Biometric Security System Design: From Mobile to Cloud Computing Environment

Abstract

Worldwide adoption of mobile products and cloud computing services not only continues, but is accelerating. Biometric security technology shows promising in addressing the issue of authenticating genuine user that is a fundamental flaw in conventional cryptography. Conventional biometric applications, specifically verification and identification, have been extensively investigated over the past decades, leading to a significant improvement. However, several issues are still unsolved and the related research will continue. In this thesis, we are working on four research problems encountered in applying biometric security technology in mobile and cloud computing environment. Firstly, designing a secure user-side biometric authentication approach targeting computation-constrained mobile devices is a challenge and draws great attention. Most existing biometric methods, which normally require high-intensive computing power, are not specially designed for operating on mobile platforms. Only a handful of low-end mobile biometric solutions exist in the literature, the performances of which, however, are far from acceptable. In this thesis, a computational efficient CPR-based (Correlation Pattern Recognition) face authentication scheme (HCFA) was developed which suits various camera-equipped and java-enabled mobile devices. The proposed partial correlation output peak analysis (PCOPA) is operated on selected sub-regions of a facial image, in conjunction with the conventional direct cross-correlation method on downsampling images. The statistical experiments on public database show a good verification performance results. Moreover, the maximum memory consumption of such scheme is only around 500 KB. The running-time is acceptable even on lowest-end mobile platforms on the consumer market. The HCFA can be considered as an efficient, accurate, implementable, universal and maintainable mobile authentication solution. Secondly, designing a server-side non-/low intrusive biometric UAC (user access control) solution specifically towards ultra-large-scale network (e.g. cloud computing) is in urgent demand. Conventional biometric characteristics, e.g. face and fingerprint, are so sensitive to privacy that users are often conservative on their use in a distributed cloud scenario. On the other hand, non-/low intrusive biometric techniques, such as keystroke dynamics, are facing the severe scalability (efficiency in large network) problem and authentication accuracy issue. For instance, Gunetti et al. proposed a classical method, namely n-graph-based keystroke verification method (GP method) which achieved a low False Acceptance Rate (FAR). Nevertheless, high False Rejection Rate (FRR) and low efficiency remain the greatest shortcomings of it. The scalability issue is due to the verification of every sample in the database. In this thesis, we addressed the scalability issue as well as verification accuracy issue. We first proposed a CPR-oriented equivalent representation of keystroke n-graph pattern. Then, two innovative CPR-based approaches, nGdv-V and nGdv-C, were developed for fast and accurate verification. It is the first time to systematically apply CPR to keystroke pattern analysis. Compared to GP method, significant improvements of FRR as well as high authentication speed gain (1250 times for nGdv-V and 3 times for nGdv-C) have been achieved. Biometric template security and bio-cryptographic key generation become an emerging research topic. Existing fingerprint-based solutions, far too often, are based on an unrealistic assumption that images are pre-aligned accurately. Apart from alignment, low verification performance is another bottleneck. In this thesis, we demonstrated a rotation- and shift-free minutia local structure feature. The corresponding verification method Structure Similarity Estimate (SSE) and Dual Layer Structure Similarity Estimate (DLSSE) were proposed based on the features. By adopting SSE/DLSSE, an enhanced fingerprint fuzzy vault and an improved fuzzy extractor were developed for the purpose of securing minutia templates as well as generating bio-cryptographic key. High verification accuracy (EER < 1%, outperforms existing major methods in the literature) and high security strength were exhibited. Finally, we worked on the idea of incorporating biometric into excising Public Key Infrastructure (PKI) architecture. Although PKI offers a feasible way for secure communication in untrustful networked environment, it is still weak in identifying genuine users [150]. Little research has been done to address such issues. In this thesis, a bio-PKI key management protocol was proposed, which possesses multiple roles such as user authentication, symmetric session key generation, client-server key agreement and etc. A legal user's fingerprint information is not only used for biometric-based identity verification but also for cryptographic key generation. The security analyses prove that the protocol is a high secure communication solution for insecure network such as distributed mobile-cloud network. Furthermore, the proposed scheme features low hardware requirement and computational efficiency.