Authentication Assurance of Biometric Authentication

Protocols on Mobile Devices

Huub van WierenUniversity of Twente

P.O. Box 217, 7500AE EnschedeThe Netherlands

h.d.vanwieren@student.utwente.nl

ABSTRACT

This is a research in what authentication assurance levelscan be reached by the FIDO UAF and the BOPS proto-col. Assurance levels are defined by the EU, NIST andISO, but unclear is what levels the authentication proto-cols can reach. Requirements of the assurance levels aremeasured against specifications of the authentication pro-tocols. Concluded is that there are no big software orhardware limitations for the protocols. Biometric perfor-mances are however still not perfect.

Keywords

Mobile Devices; Authentication Protocols; AuthenticationAssurance Levels; Biometrics

1. INTRODUCTIONMore and more on-line authentication tasks are done bymobile devices nowadays. This demands safe and correctauthentication protocols on those mobile devices. Manymobile devices are developed with some piece of biometricidentification hardware, which opens up the opportunityto use this hardware in authentication processes. Twoemerging protocols that incorporate biometrics have beenanalysed on their security and privacy features [16]. Con-cluded was that the biometric authentication on smart-phones has some limitiations, but this could be improvedin the future. One of the discussed protocols is The Uni-versal Authentication Framework (UAF) from the FastIDentity Allience (FIDO). The other protocol is the Bio-metrics Open Protocol Standard (BOPS) developed byHoyos Labs and published as a standard by the IEEE[2]. The makers of the protocols both have their own ap-proaches on making a biometric authentication solution,but both specify a protocol that allows on-line services toauthenticate with biometrics.

Since governments are very interested in the developmentof authentication techniques, regulations called eIDAS aremade by the EU concerning electronic identification andtrust services for electronic transactions [5]. Furthermorethe National Institute of Standards and Technology (NIST)of the U.S. Department of Commerce made guidelines ondigital authentication [7]. The eIDAS standard as well

Permission to make digital or hard copies of all or part of this work for

personal or classroom use is granted without fee provided that copies

are not made or distributed for profit or commercial advantage and that

copies bear this notice and the full citation on the first page. To copy oth-erwise, or republish, to post on servers or to redistribute to lists, requires

prior specific permission and/or a fee.

26th

Twente Student Conference on IT February 3st

, 2017, Enschede,

The Netherlands.Copyright 2017, University of Twente, Faculty of Electrical Engineer-

ing, Mathematics and Computer Science.

the NIST standard describe authentication assurance lev-els that roughly follow the authentication assurance levelsdefined in the ISO/IEC 29115:2013 standard [10]. Thethree levels of the eIDAS standard cover mainly the lastlevels of this ISO standard. The assurance levels providedby those organizations are in terms of the consequences ofauthentication errors and misuse of credentials. The eI-DAS regulation specifies 3 assurance levels: low, substan-tial and high, whereas the FIDO and the ISO standardsspecify four levels of assurance.

1.1 Problem StatementUnclear is which assurance levels can be reached with thementioned UAF and BOPS authentication protocols usedon mobile devices. Research has to be done to clarifywhat hardware or software-based limitations mobile de-vices have an what specific authentication assurance levelsactually mean concerning biometric authentication proto-cols.

1.2 Research QuestionsBased on the problem statement, the research questionsare:

RQ1 Based on the eIDAS, NIST and ISO standards, whichauthentication assurance levels can be reached withthe biometric authentication protocols UAF andBOPS?

RQ2 What are the recommendations regarding authenti-cation protocols on mobile devices?

To answer the first research question an analysis has bedone on what the hardware-based and software-based lim-itations on mobile devices are. Furthermore minor dif-ferences between the standards and the specifications ofthe UAF and BOPS have been explored. Implicationsthat come with biometric authentication on mobile de-vices have to be analysed to give proper recommendationsfor the use of this technique.

2. AUTHENTICATION PROTOCOLS

- BACKGROUNDOn-line authentication protocols in general are basicallybuild upon an authentication model. This model con-sists of the user, the identity provider and the on-line ser-vice provider/relying party. A user of an on-line servicecan be authenticated by an identity provider. The iden-tity provider assures the relying party with a certain levelof confidence that the identity of the user is the actualclaimed identity of the user. The identity provider runsthe whole actual authentication procedure with the user.Many on-line web services as a relying party also have therole as an identity provider.

i

2.1 Authentication factorsAn authentication protocol is based on one of the threeauthentication factors. One of the authentications factorsis the knowledge factor that is widely used in authentica-tion protocols. Examples of a knowledge based factor are,passwords or a PIN code. A possession factor is somethinga user has, such as a ID card or a smartphone. The thirdauthentication factor is based on a biometric of a user i.e. adiscriminating physiological or behavioural property. Bio-metric authentication factors include, fingerprints, face oreven gait patterns. As mentioned the UAF and the BOPSprotocols make use of the biometric authentication factor.

The following biometric specific authentication protocolsboth have their biometric templates stored locally on themobile device itself. This means that the biometric dataitself isn’t send over a network or stored on a centralizeddatabase, unlike a currently most used password system.The data stored locally is not vulnerable to large scaletheft of all the data what is a huge advantage towardscentrally stored data.

2.2 FIDO Universal Authentication Frame-work

FIDO is an alliance of different vendors with the samecommon goals and interests in creating a new way of on-line authentication. With the UAF they created a protocolfor biometric authentications without the need for pass-words. In FIDO’s UAF architectural overview documentis described what components the UAF has [15]. Morespecific details about the UAF protocol are in the proto-col Specification [12]. This section will briefly describe thecomponents of the UAF protocol. A FIDO UAF enabledmobile device has to have the FIDO client software imple-mented and has to have a FIDO authenticator. The soft-ware interacts with the FIDO authenticator and a relyingparty software for example a mobile app or browser. Theauthenticator uses a biometric sensor for example a finger-print reader. Authentication requests are handled locallyby the FIDO client together with the FIDO authenticatorand verifies the requests with a FIDO UAF server. TheFIDO UAF server is part of the relying party’s server.

Initial usage of an authenticator, the authenticator has tobe registered on the FIDO server. A relying party is ableto detect when a user begins interacting with them witha new authenticator on which the server sends his policyto the authenticator. The user has to present his biomet-ric. The authenticator can now create a private/public keypair which is unique to the mobile device and the serviceof the relying party. The authenticator sends an attes-tation and the public key back to the server. With theattestation the authenticator gives a cryptographic proofof the authenticator model to the relying party. The au-thenticator now is registered and the relying party is nowable to request the user to authenticate with a registeredauthenticator.

In case of an authentication request from the FIDO servera cryptographic challenge that the authenticator has tosolve is send to the authenticator. The authenticator un-locks a private key depended on the biometrics of the user.The authenticator responses to the challenge signed withthe user’s private key.

To summarize the components, the mobile device consistsof the application of the relying party, the FIDO client andthe FIDO authenticator. On the server-side of the relyingparty is the FIDO server. The outlined design of the pro-tocol doesn’t need the existence of an identity provider.Figure 1 gives an overview of the UAF components.

Figure 1. FIDO UAF components

Figure 2. BOPS components

2.3 Biometrics Open Protocol StandardThe BOPS protocol provides an end-to-end identity au-thentication protocol with modular components that arefully open-source. In comparison with the FIDO UAFprotocol the BOPS protocol specifies the protocol in a sin-gle layer that also handles authenticator specific protocols.Whereas the specific requirements for the biometric recog-nition system lays outside the scope of the FIDO UAFprotocol. The BOPS protocol has three core components:the mobile device, the BOPS server and the intrusion de-tection system (IDS). All security protocols lay inside descope of the BOPS protocol whereas the FIDO protocolspecifies much less specific protocols as seen in the figures.The connection between the mobile devices, the BOPSserver and the server of the relying party relies on twoway SSL/TLS communication. The IDS runs on the mo-bile device as well as on the BOPS server and preventsattacks such as spoofing attacks and presentation attacks.Figure 2 gives an overview of the BOPS components.

3. AUTHENTICATION ASSURANCE LEV-

ELS OF SECURITY STANDARDS & GUIDE-

LINES

3.1 ISO authentication assurance levelsThe ISO/IEC 29115:2013 [10] standard specifies 4 levelsof assurance abbreviated as LoAs. Citing the ISO doc-ument: ”Each LoA describes the degree of confidence inthe processes leading up to and including the authentica-tion process itself, thus providing assurance that the entity

ii

that uses a particular identity is in fact the entity to whichthat identity was assigned.” LoA1 is the lowest level and isused when minimum risk is associated with erroneous au-thentication. No specific authentication mechanisms arespecified that have to be used. LoA2 is used when thereis a moderate risk associated with erroneous authentica-tion and LoA3 is used when the risk is substantial. LoA3prescribes a mulitfactor authentication method and secretinformation has to be cryptographically protected whentransmitted. LoA4 is similar to LoA3, but specifies theneed of tamper-resistant hardware devices. Additionally,an in-person identity proofing is needed. In other wordswhen a user wants to enrol himself he has to prove thathe is the right person towards a real person.

In Table 1 is stated how the diferent LoAs map to eachother as used in this paper.

Table 1. ISO LoAs mapping to NIST and eIDASISO 29115 NIST eIDAS

LoA 1 LoA 1 LowLoA 2 LoA 1 LowLoA 3 LoA 2 SubstantialLoA 4 LoA 3 High

3.2 NIST Authentication Assurance LevelsIn SP 800-63-3 [7], the NIST made their own authentica-tion level system based on the four defined levels of assur-ance in OMB M-04-04 [14] and is also inspired by the ISOassurance levels. In the defined system by the NIST dif-ferentiations are made in three categories, the M-04-04 arebasically split up in the identity assurance level(IAL), theauthenticator assurance level (AAL) and the federationassurance level. The LOAs 2 and 3 are taken togetherin those categories which results in three levels for eachcategory. As SP 800-63-3 document is still a draft ver-sion, the requirements related to the assurance level canstill change. In this paper is worked with the requirementsthat are currently defined (30 nov 2016).

3.3 eIDAS Authentication Assurance LevelsFor the assurance level specifiation in the eIDAS docu-ment the ISO/IEC 29115 has been taken into accountand the level roughly follow the last three NIST LoAsMany requirements for the levels low, substantial and highcome down to an own interpretation of the specific require-ment and other requirements are very clear. Furthermorenowhere in the document are biometrics discussed.

4. RELATED WORKThe security and privacy issues concerning the FIDO UAFprotocol and the BOPS protocol are researched as men-tioned in the introduction [16]. This research specificallyreviews how threats to biometric systems in general arehandled by the regarding protocols.

Different biometric techniques on smartphones are dis-cussed in ’Biometric Technology and Smartphones: A con-sideration of the practicalities of a broad adoption of bio-metrics and the likely impacts’ [4]. The challenges andpracticalities of fingerprint, iris and palmprint recognitionmethods are discussed but there is no unambiguous con-clusion of what the most promising technique is. Alsosome considerations are given on identity theft, securityand privacy.

In 2011 the article ’Security analysis of AuthenticationProtocols for Nest-Generation Mobile and CE Cloud Ser-

vices was publicised [9]. A novel authentication proto-col was presented with the feature of having no passwordstored at a specific service. Furthermore existing protocolsare discussed, but no biometric authentication protocolsare reviewed.

5. ANALYSIS

5.1 NIST requirementsThe NIST document supports only limited use of biomet-rics for authentication as it is only supported in combi-nation with another authentication factor. One of thereasons for this limitation is that biometric matching isstated as probabilistic, whereas other authentication fac-tor are stated as deterministic. Other reasons given in thedocument are the risk of presentation attacks and the lim-ited availability of biometric template protection. Firstthe general characteristic of NIST requirements will bediscussed and afterwards the characteristics of the LoAs.Table 2 gives an overview of the NIST requirements.

5.1.1 NIST general requirementsTo meet the NIST requirement of using a second authen-tication factor next to biometric authentication, a pos-session based factor could be used or a knowledge based.With using for example a password as a second authenti-cation factor some advantages of using biometrics will beoverridden. Ideally the mobile device itself has to functionas a possession factor to overcome the two factor require-ment. This way there is no need of second factor authen-tication device or an knowledge based factor. The FIDOUAF protocol focuses primary on a biometric as only mainauthentication factor, however when using the UAF pro-tocol, an authenticator has to be enrolled that creates akey pair that is unique to the mobile device. Using a bio-metric as authentication factor in together with the UAFprotocol can be seen as a multi-factor authentication. Thisobservation is also stated in the FIDO documentation andalso other multi-factor authentication options are given.It is possible to use a knowledge-based factor or anotherprotocol called U2F together with the UAF protocol.Alsothe BOPS protocol binds a person’s identity to a mobiledevice and biometric, which can be used for two factor au-thentication. Again multi factor authentication isn’t themain focus of the BOPS protocol, but adding more au-thentication factors is a possibility.

Another general requirement in the NIST document isthat the biometric authentication system needs to havean equal error rate (EER) of 1 in 1000 or better and alsoneeds a false acceptance rate (FAR) of 1 in 1000 or better.This is in terms of the newest biometric authenticationtechniques an achievable requirement. Both the UAF andthe BOPS protocol are not limited by this requirement.The feasibility of this requirements is discussed in anothersection.

Furthermore the NIST specifies a presentation attack de-tection requirement. The biometric system should have apresentation attack resistance of 90%. This requirementis not mandatory yet, but is strongly considered to be inthe future. A presentation attack is the act of presentinga biometric measure of someone’s else to get authorisedas the other person. E.g a printed photo of someone facecan be used to fool the biometric camera sensor of beingthat person. To ensure that the presented biometric bycertain user is actually from that user, liveness detectioncould be used. The UAF protocol specifies that livenessdetection should be implemented, but no further require-ments concerning this problem are given [13]. If imple-

iii

mented the presentation attack detection system will bein the software of the Authenticator. The BOPS protocolgives a mandatory requirement to include some form ofliveness detection or another way to prevent a presenta-tion attack. The BOPS protocol specifies this requirementfurther: False negatives shall be below 1.2% and false pos-itives shall be below 0.05%. Biometric matching has tooccur within 5 seconds and if the matching is under 12seconds, the false positives shall be below 0.03%.

Every NIST LoA needs to be resistant against man-in-the-middle attacks. This is an attack where an intruderintercepts data that is send between two parties in theprotocol. This enables the intruder to modify the data orto abuse it. To prevent this both the UAF and the BOPSprotocol use TLS channels between the mobile device andthe server of the relying party.

5.1.2 NIST LoA 1Basically all types of authenticators are allowed for LoA 1.When a authenticator is used within a government agencythe authenticator has to meet the requirements of FIPS140-2 level 1 [6]. This level contains no physical secu-rity mechanisms, but cryptographic algorithms or functionshould be approved. Software of the authenticator may beexecuted on ageneral purpose computing system. This ei-ther for the UAF and the BOPS protocol no problem.

Another LoA 1 reuirement is reauthentication in at leastonce per 30. This can clearly be achieved with the proto-cols.

The following LoAs have at least the same requirementsas LoA 1.

5.1.3 NIST LoA 2 & LoA 3An authentication process with LoA 2 or LoA 3 has toresist replay attacks. A replay attack is an attack wherean intruder succesfully authenticates himself b recordingan replaying a previous authentication message. When im-plemented correctly a TLS protocol should protect againstthose attacks in case of the UAF an the BOPS protocol.

Reauthentication has to take place at least once per 12hours or in at least 30 minutes of no use activity. Thismay still be no problem for the protocols.

The following last LoA hast at least the same requirementsas previous requirements.

5.1.4 NIST LoA 4With LoA 4 NIST limits the use to one type authenti-cator if biometrics authentication is desired. The NISTdescribes the authenticator type as a multi-factor crypto-graphic device and specifies specific requirements for thoseauthenticators. Embedded software has to be under con-trol of the manufacturer or from the relying party. Thisis technically reachable with the authentication protocols.Another requirement is that the biometric samples has tobe overwritten in memory immediately after an authen-tication, which should also be possible. This LoA alsorequires users to do a enrolment in in-person, in anotherwords somebody has to check that the right person enrolswith his own biometric. Furthermore the authenticatorhas to meet the requirements of FIPS 140-2 physical level3. This includes that the the hardware has to be tamperresistant. This means that it is not possible to open thehardware and if it certainly can all stored data has to bewiped. This is is a little bit outside the scope of the au-thentication protocols because it concerns the hardware.However the UAF protocol recommends to use a TrustedExecution Environment, Secure Elements or Trusted Plat-

form Modules when using existing hardware on mobile de-vices. Also the reauthentication requirement still doesn’tneed to be a problem.

Table 2. NIST LoAs requirements summaryGeneral requirements UAF BOPSmulti-factor authentication X X

1 in 1000 FAR & 1 in 1000 EER X X

presentation attack detection X X

man-in-the-middle resistance X X

LoA 1 requirementsFIPS 140 level 1 X X

30 days reauthentication X X

LoA 2/LoA 3 requirementsreplay attack resistance X X

12 hours reauthenticationor 30 minutes by inactivity X X

LoA 4 requirementsin person enrolment - -

overwrite biometric data in memory X X

FIPS 140-2 physical security level 3 X X

FIPS 140-2 software security level 2 X X

12 hours reauthenticationor 30 minutes by inactivity X X

5.2 eIDAS LoA requirementsThe eIDAS requirements roughly One of the general re-quirements is that personal user data that is stored onthe device should be secured and protected against loss.In the UAF specifications is specified that data should beprotected, but is not further specified. The BOPS protocolrequires encryption of the data on a mobile device.

From the substantial level and higher multi-factor authen-tication is required as well as replay attack resistance. Thehigh LoA requirement specifies the tamper resistant re-quirement. Also identity data needs to be verified by anauthoritative source. This can be any organisation that isnationally trusted to provide valid data, which is in prac-tice comparable to the in-person verification requirementof the NIST. Also a tamper resistance comparable to theNIST requirement is specified. A summary is given intable 3.

Table 3. eIDAS LoAs requirements summaryGeneral requirements UAF BOPS

data protection X X

Low requirementsone factor authentication X X

Substantial requirementsmulti-factor authentication X X

replay attack resistance X X

High requirementsmulti-factor authentication X X

in person enrolment - -tamper resistance X X

6. CONCLUSIONTechnically the first LoA levels and their requirements ofthe NIST and eIDAS can all be met with the FIDO UAFand BOPS protocols. The last LoA level by the NIST aswell by eIDAS is constraint because of the in person re-quirement. The ability of using those protocols on existingmobile device is also not possible because of the tamper re-sistant hardware requirement. Recommendations regard-

iv

ing authentication protocols on mobile devices cannot ev-idently be given based on this results. The next sectionwill discuss this.

7. DISCUSSIONWhether mobile devices are ready for biometric authen-tication can be called into question. The eIDAS docu-ments mentions that there are possibilities to use a ’inher-ent authentication’, where also biometrics belong to, butnowhere are requirements or guidelines specified about thesubject. This fact in itself may say something about howmature biometric authentication is. NIST documents dohowever have specific biometric requirements. Public rec-ommendations do even recommend increased support forBiometrics [1].

Hardware and software of mobile devices will eventually bebetter and better. The trusted executed environment incombination with the FIDO protocol from TrustZone forexample are making successes [3]. Expected is that therewill be no limitations concering hardware or software inthe future and that the biometric specific techniques willbe the bottleneck. Current verification performances onfaces obtained from controlled images are a FRR of 0.3%by a FAR of 0.1% [8]. This implies that is cannot meet therequirement of a 1 in 1000 EER that the NIST specifies.The best verification performances on fingerprints fromthe FVC ongoing are better with an FRR of 0.032% bya FAR of 0.1%. Those figures are a huge improvementcompared to where biometric verification one started butare still not perfect in comparison to other verificationtechniques as passwords. Also liveness detection rates arefar from perfect [11].

8. REFERENCES[1] Public comments received on nist sp 800-63-2:

Electronic authentication guideline. available at(14jan 2017):http://csrc.nist.gov/groups/ST/eauthentication/sp800-63-2-comments-received-2015.pdf.

[2] IEEE standard for biometric open protocol. IEEEStd 2410-2015, pages 1–37, Nov 2015.

[3] R. Coombs. Securing the future of authenticationwith ARM TrustZone-based trusted executionenvironment and fast identity online (FIDO). ARMWhite Paper, 2015.

[4] P. Corcoran and C. Costache. Biometric technologyand smartphones: A consideration of thepracticalities of a broad adoption of biometrics andthe likely impacts. IEEE Consumer ElectronicsMagazine, 5(2):70–78, April 2016.

[5] EU. REGULATION (EU) No 910/2014 OF THEEUROPEAN PARLIAMENT AND OF THECOUNCIL, July 2014. on electronic identificationand trust services for electronic transactions in theinternal market and repealing Directive 1999/93/EC.

[6] D. L. Evans, P. J. Bond, and A. L. Bement. Securityrequirements for cryptographic modules. 2002.

[7] P. A. Grass, M. E. Garcia, and J. L. Fenton. NISTspecial publication 800-63-3 digital authenticationguideline (draft). NIST Special Publication. Version:Wed, 30 Nov 2016 04:15:51.

[8] P. J. Grother, G. W. Quinn, and J. Philips. Reporton the evaluation of 2d still-image face recoginitionalgorithms. 2010.

[9] S. Grzonkowski, P. M. Corcoran, and T. Coughlin.Security analysis of authentication protocols fornext-generation mobile and ce cloud services. In

2011 IEEE International Conference on ConsumerElectronics -Berlin (ICCE-Berlin), pages 83–87,Sept 2011.

[10] International Organization for Standardization.ISO/IEC 29115:2013, information technology –security techniques – entity authentication assuranceframework, 2013.

[11] W. Kim. Towards real biometrics : An overview offingerprint liveness detection. In 2016 Asia-PacificSignal and Information Processing AssociationAnnual Summit and Conference (APSIPA), pages1–3, Dec 2016.

[12] R. Lindemann, D. Baghdasaryan, and E. Tiffany.FIDO UAF protocol specification. dec 2014.

[13] R. Lindemann, R. Sasson, B. Hill, J. Kemp, andD. Baghdasaryan. Fido uaf authenticator commandsv1.0 2014.

[14] O. M. M-04-04. E-authentication guidance forfederal agencies, December 2003. available at(12 dec2016):https://www.whitehouse.gov/sites/default/files/omb/memoranda/fy04/m004.pdf.

[15] R. Philpott, S. Scinivas, and J. Kemp. FIDO UAFarchitectural overview. dec 2014.

[16] M. Stokkenes, R. Ramachandra, and C. Busch.Biometric authentication protocols on smartphones:An overview. In Proceedings of the 9th InternationalConference on Security of Information andNetworks, pages 136–140. ACM, 2016.

v