Analyzing and Comparing the Performance of National Biometric eID Card in Heavy Cryptographic Applications
Abstract
:1. Introduction
2. National Biometric Identity Cards
3. Preparing Testing Environment
3.1. Developing the Application
3.2. Smart Card Middleware
3.3. Pseudocode
- encryptRSACSP_pc(text) takes one argument text of type string, which will be encrypted using the PC, using the public key stored locally on the PC.
- encryptRSACSP_card(text, certificate) takes two arguments, text of type string and certificate of type X509Certificate2. This method encrypts using the RSA CSP class, with the public key from the certificate on the eID biometric card.
- encryptRSA_card(text, certificate) also encrypts using the biometric card, but using RSA class.
function encryptRSACSP_pc(text) { segmentLength ← 212 loopLength ← text.Length/segmentLength+1 RSACryptoServiceProvider rsa rsa.setPublicKey ← readPublicKey() for i←0 to loopLength do if (i=loopLength-1 or text.Length<segmentLength) copyLength ← text.Length-(i*segmentLength) else copyLength ← segmentLength segment ←text.Substring(i*segmentLength, copyLength); rsa.Encrypt(segment) } |
function encryptRSACSP_card(text, certificate) { segmentLength ← 212; loopLength ← text.Length/segmentLength+1; RSACryptoServiceProvider rsa ← certificate.PublicKey.Key; for i ← 0 to i < loopLength do if (i=loopLength-1 or text.Length<segmentLength) copyLength ← text.Length-(i*segmentLength); else copyLength ← segmentLength; segment ← text.Substring(i*segmentLength, copyLength); rsa.Encrypt(segment); } |
function encryptRSA_card(text, certificate) { segmentLength ← 212 loopLength ← text.Length/segmentLength+1 RSA rsa ← certificate.GetRSAPublicKey() for i←0 to loopLength do if (i=loopLength-1 or text.Length<segmentLength) copyLength ← text.Length-(i*segmentLength) else copyLength ← segmentLength segment ← text.Substring(i*segmentLength, copyLength); rsa.Encrypt(segment) } |
- signRSACSP_pc(text) method is used to sign the text data, using the asymmetric algorithm RSA CSP, using the private key stored on the PC.
- signRSACSP_card(text, certificate) will be used as a method to sign the text data, using the private key in the certificate.
- signRSA_card(text, certificate) takes two arguments, one the text to sign, and the certificate, which uses the private key to digitally sign the data, with RSA class.
function signRSACSP_pc(text) { RSACryptoServiceProvider rsa rsa.setPublicKey ← readPublicKey() rsa.SignData(text); } |
function signRSACSP_card(text, certificate) { RSACryptoServiceProvider rsacsp ← certificate.PrivateKey rsacsp.SignData(text) } |
function signRSA_card(text, certificate) { RSA rsa ← certificate.PrivateKey rsa.SignData(text) } |
3.4. Software Functionalities
- The first step is to choose the size of the text file which will be encrypted or signed. The test vector consists of eight text files with a random text of different size, 1 KB, 10 KB, 50 KB, 100 KB, 1 MB, 2 MB, 5 MB, 10 MB. Each file will have the different impact on the processing time, which will be discussed later. The text is random text, as presented in Figure 6.
- The second step is to choose the processing system and the algorithm for processing the data. The app offers both processing systems: match-off-card using a PC as outside processing system and match-on-card using a national eID biometric card as a processing system. The PC interface implements only the RSA CSP [15] from the NET framework as the only processing algorithm. Whereas the national eID biometric card offers two processing algorithms: RSA [16] and RSA CSP. This comparison is the main experiment conducted in this paper, it measures the processing time of the two processing systems.
- The third and last step is to choose if the user wants to encrypt or sign the selected data, with the selected algorithm and selected processing system. Each experiment is run 10 times and the results are written in a text file. This text file shows the execution time for each of 10 runs and the best time, worst time and the average time from the experiment.
4. Experimental Results
4.1. RSA vs. RSA Crypto Service Provider (CSP)—Encryption with National eID Biometric card
4.2. Personal Compuer (PC) vs. Card—Encryption Using RSA CSP Class
4.3. PC vs. Card—Signing Using RSA CSP Class
5. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Biometrics for Payment Applications the SPA Vision on Financial Match-on-Card; Smart Payment Association (SPA): Munich, Germany, November 2013.
- Pang, C.T.; Yun, Y.W.; Xudong, J. On-Card Matching. In Encyclopedia of Biometrics; Springer: New York, NY, USA, 2009. [Google Scholar]
- Smart Cards and Biometrics. In A Smart Card Alliance Physical Access Council White Paper; Smart Card Alliance: Princeton, NJ, USA, March 2011.
- Bringer, J.; Chabanne, H.; Pointcheval, D.; Zimmer, S. An Application of the Boneh and Shacham Group Signature Scheme to Biometric Authentication. In Proceedings of the 3rd International Workshop on Security (IWSEC ‘08), Kagawa, Japan, 25–27 November 2008. [Google Scholar]
- Grother, P.; Salamon, W.; Watson, C.; Indovina, M.; Flanagan, P. MINEX II Performance of Fingerprint Match-on-Card Algorithms Phase II/III Report—NIST Interagency Report 7477; Information Access Division—National Institute of Standards and Technology: Gaithersburg, MD, USA, 2009. [Google Scholar]
- Security and Performance Evaluation Platform of Biometric Match on Card. In Proceedings of the International Conference on Mobile Applications and Security Management (ICMASM), Sousse, Tunisia, 22–24 June 2013.
- Cooper, D.; Dang, H.; Lee, P.; MacGregor, W.; Mehta, K. Secure Biometric Match-on-Card Feasibility Report; NIST Interagency Report 7452; National Institute of Standards and Technology: Gaithersburg, MD, USA, November 2007. Available online: https://csrc.nist.gov/publications/detail/nistir/7452/final (accessed on 22 August 2018).
- ICAO Doc9303, Machine Readable Travel Documents, 7th ed.; Available online: https://www.icao.int/publications/Documents/9303_p3_cons_en.pdf (accessed on 22 August 2018).
- Rexha, B.; Imeraj, D.; Shabani, I. Using efficient TRNGs for PSEUDO profile in national eID card. Int. J. Recent Contrib. Eng. Sci. 2018, 6, 57–73. [Google Scholar] [CrossRef]
- I. AG, Technical Details for SLE 78CLX1280P. Available online: http://www.infineon.com/ (accessed on 22 August 2018).
- Giesecke & Devrient GmbH. Help files and technical notes for HIGHSEC eID App. Available online: https://mpb.rks-gov.net/eID.html (accessed on 22 August 2018).
- Rexha, B.; Qerimi, E.; Neziri, V.; Dervishi, R. Using eID Pseudonymity and Anonmity for Strengthing User Freedom in Internet; Time for a European Internet; Central and Eastern European e|Dem and e|Gov Days 2015 Independence Day: Budapest, Hungary, 2015. [Google Scholar]
- Krasniqi, G.; Rama, P.; Rexha, B. Source code of application developed and hosted by GitHub. Available online: https://github.com/petritrama-unipr/BiometricEfficiency_FIEK (accessed on 20 July 2018).
- Microsoft. Smart Card Authentication. Available online: https://docs.microsoft.com/en-us/windows/desktop/secauthn/smart-card-authentication (accessed on 22 August 2018).
- Microsoft. RSACryptoServiceProvider Class. NET Framework 4.7.2. Available online: https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider(v=vs.110).aspx (accessed on 20 July 2018).
- Rankl, W.; Effing, W. Smart Card Handbook; John Wiley & Sons Ltd.: London, UK, 2003. [Google Scholar]
- Stallings, W. Operating Systems: Internals and Design Principles; Pearson Prentice Hall: Upper Saddle River, NJ, USA, 2012. [Google Scholar]
- Guariglia, E. Entropy and Fractal Antennas. Entropy 2016, 18, 1–17. [Google Scholar] [CrossRef]
- Guariglia, E. Spectral Analysis of the Weierstrass-Mandelbrot Function. In Proceedings of the 2nd International Multidisciplinary Conference on Computer and Energy Science, Split, Croatia, 12–14 July 2017. [Google Scholar]
Size | 1 KB | 10 KB | 50 KB | 100 KB | 1 MB | 2 MB | 5 MB | 10 MB | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
#. | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP |
1 | 3.22 | 2.53 | 13.65 | 18.26 | 49.58 | 66.03 | 90.85 | 127.79 | 868.2 | 1235.4 | 1622.7 | 2466.8 | 4050.0 | 6553.7 | 8100.2 | 12,446.0 |
2 | 0.87 | 1.81 | 11.41 | 12.56 | 41.28 | 62.38 | 84.34 | 123.08 | 851.6 | 1224.2 | 1625.2 | 2449.4 | 4062.8 | 6779.2 | 8071.2 | 12,856.5 |
3 | 0.87 | 1.33 | 7.86 | 12.91 | 41.07 | 60.54 | 81.37 | 119.40 | 812.7 | 1295.1 | 1626.7 | 2467.2 | 4056.1 | 6801.4 | 8304.1 | 12,174.1 |
4 | 0.90 | 1.33 | 9.21 | 12.31 | 40.49 | 60.33 | 78.67 | 119.22 | 827.2 | 1387.7 | 1627.0 | 2449.3 | 4029.9 | 6348.8 | 8100.7 | 12,187.8 |
5 | 0.82 | 2.00 | 7.86 | 12.39 | 42.08 | 60.52 | 79.90 | 118.92 | 804.6 | 1312.5 | 1620.0 | 2446.6 | 4103.8 | 6091.3 | 8041.1 | 12,173.6 |
6 | 0.81 | 1.33 | 8.46 | 12.22 | 47.41 | 59.45 | 78.41 | 118.89 | 804.6 | 1603.8 | 1608.9 | 2445.5 | 4214.8 | 6096.6 | 8617.1 | 12,258.2 |
7 | 1.10 | 1.30 | 8.01 | 12.29 | 40.30 | 59.69 | 78.44 | 118.77 | 811.6 | 1299.4 | 1615.8 | 2459.8 | 4444.2 | 6082.7 | 8258.5 | 13,051.2 |
8 | 0.82 | 1.23 | 8.44 | 12.20 | 39.21 | 59.52 | 79.38 | 118.88 | 818.6 | 1285.9 | 1607.6 | 2448.7 | 4407.9 | 6076.6 | 8031.8 | 12,241.2 |
9 | 0.83 | 1.57 | 7.98 | 12.33 | 39.27 | 59.77 | 105.83 | 118.90 | 804.7 | 1254.9 | 1631.4 | 2448.4 | 4048.4 | 6131.0 | 8126.5 | 12,189.7 |
10 | 0.80 | 1.23 | 8.28 | 12.39 | 39.36 | 59.80 | 105.19 | 118.83 | 800.8 | 1218.1 | 1606.3 | 2446.7 | 4030.3 | 6095.1 | 8112.3 | 12,173.3 |
Average Time (ms) | |||
---|---|---|---|
Size | RSA | RSA CSP | Diff |
1 KB | 1.10 | 1.56 | 41.72% |
10 KB | 9.12 | 12.99 | 42.45% |
50 KB | 42.00 | 60.80 | 44.76% |
100 KB | 86.24 | 120.27 | 39.46% |
1 MB | 820.46 | 1311.71 | 59.88% |
2 MB | 1619.16 | 2452.83 | 51.49% |
5 MB | 4144.82 | 6305.64 | 52.13% |
10 MB | 8176.34 | 12,375.17 | 51.35% |
Size | 1 KB | 10 KB | 50 KB | 100 KB | 1 MB | 2 MB | 5 MB | 10 MB | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
# | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP |
1 | 3.16 | 2.53 | 12.55 | 18.26 | 60.67 | 66.03 | 120.60 | 127.79 | 1217.8 | 1235.4 | 2479.8 | 2466.8 | 6603.3 | 6553.7 | 13,160.6 | 12,446.0 |
2 | 1.48 | 1.81 | 20.58 | 12.56 | 59.56 | 62.38 | 119.04 | 123.08 | 1214.6 | 1224.2 | 2438.2 | 2449.4 | 6419.6 | 6779.2 | 12,201.2 | 12,856.5 |
3 | 1.33 | 1.33 | 12.12 | 12.91 | 59.65 | 60.54 | 118.85 | 119.40 | 1216.3 | 1295.1 | 2434.1 | 2467.2 | 6257.3 | 6801.4 | 12,180.8 | 12,174.1 |
4 | 1.29 | 1.33 | 12.07 | 12.31 | 68.15 | 60.33 | 119.35 | 119.22 | 1216.6 | 1387.7 | 2440.3 | 2449.3 | 6359.9 | 6348.8 | 12,173.6 | 12,187.8 |
5 | 1.28 | 2.00 | 12.05 | 12.39 | 59.38 | 60.52 | 118.84 | 118.92 | 1223.2 | 1312.5 | 2431.2 | 2446.6 | 6083.2 | 6091.3 | 12,155.7 | 12,173.6 |
6 | 1.24 | 1.33 | 12.54 | 12.22 | 59.50 | 59.45 | 118.75 | 118.89 | 1219.8 | 1603.8 | 2434.7 | 2445.5 | 6084.8 | 6096.6 | 12,931.1 | 12,258.2 |
7 | 1.25 | 1.30 | 12.57 | 12.29 | 59.45 | 59.69 | 118.80 | 118.77 | 1220.2 | 1299.4 | 2434.5 | 2459.8 | 6126.9 | 6082.7 | 12,235.5 | 13,051.2 |
8 | 1.24 | 1.23 | 12.11 | 12.20 | 60.55 | 59.52 | 119.10 | 118.88 | 1217.1 | 1285.9 | 2432.5 | 2448.7 | 6106.4 | 6076.6 | 12,215.9 | 12,241.2 |
9 | 1.23 | 1.57 | 12.06 | 12.33 | 60.70 | 59.77 | 119.27 | 118.90 | 1217.0 | 1254.9 | 2429.7 | 2448.4 | 6079.7 | 6131.0 | 12,179.4 | 12,189.7 |
10 | 1.23 | 1.23 | 11.99 | 12.39 | 59.44 | 59.80 | 118.84 | 118.83 | 1217.6 | 1218.1 | 2517.4 | 2446.7 | 6076.0 | 6095.1 | 12,272.7 | 12,173.3 |
Average Time (ms) | |||
---|---|---|---|
Size | PC | Card | Diff |
1 KB | 1.47 | 1.56 | 6.20% |
10 KB | 13.06 | 12.99 | −0.59% |
50 KB | 60.70 | 60.80 | 0.16% |
100 KB | 119.14 | 120.27 | 0.95% |
1 MB | 1218.03 | 1311.71 | 7.69% |
2 MB | 2447.24 | 2452.83 | 0.23% |
5 MB | 6219.72 | 6305.64 | 1.38% |
10 MB | 12,370.65 | 12,375.17 | 0.04% |
Size | 1 KB | 10 KB | 50 KB | 100 KB | 1 MB | 2 MB | 5 MB | 10 MB | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
# | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP | RSA | CSP |
1 | 10.33 | 2.38 | 7.24 | 17.28 | 7.41 | 66.17 | 7.88 | 134.81 | 16.3 | 1258.8 | 21.1 | 2448.2 | 52.5 | 6187.9 | 73.6 | 12,189.5 |
2 | 7.09 | 2.19 | 7.29 | 12.74 | 7.41 | 62.28 | 7.81 | 123.81 | 13.8 | 1236.4 | 20.6 | 2488.6 | 48.7 | 6125.3 | 73.1 | 12,153.6 |
3 | 7.10 | 2.60 | 7.15 | 12.37 | 7.82 | 62.15 | 7.81 | 120.42 | 13.9 | 1249.5 | 20.3 | 2441.4 | 40.1 | 6123.7 | 73.6 | 12,157.3 |
4 | 7.18 | 2.67 | 7.22 | 11.99 | 7.41 | 61.33 | 7.74 | 118.84 | 13.8 | 1271.7 | 20.3 | 2429.1 | 40.3 | 6117.0 | 95.6 | 12,669.9 |
5 | 7.09 | 2.43 | 7.23 | 12.49 | 7.49 | 62.36 | 7.78 | 118.83 | 13.8 | 1248.7 | 20.3 | 2496.6 | 40.4 | 6119.1 | 100.9 | 12,627.0 |
6 | 7.12 | 2.22 | 7.15 | 12.66 | 7.48 | 59.72 | 7.81 | 118.83 | 13.8 | 1231.7 | 21.2 | 2679.9 | 41.3 | 6128.2 | 74.8 | 12,154.5 |
7 | 7.18 | 1.96 | 7.22 | 13.40 | 7.40 | 59.97 | 7.78 | 119.57 | 13.7 | 1231.9 | 20.4 | 2608.8 | 41.0 | 6117.7 | 73.0 | 12,160.6 |
8 | 7.63 | 1.33 | 7.23 | 12.08 | 7.93 | 59.54 | 7.74 | 118.99 | 13.7 | 1233.5 | 20.5 | 2658.4 | 40.6 | 6303.1 | 73.0 | 12,162.9 |
9 | 7.16 | 1.33 | 7.15 | 12.30 | 7.50 | 59.59 | 7.86 | 119.16 | 13.7 | 1236.4 | 20.5 | 2549.1 | 40.4 | 6683.6 | 73.1 | 12,300.0 |
10 | 7.19 | 1.33 | 7.18 | 12.72 | 7.46 | 59.61 | 7.91 | 118.72 | 13.7 | 1236.0 | 20.4 | 2428.7 | 40.4 | 6241.6 | 96.1 | 13,158.7 |
Average Time (ms) | |||
---|---|---|---|
Size | PC | Card | Diff |
1 KB | 7.51 | 2.04 | −72.77% |
10 KB | 7.21 | 13.00 | 80.45% |
50 KB | 7.53 | 61.27 | 713.49% |
100 KB | 7.81 | 121.20 | 1451.75% |
1 MB | 14.01 | 1243.48 | 8772.78% |
2 MB | 20.57 | 2522.90 | 12,165.59% |
5 MB | 42.56 | 6214.72 | 14,500.78% |
10 MB | 80.68 | 12,373.40 | 15,237.16% |
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Krasniqi, G.; Rama, P.; Rexha, B. Analyzing and Comparing the Performance of National Biometric eID Card in Heavy Cryptographic Applications. Appl. Syst. Innov. 2018, 1, 37. https://doi.org/10.3390/asi1040037
Krasniqi G, Rama P, Rexha B. Analyzing and Comparing the Performance of National Biometric eID Card in Heavy Cryptographic Applications. Applied System Innovation. 2018; 1(4):37. https://doi.org/10.3390/asi1040037
Chicago/Turabian StyleKrasniqi, Gazmend, Petrit Rama, and Blerim Rexha. 2018. "Analyzing and Comparing the Performance of National Biometric eID Card in Heavy Cryptographic Applications" Applied System Innovation 1, no. 4: 37. https://doi.org/10.3390/asi1040037
APA StyleKrasniqi, G., Rama, P., & Rexha, B. (2018). Analyzing and Comparing the Performance of National Biometric eID Card in Heavy Cryptographic Applications. Applied System Innovation, 1(4), 37. https://doi.org/10.3390/asi1040037