Biometric-Kerberos authentication scheme for secure mobile computing services

Kerberos is an authentication protocol in which client and server can mutually authenticate each other across an insecure network connection. After the identity authentication, client and server can encrypt all of subsequent communications to ensure privacy and data integrity. In this paper, a biometric Kerberos-based user identity authentication scheme is presented. In the scheme, smart phones having computing capability and an internal mobile camera are the only device required at the user-end. The combination of owner biometrics and device information will be used for identity authentication. A watermark links the device to its user. The watermark is produced and embedded by using the internal functions of smart phones entirely and the watermark embedding key is the by-product in Kerberos authentication. Only the trusted key distribution center has enough knowledge to detect and remove the watermark. The ticket for the permission to access an application resource will only be issued upon successful biometric authentication. The watermark also offers forensic traceability in a resource constraint environment. As a result, cost effective strong security can be attained in mobile computing services.