International Journal of Computer Applications (0975 – 8887) Volume 30– No.5, September 2011 13 Four-Factor based Privacy Preserving Biometric Authentication and Authorization Scheme for Enhancing Grid Security G. Jaspher Willsie Kathrine Department of Information Technology Karunya University, Tamil Nadu, India E. Kirubakaran Director (Outsourcing), BHEL Trichy, Tamil Nadu, India ABSTRACT Increase in the data sharing of distributed data has resulted in resource usage being more and more distributed. The distributed nature of data and its need to be accessed has resulted in the grid environment. Authentication is considered as the first step of security requirement for any grid environment against potential threats. This paper proposes an authentication method which is based not only on the password and the user ID but also on the biometric input and the position of the user. By enhancing the security at the entry point of Virtual Organization (VO), the grid environment is secured in its first step. The same biometric and position data used for authentication can further be used for authorization purposes so as to reduce the cost and time of storing different data for different purposes. A Four- Factor based Privacy Preserving Biometric (4F2PB) authentication scheme for a grid environment is proposed which can work on the existing Network Framework. The proposed authentication scheme optimises the security required for the entry level user and prevents malicious user from entering into the grid environment. Keywords: Grid Computing, Authentication, Virtual Organisation, Biometric Data. 1. INTRODUCTION Grid computing involves sharing heterogeneous resources which are located in geographically distributed places belonging to different administrative domains [1]. Grid data sharing is not file exchange but rather access to computers, software, data and other resources. Grid involves the creation of a dynamic Virtual Organization (VO). Each virtual organization comprises of users and their resources and any other services (S) joined by a common goal [2]. Each of the user or resource is available from different administrative domains (DO). Each user or resource has its own trust policy which requires a local to global and global to local mapping of the access policies as discussed in [3]. The basic security for the Globus Toolkit (GT 4) is the Grid Security Infrastructure (GSI) in C and Java [4], [5]. It depends on the Public Key Infrastructure (PKI), X.509 Proxy certificates and TLS for authentication. GSI involves third-party verification for the purpose of authorization. The GSI security is secure enough but has scalability problems [5]. All of the existing security schemes are based on the user name and the password which belongs to a two factor authentication scheme. The proposed authentication scheme optimizes the security of a grid environment by adding more features like biometric data and the position of the user during and after authentication. 2. RELATED WORK User authentication has been in discussion for a long time to enhance the security of any system at the entry level itself. Methods such as password based systems and ID based systems have been used. A hash-chain based remote user authentication in which all the passwords are encoded is given in [6]. In all the initial remote based authentication systems, a verifier table is to be placed in the server side which becomes a problem if the server is compromised. In order to avoid maintaining a verifier table Hwang et al., proposed a non-interactive smart card based scheme without verifier tables [7]. A finger print based remote user authentication scheme was proposed in [8]. This scheme was found to be vulnerable to masquerade attacks and many other attacks [9], [10]. In [11], [12], [13], the biometric data itself is taken as a key for encryption/decryption. The secret data is extracted by using the biometric template as the key. The biometric data is to be stored in the server side and used for comparison. But for effective Biometric authentication, the process is to be done in the client side [14] to avoid any problem due to the server being compromised [15]. In [16], the method has been optimized with the matching being done in the server side. But the server does not store any biometric data in its database thereby protecting the privacy of the user. The method in [16] provides a three factor authentication which is password – something the user knows; smart card – something the user has; biometrics – something the user is. A further enhancement to this type of authentication is to add a fourth factor thereby providing a four factor authentication [17]. The fourth factor can be the addition of location of the user – someplace the user is. This fourth factor can be implemented by using the data obtained from the cookies of a user’s web browser or computer or from the Global Positioning System (GPS) or the IP address location process. The fourth factor addition enhances the security criteria required for a vast distributed system such as a military or medical or research or Banking Grid environments. The military data sharing requirements take into consideration the place in which the user is positioned so as to find the location of any valid/invalid user. So, the sensitive areas of application require security with some amount of privacy preservation. By combining the biometric data with passwords and the location of the user, the security factors are further enhanced. The next section shows the methodology of the proposed Four-Factor based Privacy Preserving Biometric (4F2PB) authentication system.