Secure key agreement protocols: Pure biometrics and cancelable biometrics

Abstract In this paper, we propose two novel biometrics-based secure key agreement protocols, namely Secure Key Agreement-Pure Biometrics (SKA-PB) and Secure Key Agreement-Cancelable Biometrics (SKA-CB). Each of our protocols uses biometrics with unordered features. SKA-PB protocol provides symmetric cryptographic key agreement between the user and the server. This key is generated by utilizing only the feature points of the user’s biometrics. In other words, SKA-PB protocol does not generate the key randomly or it does not use any random data in the key itself. On the other hand, SKA-CB protocol integrates the cancelability property into SKA-PB protocol by the use of a device-specific binary string. In SKA-CB protocol, biometric templates can be canceled at any time as a precaution to template compromise. As a proof of concept, we implement these protocols using fingerprints and employ multi-criteria security and complexity analyses for both of them. These security analyses show that the generated keys possess sufficient randomness according to Shannon’s entropy. Additionally, these keys are distinct from each other, as measured by Hamming distance metric. Our protocols are also robust against brute-force, replay and impersonation attacks, proven by high attack complexity and low error rates.

[1]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[2]  Axel Munk,et al.  The Fuzzy Vault for Fingerprints is Vulnerable to Brute Force Attack , 2007, BIOSIG.

[3]  Berrin A. Yanikoglu,et al.  Realization of correlation attack against the fuzzy vault scheme , 2008, Electronic Imaging.

[4]  Tran Khanh Dang,et al.  Cancellable fuzzy vault with periodic transformation for biometric template protection , 2016, IET Biom..

[5]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[6]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[7]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[8]  Anil K. Jain,et al.  Securing Fingerprint Template: Fuzzy Vault with Helper Data , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).

[9]  Satoshi Hoshino,et al.  Impact of artificial "gummy" fingers on fingerprint systems , 2002, IS&T/SPIE Electronic Imaging.

[10]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[11]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[12]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[13]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[14]  S. Kanade,et al.  Three factor scheme for biometric-based cryptographic key regeneration using iris , 2008, 2008 Biometrics Symposium.

[15]  Andreas Uhl,et al.  Statistical attack against iris-biometric fuzzy commitment schemes , 2011, CVPR 2011 WORKSHOPS.

[16]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[17]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[18]  Albert Levi,et al.  A Survey on the Development of Security Mechanisms for Body Area Networks , 2014, Comput. J..

[19]  Nalini K. Ratha,et al.  Anonymous and Revocable Fingerprint Recognition , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[20]  Jörn Müller-Quade,et al.  Reusing Tamper-Proof Hardware in UC-Secure Protocols , 2018, Public Key Cryptography.

[21]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[22]  Daesung Moon,et al.  Dictionary Attack on Functional Transform‐Based Cancelable Fingerprint Templates , 2009 .

[23]  Sabih H. Gerez,et al.  Fingerprint matching by thin-plate spline modelling of elastic deformations , 2003, Pattern Recognit..

[24]  Alex Stoianov,et al.  Security of Error Correcting Code for biometric Encryption , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[25]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[26]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[27]  Albert Levi,et al.  Secure key agreement using pure biometrics , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[28]  Claude E. Shannon,et al.  The mathematical theory of communication , 1950 .

[29]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[30]  Su Fei,et al.  Cracking Cancelable Fingerprint Template of Ratha , 2008, ISCSCT.