DOI QR코드

DOI QR Code

A Framework for Biometric Security based on OTP in Mobile Devices

모바일 장치에서 OTP 기반의 바이오 인식 보안을 위한 프레임워크

  • 한승진 (경인여자대학교 e-비즈니스과)
  • Received : 2011.12.16
  • Accepted : 2012.03.18
  • Published : 2012.04.30

Abstract

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN or password, there is no way to modify the exposure if it is exposed and used illegally. To solve the problems, we propose to apply OTP using biometric information to mobile devices for more secure and adaptable authentication. In this paper, we propose a secure framework for delivering biometric information as mobile OTP to the server (TTP) and compared this paper with existed methods about security and performance.

바이오 인식 기술은 기존의 PIN이나 패스워드와 달리 분실하거나 도용될 가능성이 적기 때문에 PIN이나 패스워드를 대체할 새로운 수단으로 대두되고 있다. 그러나 바이오 인식은 PIN이나 패스워드와 달리 노출되어 도용이 된다면 수정할 방법이 없다. 따라서, 바이오 인식 정보를 이용한 OTP를 모바일 장치에 적용함으로써 기존의 PIN이나 패스워드 혹은 바이오 인식 정보만을 이용한 인증의 문제점을 해결하고자 한다. 본 논문에서는 모바일 장치에서 바이오 인식 정보를 OTP로 사용하여 바이오 인식 정보를 안전하게 서버(TTP)로 전달하는 프레임워크를 제안하고, 기존의 방법과 보안 및 성능을 비교한다.

Keywords

References

  1. Shuo Wang and Jing Liu, Shuo Wang and Jing Liu, "Biometrics on Mobile Phone", www.intechopen.com/articles/show/title/biometrics-on-mobile-phone, Source : Recent Application in Biometrics, ISBN : 978-953-307-488-7, July, 2011.
  2. Tseng, D. et. al., "Lensfree Microscopy on a Cellphone", Lab on a Chip, Vol. 10, No. 14, pp. 1782-1792, July, 2010.
  3. M. Gordon and S. Sankaeanaeayanan, "Biometric Security Mechanism in Mobile Payments", Proc., of the 5th National Conference; INDIACom-2011, Computing For Nation Development, March 10-11, 2011.
  4. Bao, X, Wang, J. and Hu, J, "Method of Individual Identification based on Electroencephalogram Analysis", Proc., of 2009 International Conference on New Trends in Information and Service Science, pp. 390-393, Beijing, P.R.China, June 9-July 2, 2009.
  5. Nakanishi, I, Baba, S and Miyamoto, C, "EEG Based Biometric Authentication Using New Spectral Features", Proc., of 2009 International Symposium on Intelligent Signal Processing and Communication Systems, pp. 651-654, Kanazawa, Ishikawa, Japan, December 7-9, 2009.
  6. http://www.biometry.com/mobicombiom.html
  7. http://www.voicevault.com/voicevault-enterprise/voice auth/
  8. http://www.huffingtonpost.com/2011/10/19/faceunlock-ice-cream-sandwich_n_1020207.html
  9. Daugman, J, "How Iris Recognition Works", IEEE Transactions on Circuits and Systems for Video Technology, vol. 14, no. 1, pp. 21-30, Jan., 2004. https://doi.org/10.1109/TCSVT.2003.818350
  10. Byung Rae Cha, Nam Ho Kim, Jong Won Kim, "Availability Verification of Integration OTP Framework using Biometrics Information", Journal of The Korea Navigation Institute, Vol. 5, No. 1, Feb., 2011.
  11. Yun Su Chung, Yongjin Lee, Hyung-Woo Lee, Ki Young Moon, "Biometric Authentication Framework based on One-Time Template", Journal of KIISC, Vol. 18, No. 4, pp.61-65, Aug., 2008.
  12. Yong-Nyuo Shin, Young-Jin Kim, Myung-Geun Chun, "Operational Management for Biometrics Hardware Security Module and PKI", Journal of KIISC, Vol. 9, No. 5, May, 2011.
  13. Wenbo Mao, Modern Cryptography : Theory and Practice, Prentice Hall, July, 2003.
  14. Seungjin Han, "A Robust Pair-wise Key Agreement Scheme based on Multi-hop Clustering Sensor Network Environments", Journal of KSCI, Vol. 16, No. 3, Mar., 2011.
  15. Jian Wang, Nan Jiang, "Secure Authentication and Authorization Scheme for Mobile Devices," Proceedings of ICCTA2009, 2009.
  16. Josyula R. Rao, Pankaj Rohatgi, Helmut Scherzer and Stephane Tinguely, "Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards", Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002.
  17. Y. Zheng, D. K. He, X. H. Tang and, H. X. Wang, "AKA and Authtentication Scheme for 4G Mobile Networks Based on Trusted Mobile Platform", ICICS 2005, pp. 976-980, 2005.
  18. 3GPP TS 24.002, Release 4. GSM-UMTS public land mobile network access reference configuration, June, 2003.

Cited by

  1. 모바일 환경에서 다중 바이오인식 기반의 금융 거래를 위한 사용자 인증 프레임워크 vol.20, pp.1, 2012, https://doi.org/10.9708/jksci.2015.20.1.143
  2. 모바일 애플리케이션의 보안성 향상을 위한 App 제어 시스템 설계 및 구현 vol.16, pp.2, 2016, https://doi.org/10.5392/jkca.2016.16.02.243