Abstract
The use of biometrics, and fingerprint recognition in particular, for cardholder authentication in smartcard systems is growing in popularity, and such systems are the focus of this paper. In such a biometrics-based cardholder authentication system, sensitive data will typically need to be transferred between the smartcard and the card reader. We propose strategies to ensure integrity of the sensitive data exchanged between the smartcard and the card reader during authentication of the cardholder to the card, and also to provide mutual authentication between card and reader. We examine two possible types of attacks: replay attacks and active attacks in which an attacker is able to calculate hashes and modify messages accordingly.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Bosselaers, A., Preneel, B. (eds.): RIPE 1992. LNCS, vol. 1007. Springer, Heidelberg (1995)
EMV 2000, Integrated circuit card specification for payment systems, Book 2 — Security and key management, version 4.0 (2000)
Hachez, G., Koeune, F., Quisquater, J.-J.: Biometrics, access control, smart cards: a not so simple combination. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Proc. 4th Smart Card Research and Advanced Applications Conference (CARDIS 2000), September 2000, pp. 273–288. Kluwer Academic Publishers, Bristol (2000)
Hendry, M.: Smart Card Security and Applications. Artech House (1997)
ISO/DIS 21352: Biometric information management and security, ISO/IEC JTC 1/SC 27 N2949 (2001)
ISO/IEC 10118–3: Information technology — Security techniques — Hashfunctions — Part 3: Dedicated hash-functions (1998)
ISO/IEC 9797–1: Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher (1999)
ISO/IEC 9797–2: Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hashfunction (2002)
ISO/IEC 9798–2: Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms (1999)
ISO/IEC 9798–3: Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques (1998)
ISO/IEC 9798–4: Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function (1999)
ISO/IEC 9798–5: Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero knowledge techniques (1999)
Janke, M.: Bio-System-On-Card. In: SecureCard 2001, Hamburg, Germany (June 2001)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Rankl, W., Effing, W.: Smart Card Handbook. John Wiley & Sons, Chichester (2001)
Rila, L., Mitchell, C.J.: Security analysis of smartcard to card reader communications for biometric cardholder authentication. In: Proc. 5th Smart Card Research and Advanced Application Conference (CARDIS 2002), November 2002, pp. 19–28. USENIX Association, San Jose (2002)
van der Putte, T., Keuning, J.: Biometrical fingerprint recognition: don’t get your fingers burned. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Proc. 4th Smart Card Research and Advanced Applications Conference (CARDIS 2000), September 2000, pp. 273–288. Kluwer Academic Publishers, Bristol (2000)
Wirtz, B.: Biometric System On Card. In: Information Security Solutions Europe 2001, London, UK (September 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rila, L., Mitchell, C.J. (2003). Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards. In: Zhou, J., Yung, M., Han, Y. (eds) Applied Cryptography and Network Security. ACNS 2003. Lecture Notes in Computer Science, vol 2846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45203-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-45203-4_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20208-0
Online ISBN: 978-3-540-45203-4
eBook Packages: Springer Book Archive