A Cryptographic Key Binding Method Based on Fingerprint Features and the Threshold Scheme

A Cryptographic Key Binding Method Based on Fingerprint Features and

the Threshold Scheme

1

Lin You,

2

Guowei Zhang,

3

Fan Zhang

1,3

College of Communication Engineering, Hangzhou Dianzi Univ., Hangzhou 310018, China,

[email protected]

2

College of Mathematics and Statistics, Hainan Normal Univ. Haikou 571158, China

[email protected]

doi:10.4156/ijact.vol3.issue4.3

Abstract

The biometric cryptographic system can provide a secure integration of the biometric features and the traditional cryptology. The application of biometrics based key binding method or biometric keys can not only hide the information of the users’ biometric features, but can also securely realize secret key production, key recovery and authentication. This paper first proposes a general model for biometrics based key binding algorithm, and then presents a novel (cryptographic) key generation method based on fingerprint features and the Shamir threshold scheme. Our method can not only protect the legitimate user's secret key but can also effectively prevent his biometric features from being revealed. Our experimental results show that our fingerprint features based key binding method is efficient and the key success recovery rite may approach to 91 percent. But the key recovery is not so much successful as for our method to be applied for practical cryptographic system. Hence, more work has to do for our method’s optimization.

Keywords

: Fingerprint, Biometrics, Threshold Scheme, Key Binding

1. Introduction

In a cryptosystem, its security totally depends on the security of its secret key. Therefore, it is quite important to keep the key safe in some medium, or employ some algorithms to safely manage it for special information systems [1, 2]. Generally speaking, the user’s secret key is protected (or encrypted) by the user’s (logon) password [3, 4]. However, it is not an easy job to manage the user’s password, because the password (it is generally a short message) is vulnerable to some common attacks, such as the brute-force-search attack, the sniffer attack and so on. Fortunately, the user’s biometrics can be applied to prevent his key effectively away from these attacks [5].

Human biometrics is generally used to distinguish an individual's unique identity and behavior characteristics from others. Theoretically, anyone’s physical or behavioral characteristics (such as retina scans, iris scans, fingerprints, sounds, handwritten signatures) that satisfies the four requirements: universality, distinctiveness, permanenc and collectability, can be seen as a symbol of his identity [3, 6] and can be used to in authentication systems [7]. Furthermore, such biometrics can be employed to securely save user’s secret key in the corresponding cryptosystem without any leakage of its information. Applying human biometrics to safely keep the secret keys in cryptosystems has become an increasingly hot topic.

In cryptosystems, a simple way to keep a secret key safe by using biometrics is to separately store the user’s biometrics template and his secret key in a smart card, USB token or some other media. That is, during the enrollment stage, the user inputs his biometrics and selects his secret key, and the system stores the biometric template and the key separately. During the verification or the key recovery, a biometric sample is inputted and the key will be recovered or not if the sample is closed enough or not to the stored template. This way will run the risk of the stored biometric template being illegally disclosed and misused.

Another way to keep a secret key safe through the application of biometrics is to blend the key and the biometrics so completely that any attacker can not separate the biometric template from the stored message in some polynomial time. Keeping a secret key through this blending way can generally be called the biometrics based key binding method and it has become a hot research topic during these

years.

Because of the key’s uniqueness and the fingerprint’s inconsistency in different samplings, this research topic is also a challenging issue. Among all the human biometrics, fingerprint is the most widely used and studied biometric technique. In this paper, we develop a novel cryptographic key binding method based on fingerprint features and the Shamir threshold scheme [6]

.

The rest of this paper is organized as follows: In Section 2, we introduce a key binding sketch model and some previous work on key binding methods. A general model for biometrics based key binding scheme is described in Section 3. Section 4 describes the fingerprint feature extraction and representation. A novel key binding method based on the Shamir threshold scheme is presented in Section 5. The experimental results and analyses are expressed in Section 6. Finally, the conclusions are drawn in Section 7.

2. Some Previous Work on Biometrics Binding Cryptographic key generations

Generally, the generation of a cryptographic key from human biometrics goes into two kinds of ways in which the main difference lies whether the cryptographic key is directly produced from the biometrics[8, 9], or it is pre-selected and stored with the biometrics [10-16]. Monrose et al. [8] proposed a cryptographic key generation method based on human sounds. In their algorithm, a repeatable cryptographic key is directly generated from a user’s utterance of a password by the construction of voice feature descriptors when the user utters a password. The drawbacks existed in their algorithm are that the generated key is not long enough (only 46 bits) for security, a time-consuming encrypted table is needed, and the false negative rate is over 6%. In 2007, You etal. [9] proposed a digital signature system with signer’s private key is generated by the combination of the signer's fingerprint features, check bits, and a rememberable key. But this cryptographic key method was basically a theoretic model but not a practical algorithm, and a lot of experiments have to be done to check this method’s practical applicabilities and efficiency.

A lot of previous work has been done on the binding secret keys with human biometrics, but most of them are essentially theoretical. Juels and Sudan [10, 11] proposed the earliest key binding scheme which was called “fuzzy vault”. The sketch of the fuzzy vault can be described as: One user Alice locks her secret messagekinto a vault V using some setA. If Bob wants to knowk, he has to use his set Bto unlockV . Bob can unlock V and obtaink only if is Bclose enough toA . The fuzzy vault scheme is only a model but not a practical algorithm. Juels & Sudan proved the security of the fuzzy vault scheme in an information-theoretic sense. Although the authors specifically mentioned an application of their scheme to biometric keys, it is not clear how robust the algorithm is to typical variations in the biometric messages. Furthermore, the authors did not clearly describe in their scheme how unordered feature representations are handled and made aligned.

Based on the scheme of Juels and Sudan, Clancy et al. [13] proposed a fingerprint based fuzzy vault scheme, which was called the fingerprint vault scheme. In this fingerprint vault scheme, every extracted fingerprint minutiae are firstly converted to an elementmi_{in a finite field}



_{, secondly, the} selected (secret) keykis encoded to a polynomial f x( )[ ]X , thirdly, f x( )is evaluated in eachmi_, finally, all the points (mi, (f mi)) and some stochastic camouflage points ( ,c di i) _{are selected} withdi  f c( )i _{and these points are all stored together as a vault}V _.

Dodis etal. [14] proposed two kinds of primitive models based on biometrics: one is called a fuzzy extractor, and the other is called a secure sketch. Their fuzzy extractor can extract a nearly uniform randomness Rfrom its biometric inputted. They claimed that the extraction was so error-tolerant that R_{could be reproduced if the inputted biometric changes but remains reasonably close to the originally} inputted, and this R could be used as a cryptographic key. Their secure sketchis an algorithm model that can produce some public information from the inputted biometric w but does not reveal w, and w could be exactly recovered if another given value was close enough to it according to the public information. Dodis et al. claimed that this secure sketch could be used to reliably regenerate error-prone biometric inputs without running the risk of the original biometrics leakage. It seems that the two

biometrics based primitive models can be used to securely keep and reproduce a cryptographic key, but the authors did not gave any experiment result to show their efficiency and practical applications.

Teoh et al. [15]Pdescribed a FaceHashing approach to store and restore a pre-selected secret key,

which was a key binding algorithm based on face features and the Shamir secret sharing mechanism. But the authors did not simulate their algorithm to show how effectively it worked during the key retrieval stage.

According to the above discussion, the all previous work on biometrics based key binding schemes may not completely settle a challenging issue, that is, a cryptographic key must be unique while the extracted biometrics are some different due to the influence of some noise during the enrollment (i.e., the key binding stage) and the verification (or the key retrieval stage).

In this paper, we also try to deal with this issue and propose a novel fingerprint based binding key generation method.

3. A general model for biometrics based key binding scheme

A lot of biometrics based cryptographic key binding methods or algorithms have been proposed in the previous work. In general, almost each of them included four procedures: biometrics features extracting and converting, a (cryptographic) key selecting and coding, binding the converted biometric features and the key and then storing it, key restoring or regenerating.

In a biometrics key binding scheme, the sample data are based on the collection of the registered user's biological features. The transformed characteristic of the registered user is compact in the feature space, and the characteristic of a false identity is either dispersed or far away from the legitimate user's characteristic. So it is possible to distinguish the transformed characteristic of the registered user from the characteristic of the false identity. Then, a stable key production mechanism may generate a stable cryptographic key. Each transformed characteristic possibly contributes some key generation information. It not only helps to generate a stable key, but also expands the key space to resist the searching attack. The biological feature generation aims to find a transform which make each transformed feature to distinguish the registered user from the false identity.

A general model for biometrics based key binding scheme can be described as in Fig. 1 shown, it can be decomposed of two stages: one is called the enrollment or locking process, and the other is called the verification, key retrieval or unlocking process.

a) Locking Process

b) Unlocking Process

4. Fingerprint feature set generation

A fingerprint of human beings has two types of features: the entire features and the local features [3, 17]. Here we use fingerprint local features to bind a cryptographic key and propose a key keeping and retrieval method.Local features are the effective features in the fingerprint topological graph, which is the most fundamental data for the key binding algorithm. Even the general characteristics of the two fingerprints are the same，their local features are not exactly the same. NIST (National Institute of Standards and Testing) divided the fingerprint features into four categories: endpoints, bifurcation, complex points and undefined features. The two most important minutiae features are the endpoint and the bifurcation point, shown in Fig.2.

Figure 2. Ridge Ending and Ridge Bifurcation

Let Xbe a biometric information set of fingerprint minutiae points. Every extracted minutiae point can be converted to a fingerprint feature vector of some fixed dimensional Euclidean space. Let xc i,

stands for the i-th minutiae point of the c-th feature classification. Then, the extracted features of one fingerprint sample can be represented as

,

{ _{c i}1 , 1 }

X  x  i m  c C

with Cdenoting the classification number of the fingerprint features, m denoting the number of the extracted fingerprint minutiae.

During the encoding, we need to take into account the binary vector space with the purpose of better identification and operation.

Let

m

c_and



c_{denote the average value and standard deviation feature of some fingerprint sample,}

respectively, then , 1 1 c m c i i m m x  



, 2 , 1 ( 1) ( ) c m c i c i I m x m    



 . (1)

Let mg _andg _{denote the global fingerprint feature average value and standard deviation,} respectively, that is,

1 1 g C c c m C m  



, 2 , 1 1 ( 1) ( ) g C m c c i g c i I m x m     



 . (2) Then, the binary descriptors of fingerprint features can be defined as

0, if 1, if           _{  }  c c c g g g i c c c g g g m d m d B m d m d . (3)

Wheredc_anddg _{are adjusting parameters. We can control the quantities of 0 and 1 in} Bi _by adjusting the values ofdc_anddg_{. Let} P(0)_andP(1)_{be the probabilities of 0 or 1 in} Bi _{respectively.} For the security considertion, both the probabilities P(0)andP(1) should be closed to1 / 2 . Otherwise, the complexity of the exhaustive searching attack to the fingerprint feature descriptors Bi _{will be} greatly reduced.

5. A novel key binding method based on fingerprints and the threshold scheme

The biological feature key generation mainly involves the operations of biological feature descriptor Biand the traditional keykey. Our fingerprint based key binding method is based on the

( , )t n _{- threshold algorithm. Our approach has two main steps: (1) Firstly, dividing}Bi _andkey _into n

share coordinated shadows with the same length; (2) Secondly, generating the Bio key- . TheBio key- can be generated by any t share shadows, but it cannot be generated by less t share shadows. It should be noted that, this Bio key- is called a biometric cryptographic key or simply a biometric key, and it is just like the “Key Locking Set” described at Figure 1-b).

A ( , )t n -threshold scheme is a special secret sharing scheme which was proposed in 1979 by A. Shamir. Here we apply the Shamir secret sharing scheme to construct a biometric binding cryptographic key method or algorithm based on fingerprint features. Our presented algorithm mainly involves with the operations of a biometric feature descriptor Bi _{and a traditional cryptographic} keykey. To ensure that our presented system will produce a highly secured biometric binding cryptographic key generation scheme, we apply the ( , )t n -threshold algorithm on our algorithm. Our main idea is that by using Lagrange polynomial interpolation method, the system can divide both of Bi _and Key _into n _{equal shadows so that any} t(n) _{shadows can generate the biometric} cryptographic keyBio key- , while any less than tshadows can not generateBio key- .

Shamir's Threhold Scheme: Let t and n be positive integers withtn. A ( , )t n -threshold scheme is a secret sharing scheme in which n participants hold shares of a secret ksuch that any t or more participants can recover k with their shares but any less than tparticipants can not recover k with their shares.

We will apply a polynomial in a finite field to construct a modified threshold scheme, and then propose a fingerprint based cryptographic key binding method. First, select a prime number psuch that it is larger than the number of the possible shadows and the largest secret message. Then, a polynomial of degreet1is generated. For example, if we plan to construct a modified (3, )n-threshold scheme, then some polynomial of degree 2 in the finite field p

2

( ) mod

f x ax bx c p

has to be generated, wherepis a randomly chosen prime number larger than ,a bandc, and pis kept public. While the coefficients ,a bandcare secretly chosen with being closely related with the secret message and they would be discarded away when the shadow distribution is completed.

The shadows are obtained by computing the values of the polynomial f x( ) at different pointski  f x( )i _{. Since the 2-degree polynomial} f x( ) _{has three unknown coefficients ,}a b_and c_{, any} 3 or more shadows can set up a linear equation set to obtain the values of ,a band c.

In the following two sub-sections, we will modify this kind of threshold scheme to propose an efficient fingerprint based key binding method.

5.1. A key binding algorithm based on fingerprint

1) The user A registers his fingerprint on the server, and then the system produces A’s fingerprint feature information setX, divides Xinto n parts and then converts each into an integerxi_{, where} n is some properly pre-chosen integer.

2) The system randomly chooses a large primep, generates the user A’s secret key key and splits it into t(n) sub-keys

0 1 1

( , , , _t )

key key key  key _,

here each keyi  p_.

3)The systemgenerates the t-degreepolynomial in p[ ]x

1 2

1 2 1 0

( ) _t t _t t

f x key x  key x   key xkey _.

4) For eachi1, 2,,n, the system computes

( mod ) mod

i i

k  f x p p_.

And later, completely delete or throw away thekey, eachkeyi_and f x( )_.

5) The system selects an error-correct encoding function Encoder( )(such as the Hamming code), and compute

( )_{i i}

Encoder k Ck_, i1, 2,,n_.

6) The system establishesnfingerprint feature descriptors Bi according to the formulae (1) to (3)

fori1, 2,,n.

7) The system computes

_i Ck_iB_i

fori1, 2,,n, where indicates the bitwise XOR operation in the finite field (2 ) l

GF _{, l is a}

8) Store nparts of i_{or concatenate them together into the binary number}  1|| 2||||n _{as the} biometric cryptographic key Bio key- (that is, 1

n i i

Bio key-  _or 1|| 2||||n_{) and store it.}

The whole procedure of the algorithm does not directly store the user’s any fingerprint features or any part of his keykey. The legitimate user who can provide their own biometric information can obtain his key information or only the illegal users can get the key information when he can provide much high similarity of the fingerprint features to the registered fingerprint’s features, but such case can be effectively prevented by using some powerful fingerprint extraction scanner and the efficient algorithm. Hence, our algorithm can not only prevent the user’s biometric feature information from being exposed, but also can safely protect the user’s key.

5.2. A biometrics key recovery algorithm

To recover his secret keykey, the user A does the following steps.

1) The user A provides his biometric dataX, then, the system establishes the corresponding n fingerprint feature descriptors Bi_fori1, 2,,n_.

2) The system computes

i i i

Ck  B_.

3) By applying the decoding algorithm Decoder( )of the encoding functionEncoder( ), decode Cki and get ki' _{for every}i1, 2,,n_{. (For} example_{, if the applied} Encoder( )_{is the Hamming code and}

|B_i B_i|_{Hholds for some given system tolerance parameter}_{H of the biometric information, then} the obtained ki' _{will be equal to}ki_).

4) The system converts Xinto m integersxi'_withmt_{. And for every}i1, 2,,m_{, it computes} the values

( _i' mod ) mod

f x p p_.

5) The system tries to find at least t pairs (xi',ki')_{which satisfying} ' ( ' mod ) mod

i i

k  f x p p_.

6) The system applies the Lagrange interpolating polynomial formula to get a t-degree polynomial '( )

f x

inp[ ]x _{, and then concatenate the coefficients of}f x'( )_{to get a possible key}key'_.

If the biometric data Xis the same, or almost the same as the legitimate user’s biometric dataX, then the system will get at least t pair shadows (xi',ki')(xij,kij) _{for some}ij: 1 ij n_{. And then}

the system can correctly recover the right secret keykeyfor the legitimate user A by applying the Lagrange interpolating polynomial. But for an illegal user A, since it is impossible for him to get the right biometric information or almost the right biometric information, hence, the system can recover the key key(that is, key'key) for A with a negligible probability.

Our biometrics based key binding method is a two-reciprocal algorithm. The system can carry on the enciphering operation or the binding of the user’s biometric data, his secret key and the deciphering operation effectively when the difference exists between the user’s two inputted fingerprint features

during theBio key- ’s generation and the recovery operation within the system's tolerance scope. Our method can not only keep the legitimate user’s key secure but also can not disclose his any biological feature information.

6. Experiments and results analyses

In our experiment, we use FVC2000 standard fingerprint database, (7, 4)Hamming code and

(7, 25)-_{threshold algorithm to implement our algorithm in Visual C++. We analyze and compare the}

results when dc_or dg_{are assigned.}

Our experiment has three main steps: Firstly, an identified fingerprint image is selected as the user’s inputted fingerprint image, and the collected fingerprint image is pre-processed so that the fingerprint features are extracted by the system. Fig. 3 shows the experiment system and one result of the binary code descriptors of the fingerprint features; Secondly, the user inputs his ID for the registration, and his secret is selected and a 5-degree polynomial is produced in Fig.3; Finally, the system generates the user’s biometric cryptographic key Bio key- based on our fingerprint based key binding algorithm and calculates the length of the biometric cryptographic key. Fig. 4 shows the experiment system and one result of the biometric cryptographic key generation.

Figure 3. Generations of Binary Code Descriptor the Randomly Chosen Key and a 5-degree Polynomial

Figure 4. Biometric Binding Cryptographic Key Generation

Based on the relationship between dc _anddg_{, we selected} dg 0_and dc  { 0.5, 0, 0.5} _{to recover} the user’s key with his valid fingerprint samples in the experiments. The legitimate user can re-get his secret keys after the completion of the decoding algorithm. Our key recovery experiment has also three main steps: 1) Firstly, the system produces the possible user’s fingerprint data X'and splits it into at least

t

fingerprint data partsXi'_{, and computes the user’s descriptor} Bi'_{; 2) Secondly, the system uses} the stored Bio key- to get ki'_{; 3) Finally, the system generates the user’s possible key} key' _by computing the corresponding Lagrange interpolating polynomial. The key' may equal or not equal to

key _{based on the difference tolerance parameter} _{H between} B_i' _andB_{i. We have applied a number}

of fingerprint training samples to test the key recovery algorithm.

The results of the key recovery experiments are shown in Fig.7 fordc_{’s three different values. The} key recovery algorithm achieves the best results whendc0.5_{. It can successfully recover 91 keys} within 100 samples that close enough to the ideal sample value. The success rate is 91%. So the best performance may be achieved by a proper selection of the appropriate parameters and the key recovery rates may achieve the desired design goals.

In addition, a failure result of the key recovery experiment is obtained atdc0.5 _{and is shown as in} Fig. 6.

Figure 6. Failure Key Recovery

Figure 7. Key Recovery Results for dc =0, ±0.5

7. Conclusion

In this paper, we propose a novel key binding method based on the ( , )t n -threshold algorithm and fingerprint features. This method can not only prevent the attacks to the legitimate user’s fingerprint features, but also at the same time, it can indirectly and safely store the user’s secret key on the server or other storage media. The security of the user's saved key or other secret information is completely ensured by the user's fingerprint features. As our experiments show, there are some key relationships between the ( , )t n -threshold algorithm and the recognition rate.

In recent years, a number of more accurate and reliable devices and algorithms have been developed for fingerprint recognitions and feature extractions, which can be applied to our algorithm for the accuracy of the biometric information parameters X andBi _{, and so for the improvement of the} legitimate user’s cryptographic key recovery to a more high success rite.

Our work is an extended version of the paper appeared in the proceeding of ICCIT’2011. In our future work, we will employ the fingerprint local structures, the voronoi neighbor based structure [18] or the triangle based structure [19] that is topologically invariant, to optimize the fingerprint feature set construction algorithm, and so to improve our experimental results. We also plan to extend our method to other biometrics such as iris or retina. In the meanwhile, we will consider applying some other error-correct code to improve the anti-noise performance during the coding process.

8. Acknowledgments

This research is supported by the National Science Foundation of China (No.60763009), and Zhejiang Natural Science Foundation of Outstanding Youth Team Project (No.R1090138).

9. References

[1] Xianping Wu, Huy Hoang Ngo, Phu Dung Le and Bala Srinivasan, Novel Hybrid Group Key Agreement for Sensitive Information Systems, Journal of Convergence Information Technology, Vol. 5, No. 1, pp. 68-81, 2010.

[2] JinKyoung Heo, Web Application Encipherment Key Management using Distributed Object Activation, International Journal of Digital Content Technology and its Applications, Vol. 3, No. 3, pp. 81-85, 2009.

[3] D. Maltoni, D. Maio, A.K.Jaina, S. Prabhakar, Handbook of Fingerprint Recognition. Springer- Verlag, London, 2009.

[4] Y. Siyalm, F. Ahmed, “A Biometric-based Scheme for Enhancing Security of Cryptographic Keys,” In Proceedings of IEEE TENCON 2004, Piscatawang NJ, pp. 407-410, 2004.

[5] S. Hallevi, H. Krawczyk, “Public-key Cryptography and Password Protocols,” ACM Transactions on Information and System Security, Vol.2, No.3, pp. 230-268, 1999.

[6] A. Shamir, “How to Share a Secret”, Communication of the ACM, Vol. 22, No. 11, pp. 612-613, 1979.

[7] Chin-Chen Chang, Shih-Chang Chang, Yu-Wei Lai, An Improved Biometrics-based User Authentication Scheme without Concurrency System, International Journal of Intelligent Information Processing, Vol. 1, No. 1, pp. 41-49, 2010.

[8] F. Monrose, M.K. Reiter, Q. Li and S. Wetzel, “Cryptographic key generation from voice,” In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 202-213, 2001.

[9] Lin You, Maozhi Xu, Zheng Zhiming, Digital signature systems based on smart card and fingerprint feature Journal of Systems Engineering and Electronics，Vol.18, No.4, pp.667-672, 2007.

[10] A. Juels and M. Sudan, A fuzzy vault scheme, In Proceedings of ISlT 2002, Lausanne, Switzerland, pp.408, 2002.

[11] A. Juels and M. Sudan, “A fuzzy vault scheme”, Designs, Codes and Cryptography, 38, pp.237– 257, 2006.

[12] U. Uludag, S. Pankanti, S. Prabhakar, A. K. Jain, “Biometric cryptosystems: issues and challenge,” In Proceedings of the IEEE, Vol.92, No.6, pp. 948-960, 2004.

[13] T.C. Clancy, N. Kiyavash and D.J. Lin “Secure Smart Card-Based Fingerprint Authentication,” In Proceedings of 2003 ACM Workshop on Biometrics: Methods and Application, Berkeley, California, pp.45-52, 2003.

[14] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: how to generate strong keys from biometrics and other noisy data,” In Proceedings of Int. Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT 2004, LNCS 3027), pp. 523–540, 2004.

[15] A. Teoh, D. Ngo, A. Goh, “Personalized cryptographic key generation based on FaceHashing,” Computers & Security, Vol.23, No.7, pp. 606-614, 2004.

[16] A. Juel, TM Wattenberg, “A fuzzy commitment scheme,” In Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 28-36, 1999.

[17] J. Tian, X. Yang, Biometrics: Theory and Applications, Tsinghua University Press, China, 2009. [18] A. Okabe, Spatial tessellations: conceptions and applications of Voronoi diagrams, Section edition,

John Wiley, Chichester, 2000.

[19]X. Chen, J. Tian, and X. Yang, “A novel algorithm for distorted fingerprint matching based on fuzzy features match”, In Proceedings of AVBPA 2005, LNCS 3546, pp. 665–673. Springer-Verlag, 2005.