IPBio: Embedding Biometric Data in IP Header for Per-Packet Authentication

  • Dae Sung Lee
  • Ki Chang Kim
  • Year Back Yoo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4331)


Per-packet authentication is a powerful way to authenticate the user. Other authentication mechanisms (e.g. password authentication) verify the user at login time only while per-packet authentication verifies all packets coming from that user. Since every packet is authenticated repeatedly, inserting a fake packet or masquerading as a legitimate user is effectively prevented. Existing techniques for per-packet authentication such as IPSec or PLA, however, is either too expensive or not strong enough. We propose to include biometric data of the user in all packets for per-packet authentication. By collecting the user’s biometric data periodically and physically from the user during the session and including it in all packets, we believe that we can provide a cheaper and more secure way of per-packet authentication. A random portion of the biometric data is extracted and used to digest the IP datagram. This technique allows us to control the size of the biometric data and to protect its contents from eavesdropper. This paper explains about the technique and provides experimental results.


Biometric Data Packet Format Password Authentication Packet Transmission Time Random Portion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Burkholder, P.: SSL Man-in-the-Middle Attacks, SANS institute (February 2002),
  2. 2.
    Steiner, M., Buhler, P., Eirich, T., Waidner, M.: Secure Password-Based Cipher Suite for TLS. ACM Transactions on Information and System Security (TISSEC) 4(2), 134–157 (2001)CrossRefGoogle Scholar
  3. 3.
    Kent, S.: IP Authentication Header, IETF Working Group, (December 2005),
  4. 4.
    Kent, S.: IP Encapsulating Security Payload (ESP), IETF Working Group, (December 2005),
  5. 5.
    Candolin, H.K.C., Lundberg, J.: Packet level authentication in military networks. In: Proceedings of the 6th Australian Information Warfare & IT Security Conference, Geelong, Australia (November 2005)Google Scholar
  6. 6.
    Gennaro, R., Rohatgi, P.: How to Sign Digital Streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Challal, Y., Bettahar, H., Bouabdallah, A.: A taxonomy of multicast data origin authentica-tion: Issues and solutions. IEEE Communications Surveys and Tutorials 6 (October 2004)Google Scholar
  8. 8.
    Wong, C.K., Lam, S.S.: Digital signatures for flows and multicasts. IEEE/ACM Transactions on Networking (TON) 7(4), 502–513 (1999)CrossRefGoogle Scholar
  9. 9.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signature of mul-ticast streams over lossy channels. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, May 2000, pp. 56–73 (2000)Google Scholar
  10. 10.
    Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Haller, N.: The S/Key one-time password system. In: Proceedings of the Symposium on Network and Distributed Systems Security, February 1994, pp. 151–157 (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dae Sung Lee
    • 1
  • Ki Chang Kim
    • 2
  • Year Back Yoo
    • 3
  1. 1.School of Computer Science & EngineeringInha Univ.Korea
  2. 2.School of Information and Communication EngineeringInha Univ.Korea
  3. 3.Computer Science DepartmentMontana State UniversityU.S.A.

Personalised recommendations