Browse > Article
http://dx.doi.org/10.3745/KTCCS.2016.5.2.41

Framework for Secure Biometric System Design on Smartphones  

Im, Jong-Hyuk (인하대학교 컴퓨터정보공학과)
Kwon, Hee-Yong (인하대학교 컴퓨터정보공학과)
Lee, Mun-Kyu (인하대학교 컴퓨터정보공학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.5, no.2, 2016 , pp. 41-46 More about this Journal
Abstract
Fast growth of smartphone technology and advent of Fintech enabled smartphones to deal with more sensitive information. Although many devices applying biometric technology are released as a step for protecting sensitive information securely, there can be potential vulnerabilities if security is not considered at the design stage of a biometric system. By analyzing the potential vulnerabilities, we classify threats in biometric system design process on smartphones and we propose the design requirements for solving these problems. In addition, we propose a framework for secure biometric system design on smartphone by synthesizing the design requirements.
Keywords
Biometrics; Smartphone Security; System Design Requirement; Framework;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. K. Jain, Y. Chen, and M. Demirkus, "Pores and Ridges: High-Resolution Fingerprint Matching Using Level 3 Features," IEEE Tranactions on Pattern Analysis and Machine Intelligence, Vol.21, No.1, pp.15-27, 2007.
2 FIDO alliance, FIDO UAF Authenticator Commands v1.0 [Internet], https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-authnr-cmds-v1.0-ps-20141208.html#bib-UAFProtocol.
3 N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, "Generating Cancelable Fingerprint Templates," IEEE Tranactions on Pattern Analysis and Machine Intelligence, Vol.29, No.4, pp.561-572, 2007.   DOI
4 United States Department of Defense, DoD 5220.22-M, Operating Manual [Internet], https://www.fas.org/sgp/library/nispom/nispom2006.pdf.
5 R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, "Physical one-way functions," Science, Vol.297, pp.2026-2030, 2002.   DOI
6 G. E. Suh and S. Devadas, "Physical Unclonable Functions for Device Authentication and Secret Key Generation," Design Automation Conference 2007. 44th ACM/IEEE, pp. 9-14, 2007.
7 ARM, ARM Cortex-A8 Technical Reference Manual [Internet], http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/DDI0344K_cortex_a8_r3p2_trm.pdf.
8 J. Ho, B Chester, C. Heinonen, and R. Smith, A8: Apple's First 20nm SoC [Internet], http://www.anandtech.com/show/8554/the-iphone-6-review/2.
9 Qualcomm, Snapdragon 810 Processor Specification [Internet], https://www.qualcomm.com/products/snapdragon/processors/810.
10 Samsung Exynos, Solution Overview [Internet], http://www.samsung.com/semiconductor/minisite/Exynos/w/solution.html#?v=overview.
11 Y. Piao, J. Jung, and J. Yi, "Structural and functional analysis of ProGuard obfuscation tool," The Journal of Korean Institute of Communications and Information Sciences, Vol.38, No.08, pp.654-662, 2013.
12 Guardsquare, ProGuard [Internet], http://proguard.sourceforge.net.
13 Guardsquare, DexGuard [Internet], http://www.guardsquare.com/dexguard.
14 OREANS, Themida [Internet], http://www.oreans.com/.
15 S.-Y. Jeon, J.-H. Im, Y.-H. Jo, and M.-K. Lee, "Potential Vulnerabilities and Solutions of Biometric Authentication on Smartphones," The 25th Joint Conference on Communications and Information, D1, 2015.
16 Samsung, KNOX Apps [Internet], https://www.samsungknox.com/en/products/knoxworkspace/features/apps.
17 P. Ning, "About rooting Samsung KNOX-enabled devices and the KNOX warranty void bit," Samsung KNOX, https://www.samsungknox.com/ko/blog/aboutrooting-samsung-knox-enabled-devices-and-knox-warranty-void-bit.
18 ISO/IEC 9797-1 Std., "Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher," ISO, 2011.
19 D. F. Smith, A. Wiliem and B. C. Lovell, "Face Recognition on Consumer Devices: Reflections on Replay Attacks," IEEE Transaction on Information Forensics and Security, Vol.10, No.4, pp.736-745, 2015.   DOI
20 M. Vatsa, R. Singh, A. Noore, M. M. Houck, and K. Morris, "Robust biometric image watermarking for fingerprint and face template protection," IEICE Electonic Express, Vol.3, No.2, pp.23-28, 2006.   DOI
21 M. Krieg and N. Rogmann, "Liveness Detection in Biometrics," Biometrics Special Interest Group (BIOSIG), 2015 International Conference of the, pp.1-14, 2015.
22 J.-H. Im and M.-K. Lee, "Requirement for Secure Biometric System Design on Smartphones," Proceedings of Korea Information Processing Society Fall Conference, Vol.22, No.2, pp.870-871, 2015.
23 Korea Internet & Security Agency (KISA), "Ten industrial issue in internet and information security 2015," INTERNT & SECURITY FOCUS, pp.25-16, 2015.
24 U. Uludag, S. Pankanti, S. Prabhakar and A. K. Jain, "Biometric Cryptosystems: Issues and Challenges," in Proc. IEEE, Vol.92, pp.948-960, 2004.   DOI
25 N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM Systems Journal, Vol.40, No.3, pp.614-634, 2001.   DOI
26 S. Gibbs, HTC stored user fingerprints as image file in unencrypted folder [Internet], http://www.theguardian.com/tech nology/2015/aug/10/htc-fingerprints-world-readable-unencrypted-folder.
27 Y.-H. Jo, S.-Y. Jeon, J.-H. Im, and M.-K. Lee, "Vulnerability Analysis on Smartphone Fingerprint Templates," Futuretech 2015, p.9, 2015.
28 R. X. Cringely, Show of hands: Who hasn't hacked Apples's Touch ID? [Internet], http://www.infoworld.com/article/2612275/cringely/show-of-hands-who-hasn-t-hacked-apple-s-touch-id-.html.