access icon free Privacy preserving biometric-based remote authentication with secure processing unit on untrusted server

Biometric-based authentication systems offer undeniable benefits to users. However, biometric features are vulnerable to attacks, especially those happening over transmission network or at the stored biometric templates. In this work, we propose a novel biometric-based remote authentication framework to deal with malicious attacks over the transmission channel and at the untrusted server. More concretely, the proposed framework is not only resistant against attacks on the network but also protects biometric templates stored in the untrusted server's database, thanks to the combination of fuzzy commitment protocol and non-invertible transformation techniques. The notable feature as compared to previous biometric based remote authentication framework is its ability to defend the sensitive data against different kinds of insider attacks. The server's administrator is incapable of utilizing information saved in its database to impersonate the clients and deceive the whole system because secure computing in the server is guaranteed by employing a secure coprocessor embedded in the server. In addition, the system performance is maintained with the support of random orthonormal project, which reduces computational complexity while preserving its accuracy.

Inspec keywords: message authentication; cryptographic protocols; computer network security; computational complexity; network servers; fuzzy set theory; coprocessors; data privacy; authorisation

Other keywords: secure processing unit; insider attacks; secure coprocessor; novel biometric-based remote authentication framework; untrusted server database; computational complexity reduction; fuzzy commitment protocol technique; transmission network; stored biometric templates; untrusted server; transmission channel; noninvertible transformation techniques; privacy preserving biometric-based remote authentication; secure computing; malicious attacks; biometric features; biometric-based authentication systems; noninvertible transformation technique

Subjects: Microprocessors and microcomputers; Networking equipment; Computer communications; Microprocessor chips; Data security; Computer networks and techniques; Cryptography

References

    1. 1)
      • 1. Jain, A.K., Ross, A.: ‘Multibiometric systems’, Commun. ACM, 2004, 47, (1), pp. 3440.
    2. 2)
      • 26. Hisham, A.-A., Harin, S., Sabah, J.: ‘A lightweight approach for biometric template protection’. Proc. of SPIE, 2009.
    3. 3)
      • 11. Dang, T.K., Huynh, V.Q.P., Truong, Q.H.: ‘A hybrid template protection approach using secure sketch and ANN for strong biometric key generation with revocability guarantee’, Int. Arab J. Inf. Technol., 2018, 15, (2), pp. 331340.
    4. 4)
      • 29. Dang, T.K.: ‘A practical solution to supporting oblivious basic operations on dynamic outsourced search trees’, Int. J. Comput. Syst. Sci. Eng., 2006, 21, (1), pp. 5364.
    5. 5)
      • 17. Xi, K., Ahmad, T., Han, F., et al: ‘A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment’, Secur. Commun. Netw., 2011, 4, (5), pp. 487499.
    6. 6)
      • 18. Hisham, A.-A., Rasber, R., Sabah, J.: ‘Combining steganography and biometric cryptosystems for secure mutual authentication and key exchange’. The 8th Int. Conf. for Internet Technology and Secured Transactions (ICITST), 2013, pp. 369374.
    7. 7)
      • 25. Juels, A., Wattenberg, M.: ‘A fuzzy commitment scheme’. Proc. of the 6th ACM Conf. on Computer and communications security, Singapore, 1999, pp. 2836.
    8. 8)
      • 28. Dang, T.K.: ‘Security issues in outsourced XML databases’. IT Outsourcing: Concepts, Methodologies, Tools, and Applications, 2010, pp. 20522081.
    9. 9)
      • 24. Nguyen, T.A.T., Dang, T.K.: ‘Protecting biometrics using fuzzy extractor and non-invertible transformation methods in Kerberos authentication protocol’, LNCS Trans. Large-Scale Data- and Knowledge-Centered Syst XXXI, 2016, 10140, p. 19.
    10. 10)
      • 20. Fengling, H., Alkhathami, M., Van Schyndel, R.: ‘Biometric-Kerberos authentication scheme for secure mobile computing services’. The 6th Int. Congress on Image and Signal Processing (CISP), 2013, pp. 16941698.
    11. 11)
      • 15. Iovane, G., Bisogni, C., Maio, L.D., et al: ‘An encryption approach using information fusion techniques involving prime numbers and face biometrics’, IEEE Trans. Sustain. Comput., 2018, pp. 11, DOI: 10.1109/TSUSC.2018.2793466.
    12. 12)
      • 10. Jain, A.K., Nandakumar, K., Nagar, A.: ‘Biometric template security’, EURASIP J. Adv. Signal Process., 2008, 2008, pp. 117.
    13. 13)
      • 34. Maas, M.C., Love, E., Stefanov, E., et al: ‘Phantom: practical oblivious computation in a secure processor’, Proc of the 2013 ACM SIGSAC conference on Computer & communications security, Berlin, Germany, 2013, pp. 311324.
    14. 14)
      • 38. Mishra, D., Kumari, S., Khan, M.K., et al: ‘An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems’, Int. J. Commun. Syst., 2017, 30, (1), DOI: 10.1002/dac.2946.
    15. 15)
      • 4. Nguyen, T.A.T., Dang, T.K., Truong, Q.C., et al: ‘Secure biometric-based remote authentication protocol using Chebyshev polynomials and fuzzy extractor’. AUN/SEED-Net Reginal Conf. on Computer and Information Engineering, 2017.
    16. 16)
      • 27. Benzekki, K., Fergougui, A.E., Alaoui, A.E.B.E.: ‘A secure cloud computing architecture using homomorphic encryption’, Int. J. Adv. Comput. Sci. Appl., 2016, 7, (2), p. 6.
    17. 17)
      • 30. Nguyen, T.A.T., Dang, T.K.: ‘Enhanced security in internet voting protocol using blind signature and dynamic ballots’, Electron. Commer. Res., 2013, 13, (3), pp. 257272.
    18. 18)
      • 23. Nguyen, T.A.T., Nguyen, D.T., Dang, T.K.: ‘A multi-factor biometric based remote authentication using fuzzy commitment and non-invertible transformation’. Information and Communication Technology: Third IFIP TC 5/8 Int. Conf., ICT-EurAsia 2015, and 9th IFIP WG 8.9 Working Conference, CONFENIS 2015, Held as Part of WCC 2015, Daejeon, Korea, October 4–7, 2015, Proceedings, I. Khalil, et al., Editors, Springer International Publishing, Cham, 2015, pp. 7788.
    19. 19)
      • 13. Lifang, W., Songlong, Y.: ‘A face based fuzzy vault scheme for secure online authentication’. Second Int. Symp. on Data, Privacy and E-Commerce (ISDPE), 2010, pp. 4549.
    20. 20)
      • 2. Rathgeb, C., Uhl, A.: ‘A survey on biometric cryptosystems and cancelable biometrics’, EURASIP J. Inf. Secur., 2011, 2011, (1), pp. 125.
    21. 21)
      • 32. Anderson, R., Bond, M., Clulow, J., et al: ‘Cryptographic processors – a survey’, Proc. IEEE, 2006, 94, (2), pp. 357369.
    22. 22)
      • 3. Maneesh, U., Anoop, M.N., Kannan, S., et al: ‘Blind authentication: a secure crypto-biometric verification protocol’, IEEE Trans. Inf. Forensics Sec., 2010, 5, (2), pp. 255268.
    23. 23)
      • 9. Sood, S.K., Sarje, A.K., Singh, K.: ‘A secure dynamic identity based authentication protocol for multi-server architecture’, J. Netw. Comput. Appl., 2011, 34, (2), pp. 609618.
    24. 24)
      • 19. Jain, A.K., Uludag, U.: ‘Hiding biometric data’, IEEE Trans. Pattern Anal. Mach. Intell., 2003, 25, (11), pp. 14941498.
    25. 25)
      • 7. Manik Lal Das, A.S., Gulati, V. P.: ‘A dynamic ID-based remote user authentication scheme’, IEEE Trans. Consum. Electron., 2004, 50, (2), pp. 629631.
    26. 26)
      • 16. Nguyen, T.H.L., Nguyen, T.T.H.: ‘An approach to protect private key using fingerprint biometric encryption key in BioPKI based security system’. The 10th Int. Conf. on Control, Automation, Robotics and Vision, ICARCV, 2008, pp. 15951599.
    27. 27)
      • 36. Gentry, C., Boneh, D.: ‘A fully homomorphic encryption scheme’, ‘Stanford University Stanford’, 2009, 20, (9), p. 199.
    28. 28)
      • 8. Yoon, E.-J., Yoo, K.-Y.: ‘Improving the dynamic ID-based remote mutual authentication scheme’, in Meersman, R., Tari, Z., Herrero, P., (Eds.): ‘On the move to meaningful internet systems 2006’ (Springer Berlin Heidelberg, Berlin, Heidelberg), 2006, pp. 499507.
    29. 29)
      • 5. Lamport, L.: ‘Password authentication with insecure communication’, Commun. ACM, 1981, 24, (11), pp. 770772.
    30. 30)
      • 22. Lee, C.-C., Hsu, C.-W.: ‘A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps’, Nonlinear Dyn., 2013, 71, (1), pp. 201211.
    31. 31)
      • 14. Failla, P., Sutcu, Y., Barni, M.: ‘Esketch: a privacy-preserving fuzzy commitment scheme for authentication using encrypted biometrics’. Proc. of the 12th ACM Workshop on Multimedia and Security, Roma, Italy, 2010, pp. 241246.
    32. 32)
      • 31. IBM cryptographic coprocessor, 2018 March 15’, 2018. Available from: https://www-03.ibm.com/security/cryptocards/hsms.shtml.
    33. 33)
      • 21. Zhang, M., Zhang, J., Zhang, Y.: ‘Remote three factor authentication scheme based on fuzzy extractors’, Secur. Commun. Netw., 2015, 8, (4), pp. 682693.
    34. 34)
      • 37. Nguyen, T.A.T., Dang, T.K.: ‘Combining fuzzy extractor in biometric-Kerberos based authentication protocol’. Int. Conf. on Advanced Computing and Appications, Ho Chi Minh, Vietnam, 2015, pp. 16.
    35. 35)
      • 12. Dang, T.K., Truong, Q.C., Le, T.B.T., et al: ‘A combination of fuzzy vault and periodic transformation for cancelable biometric template. IET biometrics’ (The Institution of Engineering and Technology, United Kingdom, 2016), vol. 5, pp. 229235.
    36. 36)
      • 6. Shamir, A.: ‘Identity-based cryptosystems and signature schemes’, in Blakley, G.R., Chaum, D., (Eds.): ‘Advances in cryptology: proceedings of CRYPTO 84’ (Springer Berlin Heidelberg, Berlin, Heidelberg, 1985), pp. 4753.
    37. 37)
      • 33. Fletcher, C.W., Dijk, M.V., Devadas, S.: ‘A secure processor architecture for encrypted computation on untrusted programs’. Proc. of the Seventh ACM Workshop on Scalable Trusted Computing, 2012, pp. 38.
    38. 38)
      • 35. Chhabra, S., Solihin, Y., Lal, R., et al: ‘An analysis of secure processor architectures’, Trans. Comput. Sci., 2010, 7, pp. 101121.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-bmt.2018.5101
Loading

Related content

content/journals/10.1049/iet-bmt.2018.5101
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading