SECURE CONTINUOUS
BIOMETRIC-ENHANCED AUTHENTICATION
Contact: Greg Ganger
Biometric authentication promises to distinguish between users based on measurements of their physical features, something that a user is. Traditional authentication has relied on passwords and physical tokens, secrets a user knows or objects a user has. This difference poses several issues that must be handled when implementing biometric authentication systems. Consider, for example, that fingerprints are not secrets: anyone can capture them from a surface with the correct tools. Since biometrics are mostly public information, care must be taken to ensure that measured values can be securely traced back to the time and location of observation. Other issues related to implementing these systems, such as computational expense, lack of "yes" and "no" evaluation results, and privacy risks, are explored in our research.
To explore these design challenges, we have extended authentication on a Linux system with face recognition by a "smart" camera system. At initial login, a password check is performed. Additionally, a new PAM module communicates with the camera system and verifies the face of the user logging in as matching a stored image. After passing these tests, an authentication daemon on the Linux system periodically queries the camera to determine if the initial user is still present. All communication between the camera and protected system is cryptographically secured, ensuring authenticity and integrity of messages. Offloading the computation of biometric algorithms and the storage of the biometric database from the client system onto the camera system allows the client to concentrate on providing services to users.
People
FACULTY
Greg Ganger
Tsuhan
Chen
B. V.
K. Vijaya Kumar
STUDENTS
Andrew J. Klosterman
Xiaoming Liu
Fu Jie Huang
Trista Pei-chun Chen
Publications
- Position Summary: Authentication Confidences. Gregory R.
Ganger. Appears in HotOS-VIII (IEEE Workshop on Hot Topics in Operating
Systems), May 2001.
Abstract / Postscript [66K] pdf format [16K]
- Authentication Confidences Gregory R. Ganger. CMU SCS Technical
Report CMU-CS-01-123, May 2001.
Abstract / Postscript [335K] pdf format [42K]
- Secure Continuous Biometric-Enhanced Authentication Andrew
J. Klosterman and Gregory R. Ganger. CMU SCS Technical Report CMU-CS-00-134,
May 2000.
Abstract / Postscript [1.1M] pdf format [245K]
Links
Acknowledgements
This material is based on research sponsored by the Air Force Research Laboratory, under agreement number F49620-01-1-0433. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Air Force Research Laboratory or the U.S. Government.
We thank the members and companies of the PDL Consortium: Actifio, American Power Conversion, EMC Corporation, Emulex, Facebook, Fusion-io,Google, Hewlett-Packard Labs, Hitachi, Huawei Technologies Co., Intel Corporation, Microsoft Research, NEC Laboratories, NetApp, Inc., Oracle Corporation, Panasas, Riverbed, Samsung Information Systems America, Seagate Technology, STEC, Inc., Symantec Corporation, VMware, Inc., and Western Digital for their interest, insights, feedback, and support.