crypto-biometric systems for network...

CRYPTO-BIOMETRIC SYSTEMSFOR

NETWORK SECURITY

Subhas Barman

School of Information TechnologyIndian Institute of Technology, Kharagpur

Kharagpur - 721302

Crypto-Biometric Systems for NetworkSecurity

Thesis submitted in partial fulfillment of therequirements for the degree

of

Master of Technology

in

Information Technology

by

Subhas Barman[ 11IT60Q02 ]

Under the guidance of

Dr. Debasis Samanta

School of Information TechnologyIndian Institute of Technology, Kharagpur

Kharagpur - 721302April 2013

©2013 Subhas Barman. All rights reserved

Declaration

I, Subhas Barman, Roll no. 11IT60Q02 registered as a student of M.Tech. in theSchool of Information Technology, Indian Institute of Technology, Kharagpur, India,do here by declare that

a. The work contained in the thesis is original and has been done by myself underthe general supervision of my supervisor.

b. The work has not been submitted to any other Institute for any degree ordiploma.

c. I have followed the guidelines provided by the Institute in writing the thesis.

d. I have conformed to the norms and guidelines given in the Ethical Code ofConduct of the Institute.

e. Whenever I have used materials (data, theoretical analysis, and text) from othersources, I have given due credit to them by citing them in the text of the thesisand giving their details in the references.

f. Whenever I have quoted written materials from other sources, I have put themunder quotation marks and given due credit to the sources by citing them andgiving required details in the references.

Dated:

[Subhas Barman]Roll No. 11IT60Q02

School of Information TechnologyIndian Institute of Technology, Kharagpur.

iii

Certificate

This is to certify that this thesis entitled Crypto-Biometric Systems for Net-

work Security, submitted by Subhas Barman to Indian Institute of Technology,

Kharagpur, is a record of bonafide research work carried under my supervision and I

consider it worthy of consideration for award of the degree of Master of Technology of

the Institute.

Dated:

[Debasis Samanta]Associate Professor

School of Information TechnologyIndian Institute of Technology, Kharagpur.

iv

Acknowledgement

In the first place I would like to record my sincere gratitude to my advisor Dr.Debasis Samanta for his invaluable guidance, constant encouragement and mindfulattention during the project work giving me extraordinary experiences through outthe work. It is indeed an honor and a great privilege for me to have learned fromhis expertise and experiences which exceptionally inspire and enrich my growth as astudent and a researcher want to be.

I owe my deepest gratitude to the entire faculty members of School of InformationTechnology for providing an excellent academic environment and support.

I must also convey my heartfelt thanks to the ever diligent staff of School of Infor-mation Technology for providing support in all we did.

This thesis would not have been possible unless the support of my family members,who have been backing me up throughout my life.

I am indebted to all my classmates for the motivation and support for me withoutany hesitation during the course of my work.

[Subhas Barman]School Of Information Technology

Indian Institute of Technology, KharagpurDate:..../..../2013.

v

Abstract

To ensure the secure transmission of data, cryptography is treated as the most ef-fective solution. Cryptographic key is an important entity in this process. In general,randomly generated cryptographic keys are used for encryption and decryption of mes-sages, which can be made large enough to make it strong. As a consequence, such keyneeds to stored in a protected place, otherwise poses a threat to security. As an alter-native to this, it is advocated to generate the cryptographic key using the biometrictraits of both sender and receiver during the transmission session, thus avoiding keystoring and at the same time without compromising the strength in security. However,the biometric based cryptographic key generation has some difficulties: maintain theprivacy of user’s biometric data, sharing of biometric data and generating revocablekey from irrevocable biometric. This work addresses the above mentioned concerns. Wepropose an approach to generate cryptographic key from fingerprints of both commu-nicating parties (i.e, sender and receiver). Initially, both sender and receiver extractminutiae points from their individual fingerprint and share with each other to gen-erate revocable key for symmetric cryptography. Similarly, in the second approach,cancelable fingerprint template is generated and shared with each other to generatecryptographic key in sender site as well as in receiver site. In our third approach, wepropose to store the cancelable template of receiver at sender side. To ensure securityof this template, we propose to store the template after locking it with the same ofsender using XOR operation. This locked template is unlocked if the genuine templateof sender is provided. This template is used to verify the receivers’ authentication aswell as to generate cryptographic key. In our all approaches, generated key is revocablewhich can be cancelled and replaced easily, if required. The non-invertible propertyof the generated key in our approach, protects the privacy of cancelable templatesand fingerprints. This cryptographic key is strong enough as it is produced from twofingerprints of two different persons. This type of cryptographic key can be used insymmetric cryptography for better security of data transmission.

Keywords: Crypto-biometric system, cryptographic key generation, fingerprints,cancelable template, revocable key, non-invertible key, secure data transmission, net-work security.

Contents

List of Figures iii

List of Tables iv

1 Introduction 11.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.3 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.4 Contribution of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . 61.5 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 Literature Survey 92.1 Cancelable Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.2 Cryptographic Key Binding . . . . . . . . . . . . . . . . . . . . . . . . 102.3 Cryptographic Key Generation . . . . . . . . . . . . . . . . . . . . . . 122.4 Biometric Data Transmission . . . . . . . . . . . . . . . . . . . . . . . 13

3 Cryptographic Key Generation from Fingerprints of Sender and Re-ceiver 143.1 Proposed Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.1.1 Feature Extraction from Fingerprint Image . . . . . . . . . . . . 143.1.2 Steganographic Encoding . . . . . . . . . . . . . . . . . . . . . . 153.1.3 Steganographic Decoding . . . . . . . . . . . . . . . . . . . . . . 173.1.4 Merging Minutiae Data Set FS and FR . . . . . . . . . . . . . . 173.1.5 Shuffle Key Update . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.2 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.2.1 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.2.2 Experimental Setup . . . . . . . . . . . . . . . . . . . . . . . . . 223.2.3 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . 23

i

DSamanta

Cross-Out

DSamanta

Cross-Out

DSamanta

Comment on Text

Key Generation with Fingerprint Templates

3.2.4 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 263.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

4 Cryptographic Key Generation from Cancelable Fingerprint Tem-plates 304.1 Proposed Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

4.1.1 Cancelable Template Generation . . . . . . . . . . . . . . . . . 314.1.2 Sharing Cancelable Templates . . . . . . . . . . . . . . . . . . . 334.1.3 Key Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4.2 Experimental Result . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.2.1 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.2.2 Experimental Setup . . . . . . . . . . . . . . . . . . . . . . . . . 364.2.3 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . 374.2.4 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5 Session Key Generation using Enrolled cancelable template 465.1 Proposed Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

5.1.1 Enrollment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475.1.2 Session Key Generation and Sharing . . . . . . . . . . . . . . . 475.1.3 Template Update . . . . . . . . . . . . . . . . . . . . . . . . . . 50

5.2 Comparison with other work . . . . . . . . . . . . . . . . . . . . . . . . 525.2.1 Existing Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525.2.2 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

5.3 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535.3.1 Security of Fingerprint . . . . . . . . . . . . . . . . . . . . . . . 545.3.2 Security of Cryptographic Key . . . . . . . . . . . . . . . . . . . 54

5.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

6 Conclusions and Future Work 56

ii

DSamanta

Cross-Out

DSamanta

Comment on Text

with

DSamanta

Cross-Out

DSamanta

Cross-Out

DSamanta

Comment on Text

with Receiver's Enrolment

DSamanta

Comment on Text

DSamanta

Cross-Out

List of Figures

1.1 Basic cryptography systems . . . . . . . . . . . . . . . . . . . . . . . . 21.2 Key binding scheme which binds cryptographic key with biometric . . . 41.3 Key generation from biometric features . . . . . . . . . . . . . . . . . . 4

3.1 An overview of proposed crypto-biometric system . . . . . . . . . . . . 153.2 (a) Sender’s Fingerprint, (b) Receiver’s fingerprint, (c) Minutiae points

extracted from (a) and (d) Minutiae points extracted from (b) . . . . . 163.3 Shuffling method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183.4 A snapshot of fused features and shuffled features . . . . . . . . . . . . 193.5 Shuffle key update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203.6 A snapshot of cover image and stego image . . . . . . . . . . . . . . . 243.7 Error in imposter’s key when shuffle key is unknown . . . . . . . . . . . 253.8 Error in imposter’s key when shuffle key is known . . . . . . . . . . . . 253.9 Error in imposter’s key when one fingerprint is known but shuffle key is

unknown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263.10 Error in imposter’s key when one fingerprint and shuffle key are known 26

4.1 Key generation by sender and receiver . . . . . . . . . . . . . . . . . . 314.2 Shuffling method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324.3 Dissimilarity among cancelable templates of genuine user and impostor

for DB1, DB2 and DB3 of FVC2000 (set B) . . . . . . . . . . . . . . . 384.4 Dissimilarity among cancelable templates of genuine user and impostor

for DB1, DB2 and DB3 of FVC2002 (set B) . . . . . . . . . . . . . . . 384.5 Dissimilarity among cancelable templates of genuine user and impostor

for DB2, DB3 and DB4 of FVC2004 (set A) . . . . . . . . . . . . . . . 394.6 Cover images (a, c, e) taken from DB4 of FVC2000, FVC2002, FVC2004

and corresponding stego images (b, d, f) . . . . . . . . . . . . . . . . . 404.7 Hamming distance between genuine and impostor’s key for fingerprint

database of FVC2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

iii

4.8 Hamming distance between genuine and impostor’s key for fingerprintdatabase of FVC2002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

4.9 Hamming distance between genuine and impostor’s key for fingerprintdatabase of FVC2004 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5.1 Enrollment process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485.2 Session key generation and sharing . . . . . . . . . . . . . . . . . . . . 49

6.1 An overview of our first proposed crypto-biometric system . . . . . . . 566.2 An overview of our second proposed crypto-biometric system . . . . . . 576.3 An overview of our third proposed crypto-biometric system . . . . . . . 57

iv

List of Tables

3.1 Fingerprints used our Experiments . . . . . . . . . . . . . . . . . . . . 223.2 Effect of Steganography on Cover Image . . . . . . . . . . . . . . . . . 233.3 Computation time of our approach . . . . . . . . . . . . . . . . . . . . 25

4.1 Fingerprints used in our Experiments . . . . . . . . . . . . . . . . . . . 364.2 Hamming Distance among Cancelable Templates in FVC2000 . . . . . 384.3 Hamming Distance among Cancelable Templates in FVC2002 . . . . . 394.4 Hamming Distance among Cancelable Templates in FVC2004 . . . . . 404.5 Effect of Steganography on Cover Image . . . . . . . . . . . . . . . . . 414.6 Hamming Distance between genuine and impostor’s keys in FVC2000 . 424.7 Hamming Distance between genuine and impostor’s keys in FVC2002 . 434.8 Hamming Distance between genuine and impostor’s keys in FVC2004 . 44

6.1 Comparison of three approaches . . . . . . . . . . . . . . . . . . . . . . 586.2 Comparison of three approaches in terms of key . . . . . . . . . . . . . 58

v

Chapter 1

Introduction

Cryptography is widely used in information security and network security. It assuresthe security of information due to storage or transmission of information. The basicidea behind cryptography is to transform a plaintext (P ) before being stored or trans-mitted, into an encoded form (called ciphertext (C)) with the help of an encryptionalgorithm (E) and secret key (Ke). The Encrypted information (C) is transformedinto plaintext using a decryption algorithm (D) and a secret key (Kd) [1]. Therefore,the user who knows the secret key (Kd), is able to decrypt the encoded message andon the basis of knowledge of the key, the genuine user is authenticated in the tra-ditional cryptography. In cryptography, encryption-decryption algorithms are publicand security of cryptography depends on secrecy of the key which is used to decryptthe encrypted message. There are two types of cryptography: symmetric cryptogra-phy and asymmetric cryptography. In the first category of cryptography, same keyis used for encryption and decryption. And, before starting a communication ses-sion, the secret key is needed to share with other user(s) who likes to communicatethrough symmetric cryptography. As an example, say, sender S wants to transmita message P to receiver R and both sender and receiver have the secret key K (i.e.Ke = Kd = K). Sender encrypts the message on the basis of secret key and encryptionalgorithm (i.e. C = EK(P )) and the ciphertext is sent to receiver. On the other side,receiver decrypts the ciphertext on the basis of decryption algorithm and secret key(i.e. P = DK(C)). The symmetric cryptography is illustrated in Fig. 1.1a. In thesymmetric cryptography (e.g., AES [2]), key management is a major challenge.

In asymmetric cryptography, two different keys (mathematically related) are usedfor encryption and decryption process. Each party has two keys, public key (Ke)which is known to others and private key (Kd) which is known to its owner only.Now, let sender wants to send a message (P ) to receiver and sender knows the publickey of receiver. Public key of receiver is used to encrypt the plain text (i.e. C =

1

Chapter 1. Introduction

Encryption Decryption

Plaintext

Ciphertext

Shared secret key

ReceiverSender

Plaintext

(a) Symmetric cryptography

Encryption Decryption

Plaintext

Ciphertext

ReceiverSender

Plaintext

Public key

of receiver

Private key

of receiver

(b) Asymmetric cryptography

Figure 1.1: Basic cryptography systems

EKe(P )) by sender and private key of receiver is used to decrypt the ciphertext (i.e.P = DKd

(EKe(P )) = DKd(C)) by receiver [1]. The steps of asymmetric cryptography

is illustrated in Fig.1.1b. In asymmetric cryptography, there is no need of secure keysharing but it requires mathematical operation to compute the relation between publicand private keys. Moreover, this type of cryptography is too slow for a specific use(e.g., when large amount of data needs to be transmitted). For better network security,in practical system such as the Transport Layer Security (TLS) protocol, asymmetrickey cryptoghraphy is used to transmit a session key in a secured manner and then,the session key is used in symmetric cryptography to transmit message securely duringthat session [3]

In cryptography, security of the information depends on the key as the encryptionand decryption algorithms are public. If the key of the cryptography is compromised,then the message is also become known to the third party (i.e. attacker). In general,knowledge based (e.g., password) or token based authentication (e.g., smart card) isused in cryptography. In other words, an user is authentic if the user knows the secretkey or has the token and that user can access the confidential message. Now, if the keyis large enough (e.g., key size is 128, 162 or 256 bits for Advance Encryption Standard(AES) algorithm [2]), it is difficult to memorize the secret key for its users. As an

2


alternate, users store it somewhere (e.g., hardware token, smart card or in computer)and control the access to the secret key using another authentication system (e.g.,password based authentication) which possesses another security threat. Moreover,token or smart cards may be lost, stolen and password also may be forgotten or maybe guessed out with the help of dictionary attacks [1].

As an alternative to the above procedures of key management, researchers haveadvocated user’s biometric traits to manage cryptographic keys. Biometric is thephysiological or behavioral characteristics of a person and it is reliable to measure theidentify an individual uniquely [4]. Therefore, biometric has the inherent potential-ity to differentiate a genuine individual from a fraudulent impostor. For this reason,biometric is integrated with cryptography to enhance the security of traditional cryp-tography. Many researchers are working on biometric based cryptography (known ascrypto-biometric system [5]) where the authentication is guaranteed by biometrics andinformation security is guaranteed by the traditional cryptography. Authenticationcomponent of traditional cryptography is replaced by biometric based authenticationto remove the limitation of memorizing cryptographic key as well as maintaining thesecrecy of the key without compromising the strength of cryptographic key.

In general there are three ways to integrate biometrics with cryptography namely1) key release, 2) key binding, and 3) key generation [4]. In the key release mode,key release mechanism and biometric template matching are completely decoupled [6].The biometric template and cryptographic key are stored in a smart card or token or incomputer as separate entities. To release the cryptographic key, stored biometric andquery biometric are compared. The key is released only on the successful biometricsmatching. In this crypto-biometric systems, biometric template is stored and it is,again, vulnerable to attacks.

In the key binding scheme [6], cryptographic key is considered as secret and it ishidden within a cryptographic construct (fuzzy vault [6], fuzzy commitment scheme [3])using biometrics. The secret key is released from the cryptographic construct if andonly if the genuine biometric is provided. This scheme of crypto-biometrics is shown inFig. 1.2. Moreover, it is infeasible to extract the cryptographic key or biometrics fromthe cryptographic framework without sufficient knowledge about either the biometricsor the key. In this way, access to the cryptographic key is controlled and only legitimateusers can access the key when it is required.

In biometric-based cryptographic key generation scheme, biometrics is used to gen-erate cryptographic keys for encryption and decryption [12–15, 17]. For this purpose,biometric features of an user is used to generate the cryptographic key for encryptionand similarly, when it is required to decrypt the message, the key is regenerated from

3


Cryptographic Key

as secret (S)

Embedding key

into biometric template

Matching input

Template

with stored template

Biometrics template (T’)Biometrics template (T)

Released

Cryptographic Key

Biometrics Input biometrics

Store (S,T) If T=T’

Figure 1.2: Key binding scheme which binds cryptographic key with biometric

a query biometrics using the same process [22, 23]. This type of key generation incrypto-biometric systems is illustrated in Fig.1.3. As the key is generated from bio-metric features which is inherent to an individual, it is impractical to guess out theoriginal key or generate the key from impostor’s biometrics.

Feature ExtractionHash/ Key

generation EncryptionBiometric

Feature ExtractionHash/ Key

generationDecryptionQuery biometric

Plaintext

Ciphertext

Plaintext

Features

Features

Figure 1.3: Key generation from biometric features

1.1 Motivation

Symmetric cryptography requires key management (i.e. key sharing, maintaining keysecrecy) and key diversification [1]. As same key is used in encryption and decryptionalgorithms, it demands key sharing between the communicating parties before anycommunication. Moreover, for large message transmission through communicationchannel, message is divided into segments and each segment is encrypted with anunique key for better security [3]. Even, the cryptographic key is needed to changeperiodically and if the key is ever compromised then it becomes urgent to be changed bythe user. But, biometric based cryptography lacks revocability of key as the biometricsis inherent for an individual and if the key once become compromised anyway, becomeuseless forever [4, 8].

In biometric-based cryptography, protecting the privacy of biometrics and securingbiometrics information which is used in cryptography is very important [4]. Also, we

4


note that there are only few biometric traits associated with an individual. Therefore,preserving biometric identity of the user without compromising the security of thecryptography is a challenge.

Cryptography is a powerful tool to assure the security of information to storedata or transmit information. Biometrics assures the secrecy of cryptographic keybut biometrics are noisy or it variates in every scans depending on capturing tools orbehavior of the owner. This type fuzziness behavior of biometrics makes problem tobiometric based cryptography as cryptography needs exactness [4, 8].

Moreover, in biometric based cryptography, biometrics of both communicating par-ties can be used in cryptographic key generation to associate both users with the keywhich can satisfy the non-repudiation of users for the communication. In this per-spective, sharing biometrics information of one user with other communicating partyis not desirable [21]. In this regards, privacy and security of the biometrics which istransmitted to other communicating party, can be disclosed to that communicatingparty or to an interceptor.

Finally, cryptographic key generated from biometrics must be non-invertible [5, 8]such that the reverse computation will not be feasible. In other words, if the key iscompromised by any means, still it should not be computable the candidate biometricsfrom the cryptographic key.

1.2 Objectives

In our project, we therefore set out to design a fingerprint based cryptosystem togenerate a revocable but non-invertible cryptographic key from fingerprint features ofsender and receiver for symmetric cryptography and to preserve privacy and securityof the fingerprint data of both communicating parties. At the same time, anotherobjective of our project is to exchange the fingerprint data of both users securelyusing data hiding technique.

1.3 Overview of the Thesis

In our project, symmetric cryptographic key is generated from fingerprint data ofsender and receiver. We have proposed three approaches to develop three differentcrypto-biometric system. We highlight our three approaches in the following. In allour approaches, we consider fingerprint biometric data of sender and receiver, fromwhich we extract biometric features namely minutiae points.

5


• First Approach: In our first approach, cryptographic key is generated from thefingerprint features of sender and receiver. Both communicating parties transmittheir fingerprint data to each other using data hiding technique . In both sides(i.e., sender side and receiver side), fingerprint data of one user is merged withthat of other user and a combined feature set is generated by both sender andreceiver. Finally, cryptographic key is generated from combined feature setsusing a hash function.

• Second Approach: In our second approach, sender and receiver extract minutiaepoints from their own fingerprint images. Sender generates cancelable finger-print template from his fingerprint features and transmits it to receiver usingdata hiding technique. Similarly, receiver also generates cancelable fingerprinttemplate from his fingerprint features and transmits it to sender. Both, senderand receiver concatenate both cancelable templates and generate cryptographickey from the concatenated template at their ends.

• Third Approach: In our third approach, fingerprint data of one user (say, re-ceiver) is stored in the database of other user (say, sender). Initially, both userstransform their fingerprint features in cancelable template. In an enrollmentprocess, cancelable template of receiver is stored in the database of sender afterlocking it by cancelable template of sender. Whenever, sender and receiver wantto communicate with each other through cryptography, sender generates crypto-graphic key using the stored cancelable template along with his own cancelabletemplate. Then, sender locks his cancelable template with that of receiver andtransmits it to receiver. Receiver unlocks the cancelable template of sender us-ing his own cancelable template and generates the cryptographic key. Using thiskey, a secured communication session may be established between sender andreceiver.

1.4 Contribution of the Thesis

The major contribution of this thesis can be summarized as follows

• We design an approach of fingerprint based cryptographic key generation fromfingerprint data of sender and receiver. This approach is able to revoke thekey easily. We test the approach using fingerprint database which are publiclyavailable. This approach is able to generate 2200 different keys from the inherentfingerprint of two individuals.

6


• We design an approach to generate cancelable template from fingerprint tem-plate. Then the cancelable templates of both users are used to generate cryp-tographic key. This approach is also able to generate revocable key from ir-revocable fingerprint data. We test the cancelable template for collision withimpostor template and finally the genuine key and impostor’s key are checkedfor dissimilarity.

• Finally, we design an approach to generate cryptographic key from cancelabletemplates of both fingerprint template of sender and receiver where one of thefingerprint template (receiver) is stored with other user (sender) to authenticatethe user (receiver) before sharing the fingerprint data of the second user (sender)with first user (receiver).

1.5 Organization of the Thesis

The introductory chapter (Chapter I) describes the basic models of cryptographyand limitation of the traditional cryptography is studied. This chapter also describesthe motivation and objective of the thesis. The major contribution of this thesis arealso mentioned briefly. This chapter is followed by six other chapters in succession,the contents of which are briefly described below.

A brief survey of the existing work related to crypto-biometric systems is discussedin Chapter II. In this chapter, we divide the existing work into cancelable biometrics,biometric-based key binding, key generation schemes and biometric data transmission.Then the detailed survey of existing work related to each division is provided.

We have proposed an approach of cryptographic key generation from fingerprintfeatures in Chapter III. Initially, this chapter presents the feature extraction methodfrom fingerprint image and representation of minutiae points. Then, secure trans-mission of fingerprint data, merging of two fingerprint data set and key generationprocesses are discussed . The result of this approach are also presented using his-togram at the end of this chapter. This chapter also includes an analysis with respectto security of the generated key.

In Chapter IV, we have stated our second approach of fingerprint-based cryp-tographic key generation. In the beginning of this chapter, method of cancelabletemplate generation from fingerprint image is discussed. Then we have described thetechnique of cryptographic key generation from two cancelable templates. At the endof this chapter, we have discussed the results with a security analysis of the key.

The Chapter V explains our third approach of cryptographic key generation.

7


At the beginning of this chapter, we have discussed the enrollment phase, by whichcancelable template of one user is stored in the database of another user. Then,we explain the key generation process which includes authentication and cancelabletemplate transmission. The template update method is also described in this chapter.At the end of this chapter, we analysis the security of this approach.

Finally, Chapter VI concludes of thesis and indicates the further research direc-tions.

8

Chapter 2

Literature Survey

Our work incorporate biometric traits, cryptography and data hiding technique togenerate cryptographic key from fingerprint data of two persons. There are very fewwork in the literature which combined all the aforesaid concerns. In the literature,there are several existing work considering individual concerns. We classify the relatedwork in four categories: (a) cancelable template, (b) cryptographic key binding, (c)cryptographic key generation and (d) biometric data sharing. Now, we provide a moredetailed survey of related work on each category.

2.1 Cancelable Template

It is claimed in many existing work that cancelable template ensures the security ofbiometrics and revocability of inherent biometrics [4,5,8]. As the number of biometrictraits is limited for a person, it causes a problem when same biometric is used indifferent application and if any application is compromised then all the applicationbecome compromised as the biometric traits is not possible to change or cancel. Toalleviate this problem, cancelable biometrics is used in a secured biometric system.

There are many approaches of cancelable template generation which are reported asfollows. Ratha et al. [11] proposed different techniques for cancelable template genera-tion from fingerprint template. A complete disscussion regarding different approach ofcancelable transformation of fingerprint template is elaborately stated. In their work,conditions of one way transformation is also defined in details. The requirement oftransformation is also reported. Use of original template in different application cancauses security problem as compromising one application causes failure to all appli-cation. On the other hand, privacy protection of the biometrics is another concern inbiometric authentication systems which in fact, is not satisfied without utilizing trans-

9

DSamanta

Cross-Out

are

DSamanta

Comment on Text

Chapter 2. Literature Survey

formation of biometrics before use in different application. Cartesian transformationtechnique is used to displace the original locations of minutiae points with the helpof mapping matrix. Same transformation function with a different transformation keycan be used to generate a new cancelable template from same fingerprint.

N. Lalithamani and K.P. Soman [17] proposed an approach to generate cancelabletemplate from fingerprint. In this work, distances between minutiae points are com-puted and only unique distances are considered. The distances are sorted and storedin a vector what is called cancelable template by the authors. N. Lalithamani andK.P. Soman [13] proposed another approach for cancelable template generation fromfingerprint minutiae points using discrete exponential function. Initially the minutiaepoints (x, y- coordinates only) are stored in a vector and the next prime number ofeach element of that vector is computed and stored in another vector. Now the dis-crete exponential function is applied to the corresponding individual elements of thesetwo vectors. Then, if the result of discrete exponentiation function is prime then itis directly appended to a third vector otherwise next prime number of the result isappended to the third vector. Random pair of elements from the third vector is se-lected and new point is computed using multiplication of the elements of individualpair. Finally, distance between two new points are computed and sorted to generatethe cancelable template. This transformation is strong enough against any invertiblecomputation but this approach is silent about revocability of biometric using the sametransformation function.

2.2 Cryptographic Key Binding

In traditional cryptography, key management is required to maintain the secrecy ofcryptographic key. Biometric traits of users can be used to control unauthorized ac-cess to cryptographic key. In cryptographic key binding scheme, key is the secret andthe secret is hidden in a cryptographic construct with biometric feature of genuineuser. When, the key is required, another sample of biometric traits of genuine user ispresented and cryptographic key is released from the cryptographic construct.

There are different approaches related to key binding or key release which arediscussed below. Kanade et al. [3] proposed two protocols of biometric based cryp-tographic key regeneration using face biometric. In the first protocol, generated keysusing the crypto-biometric systems is shared securely . The second proposal is forgenerating and sharing cryptographic keys for a session of communication. In the firstapproach, cryptographic key Kr is randomly generated. The key is encoded with ErrorCorrecting Codes (ECC) and it generates a pseudo code θps. This θps is XORed with

10


cancelable template of the client to obtain a locked code template θlock. This lockedcode template is stored along with the hash of the key (h(Kr)) in database. The trans-formation key i.e., shuffle key is stored with the client for further use. When the keyis required for communication, an authentication process is carried out and the key isregenerated exactly with the help of ECC. For this purpose, fresh biometric sample istaken and cancelable template is generated using the stored shuffle key and the cryp-tographic key is extracted from the θlock using XOR operation. In the second proposal,they proposed a protocol to generate and share session keys based on biometrics usingthe same key regeneration scheme of first approach. In that approach, the cancelabletemplate of client is stored in the database of server and shuffle key is stored with theclient. Whenever a session key is required, server generates a random key (Kr) andgenerate θlock with cancelable template, random key and ECC using same method asmentioned in first approach. Then, θlock and double hash of the key (h(h(Kr))) aresent to client. Client regenerates the key (K ′r) using a fresh biometric, shuffle key andθlock and double hash of the regenerated key (h(h(K ′r))) is computed and compares itwith the received one (h(h(Kr))). In both hash values are matched then single hashvalue of the regenerated key (h(K ′r)) is sent to server and server verifies it with thehash value of the key (h(Kr)). If they are matched then the key (Kr) can be used assession key.

In the key binding scheme of crypto-biometrics, fuzzy vault [6] is a powerful cryp-tographic construct for secure biometric authentication and at the same time, thiscryptographic framework can protect the secrecy of the cryptographic key. The secretkey (K) is hidden in biometric sample which is considered as unordered set (A). Theuser selects a polynomial (P ) to encode the secret key as the coefficient of the polyno-mial. Then, the polynomial is evaluated for all elements in A and store the elementswith corresponding polynomial projection (P (A)). For security enhancement of thebiometric data as well as secret key, some random values known as chaff points, whichdo not lie on the polynomial, are added to the set and fuzzy vault is generated. In thisway the secret key is encoded into user’s biometrics through fuzzy vault. Now, anotherbiometric sample (say A′) of the same user’s is provided as the query template to thevault and if A′ is overlapped A substantially then the secret key K is released. Nan-dakumar et al. implemented a fingerprint based fully automatic and practical fuzzyvault system that can easily secure secrets key of 128 bits.

Hao et al. [5] proposed an approach to combine the cryptography with iris. In theirwork, they are able to generate cryptographic key from iris. For this purpose, a randomkey is generated and encoded the key with error correction codes (i.e. Reed-Solomoncode and Hadamard code). The encoded key is XORed with the reference iris code to

11


lock the reference iris code with encoded key and the locked iris code is stored in asmart card. Now, a fresh query iris code is generated and it is XORed with the lockediris code stored in smart card to extract the key from locked iris code. They are ableto extract 140 bits key correctly with 0.47% FRR and 0% FAR.

2.3 Cryptographic Key Generation

In key generation scheme of crypto-biometric systems, cryptographic key is directlyderived from features of biometric traits. In the literature, there exist several workwhere cryptographic key is generated from biometric or cancelable biometric. Cance-lable biometrics is very useful to generate revocable key and preserve the privacy ofbiometric traits. Different approaches are proposed by numerous researchers as follows.

Sunil V. K. Gaddam and M. Lal [12] presented a method to generate a crypto-graphic key from fingerprint template. In the method, at first an intermediate keyis generated from the minutiae points and this key is converted into a matrix. TheSecure Feature Matrix (SFM) is generated using the resultant key matrix with AESalgorithm. Finally the key is generated from the SFM. In this method, the securityof the SFM is strong as it is generated by AES algorithm but the regeneration of thesame intermediate key for decryption of SFM, is difficult for the fuzziness property ofthe biometrics.

Jagadeesan et al. proposed a method [15] where multi-modal biometrics (fingerprintand iris) is used. They applied the feature level fusion of minutiae points and textureproperties of iris respectivel to generate the multi-modal biometric templates and thekey is generated from this template. In the second paper [16] they also used samebiometrics (fingerprint and iris) but different method to generate the transformedtemplate. The exponentiation operation is performed where iris texture values areused as base numbers and minutiae coordinates are used as exponent. Then the nextprime number is calculated for each exponentiation result and multi-modal template isgenerated using multiplication of two resultants prime numbers. Using the procedureas stated in [15], cryptographic key (256 bits) is generated.

S. Dutta et al. reported a method [9] of fingerprint based cryptography. Crypto-graphic key (128 bits) is generated using cryptographic hash function (MD5) fromthe fingerprints of sender and receiver. In this method, fingerprint data of sender andreceiver are shared without transformation and used to generate cryptographic key of128 bits. In their method, key is generated in sender side and transmitted to receiverwith encrypted message. As a result, fingerprint privacy of each communicating partyis disclosed to each other.

12


The problem associated with these approaches is that they are not able to generaterevocable key.

2.4 Biometric Data Transmission

In the literature, there are very few work, where the cryptographic key is generatedfrom biometrics of two different communicating parties. These kind of applicationrequires secure sharing of biometric data with remote user for key generation. Biometricdata is considered as message to be transmitted and another media (image) known ascover media is used to carry the message securely. The function of the cover mediais only to carry the secret message. The message is hidden in cover image and stegoimage (where message is embedded) is transmitted to other user where the messagedecoded from stego image [24].

Numerous efforts are there in the literature for secure transmission of the biometricdata using data hiding technique [19–21]. Minutiae points of fingerprint are hiddenwithin face or synthetic fingerprint using watermarking technique and sent it to otheruser via insecure communication channel [19]. They used a secret key to hide thebiometric data in cover image. This secret key is used to extract the fingerprint datafrom the stego image. They also embedded multiple copies of fingerprint data to extractthe fingerprint data correctly from stego image. Similarly, fingerprint is also used ascover media to hide other biometric data (face) in watermarking technique and used ascarrier image for secure transmission of face data [20]. But in the data hiding process,use of real biometric as cover media is risky as it reveals sender’s biometric identity toreceiver.

13

Chapter 3

Cryptographic Key Generation fromFingerprints of Sender and Receiver

In this chapter, we propose an approach to generate cryptographic key from fingerprintsof both communicating parties. To associate fingerprints of two users, fingerprint dataneed to be transmitted to each other. In this approach, user’s biometric is integratedwith cryptography for enhancement of network security. Objective of this approach isto generate a revocable key from irrevocable fingerprints for symmetric cryptography.

3.1 Proposed Methodology

In this section, we discuss our proposed approach in details. An overview of our ap-proach is shown in Fig. 3.1. In our approach, both sender and receiver extract minutiaepoints from their own fingerprints. The minutiae data is exchanged between them usingsteganography. The stego key (Kg) is used by both parties for secure steganographicuse. Both fingerprint feature sets are combined, shuffled using shuffle key (KS) andfinally the cryptographic key is generated from it following a hash function. The abovementioned steps in our approach are stated precisely in the following.

3.1.1 Feature Extraction from Fingerprint Image

We follow the NIST’s NBIS algorithm (MINDTCT module) [?] to extract the features(ridge end and bifurcation) from a fingerprint image. The features are stored as (x, y, θ)

form, where (x,y) denotes coordinate value and θ is the orientation of a minutiae point.For example, a sample of two fingerprint images and extracted minutiae points areshown in Fig. 3.2. We have considered only (x,y) coordinate value as the minutiaepoints in our work. We extract minutiae based features from the fingerprint images of

14

Chapter 3. Cryptographic Key Generation from Fingerprints of Sender and Receiver

Sender (S) Receiver (R)

Cover Image (IS) Cover Image (IR)Features Extraction (FS) Features Extraction (FR)

Steganographic Encoder

Merge both Feature Sets (FS, FR)

Steganographic Encoder

Steganographic Decoder Steganographic Decoder

Merge both Feature Sets (FS, FR)

Hash Hash

Steg

o K

ey (K

g )

Steg

o K

ey (K

g )

Shuffle Key (KS)

Cryptographic Key (K)Cryptographic Key (K)

FR

FS

FS

FR

Cryptographic Key is used for

secure communication

Figure 3.1: An overview of proposed crypto-biometric system

both sender and receiver . For the reference in our subsequent discussion, we denotethem as follows.

• FS = Set of minutiae points extracted from senders fingerprint.FS = [(xi, yi)]; i= 1 to Ns, where Ns is the size of FS

• FR = Set of minutiae points extracted from receivers fingerprint.FR = [(x′i, y

′i)]; i = 1 to Nr and Nr is the size of FR

3.1.2 Steganographic Encoding

The minutiae data need to be sent to other site via a nonsecure channel. Both senderand receiver use steganography based data hiding technology to hide their minutiaedata into a cover image (I) (of size M pixels, say). The minutiae points are convertedinto binary stream [(m1,m2,m3, ...mL), where L is the number of bits of the convertedminutiae data set] is to be hidden into cover image using LSB steganography [24]. Thestego key (Kg = [k1, k2, ...kN ]; where L ≤ N ≤ M] is used to select the pixel locationsof cover image (I) where the minutiae data bits (mi) are to be embedded.

15


Figure 3.2: (a) Sender’s Fingerprint, (b) Receiver’s fingerprint, (c) Minutiae pointsextracted from (a) and (d) Minutiae points extracted from (b)

• Select the pixels of the cover image(I) according to the stego key (Kg).

pi = I(ki), ki ∈ Kg for all i = 1,2,...,N (3.1)

• Least significant bit of selected pixels (pi) is calculated using the following equa-tion

LSB(pi) = pi%2 (3.2)

• Embedding the message bit (mi) into the least significant bit (LSB) of pi as perthe following rule:

p′i =

{pi if LSB(pi) = mi

pi + (2 ∗mi − 1) otherwise(3.3)

• Replace the selected original pixels (pi) with the modified pixels (p′i) to obtainthe stego image Istego. That is,

Istego(l) =

{I(l) if l /∈ Kg

p′i otherwise(3.4)

This stego image (Istego) is sent to the recipient from sender and vice-versa.

16


3.1.3 Steganographic Decoding

The stego image (Istego) is received. Hidden minutiae data are extracted from thestego image using the decoding function and same stego key (Kg) which was used inencoding. The stego key is used to locate the pixels where data embedding was done.Now, the extracted binary stream is used to reconstruct the minutiae data sets.

• Select the pixels where embedding was done according to the stego key (Kg)

• Extract the hidden bits from the selected pixels (Istego(ki))

m′i = LSB(Istego(ki)); i = 1 to N (3.5)

where m′i is the ith bit of recovered message (i.e. minutiae data set), extractedfrom ki

th pixel of stego image (Istego).

• All m′i are assembled to reconstruct minutiae data set.

3.1.4 Merging Minutiae Data Set FS and FR

The fingerprint minutiae points of sender (FS) and receiver (FR) are fused using featurelevel fusion of minutiae points. Feature level fusion is achieved with concatenationof two feature sets FS = [(x1, y1),(x2, y2),..., (xNs , yNs)] and FR =[(x′1, y′1),(x′2, y′2),...,(x′Nr

, y′Nr)] (FS ∈ MNs and FR ∈ MNr ) to generate a combined feature set F (F ∈

MNs+Nr). For this purpose, all x coordinate values of FS are stored in a vector Xand then all x-coordinate values of FR are augmented to the vector X. Similarly they-coordinate values of FS and FR are combined and stored in another vector Y. Thesetwo vectors (X, Y) generate a new x,y coordinates of F . The size of F is the total sizeof FS and FR. That is

F = FS||FR; |F | = Ns + Nr. (3.6)

where || is used as augmentation symbol, |F | is the size of F and F = [ (x1, y1),(x2, y2), ..., (xNs , yNs), (x′1, y′1), (x′2, y′2), ..., (x′Nr

, y′Nr) ]. In the combined feature set,

redundancy of minutiae points may exist. The redundancy, if exists, is removed andonly unique minutiae points are selected from F. As an example, sample feature levelfusion of two feature sets is shown in Fig. 3.4(e).

The elements of vectors X and Y are shuffled separately using the shuffle key (KS)following the methods stated in Algorithm 1 and illustrated in Fig. 3.3. In this shufflingmethod, the vector elements where corresponding key bits are 1 are sorted starting at

17


the beginning, and the remaining elements where the key bits are 0 are placed startingfrom the end. In this way, all elements of vector X and Y are shuffled and the shuffledX,Y vectors result a modified F. For an example, a sample shuffled F is shown in Fig.3.4(f).Algorithm 1: Shuffling the elements of vector X and YInput: Shuffle Key KS of size N, Vector X and Vector Y each of size N

2

Output: Shuffled X as XS, Shuffled Y as Y S

front := 1; rear := N2;1

for i = 1 to N2do2

if KSi= 1 then3

XSfront := Xi;4

front := front+ 1;5

else6

XSrear := Xi;7

rear := rear − 1;8

front := 1; rear := N2;9

for i = 1 to N2do10

if KSi+N

2

= 1 then11

Y Sfront := Yi;12

front := front+ 1;13

else14

Y Srear := Yi;15

rear := rear − 1;16

KS

Data

Shuffled Data

Figure 3.3: Shuffling method

18


(a) Fingerprint of sender (b) Fingerprint of receiver (c) Minutiae points of (a)

(d) Minutiae points of (b) (e) Feature level fusion (f) Shuffled minutiae points

Figure 3.4: A snapshot of fused features and shuffled features

Each corresponding element of shuffled vectors (XS and Y S) is merged using XORoperation. For this purpose, xi and yi (xi ∈ XS and yi ∈ Y S) are converted into binarynumbers and bitwise XOR operation is followed for all elements of XS and Y S. Theresults of bitwise XOR operation are converted into decimal number and are stored ina vector Fcomb.

Fcombi = bitwiseXOR(xi, yi) (3.7)

The Fcomb is converted into binary stream and is stored in a new vector Fcode.Finally, the cryptographic key is generated from this Fcode using a hash function

which is as following. The Fcode is divided into blocks ( Fcode = B1||B2||...||Bnb; say

total nb blocks) of size 256 bits each. A vector (K) of size 256 elements of all zeros isgenerated as the initial hash value. Now, block B1 is XORed with initial K and theoutput is stored in K2. The K2 is XORed with the next block B2 and the result isstored in K3 and so on. Finally, the hash value Knb+1

is the cryptographic key (K).That is

19


Ki+1 = (Ki ⊕Bi); where i = 1 to nb and |Ki|=|Bi|=256 bits (3.8)

3.1.5 Shuffle Key Update

For better security measure, we propose to change the cryptographic key in eachsession. In other words, if there is chance to compromise cryptographic key, then it isdesirable that the key must be canceled and a new key be used for the next session.Further, we may note that if key is compromised, then fingerprint which is used togenerate the key is unused for ever. To tackle with this our protocol should be togenerate revocable key from irrevocable fingerprint. To realize this, we propose toupdate the shuffle key from one session to another. Session wise shuffle key updateprocedure is shown in Fig.3.5. Initiation to update shuffle key can be taken by senderor receiver.

Sender Receiver

Stego Key (Kg)

Shuffle Key (KS)

Stego Key (Kg)

Shuffle Key (KS)

Compute Fcode Compute Fcode

Compute new shuffle key

KSS=KS ⊕ Fcode

Compute h(KSS)

Compute new shuffle key

KSR=KS ⊕ Fcode

Compute h(KSR)

On success report

Replace KS by KSS

If h(KSS) = h(KSR)

Replace KS by KSR

Share Minutiae Data

Send update request, h(KSS)

Success report

Figure 3.5: Shuffle key update

The steps followed in our shuffle key update process are given below.

1. Both sender and receiver share fingerprint data and generate Fcode following themethod given in Section 3.1.

2. Shuffle key (KS) is XORed with the first |KS| bits of Fcode to obtain a modifiedshuffle key (KSS), KSS = KS ⊕ Fcode

20


3. Sender computes the hash value of modified shuffle key (h(KSS)), and sends italong with update request to receiver.

4. Similarly receiver also generate a modified shuffle key (KSR = KS ⊕ Fcode) andcompute the hash of the modified shuffle key (h(KSR)).

5. Receiver compares the computed hash (h(KSR)) with received hash (h(KSS)), ifboth are same then receiver replaces old shuffle key (KS) with new one (KSR)and sends success message to sender.

6. On the basis of receiver’s report, sender also replaces the old shuffle key (KS)with new shuffle key (KSS).

7. Shuffle key is updated and shared with each other (KSS = KSR).

In every session, an unique shuffle key is used to generate an unique session key fromthe fingerprint. After the session is over, old shuffle key is destroyed and modified oneis stored for next session of communication. In this way, our approach can provide thediversity of cryptographic key of fingerprint based symmetric cryptography.

3.2 Experimental Results

To evaluate our proposed approach, we investigate the impact of data encoding overcover image and accuracy of data decoding. The strength of the key generated inour approach is measured with respect to Hamming distance between genuine andimpostor’s keys for different criteria.

3.2.1 Database

We have tested our work using the fingerprint images from publicly available finger-print database, FVC2000 [25], FVC2002 [26], FVC2004 [27]. The details of fingerprintsused in our experiment is shown in Table 3.1. In all fingerprint databases, DB1, DB2and DB3 are real fingerprint databases and DB4 is synthetic fingerprint database. Inthe B set of all databases, there are 10 persons’ fingerprints and 8 instances of eachfingerprint. So total number of fingerprint images are (10X8X4) = 320 in each B set.In the A set of database, there are 100 person’s fingerprints and each fingerprint has8 instances which makes 100X8 = 800 fingerprint instances for each DB of A set. Sototal number of fingerprints in the A set is 3200.

21


Table 3.1: Fingerprints used our Experiments

FVC2000 FVC2002 FVC2004Optical (KeyTronic) Optical (Identix) Optical Sensor

DB1 (CrossMatch V300)Capacitive Optical Optical Sensor

DB2 (ST Microelectronics) (Biometrika) (Digital PersonaU.are.U 4000)

Optical Capacitive Thermal SweepingDB3 (Identicator (Precise Sensor (Atmel

Technology) Biometrics) FingerChip)

DB4 SFinGe v2.0 SFinGe v2.51 SFinGe v3.0

3.2.2 Experimental Setup

Two persons’ fingerprints are taken as fingerprints of sender and receiver and minutiaepoints are extracted using NBIS software (MINDTCT). Average number of minutiaepoints is found as 50 and we consider only (x,y) coordinates of first 50 minutiae pointsin our experiment. The minutiae points are converted into binary number of 18 bits (9bits for x-coordinate and 9 bits for y-coordinate) which produces a binary bit streamof 18X50 = 900 bits.

We use synthetic fingerprint from DB4 database (of FVC2000, FVC2002, FVC2004) shown in Figure 3.6 as the cover image to hide minutiae points of fingerprints of gen-uine users using LSB steganography. A stego key, which is generated from a commonpassword using pseudo random number generator, is used to locate the pixels of coverimage at where the minutiae data are hidden during steganographic encoding. Simi-larly, the same stego key is used to decode the minutiae points data from stego imageduring steganographic decoding.

In our experiment, both sender and receiver, exchange their own minutiae pointdata between them using the same stego key (Kg) but different cover images (say IS,IR). To extract the hidden minutiae data accurately from stego image, multiple copiesof the minutiae points data are encoded in the cover image.

To test our proposed approach, we use a pair of fingerprints from fingerprintdatabase as the genuine fingerprints of sender and receiver. And all other fingerprintsfrom remaining databases are used as imposter’s fingerprints. We consider that, anypair of imposter’s fingerprints may be used to generate a cryptographic key by im-poster’s.

22


3.2.3 Experimental Results

In our experiment, effect of data encoding over cover image is investigated and wefollow the evaluation method as given in [19, 20]. For an example, three cover imagesfrom DB4 database of FVC2000, FVC2002, FVC2004 and the stego images are givenin Fig. 3.6 . The observation is shown in Table 3.2. The first column is the average pixelvalue for cover image. The second column is the average pixel value for the stego image.The third column is the pixel change with respect to cover image. The last columnrepresents the absolute pixel change of the total encoded pixels. It is also observed that100% of the encoded message is extracted using the same stego key from stego imageand nearly 0.5% pixels of the cover image is changed due to minutiae data hiding.

Table 3.2: Effect of Steganography on Cover Image

Cover Stego Overall AbsolutePixel Pixel Pixel Pixel

Average Average Change Change173.26 173.48 0.47% 50.45%

To test the uniqueness of the cryptographic key, randomly selected two fingerprints(from DB1, DB2, DB3) are used to generate the key. Remaining fingerprints from DB1,DB2, DB3 are considered as imposter’s fingerprints. Then, we compare the key withall other keys generated from imposter’s fingerprints. For this purpose, we considerthat the attacker has no knowledge either about the genuine fingerprints or shuffle keyto compromise the cryptographic key. The observation of this test is shown in Fig. 3.7.

Similarly, we consider that the shuffle key is compromised by the attacker andan attacker tries to generate the cryptographic key using this shuffle key from thefingerprints other than genuine fingerprints. In our experiment, all fingerprints exceptthe genuine fingerprints of the database, are used as imposter’s fingerprints and genuinekey is compared with the key generated from imposter’s fingerprints. The observationis given in Fig. 3.8.

In the proposed approach, we also consider that one of the genuine fingerprints(either the fingerprint of sender or receiver) is compromised by the impostor and cryp-tographic key is generated using one genuine fingerprint and one imposter’s fingerprint.And the dissimilarity of the trial key with respect to genuine key is shown in Fig. 3.9and Fig. 3.10 due to unknown and known shuffle key, respectively.

It is observed that the cryptographic key generated from fingerprints of sender andreceiver is secured from attacks. An attacker is not able to generate the cryptographickey without the complete knowledge about both shuffle key and fingerprints of senderand receiver. According to our experiment, for all cases, minimum hamming distance is

23


(a) Synthetic fingerprint as cover image fromFVC2000(DB4) and stego image

(b) Synthetic fingerprint as cover image fromFVC2002(DB4) and stego image

(c) Synthetic fingerprint as cover image fromFVC2004(DB4) and stego image

Figure 3.6: A snapshot of cover image and stego image

37% i.e, 94 bits of the imposter’s key are mismatched and maximum hamming distanceis about 60% that is, 155 bits of the imposter’s key are needed to correct to break thegenuine key. It is also observed that, average hamming distance is about 50% whichmeans 128 bits among 256 bits of the genuine key are dissimilar on an average case. If

24


Figure 3.7: Error in imposter’s key when shuffle key is unknown

Figure 3.8: Error in imposter’s key when shuffle key is known

we consider the average case, then at least 2128 trials are required in brute force attackto break the cryptographic key.

In order to evaluate the proposed method on the basis of execution time, we haveconsider the time to extract features from fingerprint, steganographic encoding anddecoding time and time for cryptographic key generation from two minutiae data sets.The computation time of our approach is given in Table 3.3 and it is observed thatmaximum time is required for steganographic encoding and decoding and minimumtime is required for key generation from feature sets.

Operations Time (in sec)Feature Extraction 0.05Steganographic Encoding and Decoding 0.15Cryptographic Key Generation 0.002Total time 0.202

Table 3.3: Computation time of our approach

25


Figure 3.9: Error in imposter’s key when one fingerprint is known but shuffle key isunknown

Figure 3.10: Error in imposter’s key when one fingerprint and shuffle key are known

3.2.4 Security Analysis

In this section, security of the proposed approach is analyzed under different conditions.In our work, both communicating parties exchange their fingerprint data and mutuallyagree on two secrets like stego key and shuffle key.

Privacy of Fingerprints

We use least significant bit (LSB) based steganography to exchange fingerprints databetween sender and receiver. In our proposed approach, stego key (Kg) is used to hidefingerprint data in cover image. For each communication, a unique synthetic fingerprintimage (I) is used as cover image. An eavesdropper does not suspect the existence of thegenuine fingerprint data (i.e., minutiae points) due to high imperceptible stego image(Istego). The cover image is not required to decode the hidden data from stego image.An adversary with sufficient knowledge of decoding methods, is not able to extract thecorrect fingerprint data from the stego images ISstego and IRstego of sender and receiver,respectively, without possessing the Kg.

Both minutiae points sets of sender’s and receiver’s fingerprints are merged togetherand x,y coordinates values are shuffled separately using a shuffle key to generate Fcomb.

26


It assures that Fcomb does not reveal the original coordinate values of minutiae points.Then, it follows a bitwise XOR operation between x,y coordinates to lock x coordinatevalues with y coordinate values. An attacker is not able to get the genuine Fcomb

without the knowledge of either x - coordinate or y - coordinate values. Finally, a hashfunction is used to generate cryptographic key. Therefore, the cryptographic key is non-invertible, which confirms that the cryptographic key does not leak any informationabout the fingerprints of users.

Security of Cryptographic Key

In our approach, the cryptographic key is generated from the combination of twofingerprints of sender and receiver. The key is not shared by them but generated attheir end separately. There is no need to store the key for the use in decryption. So thekey is secured from any attack. An attacker needs to compromise either (Kg, ISstego,IRstego, KS) or (FS, FR, KS) to generate the genuine cryptographic key (K). Otherwise,the following conditions arise for different attacks.

1. Known stego key attack: It means that the stego key Kg is compromised byeavesdropper who eavesdrops both stego images ISstego and IRstego. Next, as the shufflekey KS is unknown, he has to guess the KS which is of 200 bits. It requires a trialof 2200 to break the KS using brute force attacks. Indeed, without KS, it is almostimpossible to compute the original cryptographic key even if both fingerprints dataare known.

2. Known shuffle key attack: It happens when the token is stolen or lost andthe attacker gets access to the shuffle key (KS) but he has no knowledge about thefingerprints data of genuine sender and receiver. In this case, the attacker has to guess50+50=100 minutiae points for two fingerprints. Otherwise, he has to compute thekey using imposter’s fingerprints which may be available to him. As the fingerprint isunique for a person, there is a rare chance to get the same fingerprint from imposter’sfingerprint database. Even in our experiment, there is no collusion between genuinecryptographic key and imposter’s cryptographic key when theKS is known. The shufflekey is updated in every session, which guarantees that, it is impractical to computethe KS of previous session or the same of future session.

3. Known fingerprint attack: In this condition, we consider that the genuine user(sender) who once communicated with an another user (receiver) can make a threat tothe security of cryptographic key generated using other (i.e., receiver) fingerprint. Weconsider that in different sessions, suppose a sender S is communicated with receiverR1, R2, ..., RN ∈ R. Then S has complete knowledge about fingerprints of R1, R2, ...,

27


RN . Now, S can try to compromise the communication session established between Ri

and Rj (where i 6= j; i,j=1,2, ..., N and Ri, Rj ∈ R). In our approach, the shuffle key(KS) is unique for a session established by a pair of sender and receiver. Therefore, S hasto break the KS to compromise the cryptographic key generated from the fingerprintsof Ri and Rj.

Another possibility to attack the cryptographic key in this perspective is that Ri

has the knowledge of fingerprint of S. And when S establish a session of communica-tion with S ′ (where S ′

/∈ R), Ri try to break the cryptographic key with one knownfingerprint (S) and one unknown fingerprint ( S ′). Then the attacker has to break theKS and fingerprint of S ′ (FS′ ). To break the KS, it requires 2200 trials and to breakthe fingerprint (FS′ ) it requires to search 50 minutiae points from MXN points (whereMXN is the size of FS′ ).

4. Known key attack: In this case, we consider that the shuffle key KS and orcryptographic key are compromised by the attacker. Our proposed approach assuresthat compromise of one key (KS or K) does not affect the previous or future session.In our approach, both KS and K are updated session wise. Initially, KS is randomlygenerated and time to time it is updated with the help of Fcode. Cryptographic key(K) is revocable and is used as a session key for symmetric cryptography. When thesession is over, the current session key is destroyed.

5. Resists replay attack: Our approach can prevent replay attack using sessionkey. In every session, a unique session key is used to establish the communicationbetween sender and receiver. If an eavesdropper wants to make replay attack using amessage previously transmitted by legal users, then it will make no sense to the legaluser as the cryptographic key is changed. Even when stego image is used for replayattack, eavesdropper is not able to decode the stego image without the stego key.

6. Resists man-in-middle attack: In our approach, fingerprints of communicat-ing parties are transmitted over nonsecure communication channel using data hidingscheme. If the man-in-middle eavesdrops the stego image and is able to decode theoriginal fingerprint data by any means, then the man-in-middle requires the perfectknowledge of secret shuffle key (KS). Otherwise, he is not able to generate the genuinekey (K) and as a result, is not able to decrypt the cipher text sent by genuine sender.In this way, our approach resists man-in-middle attack.

3.3 Conclusion

In our proposed approach, cryptographic key is generated from fingerprints of twocommunicating parties, which add an extra layer of security to the symmetric cryp-

28


tography. This cryptographic key is revocable and non-invertible which can be used assession key.

This approach defeats different attacks like replay attack, man-in-middle attack.Cryptographic key is not required to transmit over communication channel, no needto remember the cryptographic key in this approach.

As the original minutiae is exchanged between sender and receiver, it reveals fin-gerprint identity of one to other user. This limitation can be addressed using transfor-mation of minutiae points which is proposed in our next approach.

29

Chapter 4

Cryptographic Key Generation fromCancelable Fingerprint Templates

In this chapter, we propose our second approach of cryptographic key generation. Can-celable templates of both communicating parties are used to generate cryptographickey. Main features of this approach are as follows.

• Secure transmission of fingerprint data: Fingerprint template after transforma-tion into cancelable template, is transmitted to other communicating party usingsteganography.

• Revocability of fingerprint template: If the fingerprint templates are compro-mised then it can be canceled and new fingerprint template can be issued easily.

• Cryptographic key revocability: As the key is generated from two cancelable fin-gerprint templates, key can be updated easily by updating cancelable templates.

• Secure key management: In our proposed protocol, cryptographic key is nottransmitted to the recipient and is not stored anywhere, hence key managementis secured.

In the proposed approach, both communicating parties are required to store theirown shuffle key for cancelable template generation. If the shuffle key is changed thenthe cancelable template is also changed. Other than shuffle key which is user specific,both users need to remember the stego key which is used to secure the steganography.Here, we use a common password as seed to generate the stego key using pseudorandom number generator.

30

Chapter 4. Cryptographic Key Generation from Cancelable Fingerprint Templates


Initially, both sender and receiver generate cancelable templates from their own fin-gerprint. These two cancelable templates are used to generate cryptographic key forsymmetric cryptography. An overview of our approach is shown in Fig. 4.1. In thefollowing, different tasks in our approach are discussed.

Feature Extraction Feature Extraction

Cancelable Transformation Cancelable Transformation

Ste

go

key

Ste

go

key

Sh

uff

lin

g k

ey

Sk

s

Sh

uff

lin

g k

ey

Sk

r

Steg. Encode

Steg. Decode

Steg. Encode

Steg. Decode

Master Template Generator Master Template Generator

Key Generator Key Generator

Cryptographic Key Cryptographic Key

Cover image Cover image

Sender Receiver

Figure 4.1: Key generation by sender and receiver

4.1.1 Cancelable Template Generation

Minutiae points are extracted from fingerprint image following the procedure as statedin Section 3.1.1 of Chapter 3. The x, y-coordinate values are stored in two vectors(X, Y ). Vector X contains x- coordinate values and vector Y contains y-coordinatevalues of minutiae points. We consider the following to refer in our subsequent discus-sion.

• MPs = Set of minutiae points extracted from senders fingerprint.MPs = [(xi, yi)]; i= 1 to Ns, where Ns is the size of MPs

Xs = [xi]; Y s = [yi]; where i = 1 to Ns;

31


• MPr = Set of minutiae points extracted from receivers fingerprint.MPr = [(x′i, y

′i)];

where i = 1 to Nr and Nr is the size of MPr

Xr = [x′i]; Y r = [y′i]; where i = 1 to Nr;

Cancelable Transformation

The original minutiae points are not used directly in a secured biometric system. Oncethe biometric data is compromised, the biometric will be useless forever. Biometricdata is not cancelable inherently. Therefore, it is required to transform the irrevocablebiometric data into revocable before use in the cryptography. We have used a shufflebased transformation. For the transformation, both sender and receiver randomly gen-erate their shuffle keys which are used to randomize the values of (Xs, Y s) and (Xr,Y r) vectors respectively.

• Sks = shuffle key of sender, |Sks| = Ns

• Skr = shuffle key of receiver, |Skr| = Nr

Shuffling of the elements of X and Y vectors individually The elements ofthe vector Xs are shuffled with the methods given below. In this shuffling method, thevector elements where corresponding key bits are 1 are sorted starting at the beginning,and the remaining elements where the key bits are 0 are placed starting from the end.The shuffling method is illustrated in Fig. 4.2.

Shuffle key

Data

Shuffled Data

Figure 4.2: Shuffling method

This process is also applied to shuffle the vector Y s, Xr and Y r. Now these shuffledvectors of (Xs, Y s, Xr, Y r) are represented by (Xs

sh, Y ssh, Xr

sh, Y rsh) respectively. The

original positions of minutiae points of fingerprint are randomized in this way shuffling.

32


An adversary is not able to locate the original position of minutiae points from theshuffled vectors.

Merging shuffled vectorsEach element of vector Xs

sh and vector Y ssh is merged using the bitwise XOR opera-

tion. The result is stored in Dxy vector. Here bitwise XOR operation locks the elementsof (Xs

sh and (Y ssh with each other. The resultant of XOR operation does not leak any

information about the inputs.

Dxyi = Xsshi⊕ Y s

shi; 1 ≤ i ≤ Ns (4.1)

Now, the redundancy, if exist, are removed from the Dxy vector and the uniquedata are stored in a vector CTS. This is the cancelable template of sender’s fingerprint.

CTS = [u1 u2 ... un1];n1 ≤ Ns. (4.2)

Similarly, shuffle vectorsXrsh and Y r

sh are also merged by the receiver and the uniquedata are stored in a vector (CTR). The CTR is the camcelable template of receiver’sfingerprint.

CTR = [u′1 u′2 ... u

′n2];n2 ≤ Nr. (4.3)

4.1.2 Sharing Cancelable Templates

The cancelable templates need to be sent to other site via a nonsecure channel. Bothusers send their cancelable template to each other using data hiding technique.

A. Steganographic Encoding

Both sender and receiver use steganography based data hiding technology to hide theircancelable template in a cover (i.e. host) image (Icover). The updated cover image wheredata is hidden, is called stego image (Istego). A secret key (Kg) is used to select thepixels in the data embedding technique. The secret key is shared with the recipientbefore sending the stego image.

Sender selects a synthetic fingerprint image as the host image (IScover). The cance-lable template (CTS) is converted into binary stream and embedded into the selectedpixels of host image using LSB based steganographic encoder. The resulting imageis the stego image which is sent to receiver. Similarly, receiver also selects anothersynthetic fingerprint as his cover image (IRcover) (here IScover 6= IRcover)and hides his can-

33


celable template (CTR) in that cover image using the same secret key (Kg) and sendsthe stego image to the sender.

B. Steganographic Decoding

Hidden cancelable template data are extracted from stego image (Istego) using thedecoding function and the same secret key (Kg). The secret key is used to locate thepixels where cancelable template data were embedded. This way, sender and receiverboth extract the cancelable templates of other user. Now, the extracted binary streamis decoded to reconstruct the CTS and CTR by receiver and sender, respectively.

4.1.3 Key Generation

A. Master Template Generation from Cancelable Templates

Our goal is to generate a cryptographic key of length Nk bits from the fingerprints ofsender and receiver. Now the key is generated with the equal contribution of CTS andCTR. For the reason, each vector is normalized and resized to Nk

2elements.

If the cancelable template (CTS) has more elements than Nk

2then only first Nk

2

elements are considered in the new cancelable template(C ′TS).

C ′TS = [u1 u2 ... uNk2

]; if |CTS| ≥Nk

2(4.4)

But if the size of cancelable template(CTS) is less than the Nk/2. In this case,pseudo random numbers are added to CTS. Arithmetic mean (u) of the elements ofCTS is used as the seed value and numbers are generated within the range of minimum(umin) and maximum (umax) elements of the cancelable templates (CTS) using thefollowing equation.

ur = umin + {rand()%(umax − umin)}; |CTS| < r ≤ Nk

2(4.5)

These pseudo random numbers can be generated by both sender and receiver usingthe equation with the same seed value. These numbers are appended to the CTS togenerate C ′TS.

C ′TS = CTS‖ur‖ur+1‖...‖uNk2

(4.6)

Similarly, C ′TR is also generated by normalizing CTR. These two modified cancelabletemplates (i.e. C ′TS and C ′TR) are concatenated and stored in a vector MT in thefollowing way.

34


MTj=

{ui if ui > u′i

u′i otherwise(4.7)

MTj+1=

{ui if ui < u′i

u′i otherwise(4.8)

where 1 ≤ i ≤ Nk

2, 1 ≤ j ≤ (Nk-1), ui ∈ C ′TS and u′i ∈ C ′TR. This (MT ) vector is

the master template , generated from the data of both fingerprints. Both sender andreceiver generate master template following the same method at their ends.

B. Key Generation from Master Template

In this step, cryptographic key is generated from the master template (MT ). Eachelement of the master template generates one bit of the cryptographic key. The ith

element generates ith bit of the key. In this way, symmetric cryptographic key (K) of256 bits is generated from the vector MT using the following equation.

Ki = MTimod 2; i = 1 to Nk (4.9)

This way, sender and receiver, both can derive the same cryptographic key for theuse of symmetric cryptography. This key establishes a session of secure communicationbetween the sender and receiver. To update the cryptographic key, shuffle key of theusers can be updated and a new key can be generated from the same fingerprints.

4.2 Experimental Result

The performance of our proposed approach is evaluated in three ways. Initially, we testthe cancelable template for collision with impostor’s fingerprint. Then, we observe theoverhead of steganograophic encoding and finally, the strength of the generated key iswith respect to impostor’s key.

4.2.1 Database

We have tested our work using the fingerprint images from publicly available finger-print database, FVC2000 [25], FVC2002 [26], FVC2004 [27]. The details of fingerprintsused in our experiment is shown in Table 4.1. In all fingerprint databases, DB1, DB2and DB3 are real fingerprint databases and DB4 is synthetic fingerprint database. Inthe B set of all databases, there are 10 persons’ fingerprints and 8 instances of each

35


fingerprint. So total number of fingerprint images are (10X8X4) = 320 in each B set.In the A set of database, there are 100 person’s fingerprints and each fingerprint has 8instances which makes 100X8 = 800 fingerprint instances for each DB of A set. So totalnumber of fingerprints in the A set is 3200. In our experiment, fingerprints from DB1,DB2, DB3 of all databases are used to generate cryptographic key and fingerprintsfrom DB4 of all databases are used as cover image to carry cancelable template.

Table 4.1: Fingerprints used in our Experiments

FVC2000 FVC2002 FVC2004DB1 Optical (KeyTronic) Optical (Identix) Optical Sensor

(CrossMatch V300)DB2 Capacitive Optical Optical Sensor

(ST Microelectronics) (Biometrika) (Digital PersonaU.are.U 4000)

DB3 Optical Capacitive Thermal Sweeping(Identicator (Precise Sensor (AtmelTechnology) Biometrics) FingerChip)

DB4 SFinGe v2.0 SFinGe v2.51 SFinGe v3.0

4.2.2 Experimental Setup

Two fingerprint images are taken as input fingerprint of sender and receiver. Thefeatures (i.e. minutiae points) are extracted from given fingerprint images using theNBIS software (MINDTCT) of NIST. Average number of minutiae points is found as50 and we consider only (x,y) coordinates of first 50 minutiae points in our experiment.The x-coordinate and y-coordinate values are shuffled using a shuffle key of 100 bits.As the number of minutiae point is 50 and there are 50 values for x-coordinate andy-coordinate each. First 50 bits of shuffle key are required to shuffle 50 values of x-coordinate and remaining 50 bits of shuffle key are used to shuffle 50 values of y-coordinate. Then the shuffled x,y-coordinate values are XORed to each other andcancelable template is generated. The cancelable template is converted into binarystring of 450 bits (50X9=450).

We use synthetic fingerprint image from DB4 database (of FVC2000, FVC2002,FVC2004) as the cover image to hide minutiae points of fingerprints of genuine usersusing LSB steganography. A stego key, which is generated from a common passwordusing pseudo random number generator, is used to locate the pixels of cover imagewhere the minutiae data are hidden during steganographic encoding. Similarly, thesame stego key is used to decode the minutiae points data from stego image during

36


steganographic decoding. For the observation of steganographic impact on cover imagesand stego images, we consider one instance per fingerprint of all persons from DB1,DB2 and DB3 of FVC2000, FVC2002 and FVC2004 (all B set).

To test our work, we consider all fingerprints from DB1, DB2, DB3 of all databasesto generate cancelable template. To test the cancelable template generated in our ex-periment, we generate a genuine cancelable template from a fingerprint of any databaseand imposter’s cancelable templates are generated from all other fingerprints of thatdatabase. Then, we compute the hamming distance between the genuine and imposter’scancelable templates to find out the collisions. Then, we evaluate the steganographicimpact on cover images (synthetic fingerprints) due to encoding of cancelable templatesin cover images.

Similarly, the cryptographic key generated from genuine fingerprints is comparedwith all key generated from imposter’s fingerprints. In our experiment, two fingerprintsfrom DB1 or DB2 or DB3 of all databases are considered as genuine fingerprints and re-maining fingerprints of that database are considered as impostor’s fingerprints. In thisway, all fingerprints (pairwise) are considered and hamming distances are computedfor all combinations.

4.2.3 Experimental Results

To test the collision property of cancelable templates, a cancelable template from fea-tures of a fingerprint image from a database (say, DB1 of FVC2000 (set B)) is generatedand is considered as genuine user’s cancelable template. Then, we generate all impos-tor’s cancelable templates from the remaining fingerprint images of that database andthe cancelable template is compared with all cancelable templates generated from im-postor’s fingerprints. The hamming distance between the genuine cancelable templateand impostors cancelable template are computed. In this way, each fingerprint imageis considered as genuine user’s fingerprint and the remaining fingerprints are consid-ered as impostor’s fingerprints. For all combination of genuine user’s and impostor’scancelable templates are compared and the hamming distances are plotted. Hammingdistances among genuine cancelable templates and imposter’s cancelable templates forDB1, DB2 and DB3 of FVC2000 are plotted in Fig. 4.3. Similarly, Fig. 4.4 representsthe hamming distances among genuine and impostor’s cancelable templates for thefingerprints taken from DB1, DB2 and DB3 of FVC2002(B set). Hamming distancesamong genuine user’s cancelable templates and imposter’s cancelable templates arecomputed for the fingerprints taken from DB2, DB3 and DB4 of FVC2004 (A set) andplotted in Fig. 4.5. We have also investigated the minimum, maximum and average

37


hamming distances for FVC2000, FVC2002 and FVC2004 and are given in Table 4.2,4.3, 4.4, respectively.

Figure 4.3: Dissimilarity among cancelable templates of genuine user and impostor forDB1, DB2 and DB3 of FVC2000 (set B)

Table 4.2: Hamming Distance among Cancelable Templates in FVC2000

Min. Max. AverageDatabase Hamming Hamming Hamming

Distance(%) Distance(%) Distance(%)DB1 38.22 54 46.02DB2 40.44 56.44 47.90DB3 41.11 58 49.65

Figure 4.4: Dissimilarity among cancelable templates of genuine user and impostor forDB1, DB2 and DB3 of FVC2002 (set B)

38




Distance(%) Distance(%) Distance(%)DB1 38.89 56.89 47.90DB2 42 60 49.94DB3 33.78 53.33 45.11

Figure 4.5: Dissimilarity among cancelable templates of genuine user and impostor forDB2, DB3 and DB4 of FVC2004 (set A)

In our experiment, synthetic fingerprints are used to exchange the cancelable tem-plates of sender and receiver. In our work, synthetic fingerprints are taken from databaseDB4 of FVC2000, FVC2002, and FVC2004 which can be obtained from SFinGe [18]also. The synthetic fingerprints are used as cover images to hide original fingerprintdata only. Three synthetic fingerprints from FVC2000, FVC2002 and FVC2004 aregiven in Fig.4.6(a), (c), (e) and respective stego images are shown in Fig. 4.6(b), (d),(f). Using the same stego key by receiver, exactly same cancelable template of sender isextracted from the stego images and vice versa. Nearly 0.26% pixels of the cover imageis changed due to data hiding. The investigation regarding steganographic encodingand decoding is given in Table 4.5. The first column is the average pixel value of coverimages and second column is the average pixel value of the stego images. The thirdcolumn is the pixel change with respect to cover image and last column represents theabsolute pixel change of the total encoded pixels.

Now, we measure the dissimilarity of key generated from impostor’s fingerprintswith respect to cryptographic key generated from genuine fingerprint. For this pur-pose, we take all combination (45 combinations) of two fingerprints out of ten froma database (say DB1) as fingerprints of genuine users and all other fingerprints are

39




Distance(%) Distance(%) Distance(%)DB2 35.78 60 48.31DB3 39.33 60.22 49.87DB4 36.22 60.44 48.28

Figure 4.6: Cover images (a, c, e) taken from DB4 of FVC2000, FVC2002, FVC2004and corresponding stego images (b, d, f)

taken as impostor’s fingerprints. Then, we compare the genuine key with impostor’skey and hamming distance between the keys are computed. For each database (DB1,DB2 or DB3) from each FVC (FVC2000, FVC2002, FVC2004), we plot histogramof hamming distance in Fig. 4.7, 4.8, 4.9, respectively. At the same time, minimum,maximum and average hamming distances are also computed for each database fromeach FVC. Minimum, maximum and average hamming distances among genuine andimpostor’s keys generated with fingerprints taken from database DB1, DB2, DB3 ofFVC2000, FVC2002 and FVC2004 are given in Table 4.6, 4.7 and 4.8, respectively.

In order to evaluate the proposed method on the basis of computation time of ourapproach, main three subtasks are considered, feature extraction, cancelable templategeneration and steganographic encoding and decoding. Average time to extract features

40


Table 4.5: Effect of Steganography on Cover Image

Cover Stego Overall AbsolutePixel Pixel Pixel Pixel

Average Average Change Change171.65 171.65 0.26% 53.87%

(a) Hamming distance betweengenuine and impostor’s key fromFVC2000(DB1)

(b) Hamming distance betweengenuine and impostor’s key fromFVC2000(DB2)

(c) Hamming distance betweengenuine and impostor’s key fromFVC2000(DB3)

Figure 4.7: Hamming distance between genuine and impostor’s key for fingerprintdatabase of FVC2000

from fingerprint is 0.45 seconds. Cancelable template generation from minutiae pointstakes 0.05 msec. Time taken to embed a cancelable template into cover image andextract the cancelable template from the stego image is nearly 0.06 sec.

4.2.4 Security Analysis

This approach addresses four security issues: (i) Secure sharing of biometric templates(ii) privacy of biometric identity (iii) security of cryptographic key and (iv) key revo-cability.

41


Table 4.6: Hamming Distance between genuine and impostor’s keys in FVC2000


Distance Distance DistanceDB1 27 89 58.44DB2 31 88 63.36DB3 40 90 64.59





Secure Sharing of Biometric Templates

Cryptographic key is generated from two fingerprints of two different persons. Thefingerprint data of each user is shared with other user using least significant bit (LSB)based steganography. Extraction of hidden fingerprint data from stego image (Istego)is not possible without the stego key (Kg). An interceptor can do nothing with thestego image if the stego key is unknown to him. An user can send his cancelabletemplate (Ci+1

TS ) which is different from previously sent cancelable template (CiTS)

using a different cover image (i.e. Ioldcover 6= Inewcover). The cover image is not required

42




Distancee Distance DistanceDB1 33 87 61.05DB2 36 90 63.11DB3 33 83 57.17





to extract the hidden message from stego image. This can resist known cover imageattacks or known stego image attacks. In our approach, no original biometric is used ascover image but synthetic fingerprint is used as cover image. In this way, the fingerprintdata is shared securely and it is secured from man-in-middle attack.

Privacy of Biometric Identity

In this approach, both sender and receiver do not share their original fingerprint imagesor raw fingerprint templates (MPS and MPR). They share the non-invertible cance-

43




Distancee Distance DistanceDB1 34 88 62.47DB2 37 89 63.3DB3 41 90 64.65

lable templates (CTS and CTR) of their fingerprints. The cancelable transformation(say, Fc) used in our approach, is a one way transformation and there is no inversetransformation (F−1c ). This affirms that generation of original template of receiver orsender from shared cancelable template is not feasible by sender or receiver. Moreover,the cryptographic key is non-invertible and tracing any candidate fingerprint from thekey is not feasible. In this way the approach is free from fingerprint identity threat.

Security of Cryptographic Key

In our approach, the cryptographic key is generated from the combination of twofingerprints of sender and receiver. The key is not shared by them but generated at theirend separately. There is no need to store the key for the use in cryptography. As thecryptographic key is directly derived from two fingerprints, an attacker, without thesefingerprint data, is not able to break this cryptographic key. The key is of 256 bits and isrequired 2256 searches for brute force attack. For the irreversible nature of the generatedkey, generation of the cancelable templates (CTS and CTR) are also impossible. In thisapproach, if the key or cancelable templates are compromised anyway, new cancelabletemplates as well as the new key can be generated easily by modifying the shufflekey only. Every time, the cancelable template is generated using a random shuffle keywhich is independent to previous or future shuffle key. The cryptographic key satisfiesforward secrecy and backward secrecy. In other words, if any cryptographic key isknown to an adversary, he is not able to know the keys of previous sessions or futuresessions from the compromised key.

Key Revocability

Revocability of the cryptographic key is a prime requirement for symmetric cryptog-raphy. Cryptographic key may be compromised and new key is required to reissue.Key revocability is also essential for session based symmetric cryptography. In our ap-proach, key revocability is provided by cancelable template. The shuffle key is changedand is used to generate a new cancelable template. Every new cancelable template gen-

44


erates a new cryptographic key. In this way, our approach is able to generate revocablecryptographic key as well as session key.

4.3 Conclusion

In this approach, we are able to generate a cancelable template from fingerprint minu-tiae data. The overhead of steganography i.e., overall pixel change is also decreasedwith comparison of first approach. Using cancelable templates, cryptographic key isgenerated which is also not matched with impostor’s key. In this approach, privacy offingerprint identity of each user is preserved and even the communicating parties arenot able to know original fingerprint identity of each other. In our approach, it is easyto revoke a cryptographic key when compromised, by changing only the shuffle key ofthe users.

In this approach, both communicating parties have to rely to each other to sharetheir biometric data. Otherwise they can depend on a trusted third party authenti-cation certificate for authentication. We have proposed another approach to alleviatethis issue in the next chapter.

45

Chapter 5

Session Key Generation usingEnrolled cancelable template

In session-based communication, session key is shared with other communicating partybefore starting a secured session of communication between sender and receiver. In thistype of communication, initially, session key is generated randomly and transmitted toother user using public key cryptography. Then, the shared key is used in symmetriccryptography for message transmission between sender and receiver. In this protocol,a major issue is authentication of the communicating parties. The authentication ofthe sender and receiver is verified by a trusted third party certification. Hence, theauthenticity depends on the reliability of a third party.

In biometric-based symmetric cryptography, where biometric data of both usersare used to generate and share cryptographic key, an authenticity verification is alsorequired before sharing their biometric data with each other. In this situation, there aretwo issues. Both fingerprint data, which are transmitted over (unsecured) channel, canbe intercepted by an attacker and attacker can generate the key using the algorithm.

To overcome this problem, we propose a theoritical approach where biometric dataof the receiver is enrolled with sender. The stored biometric data can be used toauthenticate its owner (i.e. receiver) and as it is stored in senders’ side, it is not requiredto transmit to other user (sender) for key generation. In this approach, biometric dataof one user is transmitted over unsecured channel to other user. Nevertheless, the storedcancelable template is used to transmit the cancelable template of sender securely. Thisapproach removes the requirement of third party certification for authentication. Atthe time of enrollment, we propose to store cancelable biometrics and thus preservingthe privacy of the biometric identity of the owner.

46

Chapter 5. Session Key Generation using Enrolled cancelable template


This approach attempts to overcome some limitations in the first two approaches dis-cussed in Chapter 3 and Chapter 4. In this approach we follow the same technique forcancelable transformation of fingerprint templates as used in the approaches. This ap-proach consists of three steps enrollment, session key generation and template update.

5.1.1 Enrollment

At the sender site, a database is maintained to store the biometric data of the receiver.This process, we call as enrollment of receiver by the sender. Our proposed approachto enrolling receiver is as follows.

• We assume that minutiae (ridge termination and bifurcation) points are ex-tracted from the fingerprint image of sender and receiver at their own site andfeature vactors of their biometric data are extracted.

• Both sender and receiver generate cancelable template (CTS, CTR) from theirfeature vector using their user specific shuffle key (Sks, Sks) as discussed in Section4.1.

• Cancelable template of receiver (CTR) is XORed with Cancelable template ofsender (CTS) to lock the CTR and CTRlock

(i.e. CTRlock= CTR ⊕ CTS ) is stored

in the database of sender.

5.1.2 Session Key Generation and Sharing

After the enrollment process, session key is generated from the cancelable templates ofsender and receiver. At the time of key generation and authentication, test fingerprintof sender is captured and minutiae points are extracted. Test cancelable template (C ′TS)is generated using same transformation and shuffle key (SKs). The locked template (CTRlock

) is unlocked by XORing it with test cancelable template (( CTR = CTRlock⊕C ′TS

)). Initially sender and receiver both have their own shuffle keys and locked cancelabletemplates of receiver are stored at sender’s database. The key generation and sharingmethod is shown in Fig. 5.2. When receiver wants to communicate securely with senderfollowing steps are carried out.

1. Receiver sends authentication request to sender.

2. Sender acknowledge the receiver’s request.

47


Sender (S)

Receiver (R)

Cancelable

Transformation

Cancelable

Transformation

Shuffle Key

(Skr)

Shuffle Key

(Sks)

XOR

CTS

CTR

CTRlock

Feature

Extraction

Feature

Extraction

Enrolled

data

Figure 5.1: Enrollment process

3. Receiver generates a test cancelable template (C ′TR) with his own shuffle keySKrfrom a fresh fingerprint and sends the hash value (h(C ′TR)) to sender.

4. Sender also generates a test cancelable template (C ′TS) from his fingerprint withhis shuffle key (SKs).

5. Sender unlock the locked cancelable template (CTRlock) stored in the database

and generates the hash value h(CTR).

6. Sender compare the received hash value (h(C ′TR)) with the generated hash value(h(CTR)). If both are same then the receiver is authentic and cryptographic keyis generated from the cancelable templates of sender and receiver. CryptographicKey Ksr = GenKey(CTR,CTS) GenKey is already described in the previous chap-ter.

48


7. Sender lock his own cancelable template (CTS) with the stored cancelable tem-plate of receiver (CTR). CTSlock

= CTS ⊕ CTR.

8. Sender sends the CTSlockto the receiver.

9. Receiver unlocks CTSlockby XORing his own C ′TR and generate the cryptographic

key. Cryptographic KeyKsr= GenKey(C ′TR,CTS).GenKey is an algorithm for keygeneration from cancelable templates discussed in previous chapter. Now senderand receiver both have the same key (Ksr).

10. The generated key (Ksr) can be treated as session key and using this key com-munication can be started securely.

Shuffle key Sks,

Locked CTR (CTR_lock)Shuffle key Skr

Secured communication established

Generate C’TR from fresh

fingerprint of Receiver using Skr

Generate CTS from fresh

fingerprint of Sender using Sks

Unlock CTR as

CTR = CTR_lock ⊕ CTS

Unlock CTS as

CTS = CTS_lock ⊕ CTR

Compute hash of C’TR, h(C’TR )

Compute hash of CTR

If h(CTR ) = h(C’TR )

Compute CTS_lock

Compute Cryptographic Key

KSR = GenKey (CTS, CTR)

Compute Cryptographic Key

KSR = GenKey (CTS, CTR)

Request Accepted

User Id, h(C’TR)

CTS_lock

Authentication Request

Sender (S) Receiver (R)

Figure 5.2: Session key generation and sharing

In the above mentioned steps, we use a XOR based hash function to computethe hash value of the cancelable template using the following method. The cancelabletemplate (CTR) is represented as bit stream and the size of CTR is divided by the sizeof expected hash value (|h(CTR)|). If there exists any reminder of the division thenrequired number of zero is added with the remainder. Then, first block is XORed withsecond block and the resultant is XORed with the third block and so on. Finally, allblocks except first two blocks, are XORed with the previous result and hash value iscomputed.

49


In this approach, authentication of sender and receiver is verified in following way.The cancelable template of receiver is stored at the database of sender and it is lockedby the cancelable template of sender. Hence, only genuine sender is able to unlockthe cancelable template of receiver using his own fingerprint data. Secondly, the hashof cancelable template of receiver which is enrolled, is matched with the hash valuesent by requestor and these are matched only when genuine receiver requests using hisown fingerprint data. In this way, both users are authenticated themselves with theircancelable templates before starting of secure communication.

After the establishment of the secure communication between sender and receiver,both can transfer data through this channel securely using the symmetric cryptog-raphy. As the key (Ksr) is a session key, it is valid only for that session and afterthe session it is destroyed. For any new session, a unique key can be generated bymodifying the shuffle keys as well as cancelable templates.

5.1.3 Template Update

In this approach, template is required to update for two reasons. The cancelable tem-plate of receiver is stored in the database and this template is required to update timeto time for its’ security. The cryptographic key is also required to update for bettersecurity of the proposed crypto-biometric system. As the key is generated from can-celable template, modification of the key depends on the modification of cancelabletemplates. In this approach, sender updates his cancelable template locally with anew shuffle key. On the other hand, it is difficult to update the cancelable templateof receiver as the database of sender is also required. In both cases, shuffle key of thespecific user is required to generate an updated cancelable template.

Update Cancelable Template of Sender

The cancelable template of sender is updated locally by sender. The steps are givenbelow.

1. Sender generates the same cancelable template (CTS) from fingerprint minutiaeusing same shuffle key (SKs).

2. Sender unlocks the cancelable template of receiver (CTR) using sender’s owncancelable template i.e., CTR = CTRlock

⊕ CTS.

3. Sender generates a new shuffle key (S ′ks) randomly, that is, Sks 6= S ′ks.

50


4. Sender generates a new cancelable template (C ′TS) using the new shuffle key(S ′ks).

5. Sender locks the cancelable template (CTR) of receiver with his updated cance-lable template, i.e., CTRlock

= CTR ⊕ C ′TS.

6. Sender replaces his old shuffle key (Sks) by new shuffle key (S ′ks).

Update Cancelable Template of Receiver

Cancelable template of receiver is stored at the database of sender. Hence, updateof receiver’s template requires update of sender’s database also. This process requireson-line update of cancelable template of receiver. The steps followed in this processare given below.

1. Receiver generates a new shuffle key (S ′kr) and generate a new cancelable template(C ′TR).

2. Receiver computes the bitwise XOR value between CTR and C ′TR as followsRxor = CTR ⊕ C ′TR.

3. Receiver sends an update template request along with Rxor to sender.

4. Sender also generates CTS from his fingerprint and unlock CTR from CTRlock.

5. Sender extracts the new template (C ′TR) of receiver from Rxor and computes theHamming distance (dH) between C ′TR and CTR.

6. If the Hamming distance satisfies the threshold value, then sender updates thecancelable template of receiver and locks it with CTS and replaces the old CTRlock

with new one.

7. Sender sends update confirmation report along with dH to receiver.

8. Receiver computes the Hamming distance and compare it with dH . If it matchesthen the shuffle key (Skr) of the receiver is replaced by new shuffle key (S ′kr).

In our proposed approach, cancelable template is used to generate revocable key. When-ever, key modification is required, at least one of the cancelable templates needs to beupdated. To update the cancelable template of any user, shuffle key modification isrequired. Therefore, it is easy to update cryptographic key in our approach.

51


5.2 Comparison with other work

In this section, a related work reported by Kanade et al. [3] is studied in details. Then,we compare our work with the existing work.

5.2.1 Existing Work

In the existing work, cryptographic key is regenerated from the iris data of client.In the enrollment phase, a cancelable iris template (θcanc) of client is generated. Arandom key (Kr) generated by the client is encoded with error correction code (ECC)and a pseudo code (θps) is generated. The pseudo code is XORed with cancelabletemplate (i.e., θlock = θps ⊕ θcanc ) to generate a locked code θlock and the lockedtemplate is stored in the server database. In the server database the hash of therandom key (H(Kr)) is also stored. Whenever the key is required to communicate withserver, client sends a request to server and server sends locked cancelable templateθlock where the key was encoded and double hash value of the key (H(H(Kr))) isalso sent to client. Now, the client generates cancelable template (θ′canc) from anothersample of iris and extracts the key (K ′r) from the locked template. Then, the doubledhash of the extracted key is compared with the received doubled hash of key. If it ismatched (i.e., H(H(Kr)) = H(H(K ′r)) ) then the cancelable template is encoded withhash of the key (i.e., θenc = Enc(θ′canc, H(K ′r))) and it is sent to server. Now, serverknows the hash value of the key. Hence, server can decode the received template (i.e.,θ′canc = Dec(θenc, H(K ′r))) using the hash of the key H(Kr) and decoded template isXORed with stored locked template and key is extracted from the locked template(i.e., Kr = (θlock ⊕ θ′canc)).

In the second protocol of [3], session key is shared with client using cancelabletemplate of client (θcanc). Initially, the cancelable template of client is stored in thedatabase of server. Whenever session key is required for a communication betweenclient and server, server generates a random key (K) and encode the key with thecancelable template of client (i.e., θlock = E(θcanc, K)) and server sends the lockedcode θlock and double hash of the key (H(H(K))) to client. Client generates a newcancelable template from another sample of biometric traits and decode the key fromθlock. If double hash of the extracted key matched with the received one, then, securedcommunication can be started between server and client.

In both approach, fuzzy commitment scheme is used to regenerate the key and keyis released from the locked code. In the second approach, cancelable template of clientis stored in the database of server. This cancelable template is used to lock the sessionkey and is transmitted over unprotected communication channel. If the database is

52


hacked by the an attacker then the key will be easily extracted from the locked codetransmitted over nonsecured channel.

5.2.2 Comparison

Our work is different from the approach of Kanade et. al. [3]. Our approach, generatesa cryptographic key from biometric data of both sender and receiver. The biometricidentity of both users are bound with the generated key. The cryptographic key is nottransmitted over communication channel and hence, no chance to be compromised byan interceptor. In the existing approach, the random key is stored in the database ofserver after locking it with cancelable template of client and it is transmitted to clientover unprotected channel.

In the second approach proposed in [3] of session key generation and sharing, key isnot stored but generated by one party and it is locked by stored cancelable template.The locked key is transmitted over (unsecured) communication channel to client. Onthe other hand, in our approach, key is derived from the combined biometrics dataof both user. The cancelable template of receiver is locked by the cancelable templateof sender and the locked template is stored in the database of sender. In the existingapproach, the cancelable template of client is stored in the database of server. If thedatabase is compromised by a third party, then the transmitted cryptographic key willbe compromised in the existing approach. Whereas in our approach, attacker is notable to unlock the stored template of receiver without the biometric data of senderwhich is not stored in any where. Hence, the attacker is not able to compromise thecryptographic key even if the attacker moves away with the database of sender.

In our approach, only the biometric template of sender is transmitted over un-protected channel but the template is protected with a XOR based encoding and thegenuine biometrics of receiver is required to decode it.

In the existing approach, key is always generated by one party and the user maygenerate a week key intentionally. But in our approach, both users contributed equallywith their biometrics to generate a strong key.

5.3 Security Analysis

Security of the Crypto-Biometric system includes the security of the used biometricand generated cryptographic key. If the system reveals any information about theused biometric then the biometric identity can be disclosed to the third party. In thisapproach of the fingerprint based cryptography, fingerprint of two user are shared and

53


used to derive the key.

5.3.1 Security of Fingerprint

In this approach, we have used one way transformation of fingerprint templates togenerate cancelable templates. Original fingerprint generation or getting informationabout the fingerprint from the cancelable template is impractible. If the cancelabletemplate becomes compromised, then the template can be canceled and a new templatecan be issued.

In our approach, sender stores the cancelable template of receiver (CTR) alongwith own shuffle key (Sks). The CTR is XORed with CTS and the encoded templateCTRlock

is stored in the database of sender. Anyway, if the database is hacked by anattacker, the cancelable template of receiver (CTR) will not be decoded without thegenuine fingerprint and shuffle key (Sks) of the sender. It is only possible by the genuinesender.

On the other hand, cancelable fingerprint template of sender (CTS) is transmittedover unsecured channel by locking it with the cancelable template of receiver. Neitherthe cancelable template of receiver is shared with other nor the cancelable templateof receiver is transmitted over unprotected channel. Therefore, the locked cancelabletemplate (CTSlock

) of sender can be unlocked by the genuine receiver only.Nevertheless, the cryptographic key is generated from two cancelable templates of

sender and receiver, combinedly and the cryptographic key non-invertible. Computingthe cancelable templates as well as fingerprint data from any compromised session keyis difficult. In this way, the security of both fingerprints used in this approach for keygeneration is assured.

5.3.2 Security of Cryptographic Key

The cryptographic key generated in our approach is 256 bits long. It is not feasible toguess or break the key within a certain period. The key can be generated by an attackerif the attacker have both cancelable templates. The fingerprint data of sender(CTS)is shared in encoded form (CTSlock

) and genuine receiver’s fingerprint and shuffle key(SKr) are required to decode it. The fingerprint data of receiver (CTR) is not sharedthrough insecure channel. Receiver only sends a hash value (h(CTR)) of his cancelabletemplate. The key is not stored and not sent to receiver. So the key management issecured in this approach.

54


5.4 Conclusion

In this approach, authenticity of each communicating party is verified and only thelegitimate user can access the cancellable template of other user. The key generationprocess involves cancelable template transmission of one user over unsecured commu-nication channel.

In this approach, it is required to correct the errors in different instances of a finger-print. The implementation of this approach is not completed and an error correctioncoding is needed to handle the intra-class variation in fingerprint. This approach isevaluated with a theoritical security analysis.

55

Chapter 6

Conclusions and Future Work

Integration of biometric traits with traditional cryptography makes a stronger authen-tication component by binding the cryptographic key with user’s intrinsic distinctivetraits. Crypto-biometric systems are the solution to cryptographic key managementproblem. But it has some challenges regarding the security and privacy of biomet-ric traits call to be accounted in crypto-biometric systems. Moreover, another majorrequirement of cryptography is the key diversity which is difficult to address as thebiometric traits are irrevocable. In this thesis, we have proposed three approaches offingerprint-based cryptographic key generation to alleviate the afforesaid challenges.In every approach, we are able to generate revocable key from fingerprint data ofsender and receiver. Each approach has its advantage and limitation comparing toother approaches.

In our first approach, original feature sets extracted from fingerprints of sender andreceiver are exchanged with the help of steganographic ecoding and a shuffle key isused to randomize the elements of merged feature set. In this approach, both senderand receiver mutually agreed with two keys, stego and shuffle key. The key generationand activities of each party are shown in Fig. 6.1. In this approach, fingerprint identityof sender and receiver is revealed to each other.

Feature

Extraction

Steganographic

Encoding and

Transmit

Merging Feature Sets of

Sender and rteceiverHashShuffling Key

Shuffle

Key

Figure 6.1: An overview of our first proposed crypto-biometric system

In our second approach, we have used cancelable template of sender and receiver

56

Chapter 6. Conclusions and Future Work

to generate revocable key for cryptography. The cancelable template of both usersare transmitted to each other with steganography and merged to generate the key.The steps of key generation are shown in Fig 6.2 Cancelable template guarantees theprivacy of fingerprint data and cancelability of the fingerprint data as well as the keydivertsification of the users. Secondly, the key modification or revocability is easy toperform as it depends on a user specific shuffle key and it does not depend on otheruser.

Feature

Extraction

Steganographic

Encoding and

Transmit

Merging Feature Sets of

Sender and rteceiver

Key

generation

Shuffle

Key

Cancelable template

generation

Figure 6.2: An overview of our second proposed crypto-biometric system

In our third approach, we have used a different approach to integrate biometricsof sender and receiver with cryptography. Here, biometric data of receiver is lockedwith that of sender and is stored in the database of sender. It helps to verify theauthenticity of both user before the establishment of a secure communication. It alsoremoves the requirement of fingerprint data transmission through unsecured channel ofboth users. It assures that sender sends his biometric data to the genuine receiver andonly the genuine receiver is able to unlock the correct cancelable template of sender.An overview of this approach is given in Fig. 6.3.

⊕ CTlock

ReceiverFeature

Extraction

Cancelable

Transformation

Cancelable

Template (CTR)

Shuffle Key

SenderFeature

Extraction

Cancelable

Transformation

Cancelable

Template (CTS)

Shuffle Key

K

CTRKey

generate

⊕ SenderCancelable

TransformationCTS

⊕ ReceiverCancelable

TransformationCTR

Key

generateCTR

K

Database

Figure 6.3: An overview of our third proposed crypto-biometric system

In these approaches, generated key is revocable and non-invertible. If the crypto-

57

Chapter 6. Conclusions and Future Work

graphic key is compromised by an attacker, then the cryptographic key can be canceledand a new cryptographic can be issued for future communication using the same fin-gerprints of both users. Nevertheless, non-invertible characteristics of the generatedkey affirms that, the key when it is compromised, does not leak any information aboutfingerprints used for key generation. A comparison among all three approaches is givenin the following table ??.

Table 6.1: Comparison of three approaches

Fingerprint data exchangePrivacy andsecurity offingerprint

Approach Type Transmittedby

Method Key used Store Identitylost

Approach 1 FeatureSet

Both LSB Yes No Yes

Approach 2 Cancelabletemp.

Both LSB Yes No No

Approach 3 Cancelabletemp.

Sender XORlocking

No One No

Table 6.2: Comparison of three approaches in terms of key

Cryptographic keyApproach Revocable non-invertible Update depends onApproach 1 Yes Yes public shuffle keyApproach 2 Yes Yes User specific shuffle keyApproach 3 Yes Yes User specific shuffle key

In biometrics based cryptography, fuzziness of biometric is an issue. In every in-stance of fingerprint image, there is a variation which is known as error in fingerprintimage. This type of error should be handled using error correction code (ECC) in fin-gerprint based cryptography. If this drawback of fingerprint is addressed, then our thirdapproach can be implemented. Work is on to address this limitation of fingerprints.

58

Bibliography

[1] W. Stallings, Cryptography and Network Security: Principles and Practice, 5e,Prentice Hall, 2010.

[2] "Advance Encryption Standard (AES)", Federal Information Processing StandardsPublication 197 United States National Institute of Standards and Technology(NIST) November 26, 2001.

[3] S. Kanade, D. Petrovska-Delacretaz, B. Dorizzi, "Generating and Sharing Biomet-rics Based Session Keys for Secure Cryptographic Applications," Fourth IEEE In-ternational Conference on Biometrics: Theory Applications and Systems (BTAS),2010 , pp.1-7, 27-29 Sept. 2010.

[4] D. Maltoni, D. Maio, A. K. Jain, S. Prabhakar, Handbook of Fingerprint Recogni-tion, New York: Springer- Verlag, 2003.

[5] Feng Hao, Ross Anderson, and John Daugman, "Combining Crypto with Biomet-rics Effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088,2006.

[6] K. Nandakumar, A. Jain, and S. Pankanti, "Fingerprint-based fuzzy vault: Imple-mentation and performance" IEEE Trans.Inf. Forensics Security, vol. 2, no. 4, pp.744-757, 2007.

[7] A. Ross and A. K. Jain, "Information fusion in biometrics," Pattern Recognitionletters, 24, pp.2115-2125, Sept. 2003.

[8] Uludag, S. Pankanti, S. Prabhakar, and A.K. Jain, "Biometric Cryptosystems:Issues and Challenges," Proceedings of the IEEE, vol. 92, no. 6, pp. 948-960, June2004.

59

BIBLIOGRAPHY

[9] S. Dutta, A. Kar, B. N. Chatterji and N.C.Mahanti, "Network Security UsingBiometric And Cryptography," Lecture Notes in Computer, Springer, 2008. ISBN-978-3-540-88457-6: 38-44.

[10] S. Dutta, S. Chakraborty, N.C.Mahanti, "Fingerprint Based Cryptography Tech-nique for Improved Network Security," Journal of Computer Science and Engi-neering vol. 5, issue 2, February 2011.

[11] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, "Generating Can-cellable Fingerprint Templates," IEEE Transactions on Pattern Analysis and Ma-chine Intelligence, vol. 29, no. 4, pp. 561-572, April 2007.

[12] Sunil V. K. Gaddam and M. Lal, "Efficient Cancellable Biometric Key GenerationScheme for Cryptography," International Journal of Network Security’vol.11, no.2,pp.57-65, sep.2010.

[13] N. Lalithamani and K. P. Soman, "Towards Generating Irrevocable Key forCryptography from Cancelable Fingerprints," The 2nd International Conferenceon Computer Science and Information Technology, August 8 - 11, Beijing, China,2009.

[14] N. Lalithamani and K.P. Soman, "Irrevocable Cryptographic Key Generationfrom Cancelable Fingerprint Templates: An Enhanced and Effective Scheme," Eu-ropean Journal of Scientific Research, vol.31, no.3, pp.372-387, 2009.

[15] A. Jagadeesan, K. Duraiswamy, "Secured Cryptographic Key Generation fromMultimodal Biometrics: Feature Level Fusion of Fingerprint and Iris," Interna-tional Journal of Computer Science and Information Security,vol. 7, no. 2, pp.28-37, February 2010.

[16] A. Jagadeesan, T. Thillaikkarasi, K. Duraiswamy, "Cryptographic Key Gener-ation from Multiple Biometrics Modalities: Fusing Minutiae with Iris Feature,"International Journal of Computer Applications vol.2, no.6, June 2010.

[17] N. Lalithamani, K.P. Soman, "An Effective Scheme for Generating IrrevocableCryptographic Key from Cancelable Fingerprint Templates," International Journalof Computer Science and Network Security, Vol.9, No.3, pp: 183- 193, 2009.

[18] R. Cappelli, A. Erol, D. Maio and D. Maltoni, "Synthetic Fingerprint ImageGeneration", Proc. ICPR, vol. 3, pp. 475-478, September 2000.

60

BIBLIOGRAPHY

[19] A. Jain, U. Uludag, "Hiding Fingerprint Minutiae in Images", Proceedings ofThird Workshop on Automatic Identification Advanced Technologies (AutoID), vol.pp. 97-102, 2002.

[20] A. Jain, U. Uludag, "Hiding a Face in a Fingerprint Image", Proceedings of 16thInternational Conference on Pattern Recognition, , vol.3 pp. 756 - 759, 2002.

[21] A. Jain, U. Uludag, "Hiding Biometric Data", IEEE Transactions on PatternAnalysis and Machine Intelligence , vol.25 pp. 1494-1498, 2003.

[22] S. Kanade, D. Petrovska-Delacretaz, B. Dorizzi, "Multi-Biometrics Based Cryp-tographic Key Regeneration Scheme," IEEE 3rd International Conference onBiometrics: Theory, Applications and Systems BTAS ’09. pp.1-7, Sept. 2009.

[23] S. Kanade, D. Camara, E. Krichen, D. Petrovska-Delacretaz, B. Dorizzi, F. Evry,"Three Factor Scheme for Biometric-Based Cryptographic Key Regeneration UsingIris," In 6th Biometrics Symposium, BSYM, pp. 59-64, September 2008.

[24] V. Lokeswara Reddy, A. Subramanyam, and P. Chenna Reddy, "Implementationof LSB Steganography and its Evaluation for Various File Formats," Int. J.Advanced Networking and Applications, vol.02, Issue: 05, pp. 868-872, 2011.

[25] Fingerprint Verification Competition FVC2000, [Online].Available:http://bias.csr.unibo.it/fvc2000.

[26] Fingerprint Verification Competition FVC2002, [Online].Available:http://bias.csr.unibo.it/fvc2002.

[27] Fingerprint Verification Competition FVC2004, [Online].Available:http://biometrics.cse.msu.edu/fvc04db/index.html.

61

crypto-biometric systems for network...

Documents