Finger Print Based Authentication and Key Exchange System Secure Against Dictionary Attack

The Biometric based user authentication systems are highly secured and efficient to use and place total trust on the authentication server where biometric verification data are stored in a central database. Such systems are, prone to dictionary attacks initiated at the server side. Compromise of the authentication server by either outsiders or insiders do all user private data to exposure and may have serious repercussions to an organization. In this paper, we present a practical fingerprint based user authentication and key exchange system. In this system, the minutia extracted from the fingerprint is stored in the encrypted form in the server’s database, to overcome the dictionary attacks mounted by the server. The image processing techniques are used to extract a biometric measurement from the fingerprint image. During login procedure the mutual authentication is done between the server and user and a symmetric key is generated on both sides, which could be used for further secure communication between them. Thus meet-in-the middle attack that happens between the user and the server can also be overcome. This system can be directly applied to strengthen existing password or biometric based systems without requiring additional computation.