Biometric Knowledge Extraction for Multi-factor Authentication and Key Exchange

This paper describes a method for achieving strong, multi-factor and mutual authentication from a biometrics-based protocol for authenticated key exchange (B-AKE). Operation of the protocol relies on knowledge shared by communicating parties, extracted from data collected by biometric sensors. A Diffie-Hellman key-agreement scheme creates a symmetric encryption key using a weak secret, the extracted something-you-know data. This key protects the confidentiality of user credentials and other message data transferred during operation of the B-AKE protocol. If the message recipient possesses the same something-you-know information as the sender, a key is created, the message decrypted, and mutual authentication achieved. Biometric match data recovered from the encrypted message provides a second something-you-are authentication factor. The B-AKE protocol ensures users never reveal their knowledge or biometric credentials to imposter recipients or man-in-the-middle observers. Diffie-Hellman key establishment provides forward secrecy, a highly desirable protocol property, when participants choose fresh random values each time they operate the protocol.