Abstract
Per-packet authentication is a powerful way to authenticate the user. Other authentication mechanisms (e.g. password authentication) verify the user at login time only while per-packet authentication verifies all packets coming from that user. Since every packet is authenticated repeatedly, inserting a fake packet or masquerading as a legitimate user is effectively prevented. Existing techniques for per-packet authentication such as IPSec or PLA, however, is either too expensive or not strong enough. We propose to include biometric data of the user in all packets for per-packet authentication. By collecting the user’s biometric data periodically and physically from the user during the session and including it in all packets, we believe that we can provide a cheaper and more secure way of per-packet authentication. A random portion of the biometric data is extracted and used to digest the IP datagram. This technique allows us to control the size of the biometric data and to protect its contents from eavesdropper. This paper explains about the technique and provides experimental results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Burkholder, P.: SSL Man-in-the-Middle Attacks, SANS institute (February 2002), http://www.sans.org/rr/whitepapers/threats/480.php
Steiner, M., Buhler, P., Eirich, T., Waidner, M.: Secure Password-Based Cipher Suite for TLS. ACM Transactions on Information and System Security (TISSEC) 4(2), 134–157 (2001)
Kent, S.: IP Authentication Header, IETF Working Group, (December 2005), http://www.ietf.org/rfc/rfc4302.txt
Kent, S.: IP Encapsulating Security Payload (ESP), IETF Working Group, (December 2005), http://www.ietf.org/rfc/rfc4303.txt
Candolin, H.K.C., Lundberg, J.: Packet level authentication in military networks. In: Proceedings of the 6th Australian Information Warfare & IT Security Conference, Geelong, Australia (November 2005)
Gennaro, R., Rohatgi, P.: How to Sign Digital Streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)
Challal, Y., Bettahar, H., Bouabdallah, A.: A taxonomy of multicast data origin authentica-tion: Issues and solutions. IEEE Communications Surveys and Tutorials 6 (October 2004)
Wong, C.K., Lam, S.S.: Digital signatures for flows and multicasts. IEEE/ACM Transactions on Networking (TON) 7(4), 502–513 (1999)
Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signature of mul-ticast streams over lossy channels. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, May 2000, pp. 56–73 (2000)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Haller, N.: The S/Key one-time password system. In: Proceedings of the Symposium on Network and Distributed Systems Security, February 1994, pp. 151–157 (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, D.S., Kim, K.C., Yoo, Y.B. (2006). IPBio: Embedding Biometric Data in IP Header for Per-Packet Authentication. In: Min, G., Di Martino, B., Yang, L.T., Guo, M., Rünger, G. (eds) Frontiers of High Performance Computing and Networking – ISPA 2006 Workshops. ISPA 2006. Lecture Notes in Computer Science, vol 4331. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11942634_94
Download citation
DOI: https://doi.org/10.1007/11942634_94
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49860-5
Online ISBN: 978-3-540-49862-9
eBook Packages: Computer ScienceComputer Science (R0)