Development of Robust Identity Verification Solutions Utilizing Physiological Traits for Remote Service Platforms

In our data-driven society, the need for remote data storage and computation services is growing very quickly. This means that people need to be able to safely access this data and these services. This paper presents the design of an innovative biometric-based authentication protocol to ensure secure access to a remote (cloud) server. In the suggested method, we treat a user's biometric data as a secret credential. We then use the user's biometric data to create a unique identity, which we then use to make the user's private key. We also suggest an efficient way to make a session key between two people who are talking to each other using two biometric templates to send messages safely. There is no need to keep the user's private key anywhere, and the session key is made without sharing any previous information. A thorough Real-Or-Random (ROR) model-based formal security analysis, an informal (non-mathematical) security analysis, and a formal security verification using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool show that the proposed method can withstand many known attacks from both active and passive adversaries. Finally, a lot of experiments and a comparison study show that the proposed approach works well and is useful.