User identity based authentication mechanisms for network security enhancement

Abstract : In this thesis, we design three new authentication mechanisms based on user identity. Therefore, we bring improvements in access control for different classes of networks such as Home Network, Governmental Network and Cellular Network. The identity can be biometric public features, simple strings (email addresses, login...), etc. The first solution concerns the use of biometric in Home Network' authentication mechanisms. In the Home Network (HN) case study, we aim at personalizing the access of each user in the HN and preventing illegitimate users (passing by the Home Gateway (HG)) to have any access. We propose a new biometric authentication method which respects the constraint of the non storage of the users' Biometric Template (BT) in the HG. To satisfy this constraint, we propose using the fuzzy vault method to hide a secret that should be used for authentication. A software generates a revocable biometric identity (BioID) using a functional transformation. This BioID is used in the fuzzy vault mechanisms to hide a secret session key. The second solution proposes e-Passport authentication mechanisms. The cryptographic parameters are generated using the biometric templates and hence, personalized for the user. In travel document case study, we present our proposal which introduces a new e-Passport authentication mechanisms based on the Elliptic Curve Diffie-Hellman (ECDH) Key Agreement protocol. This protocol is needed to generate a session key used to authenticate the traveler and the Inspection System (IS) to exchange secure data. Our protocol is defined using minutiae data (fingerprint) and iris code of the e-Passport holder. In the third solution, we worked on the Cellular Network and we used a simple string, like email addresses, as identifier to access to services. We choose the IP Multimedia Subsystem (IMS) which is an overlay architecture for the provision of multimedia services. We design a new service authentication mechanism relying on Identity Based Cryptography (IBC) for the IMS architecture. The goal was to authenticate the users using their public and private identifiers to overcome known weaknesses in the Authentication and Key Agreement (AKA) protocol. We focused on the eavesdropping and impersonation attacks that can take place in classical IMS scenario and we showed how our proposed solution can prevent against these attacks. We, then, proposed to add a Batch Verification on the Bootstrapping Server Function (BSF) to decrease signature verification delay and the authentication response time.
Document type :
Theses
Networking and Internet Architecture [cs.NI]. Institut National des Télécommunications, 2011. English. <NNT : 2011TELE0005>


https://tel.archives-ouvertes.fr/tel-00629931
Contributor : Abes Star <>
Submitted on : Friday, March 30, 2012 - 9:57:40 PM
Last modification on : Friday, November 8, 2013 - 7:16:53 PM

File

ThA_seABID.pdf
fileSource_public_star

Identifiers

  • HAL Id : tel-00629931, version 2

Collections

Citation

Mohamed Abid. User identity based authentication mechanisms for network security enhancement. Networking and Internet Architecture [cs.NI]. Institut National des Télécommunications, 2011. English. <NNT : 2011TELE0005>. <tel-00629931v2>

Export

Share

Metrics

Consultation de
la notice

884

Téléchargement du document

577