Robust Biometric Based Key Agreement and Remote Mutual Authentication

Biometric-based authentication is widely accepted as a reliable form of authentication compared to other traditional schemes. However, the open nature of remote authentication makes biometric systems vulnerable to replay and other remote fraudulent attacks. Therefore, the deployment of such systems for remote authentication is still very limited. This paper proposes a biometric-based multi-factor scheme to be used for key agreement and remote mutual authentication between two parties over an open network. The scheme properly combines biometrics with a PIN and a token to achieve high level of security and robustness. The proposal involves the use of random orthonormal projection and biometric key binding techniques, and relies on a mutual challenge/response to prevent replay attacks and provide non-repudiation feature. We present implementation details and simulation results of a possible usage scenario of our proposal based on face biometric. Finally, we argue that the proposed scheme enhances security while it can be both user-friendly and cost-effective e.g. it uses available sensors and resources with no extra cost.