Protecting Biometrics using Fuzzy Extractor and Non-Invertible Transformation Methods in Kerberos Authentication Protocol

Authors: Thi Ai Thao Nguyen, Tran Khanh Dang

Volume 31 (2017)


Kerberos is a distributed authentication protocol which guarantees the mutual authentication between client and server over an insecure network. After the identification, all the subsequent communications are encrypted by session keys to ensure privacy and data integrity. Nowadays, many traditional authentication systems have tried moved to biometric system for convenience. However, the security and privacy of these system need to put on the table. In this paper, we have proposed an efficient hybrid approach for protecting bio-metrics in remote authentication protocol based on Kerberos scheme. This pro-tocol is not only resistant against attacks on the insecure network such as man-in-the-middle attack, replay attack,… but also able to protect the biometrics for using fuzzy extractor and non-invertible transformation. These techniques con-ceal the user’s cancelable biometrics into the cryptographic key called bio-metric key. This key is used to verify a user in authentication phase. Therefore, there is no need to store users’ plaint biometrics in the database. Even if bio-metric keys is revealed, it is impossible for an attack to infer the users’ biomet-rics for the high security of the fuzzy extractor scheme. Moreover, another re-markable contribution of this work is that a user can also change his biometric key without replacing his biometrics. The protocol supports multi-factor au-thentication to enhance security of the entire system.