Upload
ngodien
View
214
Download
0
Embed Size (px)
Citation preview
Bio-Crypto System
A Seminar Report
Submitted by:
Devyani Panchal (13IT60Q01)
Under the guidence
of
Dr. Debasis Samanta
in partial fulfillment for the award of the degree
of
Master of Technology
in
Information Technology
School of Information Technology
Indian Institute of Technology, Kharagpur
Kharagpur - 721302October 2013
Contents
1 Introduction 1
2 Key Generation with Fingerprint Template 4
2.1 System Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Feature Extraction from Fingerprint Image . . . . . . . . . . . . . 4
2.1.2 Steganographic Encoding . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.3 Steganographic Decoding . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.4 Merging Minutiae Data Sets . . . . . . . . . . . . . . . . . . . . . 6
2.1.5 Shuffle Key Update . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3 Key Generation with Cancelable Fingerprint Template 10
3.1 System Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1.1 Cancelable Template Generation . . . . . . . . . . . . . . . . . . 11
3.1.2 Sharing Cancelable Templates . . . . . . . . . . . . . . . . . . . . 12
3.1.3 Key Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4 Key Generation with Receiver’s Enrollement 16
4.1 System Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.1.1 Enrollment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.1.2 Session Key Generation and Sharing . . . . . . . . . . . . . . . . 17
4.1.3 Template Update . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.2.1 Security of Fingerprint . . . . . . . . . . . . . . . . . . . . . . . . 21
4.2.2 Security of Cryptographic Key . . . . . . . . . . . . . . . . . . . . 21
5 Conclusion 22
ii
Chapter 1
Introduction
Cryptography [1,2] is widely used in information security and network security. It assures
the security of information due to storage or transmission of information. The basic idea
behind cryptography is to transform a plaintext (P ) before being stored or transmitted,
into an encoded form (called ciphertext (C)) with the help of an encryption algorithm
(E) [1] and secret key (Ke). The Encrypted information (C) is transformed into plaintext
using a decryption algorithm (D) and a secret key (Kd). Therefore, the user who knows
the secret key (Kd), is able to decrypt the encoded message and on the basis of knowl-
edge of the key, the genuine user is authenticated in the traditional cryptography. In
cryptography, encryption-decryption algorithms are public and security of cryptography
depends on secrecy of the key which is used to decrypt the encrypted message. There are
two types of cryptography: symmetric cryptography and asymmetric cryptography. In
the first category of cryptography, same key is used for encryption and decryption. And,
before starting a communication session, the secret key is needed to share with other
user(s) who likes to communicate through symmetric cryptography. As an example, say,
sender S wants to transmit a message P to receiver R and both sender and receiver have
the secret key K. Sender encrypts the message on the basis of secret key and encryption
algorithm and the ciphertext is sent to receiver. On the other side, receiver decrypts
the ciphertext on the basis of decryption algorithm and secret key [3]. The symmet-
ric cryptography is illustrated in following Fig.1. In the symmetric cryptography, key
management is a major challenge.
Encryption Decryption
Plaintext
Ciphertext
Shared secret key
ReceiverSender
Plaintext
(a) Symmetric cryptography
Encryption Decryption
Plaintext
Ciphertext
ReceiverSender
Plaintext
Public key of receiver
Private key of receiver
(b) Asymmetric cryptography
Figure 1.1: Basic cryptography systems
In asymmetric cryptography, two different keys (mathematically related) are used for
1
Chapter 1. Introduction
encryption and decryption process. Each party has two keys, public key (Ke) which
is known to others and private key (Kd) which is known to its owner only. Now, let
sender wants to send a message (P ) to receiver and sender knows the public key of
receiver. Public key of receiver is used to encrypt the plain text by sender and private
key of receiver is used to decrypt the ciphertext by receiver. The steps of asymmetric
cryptography is illustrated in Fig.1.1b. In asymmetric cryptography, there is no need of
secure key sharing but it requires mathematical operation to compute the relation between
public and private keys. Moreover, this type of cryptography is too slow for a specific use
(e.g., when large amount of data needs to be transmitted). For better network security,
in practical system such as the Transport Layer Security (TLS) protocol, asymmetric
key cryptoghraphy is used to transmit a session key in a secured manner and then, the
session key is used in symmetric cryptography to transmit message securely during that
session [4]
In cryptography, security of the information depends on the key as the encryption
and decryption algorithms are public. If the key of the cryptography is compromised,
then the message is also become known to the third party (i.e. attacker). In general,
knowledge based (e.g., password) or token based authentication (e.g., smart card) is used
in cryptography. In other words, an user is authentic if the user knows the secret key or
has the token and that user can access the confidential message. Now, if the key is large
enough, it is difficult to memorize the secret key for its users. As an alternate, users store
it somewhere (e.g., in computer) and control the access to the secret key using another
authentication system (e.g., password based authentication) which possesses another se-
curity threat. Moreover, token or smart cards may be lost, stolen and password also may
be forgotten or may be guessed out with the help of dictionary attacks.
As an alternative to the above procedures [7] of key management, researchers have
advocated user’s biometric traits to manage cryptographic keys. Biometric is the physi-
ological or behavioral characteristics of a person and it is reliable to measure the identify
an individual uniquely. Therefore, biometric has the inherent potentiality to differen-
tiate a genuine individual from a fraudulent impostor. For this reason, biometric is
integrated with cryptography to enhance the security of traditional cryptography. Many
researchers are working on biometric based cryptography (known as crypto-biometric sys-
tem [5]) where the authentication is guaranteed by biometrics and information security
is guaranteed by the traditional cryptography. Authentication component of traditional
cryptography is replaced by biometric based authentication to remove the limitation of
memorizing cryptographic key as well as maintaining the secrecy of the key without
compromising the strength of cryptographic key.
In general there are three ways to integrate biometrics with cryptography namely 1)
key release, 2) key binding, and 3) key generation. In the key release mode, key release
mechanism and biometric template matching are completely decoupled. The biometric
template and cryptographic key are stored in a smart card or token or in computer as
2
Chapter 1. Introduction
separate entities. To release the cryptographic key, stored biometric and query biometric
are compared. The key is released only on the successful biometrics matching. In this
crypto-biometric systems, biometric template is stored and it is, again, vulnerable to
attacks.
In the key binding scheme, cryptographic key is considered as secret and it is hid-
den within a cryptographic construct (fuzzy vault, fuzzy commitment scheme [4]) using
biometrics. The secret key is released from the cryptographic construct if and only if
the genuine biometric is provided. This scheme of crypto-biometrics is shown in Fig.
1.2. Moreover, it is infeasible to extract the cryptographic key or biometrics from the
cryptographic framework without sufficient knowledge about either the biometrics or the
key. In this way, access to the cryptographic key is controlled and only legitimate users
can access the key when it is required. In biometric-based cryptographic key generation
Cryptographic Key
as secret (S)
Embedding key
into biometric template
Matching input
Template
with stored template
Biometrics template (T’)Biometrics template (T)
Released
Cryptographic Key
Biometrics Input biometrics
Store (S,T) If T=T’
Figure 1.2: Key binding scheme which binds cryptographic key with biometric
scheme, biometrics is used to generate cryptographic keys for encryption and decryption.
For this purpose, biometric features of an user is used to generate the cryptographic key
for encryption and similarly, when it is required to decrypt the message, the key is regen-
erated from a query biometrics using the same process. This type of key generation in
crypto-biometric systems is illustrated in Fig.1.3. As the key is generated from biometric
features which is inherent to an individual, it is impractical to guess out the original key
or generate the key from impostor’s biometrics.
Feature ExtractionHash/ Key
generation EncryptionBiometric
Feature ExtractionHash/ Key
generationDecryptionQuery biometric
Plaintext
Ciphertext
Plaintext
Features
Features
Figure 1.3: Key generation from biometric features
3
Chapter 2
Key Generation with Fingerprint
Template
In this chapter, we describe an approach to generate cryptographic key from fingerprints
of both communicating parties [5, 6]. To associate fingerprints of two users, fingerprint
data need to be transmitted to each other. In this approach, user’s biometric is integrated
with cryptography for enhancement of network security. Objective of this approach is to
generate a revocable key from irrevocable fingerprints for symmetric cryptography.
2.1 System Description
In this section, we discuss the approach in details. An overview of an approach is shown
in Fig. 2.1. In this approach, both sender and receiver extract minutiae points from their
own fingerprints. The minutiae data is exchanged between them using steganography.
The stego key is used by both parties for secure steganographic use. Both fingerprint
feature sets are combined, shuffled using shuffle key and finally the cryptographic key is
generated from it following a hash function. The above mentioned steps in this approach
are stated precisely in the following.
2.1.1 Feature Extraction from Fingerprint Image
This approach follow the NIST’s NBIS algorithm to extract the features (ridge end and
bifurcation) from a fingerprint image. The features are stored as (x, y, θ) form, where
(x,y) denotes coordinate value and θ is the orientation of a minutiae point. For example,
a sample of two fingerprint images and extracted minutiae points are shown in Fig. 2.2.
This approach considered only (x,y) coordinate value as the minutiae points in this work.
It extract minutiae based features from the fingerprint images of both sender and receiver.
4
Chapter 2. Key Generation with Fingerprint Template
Sender (S) Receiver (R)
Cover Image (IS) Cover Image (IR)Features Extraction (FS) Features Extraction (FR)
Steganographic Encoder
Merge both Feature Sets (FS, FR)
Steganographic Encoder
Steganographic Decoder Steganographic Decoder
Merge both Feature Sets (FS, FR)
Hash Hash
Steg
o K
ey (K
g )
Steg
o K
ey (K
g )
Shuffle Key (KS)
Cryptographic KeyCryptographic Key
FR
FS
FS
FR
Cryptographic Key is used for
secure communication
Figure 2.1: An overview of crypto-biometric system
(a) Sender’s Fingerprint (b) Receiver’s Fingerprint
M. No
X Y θ
1 12 33 270
2 13 76 247
: : : :
57 264 83 259
M. No
X Y θ
1 22 166 247
2 22 121 259
: : : :
38 311 90 270
(c) Minutiae points extracted from (a)
(d) Minutiae points extracted from (b)
Figure 2.2: (a) Sender’s Fingerprint, (b) Receiver’s fingerprint, (c) Minutiae points ex-tracted from (a) and (d) Minutiae points extracted from (b)
2.1.2 Steganographic Encoding
The minutiae data need to be sent to other site via a nonsecure channel. Both sender and
receiver use steganography based data hiding technology to hide their minutiae data into
a cover image (I) (of size M pixels, say). The minutiae points are converted into binary
stream is to be hidden into cover image using LSB steganography [14]. The stego key is
used to select the pixel locations of cover image where the minutiae data bits are to be
embedded. The stego image (Istego) is sent to the recipient from sender and vice-versa.
2.1.3 Steganographic Decoding
The stego image (Istego) is received. Hidden minutiae data are extracted from the stego
image using the decoding function and same stego key (Kg) which was used in encoding.
The stego key is used to locate the pixels where data embedding was done. Now, the
5
Chapter 2. Key Generation with Fingerprint Template
extracted binary stream is used to reconstruct the minutiae data sets.
• Select the pixels where embedding was done according to the stego key (Kg)
• Extract the hidden bits from the selected pixels (Istego(ki))
m′i = LSB(Istego(ki)); i = 1 to N (2.1)
where m′i is the ith bit of recovered message (i.e. minutiae data set), extracted from
kith pixel of stego image (Istego).
• All m′i are assembled to reconstruct minutiae data set.
2.1.4 Merging Minutiae Data Sets
The fingerprint minutiae points of sender (FS) and receiver (FR) are fused using feature
level fusion of minutiae points. Feature level fusion is achieved with concatenation of
two feature sets FS and FR to generate a combined feature set F . For this purpose, all
x coordinate values of FS are stored in a vector X and then all x-coordinate values of
FR are augmented to the vector X. Similarly the y-coordinate values of FS and FR are
combined and stored in another vector Y. These two vectors (X, Y) generate a new x,y
coordinates of F . The size of F is the total size of FS and FR. In the combined feature
set, redundancy of minutiae points may exist. The redundancy, if exists, is removed and
only unique minutiae points are selected from F. As an example, sample feature level
fusion of two feature sets. The elements of vectors X and Y are shuffled separately using
the shuffle key (KS).In this shuffling method, the vector elements where corresponding
key bits are 1 are sorted starting at the beginning, and the remaining elements where the
key bits are 0 are placed starting from the end. In this way, all elements of vector X and Y
are shuffled and the shuffled X,Y vectors result a modified F. Each corresponding element
of shuffled vectors (XS and Y S) is merged using XOR operation. For this purpose, xi and
yi (xi ∈ XS and yi ∈ Y S) are converted into binary numbers and bitwise XOR operation
is followed for all elements of XS and Y S. The results of bitwise XOR operation are
converted into decimal number and are stored in a vector Fcomb.
Fcombi = bitwiseXOR(xi, yi) (2.2)
The Fcomb is converted into binary stream and is stored in a new vector Fcode.
2.1.5 Shuffle Key Update
For better security measure, this approach propose to change the cryptographic key in
each session. In other words, if there is chance to compromise cryptographic key, then it
is desirable that the key must be canceled and a new key be used for the next session.
6
Chapter 2. Key Generation with Fingerprint Template
Further, it may note that if key is compromised, then fingerprint which is used to generate
the key is unused for ever. To tackle with this, this protocol should be to generate
revocable key from irrevocable fingerprint. To realize this, it update the shuffle key from
one session to another. Session wise shuffle key update procedure is shown in Fig.2.3.
Initiation to update shuffle key can be taken by sender or receiver. In every session, an
Sender (S) Receiver (R)
Stego Key (Kg), Shuffle Key
(KS)
Compute Fcode from FR, FS
Compute new shuffle key (KSS)
i.e. KSS = KS ⊕ Fcode
Compute hash of KSS i.e. h(KSS)
On success report
Replace KS by KSS
Otherwise KS is not updated
Stego Key (Kg), Shuffle Key
(KS)
Compute Fcode from FS, FR
Compute new shuffle key (KSR)
i.e. KSR = KS ⊕ Fcode
Compute hash of KSR i.e. h(KSR)
If h(KSR) = h(KSS)
Replace KS by KSR
Otherwise KS is not updated
Share Minutiae Data (FS, FR)
Send update request, h(KSS)
success / failure report
On successful shuffle key update, new shuffle keys are KSS and KSR where KSS = KSR
Figure 2.3: Shuffle key update
unique shuffle key is used to generate an unique session key from the fingerprint. After
the session is over, old shuffle key is destroyed and modified one is stored for next session
of communication. In this way, this approach can provide the diversity of cryptographic
key of fingerprint based symmetric cryptography.
2.2 Security Analysis
In this section, security efficacy of the approach is analyzed under different conditions.
In this system, both communicating parties exchange their fingerprint data and mutually
agree on two secrets like stego key and shuffle key.
Privacy of Fingerprints
This appraoch use least significant bit (LSB) based steganography to exchange finger-
prints data between sender and receiver. In this approach, stego key (Kg) is used to hide
7
Chapter 2. Key Generation with Fingerprint Template
fingerprint data in cover image. For each communication, a unique synthetic fingerprint
image (I) is used as cover image. An eavesdropper does not suspect the existence of
the genuine fingerprint data (i.e., minutiae points) due to high imperceptible stego image
(Istego). The cover image is not required to decode the hidden data from stego image.
An adversary with sufficient knowledge of decoding methods, is not able to extract the
correct fingerprint data from the stego images ISstego and IRstego of sender and receiver,
respectively, without possessing the Kg.
Both minutiae points sets of sender’s and receiver’s fingerprints are merged together
and x,y coordinates values are shuffled separately using a shuffle key to generate Fcomb. It
assures that Fcomb does not reveal the original coordinate values of minutiae points. Then,
it follows a bitwise XOR operation between (x, y) coordinates to lock x-coordinate values
with y-coordinate values. An attacker is not able to get the genuine Fcomb without the
knowledge of either x-coordinate or y-coordinate values. Finally, a hash function is used
to generate cryptographic key. Therefore, the cryptographic key is non-invertible, which
confirms that the cryptographic key does not leak any information about the fingerprints
of users.
Security of Cryptographic Key
In this approach, the cryptographic key is generated from the combination of two finger-
prints of sender and receiver. The key is not shared by them but generated at their end
separately. There is no need to store the key for the use in decryption. So the key is
secured from any attack. An attacker needs to compromise either (Kg, ISstego, I
Rstego, KS)
or (FS, FR, KS) to generate the genuine cryptographic key (K). Otherwise, the following
conditions arise for different attacks.
a. Known stego key attack: It means that the stego key Kg is compromised by
eavesdropper who eavesdrops both stego images. Next, as the shuffle key KS is unknown,
he has to guess the KS which is of 200 bits. Indeed, without KS, it is almost impossible
to compute the original cryptographic key even if both fingerprints data are known.
b. Known shuffle key attack: It happens when the token is stolen or lost and the
attacker gets access to the shuffle key (KS) but he has no knowledge about the fingerprints
data of genuine sender and receiver. In this case, the attacker has to guess minutiae points
for two fingerprints. Otherwise, he has to compute the key using imposter’s fingerprints
which may be available to him. As the fingerprint is unique for a person, there is a rare
chance to get the same fingerprint from imposter’s fingerprint database. The shuffle key
is updated in every session, which guarantees that, it is impractical to compute the KS
of previous session or the same of future session.
c. Known fingerprint attack: In this condition, we consider that the genuine
user (sender) who once communicated with another user (receiver) can make a threat to
the security of cryptographic key generated using other (i.e., receiver) fingerprint. We
consider that in different sessions, suppose a sender S is communicated with receiver R1,
8
Chapter 2. Key Generation with Fingerprint Template
R2, ..., RN ∈ R. Then S has complete knowledge about fingerprints of R1, R2, ..., RN .
Now, S can try to compromise the communication session established between Ri and Rj
(where i 6= j; i,j = 1, 2, ..., N and Ri, Rj ∈ R). In this approach, the shuffle key (KS)
is unique for a session established by a pair of sender and receiver. Therefore, S has to
break the KS to compromise the cryptographic key generated from the fingerprints of Ri
and Rj.
Another possibility to attack the cryptographic key in this perspective is that Ri has
the knowledge of fingerprint of S. And when S establish a session of communication with
S′
(where S′/∈ R), Ri try to break the cryptographic key with one known fingerprint
(FS) and one unknown fingerprint (FS′ ). Then the attacker has to break the KS and
fingerprint of S′.
d. Known key attack: In this case, we consider that the shuffle key KS and or cryp-
tographic key are compromised by the attacker. This approach assures that compromise
of one key (KS or K) does not affect the previous or future session. In this approach,
both KS and K are updated session wise. Initially, KS is randomly generated and time
to time it is updated with the help of Fcode. Cryptographic key (K) is revocable and is
used as a session key for symmetric cryptography. When the session is over, the current
session key is destroyed.
e. Resists replay attack: This approach can prevent replay attack using session
key. In every session of communication, a unique session key is used to establish a
secure communication between sender and receiver and the session key is destroyed after
the session. This approach is able to generate different cryptographic keys from two
fingerprint biometric traits. If an eavesdropper wants to make replay attack using a
message previously transmitted by legal users, then it will make no sense to the legal
user as the cryptographic key is changed. Even when stego image is used for replay
attack, eavesdropper is not able to decode the stego image without the stego key.
f. Resists man-in-middle attack: In this approach, fingerprints of communicating
parties are transmitted over nonsecure communication channel using data hiding scheme.
If the man-in-middle eavesdrops the stego image and is able to decode the original fin-
gerprint data by any means, then the man-in-middle requires the perfect knowledge of
secret shuffle key (KS). Otherwise, he is not able to generate the genuine key (K) and as
a result, is not able to decrypt the cipher text sent by genuine sender. In this way, this
approach resists man-in-middle attack.
The this approach can be enhanced with other biometric traits such as face and iris.
Further, more robustness can be achieved using multiple biometric traits into account.
9
Chapter 3
Key Generation with Cancelable
Fingerprint Template
In this chapter, we describe second approach of cryptographic key generation. Cancelable
templates [8, 9] of both communicating parties are used to generate cryptographic key.
Main features of this approach are as follows.
• Secure transmission of fingerprint data: Fingerprint template after transforma-
tion into cancelable template, is transmitted to other communicating party using
steganography.
• Revocability of fingerprint template: If the fingerprint templates are compromised
then it can be canceled and new fingerprint template can be issued easily.
• Cryptographic key revocability: As the key is generated from two cancelable fin-
gerprint templates, key can be updated easily by updating cancelable templates.
• Secure key management: In this protocol, cryptographic key is not transmitted to
the recipient and is not stored anywhere, hence key management is secured.
In this approach, both communicating parties are required to store their own shuffle
key for cancelable template generation. If the shuffle key is changed then the cancelable
template is also changed. Other than shuffle key which is user specific, both users need to
remember the stego key which is used to secure the steganography. Here, it use a common
password as seed to generate the stego key using pseudo random number generator.
3.1 System Description
Initially, both sender and receiver generate cancelable templates from their own finger-
print. These two cancelable templates are used to generate cryptographic key for sym-
metric cryptography. An overview of the approach is shown in Fig. 3.1. In the following,
different tasks in this approach are discussed.
10
Chapter 3. Key Generation with Cancelable Fingerprint Template
Feature Extraction Feature Extraction
Cancelable Transformation Cancelable Transformation
Ste
go
key
Ste
go
key
Sh
uff
lin
g k
ey
Sk
s
Sh
uff
lin
g k
ey
Sk
r
Steg. Encode
Steg. Decode
Steg. Encode
Steg. Decode
Master Template Generator Master Template Generator
Key Generator Key Generator
Cryptographic Key Cryptographic Key
Cover image Cover image
Sender Receiver
Figure 3.1: Key generation by sender and receiver
3.1.1 Cancelable Template Generation
Minutiae points are extracted from fingerprint image following the procedure as stated in
Section 3.1.1 of Chapter 3. The x, y-coordinate values are stored in two vectors (X, Y ).
Vector X contains x- coordinate values and vector Y contains y-coordinate values of
minutiae points.
Cancelable Transformation
The original minutiae points are not used directly in a secured biometric system. Once
the biometric data is compromised, the biometric will be useless forever. Biometric
data is not cancelable inherently. Therefore, it is required to transform the irrevocable
biometric [10–12] data into revocable before use in the cryptography. This approach
used a shuffle based transformation. For the transformation, both sender and receiver
randomly generate their shuffle keys which are used to randomize the values of (Xs, Y s)
and (Xr, Y r) vectors respectively.
• Sks = shuffle key of sender
• Skr = shuffle key of receiver
Shuffling of the elements of X and Y vectors individually The elements of the
vector Xs are shuffled with the methods given below. In this shuffling method, the vector
elements where corresponding key bits are 1 are sorted starting at the beginning, and
the remaining elements where the key bits are 0 are placed starting from the end. The
shuffling method is explained in details in Chapter 3. This process is also applied to
shuffle the vector Y s, Xr and Y r. Now these shuffled vectors of (Xs, Y s, Xr, Y r) are
11
Chapter 3. Key Generation with Cancelable Fingerprint Template
represented by (Xssh, Y s
sh, Xrsh, Y r
sh) respectively. The original positions of minutiae points
of fingerprint are randomized in this way shuffling. An adversary is not able to locate
the original position of minutiae points from the shuffled vectors. Merging shuffled
vectors Each element of vector Xssh and vector Y s
sh is merged using the bitwise XOR
operation. The result is stored in Dxy vector. Here bitwise XOR operation locks the
elements of (Xssh and (Y s
sh with each other. The resultant of XOR operation does not
leak any information about the inputs. Now, the redundancy, if exist, are removed from
the Dxy vector and the unique data are stored in a vector CTS. This is the cancelable
template of sender’s fingerprint. Similarly, shuffle vectors Xrsh and Y r
sh are also merged by
the receiver and the unique data are stored in a vector (CTR). The CTR is the camcelable
template of receiver’s fingerprint.
3.1.2 Sharing Cancelable Templates
The cancelable templates need to be sent to other site via a nonsecure channel. Both
users send their cancelable template to each other using data hiding technique.
A. Steganographic Encoding
Both sender and receiver use steganography based data hiding technology to hide their
cancelable template in a cover (i.e. host) image (Icover). The updated cover image where
data is hidden, is called stego image (Istego). A secret key (Kg) is used to select the pixels
in the data embedding technique. The secret key is shared with the recipient before
sending the stego image.
Sender selects a synthetic fingerprint image as the host image (IScover). The cancelable
template (CTS) is converted into binary stream and embedded into the selected pixels of
host image using LSB based steganographic encoder. The resulting image is the stego
image which is sent to receiver. Similarly, receiver also selects another synthetic finger-
print as his cover image (IRcover) (here IScover 6= IRcover)and hides his cancelable template
(CTR) in that cover image using the same secret key (Kg) and sends the stego image to
the sender.
B. Steganographic Decoding
Hidden cancelable template data are extracted from stego image (Istego) using the decod-
ing function and the same secret key (Kg). The secret key is used to locate the pixels
where cancelable template data were embedded. This way, sender and receiver both ex-
tract the cancelable templates of other user. Now, the extracted binary stream is decoded
to reconstruct the CTS and CTR by receiver and sender, respectively.
12
Chapter 3. Key Generation with Cancelable Fingerprint Template
3.1.3 Key Generation
Key generation process consists of two steps, namely, master template generation and
cryptographic key generation. Both steps are discussed in the following.
A. Master Template Generation from Cancelable Templates
The goal is to generate a cryptographic key of length Nk bits from the fingerprints of
sender and receiver. Now the key is generated with the equal contribution of CTS and
CTR. For the reason, each vector is normalized and resized to Nk
2elements.
If the cancelable template (CTS) has more elements than Nk
2then only first Nk
2ele-
ments are considered in the new cancelable template(C ′TS). But if the size of cancelable
template(CTS) is less than the Nk/2. In this case, pseudo random numbers are added to
CTS. Arithmetic mean (u) of the elements of CTS is used as the seed value and numbers
are generated within the range of minimum (umin) and maximum (umax) elements of the
cancelable templates (CTS) using the following equation.
ur = umin + {rand()%(umax − umin)}; |CTS| < r ≤ Nk
2(3.1)
These pseudo random numbers can be generated by both sender and receiver using the
equation with the same seed value. These numbers are appended to the CTS to generate
C ′TS.
C ′TS = CTS‖ur‖ur+1‖...‖uNk2
(3.2)
Similarly, C ′TR is also generated by normalizing CTR. These two modified cancelable
templates (i.e. C ′TS and C ′TR) are concatenated and stored in a vector MT . This (MT )
vector is the master template , generated from the data of both fingerprints. Both sender
and receiver generate master template following the same method at their ends.
B. Key Generation from Master Template
In this step, cryptographic key is generated from the master template (MT ). Each element
of the master template generates one bit of the cryptographic key. The ith element
generates ith bit of the key. In this way, symmetric cryptographic key (K) of 256 bits is
generated from the vector MT using the following equation.
Ki = MTimod 2; i = 1 to Nk (3.3)
This way, sender and receiver, both can derive the same cryptographic key for the use of
symmetric cryptography. This key establishes a session of secure communication between
the sender and receiver. To update the cryptographic key, shuffle key of the users can be
updated and a new key can be generated from the same fingerprints.
13
Chapter 3. Key Generation with Cancelable Fingerprint Template
3.2 Security Analysis
This approach addresses four security issues: (i) Secure sharing of biometric templates (ii)
privacy of biometric identity (iii) security of cryptographic key and (iv) key revocability.
Secure Sharing of Biometric Templates
Cryptographic key is generated from two fingerprints of two different persons. The fin-
gerprint data of each user is shared with other user using least significant bit (LSB) based
steganography. Extraction of hidden fingerprint data from stego image (Istego) is not pos-
sible without the stego key (Kg). An interceptor can do nothing with the stego image if
the stego key is unknown to him. An user can send his cancelable template (Ci+1TS ) which
is different from previously sent cancelable template (CiTS) using a different cover image
(i.e. Ioldcover 6= Inewcover). The cover image is not required to extract the hidden message from
stego image. This can resist known cover image attacks or known stego image attacks.
In this approach, no original biometric is used as cover image but synthetic fingerprint is
used as cover image. In this way, the fingerprint data is shared securely and it is secured
from man-in-middle attack.
Privacy of Biometric Identity
In this approach, both sender and receiver do not share their original fingerprint images
or raw fingerprint templates (MPS and MPR). They share the non-invertible cancelable
templates (CTS and CTR) of their fingerprints. The cancelable transformation (say, Fc)
used in this approach, is a one way transformation and there is no inverse transformation
(F−1c ). This affirms that generation of original template of receiver or sender from shared
cancelable template is not feasible by sender or receiver. Moreover, the cryptographic
key is non-invertible and tracing any candidate fingerprint from the key is not feasible.
In this way the approach is free from fingerprint identity threat.
Security of Cryptographic Key
In this approach, the cryptographic key is generated from the combination of two fin-
gerprints of sender and receiver. The key is not shared by them but generated at their
end separately. There is no need to store the key for the use in cryptography. As the
cryptographic key is directly derived from two fingerprints, an attacker, without these
fingerprint data, is not able to break this cryptographic key. The key is of 256 bits and is
required 2256 searches for brute force attack. For the irreversible nature of the generated
key, generation of the cancelable templates (CTS and CTR) are also impossible. In this
approach, if the key or cancelable templates are compromised anyway, new cancelable
templates as well as the new key can be generated easily by modifying the shuffle key
only. Every time, the cancelable template is generated using a random shuffle key which
14
Chapter 3. Key Generation with Cancelable Fingerprint Template
is independent to previous or future shuffle key. The cryptographic key satisfies forward
secrecy and backward secrecy. In other words, if any cryptographic key is known to an
adversary, he is not able to know the keys of previous sessions or future sessions from the
compromised key.
Key Revocability
Revocability of the cryptographic key is a prime requirement for symmetric cryptography.
Cryptographic key may be compromised and new key is required to reissue. Key revo-
cability is also essential for session based symmetric cryptography. In this approach, key
revocability is provided by cancelable template. The shuffle key is changed and is used
to generate a new cancelable template. Every new cancelable template generates a new
cryptographic key. In this way, this approach is able to generate revocable cryptographic
key as well as session key.
15
Chapter 4
Key Generation with Receiver’s
Enrollement
In session-based communication, session key is shared with other communicating party
before starting a secured session of communication between sender and receiver. In this
type of communication, initially, session key is generated randomly and transmitted to
other user using public key cryptography. Then, the shared key is used in symmetric
cryptography for message transmission between sender and receiver. In this protocol,
a major issue is authentication of the communicating parties. The authentication of
the sender and receiver is verified by a trusted third party certification. Hence, the
authenticity depends on the reliability of a third party.
In biometric-based symmetric cryptography, where biometric data of both users are
used to generate and share cryptographic key, an authenticity verification is also required
before sharing their biometric data with each other. In this situation, there are two
issues. Both fingerprint data, which are transmitted over (unsecured) channel, can be
intercepted by an attacker and attacker can generate the key using the algorithm.
To overcome this problem, a theoritical approach is used where biometric data of the
receiver is enrolled with sender. The stored biometric data can be used to authenticate
its owner (i.e. receiver) and as it is stored in senders’ side, it is not required to transmit
to other user (sender) for key generation. In this approach, biometric data of one user
is transmitted over unsecured channel to other user. Nevertheless, the stored cancelable
template is used to transmit the cancelable template of sender securely. This approach
removes the requirement of third party certification for authentication. At the time of
enrollment, we propose to store cancelable biometrics and thus preserving the privacy of
the biometric identity of the owner.
16
Chapter 4. Key Generation with Receiver’s Enrollement
4.1 System Description
This approach attempts to overcome some limitations in the first two approaches dis-
cussed in Chapter 3 and Chapter 4. In this approach it follow the same technique for
cancelable transformation of fingerprint templates as used in the approaches. This ap-
proach consists of three steps enrollment, session key generation and template update.
4.1.1 Enrollment
At the sender site, a database is maintained to store the biometric data of the receiver.
This approach is known as enrollment of receiver by the sender. This approach to enrolling
receiver is as follows. First, it assume that minutiae (ridge termination and bifurcation)
points are extracted from the fingerprint image of sender and receiver at their own site and
feature vactors of their biometric data are extracted. Second, both sender and receiver
generate cancelable template (CTS, CTR) from their feature vector using their user specific
shuffle key (Sks, Sks) as discussed in Section 4.1. Third, cancelable template of receiver
(CTR) is XORed with Cancelable template of sender (CTS) to lock the CTR and CTRlock
is stored in the database of sender.
Sender (S) Receiver (R)
Cancelable Transformation
Cancelable Transformation
Shuffle Key(Skr)
Shuffle Key(Sks)
XOR
CTS
CTR
CTRlockFeature
Extraction
Feature ExtractionEnrolled
data
Figure 4.1: Enrollment process
4.1.2 Session Key Generation and Sharing
After the enrollment process, session key is generated from the cancelable templates of
sender and receiver. At the time of key generation and authentication, test fingerprint
of sender is captured and minutiae points are extracted. Test cancelable template (C ′TS)
is generated using same transformation and shuffle key (SKs). The locked template (
CTRlock) is unlocked by XORing it with test cancelable template (( CTR = CTRlock
⊕C ′TS
)). Initially sender and receiver both have their own shuffle keys and locked cancelable
templates of receiver are stored at sender’s database. The key generation and sharing
method is shown in Fig. 4.2. When receiver wants to communicate securely with sender
following steps are carried out.
1. Receiver sends authentication request to sender.
17
Chapter 4. Key Generation with Receiver’s Enrollement
2. Sender acknowledge the receiver’s request.
3. Receiver generates a test cancelable template (C ′TR) with his own shuffle key SKrfrom
a fresh fingerprint and sends the hash value (h(C ′TR)) to sender.
4. Sender also generates a test cancelable template (C ′TS) from his fingerprint with his
shuffle key (SKs).
5. Sender unlock the locked cancelable template (CTRlock) stored in the database and
generates the hash value h(CTR).
6. Sender compare the received hash value (h(C ′TR)) with the generated hash value
(h(CTR)). If both are same then the receiver is authentic and cryptographic key is
generated from the cancelable templates of sender and receiver. Cryptographic Key
Ksr = GenKey(CTR,CTS) GenKey is already described in the previous chapter.
7. Sender lock his own cancelable template (CTS) with the stored cancelable template
of receiver (CTR). CTSlock= CTS ⊕ CTR.
8. Sender sends the CTSlockto the receiver.
9. Receiver unlocks CTSlockby XORing his own C ′TR and generate the cryptographic
key. Cryptographic Key Ksr= GenKey(C ′TR,CTS).GenKey is an algorithm for key
generation from cancelable templates discussed in previous chapter. Now sender
and receiver both have the same key (Ksr).
10. The generated key (Ksr) can be treated as session key and using this key commu-
nication can be started securely.
In the above mentioned steps, it use a XOR based hash function to compute the hash
value of the cancelable template using the following method. The cancelable template
(CTR) is represented as bit stream and the size of CTR is divided by the size of expected
hash value (|h(CTR)|). If there exists any reminder of the division then required number
of zero is added with the remainder. Then, first block is XORed with second block and
the resultant is XORed with the third block and so on. Finally, all blocks except first
two blocks, are XORed with the previous result and hash value is computed.
In this approach, authentication of sender and receiver is verified in following way.
The cancelable template of receiver is stored at the database of sender and it is locked
by the cancelable template of sender. Hence, only genuine sender is able to unlock
the cancelable template of receiver using his own fingerprint data. Secondly, the hash
of cancelable template of receiver which is enrolled, is matched with the hash value
sent by requestor and these are matched only when genuine receiver requests using his
own fingerprint data. In this way, both users are authenticated themselves with their
cancelable templates before starting of secure communication.
18
Chapter 4. Key Generation with Receiver’s Enrollement
Shuffle key Sks,
Locked CTR (CTR_lock)Shuffle key Skr
Secured communication established
Generate C’TR from fresh
fingerprint of Receiver using Skr
Generate CTS from fresh
fingerprint of Sender using Sks
Unlock CTR as
CTR = CTR_lock ⊕ CTS
Unlock CTS as CTS = CTS_lock ⊕ CTR
Compute hash of C’TR, h(C’TR )
Compute hash of CTR
If h(CTR ) = h(C’TR ) then
Compute Cryptographic Key
KSR = GenKey (CTS, CTR)
Compute Cryptographic Key
KSR = GenKey (CTS, CTR)
Request Accepted
User Id, h(C’TR)
CTS_lock
Authentication Request
Sender (S) Receiver (R)
Figure 4.2: Session key generation and sharing
After the establishment of the secure communication between sender and receiver,
both can transfer data through this channel securely using the symmetric cryptography.
As the key (Ksr) is a session key, it is valid only for that session and after the session it is
destroyed. For any new session, a unique key can be generated by modifying the shuffle
keys as well as cancelable templates.
4.1.3 Template Update
In this approach, template is required to update for two reasons. The cancelable template
of receiver is stored in the database and this template is required to update time to time
for its’ security. The cryptographic key is also required to update for better security of the
crypto-biometric system. As the key is generated from cancelable template, modification
of the key depends on the modification of cancelable templates. In this approach, sender
updates his cancelable template locally with a new shuffle key. On the other hand, it is
difficult to update the cancelable template of receiver as the database of sender is also
required. In both cases, shuffle key of the specific user is required to generate an updated
cancelable template.
Update Cancelable Template of Sender
The cancelable template of sender is updated locally by sender. The steps are given
below.
1. Sender generates the same cancelable template (CTS) from fingerprint minutiae
using same shuffle key (SKs).
19
Chapter 4. Key Generation with Receiver’s Enrollement
2. Sender unlocks the cancelable template of receiver (CTR) using sender’s own can-
celable template i.e., CTR = CTRlock⊕ CTS.
3. Sender generates a new shuffle key (S ′ks) randomly, that is, Sks 6= S ′ks.
4. Sender generates a new cancelable template (C ′TS) using the new shuffle key (S ′ks).
5. Sender locks the cancelable template (CTR) of receiver with his updated cancelable
template, i.e., CTRlock= CTR ⊕ C ′TS.
6. Sender replaces his old shuffle key (Sks) by new shuffle key (S ′ks).
Update Cancelable Template of Receiver
Cancelable template of receiver is stored at the database of sender. Hence, update of
receiver’s template requires update of sender’s database also. The steps followed in this
process are given below.
1. Receiver generates a new shuffle key (S ′kr) and generate a new cancelable template
(C ′TR).
2. Receiver computes the bitwise XOR value between CTR and C ′TR as follows Rxor =
CTR ⊕ C ′TR.
3. Receiver sends an update template request along with Rxor to sender.
4. Sender also generates CTS from his fingerprint and unlock CTR from CTRlock.
5. Sender extracts the new template (C ′TR) of receiver from Rxor and computes the
Hamming distance (dH) between C ′TR and CTR.
6. If the Hamming distance satisfies the threshold value, then sender updates the
cancelable template of receiver and locks it with CTS and replaces the old CTRlock
with new one.
7. Sender sends update confirmation report along with dH to receiver.
8. Receiver computes the Hamming distance and compare it with dH . If it matches
then the shuffle key (Skr) of the receiver is replaced by new shuffle key (S ′kr).
In this approach, cancelable template is used to generate revocable key. Whenever, key
modification is required, at least one of the cancelable templates needs to be updated. To
update the cancelable template of any user, shuffle key modification is required. There-
fore, it is easy to update cryptographic key in our approach.
20
Chapter 4. Key Generation with Receiver’s Enrollement
4.2 Security Analysis
Security of the Crypto-Biometric system includes the security of the used biometric and
generated cryptographic key. If the system reveals any information about the used bio-
metric then the biometric identity can be disclosed to the third party. In this approach of
the fingerprint based cryptography, fingerprint of two user are shared and used to derive
the key.
4.2.1 Security of Fingerprint
In this approach, they have used one way transformation of fingerprint templates to gen-
erate cancelable templates. Original fingerprint generation or getting information about
the fingerprint from the cancelable template is impractible. If the cancelable template
becomes compromised, then the template can be canceled and a new template can be
issued.
In this approach, sender stores the cancelable template of receiver (CTR) along with
own shuffle key (Sks). The CTR is XORed with CTS and the encoded template CTRlockis
stored in the database of sender. Anyway, if the database is hacked by an attacker, the
cancelable template of receiver (CTR) will not be decoded without the genuine fingerprint
and shuffle key (Sks) of the sender. It is only possible by the genuine sender.
On the other hand, cancelable fingerprint template of sender (CTS) is transmitted
over unsecured channel by locking it with the cancelable template of receiver. Neither
the cancelable template of receiver is shared with other nor the cancelable template
of receiver is transmitted over unprotected channel. Therefore, the locked cancelable
template (CTSlock) of sender can be unlocked by the genuine receiver only.
Nevertheless, the cryptographic key is generated from two cancelable templates of
sender and receiver, combinedly and the cryptographic key non-invertible. Computing
the cancelable templates as well as fingerprint data from any compromised session key
is difficult. In this way, the security of both fingerprints used in this approach for key
generation is assured.
4.2.2 Security of Cryptographic Key
The cryptographic key generated in this approach is 256 bits long. It is not feasible to
guess or break the key within a certain period. The key can be generated by an attacker
if the attacker have both cancelable templates. The fingerprint data of sender(CTS) is
shared in encoded form (CTSlock) and genuine receiver’s fingerprint and shuffle key (SKr)
are required to decode it. The fingerprint data of receiver (CTR) is not shared through
insecure channel. Receiver only sends a hash value (h(CTR)) of his cancelable template.
The key is not stored and not sent to receiver. So the key management is secured in this
approach.
21
Chapter 5
Conclusion
Integration of biometric traits with traditional cryptography makes a stronger authenti-
cation component by binding the cryptographic key with user’s intrinsic distinctive traits.
Crypto-biometric systems are the solution to cryptographic key management problem.
But it has some challenges regarding the security and privacy of biometric traits call
to be accounted in crypto-biometric systems. Moreover, another major requirement of
cryptography is the key diversity which is difficult to address as the biometric traits
are irrevocable. In this report, we have discussed three approaches of fingerprint-based
cryptographic key generation. In every approach, system is able to generate revocable
key from fingerprint data of sender and receiver. Each approach has its advantage and
limitation comparing to other approaches.
22
Bibliography
[1] ”Advance Encryption Standard (AES)”, Federal Information Processing Standards
Publication 197 United States National Institute of Standards and Technology (NIST)
November 26, 2001.
[2] S. Dutta, A. Kar, B. N. Chatterji and N.C.Mahanti, ”Network Security Using Bio-
metric And Cryptography,” Lecture Notes in Computer, Springer, 2008. ISBN-978-3-
540-88457-6: 38-44.
[3] A. Jain, U. Uludag, ”Hiding Biometric Data,” IEEE Transactions on Pattern Analysis
and Machine Intelligence , vol.25 pp. 1494-1498, 2003.
[4] S. Kanade, D. Petrovska-Delacretaz, B. Dorizzi, ”Generating and Sharing Biometrics
Based Session Keys for Secure Cryptographic Applications,” Fourth IEEE Interna-
tional Conference on Biometrics: Theory Applications and Systems (BTAS), 2010 ,
pp.1-7, 27-29 Sept. 2010.
[5] Feng Hao, Ross Anderson, and John Daugman, ”Combining Crypto with Biometrics
Effectively,” IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, 2006.
[6] A. Ross and A. K. Jain, ”Information fusion in biometrics,” Pattern Recognition
letters, 24, pp.2115-2125, Sept. 2003.
[7] Uludag, S. Pankanti, S. Prabhakar, and A.K. Jain, ”Biometric Cryptosystems: Issues
and Challenges,” Proceedings of the IEEE, vol. 92, no. 6, pp. 948-960, June 2004.
[8] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, ”Generating Cancellable
Fingerprint Templates,” IEEE Transactions on Pattern Analysis and Machine Intel-
ligence, vol. 29, no. 4, pp. 561-572, April 2007.
[9] Sunil V. K. Gaddam and M. Lal, ”Efficient Cancellable Biometric Key Generation
Scheme for Cryptography,” International Journal of Network Security’ vol.11, no.2,
pp.57-65, sep.2010.
[10] N. Lalithamani and K. P. Soman, ”Towards Generating Irrevocable Key for Cryptog-
raphy from Cancelable Fingerprints,” The 2nd International Conference on Computer
Science and Information Technology, August 8 - 11, Beijing, China, 2009.
23
BIBLIOGRAPHY
[11] N. Lalithamani and K.P. Soman, ”Irrevocable Cryptographic Key Generation from
Cancelable Fingerprint Templates: An Enhanced and Effective Scheme,” European
Journal of Scientific Research, vol.31, no.3, pp.372-387, 2009.
[12] N. Lalithamani, K.P. Soman, ”An Effective Scheme for Generating Irrevocable
Cryptographic Key from Cancelable Fingerprint Templates,” International Journal of
Computer Science and Network Security, Vol.9, No.3, pp: 183- 193, 2009.
[13] A. Jain, U. Uludag, ”Hiding Fingerprint Minutiae in Images,” Proceedings of Third
Workshop on Automatic Identification Advanced Technologies (AutoID), vol. pp. 97-
102, 2002.
[14] V. Lokeswara Reddy, A. Subramanyam, and P. Chenna Reddy, ”Implementation
of LSB Steganography and its Evaluation for Various File Formats,” Int. J. Advanced
Networking and Applications, vol.02, Issue: 05, pp. 868-872, 2011.
24