Finger Print Based Authentication and Key Exchange System Secure Against Dictionary Attack

Summary The Biometric based user authentication systems are highly secured and efficient to use and place total trust on the authentication server where biometric verification data are stored in a central database. Such systems are, prone to dictionary attacks initiated at the server side. Compromise of the authentication server by either outsiders or insiders do all user private data to exposure and may have serious repercussions to an organization. In this paper, we present a practical fingerprint based user authentication and key exchange system. In this system, the minutia extracted from the fingerprint is stored in the encrypted form in the server’s database, to overcome the dictionary attacks mounted by the server. The image processing techniques are used to extract a biometric measurement from the fingerprint image. During login procedure the mutual authentication is done between the server and user and a symmetric key is generated on both sides, which could be used for further secure communication between them. Thus meet-in-the middle attack that happens between the user and the server can also be overcome. This system can be directly applied to strengthen existing password or biometric based systems without requiring additional computation.

[1]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[2]  Robert H. Deng,et al.  A practical password-based two-server authentication and key exchange system , 2006, IEEE Transactions on Dependable and Secure Computing.

[3]  Anil K. Jain,et al.  Fingerprint Image Enhancement: Algorithm and Performance Evaluation , 1998, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Ari Juels,et al.  A New Two-Server Approach for Authentication with Short Secrets , 2003, USENIX Security Symposium.

[5]  Boualem Boashash,et al.  Fingerprint feature extraction using block-direction on reconstructed images , 1997, TENCON '97 Brisbane - Australia. Proceedings of IEEE TENCON '97. IEEE Region 10 Annual Conference. Speech and Image Technologies for Computing and Telecommunications (Cat. No.97CH36162).

[6]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[7]  Robert H. Deng,et al.  A New Architecture for User Authentication and Key Exchange Using Password for Federated Enterprises , 2005, SEC.

[8]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.