Ethereum-Based User Authentication Model Using EOG Data for a Service Provider

Abstract

Unlike general passwords, user authentication technology using biometric data cannot be lost or forgotten, and it has the advantage of being impossible to forge or falsify by attackers. Since this biometric data contains sensitive information, a safe storage method is needed. However, if biometric data is managed on a central server, it is limited by being vulnerable to integrity infringement attacks by system attackers and persistent infringement attacks on the authentication service. To solve this problem, a model using blockchain-based information security technology is proposed in this paper. The aim is to safely manage the user biometric data by dispersing the storage of the biometric data feature information for user authentication in smart contracts and IPFS using Ethereum. We have verified that it takes an average of 1,472.733 ms and 217.829 ms, to register and authenticate a user in the proposed model and we expect that it will provide a reliable authentication service to the users compared to the existing authentication method in which the biometric data is managed by a single server.