A Dual-Factor Access Control System Based on Device and User Intrinsic Identifiers

This paper proposes an access control system based on the simultaneous authentication of what the user has and who the user is. At enrollment phase, the wearable access device (a smart card, key fob, etc.) stores a template that results from the fusion of the intrinsic device identifier and the user biometric identifier. At verification phase, both the device and user identifiers are extracted and matched with the stored template. The device identifier is generated from the start-up values of the SRAM in the device hardware, which are exploited as a Physically Unclonable Function (PUF). Hence, if the device hardware is cloned, the authentic identifier is not generated. The user identifier is obtained from level-1 fingerprint features (directional image and singular points), which are extracted from the fingerprint images captured by the sensor in the access device. Hence, only genuine users with genuine devices are authorized to access and no sensitive information is stored or travels outside the access device. The proposal has been validated by using 560 fingerprints acquired in live by an optical sensor and 560 SRAM-based identifiers

Security Features in Fingerprint Biometric System

Nowadays, embedded systems run in every setting all around the globe. Recent advances in technology have created many sophisticated applications rich with functionality we have never seen. Nonetheless, security and privacy were a common issue for these systems, whether or not sensitive data can be protected from malicious attacks. These concerns are justified on the grounds that the past of security breaches and the resulting consequences narrate horrific stories concerning embedded systems. The attacks are now evolving, becoming more complex with technological advancements. Therefore, a new way of implementing security in embedded systems must be pursued. This paper attempts to demonstrate the incorporation of security features in fingerprint biometric system in the requirements analysis phase, ensuring the same throughout the system life cycle of embedded systems based on case study. The comparison of various biometric technologies such as face, fingerprint, iris, palm print, hand geometry gait, signature, and keystroke is presented. The aim of this paper includes analyzing, decomposing and transforming the threats and counter-measures identified during the requirements analysis using the abuse case into more specific safety requirements or functions. Furthermore, we have shown that the incorporation of security features into the biometric fingerprint system by analyzing the requirements of the system and providing the main steps for the protection of the biometric system in this paper

Security observance throughout the life-cycle of embedded systems

Embedded systems are an established part of life. Their security requirements underline the importance of properly formulated, implemented, and enforced security policies throughout their life-cycle. Currently, security is just an afterthought, and most solutions are meant to thwart particular attacks. However, the increasing number of security breaches, the ensuing economical losses, and potential dangers all emphasize the importance of fundamental security solutions. This paper first surveys the current situation and then proposes a holistic approach where security is considered from the beginning of the design of embedded systems throughout their entire life-cycle. In our approach, the entire system life-cycle is analyzed and appropriate countermeasures are incorporated in the design. Obviously, prevention is not the complete solution. A 4-level defense strategy assures not only that a system has been properly designed in terms of security, but also that the liabilities of its designers are adequately covered