Trusted user authentication scheme combining password with fingerprint for mobile devices

Mobile equipment (ME) playing an important role of bridge between wireless network and mobile user has been facing more and more security threats. Trusted mobile platform (TMP) was proposed by TCG (trusted computing group) as a new mechanism to enhance the security of the resource-constrained ME. In this paper, we embark a new study on constructing a TMP according to ME's feature, and performing mutual authentication in mobile user domain. A smart-phone's processor is used as an example to demonstrate the constructing of TMP, along with which three methods for adding trusted platform module (TPM) in ME are presented respectively. In the framework of TMP, we also propose a user authentication scheme combining password and fingerprint with the USIM (universal subscriber identity module). The proposed scheme is validated through a performance analysis and experimental test. The validation result shows that our approach offers better efficiency and advanced security over the authentication scheme presented in TMP's draft standard. It also outperforms TCG's user authorization scheme by providing improved security, flexibility and universality.

[1]  Patrick George User Authentication with Smart Cards in Trusted Computing Architecture , 2004, Security and Management.

[2]  Guido Bertoni,et al.  Architectures for Advanced Cryptographic Systems , 2004 .

[3]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[4]  M. McLoone,et al.  Fast Montgomery modular multiplication and RSA cryptographic processor architectures , 2003, The Thrity-Seventh Asilomar Conference on Signals, Systems & Computers, 2003.

[5]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[6]  Douglas Stebila,et al.  Performance analysis of elliptic curve cryptography for SSL , 2002, WiSE '02.

[7]  Daniel Thull,et al.  Performance considerations for an embedded implementation of OMA DRM 2 , 2005, Design, Automation and Test in Europe.

[8]  David Naccache,et al.  Mobile Terminal Security , 2004, IACR Cryptol. ePrint Arch..

[9]  Sharath Pankanti,et al.  An identity-authentication system using fingerprints , 1997, Proc. IEEE.

[10]  Yacov Yacobi,et al.  Privacy and Authentication on a Portable Communications System , 1993, IEEE J. Sel. Areas Commun..

[11]  Ntt Docomo Trusted Mobile Platform Software Architecture Description 10 / 27 / 2004 Trusted Mobile Platform , 2004 .

[12]  Jia-Hong Dai,et al.  An embedded fingerprint authentication system with reduced hardware resources requirement , 2005, Proceedings of the Ninth International Symposium on Consumer Electronics, 2005. (ISCE 2005)..

[13]  Srivaths Ravi,et al.  Efficient fingerprint-based user authentication for embedded systems , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[14]  Kaoru Uchida Fingerprint-based user-friendly interface and pocket-PID for mobile authentication , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[15]  Barbara Gengler Reports: Trusted Computing Platform Alliance , 2001 .

[16]  Boris Balacheff,et al.  Securing Intelligent Adjuncts Using Trusted Computing Platform Technology , 2000, CARDIS.

[17]  Helen J. Wang,et al.  Smart-Phone Attacks and Defenses , 2004 .