Integration of PKI and Fingerprint for User Authentication

  • Shin, Sam-Bum (Interdisciplinary Program of Information Security, Pukyong National University) ;
  • Kim, Chang-Su (Interdisciplinary Program of Information Security, Pukyong National University) ;
  • Chung, Yong-Wha (Department of Computer Information, Korea University)
  • Published : 2007.12.30

Abstract

Although the PKl-based user authentication solution has been widely used, the security of it can be deteriorated by a simple password. This is because a long and random private key may be protected by a short and easy-to-remember password. To handle this problem, many biometric-based user authentication solutions have been proposed. However, protecting biometric data is another research issue because the compromise of the biometric data will be permanent. In this paper, we present an implementation to improve the security of the typical PKI-based authentication by protecting the private key with a fingerprint. Compared to the unilateral authentication provided by the typical biometric-based authentication, the proposed solution can provide the mutual authentication. In addition to the increased security, this solution can alleviate the privacy issue of the fingerprint data by conglomerating the fingerprint data with the private key and storing the conglomerated data in a user-carry device such as a smart card. With a 32-bit ARM7-based smart card and a Pentium 4 PC, the proposed fingerprint-based PKI authentication can be executed within 1.3second.