BossPro: a biometrics-based obfuscation scheme for software protection

Kuseler, Torben and Lami, Ihsan and Al-Assam, Hisham (2013) BossPro: a biometrics-based obfuscation scheme for software protection. In: SPIE 8755, Mobile Multimedia/Image Processing, Security, and Applications, May 28, 2013.

[img]
Preview
Text
BossPro a biometrics-based obfuscation scheme for software protection.pdf

Download (619kB) | Preview
Official URL: http://proceedings.spiedigitallibrary.org/proceedi...

Abstract

This paper proposes to integrate biometric-based key generation into an obfuscated interpretation algorithm to protect authentication application software from illegitimate use or reverse-engineering. This is especially necessary for mCommerce because application programmes on mobile devices, such as Smartphones and Tablet-PCs are typically open for misuse by hackers. Therefore, the scheme proposed in this paper ensures that a correct interpretation / execution of the obfuscated program code of the authentication application requires a valid biometric generated key of the actual person to be authenticated, in real-time. Without this key, the real semantics of the program cannot be understood by an attacker even if he/she gains access to this application code. Furthermore, the security provided by this scheme can be a vital aspect in protecting any application running on mobile devices that are increasingly used to perform business/financial or other security related applications, but are easily lost or stolen. The scheme starts by creating a personalised copy of any application based on the biometric key generated during an enrolment process with the authenticator as well as a nuance created at the time of communication between the client and the authenticator. The obfuscated code is then shipped to the client’s mobile devise and integrated with real-time biometric extracted data of the client to form the unlocking key during execution. The novelty of this scheme is achieved by the close binding of this application program to the biometric key of the client, thus making this application unusable for others. Trials and experimental results on biometric key generation, based on client's faces, and an implemented scheme prototype, based on the Android emulator, prove the concept and novelty of this proposed scheme.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Torben Kuseler, Ihsan A. Lami, Hisham Al-Assam, "BossPro: a biometrics-based obfuscation scheme for software protection," Mobile Multimedia/Image Processing, Security, and Applications 2013, Sos S. Agaian, Sabah A. Jassim, Eliza Yingzi Du, Editors, Proc. SPIE 8755, 87550T (28 May 2013). Copyright 2013 Society of Photo Optical Instrumentation Engineers. One print or electronic copy may be made for personal use only. Systematic electronic or print reproduction and distribution, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper are prohibited. http://dx.doi.org/10.1117/12.2030766
Uncontrolled Keywords: Biometrics, Mobile applications, Obfuscated interpretation, Software protection
Subjects: Q Science > Q Science (General)
Divisions: School of Computing
Depositing User: Ihsan Lami
Date Deposited: 25 Aug 2015 14:38
Last Modified: 25 Aug 2015 14:38
URI: http://bear.buckingham.ac.uk/id/eprint/79

Actions (login required)

View Item View Item