A Multi-factor Biometric Based Remote Authentication Using Fuzzy Commitment and Non-invertible Transformation

Biometric-based authentication system offers more undeniable benefits to users than traditional authentication system. However, biometric features seem to be very vulnerable - easily affected by different attacks, especially those happening over transmission network. In this work, we have proposed a novel multi-factor biometric based remote authentication protocol. This protocol is not only resistant against attacks on the network but also protects biometric templates stored in the server’s database, thanks to the combination of fuzzy commitment and non-invertible transformation technologies. The notable feature of this work as compared to previous biometric based remote authentication protocols is its ability to defend insider attack. The server’s administrator is incapable of utilizing information saved in the database by client to impersonate him/her and deceive the system. In addition, the performance of the system is maintained with the support of random orthonormal project, which reduces computational complexity while preserving its accuracy.

[1]  Lifang Wu,et al.  A Face Based Fuzzy Vault Scheme for Secure Online Authentication , 2010, 2010 Second International Symposium on Data, Privacy, and E-Commerce.

[2]  Hisham Al-Assam,et al.  Combining steganography and biometric cryptosystems for secure mutual authentication and key exchange , 2013, ICITST 2013.

[3]  Anil K. Jain,et al.  Hiding Biometric Data , 2003, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Hisham Al-Assam,et al.  A lightweight approach for biometric template protection , 2009, Defense + Commercial Sensing.

[5]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[6]  K. Srinathan,et al.  Blind Authentication: A Secure Crypto-Biometric Verification Protocol , 2010, IEEE Transactions on Information Forensics and Security.

[7]  Jiankun Hu,et al.  A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment , 2011, Secur. Commun. Networks.

[8]  Fengling Han,et al.  Biometric-Kerberos authentication scheme for secure mobile computing services , 2013, 2013 6th International Congress on Image and Signal Processing (CISP).

[9]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[10]  Tran Khanh Dang,et al.  Protecting Biometric Features by Periodic Function-Based Transformation and Fuzzy Vault , 2014, Trans. Large Scale Data Knowl. Centered Syst..

[11]  Xingzhao Liu,et al.  Nonlinear Frequency Scaling Algorithm for High Squint Spotlight SAR Data Processing , 2008, EURASIP J. Adv. Signal Process..

[12]  Nguyen Thi Lan,et al.  An approach to protect Private Key using fingerprint Biometric Encryption Key in BioPKI based security system , 2008, ICARCV 2008.

[13]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[14]  Ahmed Ben Jmaa,et al.  2DPCA fractal features and genetic algorithm for efficient face representation and recognition , 2011, EURASIP J. Inf. Secur..

[15]  Arun Ross,et al.  Multibiometric systems , 2004, CACM.

[16]  Mauro Barni,et al.  eSketch: a privacy-preserving fuzzy commitment scheme for authentication using encrypted biometrics , 2010, MM&Sec '10.

[17]  Yong Wang,et al.  ISAR Imaging of Rotating Target with Equal Changing Acceleration Based on the Cubic Phase Function , 2008, EURASIP J. Adv. Signal Process..