Abstract
In this paper, we propose a secure and scalable solution for user authentication by using fingerprint verification on the sensor-client-server model, even with the client that is not necessarily trusted by the sensor holder or the server. In a typical implementation of fingerprint verification on the sensor-client-server model, the most time consuming step of the fingerprint verification, i.e., feature extraction, is assigned to a client because of real-time, scalability, and privacy issues. Compared to either a sensor or a server, however, the client connected to an open network and maintained by an individual user may be more vulnerable to Trojan Horse attacks. To protect Trojan Horse attacks launched at the untrusted client, our protocol has the fingerprint sensor to validate the result computed by the client for the feature extraction. However, the validation should be simple so that the resource-constrained fingerprint sensor can validate it in real-time. To solve this problem, we separate the feature extraction into binarization and minutiae extraction, and assign the time-consuming binarization to the client. After receiving the result of binarization from the client, the sensor conducts a simple validation algorithm to check the result, and then performs minutiae extraction and sends the extracted minutiae to the server. Based on the experimental results, the proposed solution for fingerprint verification can be performed on the sensor-client-server model securely, scalablely, and in real-time with the aid of an untrusted client.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Jain, A., Bole, R., Panakanti, S.: Biometrics: Personal Identification in Networked Society. Kluwer Academic Publishers, Dordrecht (1999)
Maltoni, D., et al.: Handbook of Fingerprint Recognition. Springer, Heidelberg (2003)
Bolle, R., Connell, J., Ratha, N.: Biometric Perils and Patches. Pattern Recognition 35, 2727–2738 (2002)
Schneier, B.: The Uses and Abuses of Biometrics. Communications of the ACM 42(8), 136 (1999)
Prabhakar, S., Pankanti, S., Jain, A.: Biometric Recognition: Security and Privacy Concerns. IEEE Security and Privacy, 33–42 (2003)
X9.84, Biometrics Information Management and Security For The Financial Services Industry, ANSI (2000)
Maio, D., et al.: FVC2004: Third fingerprint verification competition. In: Zhang, D., Jain, A.K. (eds.) ICBA 2004. LNCS, vol. 3072, pp. 1–7. Springer, Heidelberg (2004)
Chung, Y., et al.: Workload dispatch planning for real-time fingerprint authentication on a sensor-client-server model. In: Liew, K.-M., Shen, H., See, S., Cai, W. (eds.) PDCAT 2004. LNCS, vol. 3320, pp. 833–838. Springer, Heidelberg (2004)
Sony, http://www.sony.com
Moon, D., et al.: Performance Analysis of the Match-on-Card System for the Fingerprint Authentication. In: Proc. of International Workshop on Information Security Applications, pp. 449–459 (2001)
Maio, D., Maltoni, D.: A Secure Protocol for Electronic Commerce based on Fingerprints and Encryption. In: Proc. of Conf. on Systems, Cybernetics, and Informatics, pp. 519–525 (1999)
Jain, A., Uludag, U.: Hiding Fingerprint Minutiae in Images. In: Proc. of AutoID, pp. 97–102 (2002)
Pan, S., et al.: A Memory-Efficient Fingerprint Verification Algorithm using A Multi-Resolution Accumulator Array for Match-on-Card. ETRI Journal 25(3), 179–186 (2003)
Feigenbaum, J.: Encrypting problem instances. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 477–488. Springer, Heidelberg (1986)
Lim, C., Lee, P.: Security and performance of server-aided RSA computation protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 70–83. Springer, Heidelberg (1995)
Stallings, W.: Cryptography and Network Security. Pearson Ed. Inc, London (2003)
NiGen, http://www.nitgen.com
Garris, M., et al.: User’s Guide to NIST Fingerprint Image Software. In: NIST
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chung, Y., Moon, D., Kim, T., Pan, S. (2005). A Secure Fingerprint Authentication System on an Untrusted Computing Environment. In: Katsikas, S., López, J., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2005. Lecture Notes in Computer Science, vol 3592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11537878_30
Download citation
DOI: https://doi.org/10.1007/11537878_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28224-2
Online ISBN: 978-3-540-31796-8
eBook Packages: Computer ScienceComputer Science (R0)