Article Preview
TopIntroduction
With the current digitization of most administrative services, e-government, mobile payments, remote healthcare, the advent of COVID 19 where exchanges must be done mostly online and so on, and because of the large number of identity-theft cases, the authentication step is often considered the weakest link in computer security (Belguechi, 2015). For the authentication of an individual, the password is by far the most widespread method despite its obvious lack of security (password cracker, eavesdropping, etc.) and its very limited ease of use when the user wishes to access a multitude of services (use of several passwords for several applications).
Biometric authentication, which is used to recognize an individual based on physiological or behavioral characteristics, is an interesting alternative. For example, it is extremely rare to lose one's fingerprints, unlike passwords. It is also easier for users to put their fingers on a sensor or to capture their faces than to enter a password. As far as smartphones are concerned, the means of biometric authentication are various, such as fingerprints, facial captures, graphic patterns, voice, gait, or even keyboard speed. However, users are not usually aware that they are storing their enduring physiological or behavioral characteristics on unsecured platforms (i.e., on cell phones or cloud storage), threatening the privacy of their biometric patterns and identities.
In recent years, biometric authentication has attracted much attention from academics and industries. The more people trust biometric authentication systems, especially on their personal devices such as smartphones, the more they reveal their identities to third parties. Due to the enduring characteristics of biometrics such as fingerprints, face, or behavioral traits, the increasing use of biometrics will increase the risk of identity theft. Therefore, secure, robust, privacy-preserving authentication systems are required to prevent unauthorized access to sensitive and personal information stored on mobile devices.
The main objective of this work is to strengthen biometric authentication methods on mobile phones, particularly by fingerprint. This objective has two sub-objectives: to provide methods to avoid identity theft with regard to fingerprint authentication and to strengthen authentication to avoid information leakage from the biometric model.
In this work, we present a novel privacy-preserving biometric authentication system for mobile users. The proposed system, unlike other research efforts, leverages the hardware security of smartphones and demonstrates its potential for secure authentication with faster and more accurate performance and low resource consumption. This work makes the following contributions: a new strong-minutiae extraction method for the elimination of false minutiae and completeness of the security model of authentication of mobile platforms by fingerprint by proposing a secure authentication system based on the strong-characteristics method and encryption using a random number and hash functions for information transformation after studying some of the authentication schemes used in the mobile-device domain for secure and fast authentication with respect to fingerprints.