Revocable, Interoperable and User-Centric (Active) Authentication Across Cyberspace

This work addresses fundamental and challenging user authentication and universal identity issues and solves the problems of system usability, authentication data security, user privacy, irrevocability, interoperability, cross-matching attacks, and post-login authentication breaches associated with existing authentication systems. It developed a solid user-centric biometrics based authentication model, called Bio-Capsule (BC), and implemented an (active) authentication system. BC is the template derived from the (secure) fusion of a user’s biometrics and that of a Reference Subject (RS). RS is simply a physical object such as a doll or an artificial one, such as an image. It is users’ BCs, rather than original biometric templates, that are utilized for user authentication and identification. The implemented (active) authentication system will facilitate and safely protect individuals’ diffused cyber activities, which is particularly important nowadays, when people are immersed in cyberspace. User authentication is the first guard of any trustworthy computing system. Along with people’s immersion in the penetrated cyber space integrated with information, networked systems, applications and mobility, universal identity security& management and active authentication become of paramount importance for cyber security and user privacy. Each of three typical existing authentication methods, what you KNOW (Password/PIN), HAVE (SmartCard), and ARE (Fingerprint/Face/Iris) and their combinations, suffer from their own inherent problems. For example, biometrics is becoming a promising authentication/identification method because it binds an individual with his identity, is resistant to losses, and does not need to memorize/carry. However, biometrics introduces its own challenges. One serious problem with biometrics is that biometric templates are hard to be replaced once compromised. In addition, biometrics may disclose user’s sensitive information (such as race, gender, even health condition), thus creating user privacy concerns. In the recent years, there has been intensive research addressing biometric template security and replaceability, such as cancelable biometrics and Biometric Cryptosystems. Unfortunately, these approaches do not fully exploit biometric advantages (e.g., requiring a PIN), reduce authentication accuracy, and/or suffer from possible attacks. The proposed approach is the first elegant solution to effectively address irreplaceability, privacy-preserving, and interoperability of both login and after-login authentication. Our methodology preserves biometrics’ robustness and accuracy, without sacrificing system acceptability for the same user, and distinguishability between different users. Biometric features cannot be recovered from the user’s Biometric Capsule or Reference Subject, even when both are stolen. The proposed model can be applied at the signal, feature, or template levels, and facilitates integration with new biometric identification methods to further enhance authentication performance. Moreover, the proposed active, non-intrusive authentication is not only scalable, but also particularly suitable to emerging portable, mobile computing devices. In summary, the proposed approach is (i) usercentric, i.e., highly user friendly without additional burden on users, (ii) provably secure and resistant to attacks including cross-matching attacks, (iii) identity-bearing and privacy-preserving, (iv) replaceable, once Biometric Capsule is compromised, (v) scalable and highly adaptable, (vi) interoperable and single signing on across systems, and (vii) cost-effective and easy to use

Using a Bayesian averaging model for estimating the reliability of decisions in multimodal biometrics

The issue of reliable authentication is of increasing importance in modern society. Corporations, businesses and individuals often wish to restrict access to logical or physical resources to those with relevant privileges. A popular method for authentication is the use of biometric data, but the uncertainty that arises due to the lack of uniqueness in biometrics has lead there to be a great deal of effort invested into multimodal biometrics. These multimodal biometric systems can give rise to large, distributed data sets that are used to decide the authenticity of a user. Bayesian model averaging (BMA) methodology has been used to allow experts to evaluate the reliability of decisions made in data mining applications. The use of decision tree (DT) models within the BMA methodology gives experts additional information on how decisions are made. In this paper we discuss how DT models within the BMA methodology can be used for authentication in multimodal biometric systems

Defense Against Biometric Reproduction Attacks

Systems and methods for defense against biometric reproduction attack are disclosed. The system includes one or more mobile devices installed with a security feature integrated to the operating system or installed to the device as an app. The security feature is in communication with a server installed with a mobile device management solution. The device includes a multi-factor authentication system including at least one biometric authenticator and at least one non-biometric authenticator. The method includes prompting for biometric authentication, if the network is reachable. In the absence of an active network, the server may instruct the device to stop using a biometric authentication and request the user for a multifactor authentication. The systems and methods provide for full enterprise connectivity on devices with a biometric authentication system. The present disclosure allows the network administrators to address biometric reproduction attacks with variable levels of risk tolerance

A cancelable iris- and steganography-based user authentication system for the Internet of Things

Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique-steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques

The development of a biometric keystroke authentication framework to enhance system security

Computer systems have proven to be essential to achieving our daily tasks such as managing our banking accounts, managing our health information and managing critical information systems such as drinking water systems or nuclear power plant systems. Such distributed systems are networked and must be protected against cyber threats. This research presents the design and implementation of a stand alone web based biometric keystroke authentication framework that creates a user\u27s keystroke typing profile and use it as a second form of authentication. Several biometric models were then bench marked for their accuracy by computing their EER. By using keystroke biometrics as a second form of authentication the overall system\u27s security is enhanced without the need of extra peripheral devices and without interrupting a user\u27s work-flow