Two signature systems based on smart cards and fingerprint features are proposed. In one signature system, the cryptographic key is stored in the smart card and is only accessible when the signer's extracted fingerpr...Two signature systems based on smart cards and fingerprint features are proposed. In one signature system, the cryptographic key is stored in the smart card and is only accessible when the signer's extracted fingerprint features match his stored template. To resist being tampered on public channel, the user's message and the signed message are encrypted by the signer's public key and the user's public key, respectively. In the other signature system, the keys are generated by combining the signer's fingerprint features, check bits, and a rememberable key, and there are no matching process and keys stored on the smart card. Additionally, there is generally more than one public key in this system, that is, there exist some pseudo public keys except a real one.展开更多
This paper discusses an approach to share a smart card in one machine with other machines accessible on the local network or the Internet. This allows a user at a browser to use the shared card remotely and access web...This paper discusses an approach to share a smart card in one machine with other machines accessible on the local network or the Internet. This allows a user at a browser to use the shared card remotely and access web applications that requiresmart card authentication. This also enables users to access these applications from browsers and machines that do not have the capability to use a smart card. The approach uses proxies and card reader code to provide this capability to the requesting device.Previous work with remote or shared smart card use either requires continuous access to the smart card machine or specific client software. The approach in this paper works for any device and browser that has proxy settings, creates minimal network traffic and computation on the smart card machine, and allows the client to transfer from one network to another while maintaining connectivity to a server. This paper describes the smart card sharing approach, implementation and validation of the approach using real systems, and security implications for an enterprise using smart cards.展开更多
When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authen...When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authentication and key agreement scheme preserving the privacy of secret keys and providing user anonymity. Later, Chang et al. indicated that their scheme suffers from two security flaws. First, it cannot resist DoS (denial-of-service) attack because the indicators for the next session are not consistent. Second, the user password may be modified by a malicious attacker because no authentication mechanism is applied before the user password is updated. To eliminate the security flaws and preserve the advantages of Wang et aL's scheme, we propose an improvement in this paper.展开更多
The security of CPU smart cards, which are widely used throughout China, is currently being threatened by side-channel analysis. Typical countermeasures to side-channel analysis involve adding noise and filtering the ...The security of CPU smart cards, which are widely used throughout China, is currently being threatened by side-channel analysis. Typical countermeasures to side-channel analysis involve adding noise and filtering the power consumption signal. In this paper, we integrate appropriate preprocessing methods with an improved attack strategy to generate a key recovery solution to the shortcomings of these countermeasures. Our proposed attack strategy improves the attack result by combining information leaked from two adjacent clock cycles. Using our laboratory-based power analysis system, we verified the proposed key recovery solution by performing a successful correlation power analysis on a Triple Data Encryption Standard (3DES) hardware module in a real-life 32-bit CPU smart card. All 112 key bits of the 3DES were recovered with about 80 000 power traces.展开更多
With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the ele...With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the electronic medical environment, it is also necessary to consider that the patient may access multiple hospital servers. Based on three factors of smart card, random number and biometrics, an anonymous authentication scheme in the electronic medical environment is proposed. In order to reduce the burden of the medical registration and certification center(HC), in the proposed anonymous authentication scheme, the patient only needs to register with HC once, then he/she can apply for visiting each hospital that has joined the medical servers. Security analysis shows that the proposed scheme has anonymity and dual authentication, and can resist various types of attacks, such as insider attack, modification attack, replay attack and smart card loss attack. Efficiency analysis shows that the calculation cost of the proposed scheme in the registration and login phase is lower, and it is slightly higher than Lei's scheme and Khan et al's scheme in the authentication phase. The proposed scheme can not only resist various types of attacks, but also support dual authentication and multi-server environment. With a little modification, the proposed scheme can also be used to other application scenarios requiring anonymous authentication.展开更多
基金This project was supported by the National Science Foundation of China (60763009)China Postdoctoral Science Foundation (2005038041)Hainan Natural Science Foundation (80528).
文摘Two signature systems based on smart cards and fingerprint features are proposed. In one signature system, the cryptographic key is stored in the smart card and is only accessible when the signer's extracted fingerprint features match his stored template. To resist being tampered on public channel, the user's message and the signed message are encrypted by the signer's public key and the user's public key, respectively. In the other signature system, the keys are generated by combining the signer's fingerprint features, check bits, and a rememberable key, and there are no matching process and keys stored on the smart card. Additionally, there is generally more than one public key in this system, that is, there exist some pseudo public keys except a real one.
文摘This paper discusses an approach to share a smart card in one machine with other machines accessible on the local network or the Internet. This allows a user at a browser to use the shared card remotely and access web applications that requiresmart card authentication. This also enables users to access these applications from browsers and machines that do not have the capability to use a smart card. The approach uses proxies and card reader code to provide this capability to the requesting device.Previous work with remote or shared smart card use either requires continuous access to the smart card machine or specific client software. The approach in this paper works for any device and browser that has proxy settings, creates minimal network traffic and computation on the smart card machine, and allows the client to transfer from one network to another while maintaining connectivity to a server. This paper describes the smart card sharing approach, implementation and validation of the approach using real systems, and security implications for an enterprise using smart cards.
基金supported by National Science Council under Grant No. 98-2221-E-025-007- and 99-2410-H-025-010-MY2
文摘When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authentication and key agreement scheme preserving the privacy of secret keys and providing user anonymity. Later, Chang et al. indicated that their scheme suffers from two security flaws. First, it cannot resist DoS (denial-of-service) attack because the indicators for the next session are not consistent. Second, the user password may be modified by a malicious attacker because no authentication mechanism is applied before the user password is updated. To eliminate the security flaws and preserve the advantages of Wang et aL's scheme, we propose an improvement in this paper.
基金supported by the Major Program“Core of Electronic DevicesHigh-End General Chips+1 种基金and Basis of Software Products”of the Ministry of Industry and Information Technology of China(No.2014ZX01032205)the Key Technologies Research and Development Program of the Twelfth Five-Year Plan of China(No.MMJJ201401009)
文摘The security of CPU smart cards, which are widely used throughout China, is currently being threatened by side-channel analysis. Typical countermeasures to side-channel analysis involve adding noise and filtering the power consumption signal. In this paper, we integrate appropriate preprocessing methods with an improved attack strategy to generate a key recovery solution to the shortcomings of these countermeasures. Our proposed attack strategy improves the attack result by combining information leaked from two adjacent clock cycles. Using our laboratory-based power analysis system, we verified the proposed key recovery solution by performing a successful correlation power analysis on a Triple Data Encryption Standard (3DES) hardware module in a real-life 32-bit CPU smart card. All 112 key bits of the 3DES were recovered with about 80 000 power traces.
基金Supported by the Key Natural Science Foundation of Anhui Higher Education Institutions (KJ2017A857, KJ2019A0727)。
文摘With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the electronic medical environment, it is also necessary to consider that the patient may access multiple hospital servers. Based on three factors of smart card, random number and biometrics, an anonymous authentication scheme in the electronic medical environment is proposed. In order to reduce the burden of the medical registration and certification center(HC), in the proposed anonymous authentication scheme, the patient only needs to register with HC once, then he/she can apply for visiting each hospital that has joined the medical servers. Security analysis shows that the proposed scheme has anonymity and dual authentication, and can resist various types of attacks, such as insider attack, modification attack, replay attack and smart card loss attack. Efficiency analysis shows that the calculation cost of the proposed scheme in the registration and login phase is lower, and it is slightly higher than Lei's scheme and Khan et al's scheme in the authentication phase. The proposed scheme can not only resist various types of attacks, but also support dual authentication and multi-server environment. With a little modification, the proposed scheme can also be used to other application scenarios requiring anonymous authentication.
