Question

A variation of the following biometric authentication protocol was experimentally tested several years ago at immigration checkpoints in major U.S. airports. A user registers in person by showing his credentials (e.g., passport and visa) to the registration authority and giving his fingerprint (a "palmprint" was actually used). The registration authority then issues to the user a tamper-resistant smartcard that stores the reference fingerprint vector and can execute the matching algorithm. The checkpoint is equipped with a tamper-resistant admission device that contains a fingerprint reader and a smartcard reader. The user inserts his smartcard and provides his fingerprint to the device, which forwards it to the smartcard. The smartcard executes the comparison algorithms and outputs the result ("match" or "not match") to the device, which admits or rejects the user accordingly. Clearly, an attacker can defeat this scheme by programming a smartcard that always outputs "match." Show how to modify the scheme to make it more secure. The admission device needs to make sure that it is interacting with a valid smartcard issued by the registration authority. You can assume that the smartcard can perform cryptographic computations. The attacker can program smartcards and is allowed to have an input-output interaction with a valid smartcard but cannot obtain the data stored inside it.

Answer 1

There are several valid solutions. One solution is to have the registration au thority give the smartcard a copy of the reference fingerprint signed by the registration authority, and then have the fingerprint comparison performed by the admission device, not the smartcard. In this way, the admission authority knows the reference fingerprint is valid (by checking the RA's signature on it) and that the person's fingerprint matches.

Another solution is to have the registration authority issue public/private key pairs to each valid smartcard and additionally give it a signed copy of this public key. When a smartcard is inserted, it gives the admission authority its (signed) public key, which the admission authority validates. Then, when the admission authority reads the fingerprint, it encrypts it using this smart-card's public key and sends this cipher text to the smart-card. The smart card then responds with the match or no-match response, along with a decrypted version of the fingerprint cipher-text that was just sent by the admission authority. In this way, the admission authority is assured that the smart-card has a valid public/private key pair and that it knows its associated private key (since it used it to decrypt the fingerprint); hence, the admission authority can have a higher degree of trust that the smartcard performed a valid test on the fingerprint.

Step-by-step explanation:

Please check the attached for a flow architecture