Abstract
This paper presents an analysis of biometric authentication for signature creation application. We extend the established protocol in order to verify the two properties: secrecy and safety. We have analysed the protocol using applied pi calculus and ProVerif. The verification of the secrecy property shows that the protocol holds the biometric data securely while the verification of the safety property shows that an intruder could not deceive the application to allow her to sign any document using a legitimate user’s signature.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Waldmann, U., Scheuermann, D., Eckert, C.: Protected Transmission of Biometric User Authentication Data for Oncard-Matching. In: ACM Symposium on Applied Computing, pp. 425–430 (2004)
Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. In: Proceedings of 22nd IEEE Symposium on Foundations of Computer Science, pp. 350–357 (1981)
Gobioff, H., Smith, S., Tygar, J.D., Yee, B.: Smart Cards in Hostile Environments. In: 2nd USENIX Workshop on Electronic Commerce (1996)
Bond, M.: Chip and Pin (EMV) Point-of-Sale Terminal Interceptor. availability = internet (2007), http://www.cl.cam.ac.uk/~mkb23/interceptor/
Blanchet, B.: ProVerif: Automatic Cryptographic Protocol Verifier User Manual (2005)
Abadi, M., Fournet, C.: Mobile Values, New Names, and Secure Communication. In: POPL 2001 (2001)
Abadi, M., Blanchet, B., Fournet, C.: Just Fast Keying in the Pi Calculus. ACM Transactions on Information and System Security (TISSEC) 10(3), 1–59 (2007)
Abadi, M., Blanchet, B.: Computer-Assisted Verification of a Protocol for Certified Email. SAS 2003 58(1-2), 3–27 (2005); Special issue SAS 2003
Kremer, S., Ryan, M.: Analysis of an Electronic Voting Protocol in the Applied Pi Calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)
Delaune, S., Kremer, S., Ryan, M.: Coercion-resistance and Receipt-freeness in Electronic Voting. In: 19th Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (2006)
Prabhakar, S., Paankanti, S., Jain, A.K.: Biometric Recognition: Security and Privacy Concerns. IEEE Security & Privacy, 33–42 (2003)
Chen, L., Person, S., Proundler, G., Chen, D., Blanceheff, B.: How can you trust a computing platform? In: Proceedings of Information Security Solutions Europe Conference (ISSE 2000) (2000)
Davida, G.I., Frankel, Y., Matt, B.J.: On Enabling Secure Application Through Off-line Biometric Identification. In: IEEE Symposium on Security and Privacy, vol. 1008, pp. 148–157
Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of Artificial Gummy Fingers on Fingerprint Systems. In: Proceedings of SPIE. Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Salaiwarakul, A., Ryan, M.D. (2008). Analysis of a Biometric Authentication Protocol for Signature Creation Application. In: Matsuura, K., Fujisaki, E. (eds) Advances in Information and Computer Security. IWSEC 2008. Lecture Notes in Computer Science, vol 5312. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89598-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-89598-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89597-8
Online ISBN: 978-3-540-89598-5
eBook Packages: Computer ScienceComputer Science (R0)