This repository contains several sub-projects (or sketches) related to my final year project I completed at university.
My final year project was the development of a product allowing you to log in to a website using your fingerprint and username/password.
A full multi-factor biometric authentication system was developed, including a prototype biometric authentication device.
This repository contains code relating to step 1 and 2 shown above. View this repository for code relating to the other stages and an in depth explanation.
The full authentication process in brief:
The user scans their fingerprint on a fingerprint sensor connected to an Arduino device. The user's fingerprint would have been previously enrolled on the device. If the fingerprint matches, a set of symmetric pre-shared cryptographic keys are released.
These keys are then used in a bespoke double challenge-response authentication protocol occurring in a RESTful fashion using JSON over HTTP. This involves performing numerous cryptographic actions on a low resource Arduino device (no HTTPS, no asymmetric crypto) to achieve mutual authentication between the user and the remote server. As the cryptographic keys used in the protocol are only ever made available by the user scanning their fingerprint, this verifies the identity of the user biometrically.
With biometric authentication achieved, the user must then navigate to the website and log in to the system using their username and password within 30 seconds to log in successfully.
This section contains code for SAPv3. This is the completed version of the authentication protocol. View this repository for an indepth explanation of SAPv3
This section contains code used for testing numerous lightweight encryption ciphers, hashing functions used within HMAC constructs and Authenticated Encryption with Associated Data ciphers. By running these comparisons and drawing on external resource, the most lightweight cryptography appropriate for the project was selected.