Encrypting problem instances: Or ... can you take advantage of someone without having to trust him?
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Inside risks: the uses and abuses of biometrics
Communications of the ACM
Biometrics, Personal Identification in Networked Society: Personal Identification in Networked Society
Security and Performance of Server-Aided RSA Computation Protocols
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Handbook of Fingerprint Recognition
Handbook of Fingerprint Recognition
Biometric Recognition: Security and Privacy Concerns
IEEE Security and Privacy
Workload dispatch planning for real-time fingerprint authentication on a sensor-client-server model
PDCAT'04 Proceedings of the 5th international conference on Parallel and Distributed Computing: applications and Technologies
Computer Standards & Interfaces
Hi-index | 0.00 |
In this paper, we propose a secure and scalable solution for user authentication by using fingerprint verification on the sensor-client-server model, even with the client that is not necessarily trusted by the sensor holder or the server. In a typical implementation of fingerprint verification on the sensor-client-server model, the most time consuming step of the fingerprint verification, i.e., feature extraction, is assigned to a client because of real-time, scalability, and privacy issues. Compared to either a sensor or a server, however, the client connected to an open network and maintained by an individual user may be more vulnerable to Trojan Horse attacks. To protect Trojan Horse attacks launched at the untrusted client, our protocol has the fingerprint sensor to validate the result computed by the client for the feature extraction. However, the validation should be simple so that the resource-constrained fingerprint sensor can validate it in real-time. To solve this problem, we separate the feature extraction into binarization and minutiae extraction, and assign the time-consuming binarization to the client. After receiving the result of binarization from the client, the sensor conducts a simple validation algorithm to check the result, and then performs minutiae extraction and sends the extracted minutiae to the server. Based on the experimental results, the proposed solution for fingerprint verification can be performed on the sensor-client-server model securely, scalablely, and in real-time with the aid of an untrusted client.