IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.6, June 2009 79 Manuscript received June 5, 2009 Manuscript revised June 20, 2009 Personal Authentication Protocol based on ECDLP using Biometric Feature Values Jayaprakash Kar† and Bansidhar Majhi†† †Department of Information Technology, Al Musanna College of Technology, Sultanate of Oman ††Department of Computer Science & Engineering, National Institute of Technology, Rourkela, INDIA Summary This paper proposes a new Biological personal authentication protocol which helps to establish trust by identifying a particular user or system. It is a one-way authentication protocol. Here the biological information, whatever its kind such as fingerprints, iris, retina DNA, tissue and other features which are unique to an individual are embedded into cryptographic keys which consists of both Private and Public keys in Public Key Cryptosystem. Our Protocol is based on Elliptic Curve Discrete Logarithm Problem (ECDLP). Here the entity is generating two numbers for his own private key. If one of the numbers is stolen or modified, the system security can still be guaranteed due to the computational infeasibility of solving Elliptic Curve Discrete Logarithm Problem, unless the other variable is leaked. Key words: ECDLP, Biometrics feature values 1. Introduction Now a day Authentication Protocol is an important ap- plication area in Cryptography community. Entity au- thentication or Personal Authentication is the process whereby one party is assured (through acquisition of corroborative evidence) of the identity of a second party involved in a protocol, and that the second has actually participated (i.e. active at, or immediately prior to, the time the evidence is acquired). Distinction is made be- tween weak, strong, and zero-knowledge based authen- tication. Objectives of identification protocols is from the point of view of the verifier, the outcome of an entity authentication protocol is either acceptance of the claimants identity as authentic (completion with accep- tance), or termination without acceptance (rejection). More specifically, it includes the following [4].  In the case of honest parties A and B, A is able to successfully authenticate itself to B, i.e. B will complete the protocol having accepted A ’ s identity.  (Transferability) B cannot reuse an identification exchange with A so as to successfully impersonate A to a third party C.  (Impersonation) the probability is negligible that any party C distinct from A, carrying out the protocol and playing the role of A, can cause B to complete and accept As identity. Here negligible typically means is so small that it is not of practical significance; the precise definition depends on the application.  The previous points remain true even if: a (poly-nominally) large number of previous authentications between A and B have been observed; the adversary C has participated in previous protocol executions with either or both A and B; and multiple instances of the protocol, possibly initiated by C, may be run simultaneously. 2. Background In this section we brief overview of Elliptic Curve over finite field, Elliptic Curve Discrete Logarithm Problem and the feature of various Biological Information per- sonal identification data. 2.1 The finite field F p Let p be a prime number. The finite field p F is com- prised of the set of integers 1 ... 2 , 1 , 0  p with the following arithmetic operations [2] [3] [4]:  Addition: If p F b a  , then r b a   , where r is the remainder when b a  is divided by p and . 1 0    p r This is known as addition modulo p .  Multiplication: If p F b a  , then s b a  . , where s is the remainder when b a. is divided by p and 1 0    p s . This is