Abstract
User authentication is an important issue on the Internet and usually solved through static and often unique passwords. Another method is to use biometrics, but biometric data are sensitive and need to be protected. Protection schemes such as cancelable biometric template generation have appeared, but they are sensitive to replay attacks. In this paper, we propose an original method to generate one-time biometric templates for user authentication applications. This proposed scheme limits replay attacks, consisting of an attacker maliciously retransmitting an intercepted user's identity proof. Our method is generic: any biometric modality could be used, the identity verification is realized by the service/identity provider to be realistic. Biometric features are extracted from captures using deep learning and then protected with biohashing, a cancelable biometric scheme. Finally, a step consisting of cryptographic hashing and symmetric encryption guarantees the generation of a one-time, non-replayable template. We have tested our scheme on two common biometric databases, from faces and fingerprints, and the results confirm its efficiency and robustness to attacks given a rigorous threat model.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.