A Secure Fingerprint Authentication Protocol

Authors

  • Anongporn Salaiwarakul Department of Computer Science and Information Technology, Naresuan University, Thailand.

Keywords:

Biometric, Fingerprint Authentication Protocol, Fingerprint Authentication Specification, Security Protocol,

Abstract

This article proposes authentication specifications and a framework for the fingerprint authentication in the circumstance that the presentation of the user’s biometric information is not supervised. The specifications of the security properties are to certify that the liveness of the user’s fingerprint information is confirmed and that the intention of the user’s authentication is not manipulative or illegal. The framework for compliance with the specification of the fingerprint authentication protocol is proposed. Liveness detection by the fingerprint reader is considered to be essential in these situations. Cryptography and the fresh random number, nonce, are included in the framework. Analysis of the authentication framework shows that the proposed security properties are confirmed, the user’s biometric data is secured and the user’s intention of authentication is preserved.

References

M. Barbosa, et al., "Secure biometric authentication with improved accuracy" in ACISP, New York:Springer, vol. 5107, pp. 21-36, 2008.

D. Hartung, C. Busch, “Biometric Transaction Authentication Protocol, in Proc. of int. Conf. on Emerging Security Information, Systems, and Technologies, 2010, pp. 207–215.

E. Syta,et al., ”Private Eyes: Secure Remote Biometric Authentication,” in Proc. 12th Int. Joint Conf. on e-Business and Telecommunications (ICETE), Colmar, France 2015, pp. 243-250.

A. K. Jain, et al., “Biometrics: A grand challenge,” in Proc. 17th Int. Conf. on Pattern recognition, Cambridge, UK, 2004, pp. 935–942.

S.M. Mudholkar, P.M. Shende, M.V. Sarode, “Biometrics authentication technique for intrusion detection systems using fingerprint recognition,” Int. J. Computer Science, Engineering and Information Technology, vol.2, no.1, pp. 57-65, 2012.

G. Lowe, “Breaking and fixing the Needham-Schroeder public-key protocol using FDR,” in Proc. 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems, London, UK, 1996, pp. 147–166.

G. Lowe, “Towards a completeness result for model checking of security protocols,” J. Computer Security, vol. 7, no.2-3, pp.89-146, 1999.

A. Armando, et al., “The AVISPA tool for the automated validation of Internet security protocols and applications,” in Proc. 17th Int. Conf. Computer Aided Verification, Scotland, UK, 2005, pp.281–285.

B. Blanchet, B. Smyth, “ProVerif 1.93: Automatic cryptographic protocol verifier, user manual and tutorial,” [Internet] [cited June 2016], Available from : https://www.bensmyth.com/publications/2010-ProVerif-manualversion-1.93/.

C. Cremers, “The Scyther tool”, [Internet] [cited June 2016], Available from : https://www.cs.ox.ac.uk/ people/cas.cremers/scyther/.

T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, “Impact of Artificial Gummy Fingers on Fingerprint Systems,” in Proc. SPIE Vol.4677. Optical Security and Counterfeit Deterrence Techniques IV, CA, USA, 2002, pp. 1-18.

A. Ross, A.K. Jain, “Biometrics : When Identity Matters,” in Advance in biometric person authentication, 1st ed., Guangzhou: Springer Berlin Heidelberg, 2004, pp. 1-2.

Tusted Computing Group. TPM main specification [Internet] [cited June 2016], Available from : http://www.trustedcomputinggroup.org/tpm-main-specification/.

D. Dolev, A.C. Yao, “On the Security of Public Key Protocols,” IEEE Trans.Information Theory, vol. 29, no.2, pp. 198-208, 1983.

Downloads

Published

2018-02-05

How to Cite

Salaiwarakul, A. (2018). A Secure Fingerprint Authentication Protocol. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1-5), 59–63. Retrieved from https://jtec.utem.edu.my/jtec/article/view/3627

Issue

Vol. 10 No. 1-5: Breakthrough To Excellence in Communication and Computer Engineering II

Section

Articles

License

TRANSFER OF COPYRIGHT AGREEMENT

The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):

  1. All proprietary right other than copyright, such as patent rights
  2. The right to make further copies of all or part of the published article for my use in classroom teaching
  3. The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
  4. The right to make copies of the published work for internal distribution within the institution that employs me

I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.