Feeling is Believing: a location limited channel based on grip pattern biometrics and cryptanalysis

We use grip pattern based biometrics as a location limited channel to achieve pre-authentication in a protocol that sets up a secure cannel between two handheld devices. The protocol efficiently calculates a shared secret key from biometric data using quantization and cryptanalysis. The protocol is used in an application where grip pattern based biometrics is used to control access to police hand guns.

[1]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[2]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[3]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[4]  Frank Stajano,et al.  Multi-channel Protocols , 2005, Security Protocols Workshop.

[5]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[7]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[8]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[9]  Pieter H. Hartel,et al.  Biometric verification based on grip-pattern recognition , 2004, IS&T/SPIE Electronic Imaging.

[10]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[11]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[12]  Diana K. Smetters,et al.  In search of usable security: five lessons from the field , 2004, IEEE Security & Privacy Magazine.

[13]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[14]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.