IKTPLUSS-IKT og digital innovasjon

Crimes involving illegal access to user accounts are simpler than ever based on the widespread password-based approach, which is proven to be vulnerable and no longer user-friendly. Identity theft and impersonation to steal money from personal accounts is one of the most critical threats that directly concerns economic development. The SWAN project researched and developed innovative technologies, leading to a usable, economic, and privacy-preserving access control platform based on biometrics. Our research results allow the authentication of banking transactions and secure access to services over wired and mobile networks, using biometric identifiers. This can be extended to other eServices (e.g eHealth). Biometric references can be stored, controlled and verified locally based on a pre-shared secret, which can be used to seal and authenticate transaction data. Furthermore smartphones can now act as hardware tokens to which the additional functionalities are integrated to capture the biometric characteristics like (face, fingerprint, voice and eye). The biometric authentication protocol is designed to be privacy compliant and to align with existing and emerging standards in the field. In the recent project activities, the SWAN consortium investigated defense mechanisms for the new threat of face morphing attacks, which are relevant in the biometric enrolment procedures. Project partners disseminated their research findings in numerous publications at international conferences. Research results can now be transferred to a spin-off company, which was established by NTNU as a follow-up of the project.

Our initial assumption from 2015 was, that this research results will help to combat the increasing threats and vulnerabilities in financial services to achieve more secure and privacy based ICT services. The outcome of the research will demonstrate that biometric authentication solutions can meet the requirements of all stakeholders and provides a new dimension for finical or in general e-services. These assumptions became true, as at the end of 2021 a large majority of European Citizens are using a biometric factor to authenticate financial transactions. The protocols that are deployed are different from what we specified in our academic research, yet the need was validated by marked adoption.

Crimes involving illegal access to accounts are simpler than ever based? on the widespread password-based approach, which is proven to be vulnerable and no longer user-friendly. Identity theft and impersonation to steal money from personal accounts is one of the most critical threats that directly concerns economic development. The SWAN project will research and develop countermeasures and innovative technologies, which lead to a usable, economic, and privacy-preserving access control platform based on biometrics. Our research will allow the authentication of banking transactions and secure access to services over wired and mobile networks, using biometric identifiers. This can be extended to other eServices (e.g eHealth). Biometric references will be stored, controlled and verified locally based on a pre-shared secret, which can be used to seal and authenticate transaction data. This overcomes the need of centralized storage of biometric data. Furthermore smartphones will act as hardware tokens to which the additional functionalities will be integrated to capture the biometric characteristics like (face, fingerprint, voice and eye). Processes are designed to serve scalable security needs. The biometric authentication will be designed to be privacy compliant and to align with existing and emerging standards in the field.