A Remote Biometric Authentication Protocol for Online Banking

Abstract

This paper presents a remote biometric authentication protocol illustrated by online banking situation. The protocol assures three properties which are crucial if the biometric data is involved in the authentication process. Even if the biometric data is excellent in authenticating the users because it verifies the users by mean of their personal attributes, the biometric data is sensitive in security prospective because it is hard to be kept secret. The biometric authentication works well in supervised situation if the verifier can prove that the biometric data comes from the live presentation of the user at the time of user's verification. Prone to security risk in the unsupervised situation, especially online transaction, where a captured biometric data can be presented to the system, a biometric authentication in remote situation that guarantees the security level should be proposed. To assure this, the security properties of the protocol should be verified and analysed to promise that the protocol does not manipulate the data with an intruder. This paper verifies and analysed the intended security properties of the proposed protocol. The result of the analysis shows that the protocol preserves the three properties: privacy of the biometric data, liveness, and intentional authentication. 