A Secure Fingerprint Authentication Protocol

Anongporn Salaiwarakul


This article proposes authentication specifications and a framework for the fingerprint authentication in the circumstance that the presentation of the user’s biometric information is not supervised. The specifications of the security properties are to certify that the liveness of the user’s fingerprint information is confirmed and that the intention of the user’s authentication is not manipulative or illegal. The framework for compliance with the specification of the fingerprint authentication protocol is proposed. Liveness detection by the fingerprint reader is considered to be essential in these situations. Cryptography and the fresh random number, nonce, are included in the framework. Analysis of the authentication framework shows that the proposed security properties are confirmed, the user’s biometric data is secured and the user’s intention of authentication is preserved.


Biometric; Fingerprint Authentication Protocol; Fingerprint Authentication Specification; Security Protocol;

Full Text:



M. Barbosa, et al., "Secure biometric authentication with improved accuracy" in ACISP, New York:Springer, vol. 5107, pp. 21-36, 2008.

D. Hartung, C. Busch, “Biometric Transaction Authentication Protocol, in Proc. of int. Conf. on Emerging Security Information, Systems, and Technologies, 2010, pp. 207–215.

E. Syta,et al., ”Private Eyes: Secure Remote Biometric Authentication,” in Proc. 12th Int. Joint Conf. on e-Business and Telecommunications (ICETE), Colmar, France 2015, pp. 243-250.

A. K. Jain, et al., “Biometrics: A grand challenge,” in Proc. 17th Int. Conf. on Pattern recognition, Cambridge, UK, 2004, pp. 935–942.

S.M. Mudholkar, P.M. Shende, M.V. Sarode, “Biometrics authentication technique for intrusion detection systems using fingerprint recognition,” Int. J. Computer Science, Engineering and Information Technology, vol.2, no.1, pp. 57-65, 2012.

G. Lowe, “Breaking and fixing the Needham-Schroeder public-key protocol using FDR,” in Proc. 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems, London, UK, 1996, pp. 147–166.

G. Lowe, “Towards a completeness result for model checking of security protocols,” J. Computer Security, vol. 7, no.2-3, pp.89-146, 1999.

A. Armando, et al., “The AVISPA tool for the automated validation of Internet security protocols and applications,” in Proc. 17th Int. Conf. Computer Aided Verification, Scotland, UK, 2005, pp.281–285.

B. Blanchet, B. Smyth, “ProVerif 1.93: Automatic cryptographic protocol verifier, user manual and tutorial,” [Internet] [cited June 2016], Available from : https://www.bensmyth.com/publications/2010-ProVerif-manualversion-1.93/.

C. Cremers, “The Scyther tool”, [Internet] [cited June 2016], Available from : https://www.cs.ox.ac.uk/ people/cas.cremers/scyther/.

T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, “Impact of Artificial Gummy Fingers on Fingerprint Systems,” in Proc. SPIE Vol.4677. Optical Security and Counterfeit Deterrence Techniques IV, CA, USA, 2002, pp. 1-18.

A. Ross, A.K. Jain, “Biometrics : When Identity Matters,” in Advance in biometric person authentication, 1st ed., Guangzhou: Springer Berlin Heidelberg, 2004, pp. 1-2.

Tusted Computing Group. TPM main specification [Internet] [cited June 2016], Available from : http://www.trustedcomputinggroup.org/tpm-main-specification/.

D. Dolev, A.C. Yao, “On the Security of Public Key Protocols,” IEEE Trans.Information Theory, vol. 29, no.2, pp. 198-208, 1983.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

ISSN: 2180-1843

eISSN: 2289-8131