Secure Biometric-Based Authentication for Cloud Computing

Transcription

1 Secre Biometric-Based Athentication for Clod Compting Kok-Seng Wong * and Myng Ho Kim School of Compter Science and Engineering, Soongsil University, Sangdo-Dong Dongjak-G, Seol Korea {kswong,kmh}@ss.ac.kr Abstract. Over the past several years, many companies have gained benefits from the implementation of clod soltions within the organization. De to the advantages sch as flexibility, mobility, and costs saving, the nmber of clod sers is expected to grow rapidly. Conseqently, organizations need a secre way to athenticate its sers in order to ensre the fnctionality of their services and data stored in the clod storages are managed in a private environment. In the crrent approaches, the ser athentication in clod compting is based on the credentials sbmitted by the ser sch as password, token and digital certificate. Unfortnately, these credentials can often be stolen, accidentally revealed or hard to remember. In view of this, we propose a biometric-based athentication protocol to spport the ser athentication for the clod environment. Or soltion can be sed as the second factor for the clod sers to send their athentication reqests. In or design, we incorporate several players (client, service agent and service provider) to collaborate together to perform the matching operation between the qery featre vector and the biometric template of the ser. In particlar, we consider a distribted scenario where the biometric templates are stored in the clod storage while the ser athentication is performed withot the leakage of any sensitive information. Keywords: Biometric-based Athentication, Clod Athentication System, Privacy Preserving Sqared Eclidean Distance, Data Protection. 1 Introdction Clod compting is an emerging technology which allows sers to reqest for services and resorces from their service providers in an on-demand environment. It is a complex yet resorce saving infrastrctre for today s modern bsiness needs, providing the means throgh which services are delivered to the end sers via Internet access. In the clod environment, sers can access services based on their needs withot knowing how the services are delivered and where the service are hosted. The US National Institte of Standards and Technology (NIST) has defined clod compting as follows [1]: Clod compting is a model for enabling biqitos, convenient, on-demand network access to a shared pool of configrable compting * This work was spported by the Soongsil University Research Fnd. I. Ivanov et al. (Eds.): CLOSER 2012, CCIS 367, pp , Springer International Pblishing Switzerland 2013

2 Secre Biometric-Based Athentication for Clod Compting 87 resorces (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Hardware devices, software, storage and network infrastrctre are made available to ser throgh Internet access. Rather than prchasing expensive bt powerfl resorces, sers lease these resorces from the service providers. With clod compting, ser can access the services via Internet access regardless of time and location. They also get rid of software installation in their local machine and able to enjoy high availability of services. Frthermore, high efficiency and fast deployment benefits are also the attractions for company and individal who moves to clod services. De to the advantages sch as flexibility, mobility, and costs saving, the nmber of clod ser has increased tremendosly. Indstry analysts have made projections that entire compting indstry will be transformed into Clod environment [2]. In this Clod-driven era, secrity and privacy concerns are becoming growing problems for the ser and the service provider. User athentication is often the key isse in the Clod environment. It is an important operation for the service provider to verify who can access their services and to identify the grop of each ser. Some commonly sed athentication services inclde Kerberos [3] and OpenID [4]. The service provider athenticates its sers based on the credential sbmitted sch as password, token and digital certificate. Unfortnately, these credentials can often be stolen, accidentally revealed or hard to remember. In view of this, we propose a biometric-based athentication protocol that can be sed as the second factor for the clod sers to send their athentication reqests. Biometric athentication can improve the qality of athentication (QοA) in clod environment. Or soltion ensres both secrity in the athentication and the privacy protection for all sensitive information. 1.1 Problem Statement Clod compting is becoming an emerging technology in many organizations especially those who reqire extra resorces (i.e., processing power and storage) with a lower cost. Recently, the adoption of clod services within the organization raises a significant secrity concerns among data owners when the data stored in the clod are sensitive data to the pblic or shared environment. For example, the cstomer details are considered as sensitive data to the company and the data owner. The leakage of sensitive information will compromise the individal privacy and allows the competitors to gain the competitive advantages. Therefore, ser athentication for clod compting is becoming important and need to be addressed when considering sensitive data. In this paper, we consider the ser athentication for clod compting in a distribted environment where the biometric templates of the sers are stored in the clod storage. To verify a ser, several players will collaborate together to compare the qery featre vector of the ser and the template stored in the clod storage. Biometric templates are niqely representing strong identity information of its owner. Althogh it provides a higher degree of secrity as compared with password or secrity token, it cold be stolen or exchanged. Hence, we mst be carefl when

3 88 Kok-Seng Wong * and Myng Ho Kim dealing with the biometric data. There are several concerns shold be addressed sch as which party the biometric data can be revealed and whether the biometric matching operation is performed by the athentication server or the external trsted party. It is therefore clear that designing a privacy preserved protocol to spport the biometric matching operation wold have a great impact on the template protection and preventing the leakage of biometric featre vector. 1.2 Organization The rest of this paper is organized as follows: The backgrond for this research is in Section 2 and the technical preliminaries are described in Section 3. We present or proposed soltion in Section 4 followed by the analysis in Section 5. Or conclsion is in Section 6. 2 Backgrond 2.1 Clod Compting Models Clod services are delivered in three fndamental models [5]: Infrastrctre as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). IaaS is the lowest level which is closest to the hardware devices whereas, SaaS is the highest level that provides services to the end-sers. The Amazon web service is one type of IaaS which has been widely sed since 2006 while the Salesforce.com CRM system is an example of SaaS. PaaS level provides an application platform in the clod. Windows Azre platform is one example of PaaS which enable the developers to bild, host and scale their applications in the Microsoft data centers. Recently, a new concept called Everything as a Service (XaaS) has been adopted as the new trend in clod compting. Several vendors sch as Microsoft and Hewlett Packard [6] have been associated with it. Biometric Athentication as a Service (BioAaaS) has been defined as an approach for strong athentication in web environments based on the SaaS model [7]. 2.2 User Athentication When performing athentication over the Internet, credential will be sbmitted by the principal (the ser, machine, or service reqesting access) [8]. If the credentials match, the ser is allowed to access the services it sbscribed from the service providers. In this paper, we only consider ser as the principal who sbmits its credential for athentication over the clod. There are several types of credential the sers can sbmit as proof of their identity. Shared-key is typically password sed protocols sch as Password Athentication Protocol (PAP) [9] and Challenge Handshake Athentication Protocol (CHAP) [10].

4 Secre Biometric-Based Athentication for Clod Compting 89 Fig. 1. General design for biometric-based athentication systems Digital certificate is second type of credential which can provide strong athentication in the clod environment. It is an electronic docment which ses a trsted Certificate Athority (CA) to blind the encryption key with an identity [11]. Decryption key is the only way to validate the signed certificate. Another type of credential is the commonly sed one-time-password (OTP) [12, 13]. The end-ser obtains the OTP from the token (hardware or software) dring the login time. The token can generate a randomized password string based on a complex algorithm in real time. Since the password generated is niqe and can only be sed once, OTP is possible to be sed in the Clod environment. For example, Amazon Web Services (AMW) has already started to se its OTP token for se with individal AWS acconts [14]. Recently, a German company BioID proposes the world s first biometric athentication service for clod compting [15]. In their soltion, biometric athentication as a service (BaaS) has been proposed to provide single sign-on for ser athentication. 2.3 Biometric-Based Athentication Biometric characteristics sch as iris patterns, face, fingerprints, palm prints and voice will be sbmitted by the ser as the credential for athentication over the clod. Biometric-based athentication systems provide a higher degree of secrity as compared with conventional athentication systems. Frthermore, it allows the system to keep track of the ser s activities becase individal biometric characteristics cannot be shared with others. Generally, biometric athentication systems consist of five modles, namely, the biometric sensor, featre extractor, template storage, matching modle, and the decision modle. Fig. 1 illstrates the general design for the biometric-based athentication systems. Dring the enrolment process, the biometric sensor scans the biometric traits of the ser while the featre extractor extracts the featre vector from the scanned biometric data. The featre vector is then stored in the template storage. At the verification stage, the biometric sensor and the featre extractor perform the same tasks as in the enrolment process. However, the extracted featre vector

5 90 Kok-Seng Wong * and Myng Ho Kim (qery featre vector) will not be stored in the storage. Instead, it will be sed by the matching modle to compare with the templates stored in the storage. The matching operation otpts a similarity score which will be sed by the decision modle in making the decision (accept or reject). The matching reslt is then compares with a threshold vale determined by the system administrator. Biometric matching is the key operation in the biometric-based athentication systems to verify the sers. In practical, the same biometric trait will not prodce two identical featre vectors de to some noises or variations in the ser s interaction with the biometric sensor. Hence, the biometric-based systems do not necessary to have perfect match as reqired in the password-based athentication systems. The distance between two featre vectors originating from the same ser is typically greater than zero (zero distance means both featre vectors are identical). 3 Technical Preliminaries In this section, we describe some technical preliminaries for or protocol design. 3.1 Definition Secrity Definition. In a generic sense, secrity is the prevention of nathorized party from gaining access to confidential information and system resorces. A secre athentication system needs to ensre only the athorized sers can access to the system. Therefore, we mst prevent any adversary party from impersonate as an enrolled ser in or soltion. Or protocol is secre if no adversary party can gain access to the sensitive information. Hereafter in this section, we refer sensitive information as the biometric featre vectors (i.e., template and qery featre vector), the verification code, and the shffle protocol. Dring the athentication process, the protocol mst prevents the adversary party from reconstrcting the original featre vector of the ser based on the verification code and the template stored in the clod. Also, the network intrder who watches the traffic on the network mst not learn any sensitive information. Privacy Definition. Information or data privacy is referring to the ability of an individal or system to prevent the leakage of any sensitive information to any nathorized party. A privacy-preserved system shold ensre that nathorized party does not improperly access confidential information. In this paper, we particlarly consider the privacy isses on the biometric template and the verification code protections. The intermediate reslt dring the athentication process shold not leak any sensitive information and the decision modle shold not be able to distingish whether two athentication reqests belong to the same ser.

6 Secre Biometric-Based Athentication for Clod Compting Homomorphic Cryptosystem In this paper, we will tilize the additive property of the homomorphic cryptosystem (i.e., Paillier [16]) in or protocol. Let E ( ) a m 1 denote the encryption of message m 1 with encryption key, E a. The scheme spports the following operations in an encrypted form: Addition: Given two ciphertexts E ( ) a m 1 and E ( ) a m 2, there exists an efficient algorithm + h to compte Ea ( m1 + m2). Scalar mltiplication: Given a constant c and a ciphertext E ( ) a m 1, there exists an efficient algorithm to compte h E ( ) a c m1. Note that when a scheme spports the additive operation, it also spports scalar mltiplication becase E ( ) a c m1 can be achieved by smming E ( ) a m 1 sccessively c times. By sing the homomorphic cryptosystem, we can compte the additive operation directly on the encrypted data withot the decryption. This is a sefl featre becase the biometric template stored in the server does not reqire decryption dring the matching operation. 3.3 Notations Used In Table 1, we smmarize all the notations sed hereafter in this paper. X Y X Y X Y π Table 1. Common notations sed original featre vector extracted from the ser dring the enrolment process original featre vector extracted from the ser dring the verification process transformed vector dring the enrolment process transformed vector dring the verification process shffled vector dring the enrolment process shffled vector dring the verification process shffle protocol for the ser U x i i -th element of X y i i -th element of Y s n m sqared Eclidean distance length of the original featre vector length of the verification code k length of the transformed vector where, k = n+ m+ 4 TID template identification nmber VID verification code identification nmber E encryption key from the ser U

7 92 Kok-Seng Wong * and Myng Ho Kim D E p D p Table 1. Common notations sed (cont.) decryption key from the ser U encryption key from the service provider decryption key from the service provider E pk () encryption operation by sing the E pk D pk () decryption operation by sing the D pk ω random non-zero nmber 4 Proposed Soltion In or soltion, the athentication process is based on two credential information: (1) ser s biometric featre vector and (2) the verification code. Both parts mst be combined, transformed, and shffled correctly in order for the ser to sccessfl athenticate. Like most existing biometric-based athentication systems, or soltion reqires matching between the qery featre vector (Q) and the biometric template (T). As shown in Fig. 2, the matching operation is spported by the service provider and the service agent over the clod environment. The similarity measre fnction sed in biometric matching is based on the characteristics of the biometric featre vector. For example, Hamming distance is sed for iris-based comparison while the sqared Eclidean distance has been sed in finger codes matching. We consider the latter as or measrement metric in this paper. 4.1 Components We now formally describe the players in or proposed soltion as follow: (as illstrated in Fig. 2): Fig. 2. Overview of or proposed soltion User: individal who sends the athentication reqest. Client: compter or workstation with Internet access. Service provider: company or organization who provides clod services (SaaS, PaaS or IaaS) to the ser.

8 Secre Biometric-Based Athentication for Clod Compting 93 Service agent: separate entity which helps to transform the biometric featre vector. Unlike the conventional biometric systems, the template is the transformed featre vector and will be stored in the clod storage. The qery featre vector is a transformed featre vector. Like most existing biometric-based athentication systems, or soltion consists of both the enrolment and the verification processes. In the following sections, we will describe in details the components and the athentication workflows of or soltion. The Client has the Following Components: Biometric sensor: scans the biometric traits of the ser. Featre extractor: extracts the featre vector from the scanned biometric data. Encryption modle: encrypts the transformed and shffled featre vector with the correct encryption key (i.e., encrypts with the ser s key dring the enrolment process). Decryption modle: decrypts the comptation otpt. The Service Agent Reqires the Following Components: Transformation modle: transforms the original featre vector and shffles the transformed featre vector. Verification code generator: generates niqe verification code for the ser. Verification code retrieval: retrieves the verification code for the ser. Verification codes storage: stores the verification code for each ser. The Service Provider Reqires the Following Components: Comptation modle: performs the sqared Eclidean distance ( s ) comptation between the qery featre vector and the template. Decision modle: making the final decision by comparing the s with the given threshold τ. Templates storage: stores the template of each ser. 4.2 Enrolment The objective of the enrolment process is to process the scanned biometric data and extract a set of featre vector to be stored as the template for the ser. The enrolment process is reqired for the new ser who wants to join the clod. A sccessfl enrolment process enables the ser to receive the TID and the VID Transformation Let X = { x1, x2,..., xn}, n > 0 and V = { v1, v2,..., v m }, m > 0 be the featre vector of the ser and the verification code generated, respectively. We transform X into

9 94 Kok-Seng Wong * and Myng Ho Kim E ( ) X X { TID, E ( X )} X V E ( ) V { VID, E ( V )} { i } Fig. 3. The overview of the enrolment process X = x i = 1, 2,..., n+ m+ 4 sch that xi = xi for 1 i n, xn+ j= vj for n 2 1 j m, x = x =, x = x and m x = v 2. n+ m+ 1 n+ m+ 2 1 n+ m+ 3 i= 1 i n+ m+ 4 j= 1 j Shffle Protocol We reqire a shffle protocol ( π ) to permte the order of elements in the transformed vector X. We se the same shffle protocol dring the verification process for the same ser Overview of the Enrolment Process We illstrate the overview of the enrolment process in Fig. 3 and the workflow as follow: 1. The biometric sensor scans the biometric trait of the ser. 2. The featre extractor processes the scanned biometric data to extract the featre vector of the ser, X = { x1, x2,..., x n }. 3. The featre extractor sends X to the transformation modle of the service agent. 4. The verification code generator of the service agent generates a niqe verification code V = { v, v 1 2,..., v m } for the ser. 5. The service agent comptes V = 2V and encrypts it by sing the encryption key of the ser. The encrypted data will be stored at the verification codes storage. 6. Next, the transformation modle transforms X into X. It shffles the transformed vector X i.e., X = π ( X ) before sending it to the encryption modle.

10 Secre Biometric-Based Athentication for Clod Compting The encryption modle encrypts X by sing the ser s encryption key. Finally, the client sends E ( X ) to the service provider. The service provider stores E ( X ) as the ser s template in the templates storage. 4.3 Verification When the ser wants to access data stored in the clod storages or ses the clod services, the ser mst be athenticated first. The verification process is responsible to verify the sers who they claim to be Transformation Let Y = { y1, y2,..., yn}, n > 0 and V = { v1, v2,..., v m }, m > 0 be the featre vector extracted from the ser and the verification code, respectively. The verification code sed mst be the same in both enrolment and verification processes. We transform Y into Y = { yi i = 1, 2,..., n+ m+ 4} sch that yi = 2yi for 1 i n, yn+ j= 2vj n 2 m 2 for 1 j m, yn+ m+ 1 = i= 1yi, yn+ m+ 2 = j= 1vj, yn+ m+ 3 = yn+ m+ 4 = 1. The length for Y mst be same as X which is k = n+ m Shffle Protocol We reqire the same shffle protocol sed in the enrolment process dring the verification process. The transformed featre vector Y needs to be shffled in the same order as X Overview of the Verification Process The workflow for the verification process is as follow (as illstrated in Fig. 4): 1. The biometric sensor scans the biometric trait of the ser. 2. The featre extractor processes the scanned biometric data to extract the featre vector of the ser, Y = { y1, y2,..., y n }. 3. The featre extractor sends Y to the transformation modle of the service agent. 4. Next, the service agent retrieves the verification code of the ser based on the ser s VID. 5. The verification code retrieval retrieves ( ) E V of the ser from the storage. 6. The transformation modle comptes D( E ( ) V ) and transforms Y into vector Y. Next, it shffles Y i.e., Y = π ( Y ) and sends Y to the encryption modle of the client. 7. The encryption modle encrypts Y with the service provider s encryption key E p. Next, the Ep ( Y ) is sent together with the TID to the comptation modle. 8. The comptation modle of the service provider retrieves E ( X ) from the templates storage which is associated with the TID.

11 96 Kok-Seng Wong * and Myng Ho Kim E ( ) X E ( ω s) TID E ( ) p Y { TID, E ( X )} Y E ( ) p ω s Y E ( V) { VID, E ( V )} Fig. 4. The overview of the verification process 9. If both E ( X ) and Ep ( Y ) have the same size, the comptation modle comptes: i. Decryption: Dp ( Ep( Y )) = Y ii. Scalar mltiplication: Y E ( X ) = E ( X Y) n m 4 iii. Homomorphic additive operation: E() s = E + + i= 1 ( xi yi ) ( ) iv. Add noise: ω E( s) = E( ω s), where ω is a random non-zero nmber. The comptation modle sends E ( ω s) to the client. 10. The decryption modle of the client decrypts E ( ω s) and then encrypts ω s with E p. Then, the decryption modle sends Ep ( ω s) back to the decision modle of the service provider for making the decision. The decision modle decrypts Ep ( ω s) and makes the decision as follows ( τ is the threshold determined by the service provider): Acceptifs, < τ decision = Reject, if s > τ Note that for different athentication reqests, we may reqire different secrity levels. Hence, or system can assign different threshold vales for different sers. 5 Analysis In this section, we present the correctness, secrity, privacy and efficiency analysis for or proposed soltion.

12 Secre Biometric-Based Athentication for Clod Compting Correctness Analysis Or protocol correctly comptes the sqared Eclidean distance between the qery featre vector and the biometric template if all the players follow the protocol faithflly. Let X = { x1, x2,..., x n } be the extracted featre vector of ser A dring the enrolment process. It will be transformed into X as follows: x1,..., xn, v1,..., vm,1,1, X = n 2 m 2 ( i= 1xi ),( j= 1vj ) (1) Then, we randomly shffle the order of elements in X. Let X = π A( X ) be the shffled vector by sing the shffle protocol π A. Next, we encrypt X by sing the encryption key E A and store the following reslt as the template of the ser in the templates storage: EA( x1 ),..., EA( xn), EA( v1 ),..., EA( v ), m EA ( X ) = EA(1), EA(1), n 2 m 2 EA( i= 1xi ), EA( i= 1vj ) Note that for ease of explanation, we do not change the order of elements in Eq. (2). Assme that Y = { y1, y2,..., y n } is the qery featre vector dring the verification process. The client retrieves the verification code from the service provider and transforms Y into Y as follows: (2) 2 y1,..., 2 yn, 2 v1,..., 2 vm, Y = n 2 m 2 ( i= 1yi ),( j= 1vj ),1,1 (3) By sing the same shffle protocol Y = π ( Y) and encrypts Y with the encryption key A E P 1 P m P ( Y ) n m EP i xi EP i vj π A (if the ser is A ), the client comptes EP( 2 y1 ),..., EP( 2 yn), E ( 2 v ),..., E ( 2 v ), = 2 2 ( = 1 ), ( = 1 ), EP(1), EP(1) E P to prodce: For ease of explanation, we do not change the order of elements in Eq. (4). The sqared Eclidean distance is compted as follow: The service provider first decrypts EP ( Y ) to obtain Y and comptes the scalar mltiplication for each i -th element in Y and E ( X ) according to their index position: A (4)

13 98 Kok-Seng Wong * and Myng Ho Kim Y EA ( X ) = EA ( X Y) ( 2 y1 EA( x1),..., ) ( 2 yn EA( x ), ) n ( 2 v1 EA( v1) ),...,( 2 vm EA( vm) ), = n 2 m 2 ( i= 1yi EA(1) ), ( j= 1vj EA(1) ), n 2 m 2 ( 1 EA( i= 1xi )),( 1 EA( i= 1vj )) EA( 2 x1y1),..., EA( 2 xnyn), 2 2 EA( 2 v1 ),..., EA( 2 vm), = n 2 m 2 EA( i 1yi ), EA( j 1vj ), = = n 2 m 2 EA( i= 1xi ), EA( i= 1v j ) Next, the service provider comptes homomorphic additive operation for each ( xi yi ) ( X Y ) in Eq. (5): 2 2 ( n ) ( ) ( ) ( = = = = 1 2) n 2 m 2 + hea( i= 1xi ) + h EA( i= 1vj ) n 2 n ( = 1 ) ( = 1 2 ) 2 + ( hea i= 1yi ) n ( = ( 2 2 )) n 2 A i= 1 ( i i) E () s = E 2x y + E 2v + E y + E v A A i i i h A j j h A i i h A j j = E x + E x y A i i h A i i i = E x x y + y A i i i i i ( ) = E x y After we decipher the reslt in Eq. (6), we can obtain the sqared Eclidean n 2 distance s= ( ) i= 1 xi yi. Note that in Eq. (6), we eliminate the verification code and all additional featres. Hence, if the service provider retrieves the correct verification code and the client comptes Y correctly, or protocol otpts the correct sqared Eclidean distance for X and Y. If one of the parties (either the client or the service provider) is not following the protocol, the final otpt will not reflect the sqared Eclidean distance for the two vectors ( X and Y ). Sbseqently, the verification process will fail and the ser cannot access the system. The client or the service provider who is not following the protocol is considering as the malicios party in or protocol. The proof of this theorem is same as the proof in Theorem 3 and Theorem 4 nder the secrity analysis. (5) (6) 5.2 Secrity Analysis In this section, we will analyse two possible attacks: internal and external attack. Internal attack involves malicios party sch as employee at client who attempts to gain access into the clod. External attack involves external parties (intrders or

14 Secre Biometric-Based Athentication for Clod Compting 99 network attackers) who watch the traffic on the network. They are interested in learning some knowledge from the comptation protocol or intercept the data in the network. Note that internal attack is more serios as compared to the external attack becase attackers are having more knowledge abot the protocol. Or protocol is secre against malicios ser who tries to gain access to the clod. Withot the knowledge of sensitive information and the decryption key, the athentication is not possible for attacker at the client side. Dring the enrolment process, the system generates the biometric template for each ser. Only the ser who enrolled into the clod has its template and the verification code stored in the clod storages. In the absence of the template, the system cannot athenticate the ser. In or protocol, any malicios ser who wants to pose as an enrolled ser mst gain access to three sensitive information: (1) the verification code, (2) the original featre vector and (3) the shffle protocol. Since the verification codes and the biometric templates are stored in an encrypted form, the attacker will not be able to access them withot the knowledge of the decryption key. If the attacker gains access to the original featre vector of the ser, he is not able to se it directly for the verification process becase the verification code and the shffle protocol are not accessible. In the worst scenario, if the attacker obtains the decryption key of any ser, the secrity for the ser is still can be garanteed. Hence, or protocol is secre against attacker who tries to gain access to the clod system. Or protocol is secre against malicios service provider who tries to gain access to the biometric templates stored in the clod storages. The malicios service provider is not able to reconstrct the original featre vector of any ser in the absent of the verification code. Frthermore, the templates are encrypted by sing the encryption key of each respective ser. The service provider has no knowledge abot the decryption key. Gaining access to these encrypted vector is as difficlt as attacking the encryption algorithm. Brte-force attack is also impossible since all the templates are different (after the encryption operation). Hence, or protocol is able to prevent the malicios service provider from reconstrct the original featre vector of the ser. Network attacker who listens to the traffic is not able to learn any sensitive information. In or protocol, all the data transmit over the network (between the client and the service provider) are in an encrypted form (either encrypts with the ser s encryption key or with the service provider s key). When the network attacker watches the network, he cannot learn any information becase he has no knowledge abot the decryption key. Dring the verification process, network attacker is not possible to be athenticated by the clod becase he has no knowledge abot any sensitive information. Hence, or protocol is secre against the network attacker. 5.3 Privacy Analysis The privacy concern in or soltion is the amont of information revealed dring the athentication process. Or protocol shold ensre the confidentiality of all sensitive information sch that the intermediate reslts and the athentication reslt will not compromise the privacy of the ser. In or soltion, both the verification codes and the biometric templates are stored in an encrypted form. The service provider is not able to learn anything becase it has no knowledge abot the decryption key from the ser. In the worst scenario, if the

15 100 Kok-Seng Wong * and Myng Ho Kim decryption key of the ser has been compromised, the service provider also not able to identify the original featre vector of the ser becase the template has been transformed with the verification code and being shffled dring the enrolment process. Dring the verification process, the service provider decrypts EP ( Y ) before performing the scalar mltiplication operation. After the decryption, the service provider is not able to distingish between the original featre vector and verification code. Hence, or protocol protects both the verification code and the template stored in the clod storages. The service provider is not able to distingish whether two athentication reqests belong to the same ser. In or protocol, the verification code and the template are stored separately by the service agent and the service provider, respectively. This design prevents the malicios party from knowing which verification code is associated with which template in the case when both storages are compromised. The decision modle makes the verification decision based on the similarity score (sqared Eclidean distance) and the threshold vale determined by the system. If the similarity score is lower than the threshold, it can reject the ser. Otherwise, the system verifies the ser and the athentication process is sccessfl. With only the similarity score, the decision modle is not able to distingish whether two athentication reqests belong to the same ser. 5.4 Efficiency Analysis The total commnication costs depend on the amont of data transferred dring the athentication process. Dring the enrolment process, the main comptation cost incrs is the generation of biometric template which reqires k = ( n+ m+ 4) encryption. The enrolment process only reqires 1 rond of commnication in order for the service provider to store the biometric template of the ser. Dring the verification process, the comptation cost is dominated by the comptation of the sqared Eclidean distance. The commnication complexity incrred by the protocol is O( k ). In terms of complexity, or protocol reqires O( k ) encryptions, O( k ) scalar mltiplications and O( k ) homomorphic additive operations. 6 Discssion and Conclsions The biometric-based athentication offers many advantages over other existing athentication methods. However, the processing time dring the verification process is a main concern in any biometric-based system. The integration of biometric-based athentication into the clod environment can benefit from the advantages of the clod compting sch as extra resorces and processing power. In this paper, we proposed a biometric-based athentication protocol for clod compting. Or target is to achieve secre athentication while protecting the sensitive information of sers. We incorporate the homomorphic encryption scheme into or matching protocol to compare both the qery featre vector and the template in an encrypted form. The measrement metric sed in or protocol is the Sqared

16 Secre Biometric-Based Athentication for Clod Compting 101 Eclidean distance. Or soltion preserves the privacy of the sensitive information and secrely performs the athentication process in the clod environment. References 1. Mell, P., Grance, T.: The NIST Definition of Clod Compting. National Institite of Standards and Technology (2009) 2. Byya, R., Yeo, C.S., Vengopal, S., Broberg, J., Brandic, I.: Clod compting and emerging IT platforms: Vision, hype, and reality for delivering compting as the 5th tility. Ftre Gener. Compt. Syst. 25, (2009) 3. Neman, B.C., Ts o, T.: Kerberos: An Athentication Service for Open Network Systems. IEEE Commnications 32, (1994) 4. Recordon, D., Reed, D.: OpenID 2.0: a platform for ser-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, pp ACM, Alexandria (2006) 5. Lenk, A., Klems, M., Nimis, J., Tai, S., Sandholm, T.: What s inside the Clod? An architectral map of the Clod landscape. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Clod Compting, pp IEEE Compter Society (2009) 6. Fiveash, K.: HP sells clod vision amidst economic downpor. Will cstomers get soaked on transformation jorneys? King s College London (2008) 7. Senk, C., Dotzler, F.: Biometric Athentication as a Service for Enterprise Identity Management Deployment: A Data Protection Perspective. In: Sixth International Conference on Availability, Reliability and Secrity, Vienna Astria, pp (2011) 8. Convery, S.: Network Athentication, Athorization, and Acconting Part One: Concepts, Elements, and Approaches. The Internet Protocol Jornal 10, 2 11 (2007) 9. Lloyd, B., Simpson, W.: PPP Athentication Protocols. RFC Editor (1992) 10. Simpson, W.: PPP Challenge Handshake Athentication Protocol (CHAP). RFC Editor (1996) 11. Canetti, R.: Universally Composable Signatre, Certification, and Athentication. In: Proceedings of the 17th IEEE Workshop on Compter Secrity Fondations, p IEEE Compter Society (2004) 12. Haller, N.: The S/KEY One-Time Password System. In: Internet Society Symposim on Network and Distribted Systems, pp (1994) 13. Rbin, A.D.: Independent one-time passwords. In: Proceedings of the 5th Conference on USENIX UNIX Secrity Symposim, vol. 5, p. 15. USENIX Association, Salt Lake City (1995) 14. Brooks, C.: Amazon adds onetime password token to entice the wary. SearchClodCompting (2009) Paillier, P.: Pblic-key cryptosystems based on composite degree residosity classes. In: Stern, J. (ed.) EUROCRYPT LNCS, vol. 1592, pp Springer, Heidelberg (1999)