Journal of Computers, Vol 6, No 6 (2011), 1206-1212, Jun 2011
doi:10.4304/jcp.6.6.1206-1212

A Framework for Token and Biometrics Based Authentication in Computer Systems

Jian De Zheng

Abstract


User authentication is of vital importance to the security of computer systems. This paper proposes a new framework for multifactor authentication using token and various biometrics, such as fingerprint, retina scan, hand geometry and face pattern, which allows the authenticator, usually runs as a  sever, to store only cipher texts, instead of the plaintexts of the biometrics templates, so as to reduce the risk of disclosing personal data of users. Another advantage of the framework is that the biometrics templates are bound to the private key inside the token therefore cannot be modified by changing server-resident data. The framework is based on a special challenge-response protocol, which is used to authenticate the token and decrypt the cipher texts of biometrics at the same time, such that live biometrics samples collected from the token owners can be matched to the recovered templates. Besides principles and architecture, a cryptographic study of the framework is also presented, which focuses on a formal proof for the security of the new protocol, under the Random Oracle Model. 


Keywords


Computer security; Authentication protocol; Token; Biometrics

References


[1] International Biometric Group, Biometrics Market and Industry Report 2007-2012, Obtained through internet: http://www.biometricgroup.com, 2007

[2] A, Alterman, “A piece of yourself: Ethical issues in biometric identification”, Ethics and Information Technology, vol. 5 (3), 2003
doi:10.1023/B:ETIN.0000006918.22060.1f

[3] S.Drimer, S. J Murdoch, .R. Anderson, “Thinking inside the box: system-level failures of tamper proofing”, Technical Report UCAM-CL-TR-711.Computer Laboratory, University of Cambridge, 2008

[4] U. Uludag, S. Pankanti, S. Prabhakar et al., “Biometric cryptosystems: issues and challenges”, Proceedings of the IEEE, vol. 92(6), pp. 948-960, 2004
doi:10.1109/JPROC.2004.827372

[5] Y. Dodis, L. Reyzin and A. Smith, “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data”, Proceedings from Advances in Cryptology - EuroCrypt, 2004

[6] A Shamir, “Identity based cryptosystems and signature schemes”, LNCS 196. New York: Springer-Verlag, pp. 47- 53, 1985

[7] R. Cramer and V. Shoup, “Signature schemes based on the strong RSA assumption”, IBM Research Report RZ 3083. 1998

[8] D. Pointcheval, and J. Stern, “Security Proofs for Signature Schemes”, In “Advances in Cryptology - Proceedings of EUROCRYPT '96”, U. Maurer eds. LNCS 1070, Springer-Verlag, 1997, pp. 387-398

[9] N. K. Ratha, J. H. Connell, and R. M. Bolle, “Enhancing security and privacy in biometrics-based authentication systems”, IBM SYSTEMS JOURNAL, vol. 40(3), 2001
doi:10.1147/sj.403.0614

[10] B. Schneier, Applied cryptography, New York: John Wiley & Sons, 1996

[11] T. K. Lorne, DNA Fingerprinting: An Introduction (Breakthroughs in Molecular Biology), Oxford University Press, 1993
PMCid:360138


Full Text: PDF


Journal of Computers (JCP, ISSN 1796-203X)

Copyright @ 2006-2013 by ACADEMY PUBLISHER – All rights reserved.