A Multi-factor Authentication Scheme including Biometric Characteristics as One Factor

Multi-factor authentication schemes have been proved to be very useful in many authentication systems including biometric ones. In this paper we have proposed a multi-factor authentication scheme, in which one of the main components is represented by the generation of a token and a password (known as the kernel of the multi-factor scheme) and another component is represented by a module which will take one of the biometric characteristics (face image, handwriting, holographic signature). The token ID and passcodes generated values will be encrypted and decrypted with RSA. We will show how the scheme works using a simulator that we have developed for this goal. Introduction Multi-factor authentication (MFA) represents a technique through which a user must follow more distinct authentication steps in order to gain access control on a computer. There are many types of factors [5, 6]: • Knowledge factors are the most used techniques of authentication, such as passwords, PIN, secret questions, where only the user knows the right answer. • Possesion factorsuses techniques like tokens. For example, it could be used connected tokens, where the data is sent directly between a computer and the token which is directly connected to that computer or disconnected tokens, where there is no connection between token and computer, the data being displayed on a built-in screen and the user should introduce it manually. • Inherence factors are authentication techniques based on the biometric characteristics of the user, such as fingerprint, retina, and voice. The MFA raises the security and reduces the risk that a forger cracks the security through addition of an obstruction to entry, making difficult for forger to login into the stolen account even if he knows the password. This type of authentication is used in many areas, such as companies, governments, and financial area, where the security needs to be at a high level according to the sensible data involved. There are more tendencies in MFA. In [7] the authors present some authentication techniques using a graphical password, where the second authentication stage is password decoding employing user’s device. The password is represented by an image, and the user should decode it finding the suitable clicks and their order on that image, which are given only through user’s device as described in [7]. In [11] the authors propose an authentication mechanism based on two stages, where the first stage uses two factors in biometric authentication and the second one integrates some factors to authenticate depending on the biometric feature from the first stage. Another approach for MFA are authentication systems used for wireless payment [8]. We propose a software simulation application which uses multi factors used in authentication process. In the first step, the user is asked to introduce the username and password (knowledge factor), in the second step the system sends a passcode to the user’s phone or email and the user introduce it (possession factor), and, in the last step, the user must authenticate with the biometric characteristic (face, signature or fingerprint) which he provided when the user account was created (inherence factor). There are many methods for face recognition, according to [9]. For traditional face recognition system are used algorithms that extract the user’s features from a picture, in 3D face recognition are used sensors which collect data about the face’s shape, while the skin texture analysis are based on visual particularies of the skin. Handwritten signature is one of the most used biometric characteristic which allows a person to authenticate in a system. It could be used in both online and offline applications. In the online applications, when the user signs, the data are dynamically retrieved from the signature, while the offline applications are based on a scanned picture of handwritten signature [10]. The goal of this article is to go further into the mechanism used in authentication process based on biometric characteristics. We will present our proposed algorithm that combine a mechanism based on a Token ID and a passcode, with a biometric characteristic in order to gain access to a system. The First Version of Proposed Algorithm Below, we will describe step-by-step how the algorithm is working. The general steps are the followings: 1. The user enters the user name and password; 2. Based on the user name, the application will generate a token identification (Token ID– see Section 1.1); 3. The user will take the Token ID and will enter on his device (mobile phone, tablet, token generator device etc.) and it will generate a passcode(see Section 1.2). Notice that the passcode it is generated based on the Token ID. 4. The application will validate the Token ID and passcode. 5. If everything is OK at step 4 then the user is asked to choose his biometric characteristics (face image, holographic signature, and handwriting). 1.1. Generating the Token ID The function for generating the Token IDit is based on two parameters, token_id_lengthand generating_characters. The second one, characters, is optional in our proposed function, because it comes already initialized in the declaration of the function. Anytime, the length of the token id can vary. This aspect will let us to improve the complexity of the token id and to be adapted to different systems in which the authentication based on a token and a passcode is necessary. In order to generate the token ID, we will use the RNGCryptoServiceProvider class [3] from .NET Framework. The class will allow us to implement a cryptographic random