Generating and sharing biometrics based session keys for secure cryptographic applications

Crypto-biometric systems, which combine biometrics with cryptographic systems, are gaining more and more attention. Person verification with high degree of assurance offered by biometrics can greatly improve the security of a cryptographic system. In such systems, a stable crypto-biometric key (to be used for cryptography) is derived from biometrics and a strong link between the user identity and the cryptographic keys is established. In this paper, we first propose a simple and effective protocol to securely share such crypto-biometric keys. Moreover, we propose another protocol to generate and share session keys which are valid for only one communication session. This protocol achieves mutual authentication between the client and the server without the need of trusted third party certificates. This protocol also facilitates easy online updating of templates. The stored templates are cancelable. The protocols are evaluated for biométrie verification performance on a subset of the NIST-FRG02 face database.

[1]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[2]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[3]  Joachim von zur Gathen,et al.  A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes , 2010 .

[4]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[5]  Joachim M. Buhmann,et al.  Distortion Invariant Object Recognition in the Dynamic Link Architecture , 1993, IEEE Trans. Computers.

[6]  Terrance E. Boult,et al.  Bipartite Biotokens: Definition, Implementation, and Analysis , 2009, ICB.

[7]  Bruce A. Draper,et al.  The CSU Face Identification Evaluation System , 2005, Machine Vision and Applications.

[8]  T.E. Boult,et al.  Bio-cryptographic protocols with bipartite biotokens , 2008, 2008 Biometrics Symposium.

[9]  Boris Skoric Security with Noisy Data - (Extended Abstract of Invited Talk) , 2010, Information Hiding.

[10]  S. Kanade,et al.  Three factor scheme for biometric-based cryptographic key regeneration using iris , 2008, 2008 Biometrics Symposium.

[11]  Yoshifumi Ueshige,et al.  A proposal of efficient scheme of key management using ID-based encryption and Biometrics , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[12]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[13]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[14]  Bernadette Dorizzi,et al.  Cancelable iris biometrics and using Error Correcting Codes to reduce variability in biometric data , 2009, CVPR.

[15]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[16]  Kouichi Sakurai,et al.  A Proposal of One-Time Biometric Authentication , 2006, Security and Management.

[17]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[18]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[19]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[20]  Terrance E. Boult,et al.  Revocable fingerprint biotokens: accuracy and security analysis , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[21]  P. Jonathon Phillips,et al.  Face Recognition Grand Challenge , 2004 .

[22]  Ileana Buhan,et al.  Cryptographic keys from noisy data, theory and applications , 2008 .

[23]  Michael G. Strintzis,et al.  A Channel Coding Approach for Human Authentication From Gait Sequences , 2009, IEEE Transactions on Information Forensics and Security.

[24]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[25]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[26]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .