朱建新,杨小虎

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.12.004

2001-01-01

Abstract:Network security is an important research area in the application of information system now,How to implement effective access control based on user's identity is very important. This paper briefly introduces the concept and technology of authentication first,and analyze the technology of biometric identification,then points out that fingerprint-based biometric identification in networking environment combining data transfer encrypt is a reliable method for control user's access and protect information system,and describes the design and implementation of fingerprint-based authentication system in networking environment.

zhu jianxin,yang xiaohu,dong jinxiang,cao zhexin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.030

2002-01-01

Abstract:The reliable identity authentication will ensure the security of information system firstly.The technology of biometric authentication will provide a more reliable and more secure method to protect the security of information system.This paper analyzes a generalized biometric identification system reference model,then point s out that this model will help the design of architecture in the biometric authentication system.The paper also analyzes the main issues that must be considered in the design of biometric authentication system,then introduces an example -the design of fingerprint-based authentication system in network environment.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Hao Li,Peishun Liu

DOI: https://doi.org/10.1109/IMSCCS.2006.182

2006-01-01

Abstract:In this paper, a design schema of a security authentication system combined with fingerprint identification and public key cryptography is explored, and its specific security mechanism is discussed in detail. In our schema, fingerprint is added into user's private key and served as a security parameter, such that user's secret key is separated into secret key parameters and fingerprint, by secret splitting mechanism, which makes the secret key to be bounded with user's information. This increases the security of secret key ultimately. In such an authentication system, the diplex authentication technologies - fingerprint and smart card - are adopted, and the user fingerprint needn't to be transmitted during the authentication process, which can protect user's privacy effectively

Peishun LIU,Jianbo WANG,Dake He

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.09.023

2005-01-01

Abstract:Fingerprint is added into user's private key as a security parameter, and user's secret key is separated into two parts: DSS key and fingerprint by secret splitting mechanism, which makes secret key combine with user's information and further increases the security of secret key. In this authentication system, the diplex authentication technologies, fingerprint and smart card, are adopted, and user’s fingerprint need not be transmitted in the authentication process, which protects user's privacy.

HW Yeung,YS Moon,JS Chen,F Chan,YM Ng,HS Chung,KH Pun

DOI: https://doi.org/10.1117/12.603464

2005-01-01

Abstract:This paper describes an embedded multi-user login system based on fingerprint recognition. The system, built using the Sitsang development board and embedded Linux, implements all fingerprint acquisition, preprocessing, minutia extraction, match, identification, user registration, and template encryption on the board. By careful analysis of the accuracy requirement as well as the arithmetic precision to be used, we optimized the algorithms so that the whole system can work in real-time in the embedded environment based on Intel(R) PXA255 processor. The fingerprint verification, which is the core part of the system, is fully tested on a fingerprint database consists of 1149 fingerprint images. The result shows that we can achieve an accuracy of more than 95%. Field testing of 20 registered users has further proved the reliability of our system. The core part of our system, then embedded fingerprint authentication, can also be applied in many different embedded applications concerning security problems.

Chengchen Zhu,Kunling Li,Jianan Hong,Cunqing Hua,Futai Zou

DOI: https://doi.org/10.1109/icc51166.2024.10622361

2024-01-01

Abstract:The technology development of wireless communication has brought about the rapid growth of various wireless devices, but also brings in many security threats. This paper focuses on the security and privacy problems in wireless authentication and proposes a novel authentication scheme based on the design of reusable fuzzy extractor (RFE) for device's radio frequency (RF) fingerprinting. Firstly, unlike the traditional authentication protocol, our scheme can accomplish the mutual authentication without the storage of long-term secret key, thus tackles with the key-compromise threats. Furthermore, although the scheme authenticates devices based on their RF fingerprint, it does not store RF fingerprinting information explicitly to safeguard it from eavesdroppers who may use it to impersonate the identity of valid users. Finally, our designed protocol relies on the correspondent peer to measure the fingerprint, rather than the device itself, thus is more secure against various adversaries. The security analysis shows the resiliency against theft of secret keys, wireless channel attacks and privacy disclosure. And the performance evaluation demonstrates that the design of RFE for device's RF fingernrinting is efficient in terms of recognition accuracy.

Kai Xi,Tohari Ahmad,Fengling Han,Jiankun Hu

DOI: https://doi.org/10.1002/sec.225

IF: 1.968

2011-01-01

Security and Communication Networks

Abstract:With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio-cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio-cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the proposed protocol can provide a secure and trustworthy authentication of remote mobile users over insecure network. Experimental results on public domain database show an acceptable verification performance. We also tested the computational costs and efficiency of our protocol on the CLDC emulator using Java ME (previous J2ME) programming technology. The simulation results prove that the proposed protocol suits current mobile environment. Copyright (C) 2010 John Wiley & Sons, Ltd.

Chen Chen,Yang Zhongyue,Chen Qimei

DOI: https://doi.org/10.3969/j.issn.1002-7300.2010.06.034

2010-01-01

Abstract:The paper presents a kind of secure communication system,aiming at the problem of security from network.Fingerprint as the basis for authentication of remote login,combined with encryption realizes the secure transmission.The structure of the platform is described,the principles of CA signing digital certificates and SSL secure protocols are also studied.The C/S secure communication are implemented by the Openssl instructions and visual studio 2005 developing environment and the authentication protocol.

Cuilin Liu,Yongjun Shen,Guidong Zhang,Fang Wen

DOI: https://doi.org/10.1109/ICMSS.2010.5578326

2010-01-01

Abstract:In this paper, we have designed a high-security email system using dynamic password and fingerprint recognition to solve the shortages of traditional system. In order to guarantee the security of users' fingerprint characteristic value, we encrypt it with dynamic password. Using a two-way authentication method, not only ensure authentication server can recognize the users, but also guarantee the users can verify authentication server, effectively prevent Email from counterfeiting and tampering. © 2010 IEEE.

Guorong Xuan,Dan Jiang,Hongfei Ji,Yun-Qing Shi,Dekun Zou,Liansheng Liu,Heisheng Liu,Weichao Bai

DOI: https://doi.org/10.1109/mmsp.2005.248583

2005-01-01

Abstract:This paper proposes an identity verification system using data hiding and fingerprint recognition. At user's home, the client's account information is encrypted and embedded into the fingerprint image via data hiding method secretly. Then the fingerprint image with embedded data is transferred to the bank over Internet. At bank side, the client's account information is extracted. It is used to retrieve the client's registered fingerprint from central database, which is then matched with extracted fingerprint via fingerprint recognition method to verify user's identity. This system is more reliable and secure than transferring password alone. The data are embedded with quantization watermark in the JPEG 2000 coding pipeline. Compare to our previous proposed system, the interaction time can be reduced because less data will be transmitted. When the fingerprint image is compressed to 1/4~1/20 of its original size, the embedded watermark can still be recovered. This system has been used in a bank pension distribution system. It can also be used in other E-business applications

Guorong Xuan,Junxiang Zheng,Chengyun Yang,Yun Q. Shi,Dekun Zou,Liu Liansheng,Bai Weichao

DOI: https://doi.org/10.1007/978-3-540-31805-7_5

2004-01-01

Abstract:This paper proposes an internet-based personal identity verification system using lossless data hiding and fingerprint recognition technologies. At the client side, the SHA-256 hash of the original fingerprint image and sensitive personal information are encrypted and embedded into the fingerprint image using an advanced lossless data hiding scheme. At the service provider side, after the hidden data are extracted out, the fingerprint image can be recovered without any distortion due to the usage of the lossless data hiding scheme. Hence, the originality of the fingerprint image can be ensured via hash check. The extracted personal information can be used to obtain the correct fingerprint feature from the database. The fingerprint matching can finally verify the client's identity. The experimental results demonstrate that our proposed system is effective. It can find wide applications in e-banking and e-government systems to name a few.

Mingming Jiang,Shengli Liu,Shuai Han,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-86137-7_51

2021-01-01

Abstract:In this paper, we research on client-server authentication system without local key storage. We take advantage of the available fuzzy extractor technology to design a client-server authentication system. Our authentication system is built from a fuzzy extractor and a digital signature scheme. Fuzzy extractor is in charge of key generation/reproduction during the client enrollment and client-server authentication stages. The client only stores some public information generated during enrollment procedure. When doing authentication, the extracted key can be reproduced with this public information. Then we use the challenge-response to implement the authentication, which is supported by the digital signature. Overall, our client-server authentication system relaxes the requirement of random sources, and gets rid of the risk of key leakage and key abuse since key storage is not needed.

ZHANG Yi-gang,JIAO Yu-hua,NIU Xia-mu,YU Long-jiang

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.z1.043

2003-01-01

Abstract:This paper introduces an application of biometric watermarking algorithm based on the fingerprint minutiae data in Automated Fingerprint Identification system (AFIS).The reference copy of the fingerprint minutiae data is embedded in a host image that is the digital copy of the personal identification paper,such as ID card.The biometric data is hidden in every corresponding personal identification paper,instead of storing in the biometric database,which greatly promotes the security of AFIS.This algorithm is also robust to the JPEG compression and geometric distortion.Furthermore,the fingerprint data provides an additional cue in authenticating the personal identification paper.Experimental results show that authentication with more security is performed provided that the identification system works effectively using the watermarked identification card,and the algorithm is robust to some attacks.

De-song Wang,Jian-ping Li,Yuan Tang,Fu-long Xu,Yue-hao Yan

DOI: https://doi.org/10.1142/9789812799524_0026

2008-01-01

Abstract:In the recent several years, Lee et al. and Lin-Lai proposed fingerprint-based remote user authentication schemes using smart cards. But their schemes are vulnerable and susceptible to the attack and have practical pitfalls. Their schemes perform only unilateral authentication (only client authentication). In order to overcome the flaw, Khan and Zhang present a strong remote user authentication scheme by using fingerprint-biometric and smart cards. The proposed scheme is an extended and generalized form of ElGamal's signature scheme whose security is based on discrete logarithm problem, which is not yet forged. In addition, computational costs and efficiency of the proposed scheme are better than other related schemes. But as the time lapses, fingerprint of some people will be changed, such as being burned or being wounded. Once such case happened, the user won't be authentication. So we propose the authentication scheme of remote users by using multimodal biometric (fingerprint and face features) and smart cards. Proposed scheme not only overcome drawbacks and problems of previous schemes, but also provide a stronger and more secure authentication of remote users over insecure network.

ZHANG Jin-ying,ZHENG Yu,LU Xian-hui,HE Da-ke

2005-01-01

Abstract:A password-based remote user authentication scheme was proposed by Lin and Lai, but there were some vulnerabilities in time-stamp and user ID.So an improved scheme based on challenge-response was presented,adopting diplex authentication technologies,fingerprint and smart card.It could achieve mutual authentication and avoid replay attack and masquerade attack.The random factor was generated by the mutual parties to guarantee the authentication fairness.Moreover,user's fingerprint needed not be transmitted in the authentication process to protect user's privacy.

Fl Han,Jk Hu,Xh Yu,Y Feng,J Zhou

DOI: https://doi.org/10.1007/11608288_90

2006-01-01

Abstract:This paper studies the smartcard based fingerprint encrytion/authentication scheme for ATM banking systems. In this scheme, the system anthenticates each user by both his/her possession (smartcard) and biometrics (fingerprint). A smartcard is used for the first layer of authentication. Based on the successful pass of the first layer authentication, a subsequent process of the biometric fingerprint authentication proceeds. The proposed scheme is fast and secure. Computer simulations and statistical analyze are presented.

Xiong Li,Kaihui Wang,Jian Shen,Saru Kumari,Fan Wu,Yonghua Hu

DOI: https://doi.org/10.1007/s12652-015-0338-z

IF: 3.662

2016-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Computer networks have become so ubiquitous that the user can access various services by using network devices at anytime and anywhere. However, due to the open nature of the network, the security issue has become an important consideration in these network-based systems that cannot be ignored, especially in critical systems, such as life-critical system and financial system. User authentication scheme is the most used and effective mechanism for information security, and many user authentication schemes have been proposed by researchers. Recently, Shen et al. proposed a biometrics-based user authentication scheme for multi-server environments in critical systems. However, their scheme lacks the wrong password detection mechanism and is vulnerable to denial-of-service attack. Besides, they do not consider the user anonymity property, and may suffer from biometrics template lost attack because the biometrics template is directly stored in user’s smart card. In this paper, an enhanced biometrics-based user authentication scheme for multi-server environments in critical systems is presented by adopting the fuzzy extractor. The analysis shows that the proposed scheme not only removes the security weaknesses of previous schemes, but also keeps the computational efficiency.

Hong Yen Tran,Jiankun Hu,Wen Hu

DOI: https://doi.org/10.1109/tifs.2024.3468624

IF: 7.231

2024-10-11

IEEE Transactions on Information Forensics and Security

Abstract:Existing fuzzy extractor and similar methods provide an effective way for extracting a secret key from a user's biometric data, but are susceptible to impersonation attack: once a valid biometric sample is captured, the scheme is no longer secure. We propose a novel multi-factor fuzzy extractor that integrates both a user's secret (e.g., a password) and a user's biometrics in the generation and reconstruction process of a cryptographic key. We then employ this multi-factor fuzzy extractor to construct personal identity credentials, which can be used in a new multi-factor authenticated key exchange protocol that possesses multiple important features. First, the protocol provides mutual authentication. Second, the user and service provider can authenticate each other without the involvement of the identity authority. Third, the protocol can prevent user impersonation from a compromised identity authority. Finally, even when both a biometric sample and the secret are captured, the user can re-register to create a new credential using a new secret (renewable biometrics-based identity credentials). Most existing works on multi-factor authenticated key exchange only have a subset of these features. We formally prove that the proposed protocol is semantically secure. Our experiments carried out on the finger vein dataset SDUMLA achieved a low equal error rate (EER) of 0.04%, a reasonable computation time of 0.93 seconds for the user and service provider to authenticate and establish a shared session key, and a small communication overhead of 448 bytes.

computer science, theory & methods,engineering, electrical & electronic

Qiong Li,Xiamu Niu,Zhifang Wang,Yuhua Jiao,Sheng-He Sun

DOI: https://doi.org/10.1007/11553939_150

2005-01-01

Abstract:By adopting a non-interactive information-theoretic secure verifiable secret sharing scheme in an unorthodox way, a verifiable fingerprint vault scheme is presented in this paper. Fuzzy vault scheme is a novel cryptographic construct which can increase the security of the biometric template in a biometric authentication system. It can be also used to bind the cryptographic key and the user in a cryptosystem to overcome the security problems caused by the key stolen, key illegally shared, etc. The main weakness of the scheme is the computation complexity is too high for the legitimate user to unlock the vault. In this paper, a verifiable fingerprint vault is proposed to improve the fuzzy vault scheme. It is shown that our scheme is effective.