A Protection Scheme for MOC-Enabled Smart Cards

Abstract

The concept of match-on-card (MoC) consists of a smart card which receives an applicant's candidate template T to be compared with the stored reference template Tref by processing the complete matching algorithm during a biometric authentication request. The smart card will then output whether this comparison is positive or not. The main argument against MoC-enabled smart cards is that it opens the way for YesCard (i.e. an attack path previously seen in banking, a card always returning "yes"). The threat regarding biometrics is not only YesCard, but also NoCard as we will see in this paper. We will propose a protocol to easily thwart these attacks by using simple cryptographic primitives such as symmetric encryption. This protocol will however only protect the system from malicious smart cards, but will not protect the smart card against malicious systems. Finally we will enhance this pro tocol to protect the smart card against its use as a so-called oracle to guess the stored reference biometric template.