costs and
includes his biometric information in the “extensions” portion communication latencies. The overhead in conventional
of the certificate. To verification of the Bob’s identity, Alice certificate-b ased authentication is determined by the
requests the certificate authority to match with the registered encryption algorithm (i.e., RSA [2], DES [3], Blowfish [4],
Bob’s template and the template on the exten sion of the Bo b’s and RC2 [5]), variable key sizes (often ranging from 40 bits
certificate. After matching, the matching score comes out and up to 2,048 bits), and computing power (determined by the
then the system can validate Bob’s identity and his certificate type of CPU and memory size).
with his biometric information. There is not a dramatic difference between the time
required to authenticate a user using conventional
authentication an d the time required using a certificate with a
biometric-based authentication.
This reality is demonstrated in Table 1 which shows that
decrypting the certificate takes the longest share of time while
the additional step of verifying the templates is relatively little
time. The total elapsed times to complete authentication in
our proposed authentication scheme are not appreciably
different from the times required in conventional
authentication. The proposed scheme only took 2.4 msecs
more than the conventional certificate-based authentication.
Based on these experimental results, we conclude that the
increase in overhead resulting from biometric information is
ignorable.

Figure 2: Block Diagram for the Overview of X.509

Certificate with Biometric Information

The fact that users may desire to participate in the

 The contribution of this work is mainly twofold: 1) I
developed and proposed user biometric information as a
user’s identifier which can be verified by other network
parties. Biometric information on a certificate can effect
user’s trust and lead the development of conventional
certificate-based authentication. In a virtual community, the
authenticity of personal information such as name,
organization, and mailing address is neither provable nor
trustful. From this point of view, biometric information is
important authentication factor in a virtual community and it
will contribute to develop a virtual communicatio n. 2) The
proposed research provided a different paradigm for user
authentication, so called “who you are” not something you
have, and something you know. Therefore, the
authentication factor can be applied for a future network
new
environment, and a system developer can select the best
authentication factor. 3) The last, the development of a
virtual community will lead to develop online business
Figure 3: Biometric Information on X509 version 4
markets. According to [7], identity theft now ranks as
Certificate
America’s fastest-growing crime, claiming nearly 10 million
victims in just the last 12 months and at a cost of more than
Table 1: The Proposed Biometric-based Authentication vs.
$53 billion. A virtual community is facing the same problem
Conventional Authentication overhead
as the real world. From the business point of view, if secure
authentication will be established, then the unnecessary cost
lost can be prevented and will develop the activity o f a virtual
communication.

5 References
[1] A. Menezes, P. Van Oorschot, & S. Vanstone, Handbook
of Applied Cryptography , CRC Press, 1996, pp. 286-287.
4 [2] Rivest, R.L., Shamir, A., & Adleman, L. A Method
Conclusions for Obtaining Digital Signatures and Public-Key
To overcome the well-known weakness in a certificate-
based authentication, we proposed a certificate-based Cryptosystems. Communications of the ACM, 26(1),
authentication with biometric information which is added into 1978, pp. 96-99.
the extension area of X.509 version 4 certificate so that each [3] E. Biham, A. Shamir, “Differential Cryptanalysis of the
network party can identify other network parties and verify Data Encryption Standard”, Springer Verlag, 1993.
reality on information in a certificate. To add a biometric [4] B. Schneier, “Description of a New Variable-Length Key,
template transformed into a binary form on a certificate is 64-bit Block Cipher (Blowfish)”, Fast Software
Encryption, Cambridge Security Workshop Proceedings,
easy. However, it will have a ripple effect on establishing a
secure user authentication. Springer-Verlag, 1994, pp. 191-204.
Security is in inverse proportion to system performance. No [5] L. R. Knudsen, V. Rijmen, R. L. Rivest, M. J.
matter how secure system exists, if the overall system B. Robshaw, “On the Design and Security of RC2”, Fast
performance is low, then the system usability will be Software Encryption 1998, pp. 206–221.
degraded. Therefore, the balance between the two factors [6] L. Gong, “Increasing Availability and Security of
must be considered. According to the experimental results, an Authentication Service,” IEEE Journal on Selected Areas
in Communications, vol. 11, no. 5, June 1993.
the total o verhead times to complete user authentication in the
proposed authentication scheme are not appreciably different [7] Berni Dwan, “Identity theft”, Computer Fraud
from the times required in a conventional certificate-based & Security, Volume 2004, Issue 4, April 2004, pp. 14-17.
authentication. [8] P.K. Janhandhu, M.Y. Siyal, "Novel biometric
As new technology develops, the overhead to signatures for Internet-based applications," Information
digital
implement security features will not be a major concern. Management & Computer Security, vol. 9, no. 5, 2001,
Therefore, based on these experimental results, we conclude pp 205-212.
that the increase in overhead resulting from matching [9] Santesson, S. (2005). X.509 Certificate Extension for
biometric information is only slight. Secure/Multipurpose Internet Mail Extensions (S/MIME)
Capabilities, The Internet Society.