Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards

  • Luciano Rila
  • Chris J. Mitchell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2846)

Abstract

The use of biometrics, and fingerprint recognition in particular, for cardholder authentication in smartcard systems is growing in popularity, and such systems are the focus of this paper. In such a biometrics-based cardholder authentication system, sensitive data will typically need to be transferred between the smartcard and the card reader. We propose strategies to ensure integrity of the sensitive data exchanged between the smartcard and the card reader during authentication of the cardholder to the card, and also to provide mutual authentication between card and reader. We examine two possible types of attacks: replay attacks and active attacks in which an attacker is able to calculate hashes and modify messages accordingly.

Keywords

smartcards biometrics cardholder authentication 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bosselaers, A., Preneel, B. (eds.): RIPE 1992. LNCS, vol. 1007. Springer, Heidelberg (1995)Google Scholar
  2. 2.
    EMV 2000, Integrated circuit card specification for payment systems, Book 2 — Security and key management, version 4.0 (2000)Google Scholar
  3. 3.
    Hachez, G., Koeune, F., Quisquater, J.-J.: Biometrics, access control, smart cards: a not so simple combination. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Proc. 4th Smart Card Research and Advanced Applications Conference (CARDIS 2000), September 2000, pp. 273–288. Kluwer Academic Publishers, Bristol (2000)Google Scholar
  4. 4.
    Hendry, M.: Smart Card Security and Applications. Artech House (1997)Google Scholar
  5. 5.
    ISO/DIS 21352: Biometric information management and security, ISO/IEC JTC 1/SC 27 N2949 (2001)Google Scholar
  6. 6.
    ISO/IEC 10118–3: Information technology — Security techniques — Hashfunctions — Part 3: Dedicated hash-functions (1998)Google Scholar
  7. 7.
    ISO/IEC 9797–1: Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher (1999)Google Scholar
  8. 8.
    ISO/IEC 9797–2: Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hashfunction (2002)Google Scholar
  9. 9.
    ISO/IEC 9798–2: Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms (1999)Google Scholar
  10. 10.
    ISO/IEC 9798–3: Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques (1998)Google Scholar
  11. 11.
    ISO/IEC 9798–4: Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function (1999)Google Scholar
  12. 12.
    ISO/IEC 9798–5: Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero knowledge techniques (1999)Google Scholar
  13. 13.
    Janke, M.: Bio-System-On-Card. In: SecureCard 2001, Hamburg, Germany (June 2001)Google Scholar
  14. 14.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  15. 15.
    Rankl, W., Effing, W.: Smart Card Handbook. John Wiley & Sons, Chichester (2001)Google Scholar
  16. 16.
    Rila, L., Mitchell, C.J.: Security analysis of smartcard to card reader communications for biometric cardholder authentication. In: Proc. 5th Smart Card Research and Advanced Application Conference (CARDIS 2002), November 2002, pp. 19–28. USENIX Association, San Jose (2002)Google Scholar
  17. 17.
    van der Putte, T., Keuning, J.: Biometrical fingerprint recognition: don’t get your fingers burned. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Proc. 4th Smart Card Research and Advanced Applications Conference (CARDIS 2000), September 2000, pp. 273–288. Kluwer Academic Publishers, Bristol (2000)Google Scholar
  18. 18.
    Wirtz, B.: Biometric System On Card. In: Information Security Solutions Europe 2001, London, UK (September 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Luciano Rila
    • 1
  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonSurreyUK

Personalised recommendations