BIOMETRIC SECURITYUSING CRYPTOGRAPHY
Presented By: SAMPAT PATNAIK
Regd. No: 0601213054,8th Semester,Dept. of CSE
Contents : Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between UserID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Introduction to Cryptography :
Encryption DecryptionCiphertext
Plain Text Plain Text
Sender Reciever
Shared Key
Cryptography :
Cryptography is an important feature of computer security. It is dependent on
the secrecy of the secret or private key.
The user chooses an easily remembered pass code that is used to encrypt the
cryptographic key and this key is then stored in a database.
Security of the cryptographic key is weak due to practical problems of
remembering pass codes.
Since the pass code is not directly tied to a user, the system is unable to
differentiate between the legitimate user and the attacker.
“BIOS” life►
“METRON” measurement►
Study of automated methods for uniquely recognizing humans based upon
one or more intrinsic physical or behavioral traits for authentication
purposes.
Measurable characteristics of the individual based on their physiological
features / behavioral patterns that can be used to recognize or verify their
identity.
Introduction to Biometric Security :
“Everyone in the world is unique, and this
uniqueness
can be used for identity verification.”
Uniqueness : Distinction between individuals
Permanence : Resistance to ageing
Collectability : Ease to obtain a biometric for measurement.
Performance : Accuracy, speed, robustness of the biometric system.
Acceptability :Degree of approval of a technology.
Circumvention : Anomalies in the authentication system.
Principle & Standards Of Biometrics :
PHYSICAL ATTRIBUTES
•Fingerprints•Eye retinas & irises•Facial patterns •Hand measurement •Ear shape.
BEHAVIORAL ATTRIBUTES
• Signature
• Keystrokes
BEHAVIORAL& PHYSICAL ATTRIBUTES
• Voice
BIOMETRICS
Fingerprint Recognition (DERMATOGLYPHICS)
Fingerprints are unique to each individual and no two fingerprints are alike.
Fingerprint recognition is most widely accepted biometrics among the
technology being used today.
Converts the image of a fingerprint into a mathematical template of the print's
minutiae points.
Fingerprints contains pattern of ridges and valleys as well as minutia points.
Scanners : Optical scanners, Thermal scanners, Capacitances (solid state
scanner), Minutia based, Correlation based.
Fingerprint Recognition (CONTD.)
Voice Authentication:
Creates a voiceprint based on the
inflection points of your speech,
emphasizing the highs and lows specific
to your way of talking.
Iris Recognition :
An authenticam takes the pictures of
person’s iris. The image is analyzed and a
512 byte code is generated. The code is then
compared with the iris imprints in the
database and used to determine the
individual’s authorisation level.
Discriminate between individuals with
identical DNA like monozygotic twins.
Other Methodologies:
Face Recognition A camera captures the image of the face. Features and discrete areas are analyzed.
Keystroke Dynamics The system analyses the characteristic rhythm of a person's typing.
Hand Geometry A picture of the hand is taken. Features like3D shape, length, width of fingers and shape of knuckles are recorded.
Signature verification
Users signature digital graphic tablet. The system analyses speed, stroke order, stroke count and pressure .
Methods to secure a key
using Biometrics: (Method - I)First one involves remote template matching and key storage. In this method
biometric image is captured and compared with a corresponding template. If
the user is verified, the key is released.
Drawback :
The main problem here is use of an insecure storage media
Hide the cryptographic key within the enrollment template itself via a secret
bit-replacement algorithm. When the user is successfully authenticated, this
algorithm extracts the key bits from the appropriate locations and releases
the key.
Drawback:
The key will be retrieved from the same location in a
template each time a different user is authenticated
Methods to secure a key
using Biometrics: (Method - II)
Using data derived directly from a biometric image is another method. In
this manner biometric templates are used as a cryptographic key.
Drawback:
Sensitivities due to environmental and physiological factors,
and compromising of the cryptographic keys stand as a big obstacle
Methods to secure a key
using Biometrics: (Method - III)
A new and exciting technique is developed by Mytec Technologies
Inc. and named as Biometric Encryption™.
During the enrollment phase, the process combines the biometric
image with a digital key to create a secure block of data known as BioScrypt™
and then the key is retreived using the biometric during the verification phase.
Methods to secure a key
using Biometrics: (Method - IV)
Biometric Encryption:
It provides a mechanism for the linking and retrieval of a digital key using a
biometric. This biometric might be a 2D image such as fingerprint, palm
print, face, iris or retina.
The resulting digital key is then used as a cryptographic key.
Note: The key is completely independent of the biometric data so that the
use of the biometric is not forfeited if the key is ever compromised
and can be easily modified or updated.
User Based Cryptographic Keys:
Cryptographic systems require a secret key or a random number which must
be tied to an individual through an identifier. This identifier indeed could be a
globally unique user id or biometric data.
Pseudorandom numbers are generated by a PRNG (pseudo random number
generator). The resulting pseudorandom number can be used directly as a
key or adjusted with user-dependent data (userID or biometric data).
User Dependent Key Generation:
User dependent key generation is done in two ways:
First the key generation algorithm could be modified by using the user-
dependent data.
Second PRNG could be modified which is accomplished using a front-end or
back-end approach. In front-end manner, the definition of the key is extended
to include a user-specific data component. In back-end manner,
pseudorandom numbers are treated as intermediate values and processed
further.
Cryptographic Keys Generated From Voice :
Similar to image-type biometrics, human voice is a good biometric to
generate a cryptographic key.
For the goal of unpredictability, i.e. applying automatic speech recognition to
recognize the password spoken and then simply using the password, as a
cryptographic key is way. But it is not secure.
One solution is a user utters a password to his/her device and that
device would generate a key. Repeated utterance of the same password
by the same user would improve the security of the key after successful
matches with his/her previous recorded utterances.
Cryptographic Keys Generated From Voice : (Contd.)
Similarities Between UserID and Biometric-based Keys:
Both of them are different for each user.
Both of them are non-secret data. It is clear to see that userID data is non-secret.
Similarly biometric data is insecure in some sense because there is no practical
way to prevent the capture of user biometric data outside the biometric system.
Differences Between UserID and Biometric-based Keys:
Biometric data is obtained or derived from the user whereas userID is
assigned to a user.
Except the accidents biometric data can not be changed. But userID can easily
be changed.
Set of userIDs may be dense and it is easy to enumerate the set. Unlikely, set of
biometric data is not dense and this makes it infeasible to enumerate the
biometric data for each user.
Biometrics directly authenticates the person, not indirectly through a
password or token.
Biometrics features are difficult to steal; thereby making biometrics
authentication very strong.
The Biometrics feature is eminently portable, and is unlikely to be lost.
Another advantage of biometrics authentication systems is user cannot share
or forget his retina or fingerprint, while a password and username are easily
forgotten.
Advantages Of Biometric System :
Threats to Biometric System:
As with any IT security system, biometric-based security policy
must deal with the threats from the workers of the organization who can
damage any software or hardware component of the system. Attackers
may also change the statistical recognition parameters of the components
and decrease the recognition rates.
Organizational
Software
Physical
• Attacks on the biometric sensor/Acquisition device
Example: usage of artificial or disembodied dead features like a cut-off
finger in the fingerprint case.
• Communication channel attacks (man-in-the-middle attacks)
The first type is just eavesdropping. If the channel between the sensor
and the feature extraction unit or the one between the reference database and
the matching unit is attacked, the attacker will gain information about the
biometric data. In the second type, purposeful use or change is done to the
intercepted data for subsequent introduction back into the system
Threats to Biometric System: (Contd.)
• Iris Recognition
It is Relatively expensive; requires large amount of computer
storage; may not be generally accepted by public.
• Voice Verification
Works well over the telephone but requires large amount of
computer storage; people's voices can change; background noises can interfere.
Other Drawbacks of Biometric System:
PC access and internet security (Computer network security, Internet
transaction, Laptop security, Application level security)
Physical area security(military, government, banking, voting, prisons)
Employee record check
Mobile phones: network access & theft protection
Mobile financial transaction: Credit cards & ATM cards.
Applications:
Reliable user authentication is highly significant in this web enabled world.
Consequences of an insecure authentication system can be catastrophic and
may include loss of information, denial of service and loss of data integrity.
Biometric Encryption™ and Bioscrypt™ are high security means of protecting
the critical data of government, police departments, army and big firms.
The current generation of biometric identification devices offer cost and
performance advantages over manual security procedures.
All these methods have shown that, using biometrics for identification or
verification-based security systems and cryptosystems, is a promising
technology
Conclusion:
www.ieeexplore.ieee.org
www.cscjournals.org
www.en.wikipedia.org
C.Soutar, D.Roberge, A.Stoianov, R.Gilroy and B.V.K.V.Kumar,
“Biometric Encryption™ using image processing”
M. Peyravian, S. M. Matyas, A. Roginsky, N. Zunic, “Generating user-
based Cryptographic keys and random numbers”
References:
Thank You