BASE: A proposed secure biometric authentication system

Abstract

The use of biometrics as a secure remote authentication mechanism is hindered by a series of issues. In the case of fingerprints, an attacker can make physical copies of fingerprints by 'lifting' latent fingerprints off a non-porous surface. These lifted fingerprints can be used to illegitimately gain access to an authentication system. Password authentication systems only accept passwords that match 100%, whereas biometric authentication systems match submitted tokens provided they fall within a specified threshold. Without making use of a sufficient encryption scheme, illegitimately replaying a biometric token that has been tweaked slightly could still cause the authentication system to accept the submitted biometric token as a fresh biometric. BASE (Biometric Authentication System Entity), the proposed system, provides a solution to these challenges. As an alternative to current remote authentication systems, the BASE system utilizes a communication protocol that does not make use of encryption, passwords or timestamps, whilst still maintaining the security of the remote authentication process. © 2008 International Federation for Information Processing.