An Approach to Cryptographic Key Exchange Using Fingerprint

Cryptography is the most reliable tool in network and information security. The security of cryptography depends on the cryptographic key management. It consists of key generation, key storing and key sharing. A randomly generated long key (of 128, 190 or 256 bits) is difficult to remember. As a consequence, it is needed to be stored in a secured place. An additional authentication like knowledge or token based authentication is used to control the unauthorized access to the key. It is found that password is easy to break and token can be damaged or stolen. Moreover, knowledge or token based authentication does not assures the non-repudiation of a user. As an alternate, it is advocated to combine biometric with cryptography, known as crypto-biometric system (CBS), to address the above mentioned limitations of traditional cryptography as well as enhance the network security. This paper introduces a CBS to exchange a randomly generated cryptographic key with user’s fingerprint data. Cryptographic key is hidden within fingerprint data using fuzzy commitment scheme and it is extracted from the cryptographic construction with the production of genuine fingerprint data of that user. Our work also protects the privacy and security of fingerprint identity of the user using revocable fingerprint template.

[1]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[2]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[3]  Ingrid Verbauwhede,et al.  Automatic secure fingerprint verification system based on fuzzy vault scheme , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[4]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[5]  Anil K. Jain,et al.  Fingerprint Template Protection: From Theory to Practice , 2013, Security and Privacy in Biometrics.

[6]  Hao Feng,et al.  Private key generation from on-line handwritten signatures , 2002, Inf. Manag. Comput. Secur..

[7]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Kenneth Ko,et al.  User's Guide to NIST Biometric Image Software (NBIS) , 2007 .

[9]  Sunil V. K. Gaddam,et al.  Efficient Cancelable Biometric Key Generation Scheme for Cryptography , 2010, Int. J. Netw. Secur..

[10]  K. Duraiswamy,et al.  Secured Cryptographic Key Generation From Multimodal Biometrics: Feature Level Fusion of Fingerprint and Iris , 2010, ArXiv.

[11]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[12]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[13]  K. P. Soman,et al.  Irrevocable Cryptographic Key Generation from Cancelable Fingerprint Templates: An Enhanced and Effective Scheme , 2009 .

[14]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[15]  Andreas Uhl,et al.  Context-based biometric key generation for Iris , 2011 .

[16]  B. Chen,et al.  Biometric Based Cryptographic Key Generation from Faces , 2007, 9th Biennial Conference of the Australian Pattern Recognition Society on Digital Image Computing Techniques and Applications (DICTA 2007).

[17]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.