Adding Channel Security to a Fingerprint Verification Chain

Authenticating persons using fingerprints is a widely accepted method in the field of access control, border control, prosecution and many others. Today, fingerprint modules with customizable firmware can be bought commercially off the shelf by hobbyists and small companies to be used in their applications and are usually locally separated from a controller implementing the feature extraction and comparison algorithms. As a matter of fact, the communication channel between the sensor and the controller module is susceptible to eavesdropping and man in the middle attacks. Nevertheless, adding communication channel security to such a system has a direct negative impact on the system’s response time, thus directly affecting user acceptance. The aim of this paper is to provide a comprehensive investigation on measures to counter run-time degredation when adding communication channel security on behalf of an existing fingerprint verification chain. We show that a combination of the elliptic curve Diffie-Hellman key exchange together with AES-256 and the use of parallelization using OpenMP on a controller node leads to an acceptable run time making key creation and exchange upon every fingerprint read request a suitable undertaking.