JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Framework for Secure Biometric System Design on Smartphones
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Framework for Secure Biometric System Design on Smartphones
Im, Jong-Hyuk; Kwon, Hee-Yong; Lee, Mun-Kyu;
  PDF(new window)
 Abstract
Fast growth of smartphone technology and advent of Fintech enabled smartphones to deal with more sensitive information. Although many devices applying biometric technology are released as a step for protecting sensitive information securely, there can be potential vulnerabilities if security is not considered at the design stage of a biometric system. By analyzing the potential vulnerabilities, we classify threats in biometric system design process on smartphones and we propose the design requirements for solving these problems. In addition, we propose a framework for secure biometric system design on smartphone by synthesizing the design requirements.
 Keywords
Biometrics;Smartphone Security;System Design Requirement;Framework;
 Language
Korean
 Cited by
 References
1.
J.-H. Im and M.-K. Lee, "Requirement for Secure Biometric System Design on Smartphones," Proceedings of Korea Information Processing Society Fall Conference, Vol.22, No.2, pp.870-871, 2015.

2.
Korea Internet & Security Agency (KISA), "Ten industrial issue in internet and information security 2015," INTERNT & SECURITY FOCUS, pp.25-16, 2015.

3.
U. Uludag, S. Pankanti, S. Prabhakar and A. K. Jain, "Biometric Cryptosystems: Issues and Challenges," in Proc. IEEE, Vol.92, pp.948-960, 2004. crossref(new window)

4.
N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM Systems Journal, Vol.40, No.3, pp.614-634, 2001. crossref(new window)

5.
S. Gibbs, HTC stored user fingerprints as image file in unencrypted folder [Internet], http://www.theguardian.com/tech nology/2015/aug/10/htc-fingerprints-world-readable-unencrypted-folder.

6.
Y.-H. Jo, S.-Y. Jeon, J.-H. Im, and M.-K. Lee, "Vulnerability Analysis on Smartphone Fingerprint Templates," Futuretech 2015, p.9, 2015.

7.
R. X. Cringely, Show of hands: Who hasn't hacked Apples's Touch ID? [Internet], http://www.infoworld.com/article/2612275/cringely/show-of-hands-who-hasn-t-hacked-apple-s-touch-id-.html.

8.
A. K. Jain, Y. Chen, and M. Demirkus, "Pores and Ridges: High-Resolution Fingerprint Matching Using Level 3 Features," IEEE Tranactions on Pattern Analysis and Machine Intelligence, Vol.21, No.1, pp.15-27, 2007.

9.
FIDO alliance, FIDO UAF Authenticator Commands v1.0 [Internet], https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-authnr-cmds-v1.0-ps-20141208.html#bib-UAFProtocol.

10.
N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, "Generating Cancelable Fingerprint Templates," IEEE Tranactions on Pattern Analysis and Machine Intelligence, Vol.29, No.4, pp.561-572, 2007. crossref(new window)

11.
United States Department of Defense, DoD 5220.22-M, Operating Manual [Internet], https://www.fas.org/sgp/library/nispom/nispom2006.pdf.

12.
R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, "Physical one-way functions," Science, Vol.297, pp.2026-2030, 2002. crossref(new window)

13.
G. E. Suh and S. Devadas, "Physical Unclonable Functions for Device Authentication and Secret Key Generation," Design Automation Conference 2007. 44th ACM/IEEE, pp. 9-14, 2007.

14.
ARM, ARM Cortex-A8 Technical Reference Manual [Internet], http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/DDI0344K_cortex_a8_r3p2_trm.pdf.

15.
J. Ho, B Chester, C. Heinonen, and R. Smith, A8: Apple's First 20nm SoC [Internet], http://www.anandtech.com/show/8554/the-iphone-6-review/2.

16.
Qualcomm, Snapdragon 810 Processor Specification [Internet], https://www.qualcomm.com/products/snapdragon/processors/810.

17.
Samsung Exynos, Solution Overview [Internet], http://www.samsung.com/semiconductor/minisite/Exynos/w/solution.html#?v=overview.

18.
Y. Piao, J. Jung, and J. Yi, "Structural and functional analysis of ProGuard obfuscation tool," The Journal of Korean Institute of Communications and Information Sciences, Vol.38, No.08, pp.654-662, 2013.

19.
Guardsquare, ProGuard [Internet], http://proguard.sourceforge.net.

20.
Guardsquare, DexGuard [Internet], http://www.guardsquare.com/dexguard.

21.
OREANS, Themida [Internet], http://www.oreans.com/.

22.
S.-Y. Jeon, J.-H. Im, Y.-H. Jo, and M.-K. Lee, "Potential Vulnerabilities and Solutions of Biometric Authentication on Smartphones," The 25th Joint Conference on Communications and Information, D1, 2015.

23.
Samsung, KNOX Apps [Internet], https://www.samsungknox.com/en/products/knoxworkspace/features/apps.

24.
P. Ning, "About rooting Samsung KNOX-enabled devices and the KNOX warranty void bit," Samsung KNOX, https://www.samsungknox.com/ko/blog/aboutrooting-samsung-knox-enabled-devices-and-knox-warranty-void-bit.

25.
ISO/IEC 9797-1 Std., "Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher," ISO, 2011.

26.
D. F. Smith, A. Wiliem and B. C. Lovell, "Face Recognition on Consumer Devices: Reflections on Replay Attacks," IEEE Transaction on Information Forensics and Security, Vol.10, No.4, pp.736-745, 2015. crossref(new window)

27.
M. Vatsa, R. Singh, A. Noore, M. M. Houck, and K. Morris, "Robust biometric image watermarking for fingerprint and face template protection," IEICE Electonic Express, Vol.3, No.2, pp.23-28, 2006. crossref(new window)

28.
M. Krieg and N. Rogmann, "Liveness Detection in Biometrics," Biometrics Special Interest Group (BIOSIG), 2015 International Conference of the, pp.1-14, 2015.