889 research outputs found
A Cloud Authentication Protocol using One-Time Pad
There is a significant increase in the amount of
data breaches in corporate servers in the cloud environments.
This includes username and password compromise in the cloud
and account hijacking, thus leading to severe vulnerabilities of
the cloud service provisioning. Traditional authentication schemes
rely on the users to use their credentials to gain access to cloud
service. However once the credential is compromised, the attacker
will gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant
Protection of privacy in biometric data
Biometrics is commonly used in many automated veri cation systems offering several advantages over traditional veri cation methods. Since biometric features are associated with individuals, their leakage will violate individuals\u27 privacy, which can cause serious and continued problems as the biometric data from a person are irreplaceable. To protect the biometric data containing privacy information, a number of privacy-preserving biometric schemes (PPBSs) have been developed over the last decade, but they have various drawbacks. The aim of this paper is to provide a comprehensive overview of the existing PPBSs and give guidance for future privacy-preserving biometric research. In particular, we explain the functional mechanisms of popular PPBSs and present the state-of-the-art privacy-preserving biometric methods based on these mechanisms. Furthermore, we discuss the drawbacks of the existing PPBSs and point out the challenges and future research directions in PPBSs
A fingerprint based crypto-biometric system for secure communication
To ensure the secure transmission of data, cryptography is treated as the
most effective solution. Cryptographic key is an important entity in this
procedure. In general, randomly generated cryptographic key (of 256 bits) is
difficult to remember. However, such a key needs to be stored in a protected
place or transported through a shared communication line which, in fact, poses
another threat to security. As an alternative, researchers advocate the
generation of cryptographic key using the biometric traits of both sender and
receiver during the sessions of communication, thus avoiding key storing and at
the same time without compromising the strength in security. Nevertheless, the
biometric-based cryptographic key generation possesses few concerns such as
privacy of biometrics, sharing of biometric data between both communicating
users (i.e., sender and receiver), and generating revocable key from
irrevocable biometric. This work addresses the above-mentioned concerns.
In this work, a framework for secure communication between two users using
fingerprint based crypto-biometric system has been proposed. For this,
Diffie-Hellman (DH) algorithm is used to generate public keys from private keys
of both sender and receiver which are shared and further used to produce a
symmetric cryptographic key at both ends. In this approach, revocable key for
symmetric cryptography is generated from irrevocable fingerprint. The biometric
data is neither stored nor shared which ensures the security of biometric data,
and perfect forward secrecy is achieved using session keys. This work also
ensures the long-term security of messages communicated between two users.
Based on the experimental evaluation over four datasets of FVC2002 and NIST
special database, the proposed framework is privacy-preserving and could be
utilized onto real access control systems.Comment: 29 single column pages, 8 figure
Biometrics for internetâofâthings security: A review
The large number of InternetâofâThings (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometricâbased authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometricâcryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the stateâofâtheâart research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forwardâlooking issues and future research directions
BRAKE: Biometric Resilient Authenticated Key Exchange
Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data are sensitive personal data that need to be protected on a long-term basis. Furthermore, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks.
In this work, we present a novel protocol for Biometric Resilient Authenticated Key Exchange that fulfils the above requirements of biometric information protection compliant with the international ISO/IEC 24745 standard. In our protocol, we present a novel modification of unlinkable fuzzy vault schemes that allows their connection with oblivious pseudo-random functions to achieve resilient protection against offline attacks crucial for the protection of biometric data. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of both instantiations of our protocol which achieve real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange
- âŠ