A HYBRID BIOMETRIC-CRYPTOGRAPHIC FRAMEWORK FOR SECURE ATM AUTHENTICATION USING FINGERPRINT RECOGNITION AND TIME-BOUND QR CODES

Authors

  • Aisha Ibrahim Galadima Federal University of Lafia
  • Haruna Umar Adoga Federal University of Lafia

DOI:

https://doi.org/10.33003/fjs-2025-0912-3805

Keywords:

Multi-Factor Authentication, Cryptography, QR Code Verification, Hardware Security Module, ATM Security

Abstract

The persistent vulnerabilities in traditional PIN-based ATM authentication systems, including skimming and shoulder surfing attacks, necessitate more robust security solutions. This paper presents a hybrid biometric-cryptographic framework for secure ATM authentication, combining fingerprint recognition with time-bound QR codes. The proposed framework addresses vulnerabilities in traditional PIN-based methods by implementing a dual-factor approach, combining fingerprint verification as the primary method with dynamically generated QR codes as a secure fallback. When fingerprint matching fails, the system generates a cryptographically signed QR code valid for 120 seconds, incorporating HMAC-SHA256 signatures and hardware-protected keys to prevent replay attacks. Experimental results using the Raspberry Pi 4 Model B demonstrate significant improvements, including 25% higher authentication accuracy than PIN systems and consistent processing times of 1.8-2.2ms for QR generation under load. The framework maintains usability while providing robust protection against skimming, shoulder surfing, and credential reuse. Key contributions include the integration of Hardware Security Module (HSM) protection for biometric templates, O(1) complexity QR validation, and automatic failover between authentication methods. This research offers financial institutions a practical and scalable approach to enhance ATM security, eliminating the need for significant infrastructure modifications.

References

Adoga, H. U. (2024). Leveraging NFV heterogeneity at the network edge [Doctoral dissertation, University of Glasgow].

Adoga, H. U., & Pezaros, D. P. (2023). Towards latency-aware VNF placement on heterogeneous hosts at the network edge. In GLOBECOM 2023-2023 IEEE Global Communications Conference (pp. 6383-6388). IEEE.

Adoga, H. U., Imam, H., Dauda, A., Og-bonoko, J. F., Bako, U. M., Ochang, P., Agushaka, J., et al. (2019). Improved security techniques in multi-protocol label switching. FULafia Journal of Science and Technology, 5(2), 161-168.

Adoga, H. U., Ezugwu, E., Umar, M., et al. (2016). Operating system security and penetration testing. FULafia Journal of Science and Technology, 2(2), 151-157.

Agrawal, P., Saxena, R., Agrawal, S., & Singh, R. (2024). Fingerprint-enabled ATM network. International Journal of Computer Science and Mobile Computing (IJCSMC), 13, 107-115.

Ahmeduddin, S., Azeem, S. A., Haleem, S. A., Pasha, S. A., & Ahmed, M. S. (2022). The use of fingerprints within the ATM system. Journal of Algebraic Statistics, 13(3), 2415-2421.

Bhanuteja, G., Janadri, A., Kumbar, A. S., Ganapathi, N., et al. (2023). A novel approach for fraud pruning in ATM using QR code. In 2023 Fourth International Conference on Smart Technologies in Computing, Electrical and Electronics (ICSTCEE) (pp. 1-7). IEEE.

Narsaiah, M., Lasya, G., Veronica, K., Abhilash, A., Kirthana, P. S., Kumari, M. S., & Pathani, A. (2023). Fingerprint recognition for future ATM security. In E3S Web of Conferences (Vol. 430, p. 01167). EDP Sciences.

Nielsen, J. (2000). Why you only need to test with 5 users. Alertbox. https://www.nngroup.com/articles/why-youonly-need-to-test-with-5-users/

Priya, P., Jeeva, R., Pradeep, M., & Kishor, S. (2023). An effective cardless ATM transaction using computer vision techniques. In 2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS) (Vol. 1, pp. 1684-1690). IEEE.

Ramya, S., Sheeba, R., Aravind, P., Gnanaprakasam, S., Gokul, M., & Santhish, S. (2022). Face biometric authentication system for ATM using deep learning. In 2022 6th International Conference on Intelligent Computing and Control Systems (ICICCS) (pp. 1446-1451). IEEE.

Rukpakavong, W., Subsomboon, K., & Nilpanich, S. (2022). Mutual authentication for cardless ATM withdrawal using location factor. Creative Science, 14(2), 245396.

Shanmugapriyan, J., Parthasarathy, R., Sathish, S., & Prasanth, S. (2022). Secure electronic transaction using Aadhaar based QR code and biometric authentication. In 2022 International Conference on Communication, Computing and Internet of Things (IC3IoT) (pp. 1-4). IEEE.

Wang, G., Sutikno, A., Ginting, F., & Angelica, N. (2021). Applying QR code in mobile banking use. In 2021 International Conference on Information Management and Technology (ICIMTech) (Vol. 1, pp. 835-839). IEEE.

Proposed dual-factor ATM authentication framework

Downloads

Published

31-12-2025

Issue

Vol. 9 No. 12 (2025): FUDMA Journal of Sciences - Vol. 9 No. 12

Section

Research Articles

Categories

License

Copyright (c) 2025 Aisha Ibrahim Galadima, Haruna Umar Adoga

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Galadima, A. I., & Adoga, H. U. (2025). A HYBRID BIOMETRIC-CRYPTOGRAPHIC FRAMEWORK FOR SECURE ATM AUTHENTICATION USING FINGERPRINT RECOGNITION AND TIME-BOUND QR CODES. FUDMA JOURNAL OF SCIENCES, 9(12), 409-416. https://doi.org/10.33003/fjs-2025-0912-3805

Most read articles by the same author(s)