Bio-Crypto Systemcse.iitkgp.ac.in/~dsamanta/resources/thesis/Devyani... · 2017-06-23 · Chapter 1 Introduction Cryptography [1,2] is widely used in information security and network

Bio-Crypto System

A Seminar Report

Submitted by:

Devyani Panchal (13IT60Q01)

Under the guidence

of

Dr. Debasis Samanta

in partial fulfillment for the award of the degree

of

Master of Technology

in

Information Technology

School of Information Technology

Indian Institute of Technology, Kharagpur

Kharagpur - 721302October 2013

Contents

1 Introduction 1

2 Key Generation with Fingerprint Template 4

2.1 System Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.1.1 Feature Extraction from Fingerprint Image . . . . . . . . . . . . . 4

2.1.2 Steganographic Encoding . . . . . . . . . . . . . . . . . . . . . . . 5

2.1.3 Steganographic Decoding . . . . . . . . . . . . . . . . . . . . . . . 5

2.1.4 Merging Minutiae Data Sets . . . . . . . . . . . . . . . . . . . . . 6

2.1.5 Shuffle Key Update . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 Key Generation with Cancelable Fingerprint Template 10


3.1.1 Cancelable Template Generation . . . . . . . . . . . . . . . . . . 11

3.1.2 Sharing Cancelable Templates . . . . . . . . . . . . . . . . . . . . 12

3.1.3 Key Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13


4 Key Generation with Receiver’s Enrollement 16


4.1.1 Enrollment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4.1.2 Session Key Generation and Sharing . . . . . . . . . . . . . . . . 17

4.1.3 Template Update . . . . . . . . . . . . . . . . . . . . . . . . . . . 19


4.2.1 Security of Fingerprint . . . . . . . . . . . . . . . . . . . . . . . . 21

4.2.2 Security of Cryptographic Key . . . . . . . . . . . . . . . . . . . . 21

5 Conclusion 22

ii

Chapter 1

Introduction

Cryptography [1,2] is widely used in information security and network security. It assures

the security of information due to storage or transmission of information. The basic idea

behind cryptography is to transform a plaintext (P ) before being stored or transmitted,

into an encoded form (called ciphertext (C)) with the help of an encryption algorithm

(E) [1] and secret key (Ke). The Encrypted information (C) is transformed into plaintext

using a decryption algorithm (D) and a secret key (Kd). Therefore, the user who knows

the secret key (Kd), is able to decrypt the encoded message and on the basis of knowl-

edge of the key, the genuine user is authenticated in the traditional cryptography. In

cryptography, encryption-decryption algorithms are public and security of cryptography

depends on secrecy of the key which is used to decrypt the encrypted message. There are

two types of cryptography: symmetric cryptography and asymmetric cryptography. In

the first category of cryptography, same key is used for encryption and decryption. And,

before starting a communication session, the secret key is needed to share with other

user(s) who likes to communicate through symmetric cryptography. As an example, say,

sender S wants to transmit a message P to receiver R and both sender and receiver have

the secret key K. Sender encrypts the message on the basis of secret key and encryption

algorithm and the ciphertext is sent to receiver. On the other side, receiver decrypts

the ciphertext on the basis of decryption algorithm and secret key [3]. The symmet-

ric cryptography is illustrated in following Fig.1. In the symmetric cryptography, key

management is a major challenge.

Encryption Decryption

Plaintext

Ciphertext

Shared secret key

ReceiverSender

Plaintext

(a) Symmetric cryptography

Encryption Decryption

Plaintext

Ciphertext

ReceiverSender

Plaintext

Public key of receiver

Private key of receiver

(b) Asymmetric cryptography

Figure 1.1: Basic cryptography systems

In asymmetric cryptography, two different keys (mathematically related) are used for

1

Chapter 1. Introduction

encryption and decryption process. Each party has two keys, public key (Ke) which

is known to others and private key (Kd) which is known to its owner only. Now, let

sender wants to send a message (P ) to receiver and sender knows the public key of

receiver. Public key of receiver is used to encrypt the plain text by sender and private

key of receiver is used to decrypt the ciphertext by receiver. The steps of asymmetric

cryptography is illustrated in Fig.1.1b. In asymmetric cryptography, there is no need of

secure key sharing but it requires mathematical operation to compute the relation between

public and private keys. Moreover, this type of cryptography is too slow for a specific use

(e.g., when large amount of data needs to be transmitted). For better network security,

in practical system such as the Transport Layer Security (TLS) protocol, asymmetric

key cryptoghraphy is used to transmit a session key in a secured manner and then, the

session key is used in symmetric cryptography to transmit message securely during that

session [4]

In cryptography, security of the information depends on the key as the encryption

and decryption algorithms are public. If the key of the cryptography is compromised,

then the message is also become known to the third party (i.e. attacker). In general,

knowledge based (e.g., password) or token based authentication (e.g., smart card) is used

in cryptography. In other words, an user is authentic if the user knows the secret key or

has the token and that user can access the confidential message. Now, if the key is large

enough, it is difficult to memorize the secret key for its users. As an alternate, users store

it somewhere (e.g., in computer) and control the access to the secret key using another

authentication system (e.g., password based authentication) which possesses another se-

curity threat. Moreover, token or smart cards may be lost, stolen and password also may

be forgotten or may be guessed out with the help of dictionary attacks.

As an alternative to the above procedures [7] of key management, researchers have

advocated user’s biometric traits to manage cryptographic keys. Biometric is the physi-

ological or behavioral characteristics of a person and it is reliable to measure the identify

an individual uniquely. Therefore, biometric has the inherent potentiality to differen-

tiate a genuine individual from a fraudulent impostor. For this reason, biometric is

integrated with cryptography to enhance the security of traditional cryptography. Many

researchers are working on biometric based cryptography (known as crypto-biometric sys-

tem [5]) where the authentication is guaranteed by biometrics and information security

is guaranteed by the traditional cryptography. Authentication component of traditional

cryptography is replaced by biometric based authentication to remove the limitation of

memorizing cryptographic key as well as maintaining the secrecy of the key without

compromising the strength of cryptographic key.

In general there are three ways to integrate biometrics with cryptography namely 1)

key release, 2) key binding, and 3) key generation. In the key release mode, key release

mechanism and biometric template matching are completely decoupled. The biometric

template and cryptographic key are stored in a smart card or token or in computer as

2

Chapter 1. Introduction

separate entities. To release the cryptographic key, stored biometric and query biometric

are compared. The key is released only on the successful biometrics matching. In this

crypto-biometric systems, biometric template is stored and it is, again, vulnerable to

attacks.

In the key binding scheme, cryptographic key is considered as secret and it is hid-

den within a cryptographic construct (fuzzy vault, fuzzy commitment scheme [4]) using

biometrics. The secret key is released from the cryptographic construct if and only if

the genuine biometric is provided. This scheme of crypto-biometrics is shown in Fig.

1.2. Moreover, it is infeasible to extract the cryptographic key or biometrics from the

cryptographic framework without sufficient knowledge about either the biometrics or the

key. In this way, access to the cryptographic key is controlled and only legitimate users

can access the key when it is required. In biometric-based cryptographic key generation

Cryptographic Key

as secret (S)

Embedding key

into biometric template

Matching input

Template

with stored template

Biometrics template (T’)Biometrics template (T)

Released

Cryptographic Key

Biometrics Input biometrics

Store (S,T) If T=T’

Figure 1.2: Key binding scheme which binds cryptographic key with biometric

scheme, biometrics is used to generate cryptographic keys for encryption and decryption.

For this purpose, biometric features of an user is used to generate the cryptographic key

for encryption and similarly, when it is required to decrypt the message, the key is regen-

erated from a query biometrics using the same process. This type of key generation in

crypto-biometric systems is illustrated in Fig.1.3. As the key is generated from biometric

features which is inherent to an individual, it is impractical to guess out the original key

or generate the key from impostor’s biometrics.

Feature ExtractionHash/ Key

generation EncryptionBiometric

Feature ExtractionHash/ Key

generationDecryptionQuery biometric

Plaintext

Ciphertext

Plaintext

Features

Features

Figure 1.3: Key generation from biometric features

3

Chapter 2

Key Generation with Fingerprint

Template

In this chapter, we describe an approach to generate cryptographic key from fingerprints

of both communicating parties [5, 6]. To associate fingerprints of two users, fingerprint

data need to be transmitted to each other. In this approach, user’s biometric is integrated

with cryptography for enhancement of network security. Objective of this approach is to

generate a revocable key from irrevocable fingerprints for symmetric cryptography.

2.1 System Description

In this section, we discuss the approach in details. An overview of an approach is shown

in Fig. 2.1. In this approach, both sender and receiver extract minutiae points from their

own fingerprints. The minutiae data is exchanged between them using steganography.

The stego key is used by both parties for secure steganographic use. Both fingerprint

feature sets are combined, shuffled using shuffle key and finally the cryptographic key is

generated from it following a hash function. The above mentioned steps in this approach

are stated precisely in the following.

2.1.1 Feature Extraction from Fingerprint Image

This approach follow the NIST’s NBIS algorithm to extract the features (ridge end and

bifurcation) from a fingerprint image. The features are stored as (x, y, θ) form, where

(x,y) denotes coordinate value and θ is the orientation of a minutiae point. For example,

a sample of two fingerprint images and extracted minutiae points are shown in Fig. 2.2.

This approach considered only (x,y) coordinate value as the minutiae points in this work.

It extract minutiae based features from the fingerprint images of both sender and receiver.

4

Chapter 2. Key Generation with Fingerprint Template

Sender (S) Receiver (R)

Cover Image (IS) Cover Image (IR)Features Extraction (FS) Features Extraction (FR)

Steganographic Encoder

Merge both Feature Sets (FS, FR)

Steganographic Encoder

Steganographic Decoder Steganographic Decoder

Merge both Feature Sets (FS, FR)

Hash Hash

Steg

o K

ey (K

g )

Steg

o K

ey (K

g )

Shuffle Key (KS)

Cryptographic KeyCryptographic Key

FR

FS

FS

FR

Cryptographic Key is used for

secure communication

Figure 2.1: An overview of crypto-biometric system

(a) Sender’s Fingerprint (b) Receiver’s Fingerprint

M. No

X Y θ

1 12 33 270

2 13 76 247

: : : :

57 264 83 259

M. No

X Y θ

1 22 166 247

2 22 121 259

: : : :

38 311 90 270

(c) Minutiae points extracted from (a)

(d) Minutiae points extracted from (b)

Figure 2.2: (a) Sender’s Fingerprint, (b) Receiver’s fingerprint, (c) Minutiae points ex-tracted from (a) and (d) Minutiae points extracted from (b)

2.1.2 Steganographic Encoding

The minutiae data need to be sent to other site via a nonsecure channel. Both sender and

receiver use steganography based data hiding technology to hide their minutiae data into

a cover image (I) (of size M pixels, say). The minutiae points are converted into binary

stream is to be hidden into cover image using LSB steganography [14]. The stego key is

used to select the pixel locations of cover image where the minutiae data bits are to be

embedded. The stego image (Istego) is sent to the recipient from sender and vice-versa.

2.1.3 Steganographic Decoding

The stego image (Istego) is received. Hidden minutiae data are extracted from the stego

image using the decoding function and same stego key (Kg) which was used in encoding.

The stego key is used to locate the pixels where data embedding was done. Now, the

5


extracted binary stream is used to reconstruct the minutiae data sets.

• Select the pixels where embedding was done according to the stego key (Kg)

• Extract the hidden bits from the selected pixels (Istego(ki))

m′i = LSB(Istego(ki)); i = 1 to N (2.1)

where m′i is the ith bit of recovered message (i.e. minutiae data set), extracted from

kith pixel of stego image (Istego).

• All m′i are assembled to reconstruct minutiae data set.

2.1.4 Merging Minutiae Data Sets

The fingerprint minutiae points of sender (FS) and receiver (FR) are fused using feature

level fusion of minutiae points. Feature level fusion is achieved with concatenation of

two feature sets FS and FR to generate a combined feature set F . For this purpose, all

x coordinate values of FS are stored in a vector X and then all x-coordinate values of

FR are augmented to the vector X. Similarly the y-coordinate values of FS and FR are

combined and stored in another vector Y. These two vectors (X, Y) generate a new x,y

coordinates of F . The size of F is the total size of FS and FR. In the combined feature

set, redundancy of minutiae points may exist. The redundancy, if exists, is removed and

only unique minutiae points are selected from F. As an example, sample feature level

fusion of two feature sets. The elements of vectors X and Y are shuffled separately using

the shuffle key (KS).In this shuffling method, the vector elements where corresponding

key bits are 1 are sorted starting at the beginning, and the remaining elements where the

key bits are 0 are placed starting from the end. In this way, all elements of vector X and Y

are shuffled and the shuffled X,Y vectors result a modified F. Each corresponding element

of shuffled vectors (XS and Y S) is merged using XOR operation. For this purpose, xi and

yi (xi ∈ XS and yi ∈ Y S) are converted into binary numbers and bitwise XOR operation

is followed for all elements of XS and Y S. The results of bitwise XOR operation are

converted into decimal number and are stored in a vector Fcomb.

Fcombi = bitwiseXOR(xi, yi) (2.2)

The Fcomb is converted into binary stream and is stored in a new vector Fcode.

2.1.5 Shuffle Key Update

For better security measure, this approach propose to change the cryptographic key in

each session. In other words, if there is chance to compromise cryptographic key, then it

is desirable that the key must be canceled and a new key be used for the next session.

6


Further, it may note that if key is compromised, then fingerprint which is used to generate

the key is unused for ever. To tackle with this, this protocol should be to generate

revocable key from irrevocable fingerprint. To realize this, it update the shuffle key from

one session to another. Session wise shuffle key update procedure is shown in Fig.2.3.

Initiation to update shuffle key can be taken by sender or receiver. In every session, an


Stego Key (Kg), Shuffle Key

(KS)

Compute Fcode from FR, FS

Compute new shuffle key (KSS)

i.e. KSS = KS ⊕ Fcode

Compute hash of KSS i.e. h(KSS)

On success report

Replace KS by KSS

Otherwise KS is not updated

Stego Key (Kg), Shuffle Key

(KS)

Compute Fcode from FS, FR

Compute new shuffle key (KSR)

i.e. KSR = KS ⊕ Fcode

Compute hash of KSR i.e. h(KSR)

If h(KSR) = h(KSS)

Replace KS by KSR

Otherwise KS is not updated

Share Minutiae Data (FS, FR)

Send update request, h(KSS)

success / failure report

On successful shuffle key update, new shuffle keys are KSS and KSR where KSS = KSR

Figure 2.3: Shuffle key update

unique shuffle key is used to generate an unique session key from the fingerprint. After

the session is over, old shuffle key is destroyed and modified one is stored for next session

of communication. In this way, this approach can provide the diversity of cryptographic

key of fingerprint based symmetric cryptography.

2.2 Security Analysis

In this section, security efficacy of the approach is analyzed under different conditions.

In this system, both communicating parties exchange their fingerprint data and mutually

agree on two secrets like stego key and shuffle key.

Privacy of Fingerprints

This appraoch use least significant bit (LSB) based steganography to exchange finger-

prints data between sender and receiver. In this approach, stego key (Kg) is used to hide

7


fingerprint data in cover image. For each communication, a unique synthetic fingerprint

image (I) is used as cover image. An eavesdropper does not suspect the existence of

the genuine fingerprint data (i.e., minutiae points) due to high imperceptible stego image

(Istego). The cover image is not required to decode the hidden data from stego image.

An adversary with sufficient knowledge of decoding methods, is not able to extract the

correct fingerprint data from the stego images ISstego and IRstego of sender and receiver,

respectively, without possessing the Kg.

Both minutiae points sets of sender’s and receiver’s fingerprints are merged together

and x,y coordinates values are shuffled separately using a shuffle key to generate Fcomb. It

assures that Fcomb does not reveal the original coordinate values of minutiae points. Then,

it follows a bitwise XOR operation between (x, y) coordinates to lock x-coordinate values

with y-coordinate values. An attacker is not able to get the genuine Fcomb without the

knowledge of either x-coordinate or y-coordinate values. Finally, a hash function is used

to generate cryptographic key. Therefore, the cryptographic key is non-invertible, which

confirms that the cryptographic key does not leak any information about the fingerprints

of users.

Security of Cryptographic Key

In this approach, the cryptographic key is generated from the combination of two finger-

prints of sender and receiver. The key is not shared by them but generated at their end

separately. There is no need to store the key for the use in decryption. So the key is

secured from any attack. An attacker needs to compromise either (Kg, ISstego, I

Rstego, KS)

or (FS, FR, KS) to generate the genuine cryptographic key (K). Otherwise, the following

conditions arise for different attacks.

a. Known stego key attack: It means that the stego key Kg is compromised by

eavesdropper who eavesdrops both stego images. Next, as the shuffle key KS is unknown,

he has to guess the KS which is of 200 bits. Indeed, without KS, it is almost impossible

to compute the original cryptographic key even if both fingerprints data are known.

b. Known shuffle key attack: It happens when the token is stolen or lost and the

attacker gets access to the shuffle key (KS) but he has no knowledge about the fingerprints

data of genuine sender and receiver. In this case, the attacker has to guess minutiae points

for two fingerprints. Otherwise, he has to compute the key using imposter’s fingerprints

which may be available to him. As the fingerprint is unique for a person, there is a rare

chance to get the same fingerprint from imposter’s fingerprint database. The shuffle key

is updated in every session, which guarantees that, it is impractical to compute the KS

of previous session or the same of future session.

c. Known fingerprint attack: In this condition, we consider that the genuine

user (sender) who once communicated with another user (receiver) can make a threat to

the security of cryptographic key generated using other (i.e., receiver) fingerprint. We

consider that in different sessions, suppose a sender S is communicated with receiver R1,

8


R2, ..., RN ∈ R. Then S has complete knowledge about fingerprints of R1, R2, ..., RN .

Now, S can try to compromise the communication session established between Ri and Rj

(where i 6= j; i,j = 1, 2, ..., N and Ri, Rj ∈ R). In this approach, the shuffle key (KS)

is unique for a session established by a pair of sender and receiver. Therefore, S has to

break the KS to compromise the cryptographic key generated from the fingerprints of Ri

and Rj.

Another possibility to attack the cryptographic key in this perspective is that Ri has

the knowledge of fingerprint of S. And when S establish a session of communication with

S′

(where S′/∈ R), Ri try to break the cryptographic key with one known fingerprint

(FS) and one unknown fingerprint (FS′ ). Then the attacker has to break the KS and

fingerprint of S′.

d. Known key attack: In this case, we consider that the shuffle key KS and or cryp-

tographic key are compromised by the attacker. This approach assures that compromise

of one key (KS or K) does not affect the previous or future session. In this approach,

both KS and K are updated session wise. Initially, KS is randomly generated and time

to time it is updated with the help of Fcode. Cryptographic key (K) is revocable and is

used as a session key for symmetric cryptography. When the session is over, the current

session key is destroyed.

e. Resists replay attack: This approach can prevent replay attack using session

key. In every session of communication, a unique session key is used to establish a

secure communication between sender and receiver and the session key is destroyed after

the session. This approach is able to generate different cryptographic keys from two

fingerprint biometric traits. If an eavesdropper wants to make replay attack using a

message previously transmitted by legal users, then it will make no sense to the legal

user as the cryptographic key is changed. Even when stego image is used for replay

attack, eavesdropper is not able to decode the stego image without the stego key.

f. Resists man-in-middle attack: In this approach, fingerprints of communicating

parties are transmitted over nonsecure communication channel using data hiding scheme.

If the man-in-middle eavesdrops the stego image and is able to decode the original fin-

gerprint data by any means, then the man-in-middle requires the perfect knowledge of

secret shuffle key (KS). Otherwise, he is not able to generate the genuine key (K) and as

a result, is not able to decrypt the cipher text sent by genuine sender. In this way, this

approach resists man-in-middle attack.

The this approach can be enhanced with other biometric traits such as face and iris.

Further, more robustness can be achieved using multiple biometric traits into account.

9

Chapter 3

Key Generation with Cancelable

Fingerprint Template

In this chapter, we describe second approach of cryptographic key generation. Cancelable

templates [8, 9] of both communicating parties are used to generate cryptographic key.

Main features of this approach are as follows.

• Secure transmission of fingerprint data: Fingerprint template after transforma-

tion into cancelable template, is transmitted to other communicating party using

steganography.

• Revocability of fingerprint template: If the fingerprint templates are compromised

then it can be canceled and new fingerprint template can be issued easily.

• Cryptographic key revocability: As the key is generated from two cancelable fin-

gerprint templates, key can be updated easily by updating cancelable templates.

• Secure key management: In this protocol, cryptographic key is not transmitted to

the recipient and is not stored anywhere, hence key management is secured.

In this approach, both communicating parties are required to store their own shuffle

key for cancelable template generation. If the shuffle key is changed then the cancelable

template is also changed. Other than shuffle key which is user specific, both users need to

remember the stego key which is used to secure the steganography. Here, it use a common

password as seed to generate the stego key using pseudo random number generator.


Initially, both sender and receiver generate cancelable templates from their own finger-

print. These two cancelable templates are used to generate cryptographic key for sym-

metric cryptography. An overview of the approach is shown in Fig. 3.1. In the following,

different tasks in this approach are discussed.

10

Chapter 3. Key Generation with Cancelable Fingerprint Template

Feature Extraction Feature Extraction

Cancelable Transformation Cancelable Transformation

Ste

go

key

Ste

go

key

Sh

uff

lin

g k

ey

Sk

s

Sh

uff

lin

g k

ey

Sk

r

Steg. Encode

Steg. Decode

Steg. Encode

Steg. Decode

Master Template Generator Master Template Generator

Key Generator Key Generator

Cryptographic Key Cryptographic Key

Cover image Cover image

Sender Receiver

Figure 3.1: Key generation by sender and receiver

3.1.1 Cancelable Template Generation

Minutiae points are extracted from fingerprint image following the procedure as stated in

Section 3.1.1 of Chapter 3. The x, y-coordinate values are stored in two vectors (X, Y ).

Vector X contains x- coordinate values and vector Y contains y-coordinate values of

minutiae points.

Cancelable Transformation

The original minutiae points are not used directly in a secured biometric system. Once

the biometric data is compromised, the biometric will be useless forever. Biometric

data is not cancelable inherently. Therefore, it is required to transform the irrevocable

biometric [10–12] data into revocable before use in the cryptography. This approach

used a shuffle based transformation. For the transformation, both sender and receiver

randomly generate their shuffle keys which are used to randomize the values of (Xs, Y s)

and (Xr, Y r) vectors respectively.

• Sks = shuffle key of sender

• Skr = shuffle key of receiver

Shuffling of the elements of X and Y vectors individually The elements of the

vector Xs are shuffled with the methods given below. In this shuffling method, the vector

elements where corresponding key bits are 1 are sorted starting at the beginning, and

the remaining elements where the key bits are 0 are placed starting from the end. The

shuffling method is explained in details in Chapter 3. This process is also applied to

shuffle the vector Y s, Xr and Y r. Now these shuffled vectors of (Xs, Y s, Xr, Y r) are

11


represented by (Xssh, Y s

sh, Xrsh, Y r

sh) respectively. The original positions of minutiae points

of fingerprint are randomized in this way shuffling. An adversary is not able to locate

the original position of minutiae points from the shuffled vectors. Merging shuffled

vectors Each element of vector Xssh and vector Y s

sh is merged using the bitwise XOR

operation. The result is stored in Dxy vector. Here bitwise XOR operation locks the

elements of (Xssh and (Y s

sh with each other. The resultant of XOR operation does not

leak any information about the inputs. Now, the redundancy, if exist, are removed from

the Dxy vector and the unique data are stored in a vector CTS. This is the cancelable

template of sender’s fingerprint. Similarly, shuffle vectors Xrsh and Y r

sh are also merged by

the receiver and the unique data are stored in a vector (CTR). The CTR is the camcelable

template of receiver’s fingerprint.

3.1.2 Sharing Cancelable Templates

The cancelable templates need to be sent to other site via a nonsecure channel. Both

users send their cancelable template to each other using data hiding technique.

A. Steganographic Encoding

Both sender and receiver use steganography based data hiding technology to hide their

cancelable template in a cover (i.e. host) image (Icover). The updated cover image where

data is hidden, is called stego image (Istego). A secret key (Kg) is used to select the pixels

in the data embedding technique. The secret key is shared with the recipient before

sending the stego image.

Sender selects a synthetic fingerprint image as the host image (IScover). The cancelable

template (CTS) is converted into binary stream and embedded into the selected pixels of

host image using LSB based steganographic encoder. The resulting image is the stego

image which is sent to receiver. Similarly, receiver also selects another synthetic finger-

print as his cover image (IRcover) (here IScover 6= IRcover)and hides his cancelable template

(CTR) in that cover image using the same secret key (Kg) and sends the stego image to

the sender.

B. Steganographic Decoding

Hidden cancelable template data are extracted from stego image (Istego) using the decod-

ing function and the same secret key (Kg). The secret key is used to locate the pixels

where cancelable template data were embedded. This way, sender and receiver both ex-

tract the cancelable templates of other user. Now, the extracted binary stream is decoded

to reconstruct the CTS and CTR by receiver and sender, respectively.

12


3.1.3 Key Generation

Key generation process consists of two steps, namely, master template generation and

cryptographic key generation. Both steps are discussed in the following.

A. Master Template Generation from Cancelable Templates

The goal is to generate a cryptographic key of length Nk bits from the fingerprints of

sender and receiver. Now the key is generated with the equal contribution of CTS and

CTR. For the reason, each vector is normalized and resized to Nk

2elements.

If the cancelable template (CTS) has more elements than Nk

2then only first Nk

2ele-

ments are considered in the new cancelable template(C ′TS). But if the size of cancelable

template(CTS) is less than the Nk/2. In this case, pseudo random numbers are added to

CTS. Arithmetic mean (u) of the elements of CTS is used as the seed value and numbers

are generated within the range of minimum (umin) and maximum (umax) elements of the

cancelable templates (CTS) using the following equation.

ur = umin + {rand()%(umax − umin)}; |CTS| < r ≤ Nk

2(3.1)

These pseudo random numbers can be generated by both sender and receiver using the

equation with the same seed value. These numbers are appended to the CTS to generate

C ′TS.

C ′TS = CTS‖ur‖ur+1‖...‖uNk2

(3.2)

Similarly, C ′TR is also generated by normalizing CTR. These two modified cancelable

templates (i.e. C ′TS and C ′TR) are concatenated and stored in a vector MT . This (MT )

vector is the master template , generated from the data of both fingerprints. Both sender

and receiver generate master template following the same method at their ends.

B. Key Generation from Master Template

In this step, cryptographic key is generated from the master template (MT ). Each element

of the master template generates one bit of the cryptographic key. The ith element

generates ith bit of the key. In this way, symmetric cryptographic key (K) of 256 bits is

generated from the vector MT using the following equation.

Ki = MTimod 2; i = 1 to Nk (3.3)

This way, sender and receiver, both can derive the same cryptographic key for the use of

symmetric cryptography. This key establishes a session of secure communication between

the sender and receiver. To update the cryptographic key, shuffle key of the users can be

updated and a new key can be generated from the same fingerprints.

13



This approach addresses four security issues: (i) Secure sharing of biometric templates (ii)

privacy of biometric identity (iii) security of cryptographic key and (iv) key revocability.

Secure Sharing of Biometric Templates

Cryptographic key is generated from two fingerprints of two different persons. The fin-

gerprint data of each user is shared with other user using least significant bit (LSB) based

steganography. Extraction of hidden fingerprint data from stego image (Istego) is not pos-

sible without the stego key (Kg). An interceptor can do nothing with the stego image if

the stego key is unknown to him. An user can send his cancelable template (Ci+1TS ) which

is different from previously sent cancelable template (CiTS) using a different cover image

(i.e. Ioldcover 6= Inewcover). The cover image is not required to extract the hidden message from

stego image. This can resist known cover image attacks or known stego image attacks.

In this approach, no original biometric is used as cover image but synthetic fingerprint is

used as cover image. In this way, the fingerprint data is shared securely and it is secured

from man-in-middle attack.

Privacy of Biometric Identity

In this approach, both sender and receiver do not share their original fingerprint images

or raw fingerprint templates (MPS and MPR). They share the non-invertible cancelable

templates (CTS and CTR) of their fingerprints. The cancelable transformation (say, Fc)

used in this approach, is a one way transformation and there is no inverse transformation

(F−1c ). This affirms that generation of original template of receiver or sender from shared

cancelable template is not feasible by sender or receiver. Moreover, the cryptographic

key is non-invertible and tracing any candidate fingerprint from the key is not feasible.

In this way the approach is free from fingerprint identity threat.

Security of Cryptographic Key

In this approach, the cryptographic key is generated from the combination of two fin-

gerprints of sender and receiver. The key is not shared by them but generated at their

end separately. There is no need to store the key for the use in cryptography. As the

cryptographic key is directly derived from two fingerprints, an attacker, without these

fingerprint data, is not able to break this cryptographic key. The key is of 256 bits and is

required 2256 searches for brute force attack. For the irreversible nature of the generated

key, generation of the cancelable templates (CTS and CTR) are also impossible. In this

approach, if the key or cancelable templates are compromised anyway, new cancelable

templates as well as the new key can be generated easily by modifying the shuffle key

only. Every time, the cancelable template is generated using a random shuffle key which

14


is independent to previous or future shuffle key. The cryptographic key satisfies forward

secrecy and backward secrecy. In other words, if any cryptographic key is known to an

adversary, he is not able to know the keys of previous sessions or future sessions from the

compromised key.

Key Revocability

Revocability of the cryptographic key is a prime requirement for symmetric cryptography.

Cryptographic key may be compromised and new key is required to reissue. Key revo-

cability is also essential for session based symmetric cryptography. In this approach, key

revocability is provided by cancelable template. The shuffle key is changed and is used

to generate a new cancelable template. Every new cancelable template generates a new

cryptographic key. In this way, this approach is able to generate revocable cryptographic

key as well as session key.

15

Chapter 4

Key Generation with Receiver’s

Enrollement

In session-based communication, session key is shared with other communicating party

before starting a secured session of communication between sender and receiver. In this

type of communication, initially, session key is generated randomly and transmitted to

other user using public key cryptography. Then, the shared key is used in symmetric

cryptography for message transmission between sender and receiver. In this protocol,

a major issue is authentication of the communicating parties. The authentication of

the sender and receiver is verified by a trusted third party certification. Hence, the

authenticity depends on the reliability of a third party.

In biometric-based symmetric cryptography, where biometric data of both users are

used to generate and share cryptographic key, an authenticity verification is also required

before sharing their biometric data with each other. In this situation, there are two

issues. Both fingerprint data, which are transmitted over (unsecured) channel, can be

intercepted by an attacker and attacker can generate the key using the algorithm.

To overcome this problem, a theoritical approach is used where biometric data of the

receiver is enrolled with sender. The stored biometric data can be used to authenticate

its owner (i.e. receiver) and as it is stored in senders’ side, it is not required to transmit

to other user (sender) for key generation. In this approach, biometric data of one user

is transmitted over unsecured channel to other user. Nevertheless, the stored cancelable

template is used to transmit the cancelable template of sender securely. This approach

removes the requirement of third party certification for authentication. At the time of

enrollment, we propose to store cancelable biometrics and thus preserving the privacy of

the biometric identity of the owner.

16

Chapter 4. Key Generation with Receiver’s Enrollement


This approach attempts to overcome some limitations in the first two approaches dis-

cussed in Chapter 3 and Chapter 4. In this approach it follow the same technique for

cancelable transformation of fingerprint templates as used in the approaches. This ap-

proach consists of three steps enrollment, session key generation and template update.

4.1.1 Enrollment

At the sender site, a database is maintained to store the biometric data of the receiver.

This approach is known as enrollment of receiver by the sender. This approach to enrolling

receiver is as follows. First, it assume that minutiae (ridge termination and bifurcation)

points are extracted from the fingerprint image of sender and receiver at their own site and

feature vactors of their biometric data are extracted. Second, both sender and receiver

generate cancelable template (CTS, CTR) from their feature vector using their user specific

shuffle key (Sks, Sks) as discussed in Section 4.1. Third, cancelable template of receiver

(CTR) is XORed with Cancelable template of sender (CTS) to lock the CTR and CTRlock

is stored in the database of sender.




Shuffle Key(Skr)

Shuffle Key(Sks)

XOR

CTS

CTR

CTRlockFeature

Extraction

Feature ExtractionEnrolled

data

Figure 4.1: Enrollment process

4.1.2 Session Key Generation and Sharing

After the enrollment process, session key is generated from the cancelable templates of

sender and receiver. At the time of key generation and authentication, test fingerprint

of sender is captured and minutiae points are extracted. Test cancelable template (C ′TS)

is generated using same transformation and shuffle key (SKs). The locked template (

CTRlock) is unlocked by XORing it with test cancelable template (( CTR = CTRlock

⊕C ′TS

)). Initially sender and receiver both have their own shuffle keys and locked cancelable

templates of receiver are stored at sender’s database. The key generation and sharing

method is shown in Fig. 4.2. When receiver wants to communicate securely with sender

following steps are carried out.

1. Receiver sends authentication request to sender.

17


2. Sender acknowledge the receiver’s request.

3. Receiver generates a test cancelable template (C ′TR) with his own shuffle key SKrfrom

a fresh fingerprint and sends the hash value (h(C ′TR)) to sender.

4. Sender also generates a test cancelable template (C ′TS) from his fingerprint with his

shuffle key (SKs).

5. Sender unlock the locked cancelable template (CTRlock) stored in the database and

generates the hash value h(CTR).

6. Sender compare the received hash value (h(C ′TR)) with the generated hash value

(h(CTR)). If both are same then the receiver is authentic and cryptographic key is

generated from the cancelable templates of sender and receiver. Cryptographic Key

Ksr = GenKey(CTR,CTS) GenKey is already described in the previous chapter.

7. Sender lock his own cancelable template (CTS) with the stored cancelable template

of receiver (CTR). CTSlock= CTS ⊕ CTR.

8. Sender sends the CTSlockto the receiver.

9. Receiver unlocks CTSlockby XORing his own C ′TR and generate the cryptographic

key. Cryptographic Key Ksr= GenKey(C ′TR,CTS).GenKey is an algorithm for key

generation from cancelable templates discussed in previous chapter. Now sender

and receiver both have the same key (Ksr).

10. The generated key (Ksr) can be treated as session key and using this key commu-

nication can be started securely.

In the above mentioned steps, it use a XOR based hash function to compute the hash

value of the cancelable template using the following method. The cancelable template

(CTR) is represented as bit stream and the size of CTR is divided by the size of expected

hash value (|h(CTR)|). If there exists any reminder of the division then required number

of zero is added with the remainder. Then, first block is XORed with second block and

the resultant is XORed with the third block and so on. Finally, all blocks except first

two blocks, are XORed with the previous result and hash value is computed.

In this approach, authentication of sender and receiver is verified in following way.

The cancelable template of receiver is stored at the database of sender and it is locked

by the cancelable template of sender. Hence, only genuine sender is able to unlock

the cancelable template of receiver using his own fingerprint data. Secondly, the hash

of cancelable template of receiver which is enrolled, is matched with the hash value

sent by requestor and these are matched only when genuine receiver requests using his

own fingerprint data. In this way, both users are authenticated themselves with their

cancelable templates before starting of secure communication.

18


Shuffle key Sks,

Locked CTR (CTR_lock)Shuffle key Skr

Secured communication established

Generate C’TR from fresh

fingerprint of Receiver using Skr

Generate CTS from fresh

fingerprint of Sender using Sks

Unlock CTR as

CTR = CTR_lock ⊕ CTS

Unlock CTS as CTS = CTS_lock ⊕ CTR

Compute hash of C’TR, h(C’TR )

Compute hash of CTR

If h(CTR ) = h(C’TR ) then

Compute Cryptographic Key

KSR = GenKey (CTS, CTR)

Compute Cryptographic Key

KSR = GenKey (CTS, CTR)

Request Accepted

User Id, h(C’TR)

CTS_lock

Authentication Request


Figure 4.2: Session key generation and sharing

After the establishment of the secure communication between sender and receiver,

both can transfer data through this channel securely using the symmetric cryptography.

As the key (Ksr) is a session key, it is valid only for that session and after the session it is

destroyed. For any new session, a unique key can be generated by modifying the shuffle

keys as well as cancelable templates.

4.1.3 Template Update

In this approach, template is required to update for two reasons. The cancelable template

of receiver is stored in the database and this template is required to update time to time

for its’ security. The cryptographic key is also required to update for better security of the

crypto-biometric system. As the key is generated from cancelable template, modification

of the key depends on the modification of cancelable templates. In this approach, sender

updates his cancelable template locally with a new shuffle key. On the other hand, it is

difficult to update the cancelable template of receiver as the database of sender is also

required. In both cases, shuffle key of the specific user is required to generate an updated

cancelable template.

Update Cancelable Template of Sender

The cancelable template of sender is updated locally by sender. The steps are given

below.

1. Sender generates the same cancelable template (CTS) from fingerprint minutiae

using same shuffle key (SKs).

19


2. Sender unlocks the cancelable template of receiver (CTR) using sender’s own can-

celable template i.e., CTR = CTRlock⊕ CTS.

3. Sender generates a new shuffle key (S ′ks) randomly, that is, Sks 6= S ′ks.

4. Sender generates a new cancelable template (C ′TS) using the new shuffle key (S ′ks).

5. Sender locks the cancelable template (CTR) of receiver with his updated cancelable

template, i.e., CTRlock= CTR ⊕ C ′TS.

6. Sender replaces his old shuffle key (Sks) by new shuffle key (S ′ks).

Update Cancelable Template of Receiver

Cancelable template of receiver is stored at the database of sender. Hence, update of

receiver’s template requires update of sender’s database also. The steps followed in this

process are given below.

1. Receiver generates a new shuffle key (S ′kr) and generate a new cancelable template

(C ′TR).

2. Receiver computes the bitwise XOR value between CTR and C ′TR as follows Rxor =

CTR ⊕ C ′TR.

3. Receiver sends an update template request along with Rxor to sender.

4. Sender also generates CTS from his fingerprint and unlock CTR from CTRlock.

5. Sender extracts the new template (C ′TR) of receiver from Rxor and computes the

Hamming distance (dH) between C ′TR and CTR.

6. If the Hamming distance satisfies the threshold value, then sender updates the

cancelable template of receiver and locks it with CTS and replaces the old CTRlock

with new one.

7. Sender sends update confirmation report along with dH to receiver.

8. Receiver computes the Hamming distance and compare it with dH . If it matches

then the shuffle key (Skr) of the receiver is replaced by new shuffle key (S ′kr).

In this approach, cancelable template is used to generate revocable key. Whenever, key

modification is required, at least one of the cancelable templates needs to be updated. To

update the cancelable template of any user, shuffle key modification is required. There-

fore, it is easy to update cryptographic key in our approach.

20



Security of the Crypto-Biometric system includes the security of the used biometric and

generated cryptographic key. If the system reveals any information about the used bio-

metric then the biometric identity can be disclosed to the third party. In this approach of

the fingerprint based cryptography, fingerprint of two user are shared and used to derive

the key.

4.2.1 Security of Fingerprint

In this approach, they have used one way transformation of fingerprint templates to gen-

erate cancelable templates. Original fingerprint generation or getting information about

the fingerprint from the cancelable template is impractible. If the cancelable template

becomes compromised, then the template can be canceled and a new template can be

issued.

In this approach, sender stores the cancelable template of receiver (CTR) along with

own shuffle key (Sks). The CTR is XORed with CTS and the encoded template CTRlockis

stored in the database of sender. Anyway, if the database is hacked by an attacker, the

cancelable template of receiver (CTR) will not be decoded without the genuine fingerprint

and shuffle key (Sks) of the sender. It is only possible by the genuine sender.

On the other hand, cancelable fingerprint template of sender (CTS) is transmitted

over unsecured channel by locking it with the cancelable template of receiver. Neither

the cancelable template of receiver is shared with other nor the cancelable template

of receiver is transmitted over unprotected channel. Therefore, the locked cancelable

template (CTSlock) of sender can be unlocked by the genuine receiver only.

Nevertheless, the cryptographic key is generated from two cancelable templates of

sender and receiver, combinedly and the cryptographic key non-invertible. Computing

the cancelable templates as well as fingerprint data from any compromised session key

is difficult. In this way, the security of both fingerprints used in this approach for key

generation is assured.

4.2.2 Security of Cryptographic Key

The cryptographic key generated in this approach is 256 bits long. It is not feasible to

guess or break the key within a certain period. The key can be generated by an attacker

if the attacker have both cancelable templates. The fingerprint data of sender(CTS) is

shared in encoded form (CTSlock) and genuine receiver’s fingerprint and shuffle key (SKr)

are required to decode it. The fingerprint data of receiver (CTR) is not shared through

insecure channel. Receiver only sends a hash value (h(CTR)) of his cancelable template.

The key is not stored and not sent to receiver. So the key management is secured in this

approach.

21

Chapter 5

Conclusion

Integration of biometric traits with traditional cryptography makes a stronger authenti-

cation component by binding the cryptographic key with user’s intrinsic distinctive traits.

Crypto-biometric systems are the solution to cryptographic key management problem.

But it has some challenges regarding the security and privacy of biometric traits call

to be accounted in crypto-biometric systems. Moreover, another major requirement of

cryptography is the key diversity which is difficult to address as the biometric traits

are irrevocable. In this report, we have discussed three approaches of fingerprint-based

cryptographic key generation. In every approach, system is able to generate revocable

key from fingerprint data of sender and receiver. Each approach has its advantage and

limitation comparing to other approaches.

22

Bibliography

[1] ”Advance Encryption Standard (AES)”, Federal Information Processing Standards

Publication 197 United States National Institute of Standards and Technology (NIST)

November 26, 2001.

[2] S. Dutta, A. Kar, B. N. Chatterji and N.C.Mahanti, ”Network Security Using Bio-

metric And Cryptography,” Lecture Notes in Computer, Springer, 2008. ISBN-978-3-

540-88457-6: 38-44.

[3] A. Jain, U. Uludag, ”Hiding Biometric Data,” IEEE Transactions on Pattern Analysis

and Machine Intelligence , vol.25 pp. 1494-1498, 2003.

[4] S. Kanade, D. Petrovska-Delacretaz, B. Dorizzi, ”Generating and Sharing Biometrics

Based Session Keys for Secure Cryptographic Applications,” Fourth IEEE Interna-

tional Conference on Biometrics: Theory Applications and Systems (BTAS), 2010 ,

pp.1-7, 27-29 Sept. 2010.

[5] Feng Hao, Ross Anderson, and John Daugman, ”Combining Crypto with Biometrics

Effectively,” IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, 2006.

[6] A. Ross and A. K. Jain, ”Information fusion in biometrics,” Pattern Recognition

letters, 24, pp.2115-2125, Sept. 2003.

[7] Uludag, S. Pankanti, S. Prabhakar, and A.K. Jain, ”Biometric Cryptosystems: Issues

and Challenges,” Proceedings of the IEEE, vol. 92, no. 6, pp. 948-960, June 2004.

[8] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, ”Generating Cancellable

Fingerprint Templates,” IEEE Transactions on Pattern Analysis and Machine Intel-

ligence, vol. 29, no. 4, pp. 561-572, April 2007.

[9] Sunil V. K. Gaddam and M. Lal, ”Efficient Cancellable Biometric Key Generation

Scheme for Cryptography,” International Journal of Network Security’ vol.11, no.2,

pp.57-65, sep.2010.

[10] N. Lalithamani and K. P. Soman, ”Towards Generating Irrevocable Key for Cryptog-

raphy from Cancelable Fingerprints,” The 2nd International Conference on Computer

Science and Information Technology, August 8 - 11, Beijing, China, 2009.

23

BIBLIOGRAPHY

[11] N. Lalithamani and K.P. Soman, ”Irrevocable Cryptographic Key Generation from

Cancelable Fingerprint Templates: An Enhanced and Effective Scheme,” European

Journal of Scientific Research, vol.31, no.3, pp.372-387, 2009.

[12] N. Lalithamani, K.P. Soman, ”An Effective Scheme for Generating Irrevocable

Cryptographic Key from Cancelable Fingerprint Templates,” International Journal of

Computer Science and Network Security, Vol.9, No.3, pp: 183- 193, 2009.

[13] A. Jain, U. Uludag, ”Hiding Fingerprint Minutiae in Images,” Proceedings of Third

Workshop on Automatic Identification Advanced Technologies (AutoID), vol. pp. 97-

102, 2002.

[14] V. Lokeswara Reddy, A. Subramanyam, and P. Chenna Reddy, ”Implementation

of LSB Steganography and its Evaluation for Various File Formats,” Int. J. Advanced

Networking and Applications, vol.02, Issue: 05, pp. 868-872, 2011.

24

Documents

Bio-Crypto Systemcse.iitkgp.ac.in/~dsamanta/resources/thesis/Devyani... · 2017-06-23 · Chapter 1 Introduction Cryptography [1,2] is widely used in information security and network