Fuzzy Biometric Authentication in Home
Networks for Personalized Users’ Access
Mohamed Abid, Hossam Afifi
Wireless Networks and Multimedia Services
Dept of Institut Telecom SudParis
Evry, France
{mohamed.Abid, hossam.Afifi}@it-sudparis.eu
Abstract- Thanks to the advances in communication
and wireless technologies, many personal devices are
able to interact within a new type of network called
Home Networks (HNs). However, we need to protect
the privacy of the users and secure their data during
transfer. A number of works has been carried out
recently to allow users’ authentication within these
networks using a biometric approach.
In this paper, we propose a new biometric
authentication method in HNs having broadband
access to the Internet. The proposed solution employs
the Fuzzy Vault biometric scheme and enables each
user to access to his applications’ profiles in a
personalized and secure manner. Our proposed
solution brings additional privacy and does not
disclose the biometric data of the users. This solution
is consistent with the operator constraints regarding
the performance and technical aspects.
Keywords-component; Biometric Authentication; Home
Networ; Personalized access; Fuzzy vault
I. INTRODUCTION
As more homes are outfitted with computers
and personal devices (ex, PDA, cellular phones,
MP3 players, games consoles), it is natural to think
of interconnecting devices for data and access
sharing peripherals (such as printers). As a
consequence, users wish to explore the possibility
of connecting the Home Network (HN) to the
Internet. In this paper, we focus on the
authentication of each user within the HN, using a
novel biometric modalities, to access to the local
services and hence to the Internet
As defined in [1], a HN is composed of
personal devices, within the home, connected to a
local gateway, also known as the Home Gateway
(HG) or the Home Server. In fact, the HG plays the
role of a communication-gateway between the
indoor and outdoor world (i.e. the Home and the
Internet). In the context of our work, the HG also
plays the role of an authentication server, while
users’ devices (such as, PDA, lap-tops, PC...) are
considered as authentication clients.
In [2], Ellison defines many kinds of HNs
based on the home users, these are as follows: i)
978-1-4244-2036-0/08/$25.00 ©2008 IEEE.
Authorized licensed use limited to: College of Engineering. Downloaded on February 28,2010 at 07:12:23 EST from IEEE Xplore. Restrictions apply.
Hassnaa Moustafa, Gilles Bourdon
France Telecom R&D
(Orange Labs),
Issy Les Moulineaux, France
{hassnaa.moustafa, gilles.bourdon}@orange-ftgroup.com
Single-Person homes, ii) Couple with Small
Children, iii) Families with Teenagers, and iv)
Adult Guests and Roommates. In our study we
consider the last two types, since they need more
constraints in the security policy especially
concerning the access to the Internet and to the
eventual services in one hand, and they present an
important market to telecom operators and service
providers on the other hand.
In fact, Biometric authentication is promising
in the HN scenario. Biometric authentication
systems consist of two steps, which are enrollment
and authentication. In the enrollment phase, the
biometric data are captured from a user, where the
biometric features are extracted and eventually
stored in a database. As for the authentication
phase, we need to distinguish two alternative
methods:
• Verification: the user who claims an identity
presents some form of identifier (like used ID,
ATM card) and a biometric characteristic. The
new features will be compared with the stored
ones, associated with the provided ID (1-to-1
matching);
• Identification: The new features extracted will
be compared to the entire database for matches
(1-to-N matching).
The difference between a password and a
biometric template is relative to the replay attack, a
password is supposed to be secret, while biometric
templates are not. Some systems incorrectly assume
that biometric measurements are secret and grant
access when matching biometric features are
presented. To resolve such a problem, we need to
combine biometry with cryptography and we try in
this paper to clarify and highlight this issue.
The rest of this paper is organized as follows:
Section II and III discuss some related works on
Biometric cryptography and Home Network
Access. Section IV presents the new proposed
solution. Section V presents an analysis for the
proposed solution. Finally, we conclude the paper
in Section VI highlighting some future work.

II. BIOMETRIC CRYPTOGRAPHY
Using Biometrics involves resolving the
privacy protection problem, where users would not
probably like to leave their Biometric Templates
(BTs) in databases. As a consequence, number of
studies specifically targeting to secure biometric
systems has grown significantly. Encrypting BTs is
an employed approach, however it seams to provide
an insufficient solution, since BTs circulate in
network and thus it is easy to be recovered.
One should notice that BTs are fuzzy due to the
noises in the real images, and thus the BT of each
user will be different for each acquisition. The early
contributions like that of Juels and Sudan [3] work
on “fuzzy vault construct”. In [3], the sender can
place a secret S in a vault and lock (secure) it using
an unordered set A (this can be the fingerprint
minutiae). On the other hand, the receiver, using an
unordered set B, can unlock the vault (access S)
only if B substantially overlaps with A. A and B are
fuzzy templates. In [4], Uludag and Jain’s solution
aimed to construct a fuzzy vault in form of a 2D
point cloud containing a secret such as a symmetric
encryption key. This solution is based on the idea
suggested by Juels and Sudan [3]. In Uludag et al.
scheme, Alice can place a secret S (e.g., secret
encryption key) in a vault and lock (secure) it using
an unordered set A of minutiae point. On the other
hand, Bob, using an unordered set B, can unlock the
vault (access S) only if B substantially overlaps
with A.
A. Vault Construction
The procedure to build the fuzzy vault is
described as follows:
• Initially, Alice chooses a polynomial P of
degree N which encodes S (S is generated as a
128-bit random bit stream, like an AES
symmetric encryption key. S will be then used
in the construction of P).
• Then, Alice calculates the polynomial
projection, P (A), where A is the minutiae
points. (If (x, y) is an element of A then u =x|y
is used to calculate the value P (u)).
• Alice adds some points generated randomly
(chaff points) whose image does not belong to
P.
B. Vault Decoding
When Bob tries to recover S (through trying to
find the coefficients of P), he uses his own set of
unordered points B.
To decode the fuzzy vault, we need to retrieve
the same polynomial to extract the secret.
If B equalizes or differs a little from A, B will
be able to locate some abscissa u, which will be
Authorized licensed use limited to: College of Engineering. Downloaded on February 28,2010 at 07:12:23 EST from IEEE Xplore. Restrictions apply.
used to interpolate P (their number must be equal to
or higher than N + 1).
The algorithm decodes many candidate secret
keys. Then, it finds which one of these candidates is
the actual secret using Cyclic Redundancy Check
(CRC).
III. RELATED WORKS
In this section, we present some existing
solutions for users’ authentication in HNs. We
consider that most devices in HNs can use wireless
connection (IEEE 802.11) with a Home Gateway
HG.
One of the first solutions is the use of WEP[5]
keys to authenticate each user (eventually
authenticating the device that is being used by the
user and not the user himself). WEP keys proved to
be vulnerable to attacks due to the weakness of the
employed RC4 encryption mechanism as well as
the insufficient key size. Others type of solutions
are based on Passwords or tokens. Since HNs users
do not always have very strong knowledge on
network security, they will probably choose weak
secrets or they will forget to change it in a periodic
manner, ignoring the necessity to do this. Another
solution approach is based on using certificate
authentication methods, which is more secure but
has the problem of certificate distribution and
revocation.
A novel solution is proposed by Lee et al. in
[1] employing the biometry in an EAP (Extensible
Authentication Protocol) [6] authentication model.
Figure 1 [1] illustrates this approach. A new
message is added to EAP authentication, in a way
that is some how similar to EAP-TTLS (Tunneled
TLS “Transport Layer Security”) authentication [7].
Figure 1. EAP with Biometry (reference [1])
The required steps of this proposed solution are
as follows:
 (1) Users BTs are enrolled at the HG.
(2) Client device (i.e. user authentication client
module) authenticates the HG by verifying its
certificate.
(3) The user and the HG will then share the same
key and cipher suites through using TLS protocol.
(4) The user BT encrypted by the shared key is
transferred to the HG.
(5) The user authentication result is transferred to
the user device in an encrypted form, where
legitimate users get authenticated.
Biometric authentication is applied in the solution
proposed by Lee et al., however some limitations
exist. We noticed in this solution that the BT is just
encrypted and then sent in the network which
makes the personal data exposed to attacks. This
solution aims at creating a new EAP method called
EEAP (Encrypted Extensible Authentication
Protocol). Thus, the solution is less compatible with
the existing standards EAP protocols and hence is
difficult to be deployed at a commercial level.
Moreover, it is not clear how the same key is
exchanged between the client and the server to
encrypt the BT, another field concerning this key
need to be specified.
We notice that the above discussed solutions,
except Lee et al. one, mainly aim at authenticating
the Home Network itself without regarding which
user is being connected (i.e. the network
operator/service provider only identifies the HN
owner “subscriber”). But in a finer granularity
level, each user is a separate entity having his
profile’s, and thus should be authenticated
separately using personalized security parameters.
At the same time, the privacy of each user should
be guaranteed. In this context, biometric
authentication is a promising solution allowing
identification of each user according to his BT and
thus authenticating him in a distinguished manner
and personalizing his access.
In our work, we employ the biometric
authentication concept; however our solution
avoids sending BT in the air. The proposed solution
is detailed in the next section and analyzed in
Section V.
IV. PERSONALIZED USERS’ ACCESS IN HOME
NETWORKS: A PROPOSED SOLUTION
In this section, we present a new solution, in
which we add another level of security through fine
granulity authentication. We aim at personalizing
the access of each user in the HN and preventing
illegitimate users (passing by the HG) to have any
access. Our approach of personalized access also
permits each user to use any device in the HN,
while being able to access his appropriate profile.
We propose a new biometric authentication method,
Authorized licensed use limited to: College of Engineering. Downloaded on February 28,2010 at 07:12:23 EST from IEEE Xplore. Restrictions apply.
while keeping in mind the constraint of the non
storage of the users’ Biometric Template BT in the
HG. To satisfy this constraint, we propose using the
Fuzzy vault method [4] to hide a secret that should
be used for authentication. The HG has the role of
generating a secret for each user session, which will
be hidden by the BT. The user needs to recover the
secret in order to authenticate.
A. Solution Description
We consider a Home Network HN scenario in
which users connect to a Home Gateway HG for
broadband Internet access, using any equipment in
the HN. Each user should be recognized through
presenting his BT in order to get authenticated and
to obtain a personalized access. The objective is
allowing each user in the HN to have a personalized
access and to access his proper personal context.
From an operator view, the proposed solution
respects the operational constraints as well as the
constraints posed by the CNIL (French Data
protection Authority) [8] concerning the use of the
biometry. The former concerns the compatibility of
the proposed solution with the AAA
(Authentication, Authorization and Accounting)
architecture at the operator’s network, where there
is no need to use new authentication protocols or
modify the existing ones. While, the latter concerns
the illegal storage of BT as well as its non reveal.
Figure 2. Access Personalization in Home Networks HN
We consider that a biometric identifier is
created using user’s BTs, and stored in a local
manner (as explained below). This identifier is not
transferred in the network. One should also notice
that the size of storage is minimum (limited to the
number of family members at home). Figure 2
illustrates the context of the proposed solution.

B. Required Conceptual Steps
The proposed solution requires a number of
steps, which mainly concerns the equipments’
configuration and the BT treatment and storage.
The required conceptual steps are as follows;
1) Configuration Phase:
In this phase, each user should present his BT
(finger-prints template) to be manipulated and
stored in the database of the HG.
• The finger-print acquisition of each user is
carried out using the HN equipments, which
are supposed to have integrated biometric
sensors.
• The finger-print of each user is not used as is,
but it is treated following the mechanism
illustrated below for generating an identifier
corresponding to the user. The generated BioID
is then stored in the database of the HG and
HN equipments. The record in the HG should
be manual in the configuration phase to be sure
that it is the illegitimate HG (i.e we don’t have
till now a secure wireless session).
Once the digital finger-print is enrolled using a
biometric sensor at the HN equipment, a software,
which generates minutiae, is applied for extracting
the minutiae. A predefined number of theses
minutiae is then selected to create a biometric
identifier (BioID). We can choose to use 24 genuine
minutiae points to create BioID with 384 bits size.
This gives a good opportunity to use a 128 key
seize.
The BioIDs of users are then stored in a table
form (this could be a special file) together with the
logins that correspond to their owners. Figure 3
shows the storage form of users’ BioIDs in the HN
equipment and in the HG.
Figure 3. BioID Storage in the Home Network HN
We can choose to use 24 genuine minutiae
points to create BioID with 384 bits size.
2) Users’ Connection to the Home Gateway:
Each time the user wishes to connect to the
HG, he does a new acquisition for his finger-print
in order to identify himself (step1), with out any
Authorized licensed use limited to: College of Engineering. Downloaded on February 28,2010 at 07:12:23 EST from IEEE Xplore. Restrictions apply.
need to type a login or a password. In this case, the
finger-print acquisition is done through the HN
equipment that is being used, and they are treated
(as explained in the previous step) to generate the
user identifier BioID. The generated identifier is
then compared with the one stored in the equipment
for the same user, if the same identifier exists, the
corresponding login is sent to the HG and the
process of user’s authentication starts.
3) Users’ Biometric Authentication:
In step2 and step3, the HG having received the
user login, searches in its database the
corresponding BioID to this user, and then it starts
authenticating the user based on this identifier in
order to allow him to have personalized access. The
authentication process is mainly based on a
challenge-request/challenge-response approach.
Figure 4 illustrates the corresponding
messages’ exchange:
• A secret message is created by the HG and
used as a challenge for the user that wishes to
connect.
• The Fuzzy Vault [4] method is applied in order
to construct a vault that hide the secret key. The
BioID is used to create the vault following the
method described in section II.
• The resulting vault and the challenge are
transmitted to the user.
• The user should deblock the vault using his
BioID (resulting from the current finger-print
capture) in order to get back the secret
message.
• Once the secret message is found, the user
transmits to the HG the challenge that he
received encrypted with the recovered secret
message.
• The HG then decrypts the challenge using the
secret message and compares it with the one
initially sent. If the comparison result is the
same, the user is authenticated and he gets a
personalized access.
We consider that the messages exchange
during the challenge-request/challenge-response
takes place using the EAP. Thus, we need only to
piggyback the vault and the challenge in the EAP-
request. We highlight that this solution is open for
any EAP method. However during the future
implementation, we will choose the suitable EAP
method according to the application scenario.
Analysis of the Proposed Solution
The proposed solution is advantageous in the
sense of allowing an ease of access (each user
simply presents his finger-print), and assuring
personalized users’ access in spite of the
equipment/terminal that is being used. Conforming
to the CNIL recommendation on the storage of BT
 by non governmental authorities, the proposed
solution assures a local storage of the acquired
finger-prints (limited to the HG and the HN
equipments). In addition, the finger-prints are
treated before being used or stored. This allows
decreasing the risk of their theft in case that the HG
is compromised by an intruder for instance.
Figure 4. Messages Exchange for Authorizing the Personalized
Access
C. Technical Analysis
From a network operator/service provider
view, the proposed solution is compatible with the
existing Authentication Authorization Accounting
AAA infrastructure. We need only to piggyback the
vault and the challenge in one EAP-request. In
addition, this solution is promising in opening new
business opportunities, thanks to the biometric
authentication method that allows for a
personalized users’ access and hence a better access
control in HNs (for instance, it makes it easy to
monitor and control the children’s access to the
Internet, even during the absence of their parents).
The personalized users’ access in the proposed
solution, allows controlling the access for each
broadband access line depending on the user that is
being connected. However, in classical broadband
access control, the connection itself is authenticated
which is considered as a part of the configuration
phase. The authentication takes place each time the
Home Gateway HG is granted an IP connectivity
(and hence Internet connection for a user).
D. Security Consideration
Applying the proposed solution is promising in
avoiding the storage of users’ BTs in databases.
Authorized licensed use limited to: College of Engineering. Downloaded on February 28,2010 at 07:12:23 EST from IEEE Xplore. Restrictions apply.
Only some random minutiae should be stored,
which identifies the finger-print owner (the
corresponding user) but is insufficient to recover
the whole finger-print. We choose to change secret
key each time the user connects, so the attacker
could not retrieve the BioID.
1) Attacks on the Home Gateway
During the communication with the HG, we
assume that the HG uses its certificate (previously
obtained by a Certificate Authority (CA)). So an
attacker (illegitimate used) could not decrypt the
communication between the HN users and the HG,
since he needs the server’s private key to decrypt
the message ciphered with server’s public key. On
the other hand, if an attacker wants to impersonate
the HG, he couldn’t create a validate vault, because
he will choose a secret but he don’t have the BioID
which is created on the configuration phase.
2) Impersonating users
Thanks to applying the fuzzy vault mechanism
[4], the Genuine Accept Rate (GAR) is expected to
be 72.6% at FAR (False Acceptance rate) = 0%.
When a malicious user wishes to impersonate the
illegitimate user, he is neither able to decode the
vault nor able to cipher the challenge with secret
key since he does not have the same BioID.
V. CONCLUSION
Home Networks (HNs) security is an emerging
subject, attracting both the research community and
the industry. An important trend is to separate
user’s authentication from the used device,
allowing for fine granularity authentication and
users’ personalized access in spite of the used
device in the HN.
Applying biometric authentication is promising
in allowing users’ authentication in a distinguished
manner as well as personalized users’ access.
However, this technology should be carefully used
in order to protect users’ privacy and prevent the
disclosure of their biometric template BT. Our
proposed solution allows the protection of private
BT thanks to applying the fuzzy vault mechanism.
A next step for this work is an implementation
in order to have a proof of concept of the proposed
approach as well as a performance estimate
compared to other non biometric approaches. An
important point that will be also studied concerns
the fuzziness of BTs and how to diminish it.
REFERENCES
[1] Y. Lee, H. Ju, J. Park, J. Han, “User authentication
mechanism using authentication server in home network,”
Advanced Communication Technology, 2006. ICACT
2006. The 8th International Conference, Volume 1, Feb.
2006 Page(s) 503- 506.
[2] C. M. Ellison, “Home Network Security,” Intel
Technology, Spring 2002.
 [3] A. Juels and M. Sudan. “A fuzzy vault scheme,” in A.
Lapidoth and E. Teletar, editors, Proc. IEEE Int. Symp.
Information Theory, page 408, 2002.
[4] U. Uludag and A. Jain, “Securing Fingerprint Template:
Fuzzy Vault with Helper Data,” Proc. IEEE Workshop on
Privacy Research In Vision (PRIV), New York City, NY,
June 2006.
[5] N. Borisov, I. Goldberg, D. Wagner, “Intercepting mobile
communications: the insecurity of 802.11,” Proc.
MobiCom '01: Proceedings of the 7th annual international
conference on Mobile computing and networking, Rome,
July 2001, page 180--189
[6] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, H.
Levkowetz, “Extensible Authentication Protocol (EAP),”
RFC 3748.
[7] P. Funk, “EAP Tunneled TLS Authentication Protocol
Version 1 (EAP-TTLSv1),” IETF draft-funk-eap-ttls-v1-
01, March 2006
[8] Commission Nationale de l'Informatique et des Libertés
(CNIL), “Dossier biométrie,” http://www.cnil.fr,
12/03/2007.

© TELECOM & Management SudParis (ex INT), 2007,

9, rue Charles Fourrier – 91011 Evry Cedex, Mohamed Abid and
Hossam Afifi
And
© FT SA, 2007, Head office at 6 place d' Alleray 75505
Paris Cedex 15, Hassnaa Moustafa and Gilles Bourdon

Authorized licensed use limited to: College of Engineering. Downloaded on February 28,2010 at 07:12:23 EST from IEEE Xplore. Restrictions apply.