=Paper=
{{Paper
|id=None
|storemode=property
|title=Using Mobile Agents for Secure Biometric Authentication
|pdfUrl=https://ceur-ws.org/Vol-621/paper19.pdf
|volume=Vol-621
|dblpUrl=https://dblp.org/rec/conf/woa/TranquillinFM10
}}
==Using Mobile Agents for Secure Biometric Authentication==
https://ceur-ws.org/Vol-621/paper19.pdf
Using mobile agents for secure biometric
authentication
Marco Tranquillin Carlo Ferrari Michele Moro
Department of Information Department of Information Department of Information
Engineering Engineering Engineering
The University of Padova The University of Padova The University of Padova
Padova, Italy Padova, Italy Padova, Italy
Email: carlo.ferrari@dei.unipd.it Email: michele.moro@dei.unipd.it
Abstract—This paper deals with the definition of a strong of them can move freely in the working space thanks to wire-
authentication model, coupling usual password/PIN based meth- less connections while remaining strongly tied to their (human)
ods with a biometric matching, over a Multi Agent distributed owner. The interaction with the fixed part of the system is
infrastructure. When the user authentication procedure involves
personal devices, the Multi Agent System model helps in the dis- managed by proper protocols in order to guarantee security
tribution of data and algorithms thanks to a better partitioning of and performances. The design of applications can benefit from
roles and responsibilities, enhancing robustness to eavesdropping novel paradigms and methodologies that explicitly deal with
and tampering by properly moving agents around the system mobility and that support delegation mechanisms in order to
itself. The system architecture is based on specialized agents tied move the heavier part of computation on those nodes that can
to the different devices, which safely communicate using both
symmetric encryption for messages and asymmetric encryption to cope with the required service levels.
check principals’ roles. Moreover, agents can carry on biometric The mobile agents paradigm is focused on the mobility
parameters matching algorithms, bringing computation on those concept of computation and code [1]. That means the ability
nodes with enough computing power. A complete authentication to organize programs that can be sent without changes to
protocol has been developed and two different demos have been a number of different computers and that can be executed
devised and tested. They differ for the tasks assigned to the
mobile devices in use. Experiments show that agent capabilities, with the same semantics on each of them. This paradigm is
together with their power of migration, help in maintaining a a remarkable option in the context of Multi-Agent Systems
higher level of security when mobile devices are involved. (MAS) that in [2] are defined as “a loosely coupled network
of problem-solver entities that work together to find answers
I. I NTRODUCTION to problems that are beyond the individual capabilities or
Identity recognition is still an open problem and its solution knowledge of each entity“. One of the most interesting and
can help for user authentication, tracking, secure access to innovative feature of this model is about its integration with
restricted areas and, more generally, anytime it is necessary modern mobile devices, like smart phone or handhelds, that
to automatically acquire the identity of a human operator. allows a greater relocation of computing resources linking soft-
It is worth to point out that the application of an identity ware with users in a more safe effective and reflective manner.
recognition system can go beyond security issues, being the For sure security is a major issue in distributed systems and
basic for a more sophisticated human machine interface in device mobility requires new more robust solutions [3], [4],
a pervasive context. A person can be identified through the [5].
analysis of her physical peculiar features: automated methods The main goal of this paper is to present how biometric
and algorithms for feature acquisition, analysis and recognition matching methods can be combined with usual password/PIN
stand at the core of Biometrics, that it is focused on the correct based methods in those scenarios where mobile devices are
representation and measurements of those personal physical involved. The paper is focused on the use of the mobile agent
invariants, like fingerprints, iris, hand geometry and so on, paradigm suitably exploited to integrate a mobile device in the
that are strictly linked to each person and cannot be easily system.
tampered with. In the recognition process acquired raw data The authentication model that we present is a strong au-
are preprocessed to extract relevant geometric arrangements thentication model [6]. In fact it involves more than one
of features that are then compared and matched to those that factor, something that the user knows (personal data like name,
form the user template stored in a backend database. surname, date of birth etc. and one PIN generally), something
A biometric recognition process involves different compu- that the user has (a mobile device with its memory card) and
tational activities distributed among biometric sensors, host something tied to the user (a biometric parameter).
computer, personal mobile devices. Modern computational A model using three contextual authentication criteria is
systems can involve heterogeneous machines and devices that more robust and is able to fully take advantage of the mobile
greatly differ with respect to their computational power. Some agents approach. Unlike previous works that are based on
�smart card [7], [8], [9], the innovative issue of this model is cation process; when at client it is delegated for all the
the introduction of a mobile device that can be used both like a communications with the phone agent.
data repository and an active element inside the authentication Instances of the previous components can be combined to form
protocol, executing matching of biometric templates. the final system, as shown in figure 1.
Mobile agents can transfer entire object code in order It is worth to point out that the role of the mobile agent
to manipulate data in a more robust manner (there is no is to load programs “on the fly”. Then it is not necessary to
need to copy and paste data from one location to another) preinstall all the software at the client side, reducing the risk
and to react immediately either to errors or to exceptions of hacking and tampering of those critical components that
(for example an agent that must install particular software are devoted to the authentication. Moreover executing soft-
that needs some libraries can autonomously download them ware within a remote agency benefits of those encapsulation
from Internet without any user intervention). Thus a MAS capabilities of agents providing a stronger degree of security.
supports effective forms of adaptable computations in accor- The abovementioned issues are even more significant when
dance with the requested level of security and the availability the mobile device can host an agency.
of computational power, and it shows a relevant degree of Every client machine is responsible for controlling one
scalability and maintainability. The framework that we chose biometric sensor from which it gets raw data when requested.
for implementing the proposed authentication system is the The match of the live template, extracted by the client, can be
open-source project Jade. It’s a worldwide project associated centralized in the server. The use of a mobile device, coupled
with a great community that has realized a lot of adds-on, with one client machine, enables a stronger level of security
like Jade-S and Jade-Leap. The first one is a plug-in that because also PINs must be provided by the user and, with
increases the native security level of the platform through the suitable computational power, the match can be carried directly
verification of credentials that belong to agents. The second on the mobile device. In order to reach a useful flexibility and
one allows to execute a light version of the Jade framework the adaptation of the client to the characteristics of the user
into a device that has limited hardware resources like mobile phone, all the main functions of the client are carried by a
phones or handhelds. mobile agent coming from the server. For example, a specific
The authentication system that we propose is based on bio- mobile agent could be created by the server in accordance with
metric parameters (in the first release we use only fingerprint the capability of the mobile device currently shown.
analysis). It addresses the following questions: Every communication from one agent to another is protected
how can we surely transport user private data? by symmetric encryption to obscure contents of messages and
how can we extract the template from a fingerprint from by asymmetric encryption to apply digital signature to every
a trusted source? message in order to let the agent automatically verifying the
how can we be sure of subjects that are exchanging data? identity of message sender. Since we use an agent platform,
In the next paragraph the architecture of the system is it is possible to identify a specific agent (each agent that is
described while, in the third paragraph, the details of the running on a platform has its unique name) and to find its
authentication protocol are given. The fourth paragraph is location on the network in order to be sure to talk to a non-
devoted to a brief final discussion and conclusions. tampered agent.
II. S YSTEM A RCHITECTURE III. T HE AUTHENTICATION PROTOCOL
Authentication is carried on by different agents that perform The biometric based authentication system, as mentioned
specific tasks and with at least the robustness reachable earlier, leverages the power of the platform agents to execute
with elaborated protocols like Kerberos [10]. The involved all the operations that are mandatory to authenticate a user.
physical entities of the system are a mobile device, typically The protocol is organized into a sequence of four phases:
a smartphone, a client machine mainly devoted to biometric 1) Initialization.
data acquisition, and a server machine to access the central 2) Authentication of the mobile device.
user database. Within these machines both static and mobile 3) Authentication of the shared secret.
agents run on an agent platform. The overall architecture is 4) Authentication of the biometric parameter.
built on the following basic elements: These steps refer to the case we called ’Template on phone’
server agent: it must execute the operations at the server that contemplates the presence of an encrypted fingerprint in
side, e.g. generating mobile agents, checking data, query- the mobile device memory and the match of the biometric
ing a database and so on; parameter on the server.
user phone agent: running on the mobile device, it Phase 1: the initiative is taken by the user who runs an
provides the GUI for the owner to be authenticated. The application on her mobile device. After she has provided a
necessary communications with the server are performed PIN, the mobile device application asks the Jade platform
via messages piggybacked on another (mobile) agent; server to start an agent called “User Phone Agent“ (UPA).
mobile agent: it moves between a client and the server This also activates the client to start the authentication:
carrying all the necessary information for the authenti- it requests the server for establishing an SSL session.
� Fig. 1. Internal Model
Finally an other agent resident on the server (simply memory whereas the client is in charge to provide the live
’server agent’, SA) is activated. template. The MA goes back-and-forth two times, the first
Phase 2: this phase is dedicated to authenticate the to bring the encrypted stored template, the second one to
mobile device (something that the user has). In order make the client to get the user live fingerprint. The live
to authenticate the UPA, the SA creates a mobile agent template is encrypted with the asymmetric public key of
(MA) that brings a challenge (i.e. a prompt to receive a the server so that the client is not requested to maintain
private information as its response [11]), encrypted (with any secret key. The two templates are now compared
the server AES key) and signed by the SA, to the client using the established matching algorithm. The last travel
by migrating to this latter. The UPA verifies the server of the MA is used to notify the match response to the
signature, extracts the challenge and it sends a response UPA.
challenge (updated, encrypted and signed), together with When a ’Match on phone’ is possible, i.e. the mobile device
the user asymmetric public key, back to the server through can implement the matching algorithm, the live template must
the MA. The authentication of the UPA completes when be sent to the UPA and the stored template is not moved from
the MA goes back to the server that verifies the encrypted its original position in the phone device. Obviously in this case
reply using the enveloped public key. the UPA is responsible for performing such a match and for
Phase 3: now it is the turn to get the user personal giving back to the server the final response.
data (something that the user knows). The MA carries
IV. D ISCUSSION AND CONCLUSION
a new challenge to the UPA requiring a hashed version
of the user personal data and PIN. When it comes back In our experimentation we developed the two different
to the server, the SA can search the user data in the local scenarios through the following demonstrative applications:
database, through their hashed value. Any time a positive Demo 1 “MIDP-TOP“ (Template On Phone): the bio-
match occurs, the user AES key is extracted from the metric match is on server, whereas the mobile device is
database record and it is used as the basis of a personal used as the user personal data repository;
secure communication channel for the next steps. At this Demo 2 “MIDP-MOP“ (Match On Phone): the biometric
point the UPA receives an acknowledgement affirming match is performed on the mobile device. In this case
that the server has correctly recognized the user and the reference template can be stored exclusively on the
consequently the authentication can continue. mobile device.
Phase 4: this phase includes the biometric match (some- To complete our prototype we developed a tool named En-
thing tied to the user). The UPA provides the user rollment Tool that allows the system administrator to manage
fingerprint template that is stored in the mobile device user personal data and keys and, more important, to extract a
�template from a fingerprint (that can be loaded from a file or Whenever a step fails the whole authentication process fails.
live captured) and to support the initialization of the mobile If a step is fraudulently passed, no effect of further weakness
device repository. is propagated at subsequent levels that use new and different
A distributed system with mobile devices requires proper critical data. The last step, that uses biometric data, is the
policies to combine different security mechanisms in order to hardest to be misleaded.
meet a high level of dependability. Biometric-based identity Our experimentation, necessarily carried out on a small
recognition benefits from the association with other (non group of a dozen people, has proved the correctness and ef-
biometric) personal data, allowing a faster search on a common fectiveness of the model. In perspective the MAS architecture
database, thanks to the use of well established and efficient shows a sufficient degree of scalability to adapt our model
string search algorithms. to significantly more complex situations like those requiring
A MAS explicitly supports the partition of responsibilities several client locations and a great number of potential users.
and roles: in fact it is a model that is distributed ’per se’ and The future availability of more powerful smartphones will also
that assigns different responsibilities to the various actors. The bring the conditions for introducing the agent mobility at the
concurrent use of both biometric and non-biometric parameters phone level.
asks for such kind of partitioning. When multi-biometrics
ACKNOWLEDGEMENT
is concerned, this is even more evident because more client
machines equipped with specific devices and tools could be This work has been partially supported by the University of
involved. Agents are entities that can be precisely identified Padova Research Project CPDA073251/07, ”Algorithms and
within a platform together with their specific responsibilities, methods for secure authentication using biometrics data”.
acting in favour of their own or on behalf of other entities,
particularly in the case of mobile agents. R EFERENCES
As previously described, we propose a sequence of three
[1] S. J. Russel, P. Norvig, Artificial Intelligence: A Modern Approach,
steps recognizing first a mobile device as member of a set Prentice Hall International, 2003.
of authorized devices, second a user through her personal [2] J. F. Dray, M. E. Smid and R. Warnar, A Token Based Access Control
credentials and finally we perform the biometric match. In System for Computer Networks, Proceedings of the 12th National
Computer Security Conference, NIST/NCSC, Baltimore, MD, (USA),
this scenario the client should be simply responsible for the October 1989.
reading of the raw biometric parameter. Notwithstanding, the [3] T. Y. C. Woo and S.S. Lam, Authentication for Distributed Systems,
use of a mobile agent permits any client to execute crucial IEEE Computer, vol. 25, no. 1, pp. 39–52, January 1992.
[4] Guideline on User Authentication Techniques for Computer Network
actions on delegation of the server to cope with the limitation Access Control, National Institute of Standards and Technology, Federal
of the mobile device. So that also the user mobility is implicitly Information Processing Standards Publication 83, National Technical
guaranteed not being restricted to a specific client (e.g. a user Information Service, Springfield, VA, September 1980.
[5] H. Aouadi and PR M. Ben Hamed Security Enhancements for Mobile
could authenticate herself to enter a restricted area through Agents Platforms, IJCSNS, vol. 6, no. 7, pp. 216–221, 2005
one of several different entrances). [6] R. E. Smith Authentication: From Passwords to Public Keys, Addison-
An appropriate combination of secret keys related both Wesley. 2001.
[7] S. Bistarelli, S. Frassi, A. Vaccarelli, MOC via TOC Using a Mobile
to the machines and to the single users provides a good Agent Framework, Proceedings of the 5th Int. Conf. on Audio and Video-
balance between performances and the level of security. It Based Biometric Person Authentication, Hilton Rye Town, NY, USA,
is worth to point out that the Jade security extension (Jade- 2005, pp. 464–473.
[8] S. Bistarelli, F. Santini and A. Vaccarelli An Asymmetric Fingerprint
S) unfortunately presents some hard limitations that make it Matching Algorithm for JavaCard, Proceedings of the 5th Int. Conf. on
unusable when mobile devices are involved. Audio and Video-Based Biometric Person Authentication, Hilton Rye
Basic security is provided by the SSL tunnel. Freshness Town, NY, USA, 2005, pp. 279–288.
[9] Z. Pozgaj, I. Duretek, Smart Card in Biometric Authentication, Pro-
and liveness properties are guaranteed by the challenge-and- ceedings of the 18th Int. Conf. on Information and Intelligent Systems,
response approach, like in the Needham-Schroeder protocol Varazdin, Croatia, 2007, pp. 319-325.
[11]. Every one of the three recognition steps in sequence is [10] J. G. Steiner, C. Neuman, J. I. Schiller Kerberos: An Authentication
Service for Open Network Systems in Usenix Winter Conference Pro-
correct because it realizes standard security procedures, and ceedings, Dallas, Texas (USA), 1988, pp. 191-202.
it provides its specific level of security, related to the entity [11] A. S. Tanenbaum, M. van Steen, Distributed Systems: Principles and
under authentication (device, user ID data and biometric data). Paradigms, Prentice Hall, 2002.
�