Secure Continuous Biometric-Enhanced Authentication

System Overview

Biometric authentication promises to distinguish between users based on measurements of their physical features, something that a user is. Traditional authentication has relied on passwords and physical tokens, secrets a user knows or objects a user has. This difference poses several issues that must be handled when implementing biometric authentication systems. Consider, for example, that fingerprints are not secrets: anyone can capture them from a surface with the correct tools. Since biometrics are mostly public information, care must be taken to ensure that measured values can be securely traced back to the time and location of observation. Other issues related to implementing these systems, such as computational expense, lack of "yes" and "no" evaluation results, and privacy risks, are explored in our research.

To explore these design challenges, we have extended authentication on a Linux system with face recognition by a "smart" camera system. At initial login, a password check is performed. Additionally, a new PAM module communicates with the camera system and verifies the face of the user logging in as matching a stored image. After passing these tests, an authentication daemon on the Linux system periodically queries the camera to determine if the initial user is still present. All communication between the camera and protected system is cryptographically secured, ensuring authenticity and integrity of messages. Offloading the computation of biometric algorithms and the storage of the biometric database from the client system onto the camera system allows the client to concentrate on providing services to users.



Greg Ganger
Tsuhan Chen
B. V. K. Vijaya Kumar


Andrew J. Klosterman
Xiaoming Liu
Fu Jie Huang
Trista Pei-chun Chen


  • Position Summary: Authentication Confidences. Gregory R. Ganger. Appears in HotOS-VIII (IEEE Workshop on Hot Topics in Operating Systems), May 2001.
    Abstract / Postscript [66K] pdf format [16K]

  • Authentication Confidences Gregory R. Ganger. CMU SCS Technical Report CMU-CS-01-123, May 2001.
    Abstract / Postscript [335K] pdf format [42K]

  • Secure Continuous Biometric-Enhanced Authentication Andrew J. Klosterman and Gregory R. Ganger. CMU SCS Technical Report CMU-CS-00-134, May 2000.
    Abstract / Postscript [1.1M] pdf format [245K]