Abstract
This paper describes biometric-based methods for achieving strong, low cost mutual and multi-factor authentication on the Internet of Things (IoT). These methods can leverage telebiometric authentication objects (TAO), tagged physical objects functionally coupled with biometric sensors and connected to a telecommunications network. Methods presented are convenient for people to use, support Universal Access (UA) goals, and ensure the confidential exchange of information between communicating parties. The described one and two-factor authentication methods use cryptographic techniques to achieve mutual authentication and data confidentiality through password and biometric authenticated key exchange (AKE). These key establishment techniques rely on the use of a Diffie-Hellman key agreement scheme to create a strong symmetric key from a weak secret. AKE protocols can provide forward secrecy and prevent disclosure of user credentials during authentication attempts to thwart active phishing and man-in-the-middle attacks. TAO combined with AKE provides mutual authentication and strong, three-factor user authentication.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Both ITU-T X.1035: Password-Authenticated Key Exchange (PAK) protocol (2007) and ISO/IEC 11770-4:2006 Information technology—Security techniques—Key management—Part 4: Mechanisms based on weak secrets standardize PAKE techniques.
References
Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: Universal Access in Human-Computer Interaction., Design Methods, Tools, and Interaction Techniques for Inclusion, 8009, pp. 195–204. Springer, Berlin (2013)
Griffin, P.H.: Biometric Knowledge extraction for multi-factor authentication and key exchange. Complex adaptive systems proceedings. Procedia Comput. Sci. 61, 66–71(2015) (Elsevier B.V)
Griffin, P.H.: Transport layer secured password-authenticated key exchange. Inf. Syst. Secur. Assoc. J. 13(6) (2015)
Griffin, P.H.: Telebiometric security and safety management. In: Proceedings of ITU Kaleidoscope Conference—Building Sustainable Communities (2013)
Griffin, P.H.: U.S. Patent Number 8,289,135. Washington, DC
X9 Financial Services. ANSI X9.117 Secure Remote Access—Mutual Authentication (2012)
Griffin, P.H.: Telebiometric authentication objects. Complex adaptive systems proceedings. Procedia Comput. Sci. 36, 393–400 (2014) (Elsevier B.V)
Griffin, P.H.: Security for ambient assisted living—multi-factor authentication in the internet of things. In: IEEE Global Communications (GLOBECOM), IoT Ambient Assisted Living Workshop (IoTAAL), San Diego, California (2015)
International organization for standardization. ISO 19092—Financial services—Biometrics—Security framework (2008)
Larmouth, J.: ASN.1 Complete. Morgan Kaufmann, Burlington (2000)
Alsaid, A., Mitchell, C.: Preventing phishing attacks using trusted computing technology. In: Proceedings of the 6th International Network Conference (INC’06), pp. 221–228 (2006)
Manulis, M., Stebila, D., Denham, N.: Secure modular password authentication for the web using channel bindings. In: Chen, L., Mitchell, C. (eds.) Security Standardisation Research: First International Conference, SSR 2014, London, UK, December 16–17, 2014. Proceedings, vol. 8893, pp. 167–189. Springer International Publishing (2014)
Pour, B.: ‘There’s a Metric for that’: How ‘Big Data’ Impacts Biometrics Market and Industry (2012)
Fong, S., Zhuang, Y., Fister, I.: A biometric authentication model using hand gesture images. Biomed. Eng. Online 12(1), 111 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Griffin, P.H. (2016). Biometric-Based Cybersecurity Techniques. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-41932-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41931-2
Online ISBN: 978-3-319-41932-9
eBook Packages: EngineeringEngineering (R0)