Protecting Biometrics Using Fuzzy Extractor and Non-invertible Transformation Methods in Kerberos Authentication Protocol

Abstract

Kerberos is a distributed authentication protocol which guarantees the mutual authentication between client and server over an insecure network. After the identification, all the subsequent communications are encrypted by session keys to ensure privacy and data integrity. Nowadays, many traditional authentication systems have tried moved to biometric system for convenience. However, the security and privacy of these systems need to put on the table. In this paper, we have proposed an efficient hybrid approach for protecting biometrics in remote authentication protocol based on Kerberos scheme. This protocol is not only resistant against attacks on the insecure network such as man-in-the-middle attack, replay attack,' but also able to protect the biometrics for using fuzzy extractor and non-invertible transformation. These techniques conceal the user's cancelable biometrics into the cryptographic key called biometric key. This key is used to verify a user in authentication phase. Therefore, there is no need to store users' plaint biometrics in the database. Even if biometric key is revealed, it is impossible for an attack to infer the users' biometrics for the high security of the fuzzy extractor scheme. Moreover, another remarkable contribution of this work is that a user can also change his biometric key without replacing his biometrics. The protocol supports multi-factor authentication to enhance security of the entire system.