Security Analysis of Biometric Verification Protocol Using Scyther Model Checker: A Case Study

Abstract

Aadhaar is a biometric-based national identification system used in India that relies on fingerprints, iris scans, and face images as primary means of verification. Ensuring the reliability and security of biometric protocols is critical, as they must be robust and resistant to attacks. To achieve and prove the reliability of a biometric security protocol, the traditional testing technique is not a desirable solution because of its limitations. The formal verification technique is a better solution to prove the reliability of a biometric security protocol as it provides mathematical proofs to validate security protocols. The biometric capture devices used in the Aadhaar system must comply with either Level-0 (L0) or Level-1 (L1) security standards as defined by the Unique Identification Authority of India (UIDAI). The L0 protocol is widely adopted due to its cost-effectiveness, though it is less secure compared to the L1 protocol. This paper focuses on the formal analysis and verification of the L0 iris-based biometric verification security protocol. Using the Scyther model checker, security vulnerabilities in the L0 protocol are identified. A security solution is then proposed by addressing these vulnerabilities and formally proving the correctness of the improved security model against the Dolev-Yao adversary model.

References

Adeyanju, I. A., Emake, E. D., Olaniyan, O. M., Omidiora, E. O., Adefarati, T., Uzedhe, G. O., & Okomba, N. S. (2021). Digital industrial control systems: Vulnerabilities and security technologies. Current Applied Science and Technology, 21(1), 188-207. https://doi.org/10.14456/cast.2021.18

Baillot, P., & Ghyselen, A. (2022). Types for complexity of parallel computation in Pi-calculus. ACM Transactions on Programming Languages and Systems, 44(3), 1-50. https://doi.org/10.1145/3495529

Bao, H., Su, Y., Hua, Z., Chen, M., Xu, Q., & Bao, B. (2024). Grid homogeneous coexisting hyperchaos and hardware encryption for 2-D HNN-like map. IEEE Transactions on Circuits and Systems I: Regular Papers, 71(9), 4145-4155. https://doi.org/10.1109/TCSI.2024.3423805

Blanchet, B., Cheval, V., & Cortier, V. (2022). ProVerif with Lemmas, induction, fast subsumption, and much more. IEEE Symposium on Security and Privacy (69-86). IEEE. https://doi.org/10.1109/SP46214.2022.9833653

Cai, Z., Li, Y., & Zhao, Y. (2024). Murphi2Chisel: A protocol compiler from Murphi to Chisel. Proceedings of the 15th Asia-Pacific Symposium on Internetware (pp. 209-218). https://doi.org/10.1145/3671016.3671376

Author Information

Pradeep Rajanna

Department of Computer Science and Engineering, Siddaganga Institute Of Technology,Tumkur - Karnataka, 572103, India, Affiliated to Visvesvaraya Technological University, Belagavi - Karnataka, 590018, India

Nagarajaiah Renukamba Sunitha

About this Article

Journal

Online First Articles

Keywords

biometric

Aadhar

security

L1 protocol

formal verification

Scyther

Published

8 May 2025

DOI

https://doi.org/10.55003/cast.2025.257532

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

Security Analysis of Biometric Verification Protocol Using Scyther Model Checker: A Case Study

Abstract

References

Author Information

Pradeep Rajanna

Nagarajaiah Renukamba Sunitha

About this Article

Journal

Keywords

Published

DOI

Current Journal

Search

Latest Articles

Physical and Antioxidant Properties of Bamboo Shoot: Impact of Boiling on Purine Content and Antioxidant Activity

Optimization of Needleless Electrospinning for the Large- Scale Production of Photocatalytic Nanofibers

Impact of Pichia manshurica UNJCC Y-123 and Pichia cecembensis UNJCC Y-157 on Fermentation of Maggot (Hermetia illucens) Growth Media for Enhanced Broiler Chicken Carcass Quality

Isolation, Screening, and Molecular Identification of Plant Growth-Promoting Rhizobacteria from Maize Rhizosphere Soil