A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment
نویسندگان
چکیده
With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio-cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio-cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the proposed protocol can provide a secure and trustworthy authentication of remote mobile users over insecure network. Experimental results on public domain database show an acceptable verification performance. We also tested the computational costs and efficiency of our protocol on the CLDC emulator using Java ME (previous J2ME) programming technology. The simulation results prove that the proposed protocol suits current mobile environment. Copyright © 2010 John Wiley & Sons, Ltd.
منابع مشابه
Secure Bio-Cryptographic Authentication System for Cardless Automated Teller Machines
Security is a vital issue in the usage of Automated Teller Machine (ATM) for cash, cashless and many off the counter banking transactions. Weaknesses in the use of ATM machine could not only lead to loss of customer’s data confidentiality and integrity but also breach in the verification of user’s authentication. Several challenges are associated with the use of ATM smart card such as: card clo...
متن کاملFortification of Transport Layer Security Protocol by using Password and Fingerprint as Identity Authentication Parameters
Whenever there is communication between Client and Server over a public link and resources are to be accessed from remote systems, then proving an identity becomes quiet complex because there is need of proper access rights with authentication. Complete security at the transport layer starts with proof of authentication, majority organizations only use password for security but this research pa...
متن کاملFortification of Transport Layer Security Protocol with Hashed Fingerprint Identity Parameter
Identity over the public links becomes quiet complex as Client and Server needs proper access rights with authentication. For determining clients identity with password Secured Shell Protocol or Public Key Infrastructure is deployed by various organizations. For end to end transport security SSL (Secured Socket Layer) is the de facto standard having Record and Handshake protocol dealing with da...
متن کاملComments on ID-Based Client Authentication with Key Agreement Protocol on ECC for Mobile Client-Server Environment
In 2011, Debiao et al. proposed an ID-based remote mutual authentication with key agreement scheme on ECC for mobile client–server environment [H. Debiao, C. Jianhua, H. Jin: An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security, Information Fusion, 2011]. They claimed their scheme provides remote mutual authentication w...
متن کاملBiometric security for mobile computing
Data and computing resource security has become an integral element in the fabric of information systems. Cryptography has formed a foundation for conventional security theoretical frameworks and applications.However, cryptography is based on either knowledge (i.e., what you know) or possession (i.e., what you have). This is a built-in weakness in traditional authentication approaches, as the t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Security and Communication Networks
دوره 4 شماره
صفحات -
تاریخ انتشار 2011