An Authentication Protocol Based on Combined RFID-Biometric System RFID-Biometric System

Radio Frequency Identification (RFID) and biometric technologies saw fast evolutions during the last years and which are used in several applications, such as access control. Among important characteristics in the RFID tags, we mention the limitation of resources (memory, energy, …). Our work focuses on the design of a RFID authentication protocol which uses biometric data and which confirms the secrecy, the authentication and the privacy. Our protocol requires a PRNG (Pseud-Random Number Generator), a robust hash function and Biometric hash function. The Biometric hash function is used to optimize and to protect biometric data. For Security analysis of protocol proposed, we will use AVISPA and SPAN tools to verify the authentication and the secrecy. Keywords-component; RFID; authentication protocol; biometric; security. I. INTRODUCTION At present, the problem of access control is very important in several applications. Physical access control consists in verifying if a person asking to reach a zone (e.g. building, office, parking, laboratory, etc.), has the right necessities to make it. The protocols of identity verification which allow access are called the authentication protocols. They answer the following two questions: "Who am I?" and "Am I really the person who is proceeding?". Answer to this first question is based on the recognition or the identification of the user which consists in associating an identity to a person, such as a smartcard or a RFID tag. Concerning the second question which articulates on the verification or the authentication of the user, it gives permission to a proclaimed identity. In other terms, it consists in identifying a user from one or several physiological characteristics (fingerprints, face, iris, etc.), or behavioural (signature, measure, etc.). These techniques are called Biometric Methods (14). Among techniques and systems of identification which were developed quickly during the last years, we can notice that Radiofrequency identification (RFID) that is used in different domains (health, supply chain, access control, etc.). The RFID systems consist of three entities: (1) the tag (or the label) is a small electronic device, supplemented with an antenna that can transmit and receive data, (2) the reader which communicates with the tag by radio waves and (3) the server (or database, back-end) which uses information obtained from the reader for useful purposes. The main characteristic of a RFID system is the limitation of resources (memory, the processor, the consumption of energy, etc. …); on the other hand, these systems are necessary to assure security in all the levels of the system. Major difference between a RFID tag and a contactless smartcard is the limitation of computer resources. In RFID systems, several authentication protocols have been developed (4,5,6,7). Difference between these techniques lies in the realized properties of security and the complexity of implementation. Most of these protocols answer the first question only "Who am I? ". On the contrary systems with smartcards there are several authentication protocols based on the biometric technology, we mention here (8,9,10). This paper, we propose an authentication protocol based on the combination between a RFID system and a biometric system. We verify secrecy, authentication of the tag and authentication of the reader by AVISPA&SPAN tools (1,2). The conceived protocol protects the privacy of the user. To estimate these performances, we will compare it with the other RFID protocols and the biometric protocols of smart cards.

[1]  Hatim Aboalsamh A potable biometric access device using dedicated fingerprint processor , 2010 .

[2]  Dong Hoon Lee,et al.  Efficient Authentication for Low-Cost RFID Systems , 2005, ICCSA.

[3]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[4]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[5]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[6]  Hung-Yu Chien,et al.  A Lightweight RFID Protocol Using Substring , 2007, EUC.

[7]  Chin-Chen Chang,et al.  An Improved Biometrics-based User Authentication Scheme without Concurrency System , 2010, International Journal of Intelligent Information Processing.

[8]  Nasir D. Memon,et al.  A secure biometric authentication scheme based on robust hashing , 2005, MM&Sec '05.

[9]  Yannick Chevalier,et al.  A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols , 2004 .

[10]  Binod Vaidya,et al.  A Decentralized RFID Authentication Solution for Embedded Systems , 2009, 2009 Fourth International Conference on Systems and Networks Communications.

[11]  Kwangjo Kim,et al.  RFID mutual Authentication Scheme based on Synchronized Secret Information , 2006 .

[12]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[13]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[14]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Y.-C. Lee,et al.  An Improvement on RFID Authentication Protocol with Privacy Protection , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[17]  Sjouke Mauw,et al.  Untraceability of RFID Protocols , 2008, WISTP.