Biometric-based Authentication Scheme Research Articles

Exploiting multimodal biometrics for enhancing password security

Abstract Digitization of every daily procedure requires trustworthy verification schemes. People tend to overlook the security of the passwords they use, i.e. they use the same password on different occasions, they neglect to change them periodically or they often forget them. This raises a major security issue, especially for elderly people who are not familiar with modern technology and its risks and challenges. To overcome these drawbacks, biometric factors were utilized, and nowadays, they have been widely adopted due to their convenience of use and ease of hardware installation. Many biometric-based authentication schemes were proposed, but despite the advantages that they offer, recent research has shown that biometrics by itself cannot be considered as an inviolable technique. Recently, we have proposed StegoPass, a novel method that obtains the 68 facial points of a user and utilizes them as a stego message to an image. This produced stego image was the password. Although the experiments conducted showed maximum security, it would be challenging to enhance the robustness of the proposed model for even more attacks. This paper examines the utilization of multimodal biometrics as the secret message embedded in the image. More specifically, besides the extraction of the facial points, we extract the unique minutiae moments and combine them in a feature vector. This feature vector is then embedded in the image. Two different datasets were used, and the security of the method was tested against state-of-the-art deep learning models, i.e. generative adversarial networks, to test whether the image could be digitally synthesized and fool the proposed verification scheme. The results proved that the new enhanced version of StegoPass offers an extremely secure method as its predecessor.

A secure lightweight fuzzy embedder based user authentication scheme for internet of medical things applications

The Internet of Medical Things (IoMT) is a network of medical devices, hardware infrastructure, and software that allows healthcare information technology to be communicated over the web. The IoMT sensors communicate medical data to server for the quick diagnosis. As, it handles private and confidential information of a user, security is the primary objective. The existing IoT authentication schemes either using two-factor(Username, password) or multi-factor (username, password, biometric) to authenticate a user. Typically the structural characteristics-based biometric trait like Face, Iris, Palm print or finger print is used as a additional factor. There are chances that these biometrics can be fabricated. Thus, these structural biometrics based authentication schemes are fail to provide privacy, security, authenticity, and integrity. The biodynamic-based bioacoustics signals are gained attention in the era of human-computer interactions to authenticate a user as it is a unique feature to each user. So, we use a frequency domain based bio-acoustics as a biometric input. Thus, this work propose a Secure Lightweight Bioacoustics based User Authentication Scheme using fuzzy embedder for the Internet of Medical Things applications. Also, the IoT sensors tends to join and leave the network dynamically, the proposed scheme adopts chinese remainder technique for generate a group secret key to protect the network from the attacks of former sensor nodes. The proposed scheme’s security is validated using the formal verification tool AVISPA(Automated Validation of Internet Security Protocols and Applications). The system’s performance is measured by comparing the proposed scheme to existing systems in terms of security features, computation and communication costs. It demonstrates that the proposed system outperforms existing systems.

Providing impersonation resistance for biometric-based authentication scheme in mobile cloud computing service

Mobile cloud computing (MCC) is an emerging computing model with the growing demands of mobile devices by services diversity using mobile cloud technology. Authentication plays a fundamental role between the smart portable devices located in different places and the mobile cloud computing service providers in MCC. Several authors presented many authentication schemes using different cryptographic approaches for MCC in the past years. However, those schemes have not solved the impersonation attack well. To conquer this suffering and support more security functionalities, we propose an impersonation resistance for a biometric-based authentication scheme using hashing and symmetric parameter function in an MCC environment. The proposed scheme can provide mutual authentication and anonymity using the software AVISPA. The security of the proposed scheme is formally proved in the random oracle model. Regarding functionality and performance analysis, the comparative studies demonstrate that the design has a trade-off between resource consumption and security strengthens for MCC services. Therefore, the proposed scheme is more practical in MCC application.

Robust and provable secure three-factor mutual authentication scheme using a smart card

The best solution to perform remote authentication verification is offered by the authentication scheme that opts a smart card. Such schemes are developed by using the combination of password and biometric identity. Biometric-based authentication schemes provide the most prominent security, when compared to the alternative schemes available for authentication. In this paper, a provable secure three-factor authentication scheme that makes use of smart card has been proposed. This authentication scheme is developed based on fundamental assumption of discrete logarithm problem and modular exponentiation. The formal and informal security analysis for the proposed scheme shows that the authentication scheme is more secure. The efficiency of this scheme is calculated based on the performance analysis for both computational and communication cost. It shows that the proposed authentication scheme is performing well, when compared to the related authentication schemes.

Robust and provable secure three-factor mutual authentication scheme using smart card

The best solution to perform remote authentication verification is offered by the authentication scheme that opts a smart card. Such schemes are developed by using the combination of password and biometric identity. Biometric-based authentication schemes provide the most prominent security, when compared to the alternative schemes available for authentication. In this paper, a provable secure three-factor authentication scheme that makes use of smart card has been proposed. This authentication scheme is developed based on fundamental assumption of discrete logarithm problem and modular exponentiation. The formal and informal security analysis for the proposed scheme shows that the authentication scheme is more secure. The efficiency of this scheme is calculated based on the performance analysis for both computational and communication cost. It shows that the proposed authentication scheme is performing well, when compared to the related authentication schemes.

On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments

Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal lives. For example, using this technology a healthcare provider can remotely monitor, collect and analyze data of patients using smart sensors that are connected to them. With this trend on the rise, data protection and information security in healthcare environments are now major concerns. Authentication before starting the data transmission is a common approach to provide data security. Recently, Mohammedi et al. have proposed a lightweight biometric-based authentication scheme for mobile healthcare environments and have claimed that their scheme is secure against known attacks in the context of RFID authentication protocols. However, in this paper, we provide a more detailed analysis of the this scheme and show that their protocol is vulnerable to a man-in-the-middle attack. Furthermore, we demonstrate that their protocol does not provide other security requirements such as forward secrecy, anonymity, and untraceability. To remedy these weaknesses, we propose an improved scheme and demonstrate that the proposed scheme can withstand common attacks while it requires approximately 23% less computation time and 50% less communication overhead than the Mohammedi et al. scheme. We also formally evaluate the security of the proposed protocol by Scyther tool, which is a widely accepted automated tool for this purpose.

A lightweight three-factor authentication protocol for digital rights management system

Recent advances in communication technology and low-power devices have led digital-content services to be provided in various resource limited environments such as smart home, Internet of Things, and the Vehicle-to-Everything. However, digital content is easily replicated and distributed through open channels. Authentication is therefore becoming increasingly important for digital rights management (DRM) systems to provide secure services to authorized users. In 2018, Lee et al. proposed a biometric-based authentication scheme for DRM systems. We here demonstrate that Lee et al.’s scheme is vulnerable to mobile device theft and user impersonation attacks and does not allow secure mutual authentication. We propose an alternative secure three-factor authentication protocol for DRM systems to overcome these security shortcomings. Using formal/informal security analysis and a BAN logic analysis, we also show that our protocol protects against various types of attacks and allows secure mutual authentication. Furthermore, we demonstrate that the proposed protocol is secure against replay attacks and man-in-the-middle attacks using the formal verification simulation tool AVISPA. The proposed protocol is therefore applicable to resource-limited environments.

Cryptanalysis and improvement of authentication scheme for roaming service in ubiquitous network

The paper analyzes a recently proposed secure authentication and key agreement scheme for roaming service in a ubiquitous network. In 2018, Lee et al. proposed a biometric-based anonymous authentication scheme for roaming in ubiquitous networks. But, we found that Lee et al. scheme is prone to the off-line dictionary attack when a user’s smart device is stolen, replay attack due to static variables and de-synchronization attack when an adversary blocks a message causing failure of authentication mechanism. Further, the scheme lacks no key control property and has incorrect XOR calculation. In the sequel, we presented an improved biometric based scheme to remove the weaknesses in Lee et al.’s scheme, which also does not require an update of identity in every session, hence preventing de-synchronization attack. Also, the security of the proposed schemes were analyzed in a widely accepted random oracle model. Further, computational and communication cost comparisons indicate that our improved scheme is more suitable for ubiquitous networks.

Improved Biometric-Based Mutual Authentication and Key Agreement Scheme Using ECC

Recently, biometric based authentication scheme gains popularity due to its high security, integrity, and authenticity properties. In the recent past, Qi et al. improved Chaudhry et al.’s scheme, which is susceptible to the DoS attack and fails to achieve perfect forward secrecy. In this paper, we analyze Qi et al.’s biometric based authentication scheme and show that the scheme cannot withstand key compromise impersonation attack, offline password guessing attack, and known session-specific temporary information attack. We proposed an improved biometric based authentication scheme using Elliptic Curve Cryptography (ECC) with more security functionalities. Further, we prove the mutual authentication and session key security of the proposed scheme using Burrows–Abadi–Needham (BAN) logic and Random Oracle Model (ROM). Moreover, the security analysis endorses that the proposed scheme is robust enough to provide protection against all well known attacks. The simulation results using the AVISPA tool show that the proposed scheme is secure and achieves its goal.

AGE: authentication in gadget-free healthcare environments

Mobile and sensor related technologies are significantly revolutionizing the medical and healthcare sectors. In current healthcare systems, gadgets are the prominent way of acquiring medical services. However, the recent technological advancements in smart and ambient environments are offering users new ways to access the healthcare services without using any explicit gadgets. One of the key challenges in such gadget-free environments is performing secure user authentication with the intelligent surroundings. For example, a secure, efficient and user-friendly authentication mechanism is essential for elderly/disabled people or patients in critical conditions requiring medical services. Hence, modern authentication systems should be sophisticated enough to identify such patients without requiring their physical efforts or placing gadgets on them. This paper proposes an anonymous and privacy-preserving biometrics based authentication scheme for such gadget-free healthcare environment. We performed formal security verification of our proposed scheme using CDVT /AD tool and our results indicate that the proposed scheme is secure for such smart and gadget-free environments. We verify that the proposed scheme can resist against various well-known security attacks. Moreover, the proposed system showed better performance as compared with existing biometrics based remote user authentication schemes.

Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues

This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to the characteristics of the countermeasure along with the authentication model iteself, we categorize the authentication schemes for smart mobile devices in four categories, namely, (1) biometric-based authentication schemes, (2) channel-based authentication schemes, (3) factors-based authentication schemes, and (4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions.

Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity.

Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows—Abadi—Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.

A Provably Secure Biometrics-Based Authentication Scheme for Multiserver Environment

With the rapid development of mobile services, multiserver authentication protocol with its high efficiency has emerged as an indispensable security mechanism for mobile services. Recently, Ali et al. introduced a biometric-based multiserver authentication scheme and claimed the scheme is resistant to various attacks. However, after a careful examination, we find that Ali et al.’s scheme is vulnerable to various security attacks, such as user impersonation attack, server impersonation attack, privileged insider attack, denial of service attack, fails to provide forward secrecy and three-factor secrecy. To overcome these weaknesses, we propose an improved biometric-based multiserver authentication scheme using elliptic curve cryptosystem. Formal security analysis under the random oracle model proves that our scheme is provably secure. Furthermore, BAN (Burrows-Abadi-Needham) logic analysis demonstrates our scheme achieves mutual authentication and session key agreement. In addition, the informal analysis proves that our scheme is secure against all current known attacks and achieves desirable features. Besides, the performance and security comparison shows that our scheme is superior to related schemes.

Authentication and Authorization for Mobile IoT Devices Using Biofeatures: Recent Advances and Future Trends

Biofeatures are fast becoming a key tool to authenticate the IoT devices; in this sense, the purpose of this investigation is to summarise the factors that hinder biometrics models’ development and deployment on a large scale, including human physiological (e.g., face, eyes, fingerprints-palm, or electrocardiogram) and behavioral features (e.g., signature, voice, gait, or keystroke). The different machine learning and data mining methods used by authentication and authorization schemes for mobile IoT devices are provided. Threat models and countermeasures used by biometrics-based authentication schemes for mobile IoT devices are also presented. More specifically, we analyze the state of the art of the existing biometric-based authentication schemes for IoT devices. Based on the current taxonomy, we conclude our paper with different types of challenges for future research efforts in biometrics-based authentication schemes for IoT devices.

Securing electronics healthcare records in Healthcare 4.0 : A biometric-based approach

In recent years, there has been an exponential increase in the usage of Healthcare 4.0-based diagnostics systems across the globe. In healthcare 4.0, the patient’s records are stored in electronic health record (EHR) repository which may be loacted either at a centralized or distributed locations to help the Doctors to easily access the patient’s healthcare data from anywhere at any time. As this data is accessed from the database repository using an open channel, i.e., the Internet, so, security and privacy are major concerns while accessing it from any location. Motivated from these facts, in this paper, we propose a biometric-based authentication scheme to ensure secure access of the patients EHR from any location. In the proposal, we first identified various security threats and challenges in accessing EHR from the database repository. Then, the secure biometric-based scheme is designed which is validated using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The results obtained demonstrated that the proposed scheme is superior (in terms of computation and communication costs) in comparison to the traditional state-of-the-art existing schemes.

Secure and efficient ECC based SIP authentication scheme for VoIP communications in internet of things

Since last decade, VoIP is transitioning from being a voice scheme to the most powerful unified communications engine. All VoIP systems uses the Session Initiation Scheme that defines the procedures and messages used to set up a phone call – or any other kind of communication. IoT is another paradigm-shifting idea that is going to change VoIP communications, since it offers a seamless way to connect all of the devices, applications and platforms. Embedding VoIP in IoT solutions provides a competitive advantage over the traditional telephony system of being interconnected to Internet of Things. With the IoT, value proposition of VoIP broadens so with IoT, however, VoIP is vulnerable to all of the intrinsic security problems in IP. In this paper, a new biometrics based authentication scheme using ECC has been proposed. The formal and informal security analysis of the scheme proves the security strength of the scheme. Simulation of the scheme using AVISPA also proves the scheme is secure against potential threats. Comparison of the proposed scheme in terms of computation cost and security features with other related schemes proves the superiority of the scheme.

SUBBASE: An Authentication Scheme for Wireless Sensor Networks Based on User Biometrics

To keep a network secure, a user authentication scheme that allows only authenticated users to access network services is required. However, the limited resources of sensor nodes make providing authentication a challenging task. We therefore propose a new method of security for a wireless sensor network (WSN). Our technique, Secure User Biometric Based Authentication Scheme (SUBBASe), is based on the user biometrics for WSNs. It achieves a higher security level as well as improved network performance. This solution consists of easy operations and light computations. Herein, the proposed technique is evaluated and compared with previous existing techniques. This scheme increases the performance of the network by reducing network traffic, defending against DOS attacks, and increasing the battery life of a node. Consequently, the functionality and performance of the entire network is improved.

Biometric-based authentication scheme for Implantable Medical Devices during emergency situations

Abstract Biometric recognition and analysis are among the most trusted features to be used by Implantable Medical Devices (IMDs). We aim to secure these devices by using these features in emergency scenarios. As patients can witness unpredictable lethal accidents, any implantable medical device should allow access to urgent medical interventions from legitimate parties. Any delay in providing immediate medical support can endanger the patient’s life. Hence, we propose in this work an authentication scheme that allows access to the implanted devices in emergency situations for only legitimate users. We have designed in the first place a scheme for authentication using Electrocardiogram instantaneous readings. Then, we joined the latter to a fixed biometric reading, which is fingerprint reading, to enable access to emergency medical teams. We have designed a scheme in a way to prevent attackers from accessing/hijacking the device even during emergency situations. This scheme has been assisted with elliptic curve cryptography to protect the wireless exchange of requested keys. The scheme relies on the instantaneous reading of the patient’s heartbeat and his/her fingerprint reading to create a secure key. This key will validate the authentication request of the new medical team. We have analyzed this scheme deeply to verify that they offer the necessary security for the patient’s life. We have tested if the wireless exchange of the key will expose the device’s privacy. We have also tested the accuracy of the authentication process to ensure a safe and a valid performance of the authentication process. The scheme has been designed with consideration to any hardware/software limitation that characterize any implantable medical device.

A Provably Secure Anonymous Biometrics-Based Authentication Scheme for Wireless Sensor Networks Using Chaotic Map

The rapid growth of wireless sensor networks (WSNs) has opened new doors to realize remote monitoring in various areas. However, designing authentication protocol for resource-constrained WSNs is a challenging task. Recently, Aghili et al. introduced an efficient three-factor authentication scheme for WSNs using hash function, and argued that the scheme is immune to known attacks. However, we discover that their scheme suffers from a few serious weaknesses, such as session key disclosure attack, desynchronization attack, sensor node impersonation attack, and session-specific temporary information attack, and does not provide forward secrecy. In order to overcome the deficiency of this scheme, we propose an enhanced biometric-based authentication scheme for WSNs using Chebyshev chaotic map. We demonstrate that the proposed scheme is provably secure in the random oracle model. Furthermore, Burrows-Abadi-Needham logic analysis shows that the proposed scheme achieves mutual authentication and session key agreement. The informal analysis demonstrates that the proposed scheme is resistant to various attacks and has desirable attributes, such as forward secrecy and three-factor secrecy. Finally, the security and performance comparison show that the proposed scheme is more practical.

A Survey of Android Mobile Phone Authentication Schemes

The Android operating system is the most popular mobile operating system resulting in a great number of applications being developed for the platform. This makes them vulnerable to security threats such as social engineering, shoulder surfing and Malware. Therefore, Android devices require a secure authentication scheme in order to control access to the device. This paper briefly discusses the mobile security threats, the authentication protocols and Android Security. Then the paper presents an analysis of some of the authentication schemes that are used in mobile devices and some of the threats and technical issues faced. Authentication schemes discussed include password/pin, pattern based authentication, fingerprint recognition, facial recognition, vocal recognition and iris based authentication. In discussing the various authentication methods, it was observed that while biometric based authentication schemes offered the greatest level of security, there was always a trade-off between computational complexity and ease of use/implementation/cost that ensured that more traditional authentication schemes, while not as secure as biometric schemes, are still widely used in mobile devices.