Analysing a Biometric Authentication Protocol for 3G Mobile Systems Using CSP and Rank Functions

  • Siraj A. Shaikh
  • Christos K. Dimitriadis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3934)


We study a protocol, called BIO3G, which provides biometric-based user authentication and key establishment in Third Generation (3G) mobile environments. BIO3G provides end-to-end user authentication to the mobile operator, requiring no storing or transferring of biometric data and, eliminating the need for biometric enrolment and administration, which is time-consuming for the user and expensive for the mobile operator. We model BIO3G using process algebra Communicating Sequential Processes (CSP) and verify it using Schneider’s rank functions.


User Equipment Rank Function Mobile Operator Communicate Sequential Process Positive Rank 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Neimi, V., Nyberg, K.: UMTS Security. John Wiley & Sons, Chichester (2003)Google Scholar
  2. 2.
    Benoit, O., Dabbous, N., Gauteron, L., Girard, P., Handschuh, H., Naccache, D., Socile, S., Whelan, C.: Mobile Terminal Security. Cryptology ePrint Archive Report 2004/158Google Scholar
  3. 3.
    ISO/IEC JTC1, SC37/SG1: Biometric vocabulary corpus (2004)Google Scholar
  4. 4.
    Dimitriadis, C., Polemi, D.: Biometrics –Risks and Controls. Information Systems Control Journal (ISACA) 4, 41–43 (2004)Google Scholar
  5. 5.
    Dimitriadis, C., Polemi, D.: A protocol for incorporating biometrics in 3G with respect to privacy. In: Fernandez-Medina, E., Hernandez, J., Garcia, J. (eds.) Proceedings of the 3rd International Workshop on Security in Information Systems (WOSIS 2005), pp. 123–135 (2005)Google Scholar
  6. 6.
    3rd Generation Partnership Project: TS 33.102 - 3G Security; Security architecture (2004)Google Scholar
  7. 7.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall International, Englewood Cliffs (1985)MATHGoogle Scholar
  8. 8.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    3rd Generation Partnership Project: TS 22.022 - Personalisation of Mobile Equipment (ME); Mobile functionality specification (2005)Google Scholar
  10. 10.
    Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs (1997)Google Scholar
  11. 11.
    Schneider, S.: Concurrent and Real-time Systems: the CSP Approach. Addison-Wesley, Reading (1999)Google Scholar
  12. 12.
    Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2001)Google Scholar
  13. 13.
    Schneider, S.: Verifying Authentication Protocols in CSP. IEEE Transactions on Software Engineering 24(9), 741–758 (1998)CrossRefGoogle Scholar
  14. 14.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. on Information Theory 29(2), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Siraj A. Shaikh
    • 1
  • Christos K. Dimitriadis
    • 2
  1. 1.Department of Computing, UGBSUniversity of GloucestershireCheltenham SpaUK
  2. 2.University of PiraeusPiraeusGreece

Personalised recommendations