TY - JOUR
T1 - Dynamic digest based authentication for client–server systems using biometric verification
AU - Babamir, Faezeh Sadat
AU - Kirci, Murvet
N1 - Publisher Copyright:
© 2019 Elsevier B.V.
PY - 2019/12
Y1 - 2019/12
N2 - The client authentication is a significant process in client–server systems. Such a process is highly secure when a client may be authenticated according to a set of unique verifiable data, i.e., biometric traits. However, biometric based systems with the low-cost, dense biometric sensors, and power of fast processing need a method of automatic client recognition for the robust client authentication. Such a method faces three challenges: (1) the effective recognition of the biometric patterns inputted to the system, (2) the provision of security to prevent the vulnerability of the system, and (3) the preparation of personal privacy. Many remote biometric authentication schemes have been developed to establish secure mutual communication between a client as a device node and server over an untrusted channel. By employing a secure remote biometric based authentication protocol, a client that acts in a node and a server that contains resources can authenticate each other in a secure and trustable manner. In our previous work, we proposed a digest based authentication method that preserves privacy of client's biometric templates and authenticates the client securely by generating non-deterministic semi-digest. By reviewing and cryptanalyzing this method, in the current paper, we focus on the improvement of the method for providing the invulnerability against user anonymity and server masquerading attacks. We show that our improved scheme is secure against the attacks and prove its functionality features.
AB - The client authentication is a significant process in client–server systems. Such a process is highly secure when a client may be authenticated according to a set of unique verifiable data, i.e., biometric traits. However, biometric based systems with the low-cost, dense biometric sensors, and power of fast processing need a method of automatic client recognition for the robust client authentication. Such a method faces three challenges: (1) the effective recognition of the biometric patterns inputted to the system, (2) the provision of security to prevent the vulnerability of the system, and (3) the preparation of personal privacy. Many remote biometric authentication schemes have been developed to establish secure mutual communication between a client as a device node and server over an untrusted channel. By employing a secure remote biometric based authentication protocol, a client that acts in a node and a server that contains resources can authenticate each other in a secure and trustable manner. In our previous work, we proposed a digest based authentication method that preserves privacy of client's biometric templates and authenticates the client securely by generating non-deterministic semi-digest. By reviewing and cryptanalyzing this method, in the current paper, we focus on the improvement of the method for providing the invulnerability against user anonymity and server masquerading attacks. We show that our improved scheme is secure against the attacks and prove its functionality features.
KW - Automated verification system
KW - Biometric authentication
KW - Cryptography
KW - Privacy protecting
UR - http://www.scopus.com/inward/record.url?scp=85067200194&partnerID=8YFLogxK
U2 - 10.1016/j.future.2019.05.025
DO - 10.1016/j.future.2019.05.025
M3 - Article
AN - SCOPUS:85067200194
SN - 0167-739X
VL - 101
SP - 112
EP - 126
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -