HYBRID BIOMETRIC AUTHENTICATION PROTOCOL DESIGN USING PROVERIF

Abstract

The thesis presents verification of OAUTH and OAUTH2 . ProVerif is used as the verification tool for verifying and analysing the protocols. The protocol are analysed in ProVerif model. Various attacks to the protocols are generated in order to verify whether the protocols hold their intended properties.We have selected 2 protocols and proposed a Hybrid biometric authentication protocol for social login. Each of which has different intended purposes and properties. The first protocol is generic authentication highlighting the deficiencies.It suffers from a large count of vulnerabilities like CSRF attack,phishing attacks and so on. The second protocol is a new evolution of previous protocol with major changes in data flow and and security aspects.Though,it overcomes many of the vulnerabilities but still the security of data was questionable. Hence, third protocol was designed so that the intensional authentication property can be verified. The protocol promises three intended properties: privacy of the biometric data, liveness of biometric data used as a salt in token secret of MAC token used in OAUTH2 and intensional authentication. The protocol is illustrated in detail and desirable properties of the protocol are verified.