A fingerprint-based user authentication protocol considering both...

Computer Standards & Interfaces 31 (2009) 1098–1107

Contents lists available at ScienceDirect

Computer Standards & Interfaces

j ourna l homepage: www.e lsev ie r.com/ locate /cs i

A fingerprint-based user authentication protocol considering both the mobility andsecurity in the telematics environment

Hakjae Kim, Ryong Oh, Sungju Lee, Taesup Kim, Sangjoon Lee, Yongwha Chung ⁎, Choongho ChoDepartment of Computer and Information Science, Korea University, South Korea

⁎ Corresponding author. Department of Computer aUniversity, Seochang, 339-806, South Korea. Tel.: +82 418

E-mail addresses: [email protected] (H. Kim), [email protected] (S. Lee), [email protected] (T.(S. Lee), [email protected] (Y. Chung), chcho@korea

0920-5489/$ – see front matter © 2008 Elsevier B.V. Adoi:10.1016/j.csi.2008.09.043

a b s t r a c t
a r t i c l e i n f o
Article history:
With the advance of the Int Received 2 June 2008Received in revised form 23 July 2008Accepted 28 September 2008Available online 3 December 2008
Keywords:User authenticationFingerprintTelematics

ernet and mobile communication techniques, the telematics environment whereusers in vehicles can use the Internet service has been realized. For the safe driving, however, we proposethat user authentication for the Internet service is performed by using the driver's fingerprint, instead oftyping his/her password. Since the driver's fingerprint is private information to be protected and the size ofthe fingerprint information is much larger than that of a typical password, we need a different userauthentication protocol for the telematics environment. That is, in addition to the compliance with thestandard X9.84 protocol to protect the fingerprint information transmitted, we use the watermarkingtechnique to lessen the privacy threat, and propose a secure and efficient protocol between Access Points(APs) considering the possible hand-off during the authentication in the mobile telematics environment.Based on the experimental measurement of the proposed protocol, we confirm that the fingerprint-baseduser authentication can be performed in real-time in the telematics environment.

© 2008 Elsevier B.V. All rights reserved.

1. Introduction

Recently, the functionalities provided by the intelligent vehiclechange rapidly as the computer and mobile communication techni-ques are combined. For instance, traditional auto-PCs can provide onlysimple functionalities such as operating the radio/DVD, checking thefuel/engine/tire status, and controlling the seat position and thetemperature. By combining the mobile communication technique andthe auto-PC, however, the advanced telematics services are possible(i.e., various information on internet can be provided to a vehicledriver in real-time).

To make the advanced telematics service secure, user authentica-tion is needed [1]. Traditionally, verified users have gained the accessvia passwords, Personal Identification Numbers (PINs), or smart cards.However, these authentication methods have someweakness that canbe lost, stolen, or forgotten. Recently, biometrics has been receivedconsiderable attentions, which refers the personal biological orbehavioral characteristics used for verification or identification [2].In this paper, the fingerprint has been chosen as the biometrics foruser authentication because it is more mature in terms of algorithmavailability and feasibility [3]. Furthermore, it is especially suitable forthe driver authentication because it enables the driver to focus on thedriving by touching his/her finger to the fingerprint sensor, instead of

nd Information Science, Korea60 1343; fax: +82 41864 [email protected] (R. Oh),Kim), [email protected] (C. Cho).

ll rights reserved.

typing long passwords. However, to make the convenient authentica-tion method applicable to the mobile telematics environment, weshould protect the fingerprint information transmitted. Note thatmost users consider his/her fingerprint information as private, andthe fingerprint information is compromised permanently and cannotbe reissued once the systems are compromised. Another characteristicof replacing the typical password with the fingerprint in the mobiletelematics environment is that the size of the fingerprint informationis much larger than that of the password. That is, the transmission ofthe fingerprint information needs multiple packets, and the hand-offproblem should be solved.

In this paper,we assumeWireless Local AreaNetwork (WLAN)as themobile communication technique, because it is being used broadly [4].Through the Access Point (AP) connectingWANand Local Area Network(LAN), amobile device employing awireless network interface card canaccess the information from the system connected by the LAN.Compared with other mobile communication techniques, the WLANtechnique canprovidehigher performancewith lower cost, and thus hasbeen usedwidely in thewireless internet commerce services. Like cablenetworks, WLAN needs some access control to be permitted for usingthe information system connected to LAN. Also, preventing thecombined WLAN and LAN from possible eavesdropping with the toolslike sniffer is required. Thus, a secure, fingerprint-based user authenti-cation protocol needs to be developed for the WLAN environment.

In this paper, we propose a secure fingerprint-based userauthentication protocol in the telematics environment. Our protocolnot only ensures both the integrity and the confidentiality of thefingerprint information defined by the X9.84, but also detects apossible privacy violator to lessen the privacy threat and solves the

mailto:[email protected]







http://dx.doi.org/10.1016/j.csi.2008.09.043

http://www.sciencedirect.com/science/journal/09205489

Fig. 1. Illustration of the user authentication environment.

1099H. Kim et al. / Computer Standards & Interfaces 31 (2009) 1098–1107

possible hand-off problem caused by a moving vehicle. To the best ofour knowledge, the fingerprint-based user authentication in theWLAN environment has not been reported yet. Based on theimplementation of the proposed protocol in the prototype system,we can confirm that the secure and convenient user authenticationusing fingerprints is possible in the mobile telematics environment.

The organization of the paper is as follows. Section 2 explains thesystem environment and the fingerprint verification, and Section 3describes the requirement of a secure fingerprint-based userauthentication. The key distribution, the remote user authenticationusing fingerprints, and the hand-off protocol for a moving vehicle aredescribed in Section 4. In Section 5, we present the implementation

Fig. 2. Illustration of the typical fing

details and analyze the performance of the proposed protocol.Concluding remarks are given in Section 6.

2. System environment and fingerprint verification

We first describe the system environment and the typicalfingerprint verification system considered in this paper.

2.1. System environment

As shown in Fig. 1, our system environment is composed of a KeyDistribution Center (KDC), an Authentication Server (AS), APs, and

erprint verification system [3].

Fig. 3. Illustration of the key distribution scenario between AP and AS.

Table 1Scenario 1 (SC1) — the key distribution between AP and AS.

Message Party Description

M1 AP (1) Generates nonce Nap

(2) D1=IDap|Nap

(3) Ωap(D1)=EKRap(D1)(4) M1=IDap|Ωap(D1)(5) Transmits M1 to KDC

M2 KDC (6) Searches KUap stored in key directory by using IDap

(7) Verifies Ωap(D1), and then obtains D1

(8) Searches AS's public key (i.e., KUas)(9) D2=IDap| KUap| Nap

(10) M2=EKUas(D2)(11) Transmits M2 to AS

M3 AS (12) Deciphers M2 and obtains D2

(13) Stores IDap and KUap in AS's database(14) Performs f(Nap)(15) D3=IDap|KUas|f(Nap)(16) M3=EKUap(D3)(17) Transmits M3 to AP

AP (18) Deciphers M3, verifies IDap and f(Nap), and stores KUas

1100 H. Kim et al. / Computer Standards & Interfaces 31 (2009) 1098–1107

Client terminals. That is, both the Client in WLAN and the AS in LANneeds to be authenticated mutually through APs, and the KDC isinvolved in the key distribution phase.

While previous studies for user authentication in mobile environ-mentswere limited to the password-based authentication,we proposea fingerprint-based user authentication protocol considering theconvenient interface for vehicle drivers in the telematics environment.Asmentioned in Section 1, the fingerprint information is compromisedpermanently and cannot be reissued once the systems are compro-mised. Thus, a special care to protect the fingerprint information in theopen network is needed.

In general, cryptographic algorithms can be classified intoasymmetric and symmetric key algorithms [1]. Note that the size ofthe fingerprint information is much larger than that of a password. Toreduce the encryption time, it is reasonable to protect the fingerprintinformationwith the symmetric encryption algorithm using a sessionkey generated for each authentication, although the asymmetricencryption algorithm has more advantages. Before the session keygeneration, however, a seed value to generate the session key shouldbe negotiated between each party (i.e., Clients, APs, AS). Because the

Fig. 4. Illustration of the key distribu

sizes of the messages to negotiate the seed value are smaller than thesize of the fingerprint information, the negotiating seed value isencrypted with the asymmetric encryption algorithm to provide theintegrity as well as the confidentiality.

The parties to negotiate the seed value for generating the sessionkey should have each other's public key. Since these parties on LANand WAN cannot trust with each other, a key distribution protocol isneeded for sharing the public keys among the parties. For the keydistribution, we assume that all parties should have their own publicand private key pair and the public keys of all parties are stored inKDC.

Finally, if a client in a vehicle initiates the user authentication inAP1 and moves into the area covered by AP2 (see Fig. 1), the vehicledoes not need to retry the user authentication. Only both AP1 and AP2exchange the user authentication status information with each otherto complete the user authentication. Therefore, this scenario canprovide a more secure and efficient user authentication than the retryscenario when the possible hand-off occurs[5,6].

tion scenario between C and AS.

Table 2Scenario 2 (SC2) — the key distribution between C and AS.


M1 C (1) Generates nonce Nc

(2) D1=IDc|Nc

(3) Ωc(D1)=EKRc(D1)(4) M1=IDc|Ωc(D1)(5) Transmits M1 to AP

M2 AP (6) Generates nonce Nap

(7) D2=IDap|Nap|M1

(8) Ωap(D2)=EKRap(D2)(9) M2=IDap|Ωap(D2)(10) Transmits M2 to KDC

M3 KDC (11) Searches KUap stored in key directory by using IDap in M2

(12) Verifies Ωap(D2), and then obtains D2

(13) Searches KUc stored in key directory by using IDc in M1

(14) Verifies Ωc(D1), and then obtains D1

(15) Searches AS's public key KUas

(16) D3=IDap|Nap|IDc|Nc|KUc


M4 AS (19) Deciphers M3, and then obtains D3

(20) Stores IDc and KUc in AS's database(21) Performs f(Nap) and f(Nc)(22) D4=IDc|KUas|f(Nc)(23) M5=EKUc(D4)(24) D5=IDap|f(Nc)|M5

(25) M4=EKUap(D5)(26) Transmits M4 to AS

M5 AP (27) Deciphers M4 and verifies IDap and f(Nap)(28) Bypasses the M5 (in M4) to C

C (29) Deciphers M5, verifies IDc and f(Nc), and stores KUas


2.2. Typical fingerprint verification system

A typical fingerprint verification system shown in Fig. 2 has twophases: enrollment and verification [3]. In the off-line enrollmentphase, an enrolled fingerprint image for each user is preprocessed, andthe minutiae are extracted and stored in a server. In the on-lineverification phase, the input minutiae are compared to the storedtemplate, and the result of the comparison is returned.

Fig. 5. Illustration of the fingerpri

In general, there are three steps involved in the verification phase:Image Pre-Processing, Minutiae Extraction, and Minutiae Matching.Image Pre-Processing refers to the refinement of the fingerprint imageagainst the image distortion obtained from a fingerprint sensor.Minutiae Extraction refers to the extraction of features in thefingerprint image. After this step, some of the minutiae are detectedand stored into a pattern file, which includes the position, orientation,and type (ridge ending or bifurcation) of the minutiae. Based on theminutiae, the input fingerprint is compared with the enrolleddatabase in the Minutiae Matching step.

Particularly, the fingerprint minutiae extracted by one vendor maynot match well with the stored fingerprint template extracted byanother vendor [7]. To solve this vendor interoperability in thetelematics environment (i.e., the vendor of the fingerprint sensorembedded in a car may be different from the vendor of thefingerprint-based user authentication performed by a banking server),the fingerprint image itself needs to be transmitted from the sensor tothe server. In our proposed fingerprint-based user authenticationprotocol, the fingerprint image from a Client is transmitted to APthrough WLAN, and the minutiae extracted from the transmittedimage are matched with the enrolled minutiae at AS through LAN.According to the possible attack points in the fingerprint verificationsystem, security attacks can be classified into the system moduleattack, the network attack, and the database attack [3]. In this paper,we consider only the network attack in the communication channel.The solutions for other types of attacks can be found in [8,9].

3. Requirements of a secure protocol for fingerprint-baseduser authentication

In 2003, ANSI X9.84-Biometric Information Management andSecurity for the Financial Services Industry was published [10]. Thisstandard provides guidelines for the secure implementation ofbiometric systems, applicable not only to financial environmentsand transactions, but far beyond. Although ANSI X9.84 guideline canbe used for fingerprint-based remote authentication, special require-ments need to be defined for mobile telematics environment.

nt based user authentication.

Table 3Scenario 3 (SC3) — the fingerprint based user authentication.


M1 C (1) Generates nonce Rc (i.e., seed value to negotiate asession key between C and AS)

(2) D1=IDc|Rc

(3) M1=EKUas(D1)(4) Transmits M1 to AP

M2 AP (5) Generates Rap (i.e., seed value to negotiate session keybetween AP and AS)

(6) D2=IDap|Rap| M1


M3 AS (9) Deciphers M2, and then obtains D2

(10) Deciphers M1(in D2), and then obtains D1

(11) Searches KUap and KUc by using IDap and IDc

(12) Generates Ras' and Rasq (i.e., seed value to negotiatesession key among C, AP and AS)

(13) Generates session keysa) Kap-as=EKUap(Rap xor Ras' ) (session key between AP and AS)b) Kc-as=EKUc(Rc xor Rasq ) (session key between C and AS)(14) Loads KUc by using IDc (in D1)(15) D3=IDc|Rasq |KUap and M4=EKUc(D3)(16) D4=IDap|Ras' |KUc|M4 and M3=EKUap(D4)(17) Transmits M3 to AP

M4 AP (18) Deciphers M3, and then obtains D4

(19) Generates Nap

(20) D5=IDap|Nap|M4

(21) M5=EKUc(D5)(22) Transmits M5 to C

M5 C (23) Deciphers M5, and then obtains D5

(24) Deciphers M4(in D5), and then obtains D3

(25) D6=IDc|Nc|f(Nap)(26) M6=EKUap(D6)(27) Transmits M6 to AP

M6 AP (28) Deciphers M6, and then obtains D6

(29) Verifies IDc, f(Nap)(30) D7=IDap|Nap|f(Nc)(31) M7=EKUc(D7)(32) Transmits M7 to C

M7 C (33) Deciphers M7, and then obtains D7

(34) Verifies IDap, f(Nc)(35) Generates session key sharing with AS

Kc-as=EKUc(Rc xor Rasq ) (i.e., session key between C and AS)(36) Fingerprintwatermark=watermark (Fingerprintbio)(37) D8=UID|Fingerprintwatermark| Tc(38) Η1=Hash(D8)(39) Ωc(Η1)=EKRc (Η1)(40) M8=IDc|EKc-as (D8|Ωc(Η1))

M8 AP (41) Transmits M8 to AP(42) Generates session key sharing with AS

Kap-as=EKUas(Rap xor Ras' ) (i.e., session key between AP and AS)(43) Η2=Hash(M8|Kap-as)(44) Ωap(Η2)=EKRap(Η2)(45) M9=M8|IDap|Ωap(Η2)

M9 AS (46) Transmits M9 to AP(47) Searches Kap-as and KUap by using IDap

(48) Verifies Ωap(Η2) by using KUap and obtains Η2

(49) Hashes M8|Kap-as(Kap-as in AS) and compares withΗ2(hashed from AP)

(50) Searches Kc-as, KUc by using IDc

(51) Deciphers EKc-as(D8|Ωc(Η1)), and then obtains D8 and Ωc(Η1)(52) Verifies Ωc(Η1) by using KUc and obtains Η1

(53) Hashes D8(in C), and then compares with Η1

(54) Extracts minutiae from Fingerprintwatermark (in D8)(55) Matches extracted minutiae with database(56) Verifies Tc and performs f(Tc) (Tc in D8)(57) D9=matching result|f(Tc) and M10=EKUc (D9)(58) Transmits M10 to AP

M10 AP (59) Bypasses M10 to CC (60) Deciphers M10 and obtains D9

(61) Verifies f(Tc) and identifies matching result


3.1. Mobile user authentication

The following requirements are defined additionally for thefingerprint-based user authentication in the mobile telematicsenvironment.

• Requirement 1: Tracking a privacy violator

Some people regard the fingerprint information as personalinformation, and thus we need a tracking mechanism for identifyingthe origin of the fingerprint image. Specially, unlike the conventionalfingerprint-based user authentication which transmits the extractedfingerprint minutiae, the telematics environment needs to transmitthe original fingerprint image itself due to the vendor interoper-ability problem [7]. To lessen the privacy threat, it is recommendedthat the server should discard the received fingerprint image afterextracting fingerprint features (i.e., minutiae) from it [11]. However,end users need a technique to check whether the servers obey therecommendation (or guideline) or not. With the watermarkembedded, we can detect the possible intentional/unintentionalleakage of the transmitted fingerprint image from the server — apossible privacy violator.

• Requirement 2: Hand-off

The transmission of the fingerprint information needs multiplepackets, and the hand-off problem [6] should be solved. As a mobiledevice moves to a different domain, in order to complete theauthentication at the foreign domain, the home domain needs toprovide the current authentication information to the foreign domain.

4. A proposed protocol for user authentication

Based on the system environment and the security requirementsdescribed in the previous section, we propose a key distributionprotocol, a fingerprint-based user authentication protocol, and ahand-off protocol for a moving vehicle.

4.1. Assumption

We first describe the basic assumptions in constructing ourprotocol.

• Each parties possess own public and private key pairs which areused for the public-key cryptography.

Prior to negotiating the session key which is used for encryptingthe fingerprint image, a key distribution protocol needs to beperformed to share the public key. Moreover, the shared public keysare used for both the session key and the CHAP (challenge/response)which is a means for mutual authentication between the Client andthe AP.

• Under the hand-off condition, the authentication information hasbeen transmitted to the home domain AP.

When a vehicle moves to the new (i.e., foreign domain) AP'scoverage, the old (i.e., home domain) AP keeps the authenticationinformation and executes the hand-off protocol.

4.2. Notation

The followings are notations used in the protocol.

• A|B: data A concatenates with B.• KRX: private key of party X for public-key cryptography.• KUX: public key of party X for public-key cryptography.• KX–Y: shared key (session key) between X and Y.• EKRx(A):asymmetric encryption (i.e., digital signature) of data Awith key KRX.

• EKUx(A): asymmetric encryption of data A with key KUX.• EKX–Y(A): symmetric encryption of data A with key KX–Y.• Hash(A): one-way hash of data A for message authentication.• ΩX(A): digital signature of data A with X's private key x.


• f(x): shared function among negotiating parties.• Watermark(X): watermark function of data X.• IDX: the name of party X.• NX: the nonce generated by party X. Nonce is a one-time random bit-string, usually used to active freshness.

• RX: the seed value of party X to generate a session key.• TX: time stamp generated by party X.• UID: user real identification number.• IPaddrX: IP address of party X.• Fingerprintbio: user fingerprint image.• Fingerprintwatermark: fingerprint image embedded with watermark.

4.3. Proposed four scenarios for fingerprint-based user authenticationand threat analysis

In our proposed protocols, a combination of four possible scenariosis considered in order to protect the possible threats mentioned. Tohandle large data such as images, the symmetric key encryption needsto be applied. Thus, we first propose the key distribution scenarios toshare a master key which is used to provide the confidentiality forexchanging messages and negotiate the symmetric session key. Then,a secure protocol for the remote fingerprint verification is described.Finally, a secure hand-off of user's authentication informationbetween APs considering the possible weakness of the security inthe mobile telematics environment is explained.

4.3.1. Scenario 1(SC1), 2(SC2): the key distribution (among C, AP, AS)As shown in Figs. 3 and 4, the key distribution protocols are defined

among the client device (denoted as C), the access point (denoted asAP), and the trust third party (denoted as KDC). These protocols areexecuted only once when either AP or C is set up initially. Asmentioned before, we assume that the keys (i.e., public keys) whichwill be distributed are already stored in AS. Also, each party X has itspublic key (denoted as KUX), its private key (denoted as KRX), and itsdevice identifier (denoted as IDX). The details of the key distributionprotocols for AP and for C are shown in Fig. 3 and Table 1, Fig. 4 andTable 2, respectively.

Fig. 6. Illustration of ha

As shown in Tables 1 and 2, we have several security features toguarantee both confidentiality and integrity. The security featuresprovided by SC1 and SC2 are summarized as follows.

• Entity authentication

When C or AP requests the key distribution, the KDC cannot trustwhether it is the authorized party. The digital signature techniqueensures that KDC can validate the identity of the entity and theauthority. As both C and AP sign with its own private key, KDC cantrust them (see SC1 (3), (7) and SC2 (3), (8), (12), (14)).

• Countermeasure against replay attack

By attaching the pseudorandom value (i.e., nonce) to eachmessage, each message can be protected from a possible replayattack. Also, each party (i.e., C, AP) can verify that the messages arenegotiated through a valid path (see SC1 (1), (18) and SC2 (1), (29)).

4.3.2. Scenario 3(SC3): the fingerprint-based user authenticationThe SC3 shown in Fig. 5 is composed of three steps which are the

negotiation for session keys (i.e., M1, M2, M3 and M4), the mutualauthentication between AP and C (i.e., M4, M5 and M6), and thefingerprint verification (i.e., M7, M8 and M9). After scanning afingerprint in C's device, C requests the session key negotiation toAS via AP(M1) and gets the reply message via AP(M5). Then, ASdistributes the public keys to AP and C, so that they can perform themutual authentication with the public keys (see SC3 (15), (16)).Finally, the C can transmit user's fingerprint to AS securely, and AS canverify the transmitted fingerprint. Note that, to protect the privacy ofthe transmitted fingerprint further, a specific watermark is embeddedinto the fingerprint image. The details of this scenario are described inTable 3, and the security features in SC3 are summarized as follows.

• Session key freshness

In every session, the session keys are generated with randomvaluepairs from each party. Thus, it can provide the key freshness (see SC3(13), (35), (42)).

nd-off for mobility.

Table 4Scenario 4 (SC4) — hand-off authentication information considering mobility.


M1 C (1) Generates Nc

(2) D1=IDc|Nc

(3) Ωc(D1)=EKRc(D1)(4) M1=IDc|EKUas(Ωc(D1))(5) Transmits M1 to AP2

M2 AP2 (6) Generates Nap2

(7) D2=IDap2|Nap2

(8) Ωap2(D2)=EKRap2(D2)(9) M2=IDap2|EKUas(M1|Ωap2(D2))(10) Transmits M2 to AS

M3 AS (11) Deciphers EKUas(M1|Ωap2(D2)), and obtains M1 and Ωap2(D2)(12) Searches KUap2 by using IDap2

(13) Verifies Ωap2(D2) by using KUap2 and obtains IDap2 and Nap2

(14) Searches KUc by using IDc in M1

(15) Verifies Ωc(D1) in M1 by using KUc and obtains IDc and Nc

(16) Searches information (i.e., IPaddrap1, KUap1) of foreign AP(i.e., AP1) related to home AP (i.e., AP2)

(17) Performs f(Nap2), f(Nc)(18) D3=IDc|f(Nc)(19) D4=IPaddrap1|KUap1|KUc|f(Nap2)|IDc|EKUc(D3)(20) M4=EKUap2(D4)(21) Transmits M4 to AP2

M4 AP2 (22) Deciphers M4, and then obtains D4

(23) Verifies IDc and f(Nap2)(24) Generates Nap2

(25) Ωap2(Nap2)=EKRap2(Nap2)(26) D5=IDap2|IDc|Ωap2(Nap2)(27) M5=EKUap1(D5)(28) Connects to AP1 with IPaddrap1(29) Transmits M5 to AP1


(31) Generates Nap1

(32) D6=IDap1|Nap1

(33) Ωap1(D6)=EKRap1(D6)(34) D7=IDap2|Ωap1(D6)(35) M6=IDap1|EKUas(D7)(36) Transmits M6 to AS

M6 AS (37) Searches KUap1 by using IDap1

(38) Deciphers EKUas(D7), and then obtains D7

(39) Verifies Ωap1(D6) in D7 by using KUap1, and thenobtains IDap1 and Nap1

(40) Performs f(Nap1)(41) D8=IDap2|KUap2|f(Nap1)(42) M7=EKUap1 (D8)(43) Transmits M7 to AP1


(45) Verifies IDap2 and f(Nap1) in D8

(46) Verifies Ωap2(Nap2) received from AP2 by using KUap2,and then obtains Nap2

(47) Performs f(Nap2)(48) Ωap1(IDap2|f(Nap2))=EKRap1(IDap2|f(Nap2))(49) D9=IDap1|Ωap1(IDap2|f(Nap2))|IDc|authentication status(50) M8=EKUap2(D9)(51) Transmits M8 to AP2


(53) Verifies Ωap2(IDap2|f(Nap2)) in D9, and thenobtains IDap2 and f(Nap2)

(54) Verifies IDap2 and f(Nap2)(55) Verifies authentication status for IDc

(56) M9=EKUc(authentication result|EKUc(D3))(57) Transmits M9 to C

M9 C (58) Deciphers M8, and then obtains authenticationresult and EKUc(D3)

(59) Deciphers EKUc(D3), and then obtains IDc and f(Nc)(60) Verifies IDc and f(Nc)


• Mutual authentication

In WLAN, to make each node (i.e., C and AP) trust with each other,the CHAP (Challenge/Response) between C and AP is applied (see SC3(20), (26), (30), (34)).


Timestamp (i.e., TC) can assures C andAS that the session keyhas beengenerated recently. Thus, C and AS can recognize that both thefingerprintwatermark baseduserauthentication request and replymessagesare valid and fresh. That is, the timestamp can protect the fingerprintinformation against the possible replay attacks (see SC3 (32), (56)).

• Countermeasure against message modification

By applying the one-way hash function and the digital signaturetechnique to M7 andM8, the message integrity can be guaranteed (seeSC3 (38), (39), (40), (45), (48), (49), (52), (53)).

• Enhancing fingerprint privacy

The digital watermarking technique [12] embeds some informa-tion into the fingerprint image itself. Therefore, it can provideadditional security even after decryption(Note that X9.84 suggestsonly encryption for privacy protection). As we explained in Section 3,it is recommended that the server should discard the receivedfingerprint image after extracting fingerprint features (i.e., minutiae)from it [11], and end users need a technique to check whether theservers obey the recommendation(or guideline) or not. By applyingthe watermarking technique, the possible intentional/unintentionalleakage of the transmitted fingerprint image from the server (i.e., apossible privacy violator) can also be detected [12] (see SC3 (36)).

4.3.3. Scenario 4(SC4): the hand-off authentication informationconsidering mobility

Fig. 6 shows the hand-off protocol when C moves from the old AP(denoted as AP1) to the newAP (denoted asAP2). Asmentionedbefore,we assume that the old AP (i.e., AP1) keeps the necessary authentica-tion information until the user authentication is completed at the oldAP (i.e., AP1). Since AP2 does not know the corresponding AP (i.e., AP1)for C at the beginning, AS lets AP2 request the authentication statusinformation to AP1 (seeM2, M3 and SC4 (19)). Also, as AP1 cannot trustAP2, AS passes AP2's public key to AP1 (see M5, M6 and SC4 (40)).

After exchanging the C's authentication information, the C can befinally authenticated under the moving vehicle. The details of thisscenario are described in Table 4, and the security features in SC4 aresummarized as follows.

• Entity authentication

The digitally signed message ensures the identity of each party inexchanging messages (see SC4 (3), (8), (13), (15), (25), (33), (39),(46), (48), (53)).


Attaching a nonce to each exchanging message ensures thefreshness at each hand-off. Also, by generating the nonce and verifyingit, each party can trust that its request message is transmitted securelythrough the end-to-end communication channel (see SC4 (1), (6),(17), (23), (24), (31), (40), (45), (47), (54), (60)).

5. Implementation and performance evaluation

5.1. Implementation details

The system modules which implement the key distributionprotocol, the fingerprint-based user authentication protocol, and thehand-off protocol are shown in Fig. 7. The security module (denoted asSecurity), the network packet sending and receiving module (denoted

as Network Com.), and the protocol processing module (denoted asProtocol Analyzer) are common to both the Client and the AS.Especially, the security module of the Client includes additionalwatermarking function to protect individual privacy (i.e., fingerprintimage). There is the sensor control module (denoted as SensorControl) in the Client, whereas there are the fingerprint information

Fig. 7. Illustration of the system modules is our fingerprint-based user authentication system.

Fig. 8. Prototype of our fingerprint-based user authentication system.


Table 5Hardware and software of the measurement environment.

Party CPU RAM (MByte) O.S.

C Pentium 4 (1.73 GHz) 1024 Windows XP ProAPs Pentium 4 (2.79 Hz) 512 Linux Redhat 9.0AS Pentium 4 (2.79 GHz) 1024 Windows XP ProKDC Pentium 4 (2.79 GHz) 512 Linux Redhat 9.0

Fig. 9. Execution time of each proposed scenario.


processing module (denoted as Minutiae Extract) and the matchingmodule (denoted as Matcher) in the AS. In this system, a user sendshe/his scanned fingerprint image securely to the AS, and theprocessing (i.e., minutiae extraction) and the matching of thetransferred fingerprint image are performed in the AS.

There is the mini-shell module to setup the key distribution andthe default setting in the AP. Also, the key directory module in the KDCmanages the key-related issues. Note that, we used SHA-256, AES(128 bit key), RSA (1024 bit key pair) [1] as hash function, symmetricencryption, and asymmetric encryption, respectively.

Fig. 8 shows the prototype of our authentication system. Theauthentication systemconsists of:① client (denoted asC),②fingerprintscanning sensor, ③ access point 1(denoted as AP1), ④ access point 2(denoted as AP2), ⑤ key distribution center (denoted as KDC),⑥ fingerprint authentication server (i.e., AS). In this system, ② isconnected to ①, ① is connected to WLAN, and ⑤, ⑥ are connected toLAN. ③, ④ serve as the bridge between WLAN and LAN.

In this prototype, all the nodes except ⑤ have its private key andpublic key pair. Thus, all the nodes should perform the keydistribution via ⑤ to share the public keys with each other. Afterthat key distribution, a user in the vehicle puts his/her finger on② forthe user authentication, and the scanned fingerprint image is acquiredin ①. To transmit the fingerprint image from ① to ⑥ through ③

securely, the mutual authentication is performed first between① and③with the public key distributed from⑥. Also, the distributed publickeys between ① and ⑥ or between ③ and ⑥ are used for generatingthe session keys. Finally, the fingerprint image transmitted from ① isverified at ⑥. If the vehicle moves from ③ to ④ after the fingerprint-based user authentication, ③ communicates with ④ to exchange theuser authentication status.

5.2. Performance evaluation

In this section, we evaluate the performance of the proposed fourscenarios to perform the fingerprint-based user authentication. Thehardware and software characteristics of the measurement environ-ment are summarized in Table 5. Also, the resolution of the sensor was500 dpi, and the size of captured fingerprint images was 248×292.

Table 6Computation cycles of each scenario.

Scenario Party RSA AES SHA Wa

SC1 AP 27,103,104 – – –

KDC 27,103,104 – – –

AS 48,503,040 – – –

SC2 C 27,103,104 – – –

AP 111,265,536 – – –

KDC 53,499,840 – – –

AS 141,993,396 – – –

SC3 C 141,712,380 40,269,467 7,623,532 7,08AP 250,124,796 – 8,186,557 –

AS 158,980,824 45,837,261 15,810,089 –

SC4 C 11,835,918 – – –

AP1 46,451,496 – – –

AP2 96,470,160 – – –

AS 116,712,264 – – –

Table 6 shows the active computation cycles for each of scenario. Asshown in Table 6, the profiling of the execution cycles to perform theproposed four scenarios is composed of the cryptography modules(denoted as “RSA”, “AES”, “SHA”), the fingerprint verification modules(denoted as “Feature Extraction”, “Matching/Decision”), and thewatermarking module (denoted as “Watermarking”), respectively. Asmentioned before, both SC1 and SC2 are performed only one time afterthe initial device setup. However, both SC3 and SC4 are performedrepeatedly for eachuser authentication. FromTable 6, it is clear that themost time consuming module is the fingerprint verification modulesuch as Extraction. As the fingerprint verification module is executedby a server platform which has sufficient resources, the real timerequirement can be satisfied with our scenarios.

Fig. 9 shows the total execution time of each scenario based on themeasurement environment mentioned in Table 5. The total executiontimes of SC3 and SC4 are 0.8199 and 0.0998 s, and thus the wholeprotocol can be completed in real-time.

6. Conclusion

In this paper, we proposed a secure and convenient method foruser authentication in the telematics environments. Instead of typingpasswords during driving, we employed a fingerprint-based userauthentication system for safe driving.

ter-marking Feature extraction Matching/decision Total active

– – 27,103,104– – 27,103,104– – 48,503,040– – 27,103,104– – 111,265,536– – 53,499,840– – 141,993,396

7,932 – – 196,693,311– – 258,311,3531,437,953,956 57,329,566 1,556,930,872– – 11,835,918– – 46,451,496– – 96,470,160– – 116,712,264

H. Kim et al. / Computer Standards &

To protect the fingerprint information transmitted, our protocol hasimplemented not only the specification of the X9.84 to ensure theconfidentiality and the integrity of the fingerprint information, but alsothe watermarking technique to detect a possible privacy violator.Furthermore,wehave proposed a secure and efficient protocol betweenAPs to handle the larger fingerprint information which could be hand-off in themobile telematics environment. That is,when a vehiclemovesinto the new AP's coverage, the vehicle can be authenticated using theinformation provided by the old AP via the authentication server.

Based on the WLAN-based implementation and experimentalmeasurement, we believe the proposed protocol can be used for thesecure and convenient user authentication in the telematics environ-ment. Note that, the proposed protocol can be also applied to otherbiometrics, such as speaker verification [2]. In the future, we wouldextend our protocol using Mobile IP and consider the possible packetloss problem during the hand-off.

Acknowledgement

This research was supported by the MIC (Ministry of Information andCommunication), Korea, under the HNRC (Home Network ResearchCenter)– ITRC(InformationTechnologyResearchCenter) supportprogramsupervised by the IITA(Institute of Information Technology Assessment).

References

[1] W. Stallings, Cryptography and Network Security: Principles and Practice, PrenticeHall, 2003.

[2] A. Jain, R. Bole, S. Panakanti, Biometrics: Personal Identification in NetworkedSociety, Kluwer Academic Publishers, 1999.

[3] D. Maltoni, Handbook of Fingerprint Recognition, Springer, 2003.[4] M. Ilyas, S. Ahson, Handbook of Wireless Local Area Networks: Applications,

Technology, Security, and Standards, CRC, 2005.[5] IEEE, IEEE Trial-Use Recommended Practice for Multi-Vendor Access Point

Interoperability via an Inter-Access Point Protocol Across Distribution SystemsSupporting IEEE 802.11™ Operation, IEEE Standard 802.11f, 2004.

[6] T. Moore, B. Aboba, Authenticated Fast Hand-off, IEEE 802.1-01/553, 2001.[7] N. Ratha, R. Bolle, Automatic Fingerprint Recognition Systems, Springer, 2004.[8] Y. Chung, A Secure Fingerprint Authentication System on an Untrusted Computing

Environment, Proc. TrustBus '05, Lecture Notes in Computer Science, vol. 3592,Springer, 2005, pp. 299–310.

[9] U. Uludag, S. Pankanti, A. Jain, Fuzzy vault for fingerprints, Proc. AVBPA '05, LectureNotes in Computer Science, vol. 3546, Springer, 2005, pp. 310–319.

[10] ANSI, Biometric Information Management and Security for the Financial ServicesIndustry, ANSI Standard X9.84, 2003.

[11] Korea Information Security Agency, A Guideline to the Security of Biometric Data,2005 in Korean.

[12] I. Cox, M. Miller, J. Bloom, Digital Watermarking, Morgan Kaufmann Pub, 2002.

Hakjae Kim received his B.S. degree from The University ofKorea, Korea in 2007. He is currently in M.S. program in theDepartment of Computer and Information Science at TheKorea University. His research interests include biometrics,parallel architecture, and information security.

Internet, and wireless mesh networks.

Ryong Oh received B.S. and M.S. degrees in computerscience from the University of Korea in 2003 and 2005,respectively. He is currently working toward his Ph.Ddegree in the Laboratory for Data Communication Net-works, Korea University. His research interests includewireless MAC, next generation mobile/wireless networks,
and wireless mesh networks.
Sungju Lee received his B.S. degree from The University of
Korea, Korea in 2006. He is currently in M.S. program in theDepartment of Computer and Information Science at TheKorea University. His research interests include biometrics,pattern recognition, and information security.
1107Interfaces 31 (2009) 1098–1107

Taesup Kim received his B.S. degree from The University ofKorea, Korea in 2006. He is currently in M.S. program in theDepartment of Computer and Information Science at TheKorea University. His research interests include wirelessauthentication protocol, wireless security, mobile commu-nication, wireless mesh network.

Sangjoon Lee received his B.S. degree from The University ofKorea, Korea in 2005. He is currently in M.S. program in theDepartment of Computer and Information Science at TheKorea University. His research interests include wirelessresource management, wireless mesh network, wirelesssecurity, mobile communication.

Yongwha Chung received his B.S. and M.S. degrees fromHanywang University, Korea in 1984 and 1986, respectively.He received his Ph.D. degree from the University of South-ern California, USA in 1997. He joined ETRI in 1986 and hewas working as the head of Biometric Research Team. Since2003 he has been an associate professor at Korea University.His research interests include biometrics, pattern recogni-tion, parallel architecture for pattern recognition, andinformation security.

Choongho Cho received B.S. and M.S. degrees in industrialengineering from Korea University in 1981 and 1983,respectively. He received M.S. and Ph.D.degrees in computerscience from the Institute National des Sciences Appliques,Lyon, France, in 1986 and 1989, respectively. He was anassistant professor at the University of Sooncheunhyang from1990 to 1994, and is currently a professor at Korea University.He was a postdoctoral fellow at INSA from 1989 to 1990.
His research interests include ubiquitous home networks, mobile/wireless networks, network traffic analysis, portable

A fingerprint-based user authentication protocol considering both...

Documents

Transcript of A fingerprint-based user authentication protocol considering both...