Contextual Biometric-Based Authentication for Ubiquitous Services

We introduce and comment on the concept of contextual pseudo identity. A contextual pseudo identity is a soft identity token that is built from both a user's biometric and the context. When it comes to ubiquitous authentication, a contextual pseudo identity promises better security than that offered by traditional biometrics-based identity tokens: the use of context improves the tokens' disposability and renewability, which are two essential properties in the protection of a user's real identity. Our algorithm for generating contextual pseudo identities extends a Fuzzy Embedder so that it accepts both biometric and context-dependent input. We prove that our way of processing the context preserves the security and reliability properties of the Fuzzy Embedder used in our extension. An example shows how a user can utilize contextual pseudo identity to authenticate to and access ubiquitous services.

[1]  Marco Gruteser,et al.  Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis , 2005, Mob. Networks Appl..

[2]  Nikolay Mehandjiev,et al.  Engineering Environment-Mediated Multi-Agent Systems , 2008 .

[3]  Gabriele Lenzini Design of Architectures for Proximity-aware Services: Experiments in Context-based Authentication with Subjective Logic , 2009, Electron. Notes Theor. Comput. Sci..

[4]  Pieter H. Hartel,et al.  Embedding Renewable Cryptographic Keys into Continuous Noisy Data , 2008, ICICS.

[5]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[6]  Johan Koolwaaij,et al.  Introducing IYOUIT , 2008, International Semantic Web Conference.

[7]  Steffen Staab,et al.  The Semantic Web - ISWC 2008, 7th International Semantic Web Conference, ISWC 2008, Karlsruhe, Germany, October 26-30, 2008. Proceedings , 2008, SEMWEB.

[8]  Gabriele Lenzini Trust-Based and Context-Aware Authentication in a Software Architecture for Context and Proximity-Aware Services , 2008, WADS.

[9]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[10]  Jakob E. Bardram,et al.  Context-Aware User Authentication - Supporting Proximity-Based Login in Pervasive Computing , 2003, UbiComp.

[11]  Franco Zambonelli,et al.  Engineering Contextual Information for Pervasive Multiagent Systems , 2008, EEMMAS.

[12]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[13]  Franco Zambonelli,et al.  A Simple Model and Infrastructure for Context-Aware Browsing of the World , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[14]  Sharath Pankanti,et al.  Guide to Biometrics , 2003, Springer Professional Computing.

[15]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[16]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[17]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[18]  Anind K. Dey,et al.  UbiComp 2003: Ubiquitous Computing , 2003, Lecture Notes in Computer Science.

[19]  Christoph Busch,et al.  Biometric template protection , 2009, Datenschutz und Datensicherheit - DuD.

[20]  Johan Koolwaaij,et al.  Share Whatever You Like , 2008, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[21]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.