基于双线性映射的三因子远程身份认证协议研究

为了提高多服务器环境身份认证的安全性,降低计算复杂度,提出一种基于双线性映射的三因子认证协议,这些因子包括生物信息、智能卡和双线性映射密码。该协议包括系统设置、服务器注册、用户注册、登录、认证和密钥协商,以及密码更新六个阶段,其中,生物因子和智能卡作为核心因子涉及注册、登录、认证和更改阶段。Oracle形式化证明验证了该协议的安全性,攻击者无法得到标志、密码、生物特征信息等,可以实现密钥协商和双向身份认证。与其他相关协议相比,该协议在安全特征、智能卡存储成本、通信成本等方面具有一定优势。     

A review on performance,security and various biometric template protection schemes for biometric authentication systems

Identifying a person based on their behavioral and biological qualities in an automated manner is called biometrics. The authentication system substituting traditional password and token for authentication and relies gradually on biometric authentication methods for verification of the identity of an individual. This proves the fact that society has started depending on biometric-based authentication systems. Security of biometric authentication needs to be reviewed and discussed as there are multiple points related to integrity and public reception of biometric-based authentication systems. Security and recognition accuracy are the two most important aspects which must be considered while designing biometric authentication systems. During enrollment phase scanning of biometric data is done to determine a set of distinct biometric feature set known as biometric template. Protection of biometric templates from various hacking efforts is a topic of vital importance as unlike passwords or tokens, compromised biometric templates cannot be reissued. Therefore, giving powerful protection techniques for biometric templates and still at that very moment preparing great identification accuracy is a good research problem nowadays, as well as in the future. Furthermore, efficiency under non-ideal conditions is also supposed to be inadequate and thus needs special attention in the design of a biometric authentication system. Disclosure of various biometric traits in miscellaneous applications creates a severe compromise on the privacy of the user. Biometric authentication can be utilized for remote user authentication. In this case, the biometric data of users typically called templates are stored in a server. The uniqueness and stability of biometrics ended it useful over traditional authentication systems. But, a similar thing made the enduring harm of a user’s identity in biometric systems. The architecture of the biometric system leads to several hazards that lead to numerous security concerns and privacy threats. To address this issue, biometric templates are secured using several schemes that are categorized as biometric cryptosystems, cancelable biometrics, hybrid methods, Homomorphic Encryption, visual cryptography based methods. Biometric cryptosystems and cancelable biometrics techniques provide reliable biometric security at a great level. However, there persist numerous concerns and encounters that are being faced during the deployment of these protection technologies. This paper reviews and analyses various biometric template protection methods. This review paper also reflects the limitations of various biometric template protection methods being used in present times and highlights the scope of future work.

     

A non-intrusive biometric authentication mechanism utilising physiological characteristics of the human head

This paper proposes and evaluates a non-intrusive biometric authentication technique drawn from the discrete areas of biometrics and Auditory Evoked Responses. The technique forms a hybrid multi-modal biometric in which variations in the human voice due to the propagation effects of acoustic waves within the human head are used to verify the identity of a user. The resulting approach is known as the Head Authentication Technique (HAT). Evaluation of the HAT authentication process is realised in two stages. First, the generic authentication procedures of registration and verification are automated within a prototype implementation. Second, a HAT demonstrator is used to evaluate the authentication process through a series of experimental trials involving a representative user community. The results from the trials confirm that multiple HAT samples from the same user exhibit a high degree of correlation, yet samples between users exhibit a high degree of discrepancy. Statistical analysis of the prototype performance realised system error rates of 6% False Non-Match Rate (FNMR) and 0.025% False Match Rate (FMR).     

Personal verification based on extraction and characterisation of retinal feature points

This paper describes a methodology of verification of individuals based on a retinal biometric pattern. The pattern consists in feature points of the retinal vessel tree, namely bifurcations and crossovers. These landmarks are detected and characterised adding semantic information to the biometric pattern. The typical authentication process of a person once extracted the biometric pattern includes matching it with the stored pattern for the authorised user obtaining a similarity value between them. A matching algorithm and a deep analysis of similarity metrics performance is presented. The semantic information added for the feature points allows to reduce the computation load in the matching process as only points classified equally can be matched. The system is capable of establishing a safe confidence band in the similarity measure space between scores for patterns of the same individual and between different individuals.     

Innovative Hetero-Associative Memory Encoder (HAMTE) for Palmprint Template Protection

Many types of research focus on utilizing Palmprint recognition in user identification and authentication. The Palmprint is one of biometric authentication (something you are) invariable during a person’s life and needs careful protection during enrollment into different biometric authentication systems. Accuracy and irreversibility are critical requirements for securing the Palmprint template during enrollment and verification. This paper proposes an innovative HAMTE neural network model that contains Hetero-Associative Memory for Palmprint template translation and projection using matrix multiplication and dot product multiplication. A HAMTE-Siamese network is constructed, which accepts two Palmprint templates and predicts whether these two templates belong to the same user or different users. The HAMTE is generated for each user during the enrollment phase, which is responsible for generating a secure template for the enrolled user. The proposed network secures the person’s Palmprint template by translating it into an irreversible template (different features space). It can be stored safely in a trusted/untrusted third-party authentication system that protects the original person’s template from being stolen. Experimental results are conducted on the CASIA database, where the proposed network achieved accuracy close to the original accuracy for the unprotected Palmprint templates. The recognition accuracy deviated by around 3%, and the equal error rate (EER) by approximately 0.02 compared to the original data, with appropriate performance (approximately 13 ms) while preserving the irreversibility property of the secure template. Moreover, the brute-force attack has been analyzed under the new Palmprint protection scheme.     

A fast feature selection technique in multi modal biometrics using cloud framework

Biometrics refers to the process that uses biological or physiological traits to identify individuals. The progress seen in technology and security has a vital role to play in Biometric recognition which is a reliable technique to validate individuals and their identity. The biometric identification is generally based on either their physical traits or their behavioural traits. The multimodal biometrics makes use of either two or more of the modalities to improve recognition. There are some popular modalities of biometrics that are palm print, finger vein, iris, face or fingerprint recognition. Another important challenge found with multimodal biometric features is the fusion, which could result in a large set of feature vectors. Most biometric systems currently use a single model for user authentication. In this existing work, a modified method of heuristics that is efficiently used to identify an optimal feature set that is based on a wrapper-based feature selection technique. The proposed method of feature selection uses the Ant Colony Optimization (ACO) and the Particle Swarm Optimization (PSO) are used to feature extraction and classification process utilizes the integration of face, and finger print texture patterns. The set of training images is converted to grayscale. The crossover operator is applied to generate multiple samples for each number of images. The wok proposed here is pre-planned for each weight of each biometric modality, which ensures that even if a biometric modality does not exist at the time of verification, a person can be certified to provide calculated weights the threshold value. The proposed method is demonstrated better result for fast feature selection in bio metric image authentication and also gives high effectiveness security.     

An anonymous and efficient remote biometrics user authentication scheme in a multi server environment

As service demands rise and expand single-server user authentication has become unable to satisfy actual application demand. At the same time identity and password based authentication schemes are no longer adequate because of the insecurity of user identity and password. As a result biometric user authentication has emerged as a more reliable and attractive method. However, existing biometric authentication schemes are vulnerable to some common attacks and provide no security proof, some of these biometric schemes are also either inefficient or lack sufficient concern for privacy. In this paper, we propose an anonymous and efficient remote biometric user authentication scheme for a multi-server architecture with provable security. Through theoretical mathematic deduction, simulation implementation, and comparison with related work, we demonstrate that our approach can remove the aforementioned weaknesses and is well suited for a multi-server environment.     

Secure-OSCAR中基于PKI的生物身份认证的设计

个体的生物特征的唯一性和“不可伪造性”使得它很适合于身份认证。生物信息本来是不保密的,所以不能象使用口令一样来使用它,否则将不能提高反而会降低系统的安全性。公钥机制(PKI)也被广泛应用于用户身份认证中,但它是基于私钥的安全性的,不可避免地存在冒用私钥的威胁。论文提出一个结合生物技术与PKI技术的认证方式的设计,具体描述了它在Secure-OSCAR中的实现。     

Silog: Speech input logon

Silog is a biometric authentication system that extends the conventional PC logon process using voice verification. Users enter their ID and password using a conventional Windows logon procedure but then the biometric authentication stage makes a voice over IP (VoIP) call to a VoiceXML (VXML) server. User interaction with this speech-enabled component then allows the user’s voice characteristics to be extracted as part of a simple user/system spoken dialogue. If the captured voice characteristics match those of a previously registered voice profile, then network access is granted. If no match is possible, then a potential unauthorised system access has been detected and the logon process is aborted.     

A Proposed Biometric Authentication Model to Improve Cloud Systems Security

Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password. Unfortunately, this approach has many security problems because personal data can be stolen or recognized by hackers. This paper aims to present a cloud-based biometric authentication model (CBioAM) for improving and securing cloud services. The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system (CBioAS), where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’ information. The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy, sensitivity, and specificity. The research study introduces a novel algorithm called “Bio_Authen_as_a_Service” for implementing and evaluating the proposed model. The proposed system performs the biometric authentication process securely and preserves the privacy of user information. The experimental result was highly promising for securing cloud services using the proposed model. The experiments showed encouraging results with a performance average of 93.94%, an accuracy average of 96.15%, a sensitivity average of 87.69%, and a specificity average of 97.99%.     

Using position extrema points to capture shape in on-line handwritten signature verification

There is considerable interest in authentication based on handwritten signature verification (HSV) because of the long-standing tradition of its use in many common authentication tasks. HSV may be considered superior to many other biometric authentication techniques, for example fingerprints or retinal patterns, which are more reliable but also more intrusive. Furthermore, they require special and relatively expensive hardware to capture the image. The present paper is an attempt to develop a reliable HSV technique by capturing the shape of the signature using the position extrema points of a signature. The technique presented essentially captures the directions of pen motion during the writing of the signature and this is represented in a simple way by a string. The technique is evaluated and shown to be promising.     

A novel biometric system for signature verification based on score level fusion approach

Multimedia Tools and Applications - The active modality of handwriting is broadly related to signature verification in the context of biometric user authentication systems. Signature verification...     

Improving the security of ‘a flexible biometrics remote user authentication scheme’

Recently, Lin–Lai proposed ‘a flexible biometrics remote user authentication scheme,’ which is based on El Gamal's cryptosystem and fingerprint verification, and does not need to maintain verification tables on the server. They claimed that their scheme is secured from attacks and suitable for high security applications; however, we point out that their scheme is vulnerable and can easily be cryptanalyzed. We demonstrate that their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, thus their scheme is susceptible to the server spoofing attack. To fill this security gap, we present an improvement which overcomes the weakness of Lin–Lai's scheme. As a result, our improved security patch establishes trust between client and remote system in the form of mutual authentication. Moreover, some standards for biometric-based authentication are also discussed, which should be followed during the development of biometric systems.     

生物认证系统设计研究

可靠的身份认证是保证信息系统安全的第一道防线,生物认证技术的出现为保护信息系统的安全提供了一种更可靠安全的方法。该文先分析一个通用生物认证系统结构参考模型,然后详细分析要设计一个完整的生物认证系统必须考虑的主要因素,并给出一个已经实现的生物认证系统设计实例。     

基于指纹的网络身份认证技术的研究与实现

该文分析与比较了现有的生物认证技术,指出利用指纹作为身份认证的依据是可行、可靠的,并介绍了一个笔者已经实现的网络环境下的身份认证系统的原理、体系结构、认证协议与用户认证、注册信息的安全管理。     

Secure biometric template generation for multi-factor authentication

In the light of recent security incidents, leading to compromise of services using single factor authentication mechanisms, industry and academia researchers are actively investigating novel multi-factor authentication schemes. Moreover, exposure of unprotected authentication data is a high risk threat for organizations with online presence. The challenge is how to ensure security of multi-factor authentication data without deteriorating the performance of an identity verification system? To solve this problem, we present a novel framework that applies random projections to biometric data (inherence factor), using secure keys derived from passwords (knowledge factor), to generate inherently secure, efficient and revocable/renewable biometric templates for users? verification. We evaluate the security strength of the framework against possible attacks by adversaries. We also undertake a case study of deploying the proposed framework in a two-factor authentication setup that uses users? passwords and dynamic handwritten signatures. Our system preserves the important biometric information even when the user specific password is compromised – a highly desirable feature but not existent in the state-of-the-art transformation techniques. We have evaluated the performance of the framework on three publicly available signature datasets. The results prove that the proposed framework does not undermine the discriminating features of genuine and forged signatures and the verification performance is comparable to that of the state-of-the-art benchmark results.     

Secure multimodal biometric authentication with wavelet quantization based fingerprint watermarking

As malicious attacks greatly threaten the security and reliability of biometric systems, ensuring the authenticity of biometric data is becoming increasingly important. In this paper we propose a watermarking-based two-stage authentication framework to address this problem. During data collection, face features are embedded into a fingerprint image of the same individual as data credibility token and secondary authentication source. At the first stage of authentication, the credibility of input data is established by checking the validness of extracted patterns. Due to the specific characteristics of face watermarks, the face detection based classification strategies are introduced for reliable watermark verification instead of conventional correlation based watermark detection. If authentic, the face patterns can further serve as supplemental identity information to facilitate subsequential biometric authentication. In this framework, one critical issue is to guarantee the robustness and capacity of watermark while preserving the discriminating features of host fingerprints. Hence a wavelet quantization based watermarking approach is proposed to adaptively distribute watermark energy on significant DWT coefficients of fingerprint images. Experimental results which evaluate both watermarking and biometric authentication performance demonstrate the effectiveness of this work.     

Overview of the combination of biometric matchers

Biometric identity verification refers to technologies used to measure human physical or behavioral characteristics, which offer a radical alternative to passports, ID cards, driving licenses or PIN numbers in authentication. Since biometric systems present several limitations in terms of accuracy, universality, distinctiveness, acceptability, methods for combining biometric matchers have attracted increasing attention of researchers with the aim of improving the ability of systems to handle poor quality and incomplete data, achieving scalability to manage huge databases of users, ensuring interoperability, and protecting user privacy against attacks. The combination of biometric systems, also known as “biometric fusion”, can be classified into unimodal biometric if it is based on a single biometric trait and multimodal biometric if it uses several biometric traits for person authentication.The main goal of this study is to analyze different techniques of information fusion applied in the biometric field. This paper overviews several systems and architectures related to the combination of biometric systems, both unimodal and multimodal, classifying them according to a given taxonomy. Moreover, we deal with the problem of biometric system evaluation, discussing both performance indicators and existing benchmarks.As a case study about the combination of biometric matchers, we present an experimental comparison of many different approaches of fusion of matchers at score level, carried out on three very different benchmark databases of scores. Our experiments show that the most valuable performance is obtained by mixed approaches, based on the fusion of scores. The source code of all the method implemented for this research is freely available for future comparisons¹.After a detailed analysis of pros and cons of several existing approaches for the combination of biometric matchers and after an experimental evaluation of some of them, we draw our conclusion and suggest some future directions of research, hoping that this work could be a useful start point for newer research.     

Model for adaptable context-based biometric authentication for mobile devices

It becomes possible to take advantage of seamless biometric authentication on mobile devices due to increasing quality and quantity of built-in sensors, increasing processing power of the devices, and wireless connectivity. However, practical effectiveness of the biometric authentication application depends on user’s environment conditions that can decrease the accuracy of biometrics recognition or make the acquisition process undesirable for mobile user in a given moment, i.e., effectiveness depends on usage context. In this paper, context-based biometric authentication model for mobile devices is proposed. It enables determining the most accurate authentication method at the moment along with the most accurate form of interacting with a user w.r.t. authentication process. The generic model designed and verified with proof-of-concept implementation constitutes a foundation for building further adaptable and extensible multi-factor context-dependent systems for mobile authentication.     

Construction of a secure two-factor user authentication system using fingerprint information and password

User authentication is highly necessary technology in a variety of services. Many researchers have proposed a two-factor authentication scheme using certificate and OTP, smartcard and password, and so on. Two-factor authentication requires an additional factor rather than one-factor authentication. Therefore, loss or exposure can occur, since users always must carry and manage the additional device or factor. For this reason, biometric authentication, used in many services, needs a verification method of the user without an additional factor. Fingerprinting is widely used in service due to excellent recognition, low cost device, and less user-hostile. However, fingerprint recognition always uses the same fingerprint template, due to the inalterability. This causes a problem of reusable fingerprint by a malicious attacker. Therefore, we proposed a secure two-factor user authentication system using fingerprint information and password to solve the existing two-factor problem. The proposed scheme is secure against reuse of a fingerprint. It does not need an extra device, so efficiency and accessibility are improved.