KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Framework for Secure Biometric System Design on Smartphones

스마트폰 상의 안전한 바이오인식 시스템 설계를 위한 프레임워크

  • 임종혁 (인하대학교 컴퓨터정보공학과) ;
  • 권희용 (인하대학교 컴퓨터정보공학과) ;
  • 이문규 (인하대학교 컴퓨터정보공학과)
  • Received : 2015.12.23
  • Accepted : 2016.02.26
  • Published : 2016.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

Fast growth of smartphone technology and advent of Fintech enabled smartphones to deal with more sensitive information. Although many devices applying biometric technology are released as a step for protecting sensitive information securely, there can be potential vulnerabilities if security is not considered at the design stage of a biometric system. By analyzing the potential vulnerabilities, we classify threats in biometric system design process on smartphones and we propose the design requirements for solving these problems. In addition, we propose a framework for secure biometric system design on smartphone by synthesizing the design requirements.

최근 스마트폰 기술의 빠른 발전과 핀테크의 등장으로 스마트폰은 더욱 많은 민감한 정보를 다루게 되었다. 이 같은 민감한 정보를 안전하게 보호하는 수단으로 바이오인식 기술이 적용된 다양한 기기들이 출시되고 있으나, 바이오인식 시스템 설계 시 보안을 고려하지 않을 경우 잠재적인 취약점이 존재할 수 있다. 이에 본 논문에서는 잠재적인 취약점의 분석을 통해 스마트폰 상의 바이오인식 시스템 설계 과정에서 주의할 점을 분류하고, 이를 해결하기 위한 설계 요구사항을 제시한다. 또한, 설계 요구사항을 종합하여 안전한 스마트폰 바이오인식시스템 설계를 위한 프레임워크를 제시한다.

Keywords

References

  1. J.-H. Im and M.-K. Lee, "Requirement for Secure Biometric System Design on Smartphones," Proceedings of Korea Information Processing Society Fall Conference, Vol.22, No.2, pp.870-871, 2015.
  2. Korea Internet & Security Agency (KISA), "Ten industrial issue in internet and information security 2015," INTERNT & SECURITY FOCUS, pp.25-16, 2015.
  3. U. Uludag, S. Pankanti, S. Prabhakar and A. K. Jain, "Biometric Cryptosystems: Issues and Challenges," in Proc. IEEE, Vol.92, pp.948-960, 2004. https://doi.org/10.1109/JPROC.2004.827372
  4. N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM Systems Journal, Vol.40, No.3, pp.614-634, 2001. https://doi.org/10.1147/sj.403.0614
  5. S. Gibbs, HTC stored user fingerprints as image file in unencrypted folder [Internet], http://www.theguardian.com/tech nology/2015/aug/10/htc-fingerprints-world-readable-unencrypted-folder.
  6. Y.-H. Jo, S.-Y. Jeon, J.-H. Im, and M.-K. Lee, "Vulnerability Analysis on Smartphone Fingerprint Templates," Futuretech 2015, p.9, 2015.
  7. R. X. Cringely, Show of hands: Who hasn't hacked Apples's Touch ID? [Internet], http://www.infoworld.com/article/2612275/cringely/show-of-hands-who-hasn-t-hacked-apple-s-touch-id-.html.
  8. A. K. Jain, Y. Chen, and M. Demirkus, "Pores and Ridges: High-Resolution Fingerprint Matching Using Level 3 Features," IEEE Tranactions on Pattern Analysis and Machine Intelligence, Vol.21, No.1, pp.15-27, 2007.
  9. FIDO alliance, FIDO UAF Authenticator Commands v1.0 [Internet], https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-authnr-cmds-v1.0-ps-20141208.html#bib-UAFProtocol.
  10. N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, "Generating Cancelable Fingerprint Templates," IEEE Tranactions on Pattern Analysis and Machine Intelligence, Vol.29, No.4, pp.561-572, 2007. https://doi.org/10.1109/TPAMI.2007.1004
  11. United States Department of Defense, DoD 5220.22-M, Operating Manual [Internet], https://www.fas.org/sgp/library/nispom/nispom2006.pdf.
  12. R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, "Physical one-way functions," Science, Vol.297, pp.2026-2030, 2002. https://doi.org/10.1126/science.1074376
  13. G. E. Suh and S. Devadas, "Physical Unclonable Functions for Device Authentication and Secret Key Generation," Design Automation Conference 2007. 44th ACM/IEEE, pp. 9-14, 2007.
  14. ARM, ARM Cortex-A8 Technical Reference Manual [Internet], http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/DDI0344K_cortex_a8_r3p2_trm.pdf.
  15. J. Ho, B Chester, C. Heinonen, and R. Smith, A8: Apple's First 20nm SoC [Internet], http://www.anandtech.com/show/8554/the-iphone-6-review/2.
  16. Qualcomm, Snapdragon 810 Processor Specification [Internet], https://www.qualcomm.com/products/snapdragon/processors/810.
  17. Samsung Exynos, Solution Overview [Internet], http://www.samsung.com/semiconductor/minisite/Exynos/w/solution.html#?v=overview.
  18. Y. Piao, J. Jung, and J. Yi, "Structural and functional analysis of ProGuard obfuscation tool," The Journal of Korean Institute of Communications and Information Sciences, Vol.38, No.08, pp.654-662, 2013.
  19. Guardsquare, ProGuard [Internet], http://proguard.sourceforge.net.
  20. Guardsquare, DexGuard [Internet], http://www.guardsquare.com/dexguard.
  21. OREANS, Themida [Internet], http://www.oreans.com/.
  22. S.-Y. Jeon, J.-H. Im, Y.-H. Jo, and M.-K. Lee, "Potential Vulnerabilities and Solutions of Biometric Authentication on Smartphones," The 25th Joint Conference on Communications and Information, D1, 2015.
  23. Samsung, KNOX Apps [Internet], https://www.samsungknox.com/en/products/knoxworkspace/features/apps.
  24. P. Ning, "About rooting Samsung KNOX-enabled devices and the KNOX warranty void bit," Samsung KNOX, https://www.samsungknox.com/ko/blog/aboutrooting-samsung-knox-enabled-devices-and-knox-warranty-void-bit.
  25. ISO/IEC 9797-1 Std., "Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher," ISO, 2011.
  26. D. F. Smith, A. Wiliem and B. C. Lovell, "Face Recognition on Consumer Devices: Reflections on Replay Attacks," IEEE Transaction on Information Forensics and Security, Vol.10, No.4, pp.736-745, 2015. https://doi.org/10.1109/TIFS.2015.2398819
  27. M. Vatsa, R. Singh, A. Noore, M. M. Houck, and K. Morris, "Robust biometric image watermarking for fingerprint and face template protection," IEICE Electonic Express, Vol.3, No.2, pp.23-28, 2006. https://doi.org/10.1587/elex.3.23
  28. M. Krieg and N. Rogmann, "Liveness Detection in Biometrics," Biometrics Special Interest Group (BIOSIG), 2015 International Conference of the, pp.1-14, 2015.