Secure fingerprint authentication system on an untrusted computing environment

In this paper, we propose a secure and scalable solution for user authentication by using fingerprint verification on the sensor-client-server model, even with the client that is not necessarily trusted by the sensor holder or the server. In a typical implementation of fingerprint verification on the sensor-client-server model, the most time consuming step of the fingerprint verification, i.e., feature extraction, is assigned to a client because of real-time, scalability, and privacy issues. Compared to either a sensor or a server, however, the client connected to an open network and maintained by an individual user may be more vulnerable to Trojan Horse attacks. To protect Trojan Horse attacks launched at the untrusted client, our protocol has the fingerprint sensor to validate the result computed by the client for the feature extraction. However, the validation should be simple so that the resource-constrained fingerprint sensor can validate it in real-time. To solve this problem, we separate the feature extraction into binarization and minutiae extraction, and assign the time-consuming binarization to the client. After receiving the result of binarization from the client, the sensor conducts a simple validation algorithm to check the result, and then performs minutiae extraction and sends the extracted minutiae to the server. Based on the experimental results, the proposed solution for fingerprint verification can be performed on the sensor-client-server model securely, scalablely, and in real-time with the aid of an untrusted client.