Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

A variation of the following biometric authentication protocol was experimentall

ID: 3864174 • Letter: A

Question

A variation of the following biometric authentication protocol was experimentally tested several years ago at immigration checkpoints in major U.S. airports. A user registers in person by showing his credentials (e.g., passport and visa) to the registration authority and giving his fingerprint (a "palmprint" was actually used). The registration authority then issues to the user a tamper-resistant smartcard that stores the reference fingerprint vector and can execute the matching algorithm. The checkpoint is equipped with a tamper-resistant admission device that contains a fingerprint reader and a smartcard reader. The user inserts his smartcard and provides his fingerprint to the device, which forwards it to the smartcard. The smartcard executes the comparison algorithms and outputs the result ("match" or "not match") to the device, which admits or rejects the user accordingly. Clearly, an attacker can defeat this scheme by programming a smartcard that always outputs "match." Show how to modify the scheme to make it more secure. The admission device needs to make sure that it is interacting with a valid smartcard issued by the registration authority. You can assume that the smartcard can perform cryptographic computations. The attacker can program smartcards and is allowed to have an input-output interaction with a valid smartcard but cannot obtain the data stored inside it.

Explanation / Answer

There are many ways of solution to the problem ,In the first solution we find that the registration authority will give the smartcard a copy of the reference fingerprint signed by the registration authority, and then have the fingerprint comparison performed by the admission device, not the smartcard.By this method the admission authority knows the reference fingerprint is valid and that the person’s fingerprint gets matched.

In the second method , the registration authority issues public or private key pairs to each valid smartcard and additionally give it a signed copy of this public key. The smartcard is inserted, The admission authority is given public key, which is validated. Then the admission authority reads the finger print , It is encrypted by using smartcard’s public key and the ciphertext is sent to the smartcard . Then the smartcard replies with the Message for both conditions if it is matched or not matched , with the decrypted version of the fingerprint. By this method The Public or private key pair associated with smart card is assured by admission authority.

Related Questions

A valve can be used at four temperature levels. If the valve is used at the cold
Question #3429627
A valve controls the flow of water in the feed-water heating in a ship’s boiler.
Question #2324368
A valve manufacturer produces a butterfly valve composed of two semicircular pla
Question #3442844
A valve manufacturer produces a butterfly valve composed of two semicircular pla
Question #3442845
A valve manufacturing company incurs o: ISMarks) A valve manufacturing AED 30 pe
Question #1108500
A valve open close mechanism such as the one pictured below is needed. The wheel
Question #1996695
A van accelerates down a hill (see figure below), going from rest to 30.0 m/s in
Question #2259552
A van de Graaf generator has a motor that runs its 39 cm long (full length aroun
Question #1655283
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
A variation of Russell traction ( the figure ( Figure 1 ) ) supports the lower l
Next
A variation of the round-robin scheduler is the regressive round-robin scheduler

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.