Towards a Robust Fingerprint Authentication System Protocol
Full text | |||
Source | Journal of Information Systems Security Volume 13, Number 1 (2017)
Pages 19–34
ISSN 1551-0123 (Print)ISSN 1551-0808 (Online) |
||
Authors | Kishor Krishnan Nair — Council for Scientific and Information Research (CSIR), South Africa
Albert Helberg — North-West University (NWU), Potchefstroom Campus, South Africa
Johannes van der Merwe — Council for Scientific and Information Research (CSIR), South Africa
|
||
Publisher | Information Institute Publishing, Washington DC, USA |
Abstract
In the present world, biometric authentication systems are increasingly being extensively used, of which Fingerprint Authentication Systems (FASs) are gaining massive acceptance across the globe and is used as a key security technique for accurate personal identification and verification. It is the most developed, matured, publicly accepted, and advanced biometric, with more history, research and, design than any other biometric scheme. FAS is a reliable and convenient solution that can be effortlessly implemented on devices and can be easily integrated at various points of identification and verification. It is popularly used for developing high security applications, and that is mainly because of two key reasons. Firstly, FAS offers a better security than other biometric counterparts, such as face recognition systems, hand geometry, signature verification, and voice recognition. Secondly, FAS is comparatively cheaper than other biometric systems, such as iris recognition and DNA fingerprinting. Although FAS provides higher security than the majority of its biometric counterparts and to conventional authentication systems, using passwords and Personal Identification Numbers (PINs), they are also susceptible to the inherent security vulnerabilities associated with biometric modalities in general. The most relevant vulnerability is that once the biometric template is compromised, it cannot be replaced or destroyed, as the biometric features are limited to a person. This paper begins with a background of FAS and it showcases the current biometric vulnerabilities, from an FAS perspective. Furthermore, an investigation is carried out to analyze the impact of these vulnerabilities on two popular and proprietary FAS protocols. The study conducted on the existing protocols reveals the necessity of a robust protocol, and the proposal for an improved FAS protocol is put forward. Thus, this research focuses on conceptualizing an FAS protocol that can address the major FAS protocol security vulnerabilities. It is abstracted based on the key idea of a unique One Time Template (OTT), which will be valid only for a single authentication session. Furthermore, the proposed FAS protocol does not need the storage and transmission of the original fingerprint template, thereby addressing the most dangerous vulnerability associated with biometrics, which is the compromise of the original biometric template. The proposed protocol will be further reviewed and criticized to recognize the value added of this study.
Keywords
Biometrics, FAS, Nonce, OTT, Protocol
References
Agarwal, P., Kapoor, R. and Agarwal, S. (2014). "A Hybrid Fingerprint Matching Algorithm for estimation of Equal Error Rate", proceedings of the International Conference on Advanced Communications, Control & Computing Technologies.
Ahmed, A.A. and Traore, I. (2014). "Biometric Recognition Based on Free-Text Keystroke Dynamics", Transactions on Cybernetics, 44 (4), 458-472.
Al-Harby, F., Qahwaji, R. and Kamala, M. (2009). "The effects of gender differences in the acceptance of biometrics authentication systems within online transaction", proceedings of the International Conference on CyberWorlds.
Canuto, A.M. et al. (2010). "Enhancing Performance of Cancellable Fingerprint Biometrics using Classifier Ensembles", proceedings of the Eleventh Brazilian Symposium on Neural Networks.
Cappelli et al. (2011). "Fingerprint Verification Competition", proceedings of the International Joint Conference on Biometrics (IJCB).
Darwish, A.A. et al. (2010). "Human Authentication using Face and Fingerprint Biometrics", proceedings of the Second International Conference on Computational Intelligence, Communication Systems and Networks.
Foudil, B., Samy, A.A, and Samir, A. (2015.) "Secure Fingerprint-based authentication and non-repudiation services for mobile learning systems", proceedings of the International Conference on Interactive Mobile Communication Technologies and Learning (IMCL).
Nair, K.K, Helberg, A. and Merwe, J. V. D. (2015). "Intrusion detection in Bluetooth enabled mobile phones", Information Security for South Africa (ISSA).
Kumar, D and Ryu, Y. (2008). "A Brief Introduction of Biometrics and Fingerprint Payment Technology", International Journal of Advanced Science and Technology 4, 25-38.
Komogortsev, O.V., Karpov, A. and Holland, C.D. (2015). "Attack of Mechanical Replicas: Liviness Detection with Eye Movements", IEEE Transactions on Information Forensics and Security 10 (4), 716-725.
Lasisi, H. and Ajisafe, A.A. (2012). "Development of stripe biometric based fingerprint authentications systems in automated teller machines", proceedings of the 2nd International Conference on Advances in Computational Tools for Engineering Applications (ACTEA).
Li, C. and Hwang, M. (2010) "An efficient biometrics based user authentication scheme using smart cards", ScienceDirect, 11, 15.
Li, S. (2013). "Fingerprint Combination for Privacy Protection", IEEE Transactions on Information Forensics and Security, 8 (2), 350-360.
Li, C.T. et al. (2015). "Authenticated Key Agreement Scheme Using Smart Cards and Biometrics", proceedings of the International Conference on Information
Networking (ICOIN).
Nipkow, T., Paulson, L.C. and Wenzel, M. (2014). "Isabelle/HOL. A Proof Assistant for Higher-Order Logic", http://isabelle.in.tum.de/doc/tutorial.pdf.
Rajan, R.A, Sudha, N. and Kumar, P.A. (2013). "O-F estimation based on curved Gabor Filter for fingerprint image enhancement", proceedings of the Fifth International Conference on Advanced Computing (ICoAC).
Rathgeb, C. and Uhl, A. (2011). "A survey on biometric cryptosystems and cancelable biometrics", http://jis.eurasipjournals.com/content/2011/1/3.
Rozsa, A., Glock, A.E., and Boult, T.E. (2015). "Genetic Algorithm Attack on Minutiae-Based Fingerprint Authentication and Protected Template Fingeprint Systems", proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).
Sarier, N.D. (2010). "Practical Multi-factor Biometric Remote Authentication", proceedings of the Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems.
Shaikh S. and Bush, V. (2006). "Analysing the Woo-Lam Protocol using CSP and Rank Functions", https://www.acs.org.au/__data/assets/pdf_file/0008/15389/JRPIT38.1.19.pdf.
Shinde, A.S. and Bendre, V. (2015). "An Embedded Fingerprint Authentication System", proceedings of the International Conference on Computing Communication Control and Automation.
INCITS. (2007). "Study Report on Biometrics in E-Authentication", https://standards.incits.org/apps/group_public/download.php/24528/m1070185rev.pdf.
ITU-T X.811. (2008). "Information Technology Open Systems Interconnection-Security Frameworks for Open Systems; Authentication Framework", http://www.itu.int/rec/T-REC-X.811/en.
Takahashi, K. and Hirata, S. (2009). "Generating Cancelable Fingerprint Templates", Proceedings of the 3rd IEEE international conference on Biometrics: Theory, applications and systems, 327-332.
Tian, J. and Peng, Y. (2012). "Research of the Matlab application in the fingerprint identification system", proceedings of the International Conference on Image Analysis and Signal Processing.
Wayman, J. et al. (2004). "Biometric Systems: Technology, Design and Performance Evaluation", Springer, ISBN. 1852335963.
Yang, J. (2010). "Biometrics Verification Techniques Combing with Digital Signature for Multimodal Biometrics Payment System", proceedings of the International Conference on Management of e-Commerce and e-Government.