Muhammad Khurram Khan

Improving the security of 'a flexible biometrics remote user authentication scheme'

Recently, Lin-Lai proposed a flexible biometrics remote user authentication scheme, which is based on El Gamals cryptosystem and fingerprint verification, and does not need to maintain verification tables on the server. They claimed that their scheme is secured from attacks and suitable for high security applications; however, we point out that their scheme is vulnerable and can easily be cryptanalyzed. We demonstrate that their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, thus their scheme is susceptible to the server spoofing attack. To fill this security gap, we present an improvement which overcomes the weakness of Lin-Lais scheme. As a result, our improved security patch establishes trust between client and remote system in the form of mutual authentication. Moreover, some standards for biometric-based authentication are also discussed, which should be followed during the development of biometric systems.

Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards

In 2002, Chien et al. proposed an efficient remote authentication scheme using smart cards, in which only few hashing operations are required. Later, Ku et al. gave an improved scheme to repair the security pitfalls found in Chien et al.s scheme. Also Yoon et al. presented an enhancement on Ku et al.s scheme. In this paper, we show that both Ku et al.s scheme and Yoon et al.s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. In addition, their schemes lack efficiency when users input wrong passwords. To remedy these flaws, this paper proposes an efficient improvement over Ku et al.s and Yoon et al.s schemes with more security. The computation cost, security, and efficiency of the improved scheme are embarking for the real application in the resource-limited environment.

An efficient and practical fingerprint-based remote user authentication scheme with smart cards

Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a user. To solve these problems, we propose an efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.s scheme, but also provides a secure and user-friendly fingerprint-based remote user authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.s scheme.

Letters: Multimodal face and fingerprint biometrics authentication on space-limited tokens

This letter presents an efficient multimodal face and fingerprint biometrics authentication system on space-limited tokens, e.g. smart cards, driver license, and RFID cards. Fingerprint templates are encrypted and encoded/embedded into the face images in such a way that the features, which are used in face matching, are not significantly changed during encoding and decoding. As a result, the verification accuracy based on decoded images is similar to that with original images. Experimental and simulation results show that the proposed scheme is an efficient and a cheap solution to the multimodal biometrics authentication on space-limited tokens without degrading the overall decoding and matching performance of the biometrics system. Besides, the proposed system can also be beneficial to cope with the problems of unimodal biometrics systems.

Chaos and NDFT-based spread spectrum concealing of fingerprint-biometric data into audio signals

In this paper, we propose a chaos and NDFT-based spread spectrum technique to conceal fingerprint-biometrics templates into audio signals. Fingerprint templates are encrypted by chaotic encryption, encoded by the BCH codes, modulated by chaotic parameter modulation (CPM), and then hid into the chaotically selected random sampling points of the host speech signal by a novel non-uniform discrete Fourier transform (NDFT)-based data hiding method. The template extraction process is completely blind and does not require original speech signal, thus the extraction depends on the secret key. Experimental and simulation results show that the proposed scheme is robust against common signal processing attacks, secure by secret keys, efficient in performance, and accomplishes perceptual transparency by exploiting the masking effects of human auditory system (HAS).

Robust hiding of fingerprint-biometric data into audio signals

This paper presents a novel fingerprint-biometric template protection scheme, in which templates are concealed into audio signals. Fingerprint templates are encrypted by chaotic encryption and then hid into the chaotically selected random sampling points of the host audio signal by a new non-uniform discrete Fourier transform (NDFT)-based data hiding method. The template extraction process is completely blind and does not require original audio signal, thus the extraction depends on the secret key. Experimental results show that the proposed scheme is robust against common signal processing attacks and achieves higher verification accuracy.

Protecting biometric data for personal identification

This paper presents a new chaotic watermarking and steganography method to protect biometric data, which is sent over the networks for personal identification Unlike other methods, we utilized two keys, one for encrypting the biometric template before embedding, which makes our method more secure and another for watermark embedding that makes our method more robust The proposed method does not require original biometric image for the extraction of watermarked data, and can provide high accuracy of extracted watermarked data even under different noises and distortions Experimental results show that the performance of the proposed method is encouraging comparable with other methods found in the current literature and can be used in a practical system.

Implementing Templates Security in Remote Biometric Authentication Systems

This paper presents a novel chaos-based cryptosystem to solve the privacy and security issues of biometric templates in remote biometric authentication over the network. According to the Kerchoffs principle, security of the cryptosystem resides in secrecy of the secret keys, so in this research, the secret keys are randomly and dynamically generated without any human intervention, and each transaction session has different secret keys. Biometric templates are encrypted by the chaotic cryptographic scheme and modulated by the chaotic spread spectrum modulation technique. Chaotic encryption scrambles the biometric templates into intangible form and chaotic modulation spreads the encrypted templates across a wide band of frequencies, thus make them more difficult to decipher under attacks. Experimental results show that the security, performance, and accuracy of the presented method are encouraging for the practical implementation in real environment

Securing biometric templates for reliable identity authentication

The large-scale implementation and deployment of biometric systems demand the concentration on the security holes, by which a reliable system can loose its integrity and acceptance. Like the passwords or PIN codes, biometric systems also suffer from inherent security threats and it is important to pay attention on the security issues before deploying a biometric system. To solve these problems, this paper proposes a novel chaotic encryption method to protect and secure biometric templates. To enhance the security of the templates, this research uses two chaotic maps for the encryption/decryption process. One chaotic map generates a pseudorandom sequence, which is used as private key. While on the other hand, another chaotic map encrypts the biometric data. Experimental results show that the proposed method is secure, fast, and easy to implement for achieving the security of biometric templates.

Strong Authentication of Remote Users over Insecure Networks by Using Fingerprint-biometric and Smart Cards

Recently, Lee et al. and Lin-Lai proposed fingerprint-based remote user authentication schemes using smart cards. We demonstrate that their schemes are vulnerable and susceptible to the attack and have practical pitfalls. Their schemes perform only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their schemes suscept from the server spoofing attack. To overcome the flaw, we present a strong remote user authentication scheme by using fingerprint-biometric and smart cards. The proposed scheme is an extended and generalized form of ElGamals signature scheme whose security is based on discrete logarithm problem, which is not yet forged. Proposed scheme not only overcome drawbacks and problems of previous schemes, but also provide a strong authentication of remote users over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than other related schemes.