Article

Secure smartcardbased fingerprint authentication

Authors:

T. Charles Clancy,

Negar Kiyavash,

Dennis J. LinAuthors Info & Claims

WBMA '03: Proceedings of the 2003 ACM SIGMM workshop on Biometrics methods and applications

Pages 45 - 52

https://doi.org/10.1145/982507.982516

Published: 08 November 2003 Publication History

Abstract

In this paper, the fundamental insecurities hampering a scalable, wide-spread deployment of biometric authentication are examined, and a cryptosystem capable of using fingerprint data as its key is presented. For our application, we focus on situations where a private key stored on a smartcard is used for authentication in a networked environment, and we assume an attacker can launch o -line attacks against a stolen card.Juels and Sudan's fuzzy vault is used as a starting point for building and analyzing a secure authentication scheme using fingerprints and smartcards called a figerprint vault. Fingerprint minutiae coordinates m_i are encoded as elements in a nite eld F and the secret key is encoded in a polynomial f(x) over F[x]. The polynomial is evaluated at the minutiae locations, and the pairs (m_i, f(m_i)) are stored along with random (c_i, d_i) cha points such that d_i ≠ f(c_i). Given a matching fingerprint, a valid user can seperate out enough true points from the cha points to reconstruct f(x), and hence the original secret key.The parameters of the vault are selected such that the attacker's vault unlocking complexity is maximized, subject to zero unlocking complexity with a matching fingerprint and a reasonable amount of error. For a feature location measurement variance of 9 pixels, the optimal vault is 2⁶⁹ times more difficult to unlock for an attacker compared to a user posessing a matching fingerprint, along with approximately a 30% chance of unlocking failure.

References

[1]

AGRAWAL, D., ARCHAMBEAULT, B., Rao, J., and Rohtagi, P. The em-side channel(s). Workshop on Cryptographic Hardware and Embedded Systems, CHES 2002.]]

Digital Library

[2]

Arora, S., and Khot, S. Fitting algebraic curves to noisy data. ACM Symposium on Theory of Computing, STOC 2002.]]

Digital Library

[3]

Blahut, R. Algebraic Codes for Data Transmission. Cambridge University Press, 2003.]]

[4]

Blahut, R. Modem Theory: An Introduction to Telecommunications. Cambridge University Press, preprint.]]

[5]

Bleichenbacher, D., and Nguyen, P. Q. Noisy polynomial interpolation and noisy chinese remaindering. Advances in Cryptology, EUROCRYPT 2000.]]

[6]

Davida, G., Frankel, Y., and Matt, B. On enabling secure applications through o -line biometric identification. IEEE Symposium on Privacy and Security, 1998.]]

[7]

Guruswami, V., and Sudan, M. Improved decoding of reed-solomon and algebraic-geometric codes. Symposium on Foundations of Computer Science, FOCS 1998.]]

Digital Library

[8]

Hildebrand, F. B. Introduction to Numerical Analysis. McGraw-Hill, 1956.]]

Digital Library

[9]

Jaeger, H., and Nagel, S. Physics of granular states. Science 255, 1524 (1992).]]

[10]

Juels, A., and Sudan, M. A fuzzy vault scheme. ACM Conference on Computer and Communications Security, CCS 2002.]]

[11]

Juels, A., and Wattenberg, M. A fuzzy commitment scheme. ACM Conference on Computer and Communications Security, CCS 1999.]]

Digital Library

[12]

Kocher, P. Timing attacks on implementations of diffe-helmman, rsa, dss, and other systems. Advances in Cryptology, CRYPTO 1996.]]

Digital Library

[13]

Kocher, P., Jaffe, J., and Jun, B. Differential power analysis. Advances in Cryptology, CRYPTO 1999.]]

Digital Library

[14]

Kuhn, M., and Anderson, R. Tamper resistance: A cautionary note. Workshop on Electronic Commerce, USENIX 1996.]]

Digital Library

[15]

Kummerling, O., and Kuhn, M. Design principles for tamper-resistant smartcard processors. Workshop on Smartcard Technology, USENIX 1999.]]

Digital Library

[16]

Looi, M., Ashley, P., Seet, L. T., Au, R., and Vandenwauver, M. Enhancing sesamev4 with smart cards. International Conference on Smartcard Research and Applications, CARDIS 1998.]]

Digital Library

[17]

Massey, J. L. Shift register synthesis and bch decoding. IEEE Transactions on Information Theory 15, 1 (1969), 122--127.]]

[18]

Monrose, F., Reiter, M., and Wetzel, S. Password hardening based on keystroke dynamics. ACM Conference on Computer and Communications Security, CCS 1999.]]

Digital Library

[19]

Nichols, R. K., Ed. ICSA Guide to Cryptography. McGraw-Hill, 1999, ch. Biometric Encryption.]]

Digital Library

[20]

Osterberg, J., Parthasarathy, T., Raghavan, T., and Sclove, S. Development of a mathematical formula for the calculation of fingerprint probabilities based on individual characteristics. Journal of the American Statistical Association 72 (1977), 772--778.]]

[21]

Pankanti, S., Prabhakar, S., and Jain, A. On the individuality of fingerprints. IEEE Transactions on PAMI 24 (2002), 1010--1025.]]

Digital Library

[22]

Sclove, S. The occurance of fingerprint characteristics as a two-dimensional process. Journal of the American Statistical Association 74 (1979), 588--595.]]

[23]

Steinhaus, H. Mathematical Snapshots, 3 ed. Dover, 1992.]]

[24]

Vandenwauver, M., Govaerts, R., and Vandewalle, J. Overview of authentication protocols: Kerberos and sesame. IEEE Carnahan Conference on Security Technology 1997, pp. 108--113.]]

[25]

Verifinger. Neurotechnologija ltd. http://www.neurotechnologija.com.]]

[26]

Ylonen, T. Ssh secure login connections over the internet. Security Symposium, USENIX 1996, pp. 37--42.]]

Digital Library

Cited By

Zhang BChen CLee ILee KOng K(2024)Clustering-based Evaluation Framework of Feature Extraction Approaches for ECG Biometric Authentication2024 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN60899.2024.10651380(1-9)Online publication date: 30-Jun-2024
https://doi.org/10.1109/IJCNN60899.2024.10651380
Bauspieß PSilde TPoljuha MTullot ACostache ARathgeb CKolberg JBusch C(2024)BRAKE: Biometric Resilient Authenticated Key ExchangeIEEE Access10.1109/ACCESS.2024.338091512(46596-46615)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380915
Wang CTang HZhu HZheng JJiang C(2024)Behavioral authentication for security and safetySecurity and Safety10.1051/sands/20240033(2024003)Online publication date: 30-Apr-2024
https://doi.org/10.1051/sands/2024003
Show More Cited By

Index Terms

Secure smartcardbased fingerprint authentication

Recommendations

Construction of a secure two-factor user authentication system using fingerprint information and password

User authentication is highly necessary technology in a variety of services. Many researchers have proposed a two-factor authentication scheme using certificate and OTP, smartcard and password, and so on. Two-factor authentication requires an additional ...
Enabling secure authentication using fingerprint and visual cryptography

Biometrics is the form of information associated with an individual that helps in unique identification and verification at different platforms. The fingerprint is an important biometric information and has become most popular for authentication and ...
Privacy preserving smartcard-based authentication system with provable security

In this paper, we suggest a new privacy preserving smartcard-based password authenticated key exchange SC-PAKE with provable security. Only the user who has two secrets smartcard and password can go through authentication with key exchange while ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WBMA '03: Proceedings of the 2003 ACM SIGMM workshop on Biometrics methods and applications

November 2003

133 pages

ISBN:1581137796

DOI:10.1145/982507

Conference Chairs:
George Bebis
University of Nevada, Reno
,
Nikolaos Bourbakis
Wright State University

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMM: ACM Special Interest Group on Multimedia

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 November 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

329
Total Citations
View Citations
2,515
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)6

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang BChen CLee ILee KOng K(2024)Clustering-based Evaluation Framework of Feature Extraction Approaches for ECG Biometric Authentication2024 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN60899.2024.10651380(1-9)Online publication date: 30-Jun-2024
https://doi.org/10.1109/IJCNN60899.2024.10651380
Bauspieß PSilde TPoljuha MTullot ACostache ARathgeb CKolberg JBusch C(2024)BRAKE: Biometric Resilient Authenticated Key ExchangeIEEE Access10.1109/ACCESS.2024.338091512(46596-46615)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380915
Wang CTang HZhu HZheng JJiang C(2024)Behavioral authentication for security and safetySecurity and Safety10.1051/sands/20240033(2024003)Online publication date: 30-Apr-2024
https://doi.org/10.1051/sands/2024003
Champaneria VPatel SZaveri M(2024)A Novel Approach for Securing Fingerprint Biometrics using Local Minutiae StructureArabian Journal for Science and Engineering10.1007/s13369-024-09626-xOnline publication date: 23-Oct-2024
https://doi.org/10.1007/s13369-024-09626-x
Ren YWang YTan SChen YYang JCalandrino JTroncoso C(2023)Person re-identification in 3D spaceProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620529(5217-5234)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620529
Huang YLi YCai Z(2023)Security and Privacy in Metaverse: A Comprehensive SurveyBig Data Mining and Analytics10.26599/BDMA.2022.90200476:2(234-247)Online publication date: Jun-2023
https://doi.org/10.26599/BDMA.2022.9020047
Rathgeb CTams BMerkle JNesterowicz VKorte UNeu M(2023)Multi-Biometric Fuzzy Vault based on Face and Fingerprints2023 IEEE International Joint Conference on Biometrics (IJCB)10.1109/IJCB57857.2023.10448963(1-10)Online publication date: 25-Sep-2023
https://doi.org/10.1109/IJCB57857.2023.10448963
Wells AUsman A(2023)Privacy and biometrics for smart healthcare systems: attacks, and techniquesInformation Security Journal: A Global Perspective10.1080/19393555.2023.226081833:3(307-331)Online publication date: 3-Oct-2023
https://doi.org/10.1080/19393555.2023.2260818
Wang JGao BTu HLiang HLiu ZLuo WWeng J(2023)Secure and Memorable Authentication Using Dynamic Combinations of 3D Objects in Virtual RealityInternational Journal of Human–Computer Interaction10.1080/10447318.2023.221760840:17(4608-4626)Online publication date: 12-Jun-2023
https://doi.org/10.1080/10447318.2023.2217608
Kaur PKumar N(2023)SIFTBCS: scale invariant feature transform based fuzzy vault scheme in biometric cryptosystemMultimedia Tools and Applications10.1007/s11042-023-16643-983:10(28635-28656)Online publication date: 7-Sep-2023
https://doi.org/10.1007/s11042-023-16643-9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents