Secure pairing with biometrics

Secure pairing enables two devices that share no prior context with each other to agree upon a security association, which they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping and to a man-in the middle attack. We propose the SAfE pairing system, a user friendly solution to this problem. Details are presented along with a discussion of the security features, experimental validation with two types of biometric data (face recognition and hand grip pressure pattern) and a usability analysis for face recognition biometric pairing.

[1]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[2]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[3]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[4]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[5]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[6]  Raymond N. J. Veldhuis,et al.  Comparing landmarking methods for face recognition , 2005 .

[7]  Pieter H. Hartel,et al.  Fuzzy extractors for continuous distributions , 2006, ASIACCS '07.

[8]  Luuk J. Spreeuwers,et al.  The Effect of Image Resolution on the Performance of a Face Recognition System , 2006, 2006 9th International Conference on Control, Automation, Robotics and Vision.

[9]  Pieter H. Hartel,et al.  Biometric verification based on grip-pattern recognition , 2004, IS&T/SPIE Electronic Imaging.

[10]  Tsuhan Chen,et al.  Biometrics-based cryptographic key generation , 2004, 2004 IEEE International Conference on Multimedia and Expo (ICME) (IEEE Cat. No.04TH8763).

[11]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[12]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[13]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[14]  Tim Kindberg,et al.  Secure Spontaneous Device Association , 2003, UbiComp.

[15]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[16]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[17]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[19]  Avishai Wool,et al.  Cracking the Bluetooth PIN , 2005, MobiSys '05.

[20]  Paul A. Viola,et al.  Rapid object detection using a boosted cascade of simple features , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[21]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[22]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[23]  Pieter H. Hartel,et al.  Secure Ad-hoc Pairing with Biometrics: SAfE , 2007 .