Biometric cryptosystems: issues and challenges

In traditional cryptosystems, user authentication is based on possession of secret keys; the method falls apart if the keys are not kept secret (i.e., shared with non-legitimate users). Further, keys can be forgotten, lost, or stolen and, thus, cannot provide non-repudiation. Current authentication systems based on physiological and behavioral characteristics of persons (known as biometrics), such as fingerprints, inherently provide solutions to many of these problems and may replace the authentication component of traditional cryptosystems. We present various methods that monolithically bind a cryptographic key with the biometric template of a user stored in the database in such a way that the key cannot be revealed without a successful biometric authentication. We assess the performance of one of these biometric key binding/generation algorithms using the fingerprint biometric. We illustrate the challenges involved in biometric key generation primarily due to drastic acquisition variations in the representation of a biometric identifier and the imperfect nature of biometric feature extraction and matching algorithms. We elaborate on the suitability of these algorithms for digital rights management systems.

[1]  W. W. Peterson,et al.  Error-Correcting Codes. , 1962 .

[2]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[3]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[4]  John Daugman,et al.  High Confidence Visual Recognition of Persons by a Test of Statistical Independence , 1993, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[6]  Sharath Pankanti,et al.  An identity-authentication system using fingerprints , 1997, Proc. IEEE.

[7]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[8]  Bhagavatula Vijaya Kumar,et al.  Biometric Encryption using image processing , 1998, Electronic Imaging.

[9]  Bhagavatula Vijaya Kumar,et al.  Biometric Encryption: enrollment and verification procedures , 1998, Defense + Commercial Sensing.

[10]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[11]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[12]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[13]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[14]  William Stallings,et al.  Cryptography and network security - principles and practice (3. ed.) , 2014 .

[15]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[16]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[17]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[18]  James L. Wayman,et al.  Fundamentals of Biometric Authentication Technologies , 2001, Int. J. Image Graph..

[19]  Sharath Pankanti,et al.  On the individuality fingerprints , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[20]  Qi Li,et al.  Using voice to generate cryptographic keys , 2001, Odyssey.

[21]  Anil K. Jain,et al.  FVC2002: Second Fingerprint Verification Competition , 2002, Object recognition supported by user interaction for service robots.

[22]  Anil K. Jain,et al.  FVC2000: Fingerprint Verification Competition , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[23]  Daniel P. Lopresti,et al.  Toward Speech-Generated Cryptographic Keys on Resource-Constrained Devices , 2002, USENIX Security Symposium.

[24]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[25]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[26]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[27]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[28]  F. Lemmermeyer Error-correcting Codes , 2005 .

[29]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..