Secure Cloud Based Biometric Signatures Utilizing Smart Devices

On 20 September 2013 Apple released their latest iPhone device, named the iPhone 5s which incorporates a fingerprint based biometric scanner. The inclusion of a biometric scanner was met with a host of criticism from the security and privacy community. It was soon demonstrated that the biometric reader on the new iPhone is just as vulnerable to spoofing attacks as devised by researchers such as Matsumoto et al. Nearly seven months later, Samsung released the Galaxy 5S, which also incorporates a single inline biometric fingerprint scanner. Apart from gaining access to the device, the Samsung device makes it possible for the user to make payments from a linked PayPal account. As was the case with the iPhone 5s, the Samsung galaxy 5S biometric security was subverted a few weeks after its release, by SRLabs using a faux fingerprint. It is widely accepted that making use of biometrics for effective security during the identification and authentication process is not recommended. People leave latent biometric prints of their fingerprints on everything they touch. Biometric technology is vexed with this problem - a biometric characteristic is not essentially covert, as people deposit their biometric characteristics in various ways in the environment they interact with. In research cases as demonstrated using the iPhone 5s, Samsung Galaxy S5 or many biometric scanners, a fake biometric characteristic can be manufactured from latent biometric prints, to fool the biometric security of the system. Indeed, the ability of biometric technology to directly authenticate an individual is highly desired, and convenient, resulting in many companies investigating and incorporating this technology. If a biometric characteristic is presented, with irrefutable confirmation that the biometric characteristic presented has not been spoofed or tampered with in any way, the authentication environment can be convinced that the person himself, is directly authenticated. In the case with a password or token, however, only the presented password or token is authenticated, and not the individual presenting the password or token. Realising the inherent shortcomings but also the opportunities of biometrics, research has been conducted in this field. A Cloud based biometric security protocol for smart devices was developed, corroborating that it is possible to authenticate a person indisputably using cloud technology, biometrics and a smart device such as the iPhone or Galaxy. This paper proposes an approach to allow a person to use a smart device such as the iPhone 5s, or Galaxy S5 for secure biometric authentication over a networked environment. It is illustrated that a smart device can be considered as a "smart token", to address the security concerns associated with biometric technology. The secondary focus of this paper is to prove that a cloud based biometric security protocol can be used for secure biometrically based digital signatures.