Contact: Greg Ganger
Biometric authentication promises to distinguish between users based on measurements of their physical features, something that a user is. Traditional authentication has relied on passwords and physical tokens, secrets a user knows or objects a user has. This difference poses several issues that must be handled when implementing biometric authentication systems. Consider, for example, that fingerprints are not secrets: anyone can capture them from a surface with the correct tools. Since biometrics are mostly public information, care must be taken to ensure that measured values can be securely traced back to the time and location of observation. Other issues related to implementing these systems, such as computational expense, lack of "yes" and "no" evaluation results, and privacy risks, are explored in our research.
To explore these design challenges, we have extended authentication on a Linux system with face recognition by a "smart" camera system. At initial login, a password check is performed. Additionally, a new PAM module communicates with the camera system and verifies the face of the user logging in as matching a stored image. After passing these tests, an authentication daemon on the Linux system periodically queries the camera to determine if the initial user is still present. All communication between the camera and protected system is cryptographically secured, ensuring authenticity and integrity of messages. Offloading the computation of biometric algorithms and the storage of the biometric database from the client system onto the camera system allows the client to concentrate on providing services to users.
B. V. K. Vijaya Kumar
Andrew J. Klosterman
Fu Jie Huang
Trista Pei-chun Chen
- Position Summary: Authentication Confidences. Gregory R.
Ganger. Appears in HotOS-VIII (IEEE Workshop on Hot Topics in Operating
Systems), May 2001.
Abstract / Postscript [66K] pdf format [16K]
- Authentication Confidences Gregory R. Ganger. CMU SCS Technical
Report CMU-CS-01-123, May 2001.
Abstract / Postscript [335K] pdf format [42K]
- Secure Continuous Biometric-Enhanced Authentication Andrew
J. Klosterman and Gregory R. Ganger. CMU SCS Technical Report CMU-CS-00-134,
Abstract / Postscript [1.1M] pdf format [245K]
This material is based on research sponsored by the Air Force Research Laboratory, under agreement number F49620-01-1-0433. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Air Force Research Laboratory or the U.S. Government.
We thank the members and companies of the PDL Consortium: Broadcom, Ltd., Citadel, Dell EMC, Google, Hewlett-Packard Labs, Hitachi Ltd., Intel Corporation, Microsoft Research, MongoDB, NetApp, Inc., Oracle Corporation, Samsung Information Systems America, Seagate Technology, Tintri, Toshiba, Two Sigma, Veritas and Western Digital for their interest, insights, feedback, and support.