IPBio: Embedding Biometric Data in IP Header for Per-Packet Authentication
Per-packet authentication is a powerful way to authenticate the user. Other authentication mechanisms (e.g. password authentication) verify the user at login time only while per-packet authentication verifies all packets coming from that user. Since every packet is authenticated repeatedly, inserting a fake packet or masquerading as a legitimate user is effectively prevented. Existing techniques for per-packet authentication such as IPSec or PLA, however, is either too expensive or not strong enough. We propose to include biometric data of the user in all packets for per-packet authentication. By collecting the user’s biometric data periodically and physically from the user during the session and including it in all packets, we believe that we can provide a cheaper and more secure way of per-packet authentication. A random portion of the biometric data is extracted and used to digest the IP datagram. This technique allows us to control the size of the biometric data and to protect its contents from eavesdropper. This paper explains about the technique and provides experimental results.
KeywordsBiometric Data Packet Format Password Authentication Packet Transmission Time Random Portion
Unable to display preview. Download preview PDF.
- 1.Burkholder, P.: SSL Man-in-the-Middle Attacks, SANS institute (February 2002), http://www.sans.org/rr/whitepapers/threats/480.php
- 3.Kent, S.: IP Authentication Header, IETF Working Group, (December 2005), http://www.ietf.org/rfc/rfc4302.txt
- 4.Kent, S.: IP Encapsulating Security Payload (ESP), IETF Working Group, (December 2005), http://www.ietf.org/rfc/rfc4303.txt
- 5.Candolin, H.K.C., Lundberg, J.: Packet level authentication in military networks. In: Proceedings of the 6th Australian Information Warfare & IT Security Conference, Geelong, Australia (November 2005)Google Scholar
- 6.Gennaro, R., Rohatgi, P.: How to Sign Digital Streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)Google Scholar
- 7.Challal, Y., Bettahar, H., Bouabdallah, A.: A taxonomy of multicast data origin authentica-tion: Issues and solutions. IEEE Communications Surveys and Tutorials 6 (October 2004)Google Scholar
- 9.Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signature of mul-ticast streams over lossy channels. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, May 2000, pp. 56–73 (2000)Google Scholar
- 11.Haller, N.: The S/Key one-time password system. In: Proceedings of the Symposium on Network and Distributed Systems Security, February 1994, pp. 151–157 (1994)Google Scholar