oBiometrics: A Software protection scheme using biometric-based obfuscation

Kuseler, Torben and Lami, Ihsan and Al-Assam, Hisham (2011) oBiometrics: A Software protection scheme using biometric-based obfuscation. In: African Conference on Software Engineering and Applied Computing (ACSEAC), 2011.

[img]
Preview
Text
oBiometrics A Software protection scheme using biometric-based obfuscation.pdf

Download (335kB) | Preview

Abstract

This paper proposes to integrate biometric-based key generation into an obfuscated interpretation algorithm to protect authentication application software from illegitimate use or reverse-engineering. This is especially necessary for mCommerce because application programmes on mobile devices, such as Smartphones and Tablet-PCs are typically open for misuse by hackers. Therefore, the scheme proposed in this paper ensures that a correct interpretation / execution of the obfuscated program code of the authentication application requires a valid biometric generated key of the actual person to be authenticated, in real-time. Without this key, the real semantics of the program can not be understood by an attacker even if he/she gains access to this application code. Furthermore, the security provided by this scheme can be a vital aspect in protecting any application running on mobile devices that are increasingly used to perform business/financial or other security related applications, but are easily lost or stolen. The scheme starts by creating a personalised copy of any application based on the biometric key generated during an enrolment process with the authenticator as well as a nuance created at the time of communication between the client and the authenticator. The obfuscated code is then shipped to the client’s mobile devise and integrated with real-time biometric extracted data of the client to form the unlocking key during execution. The novelty of this scheme is achieved by the close binding of this application program to the biometric key of the client, thus making this application unusable for others. Trials and experimental results on biometric key generation, based on client's faces, and an implemented scheme prototype, based on the Android emulator, prove the concept and novelty of this proposed scheme.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Biometrics; Mobile applications, obfuscated interpretation; Software protection
Subjects: Q Science > Q Science (General)
Divisions: School of Computing
Depositing User: Ihsan Lami
Date Deposited: 03 Aug 2016 13:37
Last Modified: 03 Aug 2016 13:37
URI: http://bear.buckingham.ac.uk/id/eprint/75

Actions (login required)

View Item View Item