Using Mobile Agents for Secure Biometric Authentication

This paper deals with the definition of a strong authentication model, coupling usual password/PIN based methods with a biometric matching, over a Multi Agent distributed infrastructure. When the user authentication procedure involves personal devices, the Multi Agent System model helps in the distribution of data and algorithms thanks to a better partitioning of roles and responsibilities, enhancing robustness to eavesdropping and tampering by properly moving agents around the system itself. The system architecture is based on specialized agents tied to the different devices, which safely communicate using both symmetric encryption for messages and asymmetric encryption to check principals’ roles. Moreover, agents can carry on biometric parameters matching algorithms, bringing computation on those nodes with enough computing power. A complete authentication protocol has been developed and two different demos have been devised and tested. They differ for the tasks assigned to the mobile devices in use. Experiments show that agent capabilities, together with their power of migration, help in maintaining a higher level of security when mobile devices are involved.